Welcome to the Power Users community on Codidact!
Power Users is a Q&A site for questions about the usage of computer software and hardware. We are still a small site and would like to grow, so please consider joining our community. We are looking forward to your questions and answers; they are the building blocks of a repository of knowledge we are building together.
Does changing a port address (number) necessates port forwarding?
In the past I have rented hosting services from SiteGround. I recall that their SSH/SFTP port address was different than 22 so I would assume that maybe data was forwarded from port (address) 22 to the other port address.
1 answer
When the ssh daemon starts up, it reads the config file for the interfaces it should bind to (listen on) and the port number(s). The default interface is "all" and the default port number is 22.
The number was applied for and assigned as a well-known port number. On many systems, there is a file /etc/services or similar which lists port numbers and human readable names which can be used as substitutes.
If the port number is under 1024, traditional systems require root privilege. This is an anti-impersonation feature, so that these low port numbers are answered by the system's official daemons rather than any user who happened to claim it first.
Many administrators choose to run ssh on a port other than 22 because it is a target for scanning that can produce lots of log traffic. Changing the port number is not a significant security measure, but it can reduce the log traffic.
The port number that a daemon is listening to is the port number that must be specified by a client trying to communicate with it. Port forwarding is a duplication arranged by another daemon, so that a client can talk to a specific port (say, 22) but the underlying daemon can be listening on some other port (generally above 1024). That concentrates the root privilege to the duplicating daemon and may mean that the underlying daemon does not need root privilege.
1 comment thread