What Port Does SFTP Use? A Complete Guide

What Port Does SFTP Use

What port does SFTP use? Quick Answer: SFTP uses port 22 by default – the same port used by SSH (Secure Shell). This is because SFTP runs as a subsystem of SSH, making it inherently secure and encrypted.

Understanding SFTP and Its Default Port

SFTP (SSH File Transfer Protocol) is a secure file transfer protocol that provides encrypted file access, transfer, and management functionality over a network connection. Unlike FTP, which uses separate ports for commands and data transfer, SFTP uses a single port for all communications.

Why Port 22?

SFTP uses port 22 because it operates as an extension of the SSH protocol. When you connect to an SFTP server, you establish an SSH connection first, then invoke the SFTP subsystem within that secure channel. This design provides several advantages:

  • Single port simplicity: Only one port needs to be opened in firewalls
  • Built-in encryption: All data is encrypted by default using SSH’s encryption
  • Authentication flexibility: Supports both password and key-based authentication
  • No separate data channel: Unlike FTP, all communication happens through one connection

SFTP vs. FTPS: Understanding Port Differences

It’s important not to confuse SFTP with FTPS (FTP over SSL/TLS), as they use different ports:

Protocol Control Port Data Port Description
SFTP 22 (same as control) SSH File Transfer Protocol
FTPS (Explicit) 21 Dynamic high port FTP over TLS/SSL
FTPS (Implicit) 990 (same as control) Legacy secure FTP
FTP 21 20 (Active Mode) Standard insecure FTP

Configuring Custom SFTP Ports

While port 22 is the default, you can configure SFTP to use a different port for enhanced security or to avoid conflicts. Here’s how to do that with a standard SSH server:

On Linux/Unix Systems

  1. Edit the SSH configuration file:
    bash
    sudo nano /etc/ssh/sshd_config
  2. Find or add the Port directive: 
    Port 2222  # Custom port number
  3. Restart the SSH service:
    bash
    sudo systemctl restart sshd

For SFTP Gateway

To configure SFTP ports on SFTP Gateway from Thorn Technologies, use this documentation from our Knowledge Base: Changing the Default SFTP Port · SFTP Gateway Support.

Security Considerations for Custom Ports

Using a non-standard port can provide some benefits:

  • Reduced automated attacks: Many bots only scan default ports
  • Avoiding port conflicts: Useful if port 22 is already in use
  • Compliance requirements: Some organizations mandate non-standard ports

However, remember that security through obscurity is not a complete solution. Always implement proper authentication and access controls.

Connecting to SFTP on Different Ports

When connecting to an SFTP server on a non-standard port, you’ll need to specify the port number:

Command Line Examples

bash
# Using sftp command
sftp -P 2222 username@hostname

Popular SFTP Clients

Most SFTP clients allow you to specify custom ports:

  • FileZilla: Enter the port in the “Port” field
  • WinSCP: Include port in the host field (hostname:port) or use the dedicated port field
  • Cyberduck: Specify port in the connection dialog
  • PuTTY: Enter port number in the configuration window

Firewall Configuration for SFTP

To allow SFTP connections through a firewall, you need to open the appropriate port:

Windows Firewall

powershell
# Allow SFTP on port 22
New-NetFirewallRule -DisplayName "SFTP" -Direction Inbound -Protocol TCP -LocalPort 22 -Action Allow

Cloud Firewall Configuration for SFTP

In cloud environments, SFTP access is typically controlled through cloud security groups or network security groups (NSGs) rather than traditional OS-level firewalls. For specific port requirements when using SFTP Gateway, including port 22 and other necessary ports, check out this Knowledge Base article on ports and protocols for SFTP Gateway.

Troubleshooting SFTP Port Issues

Common problems and solutions when dealing with SFTP ports:

Port Already in Use

Check what’s using the port:

bash
# Linux
sudo netstat -tlnp | grep :22

# Windows
netstat -an | findstr :22

Connection Refused

  • Verify the SSH/SFTP service is running
  • Check firewall rules
  • Confirm the correct port number
  • Test connectivity: telnet hostname 22

Timeout Issues

  • Check for intermediate firewalls blocking the port
  • Verify network connectivity

Best Practices for SFTP Port Management

  1. Document port changes: Always document non-standard ports in your system documentation
  2. Use strong authentication: Combine port changes with key-based authentication
  3. Monitor access logs: Regularly review SSH/SFTP access logs
  4. Keep software updated: Regularly update SSH server software

Advanced SFTP Port Configuration

These advanced configurations can help in specific enterprise scenarios:

Multiple Ports

Configure SSH to listen on multiple ports when you need to support different client configurations or migration scenarios:

Port 22
Port 2222

Use case: Gradually migrating clients from one port to another without service interruption.

Conclusion for “What Port Does SFTP Use?”

SFTP uses port 22 by default, leveraging the secure SSH protocol for encrypted file transfers. While you can configure custom ports for specific needs, the default port 22 remains the standard for most implementations. Whether setting up an SFTP server or connecting as a client, understanding port configuration is crucial for successful and secure file transfers.

Remember that changing the default port is just one aspect of securing your SFTP server. Always implement comprehensive security measures including strong authentication, regular updates, and proper access controls to ensure your file transfer operations remain secure.

Key Takeaways

  • SFTP default port: 22 (TCP)
  • Same port as SSH because SFTP runs over SSH
  • Can be customized in SSH server configuration
  • Different from FTPS which uses ports 990 or 21
  • Single port for all communication (unlike FTP)
  • Always use encryption and strong authentication regardless of port choice

Simplify SFTP Management with SFTP Gateway

Managing SFTP servers, ports, and user access can become complex, especially in cloud environments. SFTP Gateway by Thorn Technologies provides a managed SFTP solution that simplifies these challenges:

How SFTP Gateway Helps

  • Automated port management: No need to manually configure or maintain SSH/SFTP ports
  • Cloud-native design: Seamlessly integrates with AWS S3, Azure Blob, and Google Cloud Storage
  • Enhanced security: Built-in key management and access controls
  • User-friendly interface: Manage SFTP users without SSH configuration files
  • High availability: Automated failover and load balancing
  • Compliance ready: Meets regulatory requirements with audit logging and encryption

Instead of managing traditional SFTP servers and worrying about port configurations, firewall rules, and SSH hardening, SFTP Gateway provides a turnkey solution that handles the complexity for you. Users connect on the standard SFTP port 22, while the backend automatically manages secure file storage in your cloud environment.

Learn more about SFTP Gateway and how it can simplify your secure file transfer needs while maintaining the familiar SFTP protocol your users already know. Ready for a deeper look? Check out the free white paper SFTP Gateway for the Enterprise.

Get insights on SFTP Gateway, cloud computing and more, in your inbox.

Get smarter about all things tech. Sign up now!

Request a demo
Request a demo
Scroll to Top