Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
2889
Views
10
Helpful
4
Replies

Problem with port 22 SFTP

piggio
Level 1
Level 1

ā€Ž11-03-2017 01:21 AM - edited ā€Ž02-21-2020 06:38 AM

A customer asked me to setup a server SFTP (using openSSH or FreeSSHd). This server passes through a firewall that accepts only port 22 and is connected to just one client. I know it's really weird but they don't want to open other ports on firewall. And they are asking if the server can use port 22 for the server itself but also for the client.

The server has Windows Server 2008 64 (with freeSSH/OpenSSH) while the client has Windows XP (with putty/winscp)

Unfortunately I have no other info about the network itself neither the firewall brand (may be an ABB firewall). 

Do you know if SSH encrypts also the port number of the client? If so there should be no problem to have open only port 22 on the firewall?

Do you know if I can choose this port 22 instead of the big port pool it usually uses?

I appreciate any help, thanks!!

 

Labels:
0 Helpful
4 Replies 4

Flavio Miranda
VIP
VIP

ā€Ž11-03-2017 04:26 AM

Hi @piggio

If you want to allow the communication between server and client on port 22 through a firewall, you just need to create a rule where the source IP address is client's IP address, destination IP address is server's IP address and port is 22.

The connection will be secure end-to-end and you don't need to open port 22 for client.  Client will not be listen on port 22, only server and you can not control on which port client is going to use and it is not necessary. 

 Hope that helps.

 

 

-If I helped you somehow, please, rate it as useful.-

 

 

piggio
Level 1
Level 1
In response to Flavio Miranda

ā€Ž11-06-2017 02:49 AM

Thanks for the help!

The firewall has only port 22 opened

If the client has the source port 7777 

How can be possible that the firewall doesn't block the port of the client?? 

May be the firewall blocks only well known ports?

0 Helpful

Flavio Miranda
VIP
VIP
In response to piggio

ā€Ž11-06-2017 03:53 AM

Hi,

 Firewall block any port but not the source port. And Firewall is statefull, this means that it is able to track a connection, create a table for it and allows both direction.

 

 

-If I helped you somehow, please, rate it as useful.-

piggio
Level 1
Level 1
In response to Flavio Miranda

ā€Ž11-07-2017 05:20 AM

Thank you for the reply and the  solution!!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card