What is an SFTP?
SFTP, or SSH File Transfer Protocol, is a network protocol that is built on an SSH (Secure Shell) Transport layer that provides secure large amount of file or sensitive data transfer capabilities on the internet. Unlike the standard FTP (File Transfer Protocol), SFTP encrypts both the command and data channels, ensuring that passwords and data are not transmitted in plain text.
What is an SFTP port?
Just like any port, the SFTP also requires a specific to do all its data transfer operations through it, and for that, it uses default port number 22. This is the same port number that is used by SSH.
Hence using the same port, helps SFTP establish a secure and encrypted communication channel to transfer sensitive data over the internet. This SFTP port helps to ensure that data transmission is protected from tampering and eavesdropping, making it a very secure and safe method for large amounts of data transfers.
Read: 🚩 SMTP Port 25, 465, 587, 2525: Which Port Should I Use?
When are you required to use the SFTP port?
The SFTP port is required when you have to use the SFTP service. Especially if you use an SFTP client like FileZilla or WinSCP, you are required to enter the port number. The same applies to command line tools on Windows, Linux, or Mac as well.
How to Use It?
Most probably you are not required to use it, because most SFTP services use port number 22 by default and if your service uses this particular port then you don’t need to mention it.
However, if your SFTP services use a different port, for example, port 2222, you need to include it in your command.
When do you need to specify or enter the port number?
- Non-Standard Ports: If the SFTP service uses a port other than 22, you need to specify it in your connection command.
- Setting Up Applications: When connecting an application to an SFTP service, you need to know the port number.
- Server-to-Server Transfers: When setting up file transfers between servers, you need the port number if the other server uses SFTP.
Network Solutions (Firewall or NAT)
- If you have to allow SFTP connections through a firewall or a Network Address Translation (NAT) device, you need to open the correct port number.
- Example: To allow SFTP connections through a firewall, you might need to open port 22 on the firewall.
How you can check the SFTP port in Linux?
You can easily check the SFTP port in Linux by simply using the command line tool and enter the following Linux command:
sudo netstat -tuln | grep ssh
The Output will show a complete list of TCP and UDP ports with their respective addresses and names.
How you can change the SFTP port?
Although, we highly do not recommend you use any other port other than SFTP port 22. But if you still want to, it can be easily done by modifying the SSH server configuration file i.e. sshd_config. To do this follow the steps given below:
Changing SFTP port in Linux
- Go to the file most probably located in the directory “/etc/ssh” in the C:\ drive.
- To Open the sshd_config file, you will have to use a nano or Linux-based text editor tool
- Now look for the line that includes ” Port 22″ and change it to your desired port number.
- Save the changes and Restart your SSH server.
- Restart your SSH server.
for the sshd_config file in the directory ‘/etc/ssh’ you’ll have to use nano, vi, or some Linux-based text editor.
Changing the SFTP port in Windows
The steps are similar to the Linux one, the only difference is you have to find the sshd_config either in ‘C:\ProgramData\ssh\’ or ‘C:\Program Files\OpenSSH\’.
Once you find it, open it with any text editor tool i.e. Notepad or text editor, change Port 22 to any desired port of your choice, save the changes, and restart your SSH server.
Read: 🚩 What is DNS Port | Port 53 UDP/TCP Working
Is SFTP port Better than FTP?
In short answer, yes SFTP port is way better than FTP. This is because SFTP uses only a single port i.e. port 22 for all its activities, whether to transfer commands or data. Plus, it is quite easy to use and manage, especially with strict Firewall rules.
Whereas, FTP uses two types of channels for data transfer. One is Command Channel and another is Data Channel.
The Command Channel always uses port 21 for sending commands and receiving responses. Whereas, the Data Channels require additional ports that are dynamically opened to send and receive files. The client and server decide these ports on the fly, but this requires many ports to be open on the firewall, making it complicated to manage.
Why SFTP is Easier?
- Single Port: Since SFTP uses only one port (port 22), you only need to open one port in the firewall, making it simpler and more secure.
- Less Configuration: No need to manage multiple ports, reducing the hassle and potential security risks.
Why FTP is Complicated?
- Multiple Ports: FTP needs multiple ports to be open, which can be a headache to configure and maintain.
- Dynamic Port Opening: FTP dynamically opens additional ports for data transfer, which can be blocked by strict firewalls, causing issues.
In short, SFTP is more firewall-friendly because it uses just one port, making it simpler and more secure compared to FTP, which requires multiple ports.
