cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2887
Views
10
Helpful
4
Replies

Problem with port 22 SFTP

piggio
Level 1
Level 1

A customer asked me to setup a server SFTP (using openSSH or FreeSSHd). This server passes through a firewall that accepts only port 22 and is connected to just one client. I know it's really weird but they don't want to open other ports on firewall. And they are asking if the server can use port 22 for the server itself but also for the client.

The server has Windows Server 2008 64 (with freeSSH/OpenSSH) while the client has Windows XP (with putty/winscp)

Unfortunately I have no other info about the network itself neither the firewall brand (may be an ABB firewall). 

Do you know if SSH encrypts also the port number of the client? If so there should be no problem to have open only port 22 on the firewall?

Do you know if I can choose this port 22 instead of the big port pool it usually uses?

I appreciate any help, thanks!!

 

4 Replies 4

Hi @piggio

If you want to allow the communication between server and client on port 22 through a firewall, you just need to create a rule where the source IP address is client's IP address, destination IP address is server's IP address and port is 22.

The connection will be secure end-to-end and you don't need to open port 22 for client.  Client will not be listen on port 22, only server and you can not control on which port client is going to use and it is not necessary. 

 Hope that helps.

 

 

-If I helped you somehow, please, rate it as useful.-

 

 

Thanks for the help!

The firewall has only port 22 opened

If the client has the source port 7777 

How can be possible that the firewall doesn't block the port of the client?? 

May be the firewall blocks only well known ports?

Hi,

 Firewall block any port but not the source port. And Firewall is statefull, this means that it is able to track a connection, create a table for it and allows both direction.

 

 

-If I helped you somehow, please, rate it as useful.-

Thank you for the reply and the  solution!!

Review Cisco Networking for a $25 gift card