Linux: How to Install ProFTPd on CentOS 8 as an SFTP Server

Introduction:

While this article focuses on the installation and configuration aspects of SFTP via the application named ProFTPd on the CentOS 8 platform, it’s also necessary to gain a cursory perspective on the list of common protocols in this space prior to proceeding to the technical details of the subject.

File Transfer Protocols Overview:

FTP

  • – File Transfer Protocol
  • – Default ports: 20/TCP (data), 21/TCP (command/control), and passive outgoing ports (typically 1026-65535)
  • – Encryption: none
  • – Requires permissive firewalls that does not restrict outgoing traffic by port

TFTP

  • – Trivial File Transfer Protocol
  • – Default port: 69/UDP file transfers, TCP/8099 user interface
  • – Encryption: None
  • – Faster than FTP

FTPS

  • – File Transfer Protocol Secured (FTP over TLS)
  • – Default ports: 21/TCP for incoming sessions, 990/TCP for handshake, 989/TCP data transmission, and dynamic outgoing ports (typically 49152-65535 TCP/UDP)
  • – Encryption: option to encrypt one or both command and data channels using SSL/TLS (SSL certificate)
  • – Separates the control channel from data channel (multiple ports). This makes it difficult to restrict firewall traffic by ports

SCP

  • – Secured Copy Protocol
  • – Default port: 22/TCP for both incoming sessions and data transfer.
  • – Uses SSH to secure the session where the server publishes a public key and the client verifies it with its private key.
  • – Encryption: enabled on both authentication information and data files being transferred.
    – Basic features: can write to remote directory, cannot list remote directories or removing files by default
  • – Faster than SFTP due to a more efficient transfer algorithm that does not require packet acknowledgements.
  • – SCP is available as long as SSH is running on a server. Hence, it is possible to have both SCP (port 22) and SFTP (custom port such as 8282) running on the same server as separate daemons.

SFTP

  • – Secured File Transfer Protocol (SCP with packets acknowledgement and advanced management functions)
  • – Default port: 22/TCP for both incoming sessions and data transfer. Similar to SCP and often shares SSH RSA/DSA machine keys.
  • – Encryption: it is the same as SCP
  • – Advanced features: protocol includes functions to control file access, transfer, and management (e.g. disable traversal outside of home or designated directory)
  • – Although slower transfer speed than SCP, all packets are verified to ensure data consistency.
Deliverable

The finished build will include a Linux machine with the two software titles as shown below:

[moi@testbox authorized_keys]# cat /etc/redhat-release
CentOS Linux release 8.1.1911 (Core)

[moi@testbox]# proftpd --version
ProFTPD Version 1.3.6c

These shall be these settings:

  • SFTP default port shall be changed from its default of 21/TCP to 8282/TCP
  • FTP & FTPS disabled in ProFTPd. Hence, no SSL certs are required.
  • Authentication shall be based on the server’s SSH RSA/DSA keys, combined with local Linux users database.
  • Users will not be able to traverse outside of their /home/%u directories
  • Root and anonymous will be blocked from using SFTP

Part 1: Installation

# Add EPEL repo - the easy way
sudo yum install -y epel-release

# Optional: adding EPEL repo - the kinda ez way
# sudo dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm

# Just for kicks, these lines would suffice for Ubuntu - too easy
# Lubuntu 20.04 with ProFTP
# sudo apt -y install proftpd

# Install ProFTP
sudo yum install -y proftpd proftpd-utils
sudo systemctl start proftpd
sudo systemctl enable proftpd

# Set firewall
openPort=8282 # Usage of obscured port as an effort to elude port-scanners
sudo firewall-cmd --zone=public --add-service=ftp --permanent
sudo firewall-cmd --zone=public --add-port=$openPort/tcp --permanent
sudo firewall-cmd --reload
sudo firewall-cmd --zone=public --list-ports
sudo firewall-cmd --zone=public --list-services

