How do I troubleshoot connecting to my EC2 Linux instance using an SFTP connection?
Last updated: 2020-12-09
I can't connect to my Amazon Elastic Compute Cloud (Amazon EC2) Linux instance using a Secure File Transfer Protocol (SFTP) connection. Or, I'm receiving the error "remote readdir Permission denied". How can I troubleshoot this?
There are multiple reasons why connecting to your EC2 instance through an SFTP connection might fail. The following are troubleshooting steps for common connection problems:
- Verify that your instance meets SSH connection prerequisites.
- Log in to the instance with verbose messaging on to identify the error.
- Review the authentication and system logs for errors.
- Verify that the SSHD configuration file has Subsystem for SFTP configured.
- Resolve a Remote readdir Permission denied error.
Verify that your instance meets SSH connection prerequisites
SFTP works on top of SSH. Verify that the instance meets all SSH connection prerequisites. For a list of prerequisites, see Connecting to your Linux instance using SSH.
Log in to the instance with verbose messaging on to identify the error
The following are common connection error messages:
- Connection timed out or Connection refused
- Permission denied or Authentication failed
- Server refused our key
For information on logging in to your instance with verbose messaging on and how to resolve these and other SSH-related errors, see How do I troubleshoot connecting to my Amazon EC2 Linux instance using SSH?
Review the authentication and system logs for errors
RHEL and Fedora authentication log:
$ sudo less /var/log/secure
RHEL and Fedora generic system logs:
$ sudo less /var/log/messages
Debian and Ubuntu authentication log:
$ sudo less /var/log/auth.log
Debian and Ubuntu generic system logs:
$ sudo less /var/log/syslog
Verify that the SSHD configuration file has Subsystem for SFTP configured
Verify the SSHD configuration file has the subsystem for SFTP configured and that the shared object file for sftp-server exists in the respective directory. If the SFTP connection closes due to a missing SFTP subsystem, the log might show that a subsystem request failed on channel 0 error.
RHEL and Fedora-based distributions:
$ sudo grep Subsystem /etc/ssh/sshd_config Subsystem sftp /usr/libexec/openssh/sftp-server $ sudo ls -l /usr/libexec/openssh/sftp-server -rwxr-xr-x. 1 root root 100784 Jun 26 2019 /usr/libexec/openssh/sftp-server
Debian and Ubuntu-based distributions:
$ sudo grep Subsystem /etc/ssh/sshd_config Subsystem sftp /usr/lib/openssh/sftp-server $ sudo ls -l /usr/lib/openssh/sftp-server -rwxr-xr-x 1 root root 105608 Mar 4 2019 /usr/lib/openssh/sftp-server
For more information see the Subsystem section in sshd_config on the Linux man page.
Resolve a remote readdir Permission denied error
The error remote readdir Permission denied indicates that the user attempting the SFTP connection doesn't have the correct permissions. The user must at a minimum have read and execute permission to switch to a target directory.
Use the following command to verify that the user has permission to access the target directory:
ls -ldZ /directory
Use the following command to check for access control list (ACL) permissions restricting user access:
Use the following command to verify that SELinux is enabled: