Although SFTP is an easy-to-apply and secure file transfer protocol, many people frequently face one of the virtually infamous SFTP errors, the "SFTP permission denied."

Every bit the error output reads, this issue is due to the lack of permissions to admission a file or directory. Mostly, you would still have access to the SFTP server via SSH, simply you won't be able to modify a specific file or directory. Some other like error message is the "SFTP permission denied (public key)," where y'all won't even be able to access the server via SFTP or SSH.

In this postal service, we'll go through the two cases. Start, we'll learn to check and update the user/grouping file/binder permissions, and second, we'll figure out why we are getting authentication/access permission denied due to the public key.

To illustrate a clearer picture of the "sftp permission denied" fault scenario, we'll use an AWS EC2, Ubuntu (Focal-twenty.04-amd64-server). We will use the default user "ubuntu" and add together a new sftp01 user. Past default, AWS doesn't grant "root" SSH access to the EC2 instances due to security'due south best practices.

one. The "SFTP permission denied" fault

Regardless of which SFTP customer you use, when you SFTP into a server and attempt to supplant, edit, delete, or overwrite a file or directory, you lot get "an SFTP permission denied" fault bulletin.

An example:

Cannot create remote file 'ver'.
Permission denied.
Error code: 3
Error message from server: Permission denied

In Windows, while using an SFTP client, similar WinSCP or FileZilla, the message looks similar this:

Error Message: SFTP permission denied

Generally, you are successfully connecting via SFTP or SSH with the aforementioned user, but you lot tin can't change, change, or overwrite the file via SFTP. But if you cannot even connect via SFTP or SSH, y'all might be getting a similar mistake message that reads "SFTP permission denied (public key)".

The reason for these error messages is generally due to incorrect or lack of permissions. For example, you might have read, write, execute permissions on your local file (or binder), but the remote folder (or file) might not be accepting your deportment (read, write, or execute).

File permissions 101

Since this error is well-nigh probable related to incorrect permissions, you'll take to figure out why you don't accept the authorization to edit, change, or upload a file or directory.

  • Log in to the SFTP server using SSH and use the control "$ whoami" to see your username.
  • Suppose the user logged in to the SFTP server does not have the necessary permissions (such every bit read control, "ls") to a specific directory or file. In that instance, you lot'll go a message like: "ls: cannot open up directory '/root': Permission denied".

For security reasons, some cloud providers like AWS split root access from other users. In this case, my "ubuntu" user does not have admission to the root user'southward folder. This is just because both users belong to different groups with different permissions.

ubuntu Permission denied

  • Apply "$ls -50" to get a long detailed list of files, directories, and permissions. This command will help y'all see whether your user (within a group) has the correct permissions to a file. The below screenshot shows the output of this command.

Output of $ls -l command

  • The relevant output columns:
    • (ane)-Permission level The outset grapheme, (fifty or d), represents a symbolic link or directory, while (-) represents a regular file. The next ready of three characters (rwx, where: r=read, due west=write, x=execute, and – = no permission) represent user permissions, the adjacent iii represent grouping permissions, and the last three characters are "others" permissions.
    • (2, three)-User and group The next cavalcade (2 and 3) represents the file or directory possessor and the group.
    • (four) – Proper noun of the file, directory, or symbolic link.

And then, what we tin get from the output is that the file (-) "exam.txt" belongs to the user/group (ubuntu/ubuntu). Equally for the permission level, "-rw-rw-r—" the "user" and "group" tin both read and write, while all others can merely read.

  • To troubleshoot the SFTP permission denied, you'll demand to decide if your "other" user belongs to the grouping with read and write (rw) permissions (for instance, "ubuntu" in this case).
  • Use the "$ groups" control to come across the group your current user is associated with. So, in this example, the user "ubuntu" does not belong to the "root" group, so it does not have access to /root binder, as initially stated. The "sudo" grouping is the one granting elevated privileges.

$ groups command

Solutions: How to prepare the SFTP permission denied?

So now that nosotros know how to cheque users, groups, and their file/folder permissions, let's solve the "SFTP permission denied" error. Bear in mind that the majority of commands here require college privilege to execute.

The control (ls -fifty) is handy to permit y'all encounter the permissions of the target directory or file. If the file or directory belongs to another user, group or it does non allow either writing (for instance, drwxr-xr-x) for the grouping and other users, yous'll need to grant the right gear up of permissions.

Solution 1. Assign the user without permission to a group with permissions to the file or directory

Use the (ls- l) command to run across the owner and group a file belongs to. If it belongs to a dissimilar group your user does not belong to, you'll need to assign your user to this grouping.

Use the following command to assign your user to the group permission instead of reading and writing (rw). After doing this, try SFTP again.

  • $ sudo usermod -a -G [target grouping] $USER

Solution 2. Use the (chown) command to change buying of the single file or directory

Rather than assign a new grouping to your user, you lot tin change the buying of a file or directory. For instance, let's say the "sftp01" user gets an SFTP permission denied every fourth dimension it wants to edit or overwrite the "test01.txt" file. To see who owns this specific file, go to the folder where you lot are getting the sftp permission denied and practice a (ls -fifty), then use (chown) to change the ownership.

