A comprehensive guide to change the default SFTP port to transfer files between machines over a secure and encrypted connection
SFTP stands for Secure File Transfer Protocol. This protocol is implemented using Secure Shell (SSH) which provides better security and protection from vulnerabilities than the regular FTP.
SFTP provides a reliable connection to communicate to a remote machine over an unfamiliar (potentially harmful) network. SFTP functions on a client-server architecture to transfer files.
This comprehensive guide will walk you through the process to change the default SFTP port in Linux.
Choose a New SFTP Port Number
By default, SFTP uses port number 22, which is an SSH server. In this guide, we’ll change it to port 2222 from default port 22 TCP. But you can choose to use any other ports of your choice to configure the SFTP connection.
Note: Ports 0 – 1023 are reserved for system services. The new port is to be chosen from ports between 1024 and 65535.
Allow the New SFTP Port in Firewall
If your system uses a firewall, be sure to allow the new SFTP port in the firewall before changing it in the system files or else SFTP access will be blocked.
On Ubuntu systems, you can run the below command to add the new SFTP port to the allowed list of ports in the firewall of Ubuntu.
sudo ufw allow 2222/tcp
To verify that the new port has been added to
ufw, run the following command:
sudo ufw status
Output: Status: active To Action From -- ------ ---- 8080 ALLOW Anywhere 2222/tcp ALLOW Anywhere 22/tcp ALLOW Anywhere
For Linux distributions running
iptables, use the following command to add a new port.
sudo iptables -A INPUT -p tcp --dport 2222 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
For Cent OS systems, use the following commands to open a new port.
sudo firewall-cmd --permanent --zone=public --add-port=2222/tcp sudo firewall-cmd --reload
Configure/Change the SFTP Port in
To change and configure the SFTP port we need to open the sshd_config file and make necessary changes in it.
sshd_config file using
nano editor, use the following command.
sudo nano /snap/core/9804/etc/ssh/sshd_config
Here, find the line which says
Port 22 (as seen below).
Package generated configuration file # See the sshd_config(5) manpage for details # What ports, IPs and protocols we listen for Port 22 # Use these options to restrict which interfaces/protocols sshd will bind to #ListenAddress :: #ListenAddress 0.0.0.0 Protocol 2
We want to change this port 22 to port 2222. So, simply replace it with
Port 2222 as follows.
Note: Be careful while editing the sshd_config file, as incorrect editing may cause failure to establish the connection.
If the line is commented using a
# then remove the
# and add the number 2222 instead of 22.
After changing the
22 port in the sshd_config file, press
Ctrl + o followed by
Enter key to save the sshd_config file. And then exit the nano editor by pressing
Ctrl + x.
After saving the changes made in the sshd_config file, restart the SSH service so that the system can load the new SSH configuration.
On Ubuntu and other Debian based systems, use the following command to restart the ssh service.
sudo service ssh restart
On CentOS and other Linux distributions, the
ssh service is referred to as
sshd so use the alternate command below to restart the sshd service.
sudo systemctl restart sshd
Verify the New SSH port is Working
Now verify whether the new SSH port is up and running by using the command below.
ss -an | grep 2222
You should see a similar output as below.
OUTPUT tcp LISTEN 0 128 0.0.0.0:2222 0.0.0.0:* tcp ESTAB 0 0 192.168.121.108:2222 126.96.36.199:8080 tcp LISTEN 0 128 [::]:2222 [::]:*
Use the New SFTP port to Connect
To start using the new SFTP port, use the
-P option in
sftp command to specify the new SSH port number.
sftp -p 2222 [email protected]_host
sftp -p 2222 [email protected]
If you’re using a GUI client like Putty, WinSCP, and others, specify the new port number instead of 22 while initiating a connection.