Hello,
how can I access my web service disk using SFTP?
Hi there,
Thanks for reaching out.
SFTP doesn’t work over https, it works over SSH. First you would need to add your SSH key to your Render account.
Next you would use the SSH connection details from the “Connect” button at the top of your service. The format of the details is:
ssh <user>@<host>
You would use those values in the corresponding boxes in the UI screenshot you shared. The key file would be a path to the SSH private key you have created on your local machine. The port is the SSH default of 22.
Hope that helps
Kind regards
Alan
thanks, @al_ps ,
I have done that, but something goes wrong, it is showing me this:
Error: Could not connect to server
Hi there,
I’ve tested this on a personal service and was able to connect with settings similar to the below (these are placeholder values, you’ll need to update the host, user and key file with your own details:
I’m using Filezilla, which often shows more detail in its connection logs which may that point to why the connection is failing.
Hope that helps
Alan
Are you able to connect with a normal SSH session in Putty? Using the ssh command provided in the “connect” button on the service.
I notice the logs mention an RSA key, we also have docs on RSA key issues: https://render.com/docs/ssh-troubleshooting#rsa-key-not-connecting
Alan
and here using PowerShell
it is a permission issue
BTW,
I have ran Upgrade OpenSSH on Windows through PowerShell to latest version which is 8.6 not 8.8
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$url = 'https://github.com/PowerShell/Win32-OpenSSH/releases/latest/'
$request = [System.Net.WebRequest]::Create($url)
$request.AllowAutoRedirect=$false
$response=$request.GetResponse()
$([String]$response.GetResponseHeader("Location")).Replace('tag','download') + '/OpenSSH-Win64.zip'
$([String]$response.GetResponseHeader("Location")).Replace('tag','download') + '/OpenSSH-Win32.zip'
it is the same result
I think we have full log here, showing everything:
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
debug1: Connecting to ssh.oregon.render.com [34.83.8.109] port 22.
debug1: Connection established.
debug1: identity file C:\\Users\\hanos/.ssh/id_rsa type 0
debug1: identity file C:\\Users\\hanos/.ssh/id_rsa-cert type -1
debug1: identity file C:\\Users\\hanos/.ssh/id_dsa type -1
debug1: identity file C:\\Users\\hanos/.ssh/id_dsa-cert type -1
debug1: identity file C:\\Users\\hanos/.ssh/id_ecdsa type -1
debug1: identity file C:\\Users\\hanos/.ssh/id_ecdsa-cert type -1
debug1: identity file C:\\Users\\hanos/.ssh/id_ed25519 type -1
debug1: identity file C:\\Users\\hanos/.ssh/id_ed25519-cert type -1
debug1: identity file C:\\Users\\hanos/.ssh/id_xmss type -1
debug1: identity file C:\\Users\\hanos/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.1
debug1: Remote protocol version 2.0, remote software version Go
debug1: no match: Go
debug1: Authenticating to ssh.oregon.render.com:22 as 'srv-c89rrbnd17c06t0lh20g'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-ed25519-cert-v01@openssh.com
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host certificate: ssh-ed25519-cert-v01@openssh.com SHA256:KkZPgnApmttFYSkdJsCi7B01sgZPMI6kY53MDbbanGM, serial 13832678711664753801 ID "sshproxy-2a464f8270299adb4561291d26c0a2ec1d35b2064f308ea4639dcc0db6da9c63" CA ssh-ed25519 SHA256:3I2nKyf90+clfKCECHDOj5mRHYhM+71kz05HVXwubz4 valid from 2022-02-19T01:59:48 to 2022-05-20T02:00:18
debug1: No matching CA found. Retry with plain key
debug1: Host 'ssh.oregon.render.com' is known and matches the ED25519 host key.
