Fixing “Received Too Large SFTP Packet” When Connecting to vCenter Using WinSCP

by admin Posted on

The Problem

When trying to connect to a vCenter Server Appliance (VCSA) using WinSCP, many admins encounter the following error:

Received too large (1433299822 B) SFTP packet. Max supported packet size is 1024000 B

This occurs because the default shell used by the vCenter appliance (/bin/appliancesh) is not compatible with SFTP, which WinSCP attempts to use by default.

The Solution

To successfully connect to VCSA and transfer files using WinSCP, you need to:

  1. Temporarily switch the root shell to Bash, which is compatible with SCP.
  2. Use SCP (not SFTP) as the file protocol in WinSCP.
  3. Optionally, revert the shell back to appliancesh for security.

Step-by-Step: Fix WinSCP Connection to VCSA

Step 1: SSH into the VCSA

Use a terminal like PuTTY or macOS/Linux Terminal to connect via SSH:

ssh root@<your-vcenter-ip>

Enter the root password when prompted.

🔹 Step 2: Launch the Bash Shell

Once logged in, you’ll be placed into the restricted appliancesh. Run:

shell

Then change the default root shell to Bash:

chsh -s /bin/bash root

This sets /bin/bash as the root shell, which allows tools like WinSCP to operate properly over SCP.

Step 3: Open WinSCP Using SCP Protocol

Now that Bash is enabled:

  1. Open WinSCP.
  2. Set the File Protocol to SCP (not SFTP).
  3. Enter the following:
    • Host name: VCSA IP or FQDN
    • Username: root
    • Password: your root password
  4. Click Login.

You should now be able to browse and transfer files from/to your vCenter appliance.

(Optional) Step 4: Revert the Root Shell

Once you’re finished transferring files, it’s best practice to revert the root shell to maintain the intended security posture of the appliance:

  1. SSH into the VCSA again.
  2. Run:
chsh -s /bin/appliancesh root

This restores the shell to its original configuration, aligning with VMware’s hardening guidelines.

Why Does This Error Happen?

The default VCSA shell, appliancesh, is a restricted command shell designed for administrative tasks. It doesn’t support the SFTP subsystem used by tools like WinSCP, resulting in a packet size mismatch error.

By switching to Bash and using the SCP protocol, you work around this limitation without modifying the system permanently.

Security Best Practices

  • Only enable Bash temporarily for the duration of your file transfer.
  • Always revert back to appliancesh when finished.
  • Ensure your root password is strong and that SSH access is restricted via firewall or access control.

Conclusion

This issue is common but easily resolved. By switching your shell and using the correct protocol, you can connect to vCenter Server Appliance with WinSCP safely and effectively.

Tip: Always use SCP protocol with vCenter and avoid SFTP unless explicitly configured.

Leave a Reply

Your email address will not be published. Required fields are marked *

Proudly powered by Cos
RSS
EMAIL