Browse through the questions and answers listed below or filter and sort to narrow down your results.
AWS SFTP Error "Too many open files in this session, maximum 100"
Since this monday we are experiencing a problem when we try to upload a large amount of files. (49 files to be exact). After around 20 files the upload fails.
```
s-262d99d7572942eca.server.transfer.eu-central-1.amazonaws.com
/aws/transfer/s-262d99d7572942eca asdf.f7955cc50d0d1bc4
2022-05-09T23:02:59.165+02:00 asdf.f7955cc50d0d1bc4 CONNECTED SourceIP=77.0.176.252 User=asdf HomeDir=/beresa-test-komola/asdf Client=SSH-2.0-ssh2js0.4.10 Role=arn:aws:iam::747969442112:role/beresa-test UserPolicy="{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"AllowListingOfUserFolder\",\n \"Action\": [\n \"s3:ListBucket\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"arn:aws:s3:::beresa-test-komola\"\n ],\n \"Condition\": {\n \"StringLike\": {\n \"s3:prefix\": [\n \"asdf/*\",\n \"asdf\"\n ]\n }\n }\n },\n {\n \"Sid\": \"HomeDirObjectAccess\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:PutObject\",\n \"s3:GetObject\",\n \"s3:DeleteObject\",\n \"s3:GetObjectVersion\"\n ],\n \"Resource\": \"arn:aws:s3:::beresa-test-komola/asdf*\"\n }\n ]\n}" Kex=ecdh-sha2-nistp256 Ciphers=aes128-ctr,aes128-ctr
2022-05-09T23:02:59.583+02:00 asdf.f7955cc50d0d1bc4 OPEN Path=/beresa-test-komola/asdf/x/bla/10_x_a_10.jpg Mode=CREATE|TRUNCATE|WRITE
2022-05-09T23:03:03.394+02:00 asdf.f7955cc50d0d1bc4 CLOSE Path=/beresa-test-komola/asdf/x/bla/10_x_a_10.jpg BytesIn=4226625
2022-05-09T23:03:04.005+02:00 asdf.f7955cc50d0d1bc4 OPEN Path=/beresa-test-komola/asdf/x/bla/11_x_a_1.jpg Mode=CREATE|TRUNCATE|WRITE
2022-05-09T23:03:07.215+02:00 asdf.f7955cc50d0d1bc4 CLOSE Path=/beresa-test-komola/asdf/x/bla/11_x_a_1.jpg BytesIn=4226625
2022-05-09T23:03:07.757+02:00 asdf.f7955cc50d0d1bc4 OPEN Path=/beresa-test-komola/asdf/x/bla/12_x_a_37.jpg Mode=CREATE|TRUNCATE|WRITE
2022-05-09T23:03:10.902+02:00 asdf.f7955cc50d0d1bc4 CLOSE Path=/beresa-test-komola/asdf/x/bla/12_x_a_37.jpg BytesIn=4226625
2022-05-09T23:03:11.433+02:00 asdf.f7955cc50d0d1bc4 OPEN Path=/beresa-test-komola/asdf/x/bla/13_x_a_13.jpg Mode=CREATE|TRUNCATE|WRITE
2022-05-09T23:03:14.579+02:00 asdf.f7955cc50d0d1bc4 CLOSE Path=/beresa-test-komola/asdf/x/bla/13_x_a_13.jpg BytesIn=4226625
2022-05-09T23:03:14.942+02:00 asdf.f7955cc50d0d1bc4 OPEN Path=/beresa-test-komola/asdf/x/bla/14_x_a_43.jpg Mode=CREATE|TRUNCATE|WRITE
2022-05-09T23:03:18.016+02:00 asdf.f7955cc50d0d1bc4 CLOSE Path=/beresa-test-komola/asdf/x/bla/14_x_a_43.jpg BytesIn=4226625
