In environments where sensitive data is regularly sent, file transfer security is essential. But, with so many options available, selecting the proper protocol can be difficult. Have you ever been concerned about confidential information being intercepted during a file transfer? If so, you've most likely come across SFTP, or Secure File Transfer Protocol. In this blog post, we will discuss SFTP ports, from their importance in secure data sharing to how to use them for file transfers. By the conclusion, you'll be able to use SFTP ports to ensure secure file transfers.
What is SFTP?
SFTP, or Secure File Transfer Protocol, acts like a digital vault for transferring your files. It goes beyond the standard FTP (File Transfer Protocol) by adding an extra layer of security, ensuring your data isn't exposed while traveling across the internet. Imagine sending confidential documents through a bustling marketplace – with regular FTP, anyone could snatch them! SFTP solves this by creating a secure tunnel, like a secret passage guarded by encryption. This encryption scrambles the data into an unreadable format, like whispering a secret code only the recipient understands. Even if someone were to intercept the transfer, they wouldn't be able to decipher the information without the decryption key. So, SFTP offers peace of mind, allowing you to transfer sensitive files with the confidence that only authorized users can access them.
IS SFTP port TCP or UDP?
SFTP relies on TCP for file transfers. This means SFTP prioritizes establishing a reliable connection before sending data packets, ensuring your files arrive complete and in order.
What Port Does SFTP Use?
By default, SFTP port number is port 22, which serves as a reserved lane for encrypted traffic. SFTP port 22 is the same lane used by SSH (What is SSH port?), the security guard that protects your data. That's why SFTP only requires one port; unlike older protocols, it sends both instructions and files across a single secure channel.
While SFTP port number 22 is the standard port, some administrators may prefer a different one for added protection or to avoid confusion with other programs. If you're confused about the specific port for an SFTP server, consult the server's instructions or contact the administrator.
How Does it work?
SFTP works like a secret agent on a mission to deliver your files safely. Here you can see how does it work:
-
Handshake: First, your computer and the SFTP server establish a secure connection. Imagine them shaking hands with a secret code which is based on SSH (Secure Shell).
-
Tunnel Time: Think of this encrypted connection as a secure tunnel. Your files are broken down into tiny pieces and then transformed into an unreadable code.
-
Safe Passage: Through this secure tunnel, the disguised data travels to the SFTP server. No prying eyes on the internet can decipher the code, ensuring your files remain confidential.
-
Decryption: Once the data reaches the server, it's like the agent arriving at their destination. The server uses a special key to decrypt the information, turning it back into its original form, just like the agent revealing their true identity upon reaching their contact.
-
Delivery: Finally, the decrypted files are delivered to the designated location on the server, completing the mission!
Features of SFTP
SFTP offers several features for secure file transfers:
-
Encrypts data for secure file transfers.
-
Supports password and public key login methods.
-
Uses a single port (usually 22) for both data and commands.
-
Allows managing files on the server (upload, download, delete, rename).
-
Maintains data integrity during transfer.
-
Supports SSH3 protocol.
-
Works with TMUX and screen sessions for terminal multiplexing.
-
Enables access to the SSH channel for advanced use cases.
-
Supports IPv6 and HTTP protocols for broader network compatibility.
-
Offers automatic character set translation for seamless text handling.
When do I need an SFTP port number?
You may need an SFTP port number in several situations:
-
Non-Standard Port: While SFTP normally uses port 22 by default, some administrators may prefer to configure it on a different port for security reasons or to avoid conflicts with other programs. We`ll tell you how to change it in this blog post.
-
SFTP Client Configuration: When setting up an SFTP client on your local system, you'll normally need to specify the SFTP server's address (hostname or IP address) and the port number (if it's not the default 22).
-
Firewall Rules: If you have a firewall installed on your network, you may need to open a specific port to accept incoming SFTP traffic. In this situation, you would include the SFTP port number in the firewall rule.
-
Server Administration: If you manage an SFTP server, you need to know the port number to troubleshoot connection issues, analyze server logs, or customize access for various users.
You may want to know What is RDP Port?
Differences between SFTP vs. FTPS
If you know the differences between SFTP and FTPS you can easily choose the right tool to securely transfer your files. We provided the differences in a table format:
Feature |
SFTP |
FTPS |
Security |
Encrypts data transfer using SSH protocol |
Encrypts data transfer using SSL/TLS protocol |
Underlying Protocol |
SSH (Secure Shell) |
FTP (File Transfer Protocol) |
Ports |
Usually SFTP port 22, but can be configured differently |
Usually port 21 (control channel) and another port for data transfer |
Firewall Configuration |
Simpler, single port for both data and commands |
More complex, requires configuration for both control and data channels |
Directory Listing |
Standardized format |
Non-standardized format |
File Permissions |
Securely manages file permissions |
Limited support for securing file permissions |
Authentication |
Supports password and public key authentication |
Primarily password-based authentication |
Modern Compliance |
Better suited for compliance with data security regulations (HIPAA, GDPR) |
May not meet strict security requirements |
Use cases of SFTP commands
SFTP offers many commands for tasks like resuming interrupted transfers, specifying transfer modes, and preserving file attributes during transfer. Here we mention just some use cases of SFTP port command:
Transferring Files
-
get filename: Downloads a file named "filename" from the server to your local machine.
-
put filename: Uploads a file named "filename" from your local machine to the server.
Directory Navigation
-
ls: Lists the contents of the current directory on the server.
-
cd directory_name: Changes the current directory on the server to "directory_name".
