Words By Van Glass
Last Updated:
SFTP uses port number 22 by default, facilitating secure data movement over a single internet connection. This SFTP port assignment allows SFTP to offer enhanced security and simplicity compared to other protocols like FTP/S, which require multiple ports. SFTP's reliance on a single port streamlines its operation while maintaining secure, encrypted transfers through SSH.
- Blog
- SFTP
- ssh
- sftp server
The SSH File Transfer Protocol (SFTP) uses TCP port 22 as its default port number. However, if you or your server administrator wishes to assign a different port number for your SFTP service, the protocol allows it. In this post, we’ll take a closer look at the default SFTP port number and tackle some key considerations when choosing alternate port numbers for your SFTP server. Before we do that, let’s review what SFTP is. Also known as Secure File Transfer Protocol, SFTP is an extension of Secure Shell (SSH). It was introduced in SSH v2 or SSH-2 as a method for transferring files. Since SFTP runs over SSH, every SSH server is technically an SFTP server as well. In addition, since SSH listens on port 22 by default, SFTP listens on that port number too. You must bear in mind that SSH also supports Secure Copy Protocol (SCP), another protocol for transferring files. Like SFTP, SCP also uses the same SSH port number — 22. However, SCP has fewer capabilities compared to the SFTP protocol. If you wish to know the key differences between these two protocols, you can read our article “SCP vs SFTP - 5 Key Comparisons.” SFTP is a popular alternative to the standard File Transfer Protocol (FTP) due to the former’s array of security features. The FTP protocol’s lack of security features makes it unsuitable for today’s business processes, which often involve personal information, financial data and other sensitive information. SFTP is equipped with public key cryptography, a cryptographic system that uses pairs of private keys and public keys. Public key cryptography enables data-in-motion encryption, authentication, digital signing and data integrity mechanisms. The same cryptographic system allows you to augment passwords with SSH keys (a.k.a. SFTP keys), thereby allowing you to implement two-factor authentication (2FA). These security features make SFTP perfect for meeting stringent security policies and regulatory requirements. Don’t confuse SFTP with FTPS. They’re both secure FTP alternatives, but are two different protocols. FTPS stands for FTP-over-SSL, with SSL being the acronym for Secure Sockets Layer, a now-obsolete cryptographic system that used to be a popular choice for securing network-based transactions. SSL has already been replaced by Transport Layer Security (TLS). However, many security solutions have opted to retain the ‘s’ in relevant acronyms. So, for example, FTPS still uses ‘S’ even if it actually uses TLS under the hood. You would mostly need an SFTP port number when you connect to an SFTP service from graphical SFTP clients like WinSCP or FileZilla, or from command-line clients like those built into endpoint device platforms such as Windows, Linux or Mac. You normally submit the port number along with the SFTP service’s IP address or hostname. For example, if your SFTP server is using port 2222, you would typically execute the following SFTP command from the terminal: sftp -oPort=2222 username@hostnameWhat is SFTP? A brief review
When is an SFTP port number needed?
Note, however, if the remote SFTP service is just using the default port number, 22, you normally won’t have to enter any port number anymore. Port number 22 will be submitted by default. So, for example, when you execute the following SFTP command to connect, you’ll no longer need to specify the port number:
sftp username@hostname
You’ll only need to specify a port number if the SFTP service is using a non-standard port number.
You would also need an SFTP port number when you connect any application to an SFTP service. For instance, when you set up a server-to-server file transfer, you would need an SFTP port number if your trading partner’s server is an SFTP server.
Lastly, you need an SFTP port number if you have to open that port in a network solution such as a firewall or Network Address Translation (NAT) device. Opening that port number on your network solution allows SFTP connections to pass through. Later in this article, we’ll show you how to open port 22 on Windows Server’s built-in firewall.
Picking an alternative to the SFTP default port for SFTP connection
While you can theoretically use a non-standard port number for your SFTP service, there are a few things to consider.
- Avoid reserved ports. If possible, avoid selecting port numbers in the range of 0-1023, as these are reserved for well-known services. For example, 80 is reserved for HTTP, 443 is reserved for HTTPS, 21 is reserved for FTP, 25 is reserved for SMTP and so on.