# Validate the instance of proftpd
[cuilo@web02 ~]$ service proftpd status
Redirecting to /bin/systemctl status proftpd.service
● proftpd.service - ProFTPD FTP Server
   Loaded: loaded (/usr/lib/systemd/system/proftpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2020-05-27 10:37:05 PDT; 29s ago
 Main PID: 5999 (proftpd)
    Tasks: 1 (limit: 23590)
   Memory: 4.1M
   CGroup: /system.slice/proftpd.service
           └─5999 proftpd: (accepting connections)
May 27 10:37:05 web02 systemd[1]: Starting ProFTPD FTP Server...
May 27 10:37:05 web02 proftpd[5997]: Checking syntax of configuration file
May 27 10:37:05 web02 proftpd[5997]: 2020-05-27 10:37:05,665 web02 proftpd[5997]: processing configuration d>
May 27 10:37:05 web02 systemd[1]: Started ProFTPD FTP Server.
May 27 10:37:05 web02 proftpd[5999]: 2020-05-27 10:37:05,773 web02 proftpd[5999]: processing configuration d>
May 27 10:37:05 web02 proftpd[5999]: 2020-05-27 10:37:05,840 web02 proftpd[5999] 192.168.100.6: ProFTPD 1.3.>

Part 2: Configuration

# Set ServerName and turn software identity off
sudo vim /etc/proftpd.conf
###############################################
ServerName "sftp.DOMAIN.URL" # set server name
ServerIdent Off # Hide ProFTP version

#<IfDefine TLS> # Disable FTPS by commenting these lines out
#Include /etc/proftpd/mod_tls.conf
#</IfDefine>

###############################################
# Optional:
UseIPv6 off # Turn off IPv6 if not needed
MasqueradeAddress x.x.x.x # Masq the FTP server address as its public IP
DefaultRoot /home/%u[0]/%u # Assign users to their home directories (e.g. /home/b/jimmybond)
###############################################

# add 'anonymous' into the prohibited FTP users list
echo 'anonymous' >> /etc/ftpusers

# Create a custom config file to change default port 21 to 8282
sudo vim /etc/proftpd/conf.d/modsftp.conf
# OR 
sudo bash -c "cat <<EOF > /etc/proftpd/conf.d/modsftp.conf
###############################################
LoadModule mod_sftp.c # These modules are not loaded by default
LoadModule mod_sftp_pam.c # Hence, these lines must be here
<IfModule mod_sftp.c>
        SFTPEngine on
        Port 2222
        SFTPLog /var/log/proftpd/sftp.log

        # Configure the RSA host keys,
        # using the same host key files as OpenSSH
SFTPOptions InsecureHostKeyPerms # This allows usage of insecure protocols (e.g. SHA256)
        SFTPHostKey /etc/ssh/ssh_host_dsa_key
        SFTPHostKey /etc/ssh/ssh_host_rsa_key
        #SFTPHostKey /etc/ssh/ssh_host_ecdsa_key
        #SFTPHostKey /etc/ssh/ssh_host_ed25519_key

        # Enable compression
        SFTPCompression delayed

        # Auth methods
        SFTPAuthMethods    password
        # SFTPAuthMethods publickey # Uncomment if using key-based authentication
        # SFTPAuthorizedUserKeys file:/etc/proftpd/authorized_keys/%u  # Uncomment if using public key

        # SFTP specific configuration
        DefaultRoot       ~ !adm
</IfModule>
###############################################
EOF"

# ProFTPd sftp_mod relies on SSH2, which requires both DSA and RSA keys
# RSA is present by default, DSA could be manually generated using an existing RSA private key with this command
ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa

# Set the correct permissions for dsa & rsa keys
chmod 600 /etc/ssh/ssh_host_dsa_key
chmod 600 /etc/ssh/ssh_host_rsa_key

Optional: create authorized keys (if not using password auth)
username=test
sudo mkdir /etc/proftpd/authorized_keys
sudo ssh-keygen -e -f /$username/.ssh/authorized_keys | sudo tee /etc/proftpd/authorized_keys/$username
sudo ssh-keygen -e -f /$username/.ssh/id_rsa.pub | sudo tee /etc/proftpd/authorized_keys/$username

