If you turned on the EC2 Serial Console, you can use it to troubleshoot supported Nitro-based instance types. The serial console helps you troubleshoot boot issues, network configuration, and SSH configuration issues. The serial console connects to your instance without the need for a working network connection. You can access the serial console through the Amazon EC2 console or the AWS Command Line Interface (AWS CLI).
Before you use the serial console, grant access to it at the account level. Then, create AWS Identity and Access Management (IAM) policies that grant access to your IAM users. Every instance that uses the serial console must include at least one password-based user. For more information, see Configure access to the EC2 Serial Console.
Review the authentication and system logs for errors
Amazon Linux, Amazon Linux2, RHEL, and Fedora authentication log
$ sudo less /var/log/secure
Amazon Linux, Amazon Linux2, RHEL, and Fedora generic system logs
$ sudo less /var/log/messages
Debian and Ubuntu authentication log
$ sudo less /var/log/auth.log
Debian and Ubuntu generic system logs
$ sudo less /var/log/syslog
Amazon Linus 2023
Check sshd logs:
journalctl -u sshd
Check generic system logs:
Verify that the SSHD configuration file has Subsystem for SFTP configured
Verify that the SSHD configuration file has the subsystem for SFTP configured and that the shared object file for sftp-server exists in the respective directory. If the SFTP connection closes because of a missing SFTP subsystem, then the log might show a subsystem request failed on channel 0 error.
For more information, see the Subsystem section in sshd_config on the Linux man page.
Resolve a remote readdir Permission denied error
The error remote readdir Permission denied indicates that the user doesn't have the correct permissions to connect to SFTP. The user must have at least read and execute permission to switch to a target directory.
Verify that the user has permission to access the target directory:
ls -ldZ /directory
Check for access control list (ACL) permissions restricting user access:
Verify that you activated SELinux:
If you activated SELinux, then review /var/log/audit/audit.log or /var/log/audit.log for permission denied errors based on SELinux context.