What is SFTP Port Number?

With the world gradually becoming a “global village,” transfer of information is increasingly becoming easier. However, due to malicious parties lurking within the network, users of the internet and other networks prefer to use a file transfer procedure that will be effective and guarantee their file safety.

As a result, many protocols have been invented to fill the proposed file transfer gap. Several protocols have been invented to ensure the security of large file transfers. 

An example of one among many is the SSH File Transfer Protocol, the acronym SFTP, which allows for accessing and managing files within a network.

In this article, we will discuss what SFTP is, its port number, how it works, what it can be used for, and how to change its default port number for safety purposes.

What is SFTP?

Secure File Transfer Protocol, or the popularly known SSH File Transfer Protocol, is a client-server file protocol used over a network to transfer large amounts of sensitive data. It’s an improvement of the File Transfer Protocol (FTP) and possesses Secure Shell (SSH) features. 

SSH was first designed by the Internet Engineering Task Force (IETF) to improve security during file sharing. SFTP is most commonly used to transfer sensitive information, e.g., personal account details. Using this transfer protocol, technology has made major leaps for medical offices seeking compliance with the Health Insurance Portability and Accountability Act (HIPAA).

In 1997–1998, Tatu Ylonen first designed SFTP for SSH 2.0. As a result, the normal SSH port is utilized rather than the specific SFTP port.

He developed the first Secure Shell, or SSH, which was later updated into OpenSSH and other versions. As a result, it is currently included with every Unix, Linux, and Macbook computer and is accessible on all platforms. It, therefore, serves as the standard tool for network administration and computer network systems. Also, Tau Ylonen has done quite a lot on SSH key management, including host keys and user authentication, making SFTP a reliable file transfer protocol.

What is SFTP Default Number?

SFTP uses port number 22 by default, but it can be configured to listen on other ports. SFTP, compared to File Transfer Protocol (FTP), only needs one port to transfer data.

SSH servers typically listen on TCP Port 22. Users can configure SFTP servers to use various SSH ports without compromising security or functionality because the rationale for this is mainly arbitrary. SSH transports both data and commands across a single connection, unlike FTP or telnet, for instance, therefore, SFTP servers only require one port to connect.

How Does SFTP work?

As discussed previously, SFTP transfers data securely over a TCP/IP network. Its commands are based on the FTP and share similarities with the Linux shell commands. So, if you have knowledge of either of the two, you may need to tweak a thing or two to know how to use SFTP.

To establish a connection with SFTP, it needs to connect with the default port number 22.

An SFTP client and server are also required for SFTP. SFTP client is software that enables users to connect to a server and store files remotely. From the SFTP server, files can be saved and retrieved. The request is sent over the network when a user clicks on a file, eventually arriving at a server. The querying device then receives this data. Before being transferred, all files are encrypted by SFTP.

SSH keys as used by SFTP to automate access to servers. Half is stored on the client, while the other is stored on the server (Public key). The users require an SSH key pair match before being authenticated, allowing for the secure transfer of files. Users have the option of being recognized by their user ID, password, SSH keys, or both.

Features of SFTP

• Secure transmission and file compression is made easy.
• Supported by TMUX and screen sessions.
• Can carry out SSH3 protocol
• Allows access to the SSH channel and supports the IPV6 and HTTP protocols.
• Supports public key and password authentication.
• It provides interactive keyboard security.
• It aids in transparently managing server key re-exchanges.
• It accommodates the customization of channels.
• Automated charset translation of text produced from the remote system to strings based on Unicode.

Differences between SFTP vs. FTPS

One frequently asked question about SFTP is its advantages over the File Transfer Protocol over SSH (also Secure Socket Layer). Here is an overview of the differences between the two protocols in a tabular form;

Features	FTPS	SFTP
Ports	It uses multiple ports; command and data ports	It uses only port 22
Algorithm	Encrypts transferring data using AES and Triple DES.
Certificates	Connections are authenticated using the user ID, passwords, and certificates.	Does not support certificates.
Authentication connections	Uses TLS/SSL certificates to encrypt connections and X.509 certificates to authenticate connections.	Uses the User ID and password or SSH keys to establish a connection with a server.
Implementation	Due to its use of multiple ports, it can be hard to patch through a firewall.	It only requires one port (port 22) to be opened through a firewall.
Speed	Very speed friendly with data and command ports running asynchronously	Since the data and synchronization packets run on the same port as one packet, it may be a little slower than the SFTP
Data Directory Manipulation	Commands are limited and not standardized. Therefore, they need an administrative configuration.	Commands are not limited and are standardized for directory manipulation
Compatibility	Not compatible with many devices, and commands can lead to various client-server issues	Compatible with many modern devices, including Linux and Unix.

Examples of SFTP Commands

1. sftp> put – To Upload a file.
2. sftp> get – To download a file.
3. sftp> cd path – To change a remote directory to ‘path.’
4. sftp> pwd – To display remote working directory.
5. sftp> lcd path – To change the local directory to ‘path.’
6. sftp> lpwd – To show the local working directory.
7. sftp> ls – To show the contents of the remote working directory.
8. sftp> lls – To show the contents of the local working directory.

How To change SFTP Default Number

To use your SFTP server in a public network means exposing it to hackers with malevolent intents. Therefore, a safe transaction is needed. That’s why an extra layer of security should be added to your servers. 

The default port number for SFTP is port 22, and as it is used by SSH already, it is highly vulnerable to attacks. So, changing the port to an unknown port number is the best course of action. It is advisable to change the default port to a port number greater than 1024. Here is a step-wise procedure to change your default port number to a different port;

1. Connect to your server using an SFTP client.
2. Log in with your server’s root or administrative credentials.
3. Open the SFTP/SSH configuration file at “/etc/ssh/sshd_config” using a text editor. To open the file using the nano editor, type the following command:

sudo nano /etc/ssh/sshd_config

4. Find the line “port 22” or similar, and change the “22” to a different port number you want to use for SFTP. It usually comes with a comment “#” that you should remove while changing the port number.
5. Save the changes you made to the configuration file by pressing “Ctrl + X,” then “Y,” and then “Enter.”
6. Restart the SSH service using the following command:

sudo service ssh restart

or

sudo systemctl restart sshd.service

Note that this command may vary based on the Linux distribution you’re using.

After you have completed these steps, the SFTP service will listen on the new port you specified. 

You must also configure your SFTP client to use the new port number when connecting to the server. You can do this by invoking the stfp command with the -P flag to mention the port (say 1234) with the following command:

sftp -P 1234 hostname@public-ip

Conclusion

SFTP is a data transfer file protocol based on FTP with SSH components. 

The default port number is 22, and as SSH also uses it to listen, it is a very vulnerable port number. The good news is that you can change it to your desired number to ensure a secure file transfer.