Порт 22 для чего
Перейти к содержимому

Порт 22 для чего

  • автор:

Поиск TCP/UDP Портов

[trojan] InCommand. Remote Access / Keylogger / Steals passwords / Remote peeker / ICQ trojan / IRC trojan / FTP server. Works on Windows 95 and 98, together with ICQ. Uses Blade Runner source code. Uses plug-ins. Aliases: Backdoor.InCommand, BackDoor.DB, Trojan.Win32.InCommand, InCommander, Incomm

trojan
[trojan] Shaft. Distributed DoS tool / Steals passwords. Works on Unix.
threat
[threat] Shaft
Порт: 22/UDP
22/UDP — Известные назначения портa (2 зап. найдено)
The Secure Shell (SSH) Protocol
threat

[threat] pcAnywhere(Used in older versions, though newer version still use it for backwards compatibility.)

О TCP/UDP-портах

TCP-порт 22 использует протокол управления передачей данных (TCP), который является одним из основных протоколов в сетях TCP/IP. TCP является протоколом с установлением соединения и требует квитирования для установки сквозной связи. Только после установления соединения пользовательские данные могут пересылаться в обоих направлениях.
Внимание! TCP гарантирует доставку пакетов данных через порт 22 в том же порядке, в котором они были отправлены. Гарантированная связь через TCP-порт 22 является основным отличием TCP от UDP.

Предоставляемые через UDP-порт 22 UDP услуги не отличаются надежностью, так как датаграммы могут быть получены в сдублированном виде, с нарушенной очередностью или даже могут пропасть без какого-либо предупреждения. UDP на порт 22 проверка и исправление ошибок не являются обязательными или должны выполняться в прикладной программе, что позволяет избежать накладных расходов на такую обработку на уровне сетевого интерфейса.
UDP (User Datagram Protocol) является минимальным ориентированным на работу с сообщениями протоколом транспортного уровня (протокол описан в IETF RFC 768). Примеры прикладных программ, часто использующих UDP: передача голоса по IP-протоколу (VoIP), передача мультимедийных потоков и многопользовательские игры в режиме реального времени. Множество веб-приложений используют UDP, к примеру, система доменных имен (DNS), информационный протокол маршрутизации (RIP), протокол динамической конфигурации хостов (DHCP), простой протокол управления сетью (SNMP).
TCP против UDP – TCP: надежный, упорядоченный, тяжеловесный, потоковый; UDP – ненадежный, неупорядоченный, легковесный, датаграммы.

Смена порта SSH-сервера как мера защиты от брутфорса

По умолчанию SSH-сервер открывает для входящих соединений 22 TCP-порт, и тем самым вызывает потенциальную угрозу bruteforce-атак, поскольку злоумышленник обнаружив на сервере такой открытый порт, пытается подобрать пароль к удалённому серверу при помощи специальных средств автоматизации.

В этой статье мы опишем, как сконфигурировать SSH-сервер на альтернативном порту.

Особо отметим, что не стоит воспринимать описанный здесь метод, как панацею. Китайская мудрость гласит — «Security by Obscurity is no Security at all». Не забывайте и про другие методы защиты SSH, такие как правильная настройка межсетевого экрана, разрешение доступа только ограниченному набору IP-адресов, отказ от парольной аутентификации и использование ключей RSA/DSA, и т.п.

Конфиг SSH-сервера обычно располагается в /etc/ssh/sshd_config. Для редактирования этого файла вам потребуются привилегии суперпользователя root, или возможность выполнить sudo для получения таких привилегий текстовым редактором.

Выполните команду, например:

nano /etc/ssh/sshd_config

В открывшемся файле найдите следующую строку:

Port 22

Закомментируйте её и добавьте новую строку со случайным номером порта, например 58291. Номер порта не должен превышать 65535. Также удостоверьтесь, что выбранное вами значение не конфликтует с другими сервисами в системе, например mysqld использует порт 3306, httpd — 80, ftpd — 21. Рекомендуем выбрать пятизначное значение.

