SFTP Troubleshooting
Use the commands and techniques on this page to diagnose SFTP connectivity issues.
IP Verification
Before troubleshooting firewall or whitelist issues, confirm the public IP address of the machine that is connecting to the SFTP server.
Browser:
Visit https://checkip.amazonaws.com in any web browser.
Linux / macOS:
curl https://checkip.amazonaws.com
Windows PowerShell:
(Invoke-WebRequest -Uri "https://checkip.amazonaws.com").Content
Port Connectivity Testing
Test whether the SFTP port is reachable from your machine.
Linux / macOS:
nc -zv {server_ip} 22
Windows PowerShell:
Test-NetConnection -ComputerName {server_ip} -Port 22
All platforms:
ping {server_ip}
Interpreting Results
| Result | Meaning |
|---|---|
| Port is open / connection succeeded | The SFTP service is reachable. The issue is likely authentication-related. See SFTP Errors. |
| Connection refused | The server is reachable, but no SFTP service is listening on port 22. Verify the SFTP service is running. |
| Timed out | The client IP address is not whitelisted on the server firewall, or a network-level firewall is blocking the connection. |
Debug Logging
Enable verbose logging in your SFTP client to capture detailed connection information for troubleshooting.
OpenSSH (Linux / macOS)
Standard verbosity:
ssh -i "path/to/key.pem" user@hostname -v
Maximum verbosity:
ssh -i "path/to/key.pem" user@hostname -vvv
WinSCP
Launch WinSCP with logging enabled:
WinSCP.exe /log="path/to/logfile.log" /loglevel=5
Or enable logging from within the application: Options > Logging > set log level to Debug.
PuTTY
Use the plink command-line tool with verbose output:
plink -i "path/to/key.ppk" user@hostname -v
GUI Clients
Most GUI SFTP clients provide a logging or debug option in their settings:
| Client | Path to Logging |
|---|---|
| WinSCP | Options > Logging |
| Transmit | Options > Logging |
| FileZilla | Edit > Settings > Logging |
| Cyberduck | Preferences > Connection > Log |
| FTPRush | Options > Logging |
Set the log level to Debug for the most detailed output.
Windows Private Key Security
On Windows, the private key file must be restricted so that only your user account can read it. Run the following commands in PowerShell or Command Prompt:
icacls "%USERPROFILE%\.ssh\key.ppk" /inheritance:r
icacls "%USERPROFILE%\.ssh\key.ppk" /grant:r "%username%:(R)"
The first command removes inherited permissions. The second grants read-only access to your user account. Replace key.ppk with the actual filename of your private key.
Contacting Support
If you are unable to resolve the issue, contact the eCourtDate team at help@ecourtdate.com.
Please include the following in your support request:
- Server IP -- The IP address or hostname of the remote SFTP server.
- Client IP addresses -- The public IP of the machine or service connecting to the server.
- Error messages -- The full text of any error messages you are seeing.
- SFTP client used -- The name and version of the SFTP client (e.g., OpenSSH 9.0, WinSCP 6.1, PuTTY 0.79).
- Debug logs -- Attach or paste the relevant debug log output.
Important: Before sharing logs, remove or redact any passwords and private key contents. Never include private key material in support requests.
Need help? Contact the eCourtDate team at help@ecourtdate.com.