Troubleshoot the problem that your clients cannot connect to your Connect Server
The following diagram shows the troubleshooting procedure if clients can't establish a fasp transfer connection to your Connect Server. Follow the instructions to identify and resolve problems:
-
Test SSH ports and HTTP port
To verify the SSH and HTTP connection ports, on the client machine, open a Terminal or a Command Prompt, and use the telnet command to test it. For example, to test connection to a computer (10.0.1.1) through a port (TCP/33001), use this command:
$ telnet 10.0.1.1 33001
On Connect Server, test both the SSH connection ports and the web server ports (HTTP and HTTPS).
If the client cannot establish connections to your Connect Server, verify the port number and the firewall configuration on the Connect Server machine.
-
Test UDP ports
If you can establish an SSH connection but not a fasp file transfer, there might be a firewall blockage of fasp's UDP port. Please verify your UDP connection.
-
Verify SSH service status
If there is no firewall blockage between the client and your Connect Server, on the client machine, try establishing a SSH connection in a Terminal or a Command Prompt: (Connect Server address: 10.0.1.1, TCP/33001)
$ ssh asp1@10.0.1.1 -p 33001
If the SSH service runs normally, the client should see a message prompting to continue the connection or for a password. However, if you see a "Connection Refused" message, which indicates that the SSH service isn't running, review your SSH service status. Ignore the "permission denied" message after entering the password, which is discussed in next steps.
-
Applied authentication method is enabled in SSH
If you can establish a SSH connection, but it returns "permission denied" message, the SSH Server on your Connect Server may have password authentication disabled:
Permission denied (publickey,keyboard-interactive).
Open your SSH Server configuration file with a text editor:
/etc/ssh/sshd_config
To allow public key authentication, add or uncomment the PubkeyAuthentication yes. To allow password authentication, add or uncomment PasswordAuthentication yes. Here is a configuration example:
... PubkeyAuthentication yes PasswordAuthentication yes ...
To reload SSH service, execute the command:
OS Version Instructions RedHat $ sudo service sshd restart
Debian $ sudo /etc/init.d/ssh restart
-
Verify the Apache configuration
If the client can access your Connect Server through the HTTP or HTTPS port, but the client's browser doesn't bring up Aspera Web UI, there may be configuration problems when setting up the Apache HTTP server. Refer to Configuring Apache and review the configuration.
-
Verify that the user credentials are correct, and has sufficient access permissions to its docroot
To make sure that the client can establish a SSH connection to your Connect Server, and has correct system user credentials, execute this command on the client machine: (Connect Server address: 10.0.1.1, login: asp1/aspera)
$ ssh asp1@10.0.1.1 -p 33001 asp1@10.0.1.1's password:Enter the user's password when prompted. If you see "Permission denied" message, you may have a wrong user credentials, or the user account doesn't have sufficient access permissions to its docroot. Refer to Setting Up Users or Setting Up Transfer Users (Terminal) for instructions about setting up the user account, and review the user's docroot directory's permissions.
-
Verify that the user is set up for Web UI authentication
On top of SSH authentication, Connect Server uses Apache's authentication to authorize Web UI access. If the client can establish SSH connections, but cannot pass the authentication over web browser, it is likely that the user account is not configured for Web UI correctly. To do so, execute the following command: (User name: asp1)
$ htpasswd /opt/aspera/etc/webpasswd asp1Important: Use the -c option ONLY if this is the first time running htpasswd to create the webpasswd file. Do not use the -c option otherwise.
If you still encounter connection problems after going through these steps, contact Technical Support.