The SSH File Transfer Protocol (SFTP) is a network protocol that provides file access, file transfer, and file management functionalities over any reliable data stream. It is typically used over the Secure Shell (SSH) protocol. Compared to an FTP servers which uses port 21, by default, SSH (and subsequently the SFTP protocol) uses port 22 to transfer files.
However, it's possible to configure SSH and SFTP services to run on a different port, such as port 2222, for various reasons such as security through obscurity, avoiding automated attacks on the default port, or running multiple instances of the service.
Connecting to an SFTP server via port 2222
If you encounter SFTP running on port 2222, it means that the server has been configured to listen for SFTP connections on this non-standard port. When connecting to an SFTP server on a non-standard port like 2222, you need to specify an alternate port number in your SFTP client machine. For example, using the command line SFTP client, the command might look something like this:
sftp -oPort=2222 username@hostname
This command tells the SFTP client to connect to the server at
hostname
using the username
username
and to use port 2222 for the connection.
Configuring an SFTP server to accept connections on port 2222
Configuring an SFTP server to use port 2222 instead of the default port 22 involves modifying the SSH server configuration, as SFTP operates over the SSH protocol. The process can vary slightly depending on the operating system and the SSH server software you are using, but generally, the steps are similar. Here's how to do it on a Linux system using OpenSSH, the most common SSH server:
1. Open the SSH Server Configuration File
Open the SSH server configuration file (
sshd_config
) in a text editor. This file is typically located at
/etc/ssh/sshd_config
. You may need root or sudo privileges to edit this file.
sudo nano /etc/ssh/sshd_config
2. Change the Port Number
Look for the line that specifies the port number. By default, it might be commented out (lines starting with
#
are comments) and show as
#Port 22
. Change it to
Port 2222
, removing the comment symbol (
#
) if present. If the
Port
line doesn't exist, you can add it to the file:
3. Save and Close the File
After modifying the file, save your changes and close the editor. The method to save changes depends on the editor you're using. In nano, you can save changes by pressing
Ctrl + O
, then
Enter
, and exit by pressing
Ctrl + X
.
4. Allow the New Port Through the Firewall
If your server is protected by a firewall, you need to allow traffic through the new port (2222). For systems using
ufw
(Uncomplicated Firewall), you can do this by running:
For systems using
firewalld
, you can use:
sudo firewall-cmd --permanent --add-port=2222/tcp sudo firewall-cmd --reload
5. Restart the SSH Service
After making these changes, you'll need to restart the SSH server for the changes to take effect. You can do this with the following command:
sudo systemctl restart sshd
On some systems, the service might be named
ssh
instead of
sshd
:
sudo systemctl restart ssh
6. Verify the Changes
After restarting the SSH service, you can verify that it's listening on the new port by using the
ss
or
netstat
command:
# with ss
sudo ss -tuln | grep 2222
# with netstat
sudo netstat -tuln | grep 2222
You should see the SSH server listening on port 2222, which will be used to provide SSH access when creating a new SSH session and establish a secure connection to the server in order to perform secure file transfers.
Note
: Changing the SSH port from the default port 22 to a non-standard port like 2222 can help reduce the number of automated attacks and scans on your SSH server. However, it should not be relied upon as the sole security measure. Always ensure you are using other security practices, such as key-based authentication (public & private key pairs), fail2ban, a firewall to allow only specific IP addresses, and regular updates, to secure your SSH server.