На всякий случай, для просмотра уже открытых в системе портов, выполните следующую команду:

netstat -tupln | grep LISTEN

После модификации, участок файла конфигурации SSH должен выглядеть примерно так:

#Port 22 Port 58291

Что-бы SSH-сервер начал слушать новый порт вместо прежнего, его нужно перезапустить:

/etc/init.d/ssh restart
/etc/init.d/sshd restart

Соединение с SSH-сервером на альтернативном порту

Итак, теперь когда у нас есть SSH-сервер, слушающий альтернативный порт, как с ним соединяться? Если вы попытаетесь соединиться при помощи командной строки Linux, то по умолчанию SSH-клиент попытается использовать стандартный порт, и это приведёт к ошибке подключения:

ssh putty.org.ru ssh: connect to host putty.org.ru port 22: Connection refused

Вместо этого вы должны передать SSH-клиенту номер порта значением параметра -p , примерно так:

ssh -p 58291 putty.org.ru

Теперь соединение пройдёт успешно.

Если вы используете свободный SSH-клиент PuTTY, то укажите порт в настройках сессии, как показано на картинке:

Port 22: the port of the SSH protocol

Port 22 is a well-known port number used in computer networking. It is specifically associated with the Secure Shell (SSH) protocol, which is commonly used for secure remote administration and secure file transfer over an unsecured network.

Table of Contents

What is Port 22 used for?

Here are some key points about port 22 and its significance.

Secure Shell (SSH): SSH is a cryptographic network protocol that provides secure communication between networked devices. It establishes an encrypted connection, allowing users to remotely access and administer systems securely. SSH is widely used in various operating systems, including Unix, Linux, and macOS.

Secure Remote Administration: Port 22 is primarily used for secure remote administration of systems. It enables system administrators to securely log in to remote servers or devices and perform administrative tasks. With SSH, administrators can access a command-line interface or execute remote commands securely.

Security and ports

In addition to remote administration, SSH also facilitates secure file transfer between devices. It provides a secure alternative to traditional file transfer methods like FTP (File Transfer Protocol) by encrypting the data being transferred. Users can securely copy files to or from remote servers using tools like SCP (Secure Copy) or SFTP (Secure File Transfer Protocol) over port 22.

Port 22 is part of the TCP/IP protocol suite, which is the foundation of the modern internet. TCP/IP uses port numbers to identify specific services or applications running on devices connected to a network. Port 22 is the designated port for SSH, allowing devices to establish secure connections for remote administration and file transfer.

It’s important to note that port 22 must be open and accessible on the network for SSH connections to be established. In some cases, firewalls or network security measures may block or restrict access to port 22 for security reasons. Administrators and users should ensure that the necessary network configurations and firewall rules are in place to allow SSH connections if required.

In summary, port 22 is associated with the Secure Shell (SSH) protocol, which is widely used for secure remote administration and secure file transfer. It provides encrypted communication and authentication mechanisms for secure access to remote systems and secure file transfers over unsecured networks.

How Secure Shell (SSH) work on port 22?

Secure Shell (SSH) works on port 22 by establishing a secure and encrypted communication channel between a client and a server. Here’s a simplified explanation of how SSH operates on port 22:

When an SSH client initiates a connection to an SSH server, it typically communicates on port 22. The client sends a connection request to the server, indicating its intent to establish an SSH session.

Once the initial connection request is made, the SSH client and server engage in a cryptographic handshake. They negotiate encryption algorithms, key exchange methods, and authentication mechanisms. This process ensures that the subsequent communication is encrypted and secure.

During the cryptographic handshake, the client and server exchange cryptographic keys. These keys are used to establish a secure and private communication channel between the client and server. The keys are generated uniquely for each SSH session, providing confidentiality and integrity for the data transmitted over the connection.