- Check port availability. Even if you use a port number outside the range of known reserved ports, make sure you check that port number’s availability. You may use netstat or any similar tool for this purpose.
- Document and disseminate. If you have to use a non-standard port, make sure you document it. That way, you or anyone who needs it in the future can easily look it up. Also, make sure you inform everyone who needs to access your SFTP service about the change. Some users might assume you’re using port 22, and will have difficulty connecting to your server.
- Update firewalls and network devices. If you have network devices along the path of your SFTP connection that allow or deny access, make sure the settings of those devices are updated with the right port number. Otherwise, you’ll encounter connection issues.
Essential How-Tos involving the SFTP port number
How to check the SFTP port number in Linux?
You have several options for checking the SFTP port number on Linux. We mentioned netstat earlier, so let’s use that command-line tool as an example. Run the following command in the terminal:
sudo netstat -tuln | grep ssh
This command will list all TCP and UDP listening ports along with the numeric addresses and names. The output will then be filtered with grep so that it only shows lines containing "ssh."
How to change the SFTP port in Windows?
We already know that SFTP uses port 22, but you can change that to a different port. To do that, you would need to modify the SSH server configuration file, sshd_config. Follow these steps to make the necessary changes:
- Open the sshd_config file with Notepad or ant text editor. In most cases, you’ll find that file in ‘C:\ProgramData\ssh\’ or ‘C:\Program Files\OpenSSH\’.
- Search for the line that includes ‘Port 22’.
- Change 22 to your desired port number, say for example, ‘Port 2222’.
- Save the changes.
- Restart your SSH server.
How to change the SFTP port in Linux?
You may follow the same steps as in the previous section, except that you’ll have to look for the sshd_config file in the directory ‘/etc/ssh’ and you’ll have to use nano, vi or some Linux-based text editor.
How to open SFTP port 22 in Windows Server?
To open port 22 in Windows Server, you need to open that port on Windows Server’s built-in firewall. Follow these steps to do that:
- Launch “Windows Defender Firewall with Advanced Security”
- Create an inbound rule. Go to Inbound Rules > New Rule.
- Select Port as the rule type.
- Specify the port number. Select TCP > Specific local ports and then enter 22.
- Select Allow the connection.
- Specify the profile for which the rule applies. In most cases, you’ll want to apply this rule to all profiles, so tick all checkboxes.
- Give the inbound rule a name, say, “Allow SFTP,” and then click Finish.
Can you use the default FTP port numbers for SFTP?
The default port number for standard FTP is 21. While it’s technically possible to use port 21 for your SFTP service, it’s not recommended. If you review our discussion about picking alternative ports for your SFTP service above, you should see that we discourage the use of reserved ports. Not only can it confuse end users, it can also cause interoperability and connectivity issues with applications that are supposed to connect to that SFTP service.
Next-Level SFTP: Revolutionize your file transfers with JSCAPE MFT by Redwood
Many businesses like to use the SFTP protocol to facilitate business processes, especially those that rely on data transfer and file sharing workflows. However, while regular SFTP servers do a good job at providing data-in-motion security, their capabilities are limited to that. A typical business-to-business (B2B) file transfer demands so much more.
For instance, most B2B file transfers require automation, high availability and system integrations. A regular SFTP server can’t offer you these capabilities out of the box. What you need is a managed file transfer (MFT) solution like JSCAPE MFT by Redwood. JSCAPE MFT supports SFTP along with several other business-grade file transfer protocols like FTP/S, HTTP/S, Applicability Statement 2 (AS2), Odette File Transfer Protocol (OFTP) and many others.
Not only that, JSCAPE MFT also comes with built-in automation, high availability and integration functionality. A JSCAPE MFT deployment is fully equipped to facilitate any B2B file transfer workflow on its own.
JSCAPE MFT can be installed on all major operating systems, including Windows, Linux, UNIX, AIX and macOS. It’s also offered as a cloud-based Software as a Service solution, JSCAPE MFTaaS.
Get Your Free Trial
Would you like to try this yourself? JSCAPE enables you to handle any file type, including batch files and XML.