2022-05-09T23:03:18.403+02:00 asdf.f7955cc50d0d1bc4 OPEN Path=/beresa-test-komola/asdf/x/bla/15_x_a_34.jpg Mode=CREATE|TRUNCATE|WRITE
2022-05-09T23:03:21.463+02:00 asdf.f7955cc50d0d1bc4 CLOSE Path=/beresa-test-komola/asdf/x/bla/15_x_a_34.jpg BytesIn=4226625
2022-05-09T23:03:21.906+02:00 asdf.f7955cc50d0d1bc4 OPEN Path=/beresa-test-komola/asdf/x/bla/16_x_a_44.jpg Mode=CREATE|TRUNCATE|WRITE
2022-05-09T23:03:25.025+02:00 asdf.f7955cc50d0d1bc4 CLOSE Path=/beresa-test-komola/asdf/x/bla/16_x_a_44.jpg BytesIn=4199266
2022-05-09T23:03:25.431+02:00 asdf.f7955cc50d0d1bc4 OPEN Path=/beresa-test-komola/asdf/x/bla/17_x_a_2.jpg Mode=CREATE|TRUNCATE|WRITE
2022-05-09T23:03:28.497+02:00 asdf.f7955cc50d0d1bc4 CLOSE Path=/beresa-test-komola/asdf/x/bla/17_x_a_2.jpg BytesIn=4199266
2022-05-09T23:03:28.857+02:00 asdf.f7955cc50d0d1bc4 OPEN Path=/beresa-test-komola/asdf/x/bla/18_x_a_5.jpg Mode=CREATE|TRUNCATE|WRITE
2022-05-09T23:03:31.947+02:00 asdf.f7955cc50d0d1bc4 CLOSE Path=/beresa-test-komola/asdf/x/bla/18_x_a_5.jpg BytesIn=4199266
2022-05-09T23:03:32.374+02:00 asdf.f7955cc50d0d1bc4 OPEN Path=/beresa-test-komola/asdf/x/bla/19_x_a_8.jpg Mode=CREATE|TRUNCATE|WRITE
2022-05-09T23:03:35.504+02:00 asdf.f7955cc50d0d1bc4 CLOSE Path=/beresa-test-komola/asdf/x/bla/19_x_a_8.jpg BytesIn=4199266
2022-05-09T23:03:35.986+02:00 asdf.f7955cc50d0d1bc4 OPEN Path=/beresa-test-komola/asdf/x/bla/1_x_a_16.jpg Mode=CREATE|TRUNCATE|WRITE
2022-05-09T23:03:39.104+02:00 asdf.f7955cc50d0d1bc4 CLOSE Path=/beresa-test-komola/asdf/x/bla/1_x_a_16.jpg BytesIn=4226625
2022-05-09T23:03:39.691+02:00 asdf.f7955cc50d0d1bc4 OPEN Path=/beresa-test-komola/asdf/x/bla/20_x_a_11.jpg Mode=CREATE|TRUNCATE|WRITE
2022-05-09T23:03:42.816+02:00 asdf.f7955cc50d0d1bc4 CLOSE Path=/beresa-test-komola/asdf/x/bla/20_x_a_11.jpg BytesIn=4199266
2022-05-09T23:03:43.224+02:00 asdf.f7955cc50d0d1bc4 OPEN Path=/beresa-test-komola/asdf/x/bla/21_x_a_14.jpg Mode=CREATE|TRUNCATE|WRITE
2022-05-09T23:03:46.274+02:00 asdf.f7955cc50d0d1bc4 CLOSE Path=/beresa-test-komola/asdf/x/bla/21_x_a_14.jpg BytesIn=4199266
2022-05-09T23:03:46.649+02:00 asdf.f7955cc50d0d1bc4 OPEN Path=/beresa-test-komola/asdf/x/bla/22_x_a_17.jpg Mode=CREATE|TRUNCATE|WRITE
2022-05-09T23:03:49.757+02:00 asdf.f7955cc50d0d1bc4 CLOSE Path=/beresa-test-komola/asdf/x/bla/22_x_a_17.jpg BytesIn=4199266
2022-05-09T23:03:50.141+02:00 asdf.f7955cc50d0d1bc4 OPEN Path=/beresa-test-komola/asdf/x/bla/23_x_a_20.jpg Mode=CREATE|TRUNCATE|WRITE
2022-05-09T23:03:53.307+02:00 asdf.f7955cc50d0d1bc4 CLOSE Path=/beresa-test-komola/asdf/x/bla/23_x_a_20.jpg BytesIn=4199266
2022-05-09T23:03:53.849+02:00 asdf.f7955cc50d0d1bc4 OPEN Path=/beresa-test-komola/asdf/x/bla/24_x_a_23.jpg Mode=CREATE|TRUNCATE|WRITE
