すべてのプロダクト
Search

このプロダクト

    Elastic Compute Service:インスタンス接続に関する FAQ

    ドキュメントセンター

    Elastic Compute Service:インスタンス接続に関する FAQ

    最終更新日:May 13, 2026

    SSH 接続に関する問題

    SSH サービスの起動に関する問題

    その他の一般的な問題

    リモートデスクトップ (RDP) 接続に関する問題

    VNC リモート接続に関する問題

    VNC リモート接続に関する問題のトラブルシューティング

    FTP 接続に関する問題

    Windows インスタンス

    Linux インスタンス

    Appendix

    sshd service fails to start with a permission error

    • Symptoms

      The sshd service on an ECS instance fails to start. The system log indicates that the OpenSSH server cannot start due to a permission issue, with the following error message: /usr/share/empty.sshd must be owned by root and not group or world-writable

    • Cause

      The sshd service failed to start because the permissions of the /usr/share/empty.sshd file are incorrect.

    • Solution

      chown -R root.root /usr/share/empty.sshd
chmod 744 /usr/share/empty.sshd
systemctl start sshd
ll -ld /usr/share/empty*

    FTP service on a Windows instance is not accessible from the internet

    Symptoms

    The FTP service on a Windows instance is unreachable from the internet.

    Causes

    Possible causes:

    Solutions

    Choose a solution based on the cause.

    Solution 1: Add security group rules for FTP

    After you create an FTP site on a Windows instance, add an inbound security group rule to allow access to port 21 and the passive port range of 1024–65535. For more information, see Add a security group rule.

    説明

    For more information about security group configurations, see Security group application guide and use cases and Common ports.

    Solution 2: Configure firewall support for FTP

    If the firewall is enabled, follow these steps in IIS Manager to allow FTP traffic through TCP port 21 and the passive port range of 1024–65535.

    説明

    • The internal firewall of a Windows instance is disabled by default.

    • This topic uses IIS Manager as an example to describe how to configure FTP.

    1. Connect to the Windows instance.

      For more information, see Log on to a Windows instance by using a password or key.

    2. Open IIS Manager, and then double-click FTP Firewall Support to open its configuration page.

    3. Configure the parameters and click Apply.

      説明

      Parameters:

      • External IP Address of Firewall: Enter the public IP address of the Windows instance.

      • Data Channel Port Range: Specify the port range for passive data connections. The valid port range is 1025–65535. Configure the port range based on your requirements. This example uses the range 1024-65535.

    4. Open a command prompt and restart the FTP service to apply the configuration to all FTP sites.

      net stop ftpsvc&net start ftpsvc

    5. (Optional) If the FTP server is accessible locally but not from other machines, fix the firewall configuration by following these steps:

      1. Check the inbound rules in Server Manager and make sure that FTP Server is enabled.

      2. Add the Windows Service Host Process.

        1. Go to Control Panel > Windows Firewall and click Allow an App or Feature Through Windows Firewall in the left pane.

        2. In the new window, click Allow Another App.... Browse to C:\Windows\System32\svchost.exe and add it as the service host process.

        3. A new item named Windows Service Host Process appears. Select the Home/Work (Private) and Public checkboxes, and then click OK.

    FTP connection fails with "530 Login incorrect" error on Windows

    Symptoms

    Connecting to the FTP server on a Windows instance returns the following error:

    Response: 331 Please specify the password.
Command: PASS ************
Response: 530 Login incorrect.
Error: Critical error: Could not connect to server
    Causes

    Causes:

    Solutions

    Choose a solution based on the cause.

    Solution 1: Change the FTP password

    1. Connect to the Windows instance.

      For more information, see Log on to a Windows instance by using a password or key.

    2. On the desktop, right-click Computer and select Manage to open Server Manager.

    3. In the left-side navigation pane, choose Local Users and Groups > Users. Right-click the FTP account and select [パスワード設定].

    Solution 2: Add FTP user permissions

    1. Connect to the Windows instance.

      For more information, see Log on to a Windows instance by using a password or key.

    2. Check whether the FTP user directory exists.

      1. If it does not exist, recreate it and add the required permissions. For more information, see Step 3: Set permissions for shared files.

