Note: This page applies to SFTP Gateway version 2.x. Visit Here for documentation on version 3.x.
This article goes over troubleshooting authentication issues using the OpenSSH logs.
The log file for the OpenSSH service is:
This log gives you server-side visibility into authentication attempts.
SFTP Gateway enables audit-logging, so you will also see SFTP actions such as file uploads and directory traversal.
SFTP user is unable to log in
One common problem is that the SFTP user is unable to log in. From the server, run this command:
sudo su tail -f /var/log/secure
Then, have the SFTP user try to log in using a client like FileZilla. If you see no output at all, check the EC2 Security Group.
If you see:
fatal: bad ownership of modes for chroot directory
check the permissions on the user's chroot directory and make sure nobody has write access except for the
Many authentication attempts
Another common problem is that you see a steady stream of authentication attempts from different users and IP addresses. This can happen if you have opened TCP port 22 to the world.
If possible, try to lock down port 22 to a whitelist of IP addresses. Otherwise, consider moving the SSH protocol to port 2222.
Many connections from the same IP
If you are running the HA CloudFormation stack, you might see a steady stream of connection attempts coming from the same IP address.
In certain version of SFTP Gateway, the Load Balancer health checker is pointing to TCP 22. The health checker is a highly available client that constantly tests connectivity on port 22.
The health checker cannot be disabled. However, you can force it to point to port 80 instead. Nginx is better suited to handle a high volume of anonymous connections.