Authentication

After the key exchange, the SSH server requests user authentication from the client. The client must provide valid credentials, typically in the form of a username and password, to prove its identity. Alternatively, SSH also supports more secure authentication methods such as public key authentication or certificate-based authentication. Using wrong login credentials can lead to a permission denied error.

Once the client’s identity is verified, the SSH session is fully established, and the client and server can securely exchange data. All communication between the client and server, including commands, responses, and file transfers, is encrypted using the negotiated encryption algorithms.

During the SSH session, the client and server can interact securely. The client can send commands to the server, which executes them and returns the output. Secure file transfers can also be performed using protocols like SCP (Secure Copy) or SFTP (Secure File Transfer Protocol).

By utilizing encryption, key exchange, and authentication mechanisms, SSH on port 22 ensures secure and private communication between the client and server. This allows for remote administration, command execution, and secure file transfers over untrusted networks while protecting the confidentiality and integrity of the data exchanged.

SFTP over port 22

SFTP (Secure File Transfer Protocol) operates over port 22, leveraging the underlying Secure Shell (SSH) protocol to establish a secure and encrypted connection for secure file transfers. Here’s a breakdown of how SFTP works on port 22:

Similar to SSH, SFTP begins with the client establishing a connection with the server using the SSH protocol on port 22. The client sends a request to the server to initiate an SFTP session, indicating its intention to transfer files securely.

Once the connection is established, the SSH cryptographic handshake takes place. The client and server negotiate encryption algorithms and exchange cryptographic keys. This ensures that all subsequent SFTP communication is encrypted and protected against unauthorized access or tampering.

User Authentication After the cryptographic handshake, the SFTP server requests user authentication from the client. The client provides valid credentials to prove its identity, typically in the form of a username and password. Alternatively, more secure authentication methods such as public key authentication or certificate-based authentication can be used.

Secure File Transfer Operations

Once the client is authenticated, the SFTP session is fully established. The client can now perform various file transfer operations securely. This includes uploading files from the client to the server, downloading files from the server to the client, renaming or deleting files, creating directories, and modifying file permissions.

Command Execution and Data Integrity SFTP provides a command-driven interface, allowing the client to execute remote commands on the server. The commands are sent securely over the established SFTP session, and the server executes them within its environment. The output or response from the server is transmitted back to the client securely. Additionally, SFTP ensures the integrity of transferred files by verifying checksums and ensuring that the data remains intact during the transfer.

Session Closure and Connection Termination

When the file transfer or SFTP session is complete, the client can close the session gracefully. This involves sending termination signals to the server, notifying it of the intention to end the SFTP session. The server acknowledges the closure request, and the secure connection on port 22 is terminated.

By utilizing the security features of SSH on port 22, SFTP establishes a secure and encrypted channel for file transfers. The authentication and encryption mechanisms, along with the command-driven interface and data integrity checks, ensure that files are transferred securely and confidentially between the client and server.

FTP (Port 21) vs STFP (Port 22)

SFTP (Secure File Transfer Protocol) and FTP (File Transfer Protocol) are both file transfer protocols, but they differ significantly in terms of security and functionality.

As the name suggests, it’s a secure protocol that operates over SSH (Secure Shell) and provides secure file transfer capabilities over port 22. It encrypts both commands and data during transmission, ensuring confidentiality and integrity. SFTP offers strong authentication and supports key-based authentication methods. It also provides additional features like directory listing, remote file management, and resuming interrupted transfers. SFTP is widely adopted as a secure alternative to FTP, particularly in scenarios where data protection is a priority.

On the other hand, FTP is an older protocol that lacks built-in encryption, and works on port 21. It transfers data in plain text, making it susceptible to eavesdropping and tampering. FTP relies on separate channels for command and data transmission, which can introduce complications in firewall configurations. FTP does not have native support for encryption or secure authentication methods. While FTP is still used in certain environments, it is typically discouraged for transmitting sensitive or confidential information over public networks due to its security vulnerabilities.

