Context:
Reconciliation Reports for crypto brokerage customers are available for downloading via Paxos SFTP Server. The connection to SFTP Server restricts access to allowed IP addresses only, and uses an SSH Private/Public key pair for authentication.
Possible issues:
-
connection is made from unallowed IP address
-
incorrect SFTP Login name
-
incorrect SFTP Server address
- incorrect Private SSH key
-
incorrect path to reports folder in SFTP command or in SFTP
-
incorrect usage of SFTP command
- corporate firewall blocking the connection to Paxos SFTP Server or port 22
Troubleshooting steps:
1. Verify your external IP address using the following "curl" command. Make sure the IP address is in the list of IP addresses you provided to Paxos for your connection.
curl ifconfig.io
# It should show your external IP address
2. Esure you are using a correct SFTP Login provided to you by Paxos. Usually it is your company's name.
3. Ensure that you are using the correct SFTP Server address:
For Production account:
sftp.paxos.com
For Sandbox account:
sftp.sandbox.paxos.com
4. Verify connectivity to the SFTP Server. Here, we are using "telnet", available for all major platforms.
# For Prod:
telnet sftp.paxos.com 22
# For Sandbox:
telnet sftp.sandbox.paxos.com 22
# It should show something like this:
#
# Trying 54.211.221.128...
# Connected to s-5f00987ece294282c.server.transfer.us-east-1.amazonaws.com.
# Escape character is '^]'.
# SSH-2.0-AWS_SFTP_1.0
- If the output indicates that "telnet" is not connected, it is required to verify your external IP address (see step 1) and check with IT department if your local firewall is configured to allow connection to Paxos servers on port 22.
5. Ensure that you are using the proper private SSH key, which corresponds to the public key provided to Paxos for your SFTP connection.
6. Use the following "sftp" command to test connectivity to Paxos SFTP servers:
# Prod:
sftp -v -i /path/to/private_key.pem customer@sftp.paxos.com
# Sandbox:
sftp -v -i /path/to/private_key.pem customer@sftp.sandbox.paxos.com
# Replace the "/path/to/private_key.pem" with the actual path/filename for your SSH private key.
# Replace "customer" with your sftp user name, usually it is your company's name.
The debug output should provide some details on whether the connection can be established, incorrect login name, or the private ssh key can't be used to authenticate on Paxos server.
If the connection can't be established at all, check the following:
- Your external IP address on Paxos SFTP Server
- The SFTP server address (e.g., for Sandbox SFTP Server rather than Production)
- Local corporate firewall blocking connection
7. Ensure the path to Recon Reports is correct. In most cases it should look like:
# Prod:
<your_company>.prod.itbitprod.sftp/home/reports/unprocessed/2021-12-21_profile_balances.csv
# Sandbox:
<your_company>.sandbox.itbitprod.sftp/home/reports/unprocessed/2021-12-21_profile_balances.csv
8. Try to establish the connection using a GUI SFTP client, for example - cyberduck or filezilla.
Should the issue persists please submit a ticket to Paxos Support and provide the exact commands and outputs you tried in step 1, 4 and 6 for further investigation!