debug1: Found key in C:\\Users\\hanos/.ssh/known_hosts:2
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory
debug1: Will attempt key: C:\\Users\\hanos/.ssh/id_rsa RSA SHA256:XPj2BUgxzvhxq5nfLS1cHZtioh7UXSJazWgza5gfT6s
debug1: Will attempt key: C:\\Users\\hanos/.ssh/id_dsa
debug1: Will attempt key: C:\\Users\\hanos/.ssh/id_ecdsa
debug1: Will attempt key: C:\\Users\\hanos/.ssh/id_ed25519
debug1: Will attempt key: C:\\Users\\hanos/.ssh/id_xmss
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: C:\\Users\\hanos/.ssh/id_rsa RSA SHA256:XPj2BUgxzvhxq5nfLS1cHZtioh7UXSJazWgza5gfT6s
debug1: Server accepts key: C:\\Users\\hanos/.ssh/id_rsa RSA SHA256:XPj2BUgxzvhxq5nfLS1cHZtioh7UXSJazWgza5gfT6s
debug1: Authentication succeeded (publickey).
Authenticated to ssh.oregon.render.com ([34.83.8.109]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: network
debug1: ENABLE_VIRTUAL_TERMINAL_INPUT is supported. Reading the VTSequence from console
debug1: ENABLE_VIRTUAL_TERMINAL_PROCESSING is supported. Console supports the ansi parsing
debug1: channel 0: free: client-session, nchannels 1
Connection to ssh.oregon.render.com closed by remote host.
Connection to ssh.oregon.render.com closed.
Transferred: sent 3408, received 1704 bytes, in 0.4 seconds
Bytes per second: sent 7911.7, received 3955.9
debug1: Exit status -1
here anothe debug log more detailed:
C:\ssh>ssh -vvv srv-c89rrbnd17c06t0lh20g@ssh.oregon.render.com
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
debug3: Failed to open file:C:/Users/hanos/.ssh/config error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_config error:2
debug2: resolving "ssh.oregon.render.com" port 22
debug2: ssh_connect_direct
debug1: Connecting to ssh.oregon.render.com [34.83.8.109] port 22.
debug1: Connection established.
debug1: identity file C:\\Users\\hanos/.ssh/id_rsa type 0
debug3: Failed to open file:C:/Users/hanos/.ssh/id_rsa-cert error:2
debug3: Failed to open file:C:/Users/hanos/.ssh/id_rsa-cert.pub error:2
debug1: identity file C:\\Users\\hanos/.ssh/id_rsa-cert type -1
debug3: Failed to open file:C:/Users/hanos/.ssh/id_dsa error:2
debug3: Failed to open file:C:/Users/hanos/.ssh/id_dsa.pub error:2
debug1: identity file C:\\Users\\hanos/.ssh/id_dsa type -1
debug3: Failed to open file:C:/Users/hanos/.ssh/id_dsa-cert error:2
debug3: Failed to open file:C:/Users/hanos/.ssh/id_dsa-cert.pub error:2
debug1: identity file C:\\Users\\hanos/.ssh/id_dsa-cert type -1
debug3: Failed to open file:C:/Users/hanos/.ssh/id_ecdsa error:2
debug3: Failed to open file:C:/Users/hanos/.ssh/id_ecdsa.pub error:2
debug1: identity file C:\\Users\\hanos/.ssh/id_ecdsa type -1
debug3: Failed to open file:C:/Users/hanos/.ssh/id_ecdsa-cert error:2
debug3: Failed to open file:C:/Users/hanos/.ssh/id_ecdsa-cert.pub error:2
debug1: identity file C:\\Users\\hanos/.ssh/id_ecdsa-cert type -1
debug1: identity file C:\\Users\\hanos/.ssh/id_ed25519 type 3
debug3: Failed to open file:C:/Users/hanos/.ssh/id_ed25519-cert error:2
debug3: Failed to open file:C:/Users/hanos/.ssh/id_ed25519-cert.pub error:2
debug1: identity file C:\\Users\\hanos/.ssh/id_ed25519-cert type -1
debug3: Failed to open file:C:/Users/hanos/.ssh/id_xmss error:2
debug3: Failed to open file:C:/Users/hanos/.ssh/id_xmss.pub error:2
debug1: identity file C:\\Users\\hanos/.ssh/id_xmss type -1
