Trying to transfer files to my webserver using WinSCP. But am getting an “Error code: 3” and “Permission denied” after successfully connecting to my instance. Can you please fix it?
That was a recent request received in Technical Support Services from one of our Amazon EC2 customer.
WinSCP is one the free method to securely transfer files between a home computer and server. Today, in this write up we’ll see how Bobcares’ Engineers fixed the “EC2 WinSCP permission denied” error.
More about EC2 and WinSCP
Before proceeding further, let’s get a quick idea on WinSCP and EC2 instance.
Amazon Elastic Compute Cloud forms the central part of Amazon’s cloud-computing solutions. In today’s world of cloud hosting, its a normal practice to set up servers and websites on cloud instances. Naturally, there is a need to transfer files to these EC2 instances too.
Although Amazon EC2 support many access methods, WinSCP remains a popular choice. The primary requirement of users will be to just transfer the files to the instance across the network using the ssh (secure shell) encrypted protocol. Thus, it will be more easy to use WinSCP than methods like Putty, that involves direct configuration edits.
Moreover, WinSCP fits in the Windows environment and it readily integrates features such as drag-and-drop, shortcuts, and URLs. Additionally, WinSCP include security features like encrypted password storage too.
That’s why, accessing EC2 instance via WinSCP is one of the methods that our Support Engineers suggest to newbies in Cloud Hosting.
Reasons for EC2 WinSCP permission denied error
From our experience in managing servers, any errors can put WinSCP users on pins and needles. Now, its time to see the major factors that can cause the EC2 WinSCP permission denied error.
1. Wrong WinSCP settings
Usually, a major share of EC2 WinSCP permission denied errors occur due to bad configuration settings. And, in such cases an attempt tp transfer a file results in the following error:
Permission denied Error Code: 3 Error message from server: Permission denied Request Code: 3
2. User IP block at EC2 instance
Again, users IP address blocked at the EC2 instance can also be a reason for permission denied error.
In Amazon EC2, Security groups allows you to control traffic to your instance. It can even decide the kind of traffic that can reach your instance. For example, you can allow IP addresses from only your home network to access your instance using SSH. And, when a user tries to connect from a different IP address, the instance block the user with permission denied message.
3. Wrong key pair
Amazon EC2 instances have a unique Host key fingerprint. When you connect to the instance for the first time, you will be prompted to verify server host key. However, WinSCP does not support ECDSA keys. And, when there are problems in verifying the key pair, it also results in the EC2 WinSCP permission denied error.
How we fix EC2 access using WinSCP
We already saw the top reasons for permission denied error in WinSCP. Now, its time to see how our Dedicated Engineers fix the WinSCP access.
1. Adjusting WinSCP settings
For successfully connecting to the EC2 instance, we need to uncheck the “Transfer resuming” from the preferences in WinSCP. To do this, we follow the steps below.
1) Open WinSCP.
2) Select Advanced options at bottom-left.
3)Just above Advanced options we Left click on Preferences
4) We can now see the Preferences “Radio-type” Button
5) Now in the “Confirmations” box, 4th item from the top, Transfer resuming, we remove the ‘check-mark’
6) Click OK Button.
Finally, at the WinSCP login screen, we enter the public IPv4 address for the instance, username details. The successful connection window looks something like:
2. Allow IP address
In the recent helpdesk request about WinSCP, IP block was causing the problem.
To fix problems related to IP block, we allow the user’s IP on the EC2 instance. Our Support Engineers add a rule to a security group for inbound SSH traffic over IPv4. For this, we follow the steps as:
In the navigation pane of the Amazon EC2 console, choose Instances. We select the particular instance and look at the Description tab; Here, the Security groups lists the security groups that are associated with the instance. Choose view inbound rules to display a list of the rules that are in effect for the instance.
Here, on the Inbound tab, we choose Edit, then we add rule by choosing SSH from the Type list. In the Source field, we set the customers IP by choosing Custom option. Finally click on Save option.
3. Adding correct keys
Now, let’s see how we fix problems with the key pair. We locate key fingerprint in server’s initial start log. For this we use, Actions > Get System Log command on Instances page of Amazon EC2 console.
There, we look for RSA (or DSA) key fingerprint as WinSCP does not support ECDSA keys.
Again, in WinSCP settings, we select the Advanced button to open Advanced site settings dialog and go to SSH > Authentication page.
In Private key file box we select the .pem private key file. WinSCP will need to convert the key to its .ppk format.
We submit Advanced site settings dialog with OK button.
Finally we click on Save button to save your site settings. And, the WinSCP connection with EC2 starts working fine.
[Are you getting WinSCP permission denied error? We can fix EC2 access for you.]
In a nutshell, EC2 WinSCP permission denied error mainly happens due to wrong settings, IP block and more. Today, we saw the various reasons that cause this error and how our Dedicated Engineers fix EC2 access.