How to change the SFTP port on Ubuntu, CentOS, and other Linux systems
This article provides detailed instructions on how to change the SFTP port on Ubuntu, CentOS, and other Linux systems in order to transmit data securely and protected between workstations. The Secure File Transfer Protocol (SFTP) is a protocol that allows you to send and receive files securely. Secure Shell (SSH) is used to execute this technology, which offers more safety and assurance against flaws than conventional FTP.
It is often regarded as the most secure manner of file transport. It is also known as the ‘Secure Shell File Transfer Protocol.
SFTP establishes a secure link to a distant system over an unknown (and possibly dangerous) network. To transmit data and files, SFTP uses a client-server topology.
Fundamentals of SFTP
Unlike the File Transfer Protocol (FTP), STFP uses SSH2 to establish a secure connection. Rather than using a text-based protocol like FTP, it uses a packet-based approach. So is quicker because the data transmission is less across the wire than the FTP text-based protocol.
In contrast to FTP/S, SFTP does not allow you to disable encryption. And this is useful when attempting to verify that all network is safe and encrypted for everyone exchanging data.
Instead of needing to start a new, separate connection for transmissions like FTP, SFTP transmits files in-line via the Main Control Connection.
Benefits of using SFTP
The resulting benefits of this method are Efficient and Secure connections transferring data through the firewall. As a result faster transfer speed.
This approach provides an advanced and safe link for transmitting data via the firewall. As a result, it improves transfer speed improves.
An additional benefit of utilizing SFTP and its supporting protocol is that it allows you to transmit files with all of their properties if necessary. This can include Authorization, Time/Date, Volume, and other data that isn’t accessible while utilizing FTP.
What is SSH?
Secure FTP was created to address the requirement for increased security through tunneling. To simulate an FTP connection, it leverages Secure Shell 2 (SSH2), a secure tunneling protocol. Then, utilizing the well-known TCP port 22, it offers a firewall-friendly and secured route for transferring data.
By encrypting the whole file transmission session, SSH provides increased security. It contains all session control commands, which are always encrypted. In contrast to the two ports required for FTP and SSL transactions, it just needs a single port to be accessible on your firewall.
What is SFTP Client?
SFTP servers cannot be accessed using standard FTP applications. They need SFTP clients, which are applications that read, handle, and transmit files over SSH. SFTP applications may be used with the Command-Line Interface (CLI) on UNIX and Mac OS X hosts. Many visual FTP programs are also available, like ®FTP Voyager, a freeware FTP client for Windows that enables SFTP data transfer.
Here is the step-by-step tutorial to change the default SFTP protocol in Linux.
Select a Different SFTP Port Number
Normally, SFTP connects to an SSH server on port 22. We’ll modify it from port number 22 TCP to port 2222 in this method. However, you may configure the SFTP link to utilize any additional ports you like.
System services use ports 0 through 1023. The new port must be selected from a list of ports ranging from 1024 to 65535.
Enable the New SFTP Port to Pass Through the Firewall
If your system is protected by a firewall. Consequently, SFTP entry will be banned unless you accept the new SFTP port in the firewall before updating it in the system files.
On Ubuntu computers, use the command below to put the new SFTP port to the Ubuntu firewall’s authorized list of ports.
sudo ufw allow 2222/tcp
Type and hit enter the following command to see if the new port has been put to ufw:
sudo ufw status
To insert a fresh port to a Linux distribution that uses iptables, follow the required command.
sudo iptables -A INPUT -p tcp –dport 2222 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPT
To introduce a fresh port on a CentOS machine, run the command given below.
sudo firewall-cmd –permanent –zone=public –add-port=2222/tcp
sudo firewall-cmd –reload
In the sshd config file, set or adjust the SFTP port
We have to access the sshd config file and implement the right modifications to alter and activate the SFTP port.
You have to run the following command to access the sshd config file in nano editor.
sudo nano /snap/core/9804/etc/ssh/sshd_config
Then from the output look for the line that reads Port 22
We would like to switch this port 22 to 2222. As a result, just swap it with Port 2222, as seen below.
Port 2222
When modifying the sshd config file, be cautious, since erroneous modification might result in the connection failing.
Delete the # and replace it with the value 2222 rather than 22 if the section is marked with a #.
To save the sshd config file upon updating the 22 port in the sshd config file, click Ctrl + o and by hit Enter. Then hit Ctrl + x to leave the nano editor.
Reboot the ssh/sshd service
After you’ve saved your modifications to the sshd config folder. Reboot the SSH server so that the updated SSH settings may be loaded into the system.
To reboot the ssh service on Ubuntu as well as other Debian-based platforms, enter the command given below:
sudo service ssh restart
The ssh service is known as sshd on CentOS and other Linux variants, therefore make use of the alternative code below to restart the sshd program.
sudo systemctl restart sshd
Check to see if the new SSH port is operational
Now use the code below to see if the newly created SSH port is open and working.
ss -an | grep 2222
You should get result something like this.
OUTPUT
tcp LISTEN 0 128 0.0.0.0:2222
0.0.0.0:*
tcp ESTAB 0 0 192.168.121.108:2222
172.217.160.163:8080
tcp LISTEN 0 128 [::]:2222
[::]:*
To access, utilizing the new SFTP port
Make use of the -P parameter in the sftp operator to indicate the fresh SSH port number to begin utilizing the new SFTP port.
sftp -p 2222 username@remote_host
When starting communication with a GUI application like Putty, WinSCP, or any others, give the new port number rather than 22.
Conclusion
When starting communication with a GUI application like Putty, WinSCP, or any others, give the new port number rather than 22. Using these commands you can easily change the SFTP port on your system.