debug3: Failed to open file:C:/Users/hanos/.ssh/id_xmss-cert error:2
debug3: Failed to open file:C:/Users/hanos/.ssh/id_xmss-cert.pub error:2
debug1: identity file C:\\Users\\hanos/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.1
debug1: Remote protocol version 2.0, remote software version Go
debug1: no match: Go
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to ssh.oregon.render.com:22 as 'srv-c89rrbnd17c06t0lh20g'
debug3: hostkeys_foreach: reading file "C:\\Users\\hanos/.ssh/known_hosts"
debug3: record_hostkey: found key type ED25519 in file C:\\Users\\hanos/.ssh/known_hosts:2
debug3: load_hostkeys: loaded 1 keys from ssh.oregon.render.com
debug3: Failed to open file:C:/Users/hanos/.ssh/known_hosts2 error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519
debug2: ciphers ctos: aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
debug2: ciphers stoc: aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
debug2: MACs ctos: hmac-sha2-256-etm@openssh.com,hmac-sha2-256
debug2: MACs stoc: hmac-sha2-256-etm@openssh.com,hmac-sha2-256
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-ed25519-cert-v01@openssh.com
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host certificate: ssh-ed25519-cert-v01@openssh.com SHA256:KkZPgnApmttFYSkdJsCi7B01sgZPMI6kY53MDbbanGM, serial 13832678711664753801 ID "sshproxy-2a464f8270299adb4561291d26c0a2ec1d35b2064f308ea4639dcc0db6da9c63" CA ssh-ed25519 SHA256:3I2nKyf90+clfKCECHDOj5mRHYhM+71kz05HVXwubz4 valid from 2022-02-19T01:59:48 to 2022-05-20T02:00:18
debug2: Server host certificate hostname: gcp-us-west1-1-sshproxy.render.com
debug2: Server host certificate hostname: ssh.oregon.render.com
debug2: Server host certificate hostname: ssh.render.com
debug3: hostkeys_foreach: reading file "C:\\Users\\hanos/.ssh/known_hosts"
debug3: record_hostkey: found key type ED25519 in file C:\\Users\\hanos/.ssh/known_hosts:2
debug3: load_hostkeys: loaded 1 keys from ssh.oregon.render.com
debug3: Failed to open file:C:/Users/hanos/.ssh/known_hosts2 error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
debug1: No matching CA found. Retry with plain key
debug1: Host 'ssh.oregon.render.com' is known and matches the ED25519 host key.
debug1: Found key in C:\\Users\\hanos/.ssh/known_hosts:2
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: C:\\Users\\hanos/.ssh/id_ed25519 ED25519 SHA256:MF0+UUoPbm23FNeRN+Td/IjYQm5I/LKBftpHAyvydfU agent
debug1: Will attempt key: C:\\Users\\hanos/.ssh/id_rsa RSA SHA256:XPj2BUgxzvhxq5nfLS1cHZtioh7UXSJazWgza5gfT6s agent
debug1: Will attempt key: C:\\Users\\hanos/.ssh/id_dsa
debug1: Will attempt key: C:\\Users\\hanos/.ssh/id_ecdsa
debug1: Will attempt key: C:\\Users\\hanos/.ssh/id_xmss
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: C:\\Users\\hanos/.ssh/id_ed25519 ED25519 SHA256:MF0+UUoPbm23FNeRN+Td/IjYQm5I/LKBftpHAyvydfU agent
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: C:\\Users\\hanos/.ssh/id_ed25519 ED25519 SHA256:MF0+UUoPbm23FNeRN+Td/IjYQm5I/LKBftpHAyvydfU agent
debug3: sign_and_send_pubkey: ED25519 SHA256:MF0+UUoPbm23FNeRN+Td/IjYQm5I/LKBftpHAyvydfU
debug3: sign_and_send_pubkey: signing using ssh-ed25519
debug3: send packet: type 50
debug3: receive packet: type 52
debug1: Authentication succeeded (publickey).
