How can I resolve the "Cannot initialize SFTP Protocol" error when I connect to an AWS Transfer Family SFTP-enabled server?

2 minute read
0

I created an AWS Transfer Family SFTP-enabled server. Then, I created a server user and I added a public key to the user. However, when the user connects to the server using WinSCP, they get the error message "Cannot initialize SFTP Protocol. Is the host running an SFTP server?" How can I fix this? Note: This error message varies across SFTP clients. For example, if you're using Cyberduck, the error is "EOF while reading packet. Please contact your web hosting service provider for assistance." If you're using OpenSSH, the error is "Exit status 1 (Connection closed)."

Resolution

This error typically occurs when the logging role of your AWS Transfer Family server is configured incorrectly. To resolve the error, confirm that the AWS Transfer Family service has permission to assume the logging role that's associated with your server. Verify that the logging role's trust policy allows "Action": "sts:AssumeRole" for the Principal "Service": "transfer.amazonaws.com", similar to the following example statement:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Service": "transfer.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

AWS OFFICIAL
AWS OFFICIALUpdated 3 years ago