Although SFTP is an easy-to-use and secure file transfer protocol, many people frequently face one of the most infamous SFTP errors, the "SFTP permission denied."

Every bit the fault output reads, this effect is due to the lack of permissions to access a file or directory. Generally, you would withal have access to the SFTP server via SSH, but you won't be able to alter a specific file or directory. Some other like error bulletin is the "SFTP permission denied (public key)," where you won't fifty-fifty be able to access the server via SFTP or SSH.

In this mail service, nosotros'll go through the two cases. Showtime, we'll acquire to cheque and update the user/grouping file/folder permissions, and second, nosotros'll figure out why nosotros are getting authentication/admission permission denied due to the public central.

To illustrate a clearer picture of the "sftp permission denied" error scenario, we'll use an AWS EC2, Ubuntu (Focal-20.04-amd64-server). We volition use the default user "ubuntu" and add together a new sftp01 user. By default, AWS doesn't grant "root" SSH admission to the EC2 instances due to security'south all-time practices.

i. The "SFTP permission denied" error

Regardless of which SFTP client you use, when you SFTP into a server and try to replace, edit, delete, or overwrite a file or directory, y'all get "an SFTP permission denied" error message.

An instance:

Cannot create remote file 'ver'.
Permission denied.
Mistake code: three
Error message from server: Permission denied

In Windows, while using an SFTP client, like WinSCP or FileZilla, the message looks like this:

Error Message: SFTP permission denied

Generally, y'all are successfully connecting via SFTP or SSH with the same user, but yous can't modify, change, or overwrite the file via SFTP. Merely if you cannot even connect via SFTP or SSH, you might exist getting a similar mistake message that reads "SFTP permission denied (public fundamental)".

The reason for these error letters is more often than not due to incorrect or lack of permissions. For example, you lot might accept read, write, execute permissions on your local file (or folder), but the remote binder (or file) might not exist accepting your actions (read, write, or execute).

File permissions 101

Since this error is most probable related to incorrect permissions, you'll have to figure out why you don't have the authorization to edit, alter, or upload a file or directory.

  • Log in to the SFTP server using SSH and utilize the command "$ whoami" to see your username.
  • Suppose the user logged in to the SFTP server does not have the necessary permissions (such as read command, "ls") to a specific directory or file. In that case, y'all'll become a message similar: "ls: cannot open directory '/root': Permission denied".

For security reasons, some deject providers like AWS split up root access from other users. In this example, my "ubuntu" user does not accept access to the root user's folder. This is only because both users belong to different groups with unlike permissions.

ubuntu Permission denied

  • Utilize "$ls -l" to get a long detailed list of files, directories, and permissions. This command volition aid you see whether your user (inside a grouping) has the right permissions to a file. The below screenshot shows the output of this command.

Output of $ls -l command

  • The relevant output columns:
    • (ane)-Permission level The get-go character, (50 or d), represents a symbolic link or directory, while (-) represents a regular file. The next fix of three characters (rwx, where: r=read, w=write, x=execute, and – = no permission) represent user permissions, the next three represent group permissions, and the last 3 characters are "others" permissions.
    • (2, 3)-User and group The next column (two and 3) represents the file or directory owner and the group.
    • (4) – Proper name of the file, directory, or symbolic link.

So, what we tin can get from the output is that the file (-) "test.txt" belongs to the user/group (ubuntu/ubuntu). Every bit for the permission level, "-rw-rw-r—" the "user" and "group" tin both read and write, while all others tin only read.

  • To troubleshoot the SFTP permission denied, you lot'll need to decide if your "other" user belongs to the group with read and write (rw) permissions (for instance, "ubuntu" in this example).
  • Use the "$ groups" command to see the group your current user is associated with. So, in this example, the user "ubuntu" does not belong to the "root" group, and so it does not have access to /root binder, as initially stated. The "sudo" group is the i granting elevated privileges.

$ groups command

Solutions: How to ready the SFTP permission denied?

And so now that we know how to bank check users, groups, and their file/folder permissions, permit'due south solve the "SFTP permission denied" error. Carry in mind that the bulk of commands here crave higher privilege to execute.

The command (ls -l) is handy to let you see the permissions of the target directory or file. If the file or directory belongs to some other user, group or it does not permit either writing (for case, drwxr-xr-x) for the group and other users, you lot'll demand to grant the right set of permissions.

Solution 1. Assign the user without permission to a grouping with permissions to the file or directory

Use the (ls- fifty) command to run into the possessor and group a file belongs to. If it belongs to a different group your user does not belong to, yous'll need to assign your user to this group.

Use the following command to assign your user to the group permission instead of reading and writing (rw). Afterwards doing this, attempt SFTP again.

  • $ sudo usermod -a -Grand [target group] $USER

Solution 2. Use the (chown) command to change ownership of the single file or directory

Rather than assign a new group to your user, you can modify the ownership of a file or directory. For example, permit's say the "sftp01" user gets an SFTP permission denied every time information technology wants to edit or overwrite the "test01.txt" file. To run across who owns this specific file, go to the folder where yous are getting the sftp permission denied and exercise a (ls -l), then use (chown) to change the ownership.

