mina-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jon V." <sybersn...@gmail.com>
Subject Re: Why are high ports used by SFTP server implementation?
Date Wed, 24 Feb 2016 02:58:24 GMT
I’ll try to simplify; TCP (the protocol) can have up to 0xFFFF ports or
65535

Ports only need to be reserved for server services and outbound
connections.  They both use the same pool size of 65535.  Each OS type
allocates different range for user-space applications.  For linux its
around 32768 ports.  When creating outbound connections the OS will
randomly select an unused port.  This is this high port number.

A connected TCP socket looks like this: local:45223 (ephemeral) <->
remote:22 (fixed)

What you are seeing is the port number of the client.  That number is
allocated on their machine and not the server.

Look up TCP on Wikipedia.

On Tue, Feb 23, 2016 at 8:52 PM, David Hoffer <dhoffer6@gmail.com> wrote:

> Hum, that's not entirely clear to me.  The first link says...
>
> 'A TCP/IPv4 connection consists of two endpoints, and each endpoint
> consists of an IP address and a port number.  Therefore, when a client user
> connects to a server computer, an established connection can be thought of
> as the 4-tuple of (server IP, server port, client IP, client port).
> Usually three of the four are readily known -- client machine uses its own
> IP address and when connecting to a remote service, the server machine's IP
> address and service port number are required.
>
> What is not immediately evident is that when a connection is established
> that the client side of the connection uses a port number.  Unless a client
> program explicitly requests a specific port number, the port number used is
> an *ephemeral* port number.  Ephemeral ports are temporary ports assigned
> by a machine's IP stack, and are assigned from a designated range of ports
> for this purpose.
> In our case the server is configured to listen on port 22 and the client
> connects to port 22 so isn't that fixing the port on both sides at port
> 22?  Are you saying that although port 22 is the logical port used on both
> systems, that in reality a different port is used on the client to connect
> to the server?  We are using SSH only here I understand that only used port
> 22.
>
> Regarding the second link is that for FTP or also for SFTP?  I know FTP
> uses passive ports and so does FTPS but we are only using SFTP, e.g. file
> transfer as part of SSH.
>
> Do those links really describe my situation?  Or are those high ports
> created on the server so it can hand off work so it can listen on 22
> again?  E.g. is it using separate ports to communicate with clients instead
> of multiple threads on same port?
>
> Its not clear to me yet, trying to understand.
>
> -Dave
>
>
>
>
> On Tue, Feb 23, 2016 at 4:32 PM, Chad Beaulac <cabeaulac@gmail.com> wrote:
>
> > Hey Dave,
> >
> > Listener servers hand off to ephemeral ports.
> > http://www.ncftp.com/ncftpd/doc/misc/ephemeral_ports.html
> > You need ephemeral ports so a server can start listening on port 22 again
> > while something else is happening.
> >
> > Look here for some configuration options.
> >
> https://mina.apache.org/ftpserver-project/configuration_passive_ports.html
> >
> > -Chad
> >
> >
> > On Tue, Feb 23, 2016 at 3:09 PM, David Hoffer <dhoffer6@gmail.com>
> wrote:
> >
> > > We are using SSHD in an application to create an embedded SFTP server
> > which
> > > works fine.  Our clients connect on port 22 and we don't have any issue
> > > with that.
> > >
> > > The problem/question is that our IA folks are complaining that our app
> > also
> > > listens on what appear to be random high ports.  E.g. I see this in our
> > > logs.
> > >
> > > Session username@/127.0.0.1:58118 authenticated
> > > Server session created from /127.0.0.1:58132
> > > Server session created from /127.0.0.1:58139
> > > Server session created from /127.0.0.1:58157
> > >
> > > I see these later log statements are coming from IoSession in
> > > ServerSessionImpl but I don't call this in my code so must be part of
> the
> > > SSHD/MINA framework.
> > >
> > > Why are these high ports being used and do we need them?  If not needed
> > for
> > > SFTP server how can I disable?  If they are needed, why and can I
> control
> > > the exact ports that are used?
> > >
> > > -Dave
> > >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message