Cannot Connect to SSH2 (SFTP) Sites

CuteFTP supports SFTP, which is a secure service provided by the SSH2 host, in which the server both encrypts the data and handles the file transfer. This should not be confused with FTP over SSH2, in which the SSH2 uses port forwarding to forward standard FTP transactions over an encrypted tunnel, with the actual file transfer being handled by a separate (and non-secure) FTP server.

SSH2 connections will fail if the client or server is not properly configured. If you are having difficulty connecting to your SFTP server, try the following:

SSH2 Connection Checklist

  1. Verify that the server you are connecting to supports SFTP connections.

  2. Verify the connection port. SFTP usually occurs over port 22.

  3. Try toggling the compression options in the SSH2 Security page.

  4. Verify the authentication mechanism supported and required by the server. It may require password, public key (identity file), or both (see note below).

  5. If public key authentication is required, be sure to provide a copy of the public key you created to the server's administrator, as it must be in the server's trusted list in order for you to connect.

  6. If the server administrator created a public key for you, be sure to replace your existing one with it and select the provided key from within the SSH2Security page.

  7. Copy the connection log to a text file or email message to assist in troubleshooting when contacting your FTP or Web service provider or the Globalscape support team.

Public key authentication

To use public key authentication, you must send your public key to the server administrator before making an SSH2 connection. If the server is running OpenSSH, convert the public key as described below.

To convert the public key

  1. Create an identity file in the client.

  2. Send the public key (Identity.pub) to the server administrator (via FTP, e-mail, etc.)

  3. The server administrator must convert the public key to OpenSSH, check it with wordcount, and add it to authorized_keys.

Command sequence:

ssh-keygen -i -f Identity.pub > sshpub

wc sshpub

cat sshpub > ~\.ssh\authorized_keys

Wordcount should return a "1" as the first number. OpenSSH is going to ask for the identity files password the first time you log in. If CuteFTP fails to connect, contact our support team and provide the kernel version, OpenSSH build, and the CuteFTP build number. The CuteFTP build number appears in the About dialog box. (On the main menu, click Help, then click About.)