SFTP (SSH File Transfer Protocol) is a secure file transfer protocol that has largely replaced FTP in modern systems. Understanding SFTP ports is crucial for effective and secure file transfers.
What is SFTP?
SFTP is the secure version of FTP, running over SSH. It inherits SSH's security features, making it a more secure choice for file transfers.
Note: Don't confuse SFTP with FTPS. While both aim to improve on FTP's security, they are different protocols.
What is the Default SFTP Port?
The default SFTP port is 22, which is the same as SSH. This shared port number is by design and offers several advantages:
- You use it when connecting via SFTP clients (like WinSCP or FileZilla)
- It's used in command-line SFTP operations
- It's the port to consider when setting up server-to-server file transfers
- It's important for firewall configurations
An added benefit is that you don't need to open an additional port in your firewall for SFTP if you're already using SSH.
Using SFTP in Command Line
When using the default port, you don't need to specify it in your command. For example:
sftp username@hostname
If you need to use a different port:
sftp -oPort=2222 username@hostname
How to Connect to a Non-Default SFTP Port
There are situations where you might need to use a non-default port. This could be for security reasons or to avoid conflicts with other services. Here's how to change the port:
- Avoid reserved ports (0-1023) unless you have root privileges.
- Check port availability using a tool like netstat to avoid conflicts.
- Edit '/etc/ssh/sshd_config'. Find the 'Port 22' line and change it to your desired port number.
- Restart the SSH service to apply the changes.
- Update firewall rules to allow connections on the new port.
For quick changes, you can use the -p <port> option with sshd, SSH, or SFTP.
Changing SFTP Port in Windows
The process is similar in Windows:
- Locate the sshd_config file. It's typically in 'C:\ProgramData\ssh' or 'C:\Program Files\OpenSSH'.
- Open the file and find the 'Port 22' line.
- Change it to your desired port number.
- Save the file and restart the SSH service.
Changing SFTP Port in Linux
In Linux, the process is nearly identical to the general instructions:
- The sshd_config file is usually located in '/etc/ssh/'.
- Edit the file using a text editor of your choice.
- Change the port number and save.
- Restart the SSH service.
How to Check SFTP Port
It's important to verify that SFTP is using the correct port. Here's how to check:
On Linux/Unix
- Open your terminal.
- Use this command:
sudo netstat -tuln | grep :22
- Look for a line containing ":22" (or your custom port) in the output.
On Windows
- Open Command Prompt as Administrator.
- Use this command:
netstat -an | findstr :22
- Look for a line with ":22" (or your custom port) and "LISTENING".
Default Ports for SFTP vs Other File Transfer Methods
Understanding how SFTP compares to other file transfer protocols can be helpful:
- SFTP (port 22): Secure and feature-rich.
- SCP (port 22): Similar to SFTP but with fewer features.
- FTP (port 21): The original file transfer protocol, but lacks built-in security.
- FTPS (port 990): FTP with added SSL/TLS security.
- RSync (port 873): Efficient for syncing files, often used with SSH.
- WebDAV (port 80 or 443): Web-based protocol for file management.
Can You Use FTP Ports for SFTP?
Technically, yes. Practically, it's as wise as using a fork for soup. It's not recommended because:
- It's a reserved port (21). We discussed this. Pay attention.
- It will confuse users. More than they already are.
- It can cause connectivity issues. Enjoy troubleshooting that.
Key Takeaways
Understanding SFTP ports is crucial for maintaining secure and efficient file transfers in your system. While changing the default port can offer some security benefits, it's important to weigh these against the potential complications it may introduce.
Remember these important points about SFTP ports:
- Port 22. If you forget this, you're beyond help.
- Changing ports is possible. So is juggling chainsaws.
- Document your changes. Future you will be slightly less annoyed.