Port Numbers used by SFTP Server and Client

0 votes
asked May 21 by Stony Kong (180 points)

We have the below questions concerning port number.

SFTP Client :
1. Does the SFTP client use any specific port number for connection to SFTP Server ?
2. Can we configure the SFTP client to use a specific port number ?
3. Is it correct that SFTP client only need outgoing port ?

SFTP Server :
4. I understand that the SFTP Server may also use other incoming ports (apart from the one that it will be listening to) so that it can accept connections from multiple clients simultaneously. Can we specify what port numbers the Server should use ?

We need the above information so that we may properly configure firewall equipment to ensure that those ports are not blocked.

Thanks.

1 Answer

0 votes
answered May 21 by Lukas Pokorny (101,070 points)
  1. SFTP runs over SSH, which usually uses port 22.
  2. Yes. Sftp object's Connect method accepts port as an optional argument:

    var sftp = new Sftp();
    sftp.Connect("test.rebex.net", 22);

  3. SFTP runs over SSH and only a single outgoing TCP connection (usually to port 22) is established during the whole duration of an SFTP session.

  4. I'm not sure I understand this question. Essentially all TCP protocols such as FTP, HTTP, TLS/SSL and SFTP/SSH that have been developed since 1970s were intended to be able to handle multiple clients simultaneously, and the TCP protocol itself makes it possible for multiple clients to establish multiple connections to the same port of the same server. Although Rebex File Server and other SFTP/SSH servers have an ability to listen on multiple ports, this would not bring any benefits because one port is sufficient.

commented May 21 by Stony Kong (180 points)
Thanks Lukas for your prompt response.

Frankly I must admit that I am not familiar with networking.

From SFTP Server log, I always see message like "Closed connection 192.168.1.17:49164". I have the impression that the client side is using this port number 49164 as it's outgoing port. I just wonder if that port number would have any chance of being blocked by the Firewall at client side PC.  

Thanks in advance for your patience and support.
commented May 21 by Lukas Pokorny (101,070 points)
Each TCP connection has two end points, where each end point is an IP address and port. Only the server-side endpoint is supposed to be using a well-defined number (such as 22 in case of SSH), the other is chosen randomly by the client. So when you establish a TCP connection from 192.168.1.17 to 1.2.3.4:22, the client side of the socket might end up using port number 49164. From a firewall's point of view, this is still outgoing connection because it has been established by a machine in local network connecting to the outside world.

However, this is somewhat beyond the scope of our support. For more information on TCP/IP, please refer to a book or a guide such as this one: http://tcpipguide.com/free/
...