Skip to content

Port 22: SSH / SFTP — Complete Guide

TL;DR:

Secure remote access and file transfer. Standard for Linux/Unix administration. Standard TCP port, used by the SSH / SFTP service.

Check your host & ports →

What is port 22

Port 22 is reserved by IANA for the SSH / SFTP service. Secure remote access and file transfer. Standard for Linux/Unix administration.

Check if the port is open online

To find out if port 22 is open on your host (or a third-party's — for diagnostics), use our port checker. Enter a domain and a port number — results arrive in 1-2 seconds.

Check port 22 →

Security

An open port is a potential attack vector. General rules:

  • Close everything you don't use (firewall default-deny)
  • For admin ports (22 SSH, 3389 RDP, 3306 MySQL) — IP whitelist or VPN
  • Base cases: 80+443 open for web; 22 — from work/VPN only; DB ports — loopback only
  • Use fail2ban for SSH/admin panels

Understanding SSH and SFTP Protocols

Port 22 serves as the default communication channel for both SSH (Secure Shell) and SFTP (SSH File Transfer Protocol). While SSH is primarily used for secure remote administration, SFTP focuses on secure file transfers. Both protocols leverage cryptographic techniques to ensure confidentiality and integrity during data transmission.

SSH provides a secure channel over an unsecured network by implementing strong encryption algorithms, which protect against eavesdropping and interception. It allows users to log into remote machines, execute commands, and manage files with secure terminal access. SFTP, on the other hand, extends SSH's capabilities, allowing users to transfer files securely between a client and server.

Both protocols utilize a client-server architecture. The SSH client initiates a connection to the SSH server on port 22, establishing a secure session. Once authenticated, users can perform various tasks, including remote command execution and secure file transfers.

In summary, SSH and SFTP are critical for maintaining security in remote access and file management, making port 22 a vital component in network configurations.

How to Check if Port 22 is Open

To ensure that port 22 is open and accessible, system administrators can use various tools and commands. Here are some effective methods to check the status of port 22 on a server:

  • Using Telnet: You can use the telnet command to check if port 22 is open. Run the following command in your terminal:
telnet your.server.ip 22

If the connection is successful, you will see a message indicating that you are connected to the server. If it fails, you will receive an error message.

  • Using Netcat (nc): Netcat is another versatile tool for checking open ports. Use the following command:
nc -zv your.server.ip 22

The output will indicate whether the port is open (success) or closed (failure).

  • Using Nmap: Nmap is a powerful network scanning tool that can provide detailed information about open ports. To check port 22, execute:
nmap -p 22 your.server.ip

The result will show whether port 22 is open or filtered.

These commands are essential for troubleshooting connectivity issues and ensuring that your SSH/SFTP services are operational.

Configuring SSH for Enhanced Security on Port 22

While port 22 is the default for SSH, it's essential to implement security measures to protect against unauthorized access. Here are some configuration options to enhance SSH security:

  • Change the Default SSH Port: Although port 22 is widely used, changing it to a non-standard port can reduce the risk of automated attacks. Edit the SSH configuration file:
sudo nano /etc/ssh/sshd_config

Modify the line:

Port 22

to a different port, e.g.,

Port 2222

After saving the changes, restart the SSH service:

sudo systemctl restart sshd

  • Disable Root Login: Prevent direct root login by modifying the SSH configuration:
PermitRootLogin no

Instead, use a standard user account for SSH access and elevate privileges using sudo.

  • Implement Key-Based Authentication: Use SSH keys instead of passwords for authentication. Generate a key pair on the client:
ssh-keygen -t rsa

Copy the public key to the server:

ssh-copy-id user@your.server.ip

Then, disable password authentication:

PasswordAuthentication no

By applying these configurations, administrators can significantly strengthen the security of SSH connections on port 22.

Learn more

Sources

Frequently Asked Questions

Why close port 22?

Every open port is an attacker's entry point. If the service is not used (or uses a different port), close it to minimise attack surface.

How to check port 22 without Enterno.io?

From a local machine: <code>nc -zv hostname 22</code> or <code>telnet hostname 22</code>. The online checker is simpler — from different IPs, one click.

Try the live tool that powered this guide

Free plan — 10 monitors, checks every 5 min, no card required. Upgrade for 1-minute interval and multi-region monitoring.