0

ANSWER ON THE BOTTOM

I'm in the process of taking my Security+ exam, and I was taught by the professor teaching me that, when trying to figure out what port to put a protocol on (as there are a LOT of ports), if the protocol is combined with SSH or SSL, then the port number is by default 22 and 443 respectively. Fair enough, easy to do.

Now I'm studying and I see FTPS, which I interpreted to mean File Transfer Protocol combined with Secure Socket Layer (FTP + SSL), correct? So why then isn't on 443?

I did a bit of research on it, and it appears that there are several ports that need to be opened in order to maintain compatibility or something (according to https://en.wikipedia.org/wiki/FTPS#Methods_of_invoking_security), but even then, the ports are 990 and 989.

I can understand if one of the ports is 443 while the other is on another port, but I don't understand why NONE of it is on 443. Why is that?

Is it because of the older FTP clients not being compatible? The above link mentioned about compatibility, but I wanted to make sure that was the case.

ANSWER -- it seems that I was misinformed. In the case of SFTP, SFTP actually has nothing at all to do with FTP. While it does carry similarities, the 2 are completely different. FTP is its own standalone protocol that has its function. SFTP, however, is not FTP with SSH added to it. SFTP is literally SSH with functionality similar to FTP. SFTP actually IS SSH, it's just SSH with a dedicated ability to transfer files over that specific port.

In reality, if they're not extensions of SSH like above, then most protocols that add in SSH or SSL (IMAP vs IMAPS/SMTP vs SMTPS) on top of their existing protocols, they have defined ANOTHER port number, in order to signify their intentions when they connect to that specific port.

- IMAP is port 143, but IMAP/S is port 993

- SMTP is port 25, but SMTP (Secure) is 465

- POP3 is 110, but POP3 (Secure) is 995

DreadHeadedDeveloper
  • 103
  • 1
  • 4
  • 2
    Because 443 has almost always meant HTTP over SSL/TLS (HTTPS). None of this uses the HTTP protocol, so it didn't make sense to use 443. That's my guess, at least. I also suspect that a lot of times a web server and FTPS server are the same server back then, so one of the ports would need to get changed anyway. Better it give FTPS its own well known port instead. – vcsjones Aug 11 '16 at 17:32
  • 3
    `I was taught by the professor teaching me that, when trying to figure out what port to put a protocol on (as there are a LOT of ports), if the protocol is combined with SSH or SSL, then the port number is by default 22 and 443 respectively` How does your professor explain that IMAPS is TCP 993, Secure SMTP is TCP 465, POP3S is 995... – DKNUCKLES Aug 11 '16 at 17:34
  • @vcsjones much appreciated – DreadHeadedDeveloper Aug 11 '16 at 17:38
  • @DKNUCKLES ty for the examples, that's actually very helpful - and lol, please don't ask me, I couldn't tell you. I'll ask him the next time I can – DreadHeadedDeveloper Aug 11 '16 at 17:39
  • @DKNUCKLES actually, my professor did have one example in the notes - he told me that FTP, which usually runs on 21, runs on 22 when it becomes sftp – DreadHeadedDeveloper Aug 11 '16 at 17:41
  • 3
    @DreadHeadedDeveloper, SFTP has nothing to with FTP, except the similar name. 22 is the port for SSH, and SFTP is a file transfer protocol related to (and usually used over) it. – ilkkachu Aug 11 '16 at 17:42
  • @ilkkachu that's news to me. Huh, ok, so then what you're saying is that SFTP is essentially an extension of SSH as opposed to being SSH added to an already existing FTP? Cuz the way he taught us, you just add SSH/SSL to shit and then bada bing bada boom, you've created a secure version of the previous thing. – DreadHeadedDeveloper Aug 11 '16 at 17:47
  • 2
    You _can_ run various protocols over TLS (SSL is basically the obsolete version of TLS). Some of them have their own assigned numbers, but if you're running something site-specific, it might not be in any official list. You can also tunnel stuff over SSH, though it's geared more towards interactive login sessions. – ilkkachu Aug 11 '16 at 18:07
  • Please post your answer as an answer rather than appending it to the question. You are allowed to answer your own questions on here. ;-) – SilverlightFox Aug 12 '16 at 09:06
  • Sorry if I missed this on this site, but is SFTP or FTPS more secure? – Shawn Eary Dec 30 '21 at 19:52

2 Answers2

2

Ports are an endpoint for communication and usually represent services running.

I think your professor meant that a service using SSH or SSL would internally interact with the SSH and SSL services running on ports 22 and 443 respectively.

It does not however mean that a service, say HTTP (whose port is 80, usually) runs on 443 when serving with SSL/TLS enabled.

Also, port numbers vary. You can usually run any service on any port that isn't already occupied/reserved.

theabhinavdas
  • 332
  • 1
  • 7
  • Solid response, but I have a few questions - my professor told me that FTP usually runs on 21, but when it becomes SFTP (FTP + SSH), it runs on 22, so when and where does it take the value of SSL and SSH port numbers? – DreadHeadedDeveloper Aug 11 '16 at 17:44
  • 2
    SFTP runs as a SSH subsystem. So it runs through whatever port your SSH daemon is running on (usually 22). But, it can be configured to run on any port. – theabhinavdas Aug 11 '16 at 17:46
  • Ohhhh, so what you're saying is that SFTP is essentially just a feature or a functionality of SSH as opposed to FTP + SSH? As in, SFTP is SSH, but an added functionality of it, and since it is similar in purpose to FTP, it shares the name, correct? – DreadHeadedDeveloper Aug 11 '16 at 17:53
  • 2
    Yes, absolutely. SFTP is the abbreviation for *SSH File Transfer Protocol*. It is an extension of SSH 2.0 and aids to provide a secure file transfer service. – theabhinavdas Aug 11 '16 at 17:55
  • I salute you my friend, thank you for your help, as well as all else who have contributed here! – DreadHeadedDeveloper Aug 11 '16 at 17:56
  • 1
    I'm glad I could help. Cheers! – theabhinavdas Aug 11 '16 at 17:57
  • I made an edit to the question so ppl wouldn't have to dig through the comments for a proper answer, can you tell me if the edit is accurate? – DreadHeadedDeveloper Aug 11 '16 at 18:17
1

443 is allocated to HTTPS. Wikipedia has a list of the port allocations, and of course IANA has a list too. (It's rather long.) I don't know if there's any order in the allocations, but if there is, it isn't very obvious. Might be just "what was available at the time". As for TLS versions of old protocols, consider that HTTP is at 80, and HTTPS at 443, but (say) IMAP is at 143, but IMAPS at 993.

Also, there's things like SMTP, that are usually used with STARTTLS, that is, the TLS negotiation is done after the protocol is started in plaintext. In which case it's the same port for plaintext and TLS-encapsulated traffic... (namely 25 for SMTP). There's another port that has been used for SMTP/TLS: 465, but it's considered obsolete, and doesn't appear in the IANA list.

ilkkachu
  • 2,086
  • 1
  • 11
  • 15
  • Is there any way to know which is and which isn't going to be taking the port number of SSL and SSH? Or is it just a big memorization game? The way the professor taught us is that the memorization game for ports becomes much easier if you remember anything that can have an S added to the end or the beginning becomes 22 or 443 respectively. – DreadHeadedDeveloper Aug 11 '16 at 17:49