SSH remote connection issues
Workbench logon issues
Issues with logging on using an SSH client
What do I do if I receive a "Permission denied, please try again" error?
What do I do if I receive an "ssh_exchange_identification: read: Connection reset by peer" error?
What do I do if I receive a "Too many authentication failures" error?
What do I do if I receive a "Host key verification failed" error?
What do I do if I receive an "error: Unable to load host key: /etc/ssh/ssh_host_rsa_key" error?
What do I do if I receive a "Maximum amount of failed attempts was reached" error?
What do I do if I receive a "could not set limit for 'nofile': Operation not permitted" error?
What do I do if I receive a "This account is currently not available." error?
What do I do if I receive a "fatal: mm_request_send: write: Broken pipe" error?
Issues with logging on using an SFTP client
Other issues
SSH service startup issues and solutions
What do I do if I receive a "fatal: Cannot bind any address" error when I start the SSH service?
What do I do if I receive a "Bad configuration options" error when I start the SSH service?
What do I do if the SSH service does not start and no error message is reported?
Other FAQ and solutions
Remote Desktop connection issues
What do I do if I cannot remotely connect to a Windows instance?
How do I resolve an abnormal RPC component on a Windows instance?
Why can't I log on to a Windows instance using the default port (3389)?
How do I start the Remote Desktop Service (RDS) on a Windows instance?
What do I do if I have issues connecting to a Windows instance using RDP in Workbench?
Issues with remotely connecting to an instance using VNC
What do I do if I have issues remotely connecting to an instance using VNC?
Issues with connecting to the FTP service on an ECS instance
Windows instances
Linux instances
Appendix
What do I do if I cannot connect to and access the FTP service on an ECS instance that runs Windows from the Internet?
Symptom
The FTP service on a Windows ECS instance cannot be connected to or accessed from the Internet.
Cause
This issue may occur for the following reasons:
FTP security group rules are not configured to allow access: For more information, see Solution 1: Add security group rules for FTP.
The firewall blocks the FTP process: For more information, see Solution 2: Configure firewall support for FTP.
Solutions
Choose one of the following solutions based on your requirements.
Solution 1: Add security group rules for FTP
After you set up an FTP site on a Windows ECS instance, you must add an inbound rule to the security group of the instance. This rule must allow access to port 21. The rule must also allow access to the port range from 1024 to 65535, which may be used by the FTP server in passive mode. For more information, see Add a security group rule.
For more information about security group configurations, see Security group application guide and use cases and Common ports.
Solution 2: Configure firewall support for FTP
If the firewall is enabled, you must configure IIS Manager to allow the FTP service to use TCP port 21 and the port range from 1024 to 65535. To do so, perform the following steps:
The internal firewall of a Windows ECS instance is disabled by default.
This topic uses IIS Manager as an example.
Remotely connect to the Windows instance.
For more information, see Log on to a Windows instance using a password or key.
Open IIS Manager. Double-click FTP Firewall Support to open its configuration page.
Configure the parameters and click Apply.
NoteThe parameters are described as follows:
External IP Address of Firewall: Enter the public IP address of the Windows ECS instance.
Data Channel Port Range: The range of ports for passive connections. The valid port range is 1025 to 65535. Set the range based on your requirements. In this example, the port range is set to 1024 to 65535.
Open the command line and run the following command to restart the FTP service. This ensures that the new configuration overwrites the existing configuration for each FTP site.
net stop ftpsvc&net start ftpsvc(Optional) If you can access the FTP server from the local machine but not from other machines after the FTP server is configured, the issue is caused by an incorrect firewall configuration. Perform the following steps to configure the firewall:
First, check the inbound rules in Server Manager to ensure that the FTP server is enabled.
Add the Windows Service host process to the firewall rules.
Open Control Panel > Windows Firewall. In the left pane, click Allow an App or Feature Through Windows Firewall.
In the new window, click Allow Another App.... Click Browse, locate and open
C:\Windows\System32\svchost.exeto add the Service host process.A Windows Service Host Process item appears. Select the Private and Public checkboxes, and then click OK.
What do I do if I receive a "530 Login incorrect" error when I connect to the FTP server on an ECS instance that runs Windows?
Symptom
When you connect to the FTP server on a Windows ECS instance, the following error message is displayed.
Response: 331 Please specify the password.
Command: PASS ************
Response: 530 Login incorrect.
Error: Critical error: Could not connect to serverCause
This issue may occur for the following reasons:
The FTP password is incorrect: For more information, see Solution 1: Change the FTP password.
The FTP user permissions are configured incorrectly: For more information, see Solution 2: Add FTP user permissions.
Solutions
Choose one of the following solutions based on your requirements.
Solution 1: Change the FTP password
Remotely connect to the Windows instance.
For more information, see Log on to a Windows instance using a password or key.
On the desktop, right-click Computer and select Manage to open Server Manager.
In the navigation pane on the left, click Local Users and Groups > Users. Right-click the FTP account and select Set Password.