In summary, SFTP provides secure file transfer capabilities with encryption, strong authentication, and additional features, making it a preferred choice when security is paramount. FTP, being an older and less secure protocol, is more suitable for internal networks or situations where security requirements are less stringent.

Can SSH and SFTP run on a different port, other than 22?

Yes, SSH and SFTP can be configured to run on ports other than the default port 22. The port number on which SSH or SFTP operates can be changed to enhance security or accommodate specific network configurations. Here’s how it can be done:

SSH:

  • Server Configuration: To change the SSH port, you need to modify the SSH server configuration file (typically located at /etc/ssh/sshd_config on Unix-like systems).
  • Locate the “Port” directive in the configuration file and change the value to the desired port number (e.g., Port 2222).
  • Save the configuration file and restart the SSH service for the changes to take effect.
  • From that point on, SSH clients need to connect to the SSH server using the new port number (e.g., ssh username@hostname -p 2222).

SFTP:

  • SFTP Subsystem Configuration: SFTP runs as a subsystem of the SSH server, and the port change for SFTP is associated with the SSH port change.
  • Follow the steps mentioned above to modify the SSH server configuration file and change the SSH port to the desired port number (e.g., Port 2222).
  • After making the changes and restarting the SSH service, SFTP will automatically use the modified SSH port for establishing secure file transfer connections.
It’s important to note that when changing the default port for SSH or SFTP, you need to consider a few factors:
  • Security: Changing the port number may provide some level of security through obscurity. It can make it slightly more difficult for automated bots or scripts to target the default port. However, it’s essential to implement other security measures alongside port changes for comprehensive security.
  • Firewall and Network Configurations: Ensure that the new port is allowed through firewalls or network security devices. Adjust any network configurations, such as port forwarding or NAT (Network Address Translation), to reflect the new port number.
  • Client Configuration: SSH and SFTP clients will need to be configured to connect using the new port number. The clients should be updated with the appropriate port option, such as “-p 2222” for SSH or specifying the port during SFTP connection setup.

Always keep in mind that when changing the default port for SSH or SFTP, it may impact interoperability with other systems or users who expect the services to be running on the standard ports. To ensure users are informed about any modifications made to the default port numbers, it is essential to provide clear communication and documentation.

Explaining the TCP/IP protocol

Port 22 holds the distinction of being a widely recognized port number utilized in the TCP/IP protocol suite. The TCP/IP protocol suite forms the fundamental collection of protocols facilitating communication and data exchange across computer networks and the internet. Here’s an explanation of how Port 22 fits into the TCP/IP model:

TCP/IP consists of several protocols that work together to facilitate communication between devices connected to a network. The two key protocols relevant to Port 22 are the Transmission Control Protocol (TCP) and the Internet Protocol (IP).

TCP is a reliable and connection-oriented protocol within the TCP/IP suite. It provides a mechanism for establishing and maintaining reliable, ordered, and error-checked communication between devices. TCP ensures that data sent between devices is delivered accurately and in the correct sequence. It uses port numbers to differentiate between multiple communication channels within a single device.

IP addressing and ports

IP is responsible for addressing and routing data packets across networks. It provides the logical addressing scheme used to identify devices on a network (e.g., IP addresses). IP breaks down data into smaller packets and includes the necessary information to route these packets to their intended destinations.

Port numbers are used by TCP and UDP (User Datagram Protocol) to identify specific services or applications running on devices within a network. They act as endpoints to distinguish multiple ongoing communications within a single device. Port numbers are 16-bit unsigned integers, ranging from 0 to 65535.

Port 22 is specifically associated with the Secure Shell (SSH) protocol, which provides secure remote administration and secure file transfer capabilities. When an SSH client initiates a connection with an SSH server, it communicates over port 22 to establish a secure and encrypted connection. The SSH protocol ensures the confidentiality, integrity, and authenticity of the data exchanged between the client and server.