2022-05-09T23:03:56.933+02:00 asdf.f7955cc50d0d1bc4 CLOSE Path=/beresa-test-komola/asdf/x/bla/24_x_a_23.jpg BytesIn=4199266
2022-05-09T23:03:57.358+02:00 asdf.f7955cc50d0d1bc4 OPEN Path=/beresa-test-komola/asdf/x/bla/25_x_a_26.jpg Mode=CREATE|TRUNCATE|WRITE
2022-05-09T23:04:00.585+02:00 asdf.f7955cc50d0d1bc4 CLOSE Path=/beresa-test-komola/asdf/x/bla/25_x_a_26.jpg BytesIn=4199266
2022-05-09T23:04:00.942+02:00 asdf.f7955cc50d0d1bc4 OPEN Path=/beresa-test-komola/asdf/x/bla/26_x_a_29.jpg Mode=CREATE|TRUNCATE|WRITE
2022-05-09T23:04:04.174+02:00 asdf.f7955cc50d0d1bc4 CLOSE Path=/beresa-test-komola/asdf/x/bla/26_x_a_29.jpg BytesIn=4199266
2022-05-09T23:04:04.603+02:00 asdf.f7955cc50d0d1bc4 OPEN Path=/beresa-test-komola/asdf/x/bla/27_x_a_32.jpg Mode=CREATE|TRUNCATE|WRITE
2022-05-09T23:04:07.771+02:00 asdf.f7955cc50d0d1bc4 CLOSE Path=/beresa-test-komola/asdf/x/bla/27_x_a_32.jpg BytesIn=4199266
2022-05-09T23:04:08.179+02:00 asdf.f7955cc50d0d1bc4 OPEN Path=/beresa-test-komola/asdf/x/bla/28_x_a_35.jpg Mode=CREATE|TRUNCATE|WRITE
2022-05-09T23:04:11.279+02:00 asdf.f7955cc50d0d1bc4 CLOSE Path=/beresa-test-komola/asdf/x/bla/28_x_a_35.jpg BytesIn=4199266
2022-05-09T23:04:11.716+02:00 asdf.f7955cc50d0d1bc4 OPEN Path=/beresa-test-komola/asdf/x/bla/29_x_a_38.jpg Mode=CREATE|TRUNCATE|WRITE
2022-05-09T23:04:14.853+02:00 asdf.f7955cc50d0d1bc4 CLOSE Path=/beresa-test-komola/asdf/x/bla/29_x_a_38.jpg BytesIn=4199266
2022-05-09T23:04:15.316+02:00 asdf.f7955cc50d0d1bc4 OPEN Path=/beresa-test-komola/asdf/x/bla/2_x_a_7.jpg Mode=CREATE|TRUNCATE|WRITE
2022-05-09T23:04:18.435+02:00 asdf.f7955cc50d0d1bc4 CLOSE Path=/beresa-test-komola/asdf/x/bla/2_x_a_7.jpg BytesIn=4226625
2022-05-09T23:04:18.906+02:00 asdf.f7955cc50d0d1bc4 OPEN Path=/beresa-test-komola/asdf/x/bla/30_x_a_41.jpg Mode=CREATE|TRUNCATE|WRITE
2022-05-09T23:04:22.140+02:00 asdf.f7955cc50d0d1bc4 CLOSE Path=/beresa-test-komola/asdf/x/bla/30_x_a_41.jpg BytesIn=4199266
2022-05-09T23:04:22.565+02:00 asdf.f7955cc50d0d1bc4 OPEN Path=/beresa-test-komola/asdf/x/bla/31_x_a_18.jpg Mode=CREATE|TRUNCATE|WRITE
2022-05-09T23:04:25.752+02:00 asdf.f7955cc50d0d1bc4 CLOSE Path=/beresa-test-komola/asdf/x/bla/31_x_a_18.jpg BytesIn=4159129
2022-05-09T23:04:26.141+02:00 asdf.f7955cc50d0d1bc4 ERROR Message="Too many open files in this session, maximum 100" Operation=OPEN Path=/beresa-test-komola/asdf/x/bla/32_x_a_3.jpg Mode=CREATE|TRUNCATE|WRITE
```
As you can see in the logs we are closing each path after opening it - we are uploading one file after the other. What could cause this as we are not even trying to write 100 files during the scp session?