# Optional: disable SFTP Access on SSH
# WARNING: do not perform this if users are connecting SFTP via port 22 (SSH)
sed '/^#/! {/sftp/ s/^/#/}' -i /etc/ssh/sshd_config
# Undo previous command
sed -i '/sftp/s/^#//g' /etc/ssh/sshd_config
systemctl restart sshd

# Config SELinux to allow proftpd full system access
setsebool -P ftpd_full_access 1
#setsebool -P ftpd_full_access 0 # reverse

# Optional: convert SSH RSA key to RFC4716 format
#######################
ftpKeysDirectory=/etc/proftpd/authorized_keys
mkdir $ftpKeysDirectory
ssh-keygen -e -f /etc/ssh/ssh_host_rsa_key >> $ftpKeysDirectory/ssh_host_rsa_key_RFC4716_format
ssh-keygen -e -f /etc/ssh/ssh_host_rsa_key.pub >> $ftpKeysDirectory/ssh_host_rsa_key_RFC4716_pub
# then add this to config
vim /etc/proftpd/conf.d/modsftp.conf
SFTPAuthorizedUserKeys file:/etc/proftpd/authorized_keys/%u
#######################

# Set timeout values
sudo vim /etc/proftpd.conf
### Insert these statements in the 'Globals' section
TimeoutNoTransfer  0
TimeoutStalled  0
TimeoutIdle  0

# restart proftp daemon
systemctl restart proftpd

Part 3: validate that SFTP works

# Create a test user
username=tupacshakur
password=thepoet #https://kimconnect.com/powershell-generate-random-password/
useradd -m -d /home/$user/ -s /bin/bash $username -p $(openssl passwd -1 $password)
WinSCP SFTP client

Filezilla FTP Client

Linux sftp client:

# Proftpd v0.11.1 appears to be using a DSA host key, which is deprecated on modern SSH clients in favor of RSA. Hence, this error would occur:
# Unable to negotiate with 500.500.500.5000 port 8282: no matching host key type found. Their offer: ssh-dss

# Here's how to bypass:
[coco@linux007 ~]# sftp -P8282 -oHostKeyAlgorithms=+ssh-dss 500.500.500.500
The authenticity of host '[500.500.500.500]:8282 ([500.500.500.500]:8282)' can't be established.
DSA key fingerprint is SHA256:b/loremipsumetalsitmetbazroofoohashbar.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[500.500.500.500]:8282' (DSA) to the list of known hosts.
Recommended: Active Security with Fail2Ban & FirewallD
Fail2ban

… just go here

FirewallD

Basic configuration example:

# Check active zones
# The example output below means that there's only 1 external zone for this server
# virbr0 is a loopback interface
[root@linux1 ~]# firewall-cmd --get-active-zones
libvirt
interfaces: virbr0
public
interfaces: eth0

# Get default zone - verify the output above
[root@linux1 ~]# sudo firewall-cmd --get-default-zone
public

# Get current config of default zone
[root@linux1 ~]# sudo firewall-cmd --zone=public --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: cockpit dhcpv6-client ftp ssh
ports: 8282/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:

# Add services to default zone - use each line as needed
sudo firewall-cmd --zone=public --permanent --add-service=ftp
sudo firewall-cmd --zone=public --permanent --add-port=8282/tcp # where 8282 is an obscured port for ftp services
sudo firewall-cmd --zone=public --permanent --add-service=ssh
sudo firewall-cmd --zone=public --permanent --add-port=22/tcp

# reload firewalld to realize changes
sudo firewall-cmd --reload

Advanced illustration:

# Edit the internal zone to restrict accesses
firewall-cmd --zone=internal --permanent --add-service=ssh
firewall-cmd --zone=internal --permanent --add-service=proftpd
firewall-cmd --zone=internal --permanent --add-source=x.x.x.x/32 # 1 specific IP
firewall-cmd --zone=internal --permanent --add-source=x.x.x.x/29 # 6 IPs from certain range
firewall-cmd --zone=internal --permanent --add-source=x.x.x.x/24 # 254 IPs from certain range

# Transition the default inface from being associated with the public zone to the internal zone - this also has the effect of making the internal zone 'active'
defaultInterface=$(firewall-cmd --zone=public --list-interfaces)
firewall-cmd --zone=internal --change-interface=$defaultInterface

