Below are some common troubleshooting items and questions.  

I ran "sudo yum update" and the server no longer functions

Please see our article Fixing errors after running yum update.

How can I resize my instance volume?

Please see our article Resizing an EC2 Instance Volume.

How do I update an existing SFTP Gateway instance with the latest application binaries?

See our article Upgrading existing SFTP Gateway instances.

I no longer have access to a user's private key. How can I replace a user's SSH key?

Log in to the server as ec2-user, and run the following commands:


sudo sh

Enter the user's name, and an email address if you would like the key emailed to you. Otherwise, hit enter and it will print the user's new private key to the console.

I updated the SFTP Gateway server but nothing is uploading to S3

run sudo sftpgatewaysetup . It will skip creating a new bucket since one already exists, and it will reestablish the connection to the original S3 bucket.

I did not receive the email with the user’s SSH key. How do I find it?

First, be sure to check your junk folder when the key is emailed to you. If you still can't find it, you can find the user's key on the server in the /opt/sftgw/keysfolder.

How do I change the default S3 bucket used by SFTP Gateway?

You can modify the default bucket used by SFTP Gateway by editing the sftpgateway.bucketname property in the /home/ec2-user/.sftpgateway/ file. You can set this value to any bucket you create in the AWS S3 Console. This change will only be effective for SFTP users created after this property has been modified. For existing users, make sure you have the latest version of SFTP Gateway as described above. Then run the following command:

sudo sftpgw reset <user>

This will reset the user's upload directory to use the new bucket name. Any sub directories under uploads need to be deleted and recreated.

At this time, SFTP Gateway writes to a single bucket with different folders for each SFTP user.

Filenames are getting changed before being uploaded to S3

The .filepart extension is something that is added by WinSCP and is known to interfere with the proper execution of the SFTP Gateway. As a work around, please disable this feature in WinSCP as described at the bottom of this page.

For large files, we have a custom feature that will verify MD5 checksums. This will be available in a few weeks in a new release of the SFTP Gateway. Upgrading is very easy and we will notify you when it is available.

SFTP Gateway was working fine then suddenly stopped

This issue has been observed on micro instances under heavy loads. The server uses too much memory and the the kernel kills critical daemon processes. Micro instances may be suitable for development or testing, but they are not recommended for production environments.

Unable to create new bucket when calling sudo sftpgatewaysetup

This occurs because the EC2 instance does not have an IAM Role with AmazonS3FullAccess permission. Simply attach a new IAM Role with this permission in the Instance Settings menu of the EC2 console. Alternatively, launching an SFTP Gateway instance from the CloudFormation template (see Links section) will create this role automatically.

How do I lock down S3 permissions to a single bucket?

Once the SFTP Gateway has been configured properly, you may want to reduce permissions of the IAM Role assigned to the SFTP Gateway to grant access to the single SFTP Gateway bucket only. This can be done by doing the following:

  1. In the AWS Console find the IAM Role attached to the SFTP Gateway instance.
  2. On the Permissions tab, click "Detach Policy" for AmazonS3FullAccess or any other Managed Policy you wish to remove.
  3. Expand the section under "Inline Policies" and create a new inline policy.
  4. Select "Custom Policy" and paste the following contents, replacing YOUR_BUCKET_NAME with your actual bucket name.

        "Version": "2012-10-17",
        "Statement": [
                "Sid": "Stmt1498076637000",
                "Effect": "Allow",
                "Action": [
                "Resource": [
  5. Click "Apply Policy". SFTP Gateway should now have permission that single bucket only.

Note: If you used the CloudFormation template from the Links section (above), this is already done for you.

Enabling Termination Protection on your CloudFormation Stack

Termination protection is a great way to protect your stack from accidental deletion. This option is very easy to enable, whether you are creating a new CloudFormation stack or managing an existing stack.

During creation:

At the "options" stage, click Advanced to expand the section. Click Enable next to "Termination protection".

After creation:

At the CloudFormation console, click a stack name to view the stack details. On the upper right corner, find Other Actions and select Change termination protection. Click Yes, Enable .

How do I enable password login instead of using SSH Keys?

Please see our article on password-based login.

I'm running out of memory and the server stops uploading files to S3

If your server gets hit with a traffic spike, you could run out of memory and certain processes used by SFTP Gateway could stop working. Usually a reboot will restore functionality (although you still need to re-drop files that didn't get uploaded).

To help prevent this sort of thing, you can upgrade your instance type to increase the amount of memory. Also, you can add a Swap partition (see this article for details).