Try using port 22. Unless you configured the ELM to ssh using port 23 this will never work. port 23 is for telnet.
Just for clarification, port 23 is NOT used for Telnet on the ELM. This is the default configured port for manual retrieval of the ELM raw logs without the need for the use of the ESM and by way of clients such as WinSCP using the SFTP protocol. Saosiner, is it possible you could test with a different SFTP client? Thanks.
We are having the same issue after we upgraded to MR5. We previously used WinSCP on port 23 to connect and pull data from the ELM but we nowget the same error. Was told by support that there is a problem with the apiserver service on the ESM, for some reason it is not started and not listening on port 100 like it should be, so when we try and connect, the ELM tries to verify the creds with the ESM and that is where authentication is failing. I'm being told to update to MR7 to fix the issue. If on the ESM we manually start the apiserver service we are able to connect while the service tries to start, then it will error out and we lose connection.
As others said, this is not a port problem but a known bug affecting the ELM "sftp interface" that indeed runs on port 23 by default (despite this port usually being reserved for telnet).
This is not to be confused with using sftp over port 22 as root to access the elm.... port 23 runs a synthetic file repository that allows users to download raw data straight from the elm back-end files.
thank you for help
This is the problem after upgraded to 9.5 MR5.
I have opened service request to the support.
Hi， I met the same issue on 9.4.2. When i tried to login SFTP via port 33， I get a error: network error, software issue cause the connection abort. when checking the log \var\log\edsftp.log.00, i found the error as bellow. But I found the issue did not exist in our another SIEM（version 9.4.0）. So I replace the edsftp(/usr/local/bin/edsftp) in 9.4.2. with the one copy from 9.4.0. And then the issue was resolved.
Dec 24 02:04:44 L_INFO 11816|program arguments
Dec 24 02:04:44 L_INFO 11816| (p) port = 23
Dec 24 02:04:44 L_INFO 11816| (a) apiport = 100
Dec 24 02:04:44 L_INFO 11816| (d) apiaddr = 127.0.0.1
Dec 24 02:04:44 L_SERVER 11820|Server thread started
Dec 24 02:05:09 L_SERVER 11820|Unexpected message type: 4
Dec 24 02:05:09 L_SERVER 11820|Unexpected authentication type: 1
Dec 24 02:05:09 L_SERVER 11820|Authenticating user: NGCP
Dec 24 02:05:12 L_SERVER 11820|Authenticated user with session: 214998757, checking elm ds access
Dec 24 02:05:16 L_SERVER 11820|Authenticated user: NGCP with result: 1
Dec 24 02:05:16 L_SERVER 11820|Unexpected channel request type: 0
Dec 24 02:05:16 L_SERVER 11820|Received subsystem request
Dec 24 02:05:20 L_ERROR 12461|expected key length > 0, actual: 0 at [../common_c/map/map.c:309 (map_setx)]
Dec 24 02:05:20 L_ERROR 12461|map_set failed at [elmvfs/elmvfs.c:68 (elmvfs_create)]
Dec 24 02:05:20 L_ERROR 12461|elmvfs_create failed at [sftp_thread/sftp_thread.c:133 (sftp_handler)]