# Optional: remove overlapping services from the public zone
firewall-cmd --zone=public --remove-service=ssh
firewall-cmd --zone=public --remove-service=proftpd

Troubleshooting:

# Check passive ports
sed -n '/\<Global/,/\/Global/p' /etc/proftpd.conf /etc/proftpd/conf.d/* | grep PassivePorts

# Check whether SFTP Access has been granted on SSH Port
[cuilo@testbox]# grep sftp /etc/ssh/sshd_config
Subsystem  sftp  /usr/libexec/openssh/sftp-server

# Check daemon & listening ports
netstat -tlpn| grep ftp
[cuilo@testbox ~]# netstat -tlpn| grep ftp
tcp6  0  0 :::21  :::*  LISTEN  9853/proftpd: (acce

# Check service account, listening port, and process ID
[cuilo@testbox ~]# ss -tlpn | grep ftp
LISTEN  0  128  *:21  *:*  users:(("proftpd",pid=10036,fd=0))

# Check what process is listening on a particular port
lsof -Pi :21 -sTCP:LISTEN

# Check firewall rules
[cuilo@testbox ~]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources:
  services: cockpit dhcpv6-client ftp ssh
  ports: 8282/tcp
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

# FTP status
systemctl status proftpd

# Check SELinux's permissions for ftp
[root@testbox]# getsebool -a | grep ftp
ftpd_anon_write --> off
ftpd_connect_all_unreserved --> off
ftpd_connect_db --> off
ftpd_full_access --> on
ftpd_use_cifs --> off
ftpd_use_fusefs --> off
ftpd_use_nfs --> off
ftpd_use_passive_mode --> off
httpd_can_connect_ftp --> off
httpd_enable_ftp_server --> off
tftp_anon_write --> off
tftp_home_dir --> off

# Tail the log
tail -f /var/log/proftpd/sftp.log
2040-02-30 20:03:59,967 mod_sftp/1.0.0[11680]: no available host keys, unable to handle session
# This was resolved by adding the DSA key

# Often, new system setups should include this script to regenerate DSA keys
###############################################
#!/bin/sh
# regen-dsa-key.sh
keygen=/usr/bin/ssh-keygen
if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
    $keygen -q -t dsa  -f /etc/ssh/ssh_host_dsa_key -N '' \
        -C '' < /dev/null > /dev/null 2> /dev/null
    echo "/etc/ssh_host_dsa_key has been regenerated"
fi
exit 0
###############################################

# Check passive ports
sed -n '/\<Global/,/\/Global/p' /etc/proftpd.conf /etc/proftpd/conf.d/* | grep PassivePorts

# Check whether SFTP Access has been granted on SSH Port
[cuilo@testbox]# grep sftp /etc/ssh/sshd_config
#Subsystem  sftp  /usr/libexec/openssh/sftp-server

# Check daemon & listening ports
netstat -tlpn| grep ftp
[cuilo@testbox ~]# netstat -tlpn| grep ftp
tcp6  0  0 :::21  :::*  LISTEN  9853/proftpd: (acce

# Check service account, listening port, and process ID
[cuilo@testbox ~]# ss -tlpn | grep ftp
LISTEN  0  128  *:21  *:*  users:(("proftpd",pid=10036,fd=0))

# Check what process is listening on a particular port
lsof -Pi :21 -sTCP:LISTEN

# Check firewall rules
[cuilo@testbox ~]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources:
  services: cockpit dhcpv6-client ftp ssh
  ports: 8282/tcp
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

Problem with incorrect permissions to DSA/RSA files:

Symptom:

[root@sftp backupadmin]# systemctl status proftpd -l
● proftpd.service - ProFTPD FTP Server
   Loaded: loaded (/usr/lib/systemd/system/proftpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2018-05-12 10:01:36 PST; 10min ago
  Process: 236976 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS)
  Process: 79731 ExecStartPre=/usr/sbin/proftpd --configtest (code=exited, status=0/SUCCESS)
 Main PID: 79735 (proftpd)
    Tasks: 1 (limit: 49018)
   Memory: 2.7M
   CGroup: /system.slice/proftpd.service
           └─79735 proftpd: (accepting connections)