Accepted AnswerAWS Transfer Family
1
answers
0
votes
6
views
asked 9 days ago
HostKey for SFTP Transfer Family
Hello,
I am migrating a SFTP Server from Public Endpoint to VPC Endpoint, and i would like to preserve the same HostKey in production so customers do not have to re-accept it.
But i am struggling with the concepts:
When looking into the existing SFTP Server at Console > Additional details > Server host key
SHA256:Cv5TEDW8P3L+uqpAKtpzSWIfGcHwdrnaDyJd0wOGNx5= (example)
I believe this is a PUBLIC host key, and the same that we accept as a client to the SFTP Server into the known hosts .
When Editing > Server host key, it asks for a RSA PRIVATE key. (I tried to set the previous host key example)
Where can i get this RSA private Key from our current running AWS SFTP server? (I tried to ssh but it does not allow)
Would after creation of new AWS SFTP server be able to setup the host key with this command?
aws transfer update-server --server-id "your-server-id" --host-key file://my-host-key
my-host-key is the RSA Private Key?
Thanks.
Accepted AnswerAWS Transfer Family
1
answers
0
votes
7
views
asked 2 months ago
1
answers
1
votes
7
views
asked 3 months ago
1
answers
0
votes
17
views
asked 3 months ago
AWS Tansfer Family server not accessible
When we try to send a file from Unix box to S3 bucket via AWS transfer family resolve hostname of Endpoint is not found correctly and there is error generate for SFTP logs "changing state from STATE_NOT CONNECTED to STATE_CLOSED" and connection timeout. For the last 6 months, File transfer was successful without any issues. Below are errors in cloudwatch logs of the AWS transfer family:
ERRORS KEX_FAILURE MESSAGE= "no matching key exchange method found" Kex=diffie-hellman-group1-sha1
Accepted AnswerAWS Transfer Family
1
answers
0
votes
10
views
asked 4 months ago
1
answers
0
votes
13
views
asked a year ago
Custom port possible with Transfer for SFTP?
We are migrating an existing on-prem SFTP server to AWS Transfer for SFTP, however the old server was setup to only accept connections on port 2222. We are hoping to make a seamless transfer to AWS behind the scenes without having users need to update anything (we use user/pass auth), but from what I can see, only port 22 is possible...
Is it possible to use a custom port or listen on multiple ports (e.g. 2222 for legacy users, 22 for go-forward users)?
Thanks,
T.
Accepted AnswerAWS Transfer Family
2
answers
0
votes
4
views
asked 2 years ago
4
answers
0
votes
1
views
asked 2 years ago
Cannot login to a newly created SFTP server and cannot see server logs
I have created a SFTP server, gave it a logging role and created a user. As a result can neither log into the server with my private key neither see any log messages.
Following are the exact steps:
1. Created the **xxxxxxxxxx-dev-import** S3 bucket and created a **test-user** folder in it.
2. Created a **DevImportSFTPReadWriteAccess** RW access policy to access the target bucket.
3. Created a **DevImportSFTPRole** role and attached the aforementioned **ImportSFTPReadWriteAccess** policy to it.
4. Created a role called **AWSTransferLoggingRole** and attached the AWS-managed **AWSTransferLoggingAccess** policy to it. Checked the trust relationship - transfer.amazonaws.com is trusted.
5. Created a public SFTP server with service managed identity provider and assigned the aforementioned **AWSTransferLoggingRole** as the logging role. Waited until the server started.
**NOTE** After server was started the logs were not visible in CloudWatch.
6. After the server was started created a **test-user** user with the public key, assigned the **xxxxxxxxxx-dev-import** as the bucket and **test-user** as home folder.
Following is the result I'm ending up with:
```
mymacbook:.ssh UXXXXXX$ telnet s-xxxxxxxxxxxxxxxx.server.transfer.eu-central-1.amazonaws.com 22
Trying XXX.XXX.XXX.XXX...
Connected to s-xxxxxxxxxxxxxxxx.server.transfer.eu-central-1.amazonaws.com.
Escape character is '^]'.