      2. If it exists, right-click the folder and select Properties > Security. Select the FTP account and grant the required permissions.

    FTP connection fails with "530 valid hostname is expected" error on Windows

    Symptoms

    After you attach a domain name to an FTP site on IIS 7.5, connecting to the FTP server by using an IP address returns a "530 valid hostname is expected" or "503 Login with USER first" error.

    Cause

    The logon format is incorrect after you attach a domain name to an FTP site in IIS 7.5.

    Solution

    If the domain name is www.example.com and the username is user, log on using the format www.example.com|user.

    説明

    • The separator is a pipe symbol (|).

    • Alternatively, remove the domain name attachment and log on by using only the username. Follow the steps in the figure.

    File upload to FileZilla Server fails with "550 Permission denied" error

    Symptoms

    Uploading a file to FileZilla Server on a Windows instance returns a "550 Permission denied" error.

    Cause

    The corresponding FTP account in FileZilla Server does not have write permission.

    Solution

    1. Connect to the Windows instance.

      For more information, see Log on to a Windows instance by using a password or key.

    2. Start FileZilla Server. On the Users page, select Shared folders.

    3. Select the user and directory, select the Write checkbox, and then click OK to grant the permission.

    FTP over TLS connection fails with "534 Policy requires SSL" error

    Symptoms

    Connecting to an FTP site on a Windows instance by using FTP over TLS fails with a "534 Policy requires SSL" message.

    Cause

    This message indicates that the FTP SSL Settings for the FTP site are incorrect.

    Solution

    1. Connect to the Windows instance.

      For more information, see Connection methods.

    2. In the lower-left corner of the desktop, choose 开始图标 > Windows Administrative Tools > Internet Information Services (IIS) Manager.

    3. On the FTP homepage, in the FTP section, double-click FTP SSL Settings.

    4. In the FTP SSL Settings section, set SSL Policy to Allow SSL connections. Then, in the Actions pane, click Apply.

    5. Access the FTP site again.

    File upload to FTP on Linux fails with "425 Security:Bad IP connection" error

    Symptoms

    A "425 Security:Bad IP connection" error occurs when you upload a file to an FTP site on a Linux instance.

    Cause

    This error occurs when the client is behind a NAT device that uses multiple public IP addresses, causing a source IP mismatch between the FTP control and data connections.

    説明

    FTP uses a control connection and a data connection. By default, the server verifies that both connections originate from the same IP address. A mismatch triggers the "425 Security:Bad IP connection" error.

    Solution

    Disable the IP security check in passive mode:

    1. Connect to the Linux instance.

      For more information, see Log on to a Linux instance by using a password or key.

    2. Edit the FTP configuration file:

      vi /etc/vsftpd/vsftpd.conf

    3. Press the i key to enter edit mode, and add the following content to the configuration file.

      pasv_promiscuous=yes

    4. After you finish editing, press the Esc key to exit edit mode, then enter :wq and press the Enter key to save and exit.

    5. Restart the FTP service:

      systemctl restart vsftpd

    File upload using vsftp fails with "553 Could not create file" error

    Symptoms

    Uploading files to a Linux instance by using vsftp fails with a "553 Could not create file" error.

    Causes

    Causes:

    • The disk space of the Linux instance is full.

    • The FTP home directory does not have write permission.

    Solution

    Refer to the following steps to check the disk space of the Linux instance and the ownership and permissions of the FTP home directory.

    1. Connect to the Linux instance.

      For more information, see Log on to a Linux instance by using a password or key.

    2. Run the following command to check the available disk space on the Linux instance.

      df -h
      説明

      A disk partition is full when its space usage reaches 100%.

      The system displays information similar to the following. For example, the usage of partition /dev/xvda1 is 59%.

    3. Run the following command to check if the FTP home directory has write permission.

      説明

      Before you run the following commands, replace /home/user with your actual FTP home directory.

      ls -l /home/user

      If the permissions in the red box in the figure below do not include w, it means that you do not have write permission.

      1111

    4. Run the following command to add the write permission and save. 

      chmod +w /home/user

    5. Run the following command. If the command output contains w, it indicates that the write permission is added successfully.

      ls -l /home/user