A customer asked me to setup a secure FTP server (SFTP using openSSH or FreeSSHd).
This new server will pass through a firewall configured to only allow port 22.
It may sound strange, but for security reasons, they prefer not to open other ports on the firewall.
They are asking if the server can use port 22 for the server itself but also for the client.
The server is running Windows Server 2008 64 (with freeSSH/OpenSSH)
The client is running Windows XP (with putty/winscp)
Can I use port 22 instead of the big port pool it usually uses? (for both the connection and data transfer)
If not, how can I configure the SFTP server to use a different port?
Is there a specific command to set it up or a manual for freeSSH/openSSH?
Can different operating systems also create other issues I might face later?
Best Answer
Put simply, this cannot be done without significant effort.
Windows requires at least 250 ports in the ephemeral port range. To include 22 in the range, you'd probably include the listening ports for important system services (if Windows allowed the range to start below 1024 which is doubtful)
Windows does not appear to support changing the outgoing port with NAT.
To my knowledge, no SSH implementation on Windows allows explicitly setting the client port.
Your options are:
Introduce a device in front of the server to manipulate the traffic.
Build your own heavily patched SSH client application.
Convince your client that their requirements are ludicrous.