Solution 2: Add FTP user permissions
Remotely connect to the Windows instance.
For more information, see Log on to a Windows instance using a password or key.
Check whether the directory for the FTP user exists.
If the directory does not exist, see Step 3: Set permissions for shared files to re-create the directory for the FTP user and add the required permissions.
If the file exists, right-click the folder and select Properties > Security. Then, select the FTP account and add the required permissions.
What do I do if I receive a "530 valid hostname is expected" error when I connect to the FTP server on an ECS instance that runs Windows?
Symptom
After you attach a domain name to an FTP site that is configured in IIS 7.5, a "530 valid hostname is expected" or "503 Login with USER first" error is reported when you connect to the FTP server on the Windows ECS instance using an IP address or other methods.
Cause
This issue occurs because the logon format is incorrect after you attach a domain name to an FTP site that is configured in IIS 7.5.
Solution
If the domain name attached to the FTP site is www.example.com and the username is user, you must use the www.example.com|user format to log on.
The separator is a pipe symbol (|).
Alternatively, you can remove the domain name attachment and log on using only the username. The following figure shows how to perform this operation.
What do I do if uploading a file to FileZilla Server using FTP on an ECS instance that runs Windows fails with a "550 Permission denied" error?
Symptom
When you upload a file to FileZilla Server using FTP on a Windows ECS instance, a "550 Permission denied" error is reported.
Cause
The FTP account in FileZilla Server does not have the write permission.
Solution
Remotely connect to the Windows instance.
For more information, see Log on to a Windows instance using a password or key.
Run the FileZilla Server software. On the Users page, select Shared folders.
Select the user and directory. Select the Write check box and click OK to grant the permission.
How do I handle the "534 Policy requires SSL" message when I connect to an FTP site created by the IIS service on a Windows instance using FTP over TLS?
Description
When you use FTP over TLS to connect to an FTP site that is created by the IIS service on a Windows instance, a "534 Policy requires SSL" error is reported and the connection fails.
The following figure shows an example of the error message.
Cause
The response message "534 Local policy on server does not allow TLS secure connections." indicates that the issue is caused by an incorrect FTP SSL Settings parameter for the FTP site.
Solution
Remotely connect to the Windows instance.
For more information, see Connection methods.
In the lower-left corner of the desktop, choose
> Windows Administrative Tools > Internet Information Services (IIS) Manager.In the FTP area of the FTP homepage, double-click FTP SSL Settings.
In the FTP SSL Settings section, set SSL Policy to Allow SSL connections. In the Actions pane, click Apply.
Try to access the FTP site again.
What do I do if I receive a "425 Security:Bad IP connection" error when I upload a file to an FTP site on an ECS instance that runs Linux?
Symptom
When a user uploads a file to an FTP site on a Linux ECS instance, a "425 Security:Bad IP connection" error is reported.
Cause
This issue usually occurs because the client is in a Network Address Translation (NAT) network that is associated with more than one public IP address. This causes the source IP address to be inconsistent between the control connection and the data connection, which results in the error.
The FTP service uses two simultaneous connections: a control connection and a data connection. By default, the FTP server checks whether the source IP addresses of the two connections are the same during data transmission. If the IP addresses are different, a "425 Security:Bad IP connection" error is reported.
Solution
Perform the following steps to disable the IP security check in passive mode.
Remotely connect to the Linux instance.
For more information, see Log on to a Linux instance using a password or key.
Edit the FTP configuration file.
vi /etc/vsftpd/vsftpd.confPress the
ikey to enter edit mode. Add the following content to the configuration file.pasv_promiscuous=yesAfter you finish editing, press the
Esckey to exit edit mode. Then, enter:wqand press the Enter key to save the changes and exit.Restart the FTP service.
systemctl restart vsftpd
What do I do if uploading a file using vsftp on an ECS instance that runs Linux fails with a "553 Could not create file" error?
Symptom
Uploading a file using vsftp on a Linux ECS instance fails with a "553 Could not create file" error.
Cause
This issue may occur for the following reasons:
The disk space of the Linux instance is full.
The FTP
homedirectory does not have thewritepermission.
Solution
Perform the following steps to check the disk space of the Linux instance and the permissions of the FTP home directory.
Remotely connect to the Linux instance.
For more information, see Log on to a Linux instance using a password or key.
Check if the file failed to upload due to insufficient disk space on the Linux instance.
df -hNoteA disk partition is considered full when its space usage reaches 100%.
In the following example, the space usage of the
/dev/xvda1partition is 59%.
Check whether the FTP
homedirectory has thewritepermission.NoteBefore you run the following command, replace
/home/userwith the actual FTPhomedirectory.ls -l /home/userIf the permissions shown in the red box in the following figure do not include
w, you do not have thewritepermission.
Add the
writepermission.chmod +w /home/userRun the following command. If the command output contains
w, thewritepermission is granted.ls -l /home/user