  • $ sudo chown [user] [file]

chown command to change ownership of the single file or directory

Notation: If you are working under an admin or root role, exist careful not to modify the entire buying of a directory and subdirectory with -R recursive ownership, every bit this tin affect access and hallmark to the SFTP server (we'll get to this later).

Solution 3. Grant the appropriate permission

Use the "chmod" command to change the file or directory permissions. The suggested permission levels when using the chmod are 755 for file and 644 for directory permission.

  • chmod 755: Read and execute access for everyone. Read, write, and execute access for the possessor of the file. For case, when you do a "$chmod 755 examplefile", y'all let everyone to read and perform the file, while only the owner is entitled to read, write, and execute the file.
  • chmod 777: Utilize the chmod 777 (-rwxrwxrwx) if you desire to allow everyone, including the possessor, group, and others, to read, write, and execute. Granting this level of "openness" is non a good security practice, merely you can use information technology for testing purposes.
  • chmod 644: The user (or owner) can read, write but can't execute. The group and others tin read but tin can't write and execute. This command is suggested for directories.

The "$sudo chmod 775 [filename]" control will alter the permission structure of the file. As mentioned above, with (-rwxrwxr-10) (775), the file will be readable and executable by anybody (r-ten) "others".

$sudo chmod 775 [filename] command

Use Recursive to add permission subdirectories besides

You tin can use the "sudo chmod -R [style] [file or directory]". The [-R] changes files and directories recursively, so use this with care.  Information technology allowss the user to read, write, or execute to all sub-directories and files.

Solution four. Permission denied due to failed authentication

Another variation for the SFTP permission denied is due to authentication. You tin't fifty-fifty access your SFTP server from the SFTP client. If you get the "Permission denied (public key)," you lot won't exist able to admission and authenticate to the server via SSH.

Permission denied due to failed authentication

To solve this result, effort the following:

  • Check your username Y'all might be using the incorrect username, but correct public primal and thus get the permission denied error. Check whether you are using the correct username in your SFTP client. But still, if the username is correct simply is not authorized to use the key, you'll besides get permission denied (public primal).
  • Permissions at the server are wrong This is because the permission to the files nether the dwelling house directory changed. Users might be locked out if the "authorized_keys" (under /.ssh/authorized_keys, for Linux Ubuntu) file permission or ownership inverse. An admin has to log in with root admission or connect via the serial console to arrange the home directory file permissions. As mentioned earlier, applying "chmod -R" incorrectly can impact all habitation directory subdirectories, including .ssh and authorized_keys files.
  • Cheque the SSH public central (.pub) on the local figurer Brand sure you are using the correct public central in the authorized_keys file. To add together a new public fundamental to an SFTP client with FileZilla. Get to Settings > Connection > SFTP > click on "Add central file…" Scan through your local files and import the right key.

import the right key

Configuring permissions with alternative SFTP server tools

1. SolarWinds SFTP/SCP Server – FREE TOOL

Solarwinds SFTP/SCP server

The Solarwinds SFTP/SCP server is a free tool for reliable and secure file transfers. It is like shooting fish in a barrel to utilise, light and runs every bit a Windows service. In addition, SFTP provides advanced SFTP features such as concurrent transfers from multiple devices or limits access by authorizing a specific or range of IPs.

This tool pushes OS images, configuration files, updates, backup files, or transfer files up to 4GB. In improver, this SFTP server provides chief hallmark access to the server and only allows one folder for all users.

Website Link: https://www.solarwinds.com/free-tools/gratuitous-sftp-server

Complimentary Download!

two. SolarWinds Serv-U FTP/MFT Server – FREE TRIAL

SolarWinds Serv-U-FTP-MFT-Server

The SolarWinds Serv-U FTP/MFT Server is a more advanced SFTP server that lets y'all handle large and multiple file transfers. Information technology supports up to 250 users, 100 concurrent sessions, up to 3 domains and allows a fine-grained access control over those resources.

With Serv-U, you lot can easily change and update user and binder access and permissions. In improver, it provides a directory access rule-based command that allows you to modify permissions on files and directories.

SolarWinds Serv-U FTP/MFT Server

Website Link: https://world wide web.solarwinds.com/serv-u-managed-file-transfer-server

Download 14-day Free Trial!

Final Words

The "SFTP permission denied" mistake bulletin occurs when your SFTP server doesn't allow your user (within a group) to modify or overwrite a file or directory. To solve this, you'll have to SSH into the SFTP server, find the file/directory and place its current permission mode and buying. So, you'll have to alter the permissions every bit specified in this mail service. The second SFTP permission denied (public fundamental) message occurs when you are logging with an wrong user, public key, or the user doesn't have the necessary permission to access the key file in the server.

Alternatively, you tin utilise an SFTP server such as SolarWinds Serv-U FTP/MFT Server, which gives you more flexibility when configuring permissions. This tool will assist you avoid the "SFTP permission denied" and ready it for all the SFTP users.