By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Cannot login to a newly created SFTP server and cannot see server logs

0

I have created a SFTP server, gave it a logging role and created a user. As a result can neither log into the server with my private key neither see any log messages.
Following are the exact steps:

  1. Created the xxxxxxxxxx-dev-import S3 bucket and created a test-user folder in it.
  2. Created a DevImportSFTPReadWriteAccess RW access policy to access the target bucket.
  3. Created a DevImportSFTPRole role and attached the aforementioned ImportSFTPReadWriteAccess policy to it.
  4. Created a role called AWSTransferLoggingRole and attached the AWS-managed AWSTransferLoggingAccess policy to it. Checked the trust relationship - transfer.amazonaws.com is trusted.
  5. Created a public SFTP server with service managed identity provider and assigned the aforementioned AWSTransferLoggingRole as the logging role. Waited until the server started.
    NOTE After server was started the logs were not visible in CloudWatch.
  6. After the server was started created a test-user user with the public key, assigned the xxxxxxxxxx-dev-import as the bucket and test-user as home folder.

Following is the result I'm ending up with:

mymacbook:.ssh UXXXXXX$ telnet s-xxxxxxxxxxxxxxxx.server.transfer.eu-central-1.amazonaws.com 22
Trying XXX.XXX.XXX.XXX...
Connected to s-xxxxxxxxxxxxxxxx.server.transfer.eu-central-1.amazonaws.com.
Escape character is '^]'.
SSH-2.0-AWS_SFTP_1.0
^C
Connection closed by foreign host.
mymacbook:.ssh UXXXXXX$ ssh -i ~/.ssh/id_rsa_test_user test-user@s-xxxxxxxxxxxxxxxx.server.transfer.eu-central-1.amazonaws.com
The authenticity of host 's-xxxxxxxxxxxxxxxx.server.transfer.eu-central-1.amazonaws.com (XXX.XXX.XXX.XXX)' can't be established.
RSA key fingerprint is SHA256:u0HCsILNN4vTm367Wgyeh2ToHLbuZayQzbzt9GbF+v8.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 's-xxxxxxxxxxxxxxxx.server.transfer.eu-central-1.amazonaws.com,XXX.XXX.XXX.XXX' (RSA) to the list of known hosts.
Enter passphrase for key '/Users/UXXXXXX/.ssh/id_rsa_test_user': 
Connection to s-xxxxxxxxxxxxxxxx.server.transfer.eu-central-1.amazonaws.com closed by remote host.
Connection to s-xxxxxxxxxxxxxxxx.server.transfer.eu-central-1.amazonaws.com closed.
mymacbook:.ssh UXXXXXX$

And again - no logs in CloudWatch.

Topics
Migration & Modernization
Tags
AWS Transfer Family
Language
English
ahovasapyan
asked 5 years ago882 views
1 Answer
0
Accepted Answer

Can you please try the command (instead of ssh):
sftp -i ~/.ssh/id_rsa_test_user test-user@s-xxxxxxxxxxxxxxxx.server.transfer.eu-central-1.amazonaws.com

AWS
AWS-User-9826533
answered 5 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content