Troubleshooting SFTP Connections

You cannot connect with SFTP simply by configuring the proxy settings in Global Options. CuteFTP does not support using SFTP through a proxy server that is not a SOCKS proxy server. Non-SOCKS servers are "protocol dependent," meaning that if it's an FTP server, you must use FTP and if it's an HTTP server, you must use HTTP. SOCKS proxy servers are not protocol dependent. A SOCKS proxy server works for any TCP/IP socket connection, so the protocol should not matter. If you know you are connecting over a SOCKS proxy server, you can configure CuteFTP to use a SOCKS server when connecting, either in the Global Options (as described below) or in the Site Manager for a specific site.

If you are having difficulty connecting to your SFTP server:

  1. Verify that the server you are connecting to supports SFTP connections.


CuteFTP Professional supports SFTP, a secure service provided by the SSH2 host in which the server both encrypts the data and handles the file transfer. This should not be confused with FTP over SSH2, in which SSH2 uses port forwarding capabilities to forward standard FTP transactions through an encrypted tunnel but the actual file is transferred by a separate, non-secure FTP server. If you are unsure if the host is supporting SFTP, check the connection port. SFTP usually occurs over port 22.

  1. Try toggling the compression options in the SSH2 Security page

  2. Verify the authentication mechanism supported and required by the server. It may require password, public key (identity file), or both (see Important note below).

  3. If public key authentication is required, be sure to provide a copy of the public key you created to the serverís administrator, as it must be in the serverís trusted list in order for you to connect.

  4. If the server administrator created a public key for you, be sure to replace your existing one with it and select the provided key from within the SSH2 Security page.

  5. Copy the connection log to a text file or e-mail to assist in troubleshooting when contacting your FTP or Web service provider or the GlobalSCAPE support team.

Configuration Notes

To use public key authentication, you will must send your public key to the server administrator before making an SSH2 connection. If the server is running OpenSSH, convert the public key:

  1. Create an identity file in the client.

  2. Send the public key ( to the server administrator (via FTP, e-mail, etc.)

  3. The server administrator must convert the public key to OpenSSH, check it with wordcount, and add it to authorized_keys.


Command sequence:

ssh-keygen -i -f > sshpub

wc sshpub

cat sshpub > ~\.ssh\authorized_keys



Wordcount should return a "1" as the first number. OpenSSH asks for the identity files password the first time you log in. If CuteFTP Professional fails to connect, contact our support team and provide the kernel version, OpenSSH build, and the CuteFTP Professional build number (located under Help > About).