By utilizing port 22, SSH enables secure remote access, command execution, and file transfer capabilities over the TCP/IP network. The use of port numbers allows TCP/IP to direct data packets to the appropriate applications or services running on a device, facilitating secure and reliable communication across networks.

What is a TCP/IP Port?

In the context of the TCP/IP protocol, ports are logical communication channels that allow for the identification and routing of data to specific applications on a device. They are used to differentiate the various services and applications running on a device connected to a network. Each port is associated with a 16-bit integer number, ranging from 0 to 65535.

Ports are divided into three main categories:

  1. Well-Known Ports: Ports ranging from 0 to 1023 are known as “well-known ports” or “reserved ports.” These ports are assigned to common services and protocols and are widely recognized. Examples include port 80 for HTTP, port 443 for HTTPS, port 21 for FTP, and port 25 for SMTP. These ports are standardized to facilitate communication between devices.
  2. Registered Ports: Ports ranging from 1024 to 49151 are known as “registered ports” or “user ports.” They are reserved for specific applications and services, often registered with the Internet Assigned Numbers Authority (IANA) to avoid conflicts. Many custom applications and specific services use ports within this range.
  3. Dynamic or Private Ports: Ports ranging from 49152 to 65535 are referred to as “dynamic ports” or “private ports.” They are used for temporary and ephemeral communications, where the port number is dynamically assigned by the operating system or application during a communication session. These ports are used to avoid conflicts with registered ports and allow for communication between temporary applications on devices.

When a data packet arrives at a device, the port number is used to direct it to the appropriate application or service. This allows for multiple applications or services to be running on a device and communicate via the TCP/IP protocol. Each packet contains information about the source and destination IP address as well as the source and destination port number to ensure that the data reaches the correct application.

Proper use and correct configuration of ports are crucial to ensure that applications can communicate correctly within a TCP/IP network and that data is properly directed to the appropriate services.

SSH Port

Request demo

The default SSH port is 22. It is not a coincidence. This is a story of how it got that port.

When I ( Tatu Ylonen first published this story in April 2017, it went viral and got about 120,000 readers in three days.

The story of getting SSH port 22

I wrote the initial version of SSH (Secure Shell) in Spring 1995. It was a time when telnet and FTP were widely used.

Anyway, I designed SSH to replace both telnet (port 23) and ftp (port 21). Port 22 was free. It was conveniently between the ports for telnet and ftp . I figured having that port number might be one of those small things that would give some aura of credibility. But how could I get that port number? I had never allocated one, but I knew somebody who had allocated a port.

The basic process for port allocation was fairly simple at that time. Internet was smaller and we were in the very early stages of the Internet boom. Port numbers were allocated by IANA (Internet Assigned Numbers Authority). At the time, that meant an esteemed Internet pioneer called Jon Postel and Joyce K. Reynolds . Among other things, Jon had been the editor of such minor protocol standards as IP (RFC 791), ICMP (RFC 792), and TCP (RFC 793). Some of you may have heard of them.

To me Jon felt outright scary, having authored all the main Internet RFCs!

Anyway, just before announcing ssh-1.0 in July 1995, I sent this e-mail to IANA:

From ylo Mon Jul 10 11:45:48 +0300 1995 From: Tatu Ylonen 
To: Internet Assigned Numbers Authority 
Subject: request for port number
Organization: Helsinki University of Technology, Finland
Dear Sir, I have written a program to securely log from one machine into another over an
insecure network. It provides major improvements in security and functionality over existing
telnet and rlogin protocols and implementations. In particular, it prevents IP, DNS and
outing spoofing. My plan is to distribute the software freely on the Internet and to get it
into as wide use as possible. I would like to get a registered privileged port number for
the software.

The number should preferably be in the range 1-255 so that it can be used in the WKS field
in name servers. I'll enclose the draft RFC for the protocol below. The software has been in
local use for several months, and is ready for publication except for the port number. If
the port number assignment can be arranged in time, I'd like to publish the software already
this week. I am currently using port number 22 in the beta test.