-
lcd directory_name: Changes the current directory on your local machine to "directory_name" (useful for specifying where files are downloaded/uploaded from).
File Management
-
mkdir directory_name: Creates a new directory named "directory_name" on the server.
-
rm filename: Deletes a file named "filename" from the server (use with caution!).
-
mv source_file destination_file: Moves a file named "source_file" to "destination_file" on the server (can also be used for renaming).
Permissions and Ownership
-
chmod permissions filename: Changes the permissions of a file named "filename" on the server.
-
chown owner_name filename: Changes the owner of a file named "filename" on the server.
Some other Examples of SFTP Commands
in addition to the mentioned SFTP commands, you may need the following ones:
-
To change a remote directory to ‘path’: sftp> cd path
-
To display remote working directory: sftp> pwd
-
To change the local directory to ‘path’: sftp> lcd path
-
To show the local working directory: sftp> lpwd
-
To show the contents of the local working directory: sftp> lls
How To change Linux SFTP Port
While SFTP supports secure file transfers, using the default Linux SFTP port 22 exposes your server to potential attacks. You know why? Because the default port 22 is well-known and can be targeted by hackers. Also, change SFTP port to a less common port makes your server less vulnerable.
Here's how to increase security through changing the SFTP port number in Linux:
-
Connect as Administrator: Use an SFTP client and log in with your server's administrative credentials.
-
Edit the Configuration File: Open the SFTP/SSH configuration file located at `/etc/ssh/sshd_config` using a text editor like `nano`. You can do this by running:
sudo nano /etc/ssh/sshd_config
-
Find and Modify the Port Number: Look for the line containing "port 22" (or similar). Change the "22" to a new port number greater than 1024 (e.g., 4321).
Note 1: Remove the "#" symbol if it's present before the port number.
-
Save and Restart: Press `Ctrl+X`, then "Y" to save changes. Restart the SSH service using either:
sudo service ssh restart
or
sudo systemctl restart sshd.service
Note 2: The exact command might differ based on your Linux distribution.
-
Connecting with the New Port: After restarting, your SFTP server will listen on the new port. You'll need to specify this new port when connecting with your SFTP client. Use the `-P` flag followed by the new port number (e.g., 1234):
sftp -P 1234 username@server_ip
Note 3: This process requires administrative access to your server.
Note 4: Double-check the new port number before restarting the service.
Now you added extra layer of security and deter potential attacks just with change SFTP port!
How to check the SFTP port number in Linux?
There are different ways to check SFTP port Linux. But the command line is always the easier way! So, all you need is running the following command in the terminal to SFTP port check:
sudo netstat -tuln | grep ssh
How To change SFTP Default Number in Windows
If you're still determined to proceed, so this is our responsibility to tell you how to change SFTP port windows:
-
Locate the sshd_config file: The location can vary depending on your SSH server software. Common locations include “C:\ProgramData\ssh\sshd_config (for built-in OpenSSH server)”
-
Edit the file: You'll need administrator privileges to modify this file. Use a text editor like or Notepad to open the file.
-
Find and Change the Port: Look for the line containing "Port 22" (or similar). Change the "22" to your desired port number greater than 1024 (e.g., 4321).
-
Save and Restart: Save the changes made to the configuration file. Restart the SSH service. The specific method for restarting the service depends on your SSH server software.
Note 1: Remember to update your firewall rules to allow incoming traffic on the new port you chose.
Note 2: When connecting with your SFTP client, specify the new port number along with the server address.
How to check SFTP port in Windows
Because Windows lacks a built-in SFTP server, there is no direct way to check an SFTP port on the system. If you use an SFTP client on Windows to connect to a remote SFTP server, the port number may be displayed in the client's connection information or settings.
Non-Standard SFTP Ports that you can use
Before we mention the non-standard port numbers, you should consider some key points:
-
Higher Than 1024: Ports below 1024 are typically reserved for well-known services. Choose a port number greater than 1024 to avoid conflicts with other applications.
-
Not Easily Guessable: Avoid simple sequential numbers or predictable patterns. A random high port number is generally less susceptible to automated attacks that target common ports.
-
Remember the Port: You'll need to remember (or document) the chosen non-standard port number for both server configuration and SFTP client connections.
Now, we mention some examples of non-standard SFTP ports:
-
4321: A commonly used alternative, but its popularity might make it less obscure over time.
-
Between 49151 and 65535: This is the valid range for user-assigned ports. Picking a random number within this range can offer good obscurity.
While unusual ports provide safety through obscurity, they are not a guaranteed solution. But what else should we do? don`t worry, here are some solutions:
-
Using strong passwords or public key authentication for SFTP access.
-
Keeping your SFTP server software up-to-date with security patches.
-
Restricting access to authorized users only.
Just combine these strategies and see how secure will be your SFTP file transfers!
Final words…
Remember, SFTP ports are like a secret handshake in the digital world. They ensure only authorized users can access your files, keeping your data safe from prying eyes and online threats. So, the next time you need to transfer sensitive information, ditch the risky methods and embrace the secure world of SFTP!
FAQs
Is SFTP port 21 or 22?
SFTP typically uses port 22.
Does SFTP use port 443?
SFTP can be configured to use port 443, but it's not standard practice. Port 443 is more commonly used for HTTPS.
Is port 2222 a SFTP?
Port 2222 itself isn't inherently "SFTP." It can be used for SFTP if an administrator configures the SFTP server to use that port instead of the default 22.
Is SFTP port TCP or UDP?
SFTP uses TCP port.