AWS Tansfer Family server not accessible

0

When we try to send a file from Unix box to S3 bucket via AWS transfer family resolve hostname of Endpoint is not found correctly and there is error generate for SFTP logs "changing state from STATE_NOT CONNECTED to STATE_CLOSED" and connection timeout. For the last 6 months, File transfer was successful without any issues. Below are errors in cloudwatch logs of the AWS transfer family:

ERRORS KEX_FAILURE MESSAGE= "no matching key exchange method found" Kex=diffie-hellman-group1-sha1

質問済み 2年前235ビュー
1回答
0
承認された回答

Hello Jo-Harrison,

To your query, when you mention Endpoint is not found correctly, do you mean DNS resolution isn't working as expected. Could you try connecting directly via the server's IP address rather than the hostname and see if you are able to access your servers? Are you aware of any changes made with your DNS provider concerning the custom hostname of your server?

The errors from your SFTP log seem to be related to a custom client and might be related to the KEX error message seen within CloudWatch logs. Are you aware of any changes made to your client itself? Could you test from a different client such as FileZilla or WinSCP and confirm if things are working fine?

From the error message in CloudWatch logs for your server, it seems that the client is attempting to establish an SFTP connection to the Transfer server using the KEX algorithm - diffie-hellman-group1-sha1. This particular KEX algorithm is not supported by AWS Transfer service and therefore any attempts from a client using this KEX algorithm will be dropped by the server. Supported KEX algorithms - (A). Could you check the client configuration on what SFTP session parameters it is using to establish connections to the server and if anything has changed recently?

References: (A) - https://docs.aws.amazon.com/transfer/latest/userguide/security-policies.html#cryptographic-algorithms

Let me know if you have questions.

Sagar.

AWS
エキスパート
回答済み 2年前
  • Issue has been resolved as client changes there DNS configuration and client rollback the changes it is working fine now

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