How to Change SFTP Port

How to Change SFTP Port

SFTP (SSH File Transfer Protocol) is a secure file protocol for transferring files between two hosts via an encrypted connection. This also allows you to perform various file operations on the remote file and continue file transfer.

SFTP can be used instead of the legacy FTP protocol. It has all the functions of FTP but with a safer connection.

This article explains how to change the default SFTP port on Linux. We will also show you how to configure your firewall to allow for new ports.

Don’t confuse SFTP with FTPS. Both protocols have the same purpose. However, FTPS stands for FTP Secure, and this is an extension of the standard FTP protocol with support for TLS.

What Port Does SFTP Use?

SFTP is an SSH subsystem and provides the same level of security as SSH.

The default SFTP port is 22.

Change the SFTP Port

Changing the default SFTP / SSH port adds an additional layer of security to your server by reducing the risk of automatic attacks.

The following steps explain how to change the SSH Port on a Linux machine.

1. Select a New Port Number

On Linux, port numbers under 1024 are reserved for popular services and can only be rooted. Although you can use ports in the range 1-1024 for SSH services to avoid port allocation problems, it is recommended to select ports above 1024.

This example shows how to change an SFTP / SSH port to 4422, but you can choose whatever port you like.

2. Adjust the Firewall

Before changing the SFTP / SSH port, you must open a new port on your firewall.

If you use UFW, the default firewall in Ubuntu, run the following command to open the port:

sudo ufw allow 4422/tcp

On CentOS, the default firewall management tool is FirewallD. To open a port, enter the following command:
sudo firewall-cmd --permanent --zone=public --add-port=4422/tcp
sudo firewall-cmd --reload

CentOS users also need to adjust SELinux rules to allow new SSH ports:

sudo semanage port -a -t ssh_port_t -p tcp 4422

If you use another Linux distribution running iptables, to open a new port run:

sudo iptables -A INPUT -p tcp --dport 4422 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

3. Configure SFTP / SSH

The SSH server configuration is stored in the / etc / ssh / sshd_config file. Open file with your text editor:

sudo vim /etc/ssh/sshd_config

Look for the starting line with Port 22. Usually, this line is commented using the hash symbol (#). Delete hash # and enter your new SSH port number:

Port 4422

Be careful when editing configuration files. Incorrect configuration can prevent the SSH service from starting.

When finished, save the file and restart the SSH service for the changes to take effect:

sudo systemctl restart ssh

On CentOS, the SSH service is called sshd:

sudo systemctl restart sshd

Make sure the SSH daemon is listening on a new port:

ss -an | grep 4422

The output will look like this:

tcp   LISTEN      0        128   *
tcp   ESTAB       0        0
tcp   LISTEN      0        128               [::]:4422              [::]:*

Use the New SFTP Port

To determine the port number activate the sftp command with the -P option followed by the new port number:

sftp -P 4422 username@remote_host_or_ip

If you are using a SFTP client GUI, just enter a new port in the client interface.


The default SFTP port is 22. However, you can change the port to whatever number you want.

If you regularly connect to several systems, you can simplify your workflow by defining all your connections in the SSH configuration file.

Feel free to leave a comment if you have questions.

Related posts

How to Install Apache Cassandra on CentOS 8


How to Count Files in Directories on Linux


How to Install Drupal 9 with Nginx and Let’s Encrypt SSL on Debian 10


How to Install Xrdp Server (Remote Desktop) on Ubuntu 20.04


How to install Lightworks on Ubuntu


How to Install Ruby On Rails on Ubuntu 20.04


How to Install Node.js and npm on Ubuntu 20.04


How to integrate the ONLYOFFICE editor with the Nuxeo Platform


How to Install Ubuntu on a Raspberry Pi