Difference Between SFTP and FTP
Here is a table that summarizes the differences between SFTP Vs FTPS:
Feature | SFTP (SSH File Transfer Protocol) | FTPS (FTP Secure/FTP-SSL) |
---|---|---|
Underlying Protocol | SSH (Secure Shell) | FTP (File Transfer Protocol) with SSL/TLS |
Default Port | 22 | 21 (control) and additional ports (data) |
Firewall Configuration | Simple (single port) | Complex (multiple ports) |
Security | Always encrypted | Encryption optional (SSL/TLS) |
Authentication | SSH keys, password-based | X.509 certificates, username/password |
Data Transfer Modes | Binary mode | Binary and ASCII modes |
Implementation | Commonly included with SSH clients/servers | Built on FTP, requires SSL/TLS support |
Ease of Use | Easier to use and manage | Familiar but more complex due to multiple ports |
Common Use Cases | Secure file transfers in Unix/Linux environments | Environments requiring backward compatibility with FTP |
Short Story About SFTP
Earlier, sharing files over the internet was not safe and secure, to fix this issue, the IETF or The Internet Engineering Task Force has created something called SSH (Secure Shell) that makes file sharing more secure and easily possible.
The SSH has revolutionized the file-sharing process by acting like a super strong lockbox for your files that keeps protected them during transmission.
Seeing the success of this technology, in the year 1997-1998, a smart guy named Taty Ylonen came up with an idea to use SSH technology to transfer files securely. For this, he created SFTP (Secure File Transfer Protocol) to work with SSH 2.0, and also instead of making a new port, he used the same SSH port.
Tatu also did a lot of work on SSH key management, which included making sure only the right people could open the lockbox. This made SFTP very reliable for transferring files securely.
As time passes, cyber threats and hacker attacks have tremendously grown, to tackle this, Developers updated SFTP with better data encryption that improved error handling and added new features like file locking and renaming. These enhancements and additions help SFTP pe become more secure and useful.
Due to this reason, SFTP has gained popularity and is widely used by Businesses that especially deal with sensitive data.
This has not stopped yet, since the advancement in internet technology and online threats continue to change, SFTP will remain an essential tool for secure data/file transfers.
How does SFTP work?
Let us see the complete SFTP process and the SFTP Port usage involved in transferring files between your computer and a remote server.
Step 1: First of all to transfer files from your computer to a remote server, we need to have an SFTP client, i.e FileZilla or command-line tools like scp or SFTP, which is a software application that allows you to connect to an SFTP server and manage your files.
Step 2: Now open the SFTP client and connect to the Server. For this enter the server address which could be in the form of an IP address or your website domain name, port (usually 22 for SFTP), username, and password or specify your SSG key for authentication.
However, if you are using the command line SFTP tool, you need to enter commands like sftp [email protected]
.
Step 3: The third step is Authentication, when you connect to the Server, you will be asked to enter your password if it’s not already saved in the client. and if the provided credentials are correct, the server will grant you access.
For SSH keys, you need a private key on your local machine and a corresponding public key on the server. If you have provided the correct SSH keys, the server will automatically authenticate your connection without asking for a password.
Step 4: Now after successfully connecting to the server and doing the authentication, it is time to transfer the files. In SFTP clients, you can easily drag and drop from your computer to the client window and then upload from there to the server.
But in command line tools, you have to use commands like put filename
to upload a file.
For downloading the files, you can select files on the server that are reflected on the SFTP client window and choose the option to download them to your computer.
For command line tools, use commands like get filename
to download a file.
Plus you can also do other multiple operations on files like renaming, deleting, or moving files using the client interface or commands similar to those in a file manager or Linux shell.
Step 5: Now all the data transferred between your client and the server will be encrypted and secure using SSH. It means no one can intercept and read your files.
Is it possible to use FTP port numbers for SFTP?
In short yes, it is possible to use the FTP port number for SFTP. The default port number for standard FTP is 21, but using it for SFTP is highly discouraged.
It is not as secure as SFTP and it can confuse users which can lead to problems with applications that are specifically designed to connect to SFTP on port 22.
Also, port 21 is reserved for FTP, and utilizing it for SFTP can lead to connectivity issues and interoperability.
So, you should stick to standard port 22 for SFTP to avoid these complications.
Conclusion
In short, SFTP is a file transfer protocol built using a combination of SSH and FTP technologies. It is one of the most secure methods for transferring files over the internet, using the default port 22 for encrypted communication.
While it is technically possible to use other ports for SFTP, such as port 21 or port 2222, it is generally discouraged due to severe consequences like incompatibility and security issues.
Despite the advantages of SFTP on port 22, it is still vulnerable to attacks. However, you have the option to choose a different port to enhance security and ensure safe data transfer.
Rahul Kumar is a web enthusiast, and content strategist specializing in WordPress & web hosting. With years of experience and a commitment to staying up-to-date with industry trends, he creates effective online strategies that drive traffic, boosts engagement, and increase conversions. Rahul’s attention to detail and ability to craft compelling content makes him a valuable asset to any brand looking to improve its online presence.