How to Change the SFTP Port

Introduction

Before we begin talking about how to change the SFTP Port, let's briefly understand-What is an SFTP Port?  

SFTP(SSH File Transfer Protocol) is a secure file transfer protocol that requires an encrypted connection for the transmission of the files in between two hosts. It also allows you to continue file transfers and perform other file operations on remote files.

The SFTP protocol could be used as a replacement for the traditional FTP protocol. It offers all the same features as FTP, but it uses a more secure connection.

In this tutorial, we will explain how to change the default SFTP port on Linux. We'll also demonstrate how to set up your firewall to enable traffic on the new port.

💡
SFTP should not be confused with FTPS. Both protocols have the same goal in mind. FTPS, on the other hand, stands for FTP Secure and is an enhancement of the basic FTP protocol that includes TLS capability.

What Port Does SFTP Use

SFTP is an SSH subsystem that offers the same level of security.

The SFTP port is 22 by default.

Changing the SFTP Port

By lowering the danger of automated attacks, changing the default SFTP/SSH port gives an extra layer of security to your server.

💡
Configure your firewall to enable access to port 22 only from trusted hosts and set up SSH key-based authentication to secure your server from threats.

The methods below will show you how to modify the SSH port on a Linux computer.

Step 1 - Choose a New Port Number

Port numbers lower than 1024 in Linux are reserved for well-known services and can only be bound by root. To avoid port allocation concerns, you can use a port in the 1-1024 range for the SSH service, however, it is suggested that you choose a port greater than 1024.

You can modify the SFTP/SSH port to 4422 in this example, but you can use any port you choose.

Step 2 - Adjust Firewall

You must first open the new port in your firewall before changing the SFTP/SSH port.

If you're using Ubuntu's default firewall, UFW, open the port with the following command:

sudo ufw allow 4422/tcp

FirewallD is the default firewall administration tool in CentOS. Enter the following commands to open the port:

sudo firewall-cmd --permanent --zone=public --add-port=4422/tcp
sudo firewall-cmd --reload

Users using CentOS must also change their SELinux rules to accept the new SSH port:

sudo semanage port -a -t ssh_port_t -p tcp 4422

If you're running another Linux distribution with iptables, perform the following command to open the new port:

sudo iptables -A INPUT -p tcp --dport 4422 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

Step 3 - Configure SFTP/SSH

The /etc/ssh/sshd config file contains the SSH server configuration. Use your text editor to open the file:

sudo vim /etc/ssh/sshd_config

Look for a line that starts with Port 22. The hash (#) sign is usually used to comment out a line. Remove the # and replace it with your new SSH port number:

Port 4422

When modifying the configuration file, use extreme caution. The SSH service may be unable to start due to an erroneous setup.

To make the modifications take effect, save the file and restart the SSH service:

sudo systemctl restart ssh

The SSH service in CentOS is called sshd:

sudo systemctl restart sshd

Make sure the SSH daemon is listening on the new port by checking the following:

ss -an | grep 4422

You will get an output like below:

Output

tcp   LISTEN      0        128            0.0.0.0:4422           0.0.0.0:*
tcp   ESTAB       0        0      192.168.121.108:4422     192.168.121.1:57638
tcp   LISTEN      0        128               [::]:4422              [::]:*

Use the New SFTP Port

To change the port number, use the sftp command with the -P option and the new port number:

sftp -P 4422 username@remote_host_or_ip

Simply input the new port in the client interface if you're using a GUI SFTP client.

Conclusion

The SFTP port is 22 by default. You can, however, modify the port to any number you wish.

If you connect to several servers on a frequent basis, you can make your process easier by defining all of your connections in the SSH config file.

If you have any queries, please leave a comment below and we’ll be happy to respond to them.