SFTP Using Port 2222

The SSH File Transfer Protocol (SFTP) is a network protocol that provides file access, file transfer, and file management functionalities over any reliable data stream. It is typically used over the Secure Shell (SSH) protocol. Compared to an FTP servers which uses port 21, by default, SSH (and subsequently the SFTP protocol) uses port 22 to transfer files. However, it's possible to configure SSH and SFTP services to run on a different port, such as port 2222, for various reasons such as security through obscurity, avoiding automated attacks on the default port, or running multiple instances of the service.

Connecting to an SFTP server via port 2222

If you encounter SFTP running on port 2222, it means that the server has been configured to listen for SFTP connections on this non-standard port. When connecting to an SFTP server on a non-standard port like 2222, you need to specify an alternate port number in your SFTP client machine. For example, using the command line SFTP client, the command might look something like this:

sftp -oPort=2222 username@hostname

This command tells the SFTP client to connect to the server at hostname using the username username and to use port 2222 for the connection.

Configuring an SFTP server to accept connections on port 2222

Configuring an SFTP server to use port 2222 instead of the default port 22 involves modifying the SSH server configuration, as SFTP operates over the SSH protocol. The process can vary slightly depending on the operating system and the SSH server software you are using, but generally, the steps are similar. Here's how to do it on a Linux system using OpenSSH, the most common SSH server: 1. Open the SSH Server Configuration File Open the SSH server configuration file ( sshd_config ) in a text editor. This file is typically located at /etc/ssh/sshd_config . You may need root or sudo privileges to edit this file.

sudo nano /etc/ssh/sshd_config

2. Change the Port Number Look for the line that specifies the port number. By default, it might be commented out (lines starting with # are comments) and show as #Port 22 . Change it to Port 2222 , removing the comment symbol ( # ) if present. If the Port line doesn't exist, you can add it to the file:

Port 2222

3. Save and Close the File After modifying the file, save your changes and close the editor. The method to save changes depends on the editor you're using. In nano, you can save changes by pressing Ctrl + O , then Enter , and exit by pressing Ctrl + X . 4. Allow the New Port Through the Firewall If your server is protected by a firewall, you need to allow traffic through the new port (2222). For systems using ufw (Uncomplicated Firewall), you can do this by running:

sudo ufw allow 2222/tcp

For systems using firewalld , you can use:

sudo firewall-cmd --permanent --add-port=2222/tcp sudo firewall-cmd --reload

5. Restart the SSH Service After making these changes, you'll need to restart the SSH server for the changes to take effect. You can do this with the following command:

sudo systemctl restart sshd

On some systems, the service might be named ssh instead of sshd :

sudo systemctl restart ssh

6. Verify the Changes After restarting the SSH service, you can verify that it's listening on the new port by using the ss or netstat command:

# with ss
sudo ss -tuln | grep 2222

# with netstat
sudo netstat -tuln | grep 2222

You should see the SSH server listening on port 2222, which will be used to provide SSH access when creating a new SSH session and establish a secure connection to the server in order to perform secure file transfers. Note : Changing the SSH port from the default port 22 to a non-standard port like 2222 can help reduce the number of automated attacks and scans on your SSH server. However, it should not be relied upon as the sole security measure. Always ensure you are using other security practices, such as key-based authentication (public & private key pairs), fail2ban, a firewall to allow only specific IP addresses, and regular updates, to secure your SSH server.