This error occurs when an SFTP connection is abruptly terminated before the operation completes. It typically indicates a server-side issue, network instability, missing SFTP subsystem configuration, or server resource constraints.
The SFTP connection closed error means that the SSH connection was established successfully, but the SFTP session terminated unexpectedly before completing file operations. This is different from a connection timeout—the connection was made but dropped prematurely. The causes range from missing SFTP subsystem configuration (especially on Windows) to network issues, idle timeouts, or server errors. When investigating, check both server logs and client-side connection details to determine whether the server intentionally closed the connection or if it crashed.
Test that regular SSH works before troubleshooting SFTP:
ssh -v user@hostIf SSH connection succeeds but SFTP fails, the issue is likely SFTP-specific (missing subsystem). If SSH also fails, troubleshoot SSH connectivity first.
Use the -v flag with SFTP to see detailed diagnostic information:
sftp -v user@hostFor even more detail:
sftp -vv user@hostWatch for error messages about subsystem requests or authentication failures. Verbose output often shows exactly where the connection closes and why.
On the remote server, check that the SFTP subsystem is properly configured in sshd_config:
grep -i subsystem /etc/ssh/sshd_configYou should see a line like:
Subsystem sftp /usr/lib/openssh/sftp-serverOn Windows OpenSSH, check:
Get-Content 'C:\ProgramData\ssh\sshd_config' | Select-String -Pattern 'Subsystem'Should show:
Subsystem sftp C:\\Windows\\System32\\OpenSSH\\sftp-server.exeIf the subsystem line is commented out or missing, uncomment it or add it.
Check that the SFTP server binary actually exists at the path specified in sshd_config:
Linux/Unix:
ls -la /usr/lib/openssh/sftp-serveror
ls -la /usr/libexec/sftp-serverWindows:
Test-Path 'C:\\Windows\\System32\\OpenSSH\\sftp-server.exe'The binary must exist and be executable. If it's missing, you may need to reinstall OpenSSH or correct the path in sshd_config.
After modifying sshd_config, reload or restart the SSH service:
Linux/Unix:
sudo systemctl reload ssh
# or
sudo systemctl restart sshWindows (PowerShell as Admin):
Restart-Service -Name sshd -ForceA reload applies configuration without dropping existing connections. A restart is more thorough if reload doesn't work.
Examine the SSH daemon logs to see what happens when SFTP connection fails:
Linux/Unix:
sudo tail -f /var/log/auth.log
# or
sudo journalctl -u ssh -n 50
sudo journalctl -u sshd -n 50Windows (PowerShell as Admin):
Get-EventLog -LogName System | Where-Object { $_.Source -like '*ssh*' } | Select-Object -Last 20Look for errors mentioning "subsystem" or "sftp". Messages like "subsystem request for sftp failed" confirm the subsystem is missing or not found.
Some SFTP configurations require users to have a valid login shell. Check the user's shell:
grep ^username: /etc/passwdThe last field should be a valid shell (e.g., /bin/bash, /bin/sh). If it's /sbin/nologin or /bin/false, SFTP may fail.
You can also configure SFTP to work even with nologin shells by using chroot or ForceCommand in sshd_config:
Match User sftpuser
ForceCommand internal-sftp
ChrootDirectory /home/sftpuser
PermitTTY no
AllowAgentForwarding no
AllowTcpForwarding no
EndMatchTry connecting with a different SFTP client to isolate whether the issue is client-specific:
Command line:
sftp user@hostAlternative clients:
- FileZilla (GUI)
- WinSCP (Windows GUI)
- Cyberduck (GUI)
- lftp (command line)
lftp -u user sftp://hostIf the issue persists across multiple clients, it's a server problem. If only one client fails, check client-specific settings.
If connections drop after inactivity, adjust timeout settings:
Client-side (~/.ssh/config):
Host *
ServerAliveInterval 60
ServerAliveCountMax 5Or on the command line:
sftp -o ServerAliveInterval=60 user@hostServer-side (/etc/ssh/sshd_config):
ClientAliveInterval 300
ClientAliveCountMax 3These settings keep the connection alive by sending periodic keepalive packets, preventing idle timeout.
Windows OpenSSH SFTP Issues: The most common cause on Windows is incorrect sftp-server.exe path in sshd_config. Ensure the full path is specified and includes escaped backslashes: C:\\Windows\\System32\\OpenSSH\\sftp-server.exe. If the path contains spaces, quote it.
Chroot SFTP Jails: If using ChrootDirectory for SFTP-only users, ensure directory ownership and permissions are correct. The root directory and all parent directories must be owned by root with 755 permissions, or OpenSSH will refuse to enter the chroot and close the connection.
Large File Transfers: Connection drops during large transfers often indicate insufficient buffer sizes or network instability. Try breaking transfers into smaller chunks or using a client with resume capability.
SFTP over Jump Host/Bastion: If connecting through a jump host, the connection may close if the bastion doesn't have SFTP subsystem configured. Verify all servers in the chain (jump host and final destination) have SFTP configured.
Cloud VMs (AWS, Azure, GCP): Ensure security groups and network ACLs allow port 22 (SSH) throughout the transfer. Some cloud providers may have network policies that interrupt long-lived connections.
SELinux/AppArmor: Mandatory access control systems can prevent sftpd from running. Check denial logs: sudo ausearch -m avc for SELinux or sudo journalctl -u apparmor for AppArmor.
Load key "/home/user/.ssh/id_rsa": invalid format
How to fix 'Load key invalid format' in SSH
Bad owner or permissions on /home/user/.ssh/config
How to fix "Bad owner or permissions on .ssh/config" in SSH
Error connecting to agent: Connection refused
How to fix "Error connecting to agent: Connection refused" in SSH
Connection closed by UNKNOWN port 65535
How to fix 'Connection closed by UNKNOWN port 65535' in SSH
Offending ECDSA key in /home/user/.ssh/known_hosts:line
How to fix "Offending ECDSA key in known_hosts" in SSH