setting up ftp on Mac OS X to use non standard port


I currently have ftp running on a Mac OS X 10.3.9 server.  On my firewall I am port forwarding port 21 to that server and everything is working fine. I'm concerned about security and in lieu of changing to something like sftp, I'd like to use a non standard port for ftp requests. My question is what changes do I need to make to the ftp service (if any), what changes to my firewall (I'm pretty sure that I just forward my new port number to the ftp server), and finally what do my clients need to do to connect using the non standard port.  Currently, I have clients on Macs and PCs using Internet Explorer, Fetch, and WS_Ftp Pro.  There may be some other misc. clients, but I only support the ones mentioned.

Are there any other things that I need to consider before making a change like this? And do any of you have opinions about other products that I might use for a more secure ftp site?  I looked recently at a product called Rumpus - any thoughts on that?

I appreciate the help - thanks.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Security through obscurity does not help a great deal. Port scanning is done a great deal, and they will find the port, regardless of which one you are using. If you are using the ftp service provided by Max OS X server, then providing you keep up to date with security patches (using Software Update), you will be secure.

The biggest issue is that passwords are sent in clear text for default ftp. The best solution for this is to run SFTP which tunnels it over ssh. It isn't an issue if you are allowing anonymous ftp, as you don't have any sensitive passwords being sent.

Are you using this for an upload server or a download server?

What are the security issues you are concerned about?


EllysPAuthor Commented:
Hey Joel,

The non standard port was a suggestion from a party that we will be working with as a security measure.  I agree with you - that's probably not going to get me where I want to be but would still like to know how to set it up.
We're using the server for uploads and downloads.  The server is kept up to date with all patches.  I have a large number of people using the site and moving to sftp seems like a good solution, but it might cause a real hiccup in use - I would need special clients - correct?  (I am not allowing anonymous access.)
Although the data is not sensitive, it is important to keep the site secure to the extent that it will be available 24/7 and to keep the data from being compromised in any way.  

So what's involved in setting up sftp - what are the performance effects with the encryption?  And I'm still interested in opinions on third party ftp software - I've read that Mac OS X's implementation has issues - I'm interested in building and maintaining a solid, reliable server - so would appreciate ideas.

Thanks much,


Sftp doesn't particularly need setting up - if you enable ssh, then sftp gets enabled as well.

In terms of special clients, it can be done from the command line in Mac OS X, or you can use Interarchy, Fetch or others. For Windows there are winSCP and others.

I believe that the ftp server in Mac OS X Server is based on wu-ftpd - it was in Panther and before. This site <> gives details and also provides instructions for replacements. Many suggest using Pro-ftpd <>.

Another good resource is <>


Learn SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

EllysPAuthor Commented:
Thanks for the info - I'll check out the links and decide which way to go.
A couple quick final questions:
I'd still like to know how to use a non standard port AND which port does sftp use - how do I ensure people are using sftp and not regular ftp?

Thanks again - Elly
SFTP runs over an ssh tunnel, so on port 22. FTP runs on ports 20 and 21. If you aren't running an ftp server, then you won't have anyone connecting with ftp.

You set the ports up on the firewall to forward the non-standard ports to the standard ports on the server. Eg 10020-10021->20-21.

To access these ports, you can add the port information to the url


In command line ftp, you add the port by putting the port at the end of the line

eg ftp 10021

you will probably need to use passive ftp.



Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
EllysPAuthor Commented:
Thanks for all the info Joel - I've got one more question and I think I'm good to go.  I set up permissions in Workgroup manager for ftp access - how do I set permissions for sftp?

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Apple Networking

From novice to tech pro — start learning today.