Authenticated to ssh.oregon.render.com ([34.83.8.109]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Entering interactive session.
debug1: pledge: network
debug1: ENABLE_VIRTUAL_TERMINAL_INPUT is supported. Reading the VTSequence from console
debug3: This windows OS supports conpty
debug1: ENABLE_VIRTUAL_TERMINAL_PROCESSING is supported. Console supports the ansi parsing
debug3: Successfully set console output code page from:65001 to 65001
debug3: Successfully set console input code page from:437 to 65001
debug3: send packet: type 1
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
#0 client-session (t3 nr0 i0/0 o0/0 e[write]/0 fd 4/5/6 sock -1 cc -1)
debug3: Successfully set console output code page from 65001 to 65001
debug3: Successfully set console input code page from 65001 to 437
Connection to ssh.oregon.render.com closed by remote host.
Connection to ssh.oregon.render.com closed.
Transferred: sent 2000, received 1224 bytes, in 0.8 seconds
Bytes per second: sent 2475.5, received 1515.0
debug1: Exit status -1
Hi there,
Both those log dumps seem to show successful authentication:
debug1: Authentication succeeded (publickey).
However, I suspect the session not connecting may be a configuration issue when using Windows Powershell. I’m not really a Windows user, so I’ll have to look into that issue and try and reproduce when I have access to a Windows install.
The 2 new keys in those logs look more like I would expect to see from an ssh-keygen:
C:\Users\hanos\.ssh\id_rsa
and
C:\Users\hanos\.ssh\id_ed25519
Maybe now try Filezilla with the latest key example set at the KeyFile?
Hope that helps
Alan
I have tried the other key, didn’t work
BTW, this troubleshooting guide mentioned that needs OpenSSH 8.8 or up, but in windows, the latest is 8.6
is that the reason maybe?
The troubleshooting guide you linked to refers to an issue with RSA keys with OpenSSH 8.8_+_, so it shouldn’t apply to your case:
Currently, if you are using OpenSSH 8.8 and up you will not be able to use RSA keys on Render. In this case, we recommend that you use an Ed25519 key instead.
Your last ssh log dump was using an id_ed25519 key, which also wouldn’t apply to this concern.
When you said it didn’t work, are you getting the same error in FileZilla? Could you share more details on the connection details now being used and the logs produced by FileZilla.
Thanks
Alan
I spun up a Windows 11 VM and installed FileZilla 3.58.0.
Using an RSA private key that I generated (with the public key uploaded to my Render account), I used the below settings:
Clicked “Connect” and it was successful:
Hope that helps with getting your setup working.
Alan
I have tried id_ed25519, didn;t work the same log in FileZilla
even from another network and another computer, it is the same issue
Hi there,
I was struggling to reproduce the issue you are seeing.
I could successfully connect via SSH in Windows Powershell and SFTP in Filezilla to a Render Web Service, using an RSA key. The public key had been added to my Render account and the private key is added to the ssh-agent.
However, the other posts you raised around the Wordpress gave me a little more information about your setup. I deployed my own Wordpress Render example and was also then not able to connect over SSH. The Wordpress example uses Docker, which has can have configuration that affect the way SSH works on Render, as noted in the documentation: Connecting with SSH - Limitations
I’ll look to get a solution to the issue.
Kind regards
Alan
i think here is the issue
Restrict access only to current IP
Hi there,
I’m not sure where that reference is shown, but the issue here isn’t IP related, it’s that the Docker setup for the Wordpress example isn’t allowing SSH connections.
I’ve raised it with the engineers and am awaiting feedback.
Thanks for your patience.
Alan