.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Software error when running psftp command in RSA Security Analytics
Issue
When running the command "psftp -i private.ppk -l sftp -v
"Reading private key file "private.ppk"
Using username "sftp".
Offered our public key null
Offered public key
Offer of public key accepted
Authenticating with public key "rsa-key-20150127"
Sent public key signature
Access granted
Opening session as main channel
Network error: Software caused connection abort
Fatal: Network error: Software caused connection abort"
Using username "sftp".
Offered our public key null
Offered public key
Offer of public key accepted
Authenticating with public key "rsa-key-20150127"
Sent public key signature
Access granted
Opening session as main channel
Network error: Software caused connection abort
Fatal: Network error: Software caused connection abort"
Cause
This is caused due to permissions not being set correctly on /var , /var/netwitness/logcollector and /var/netwitness/logcollector/upload on VLC or Local LogCollector.
Resolution
Run the following to set the permissions correctly:
1. Ensure the folder /var/netwitness/logcollector/upload is owned by user and group "sftp". If not, then run below to set it:
chown -R sftp:sftp /var/netwitness/logcollector/upload
2. Ensure the /upload directory has the correct permissions:
chmod -R 775 /var/netwitness/logcollector/upload
3. Finally, Ensure the folder /var/netwitness/logcollector is solely owned by "root" for both user and group. If not set it :
chown root:root /var/netwitness/logcollector
4. You should now be able to run the command below to test connectivity from the Windows Event Source:
psftp -i private.ppk -l sftp -v
Product Details
NetWitness Product Set: NetWitness PlatformNetWitness Product/Service Type: All Nodes
NetWitness Version/Condition: 12.x
Platform: CentOS/Alma Linux
Approval Reviewer Queue
Technical approval queue