000033670 - Software error when running psftp command in RSA Security Analytics 10.3+

Document created by RSA Customer Support Employee on Aug 3, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000033670
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: SFTP Agent 
RSA Version/Condition: 10.3+
Platform: Windows
 
IssueWhen running the command "psftp -i private.ppk -l sftp -v <log Collector IP> " to test connectivity between the SFTP Agent Event Source and Log Collector, the following error is produced:
"Reading private key file "private.ppk"
Using username "sftp".
Offered our public key null
Offered public key
Offer of public key accepted
Authenticating with public key "rsa-key-20150127"
Sent public key signature
Access granted
Opening session as main channel
Network error: Software caused connection abort
Fatal: Network error: Software caused connection abort"

 
 
CauseThis is caused due to permissions not being set correctly on /var , /var/netwitness/logcollector and /var/netwitness/logcollector/upload on VLC or Local LogCollector.
Resolution
Run the following to set the permissions correctly:
1. Ensure the folder /var/netwitness/logcollector/upload is owned by user and group "sftp". If not, then run below to set it:
     chown -R sftp:sftp /var/netwitness/logcollector/upload
2. Ensure the /upload directory has the correct permissions:
     chmod -R 775 /var/netwitness/logcollector/upload
3. Finally, Ensure the folder /var/netwitness/logcollector is solely owned by "root" for both user and group. If not set it :
     chown root:root /var/netwitness/logcollector
4. You should now be able to run the command below to test connectivity from the Windows Event Source: 
    psftp -i private.ppk -l sftp -v <log Collector IP> 

Attachments

    Outcomes