List of content you will read in this article:
Today, the internet has become more prone to threats and hacker attacks, thus making it challenging to transfer crucial data. It reduces the risks and has made it more accessible for people to transmit high-end and critical data from one server to another. Several protocols ensure secured file transfer; one commonly used protocol is SFTP, also popularly known as SSH file transfer protocol. You can use its GUI wizard to transmit or execute command-line SFTP commands to serve the same purpose.
In this article, we will focus on what SFTP (client/server) is, how it works, its features, advantages and disadvantages, how it differs from FTP, how to change the default SFTP port number, and some commonly used SFTP client software. Not only this, we will cover some of the frequently used SFTP commands that will help you to transfer data without actually logging into the server manually.
What is SFTP? [Definition]
SFTP is an acronym for Secure file transfer protocol or SSH FTP. This protocol is used at the network layer to securely access, manage the files and transmit the data within the network. It allows two users to share data within a client-server architecture securely.
The data connection used for transmission should be protected with appropriate authentication standards and passwords.
Default SFTP Port Number 22
The SFTP default port number is 22; while establishing a secured connection between the client and the server. But if you want to change the port settings to another port number, you can change the default settings accordingly. We will see the sites later in this article.
SSH-2 version is incorporated into the SFTP, ensuring an encrypted and secured transport layer where the user can run the SFTP commands to transfer the data.
It is used on both the client and server sides, and we also need to understand them. It works much faster than the simple file transfer protocol because it is a packet-based protocol. Also, with SFTP, the mainstream connection is used to transmit the data, thus not requiring a separate connection as required in FTP for file transfer.
What is SFTP Server?
The secure file transfer protocol is based on the client-server architecture, which will require one client program and one server software.
To set up the SFTP server connection, the user will require a web server with proper Internet support with SFTP port 22, essential for your system’s secure file transfer protocol server.
When you install the SFTP server software on your system, it will generate the host's SSH key, allowing the user to create and grant permissions to the other users and groups to access the system for transferring the data. The SFTP is supported by all operating systems, such as Windows, Linux, Mac OSX, and another operating systems.
The SFTP client can be a graphical interface or command-line software allowing you to connect to the SFTP server and perform various tasks. Using this software, the user can connect, authenticate, and transmit the data securely within an encrypted network. By default, the SFTP server will have a port number of 22.
You can consider the below image showing the SSH session for communicating and exchanging data between the server and the client.
But, before you connect to the SFTP server via the SFTP client, you need to configure the following settings on the desktop for your SFTP client.
- The hostname of the server- hostname or IP address of the server.
- Port number- specify the TCP port on which the client will connect; the SFTP default port number is 22.
- Security protocol- you can choose your security protocol to make the connection, such as SFTP/TCP/SC.
- Username- specifies the username of the SFTP client through which you want to establish the connection to the server.
- Password- it is the password of the particular username that you use.
Suppose you establish the connection to a specific server for the first time. In that case, the server will generate a host key and provide it for transfer to the client to authenticate the connection. After that, whenever you connect to that server, the connection will establish without confirmation.
How does SFTP work?
SFTP uses TCP, a connection-oriented protocol allowing both devices to verify the connection before sending or receiving the files over the network. TCP ensures this using the three-way handshaking process. This process requires two systems: one sends the data, and the other receives the data.
The handshaking process involves the following steps-
Step 1: The sending device starts by sending an SYN message.
Step 2: After that, the receiver will acknowledge that message back to the sender.
Step 3: The sender device will again send an acknowledgment received message to the receiver.
This process ensures that both devices are ready to make the transfer. Other steps are performed by establishing an SSH connection to secure this transfer. Below are the standard steps to establish an SSH connection.
Step 1: The SSH will default use port 22, and the client starts the connection by verifying the server’s identity. Either the client is connecting to the server for the first time, requiring manual verification of the server’s public key. Another case is the client has already established the connection without user involvement.
Step 2: Both devices agree on the session key to encrypt and decrypt the data. The key is randomly generated.
Step 3: The server will use the SSH key pair to authenticate the client. The critical pair combines the public key (known to both parties) and the private key (known to the right client).
Check here to fix the SSL handshake failed error if you get an error message.
Features of SFTP and its Capabilities
Some fantastic features make SFTP more secure than FTP.
- It comes with two different authentication methods, such as securing data using ID and password or SSH keys; it is up to you what method you want to apply SFTP adds another security level by encrypting the authentication credentials and data.
- SFTP server generates a public-private key combination shared with the client.
- It does not only solve your purpose of transferring the files but also for accessing remote servers. As a result, SFTP clients help to resume interrupted transfers, access directory listings, etc.
- It supports IPv6 HTTP, TMUX, etc. you can also get enhanced functionality to upload and download the data.
- It allows the user to execute commands locally or on the remote server. You can transmit the data by compressing it to exceed the transfer limit.
Applications Of SFTP
Below are the benefits of SFTP.
- You can use SFTP to transfer sensitive data between two devices/hosts/servers, such as sharing data within institutions, government bodies, etc.
- You can also run and share the audit report across several organizations and regulatory bodies.
- You can also use the SFTP tool for creating, deleting, importing, and exporting files and directories. You can leverage its capability of storing and sharing big data files and the flexibility to access them from anywhere using appropriate credentials.
