To your query, when you mention Endpoint is not found correctly, do you mean DNS resolution isn't working as expected. Could you try connecting directly via the server's IP address rather than the hostname and see if you are able to access your servers? Are you aware of any changes made with your DNS provider concerning the custom hostname of your server?
The errors from your SFTP log seem to be related to a custom client and might be related to the KEX error message seen within CloudWatch logs. Are you aware of any changes made to your client itself? Could you test from a different client such as FileZilla or WinSCP and confirm if things are working fine?
From the error message in CloudWatch logs for your server, it seems that the client is attempting to establish an SFTP connection to the Transfer server using the KEX algorithm -
diffie-hellman-group1-sha1. This particular KEX algorithm is not supported by AWS Transfer service and therefore any attempts from a client using this KEX algorithm will be dropped by the server. Supported KEX algorithms - (A). Could you check the client configuration on what SFTP session parameters it is using to establish connections to the server and if anything has changed recently?
References: (A) - https://docs.aws.amazon.com/transfer/latest/userguide/security-policies.html#cryptographic-algorithms
Let me know if you have questions.
- Accepted Answerasked 2 months ago
- asked a year ago
- asked 5 months ago
- AWS OFFICIALUpdated a year ago
- How do I configure my AWS Transfer Family server to use an Amazon S3 bucket that's in another AWS account?AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- How can I resolve the "Cannot initialize SFTP Protocol" error when I connect to an AWS Transfer Family SFTP-enabled server?AWS OFFICIALUpdated 2 years ago
Issue has been resolved as client changes there DNS configuration and client rollback the changes it is working fine now