SSH login works but SFTP login doesn’t

I already saw this thread, but it didn't answer my question because it has been left for dead.

As the title says, when I log into my VPS with putty, everything works fine. But when connecting with FileZilla through SFTP, I always get an error : Authentication failed, cannot establish connection to the server (roughly translated).
I am using the right settings in FileZilla because I only got this error 3 days ago and it used to work fine before : SFTP through port 22.

Here is an iptables -L :
(TL;DR : accept everything in and out on ports 20, 21 and 22, and passive inbound connections on ports 1024+)

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ftp ctstate ESTABLISHED /* Allow ftp connections on port 21 */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ftp-data ctstate RELATED,ESTABLISHED /* Allow ftp connections on port 20 */
ACCEPT     tcp  --  anywhere             anywhere             tcp spts:1024:65535 dpts:1024:65535 ctstate ESTABLISHED /* Allow passive inbound connections */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh ctstate ESTABLISHED /* Allow ftp connections on port 22 */

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ftp ctstate NEW,ESTABLISHED /* Allow ftp connections on port 21 */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ftp-data ctstate ESTABLISHED /* Allow ftp connections on port 20 */
ACCEPT     tcp  --  anywhere             anywhere             tcp spts:1024:65535 dpts:1024:65535 ctstate RELATED,ESTABLISHED /* Allow passive inbound connections */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh ctstate ESTABLISHED /* Allow ftp connections on port 22 */

I did set this manually in case that was the source of my problems, but nothing changed.

I also set PasswordAuthentication yes and LogLevel DEBUG as the previous thread suggested as well, but nothing changed neither after restarting sshd.
Here is what I get in /var/log/auth.log when I try to connect with FileZilla : literally nothing related to SFTP login.
It only contains stuff about me doing sudos to access the file.

I don't know whether it comes from FileZilla because auth.log shows nothing related to SFTP connection, or it comes from sshd configuration just ignoring SFTP requests.
I can't seem to find anything to help me, do you have any suggestions ?

Thank you for your time reading this.

Best Answer

After looking over your iptables -L. I think you have a firewall issue on the server side. the

ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh ctstate ESTABLISHED

The ESTABLISHED usually means for connections that are active or already established.

Add this line in your iptables

sudo iptables -A INPUT -p tcp --dport ssh -j ACCEPT

For easy guide to iptables I like this HOW TO and here is an explanation

or you can try a

sudo sh -c "iptables-save > /etc/iptables.rules"
sudo iptables -F

test your connection then you can restore your rules with

iptables-restore < /etc/iptables.rules

Best Answer

Related Solutions

Ssh – iptables rules to block ssh remote forwarded ports

Firewall – TCP port > 1023 or TCP port > 1024 for inbound passive ftp traffic

Related Topic