Maintaining SFTP servers requires addressing a few common issues that seem to crop up regularly. To help SFTP server administrators, we polled our support team on the most common SFTP server issues they see and the solutions below.
1. Connection issues
Connection problems are probably the most common issue an SFTP server admin has to deal with, and they can be a headache because so many factors could cause the issue. It helps to run through the following troubleshooting steps:
- Confirm your firewall settings. Begin by checking that you have port 22 enabled in your firewall and that any port forwarding is configured correctly. You can learn more about SFTP server ports at this link.
- Confirm your SFTP server listeners are enabled and pointing to the correct ports. You can do so for Cerberus by Redwood’s SFTP server by following the instructions at this link.
- Validate that the client’s IP address is allowed. Both firewalls and SFTP servers contain IP management tools, and if your exclusions are broad or you only explicitly allow certain IP addresses, this might be the source of your issue. Today’s distributed work environment can make this issue particularly problematic, and many companies require VPNs to help mitigate IP connection issues.
- Check your SFTP client’s compatibility. Older SFTP clients may not be able to use the same key generation or data encryption schemes, particularly if your SFTP server is using FIPS mode, which will refuse less-secure connections or your client has not been configured for connections via the latest OpenSSL or TLS protocols.
- Review bandwidth usage. A client trying to access very large files during peak bandwidth usage times may experience connection issues. Your bandwidth monitoring tools should help identify any of these issues.
- Investigate load issues. Even the most modern networks can fall victim to DDoS attacks or other downtime caused by heavy traffic loads. If your SFTP server or its gateway is not configured for high availability, it may error under load.
2. Authentication issues
The next most common SFTP server issue we experience involves authentication. These can be challenging to solve, as you won’t always be able to see the source of the failure without digging into your server logs, but following the steps below may help.
-
- Check your login failure report. Hopefully, an incorrect username or password is causing the issue, which is the simplest fix. You should also check to see if the user’s account has been deactivated or flagged for any reason. Multiple failed logins could indicate a potentially compromised account.
- Check your directory settings. Make sure that your user has an account and that your directory integration is still connected to your SFTP server (Cerberus SFTP Server, for example, connects to your directory through a Windows Service that could be blocked in certain configurations).
- Confirm your user’s access levels. The more fine-grained your directory permissions are, the more likely your client users may be to try and access a folder or file that they do not have permission to address.
- Review your two-factor authentication (2FA) settings. If you have 2FA enabled on your SFTP server, you may see failures happening on your second authentication factor. Make sure that you’ve verified that factor is working internally and see if the client user is simply not receiving the second factor.
- Check your public key authentication. If you have public key authentication enabled, you might experience failures in several areas:
-
-
- Older clients using expired keys
- Mismatched keys
- Encryption or protocol mismatches on older clients (for example, an SSH user may be trying to log in using a public key secured with an older encryption key that is no longer supported)
-
Cerberus FTP server allows multiple SSH keys for users to help alleviate these situations, and you can learn more about our SFTP server public key authentication processes in this support article.
3. Collaboration issues
SFTP as a protocol was developed before more collaboration-friendly tools such as WebDAV, and is not really the ideal solution for co-creation of files. As a result, you might run into the following issues:
- Asynchronous file operation failures. It’s not uncommon for SFTP transfers to fail due to file and directory operations happening at the same time the transfer is conducted. You can mitigate these issues by implementing folder controls or file scripts to lock accessed data during a transfer, although that may require a level of customization that proves challenging to implement.
- Network storage issues. Your SFTP server should not be used as your file server. You will still need file storage in order to securely house your data at rest. However, in the era of cloud computing, it can be quite complicated to find and map every user’s cloud drives and provide permissions that allow for easy sharing of files that may be originally saved on a local user’s home drive. To resolve these issues, it’s best to flow directory permissions directly to your SFTP server and give your users a healthy dose of training on where to save files so that they are accessible to other users.
4. Certificate management issues
Because SFTP operates over an SSH connection, administrators will need to properly configure their SSL/TLS certificates and ensure that they are kept up to date on both their domain and within their SFTP server. It’s not uncommon for certificate expirations to go unnoticed until a connection is refused, and larger organizations may have high numbers of certificates to manage.
A number of certificate management tools exist to alleviate these issues, but Cerberus has also prepared a digital certificate support center to keep this process as painless as possible for SFTP server administrators.
We hope that you’ve found these tips helpful in troubleshooting your SFTP server. If you’re still stumped, please contact our support team.