No, SFTP is not a protocol that runs on a specific port it is a sub-protocol (actually a subsystem) of SSH. FYI, SSH enables opening multiple channels on the same session. You can run shell commands (what many mistakenly call SSH) SFTP and SCP as well as tunnels concurrently on the same SSH session. The port is always 22 (SSH) for SFTP and SCP (and any other channel - e.g. PROXY, SOCKS, etc...)..
> From: jain.garim...@gmail.com > Date: Tue, 21 Jun 2016 11:42:58 +0530 > Subject: Re: Partial Disabling of port 22 using apache-mina SSHD > To: dev@mina.apache.org > > Can I keep the port open for sftp and close for ssh? > > -Garima Jain. > > On Mon, Jun 20, 2016 at 10:33 PM, garima jain <jain.garim...@gmail.com> > wrote: > > > Thanks. Will use that. > > > > -Garima Jain > > On Jun 20, 2016 10:31 PM, "Ashish" <paliwalash...@gmail.com> wrote: > > > >> On Mon, Jun 20, 2016 at 9:43 AM, garima jain <jain.garim...@gmail.com> > >> wrote: > >> > Can we use black list/whitelist feature? > >> > >> This is what you should use. > >> > >> > > >> > -Garima Jain > >> > On Jun 20, 2016 10:12 PM, "elijah baley" <e_ba...@outlook.com> wrote: > >> > > >> >> There are many options - depending on the actual setup: > >> >> - You can move SSHD to a non-standard port on all interfaces - easy to > >> do > >> >> when setting up the server - just call "setPort" on the SshServer > >> instance- > >> >> You can bind SSHD to a specific interface (e.g., 127.0.0.1)om port 22 > >> and > >> >> bind SFTP to the public interface on port 22 - easy to do just call > >> >> "setAddress" (or something to that effect) on the SshServer instance > >> >> I could think of more exotic options - e.g. similar to sslh, using > >> >> HAPROXY, etc., etc. > >> >> > From: jain.garim...@gmail.com > >> >> > Date: Mon, 20 Jun 2016 12:10:26 +0530 > >> >> > Subject: Re: Partial Disabling of port 22 using apache-mina SSHD > >> >> > To: dev@mina.apache.org > >> >> > > >> >> > Hi elijah, > >> >> > > >> >> > The requirement is to block port 22 for SSH and accept SFTP > >> connections > >> >> on > >> >> > Port 22. Is there a class/method that can help us achieve the aim? > >> >> > > >> >> > -Garima Jain. > >> >> > > >> >> > On Fri, Jun 17, 2016 at 3:27 PM, elijah baley <e_ba...@outlook.com> > >> >> wrote: > >> >> > > >> >> > > Is there some reason your code cannot examine the incoming client > >> >> address > >> >> > > and reject it if it does not match some specified criteria (e.g., > >> mask, > >> >> > > network, closed group of IPs - whatever...) ? > >> >> > > > >> >> > > > From: jain.garim...@gmail.com > >> >> > > > Date: Fri, 17 Jun 2016 14:50:51 +0530 > >> >> > > > Subject: Partial Disabling of port 22 using apache-mina SSHD > >> >> > > > To: dev@mina.apache.org > >> >> > > > > >> >> > > > Hi, > >> >> > > > > >> >> > > > > >> >> > > > > >> >> > > > We are using com.springsource.org.apache.mina-1.0.2.jar in our > >> >> product. > >> >> > > > The requirement is to disable port 22 for all incoming traffic > >> over > >> >> SSH > >> >> > > but > >> >> > > > the same port is required to communicate with few IP’s over 22. > >> Is > >> >> there > >> >> > > a > >> >> > > > way to handle selective port blocking? > >> >> > > > > >> >> > > > > >> >> > > > -Garima Jain. > >> >> > > > >> >> > > > >> >> > >> > >> > >> > >> -- > >> thanks > >> ashish > >> > >> Blog: http://www.ashishpaliwal.com/blog > >> My Photo Galleries: http://www.pbase.com/ashishpaliwal > >> > >