  • $ sudo chown [user] [file]

chown command to change ownership of the single file or directory

NOTE: If yous are working under an admin or root role, exist careful not to change the entire ownership of a directory and subdirectory with -R recursive ownership, as this can bear upon access and authentication to the SFTP server (nosotros'll become to this later).

Solution three. Grant the advisable permission

Use the "chmod" command to modify the file or directory permissions. The suggested permission levels when using the chmod are 755 for file and 644 for directory permission.

  • chmod 755: Read and execute access for everyone. Read, write, and execute access for the owner of the file. For case, when y'all do a "$chmod 755 examplefile", yous allow everyone to read and perform the file, while only the owner is entitled to read, write, and execute the file.
  • chmod 777: Employ the chmod 777 (-rwxrwxrwx) if yous want to allow everyone, including the owner, grouping, and others, to read, write, and execute. Granting this level of "openness" is not a adept security practice, but you can use information technology for testing purposes.
  • chmod 644: The user (or owner) can read, write just can't execute. The group and others tin can read simply can't write and execute. This command is suggested for directories.

The "$sudo chmod 775 [filename]" command will change the permission structure of the file. Every bit mentioned above, with (-rwxrwxr-10) (775), the file will exist readable and executable by everyone (r-x) "others".

$sudo chmod 775 [filename] command

Use Recursive to add permission subdirectories as well

You can use the "sudo chmod -R [mode] [file or directory]". The [-R] changes files and directories recursively, so use this with intendance.  It allowss the user to read, write, or execute to all sub-directories and files.

Solution 4. Permission denied due to failed authentication

Another variation for the SFTP permission denied is due to authentication. You can't even access your SFTP server from the SFTP client. If yous become the "Permission denied (public key)," you won't be able to access and authenticate to the server via SSH.

Permission denied due to failed authentication

To solve this issue, try the post-obit:

  • Bank check your username Yous might be using the incorrect username, simply correct public fundamental and thus get the permission denied fault. Cheque whether you are using the right username in your SFTP customer. But even so, if the username is correct but is not authorized to use the central, you'll as well get permission denied (public fundamental).
  • Permissions at the server are incorrect This is considering the permission to the files under the home directory inverse. Users might be locked out if the "authorized_keys" (under /.ssh/authorized_keys, for Linux Ubuntu) file permission or ownership changed. An admin has to log in with root admission or connect via the serial console to adjust the home directory file permissions. As mentioned earlier, applying "chmod -R" incorrectly can affect all home directory subdirectories, including .ssh and authorized_keys files.
  • Check the SSH public key (.pub) on the local computer Brand certain you are using the correct public key in the authorized_keys file. To add together a new public key to an SFTP customer with FileZilla. Get to Settings > Connection > SFTP > click on "Add key file…" Browse through your local files and import the correct primal.

import the right key

Configuring permissions with culling SFTP server tools

one. SolarWinds SFTP/SCP Server – Complimentary TOOL

Solarwinds SFTP/SCP server

The Solarwinds SFTP/SCP server is a gratuitous tool for reliable and secure file transfers. It is easy to apply, light and runs as a Windows service. In addition, SFTP provides avant-garde SFTP features such as concurrent transfers from multiple devices or limits access past authorizing a specific or range of IPs.

This tool pushes Os images, configuration files, updates, backup files, or transfer files up to 4GB. In addition, this SFTP server provides primary authentication admission to the server and only allows i folder for all users.

Website Link: https://www.solarwinds.com/free-tools/free-sftp-server

Free Download!

2. SolarWinds Serv-U FTP/MFT Server – FREE TRIAL

SolarWinds Serv-U-FTP-MFT-Server

The SolarWinds Serv-U FTP/MFT Server is a more than advanced SFTP server that lets yous handle large and multiple file transfers. It supports up to 250 users, 100 concurrent sessions, up to 3 domains and allows a fine-grained admission control over those resources.

With Serv-U, you can hands modify and update user and folder admission and permissions. In addition, information technology provides a directory access rule-based command that allows you to change permissions on files and directories.

SolarWinds Serv-U FTP/MFT Server

Website Link: https://world wide web.solarwinds.com/serv-u-managed-file-transfer-server

Download 14-day Free Trial!

Concluding Words

The "SFTP permission denied" error message occurs when your SFTP server doesn't permit your user (inside a group) to change or overwrite a file or directory. To solve this, you'll have to SSH into the SFTP server, find the file/directory and identify its current permission style and ownership. So, you'll take to change the permissions as specified in this post. The 2d SFTP permission denied (public key) message occurs when yous are logging with an incorrect user, public central, or the user doesn't take the necessary permission to access the fundamental file in the server.

Alternatively, y'all tin employ an SFTP server such every bit SolarWinds Serv-U FTP/MFT Server, which gives you more flexibility when configuring permissions. This tool will help y'all avoid the "SFTP permission denied" and fix it for all the SFTP users.