Nov 19 10:01:36 sftp.kimconnect.com systemd[1]: Starting ProFTPD FTP Server...
Nov 19 10:01:36 sftp.kimconnect.com proftpd[79731]: Checking syntax of configuration file
Nov 19 10:01:36 sftp.kimconnect.com proftpd[79731]: 2018-05-12 10:01:36,656 sftp.kimconnect.com proftpd[79731]: processing configuration directory '/etc/proftpd/conf.d'
Nov 19 10:01:36 sftp.kimconnect.com proftpd[79731]: 2018-05-12 10:01:36,657 sftp.kimconnect.com proftpd[79731]: mod_sftp/1.0.0: unable to use '/etc/ssh/import/ssh_host_dsa_key>
Nov 19 10:01:36 sftp.kimconnect.com proftpd[79731]: 2018-05-12 10:01:36,657 sftp.kimconnect.com proftpd[79731]: mod_sftp/1.0.0: unable to use '/etc/ssh/import/ssh_host_rsa_key>
Nov 19 10:01:36 sftp.kimconnect.com systemd[1]: Started ProFTPD FTP Server.
Nov 19 10:01:36 sftp.kimconnect.com proftpd[79735]: 2018-05-12 10:01:36,697 sftp.kimconnect.com proftpd[79735]: processing configuration directory '/etc/proftpd/conf.d'
Nov 19 10:01:36 sftp.kimconnect.com proftpd[79735]: 2018-05-12 10:01:36,698 sftp.kimconnect.com proftpd[79735]: mod_sftp/1.0.0: unable to use '/etc/ssh/import/ssh_host_dsa_key>
Nov 19 10:01:36 sftp.kimconnect.com proftpd[79735]: 2018-05-12 10:01:36,698 sftp.kimconnect.com proftpd[79735]: mod_sftp/1.0.0: unable to use '/etc/ssh/import/ssh_host_rsa_key>
Nov 19 10:01:36 sftp.kimconnect.com proftpd[79735]: 2018-05-12 10:01:36,717 sftp.kimconnect.com proftpd[79735] 10.17.130.142: ProFTPD 1.3.6c (maint) (built Sun May 10 2020 20:>

Resolution:

[root@sftp backupadmin]# chmod 600 /etc/ssh/import/ssh_host_dsa_key
[root@sftp backupadmin]# chmod 600 /etc/ssh/import/ssh_host_rsa_key
[root@sftp backupadmin]# systemctl restart proftpd

Validation:

[root@sftp backupadmin]# systemctl status proftpd -l
● proftpd.service - ProFTPD FTP Server
   Loaded: loaded (/usr/lib/systemd/system/proftpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2018-05-12 10:12:27 PST; 3s ago
  Process: 236976 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS)
  Process: 79885 ExecStartPre=/usr/sbin/proftpd --configtest (code=exited, status=0/SUCCESS)
 Main PID: 79888 (proftpd)
    Tasks: 1 (limit: 49018)
   Memory: 2.7M
   CGroup: /system.slice/proftpd.service
           └─79888 proftpd: (accepting connections)

Nov 19 10:12:27 sftp.kimconnect.com systemd[1]: Starting ProFTPD FTP Server...
Nov 19 10:12:27 sftp.kimconnect.com proftpd[79885]: Checking syntax of configuration file
Nov 19 10:12:27 sftp.kimconnect.com proftpd[79885]: 2018-05-12 10:12:27,957 sftp.kimconnect.com proftpd[79885]: processing configuration directory '/etc/proftpd/conf.d'
Nov 19 10:12:27 sftp.kimconnect.com systemd[1]: Started ProFTPD FTP Server.
Nov 19 10:12:27 sftp.kimconnect.com proftpd[79888]: 2018-05-12 10:12:27,988 sftp.kimconnect.com proftpd[79888]: processing configuration directory '/etc/proftpd/conf.d'
Nov 19 10:12:28 sftp.kimconnect.com proftpd[79888]: 2018-05-12 10:12:28,004 sftp.kimconnect.com proftpd[79888] 10.17.130.142: ProFTPD 1.3.6c (maint) (built Sun May 10 2020 20:>

