This article goes over troubleshooting authentication issues using the OpenSSH logs.
The log file for the OpenSSH service is:
This log gives you server-side visibility into authentication attempts.
SFTP Gateway enables audit-logging, so you will also see SFTP actions such as file uploads and directory traversal.
SFTP user is unable to log in
One common problem is that the SFTP user is unable to log in. From the server, run this command:
sudo su tail -f /var/log/secure
Then, have the SFTP user try to log in using a client like FileZilla. If you see no output at all, check the Network Security Group (NSG) inbound rules.
If you see:
fatal: bad ownership of modes for chroot directory
check the permissions on the user's chroot directory and make sure nobody has write access except for the
Many authentication attempts
Another common problem is that you see a steady stream of authentication attempts from different users and IP addresses. This can happen if you have opened TCP port 22 to the world.
If possible, try to lock down port 22 to a whitelist of IP addresses. Otherwise, consider moving the SSH protocol to port 2222.