SFTP Gateway Support

3.0

Common Issues

Overview

This article lists the most common support issues we've been seeing for SFTP Gateway v3.

1. There's a banner but no command prompt when I connect using SSH

On SFTP Gateway version 3, the SSH protocol has been moved from the default port 22 to 2222.

So the syntax to connect would be:

ssh -i private.key ec2-user@<ip-address> -p 2222

We introduced a Java service to implement the SFTP protocol on port 22. This Java service denies the SSH protocol. This is why you see the login banner, but have no command prompt.

For more information on how to SSH into an EC2 instance running SFTP Gateway, see this article.

2. Connection timed out after 20 seconds of inactivity (FileZilla)

If you get a connection timeout with FileZilla, there are a few possible causes.

2a. Check your EC2 Security Group rules

Make sure that your SFTP client is able to connect to the EC2 instance over port 22.

Otherwise, FileZilla will not receive any response when trying to connect.

2b. Check your default Cloud Connection

A Cloud Connection is a set of options for connecting to an S3 bucket. SFTP Gateway uses S3 as the underlying file system. So, a connection timeout could result from the SFTP user having no file system to work with.

If your default Cloud Connection already exists, look for a Test Connection button on the details page. Make sure it gives you three green check marks.

3. How to share folders between SFTP users

This is more of a configuration question rather than a troubleshooting issue.

But, figuring out how to configure sharing is a commonly asked question.

Below are two examples of sharing scenarios.

3a. External vendor scenario: grant an internal SFTP user read/write access to multiple external SFTP users

The external vendor scenario is where you have a user, perhaps an internal manager, accessing other users' files/folders.

First, configure external SFTP accounts with the default Home Directory location, which is the user's name under the /users/ folder. For example:

/
|--users/ 
   |--vendor1/  <-- vendor1 is chrooted here

Then, configure an internal-manager SFTP user, and point it to the parent /users/ folder.
The folder structure will look like this:

/
|--users/  <-- internal-manager is chrooted here
   |--vendor1/
   |--vendor2/

The internal-manager will have read/write access to the /users/ directory, and everything in it (including the vendor chroot directories).

For additional information on the External Vendor scenario, see this article.

3b. Group drive scenario: mount a shared folder inside the chroot directories of multiple SFTP users

In the Group Drive scenario, you create a shared folder, and then mount it within the chroot directory of each SFTP user.

First, you create a new Cloud Connection that points to a specific S3 bucket.

Then, within each SFTP user's chroot directory, you create a Folder that points to the Cloud Connection.

The folder structure will look like this:

/
|--users/
   |--user1/
      |--Shared-Folder --> points to the Shared Cloud Connection
   |--user2/
      |--Shared-Folder --> points to the Shared Cloud Connection

Each SFTP user will see a subfolder named Shared-Folder.

And any changes they make in that folder will be seen by other SFTP users.

For more information on shared Cloud Connections look at this article.

4. Supporting legacy SFTP clients

Some SFTP client software may require the use of legacy encryption algorithms.

By default, these are not enabled on SFTP Gateway.

SFTP Gateway has a setting named sftp.security-level where you can reduce the security baseline to improve compatibility.

For more detailed information on Security Level Configuration, view this article.

5. Reset the Web Admin Password

On first launch, you create a web admin user in the web admin portal.

If you forget these credentials, you will need to reset them via the command line.

Here are the steps to reset your admin password.

Step 1. SSH into the EC2 instance, and elevate your privileges to root:

sudo su

Step 2. Change directories to /usr/local/bin/:

cd /usr/local/bin/

Step 3. Run the script to remove all web admin users:

./clear-admin-users.sh

If all goes well, you should see the word COMMIT.

Step 4. Refresh your browser, and the web admin portal should take you back to the first launch screen where you can create a new admin user.

For information on the contents of the script visit this article.

PreviousNext