mina-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Hoffer <dhoff...@gmail.com>
Subject Re: Why are high ports used by SFTP server implementation?
Date Wed, 24 Feb 2016 01:52:21 GMT
Hum, that's not entirely clear to me.  The first link says...

'A TCP/IPv4 connection consists of two endpoints, and each endpoint
consists of an IP address and a port number.  Therefore, when a client user
connects to a server computer, an established connection can be thought of
as the 4-tuple of (server IP, server port, client IP, client port).
Usually three of the four are readily known -- client machine uses its own
IP address and when connecting to a remote service, the server machine's IP
address and service port number are required.

What is not immediately evident is that when a connection is established
that the client side of the connection uses a port number.  Unless a client
program explicitly requests a specific port number, the port number used is
an *ephemeral* port number.  Ephemeral ports are temporary ports assigned
by a machine's IP stack, and are assigned from a designated range of ports
for this purpose.
In our case the server is configured to listen on port 22 and the client
connects to port 22 so isn't that fixing the port on both sides at port
22?  Are you saying that although port 22 is the logical port used on both
systems, that in reality a different port is used on the client to connect
to the server?  We are using SSH only here I understand that only used port
22.

Regarding the second link is that for FTP or also for SFTP?  I know FTP
uses passive ports and so does FTPS but we are only using SFTP, e.g. file
transfer as part of SSH.

Do those links really describe my situation?  Or are those high ports
created on the server so it can hand off work so it can listen on 22
again?  E.g. is it using separate ports to communicate with clients instead
of multiple threads on same port?

Its not clear to me yet, trying to understand.

-Dave




On Tue, Feb 23, 2016 at 4:32 PM, Chad Beaulac <cabeaulac@gmail.com> wrote:

> Hey Dave,
>
> Listener servers hand off to ephemeral ports.
> http://www.ncftp.com/ncftpd/doc/misc/ephemeral_ports.html
> You need ephemeral ports so a server can start listening on port 22 again
> while something else is happening.
>
> Look here for some configuration options.
> https://mina.apache.org/ftpserver-project/configuration_passive_ports.html
>
> -Chad
>
>
> On Tue, Feb 23, 2016 at 3:09 PM, David Hoffer <dhoffer6@gmail.com> wrote:
>
> > We are using SSHD in an application to create an embedded SFTP server
> which
> > works fine.  Our clients connect on port 22 and we don't have any issue
> > with that.
> >
> > The problem/question is that our IA folks are complaining that our app
> also
> > listens on what appear to be random high ports.  E.g. I see this in our
> > logs.
> >
> > Session username@/127.0.0.1:58118 authenticated
> > Server session created from /127.0.0.1:58132
> > Server session created from /127.0.0.1:58139
> > Server session created from /127.0.0.1:58157
> >
> > I see these later log statements are coming from IoSession in
> > ServerSessionImpl but I don't call this in my code so must be part of the
> > SSHD/MINA framework.
> >
> > Why are these high ports being used and do we need them?  If not needed
> for
> > SFTP server how can I disable?  If they are needed, why and can I control
> > the exact ports that are used?
> >
> > -Dave
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message