EC2 Security Group Ingress Rules
Overview
This article goes over the EC2 Security Group ingress rules for SFTP Gateway.
SFTP runs on port 22
which is open to the world.
You can restrict IP address ranges on a per-user basis from within the web admin portal.
The SSH protocol (port 2222
) and the web admin portal (80
and 443
) should be restricted
to System Administrators.
TCP Ports
SFTP Gateway exposes the following ports and protocols:
22
: SFTP2222
: SSH80
: HTTP443
: HTTPS
The SFTP protocol runs on TCP port 22
. By default, this is open to the world 0.0.0.0/0
.
Within the web admin portal, you can restrict IP address ranges on a per-user basis.
The SSH protocol has been moved to TCP port 2222
. (Remember to specify the port number -p 2222
when connecting via SSH.) This port should be restricted to SysAdmins.
Web ports 80
and 443
are used for the Web Admin Portal.
It's important to restrict these ports to SysAdmins as well, because the Web Admin Portal
lets you create an admin account on first launch.
Here's a table of the various ports and protocols.