Best practices and troubleshooting guide for connecting to Lyft's SFTP service

This article contains best practices and basic troubleshooting steps to prevent common issues you may experience when attempting to connect to Lyft's SFTP service for automatic syncing in the Lyft Business Portal.

In this article, we'll go over and troubleshoot:

  1. Testing your organization's firewall to ensure Lyft's SFTP server can pass through
  2. Ensuring you are using the correct type of public SSH key, in the correct format
  3. Providing the correct single public SSH key that matches your single private key
If you are experiencing an issue that is not found in this article, please contact us for support.



First, let's make sure your internal systems are optimal for a successful connection by testing your organization's firewall.

Lyft's SFTP server will need to be able to get past your firewall to successfully make a connection. If you're not able to connect to the server, your firewall is likely blocking the server and you may see the following error message:

  • "Something went wrong. Please try again."

To ensure the Lyft server can pass through the firewall, please whitelist the entire IP range of the "us-east-1" region of Amazon EC2 for TCP port 9411. Amazon makes its IP ranges available at the following URL: https://ip-ranges.amazonaws.com/ip-ranges.jsonYou can use the following script to extract the relevant IP ranges:

  • curl https://ip-ranges.amazonaws.com/ip-ranges.json | \ jq '.prefixes[] | select(.service=="EC2") | select(.region=="us-east-1") | .ip_prefix'

Then, please follow the steps below to run a test to see if your organization's firewall is still blocking Lyft's SFTP server:

  1. Connect to host: sftp.lyft.net 
  2. Connect to port: 9411
  3. Run the following command line to attempt to connect:
    sftp -v -o "IdentitiesOnly yes" -F/dev/null -P9411 -i <PRIVATE_KEY_FILE> <SFTP-username> @sftp.lyft.net

If you're able to connect successfully, you're all set! Your firewall settings are optimal for a connection.


Next, ensure you're using the correct SSH-2 key type, in the correct format 

Currently, our software only accepts SSH-2 public keys. Using an OpenSSL key format will result in a failed connection. If you attempt to submit the wrong SSH key type, you may see the following error message when attempting to establish a connection:

  • "SSH key must adhere to SSH-2 format"

If you need to convert from OpenSSL to SSH-2, use the following command line. Remember to replace 'your_key' in your_key.pub with the OpenSSL key that was generated:

  • ssh-keygen -e -f your_key.pub > ssh2_key.pub

See an example of a valid SSH-2 key below:

---- BEGIN SSH-2 PUBLIC KEY ----
Comment: "2048-bit RSA, converted by vmuruganan\\
tham@vmuruganantham-mbp"
AAAAB3NzaC1yc2EAAAADAQABAAABAQDBUSvBlUnkDWNtjD7iHPHs2ffzN9wrAMIerMSsn7
Mf5ZZp9neSwkTP93WRQYR7SPGf3Qu5tISJIv7mlOCndFvQ0HkPmYvpSx0HLR514t/tXcqE
8LlfYMgOGJ7G+03nlf2E+bXDVHdU8xNKazexKL9HEQBDByNZhqzGfWNI+opzfuvzc0VV99
6JiI+ObjRipMOKKWMBoazYLOTqYVhCDZkX9XbKLaO7wRBqMGSqnbNA7bxRE0WeBvfTTXtU
hyIJk1IwJCkCndePwmQaEGJcbRgB1pgvHJoJY8paiZK6MRQQ8huMd00jKmvHw1PrpAFVH1
GZLRzRIZxGC5QE692/mavv

---- END SSH-2 PUBLIC KEY ----

Lastly, make sure you are providing the Lyft server with the correct public SSH key that matches your private key

To successfully connect to Lyft's SFTP server, a single public key must be entered that matches your organization's single private key. If multiple public keys are sent, or you have more than one private key for your public key, during the secure "handshake" that Lyft's server performs to test a connection, you may experience two of the following issues:

  1. FileZilla is unable to connect on a Mac

    To prevent FileZilla from using other keys, start the program in the Terminal App using the following command:

    SSH_AUTH_SOCK="" open /Applications/FileZilla.app

  2. Socket connection closed

    Use this command to test whether you can successfully connect:

    sftp -v -o "IdentitiesOnly yes" -F/dev/null -P9411 -i <PRIVATE_KEY_FILE> <SFTP-username> @sftp.lyft.net