- SFTP is widely used within cloud computing via applications such as SEEBURGER and Cyberduck.
- Some commonly used SFTP clients are Filezilla and WinSCP, which are very popular among organizations for managing and sharing files.
- You can even share files secretly between two hosts by adding an extra security level to authenticate the processes.
Implementing SFTP within your organization has several advantages to securing your data transmission.
- With SFTP, the users’ credentials are encrypted, making it more secure.
- SFTP ensures key-based authentication to add another level of security using usernames and passwords, making SFTP more secure.
- SFTP ensures security by only using one server connection to transfer data without opening other server ports.
- It provides detailed information about the files being transferred, such as date, time, and size, helping you with the debugging process.
Disadvantages of SFTP
Using SFTP is not all about its advantages; you also have to face some limitations while using SFTP. Below are some that you must consider.
- Managing SSH keys is not as easy as it seems.
- You need to store the private keys on the device you are transferring the files to protect them against theft or loss.
- You will require a system administrator to set the SSH keys.
- You need to know how SSH works and execute the right commands on the command-line terminal.
Difference Between FTP And SFTP
File Transfer Protocol
Secure or SSH File Transfer Protocol
Open-source protocol to transfer the file between the two hosts.
It offers a secure SSH channel to transfer the file securely between client and server.
Do not support encryption.
It supports encryption by generating the encryption key before the data transfers.
Two different channels are used, one for control and another for transferring the data.
It uses the same channel for both control and data transmission.
by default TCP port number is 21
by default TCP port is 22, but you can configure it on 2222 or 2200.
Based on Client-server architecture.
The SSH architecture is used.
File transfer topology
It uses a direct file transfer methodology between the hosts and between clients.
It uses the tunneling topology to transfer files between the host and server machine and the encryption method.
Changing the SFTP Default Port
By default, the value of the SFTP port number is 22. But, changing this default value to another will make it difficult for hackers to hack your data transmission and reduce the risk. You can go through the following steps to change the port number.
Step 1: Choose a New Port Number
In a Linux machine, you cannot use port numbers below 1024, as they are reserved for well-known services. You can use a port number within the range of 1-1024 for the SSH service, but it is recommended to choose a value above 1024.
The below example uses the value 4433 for the SFTP port. You can choose any other number if 4433 is already taken.
Step 2: Adjusting Firewall
But before you change the SFTP port number, open a new port in your firewall. If you are using a UFW firewall, you can use the following command to open a new port.
sudo ufw allow 4433/tcp
CentOS machine (firewall management tool is FirewallD)-
sudo firewall-cmd --permanent --zone=public --add-port=4433/tcp
sudo firewall-cmd --reload
You also have to adjust the SELinux rules to add a new SSH port using the below command for the CentOS machine.
sudo semanage port -a -t ssh_port_t -p tcp 4433
Step 3: Configure SFTP/SSH
The SSH server configuration file is stored in the /etc/ssh/sshd_config file. To make changes, you need to open the file with your text editor:
sudo vim /etc/ssh/sshd_config
Then look for port 22. Remove the # from the beginning and enter the new SSH port number, as shown below.
Step 4: Restart the SSH service
Once you are done with the required changes, you need to restart the SSH services to put the change in effect. You can run the following command to restart the SSH server.
sudo systemctl restart ssh
In CentOS, the SSH service is named SSHD. Follow the below-listed centos command.
sudo systemctl restart sshd
Step 5: Verify that the SSH daemon is listening on the new port:
ss -an | grep 4433
SFTP Client Software
There are several SFTP client tools that you can use to connect to the remote SSH server securely and perform various tasks, such as copying, deleting, pasting, uploading, and downloading files. For your reference, we have mentioned some of the commonly used SFTP clients below.
Filezilla is a free and GUI-based FTP client software. You can use this software on various operating systems, such as Windows, Linux, and Mac OS, but the server is only compatible with Windows. It comes with FTP, SFTP, and IPv6 protocols. You can pause and resume the file transfer as per the requirement. It comes with the drag and drops feature for quick uploading and downloading files.
Windows Secure Copy (WinSCP) is a free SFTP and FTP client for Windows operating system. You can simply use this software to transfer the files between the host computer and the remote server. Like FileZilla, WinSCP also has drag-and-drop features for quickly uploading and downloading files. You can integrate this software with the PuTTY authentication agent to support SSH.
3. Solarwinds FTP Voyager Client
It is another free and open-source FTP client for securely transferring files via FTP, SFTP, and FTPS. It lets you connect to multiple servers simultaneously to transfer files and thus handle multiple processes using a single instance. It helps synchronize the folders automatically and schedule file transfers within the allocated time.
SFTP has secured all communication across the network. It adds another security level by authenticating the credentials of the logging client or using SSH keys. Understanding the needs of the SFTP is essential for the business dealing with transmitting critical and personal data. Implementing and setting SFTP requires technical knowledge and command-line commands.
In this article, you have received a lot of information about the default SFTP port number, what the SFTP port is, and how to change the default SFTP port number. Also, you can easily choose from the most commonly used SFTP clients to establish a secure connection to the SSH remote server and perform tasks accordingly. We have also given you a little information about the best SFTP client software available in the market; if you have any other suggestions about the SFTP port number, you can comment in the comment box. We also offer SSH servers you can buy them from MonoVM.
People also read: