While SFTP port management is simpler than FTP port management, it’s still a common question you may have when setting up your SFTP server. This post addresses questions about SFTP port management and provides advice on changing from the default port 22.
What port does SFTP use?
SFTP uses port 22 by default. However, administrators can change default ports to fit their organization’s network and security requirements.
Does SFTP use the same port as SSH?
Yes, both SSH and SFTP use port 22 by default. This can be changed by your network administrator.
Can you use separate ports for SSH and SFTP?
Yes, it is possible to run SFTP and SSH on separate ports.
Doing so involves several steps:
- Modify your existing sshd_config file to specify your desired SSH port(s). If you are using OpenSSH for Windows, this file will be found in an SSH folder within your ProgramData folder.
- Adjust your SFTP server’s listener to look for connections at your new port. Instructions for modifying Cerberus by Redwood’s SFTP Server ports can be found here.
- Ensure that your clients and other processes/devices are aware of the new port settings so that they can connect to your services.
Why would you want to change your SFTP port?
Two primary reasons for changing your SFTP (or SSH) port exist:
- To avoid automated attacks: Because port 22 is a default SFTP support, it is very common to receive bot attacks on this port looking for vulnerabilities. Changing to a different port can mitigate (but not eliminate) these issues.
- To restrict users of your SFTP server: Many administrators adopt a practice of assigning specific ports to only authorized users and services in order to minimize potential data loss issues and better flag malicious activity. For example, an organization’s internal IT team may only be able to use an outbound SFTP service by connecting to a specific port that has higher levels of monitoring and requires additional authentication before allowing a transfer.
Should you change your SFTP port number?
The biggest factor to consider when changing SFTP port numbers is how much complexity you will add to your network maintenance overhead compared to the benefit you’ll gain. You will need to ensure that your firewalls, clients and servers are all configured to connect to the new port number, and that any future devices or connections will know where to send traffic as well.
If your organization requires significant access security around your SFTP server, the additional administrative load may make sense. If you’re just experimenting, it may be more work than necessary.
What issues might occur when you change your SFTP port?
The most common issues that arise when changing SFTP ports include:
- Blocked connections from improperly configured firewalls.
- Scripting and automation failures where these tools were not updated to point to the new port.
- Client connection failures due to improper communication about the port change, overlooked configuration updates or other factors.
What port did the Simple File Transfer Protocol use?
Simple File Transfer Protocol, which was also known as SFTP but is now considered deprecated, ran on port 115.
We hope that the above information has helped you build your understanding of SFTP port management. For more on SFTP and SFTP servers, you can review our other SFTP guides:
- How to set up an SFTP server
- Complete guide to SFTP – part 1: Concepts
- SFTP – your complete guide part 2: Protocol connection and authentication
- Configuring SSH/SFTP server settings in Cerberus
- SFTP server key exchange, cipher and algorithm support in Cerberus
- How SFTP public key exchange functions in Cerberus SFTP server
- Windows Server optimizations for SFTP
- Understanding the difference between FTPS and SFTP