SELinux Permissions:

# Error log
[rambo@sftp-server]# cat /var/log/messages | grep 'FTPTestUser*'
Nov 30 11:58:19 sftp-server systemd[1]: Started Session 32965 of user FTPTestUser.
Nov 30 11:58:19 sftp-server systemd-logind[1223]: New session 32965 of user FTPTestUser.
Nov 30 11:58:19 sftp-server proftpd[95774]: 2020-11-30 19:58:19,297 sftp.kimconnect.net proftpd[228427] x.x.x.x (10.17.131.8[10.17.131.8]): USER FTPTestUser:    Login successful
Nov 30 11:58:19 sftp-server proftpd[95774]: 2020-11-30 19:58:19,297 sftp.kimconnect.net proftpd[228427] x.x.x.x (10.17.131.8[10.17.131.8]): USER FTPTestUser:    Login successful.
Nov 30 11:58:22 sftp-server setroubleshoot[228515]: failed to retrieve rpm info for /home/FTPTestUser/.esd_auth
Nov 30 11:58:22 sftp-server setroubleshoot[228515]: SELinux is preventing /usr/sbin/proftpd from getattr access on the file /home/FTPTestUser/.esd_auth. For complet   e SELinux messages run: sealert -l 870cc3be-bb65-4fe9-ba6b-4d7770341707
Nov 30 11:58:22 sftp-server platform-python[228515]: SELinux is preventing /usr/sbin/proftpd from getattr access on the file /home/FTPTestUser/.esd_auth.#012#012***   **  Plugin catchall_boolean (89.3 confidence) suggests   ******************#012#012If you want to allow ftpd to full access#012Then you must tell SELinux about this by enabling the 'ftpd_full_access' boolean.#012#012Do#012setsebool -P ftpd_full_access 1#012#012*****  Plugin catchall (11.6 confidence) suggests   *   *************************#012#012If you believe that proftpd should be allowed getattr access on the .esd_auth file by default.#012Then you should report thi   s as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'proftpd' --raw    | audit2allow -M my-proftpd#012# semodule -X 300 -i my-proftpd.pp#012

# Check FTP daemon permission settings
[rambo@sftp-server]# ps -eZ | grep ftpd_t
system_u:system_r:ftpd_t:s0-s0:c0.c1023 95774 ? 00:00:02 proftpd
system_u:system_r:ftpd_t:s0-s0:c0.c1023 228427 ? 00:00:00 proftpd
system_u:system_r:ftpd_t:s0-s0:c0.c1023 233923 ? 00:00:00 proftpd
system_u:system_r:ftpd_t:s0-s0:c0.c1023 234918 ? 00:00:00 proftpd
system_u:system_r:ftpd_t:s0-s0:c0.c1023 235964 ? 00:00:00 proftpd
system_u:system_r:ftpd_t:s0-s0:c0.c1023 235989 ? 00:00:00 proftpd
system_u:system_r:ftpd_t:s0-s0:c0.c1023 235990 ? 00:00:00 proftpd
system_u:system_r:ftpd_t:s0-s0:c0.c1023 236008 ? 00:00:00 proftpd

# Grant FTP daemon full access
[rambo@sftp-server]# setsebool -P ftpd_full_access 1

Check whether proftpd is listening on the correct port:

port=8282
sudo lsof -i -P -n | grep -E "$port.*LISTEN"
[root@sftp-server testAdmin]# sudo lsof -i -P -n | grep -E "$port.*LISTEN"
proftpd     2018          nobody    0u  IPv6   42410      0t0  TCP *:8282 (LISTEN)

[root@sftp-server ~]# netstat -natp | grep sshd | grep LISTEN
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      533871/sshd
tcp6       0      0 :::22                   :::*                    LISTEN      533871/sshd
Posted on Categories Linux

Leave a Reply

Your email address will not be published. Required fields are marked *