Request your free trial of JSCAPE MFT Server now.
Related Content
How To Automate An SFTP File Transfer
Install A Linux SFTP Server Via Command Line And Configure Via Web UI
How To Automatically Transfer Files From SFTP To Azure Blob Storage
That Free FTP Server Might Cost More Than You Think
Popular Articles
View more by JSCAPE
How to setup SFTP public key authentication on the command line
14min read —
SFTP Public Key Authentication enhances security by allowing users to access SFTP services without passwords, favoring automated transfers. The setup process involves creating a .ssh directory, generating a key pair with ssh-keygen, securing permissions, and copying the public key to the server, ensuring a secure connection without the need for passwords
Read ArticleActive vs. passive FTP Simplified
24min read —
The difference between active FTP and passive FTP modes lies in how connections are made. In active mode, the client initiates the connection with a PORT command, making the server connect back for data. In passive mode, the client uses a PASV command, gets a server port, and starts the data transfer connection.
Read ArticleActive-active vs. active-passive high-availability clustering
7min read —
Active-active high availability clusters distribute workloads evenly across all nodes, ensuring optimal load balancing. In contrast, an active-passive setup keeps nodes on standby, activating them only when the primary fails, leading to potential delays. Active-active configurations offer reduced downtime and improved performance, making them the preferred choice for continuous system availability.
Read Article
Posts By Category
Explore All Topics
- JSCAPE MFT
- Managed File Transfer
- Secure File Transfer
- Tutorials
- Business Process Automation
- Videos
- News
- SFTP
- Triggers
- FTP
- AS2
- FTPS
- File Transfer Clients
- Ad-Hoc File Transfers
- Reverse Proxy
- Accelerated File Transfer
- file transfer
- Case Studies
- mft solutions
- sftp server
- ssh
- webdav
- webdav server
- Client Certificate Authentication
- Configuration
- EDI
- JSCAPE SaaS
- RSA 4096
- authentication
- encryption
- file transfer protocol
- load balancing
- security
- transfer protocols
- ASCII
- AWS
- Amazon S3
- Clustering
- DSA
- DSA vs RSA
- FTP Server
- FTP command line
- FTP/S
- HMAC
- High Availability
- Integration
- Load
- Load Balancer
- MDN
- OpenPGP keys
- Product Release
- RSA vs DSA
- S3
- SCP
- SMTP ports
- Transfer mode
- Windows SFTP Client
- binary mode
- binary transfer
- client certificate
- data streaming
- decrypt
- diffie-hellman-group1-sha1
- digital certificates
- forward proxy
- ftp active mode
- ftp active vs passive
- ftp client
- ftp commands
- ftp passive mode
- ftp put command
- gnu privacy guard
- gpg
- key exchange
- key fingerprint
- licenses
- mft gateway
- passive ftp
- pgp
- port 25
- port 587
- proxy server
- reverse proxy server
- sftp port
- sftp port number
- windows ftp
Related Content
Read more about SFTP
7 alternatives to an SFTP platform you probably didn’t know
10min read —
Explore seven secure alternatives to SFTP for business file transfers, from SCP and OFTP to MFT solutions. Understand the pros and cons of each option, and learn why Managed File Transfer (MFT) might offer the most comprehensive security, automation, and integration features for your organization's needs. Discover the best solution for your file transfer requirements today.
Read ArticleFixing SSH/SFTP client connection issues involving Diffie-Hellman-Group1-SHA1
7min read —
If you're troubleshooting SSH/SFTP connection issues related to Diffie-Hellman-Group1-SHA1, you’re likely dealing with outdated and insecure key exchange algorithms. This article explains the root cause of the problem and provides four practical solutions to fix it. Learn how to enhance your connection security and maintain compatibility. Read on to find the best solution for your needs.
Read ArticleWhen SFTP isn’t enough— Signs you need an MFT Solution
19min read —
If SFTP limitations hinder your operations, consider an MFT solution for automation, protocol versatility, and advanced security. Explore our detailed blog post to learn when it's time to transition from SFTP to MFT and elevate your data transfers.
Read Article