What are Ports?
Ports, also known as channels, are an integral part of the successful delivery and communication process of secure files. Although the specific protocols that operate on these ports makes the most difference, are you aware of which actual port SFTP uses?
What is SFTP?
SFTP (SSH File Transfer Protocol) is a file transfer protocol built upon the SSH (Secure Shell) transport layer and is used to securely move large amounts of data over an internet connection.
SFTP utilizes SSH to establish a secure authenticated connection and provide organizations with a higher level of file transfer protection. It uses the SSH authentication and cryptographic capabilities to keep files secure during the transfer process.
Is Port 22 Better than FTP?
SFTP is more friendly to today’s client-side firewalls since it only requires a single port (22) to be open for sending controls and for sending or receiving data files. The fact that SFTP uses a single port for all communications can make it easier to use than FTPS, especially when dealing with strict firewall policies.
Although the design of the FTP protocol also uses just one channel (port 21) for sending commands and receiving acknowledgements, it has to open additional channels dynamically in order to send files. The client and server software negotiate these channels immediately, but this poses an issue for client-side firewalls because a large number of ports need to be open to the server’s IP address in order for the protocol to operate through the firewall unabated.
When is an SFTP Port Needed?
When you want to transfer files securely between a client and server over a network, an SFTP port is needed for SFTP’s ability to protect data with encryption via a single port (port 22), unless that port is changed for specific purpose. SFTP provides additional security over FTP or other unsecure file-sharing protocols, which require multiple ports. The SFTP default port is port 22, also used by SSH (Secure Shell).
In addition to using an SFTP for encrypted, secure file sharing, the SFTP port can also be used for:
- Controlling access: If you need to secure interactions with an application or service requiring an SFTP file server, you’ll need access to the SFTP port.
- Accessing a remote server: If you need to securely upload, download, or manage files with a remote server that supports SFTP, you’ll also need port 22, or the SFTP port.
- Configuring firewalls: You’ll need to enable SFTP connections for your firewalls or other network security. Port 22 is the default port, however, depending on your security or network policies, a different port for SFTP may be configured.
SFTP Port Alternatives
While alternative ports “can” be used instead of SFTP’s default (port 22), it is not recommended, as any security benefits are minimal, and configuring a non-standard SFTP port can also introduce troubleshooting or compatibility issues.
A few unique situations, however, can potentially justify an alternate port, although it is not recommended security-wise: If a firewall or rate-limiting blocks port 22, or if you encounter highly segmented networks and their firewall rules, configuring a different port may help bypass restrictions.
Other reasons not to switch from port 22 for SFTP transfers:
- Perceived added security not realized: Automated cyberattacks against port 22 can just as easily be targeted to non-standard ports, so trying to obscure the SFTP may be futile against port scanning for the new port. Instead, add additional security via strong authentication methods and automatic encryption.
- Firewalls: These are typically configured for SSH traffic, so any change from the default port 22 may require manual adjustments or reconfigurations to allow traffic in. Non-standard ports might be blacklisted or blocked, slowing connectivity.
- Standardization: With port 22 the standard port for both SFTP and SSH, it is widely accepted and expected by software solutions.
- Compatibility: Firewalls and other network security measures expect SFTP traffic to come though via port 22, so custom-selected ports can require more complex or cumbersome configurations for every client attempting to connect to the server.
- Troubleshooting: Reverting from the default SFTP port 22 can create confusion and slow down any troubleshooting efforts from network administrators.
Alternate Port Usage
If you do wish to use a different port than port 22, you’ll want to avoid port numbers that fall between 0 and 1023, as those are already reserved for other popular services, such as:
| Port | Typically Reserved For |
| 21 | FTP/FTPS Explicit |
| 23 | Telnet protocol |
| 25 | SMTP |
| 80 | HTTP |
| 115 | TCP |
| 443 | HTTPS |
| 990 | FTPS (Implicit) |
How to Open Port 22
How to Open a SFTP Port Number in Windows
- Select Services / Service Manager
- Select the “gear” icon next to SFTP
- Select “Listener: default”
- Enter the desired port number (22 is the default)
Most organizations have a third-party firewall outside of their individual servers that serve their entire network. For all third-party connections, refer to your firewall user manual.
Implement GoAnywhere’s SFTP Client in Your Organization Today
Ready to give our SFTP client a try? Download our free trial of GoAnywhere MFT. Our solution takes minutes to install, is quick to figure out, and is fully functional for 30 days so you can determine if it's the right fit for your organization.
