SFTP stands for Secure File Transfer Protocol. This protocol is implemented using Secure Shell (SSH) which provides better security and protection from vulnerabilities than the regular FTP.

SFTP provides a reliable connection to communicate to a remote machine over an unfamiliar (potentially harmful) network. SFTP functions on a client-server architecture to transfer files.

This comprehensive guide will walk you through the process to change the default SFTP port in Linux.

Choose a New SFTP Port Number

By default, SFTP uses port number 22, which is an SSH server. In this guide, we’ll change it to port 2222 from default port 22 TCP. But you can choose to use any other ports of your choice to configure the SFTP connection.

Note: Ports 0 – 1023 are reserved for system services. The new port is to be chosen from ports between 1024 and 65535.

Allow the New SFTP Port in Firewall

If your system uses a firewall, be sure to allow the new SFTP port in the firewall before changing it in the system files or else SFTP access will be blocked.

On Ubuntu systems, you can run the below command to add the new SFTP port to the allowed list of ports in the firewall of Ubuntu.

sudo ufw allow 2222/tcp

To verify that the new port has been added to ufw, run the following command:

sudo ufw status

Status: active

To                         Action      From
--                         ------      ----
8080                       ALLOW       Anywhere                  
2222/tcp                   ALLOW       Anywhere                  
22/tcp                     ALLOW       Anywhere                  

For Linux distributions running iptables, use the following command to add a new port.

sudo iptables -A INPUT -p tcp --dport 2222 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

For Cent OS systems, use the following commands to open a new port.

sudo firewall-cmd --permanent --zone=public --add-port=2222/tcp
sudo firewall-cmd --reload

Configure/Change the SFTP Port in sshd_config File

To change and configure the SFTP port we need to open the sshd_config file and make necessary changes in it.

To open sshd_config file using nano editor, use the following command.

sudo nano /snap/core/9804/etc/ssh/sshd_config

Here, find the line which says Port 22 (as seen below).

 Package generated configuration file
# See the sshd_config(5) manpage for details

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
Protocol 2

We want to change this port 22 to port 2222. So, simply replace it with Port 2222 as follows.

Port 2222

Note: Be careful while editing the sshd_config file, as incorrect editing may cause failure to establish the connection.

If the line is commented using a # then remove the # and add the number 2222 instead of 22.

After changing the 22 port in the sshd_config file, press Ctrl + o followed by Enter key to save the sshd_config file. And then exit the nano editor by pressing Ctrl + x.

Restart the ssh/sshd service

After saving the changes made in the sshd_config file, restart the SSH service so that the system can load the new SSH configuration.

On Ubuntu and other Debian based systems, use the following command to restart the ssh service.

sudo service ssh restart

On CentOS and other Linux distributions, the ssh service is referred to as sshd so use the alternate command below to restart the sshd service.

sudo systemctl restart sshd

Verify the New SSH port is Working

Now verify whether the new SSH port is up and running by using the command below.

ss -an | grep 2222

You should see a similar output as below.


tcp   LISTEN      0        128   *
tcp   ESTAB       0        0
tcp   LISTEN      0        128               [::]:2222              [::]:*

Use the New SFTP port to Connect

To start using the new SFTP port, use the -P option in sftp command to specify the new SSH port number.

sftp -p 2222 username@remote_host

For example:

sftp -p 2222 gaurav@server1.foo.com

If you’re using a GUI client like Putty, WinSCP, and others, specify the new port number instead of 22 while initiating a connection.