SFTP stands for Secure File Transfer Protocol. This protocol is implemented using Secure Shell (SSH) which provides better security and protection from vulnerabilities than the regular FTP.
SFTP provides a reliable connection to communicate to a remote machine over an unfamiliar (potentially harmful) network. SFTP functions on a client-server architecture to transfer files.
This comprehensive guide will walk you through the process to change the default SFTP port in Linux.
Choose a New SFTP Port Number
By default, SFTP uses port number 22, which is an SSH server. In this guide, we’ll change it to port 2222 from default port 22 TCP. But you can choose to use any other ports of your choice to configure the SFTP connection.
Note: Ports 0 – 1023 are reserved for system services. The new port is to be chosen from ports between 1024 and 65535.
Allow the New SFTP Port in Firewall
If your system uses a firewall, be sure to allow the new SFTP port in the firewall before changing it in the system files or else SFTP access will be blocked.
On Ubuntu systems, you can run the below command to add the new SFTP port to the allowed list of ports in the firewall of Ubuntu.
sudo ufw allow 2222/tcpTo verify that the new port has been added to ufw, run the following command:
sudo ufw statusOutput: Status: active To Action From -- ------ ---- 8080 ALLOW Anywhere 2222/tcp ALLOW Anywhere 22/tcp ALLOW Anywhere
For Linux distributions running iptables, use the following command to add a new port.
sudo iptables -A INPUT -p tcp --dport 2222 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPTFor Cent OS systems, use the following commands to open a new port.
sudo firewall-cmd --permanent --zone=public --add-port=2222/tcp
sudo firewall-cmd --reloadConfigure/Change the SFTP Port in sshd_config File
To change and configure the SFTP port we need to open the sshd_config file and make necessary changes in it.
To open sshd_config file using nano editor, use the following command.
sudo nano /snap/core/9804/etc/ssh/sshd_configHere, find the line which says Port 22 (as seen below).
Package generated configuration file
# See the sshd_config(5) manpage for details
# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
We want to change this port 22 to port 2222. So, simply replace it with Port 2222 as follows.
Port 2222Note: Be careful while editing the sshd_config file, as incorrect editing may cause failure to establish the connection.
If the line is commented using a # then remove the # and add the number 2222 instead of 22.
After changing the 22 port in the sshd_config file, press Ctrl + o followed by Enter key to save the sshd_config file. And then exit the nano editor by pressing Ctrl + x.
Restart the ssh/sshd service
After saving the changes made in the sshd_config file, restart the SSH service so that the system can load the new SSH configuration.
On Ubuntu and other Debian based systems, use the following command to restart the ssh service.
sudo service ssh restartOn CentOS and other Linux distributions, the ssh service is referred to as sshd so use the alternate command below to restart the sshd service.
sudo systemctl restart sshdVerify the New SSH port is Working
Now verify whether the new SSH port is up and running by using the command below.
ss -an | grep 2222You should see a similar output as below.
OUTPUT tcp LISTEN 0 128 0.0.0.0:2222 0.0.0.0:* tcp ESTAB 0 0 192.168.121.108:2222 172.217.160.163:8080 tcp LISTEN 0 128 [::]:2222 [::]:*
Use the New SFTP port to Connect
To start using the new SFTP port, use the -P option in sftp command to specify the new SSH port number.
sftp -p 2222 username@remote_hostFor example:
sftp -p 2222 gaurav@server1.foo.comIf you’re using a GUI client like Putty, WinSCP, and others, specify the new port number instead of 22 while initiating a connection.
Member discussion