It would be great if this number could be used (it is currently shown as Unassigned in the
lists). The service name for the software is "ssh" (for Secure Shell).

Yours sincerely, Tatu Ylonen . followed by protocol specification
for ssh-1.0

The next day, I had an e-mail from Joyce waiting in my mailbox:

Date: Mon, 10 Jul 1995 15:35:33 -0700 From: jkrey@ISI.EDU To: ylo@cs.hut.fi Subject: 
Re: request for port number Cc: iana@ISI.EDU 
Tatu, We have assigned port number 22 to ssh, with you as the point of contact. Joyce

There we were! SSH port was 22.

On July 12, 1995, at 2:32am, I announced a final beta version to my beta testers at Helsinki University of Technology. At 5:23pm I announced ssh-1.0.0 packages to my beta testers. At 5:51pm on July 12, 1995, I sent an announcement about SSH (Secure Shell) to the cypherpunks@toad.com mailing list. I also posted it to a few newsgroups, mailing lists, and directly to selected people who had discussed related topics on the Internet.

New call-to-action

Changing the SSH port in the server

By default, the SSH server still runs in port 22. However, there are occasions when it is run in a different port. Testing use is one reason. Running multiple configurations on the same host is another. Rarely, it may also be run without root privileges, in which case it must be run in a non-privileged port (i.e., port number >= 1024).

The port number can be configured by changing the Port 22 directive in /etc/ssh/sshd_config . It can also be specified using the -p option to sshd . The SSH client and sftp programs also support the -p option.

Specifying SSH port number on the command line

The -p option can be used to specify the port number to connect to when using the ssh command on Linux. The -P (note: capital P) option can be used with SFTP and scp . The SSH port number command line setting overrides any value configured in configuration files.

Configuring SSH access through firewalls

SSH is one of the few protocols that are frequently permitted through firewalls. Unrestricted outbound SSH is very common, especially in smaller and more technical organizations. Inbound SSH is usually restricted to one or very few servers.

privileged access management

Outbound SSH

Configuring outbound SSH in a firewall is very easy. If there are restrictions on outgoing traffic at all, just create a rule that allows TCP port 22 to go out. That is all. If you want to restrict the destination addresses, you can also limit the rule to only permit access to your organization’s external servers in the cloud, or to a jump server that guards cloud access.

Back-tunneling is a risk

Unrestricted outbound SSH can, however, be risky. The SSH protocol supports tunneling . The basic idea is that it is possible to have the SSH server on an external server listen to connections from anywhere, forward those back into the organization, and then make a connection to some Internal server.

This can be very convenient in some environments. Developers and system administrators frequently use it to open a tunnel that they can use to gain remote access from their home or from their laptop when they are travelling.

However, it generally violates policy and takes control away from firewall administrators and the security team. It can, for example, violate PCI , HIPAA , or NIST SP 800-53 . It can be used by hackers and foreign intelligence agencies to leave backdoors into organizations

Inbound SSH access

For inbound access, there are a few practical alternatives:

  • Configure firewall to forward all connections to port 22 to a particular IP address on the internal network or DMZ .
  • Use different ports on the firewall to access different servers.
  • Only allow SSH access after you have logged in using a VPN (Virtual Private Network), typically using the IPsec protocol.

Enabling SSH access via iptables

Iptables is a host firewall built into the Linux kernel. It is typically configured to protect the server by preventing access to any ports that have not been expressly opened.

If iptables is enabled on the server, the following commands can be used to permit incoming SSH access. They must be run as root.

iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT 
iptables -A OUTPUT -p tcp --sport 22 -m conntrack --ctstate ESTABLISHED -j ACCEPT

If you want to save the rules permanently, on some systems that can be done with the command:

service iptables save

SSH port at firewall can permit tunneling to banks

We at SSH secure communications between systems, automated applications, and people. We strive to build future-proof and safe communications for businesses and organizations to grow safely in the digital world.

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *