I think you've overcomplicated the answer here. The high numbers David is seeing are the port number on the client, not on the server. This is normal. Your server is not listening on any port except 22.
On Wed, Feb 24, 2016 at 2:58 AM Jon V. <sybersn...@gmail.com> wrote: > I’ll try to simplify; TCP (the protocol) can have up to 0xFFFF ports or > 65535 > > Ports only need to be reserved for server services and outbound > connections. They both use the same pool size of 65535. Each OS type > allocates different range for user-space applications. For linux its > around 32768 ports. When creating outbound connections the OS will > randomly select an unused port. This is this high port number. > > A connected TCP socket looks like this: local:45223 (ephemeral) <-> > remote:22 (fixed) > > What you are seeing is the port number of the client. That number is > allocated on their machine and not the server. > > Look up TCP on Wikipedia. > > On Tue, Feb 23, 2016 at 8:52 PM, David Hoffer <dhoff...@gmail.com> wrote: > > > Hum, that's not entirely clear to me. The first link says... > > > > 'A TCP/IPv4 connection consists of two endpoints, and each endpoint > > consists of an IP address and a port number. Therefore, when a client > user > > connects to a server computer, an established connection can be thought > of > > as the 4-tuple of (server IP, server port, client IP, client port). > > Usually three of the four are readily known -- client machine uses its > own > > IP address and when connecting to a remote service, the server machine's > IP > > address and service port number are required. > > > > What is not immediately evident is that when a connection is established > > that the client side of the connection uses a port number. Unless a > client > > program explicitly requests a specific port number, the port number used > is > > an *ephemeral* port number. Ephemeral ports are temporary ports assigned > > by a machine's IP stack, and are assigned from a designated range of > ports > > for this purpose. > > In our case the server is configured to listen on port 22 and the client > > connects to port 22 so isn't that fixing the port on both sides at port > > 22? Are you saying that although port 22 is the logical port used on > both > > systems, that in reality a different port is used on the client to > connect > > to the server? We are using SSH only here I understand that only used > port > > 22. > > > > Regarding the second link is that for FTP or also for SFTP? I know FTP > > uses passive ports and so does FTPS but we are only using SFTP, e.g. file > > transfer as part of SSH. > > > > Do those links really describe my situation? Or are those high ports > > created on the server so it can hand off work so it can listen on 22 > > again? E.g. is it using separate ports to communicate with clients > instead > > of multiple threads on same port? > > > > Its not clear to me yet, trying to understand. > > > > -Dave > > > > > > > > > > On Tue, Feb 23, 2016 at 4:32 PM, Chad Beaulac <cabeau...@gmail.com> > wrote: > > > > > Hey Dave, > > > > > > Listener servers hand off to ephemeral ports. > > > http://www.ncftp.com/ncftpd/doc/misc/ephemeral_ports.html > > > You need ephemeral ports so a server can start listening on port 22 > again > > > while something else is happening. > > > > > > Look here for some configuration options. > > > > > > https://mina.apache.org/ftpserver-project/configuration_passive_ports.html > > > > > > -Chad > > > > > > > > > On Tue, Feb 23, 2016 at 3:09 PM, David Hoffer <dhoff...@gmail.com> > > wrote: > > > > > > > We are using SSHD in an application to create an embedded SFTP server > > > which > > > > works fine. Our clients connect on port 22 and we don't have any > issue > > > > with that. > > > > > > > > The problem/question is that our IA folks are complaining that our > app > > > also > > > > listens on what appear to be random high ports. E.g. I see this in > our > > > > logs. > > > > > > > > Session username@/127.0.0.1:58118 authenticated > > > > Server session created from /127.0.0.1:58132 > > > > Server session created from /127.0.0.1:58139 > > > > Server session created from /127.0.0.1:58157 > > > > > > > > I see these later log statements are coming from IoSession in > > > > ServerSessionImpl but I don't call this in my code so must be part of > > the > > > > SSHD/MINA framework. > > > > > > > > Why are these high ports being used and do we need them? If not > needed > > > for > > > > SFTP server how can I disable? If they are needed, why and can I > > control > > > > the exact ports that are used? > > > > > > > > -Dave > > > > > > > > > >