SSH-2.0-AWS_SFTP_1.0
^C
Connection closed by foreign host.
mymacbook:.ssh UXXXXXX$ ssh -i ~/.ssh/id_rsa_test_user test-user@s-xxxxxxxxxxxxxxxx.server.transfer.eu-central-1.amazonaws.com
The authenticity of host 's-xxxxxxxxxxxxxxxx.server.transfer.eu-central-1.amazonaws.com (XXX.XXX.XXX.XXX)' can't be established.
RSA key fingerprint is SHA256:u0HCsILNN4vTm367Wgyeh2ToHLbuZayQzbzt9GbF+v8.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 's-xxxxxxxxxxxxxxxx.server.transfer.eu-central-1.amazonaws.com,XXX.XXX.XXX.XXX' (RSA) to the list of known hosts.
Enter passphrase for key '/Users/UXXXXXX/.ssh/id_rsa_test_user':
Connection to s-xxxxxxxxxxxxxxxx.server.transfer.eu-central-1.amazonaws.com closed by remote host.
Connection to s-xxxxxxxxxxxxxxxx.server.transfer.eu-central-1.amazonaws.com closed.
mymacbook:.ssh UXXXXXX$
```
And again - no logs in CloudWatch.
Accepted AnswerAWS Transfer Family
1
answers
0
votes
13
views
asked 3 years ago
Host name value in Custom Identity Provider
Does anyone know if it is possible to get the hostname used to connect to the SFTP inside the Custom Identity Provider?
The host name is something that could be used in the authentication process.
Also, the documentation suggests that multiple hostname(s) are possible. However, the examples I've seen suggest the config of only one. Are multiple hostnames suppported for a single SFTP server?
Thanks.
Accepted AnswerAWS Transfer Family
8
answers
0
votes
0
views
asked 3 years ago
Custom Identity Provider - works until Policy is defined?
Hi, I've got a server setup with a custom identity provider running a lambda function. With only a Role defined in the response, my user can log in (but of course has more access than is desired).
When I add the Policy inline to the lambda response, the login fails.
Testing with test-identity-provider yields 200 success when no Policy is defined. However, when a Policy is defined (it seems any policy, with or without variables) testing with test-identity-provider I get the following:
"Message": "Unable to call identity provider: Unable to unmarshall response (We expected a VALUE token but got: START_OBJECT). Response Code: 200, Response Text: OK",
"StatusCode": 500,
The policy I'm using is not special, just an example found online:
```
const policy = {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowListingOfUserFolder",
"Action": [
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::${transfer:HomeBucket}"
],
"Condition": {
"StringLike": {
"s3:prefix": [
"in/${transfer:UserName}/*",
"in/${transfer:UserName}"
]
}
}
},
{
"Sid": "AWSTransferRequirements",
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets",
"s3:GetBucketLocation"
],
"Resource": "*"
},
{
"Sid": "HomeDirObjectAccess",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObjectVersion",
"s3:DeleteObject",
"s3:GetObjectVersion"
],
"Resource": "arn:aws:s3:::${transfer:HomeDirectory}/*"
}
]
};
```
and later:
```
response = {
Role: 'my_role_arn',
Policy: policy,
HomeDirectory: '/my-bucket/in/myuser',
};
```
Anybody got any hints about what I'm doing wrong?
Thanks.
Edited by: TTF2019 on Apr 13, 2019 5:10 AM
Accepted AnswerAWS Transfer Family
4
answers
0
votes
3
views
asked 3 years ago
Network load balancer and privatelink for static ip
I'm trying to set up this new functionality to have a static IP:
"Additionally, you can now deploy a network load balancer (NLB) that uses your SFTP server’s VPC endpoint to associate Elastic IPs, enabling your end users to whitelist your SFTP server’s IP addresses."
I have setup a vpce and configured the sftp server following this guide <https://docs.aws.amazon.com/transfer/latest/userguide/create-server-vpc.html>
But when I configure the NLB I get stuck at how to set the target to the vpce.
I've tried adding the vpce IP, but only get target "unhealthy". Should I address the vpce target in some other way, or should I apply some special security group settings (I currently use the vpc default group)? Or is there something else that I should be looking into?
Accepted AnswerAWS Transfer Family
1
answers
0
votes
0
views
asked 3 years ago