Recommended WinSCP Settings

Updated 6 months ago by James Dunn

In this article we will guide you through setting up WinSCP step by step, from first launch to login success. It assumes you have the program installed already.

  1. When you open WinSCP for the first time a Login window will appear.
    Leave the default protocol SFTP and Port 22.
  2. Enter your Host Name:
    Related article: What is my Server Address or Hostname?
  3. Enter your User name and Password and click Advanced.
Related article: Forgot Password?

Advanced Site Settings

  1. Click Advanced... to continue.

Environment Options

  1. Under Server environment set "UTF-8 encoding for filenames" to On.
  2. Under Directories you can choose which folders you want to go to automatically when you log in.
    1. Remote directory is on the server side.
      Shared folders are commonly used, E.g. /shares/example
    2. Local directory is on your computer.
      The downloads folder is commonly used, E.g. C:\Users\example\Downloads
  3. Under SFTP set "Preferred SFTP protocol version" to 3 and uncheck "Allow SCP fallback".

Connection Options

  1. Uncheck "Optimize connection buffer size", as this is known to cause errors.
    1. In CLI you can append -rawsettings SendBuf=0 to your command
  2. Set the "Server response timeout" to 300 seconds in order to reduce manual interventions.
    1. In CLI you can append /timeout=300 to your command
  3. Under Keepalives select "Sending of null SSH packets" every 60 seconds to remain connected during long file tranfer sessions, like when uploading multiple gigabytes.

SSH Options

  1. Under Encryption Options, select "--warn below here--" and click Up until only AES and ChaCha20 are on top.
  2. Under Key Exchange algorithm options, select "--warn below here--" and click Up.
  3. Select "Diffie Hellman group exchange" and click Down until only ECDH key exchange and Diffie Hellman group 14 are on top.
  4. Under Options for controlling key re-exchange, set "Max minutes before rekey" to 120, and "Max data before rekey" to 0.
  5. Click OK
  6. Click Save
  7. Enter a descriptive name so you can find it later more easily.
  8. Check "Save password (not recommended)" if you really want to, then click OK.
  9. Click Login
  10. Click Yes to accept the host key when prompted.
    Related article: Unknown Host Key
You have now successfully connected to your site using SFTP in WinSCP.

Known Issues in WinSCP

  • The way in which WinSCP attempts to optimize the connection buffer can result in a race against the server and whenever the server loses this race the request will time out and the following error message will be in the log:
    Script: Host is not communicating for more than 15 seconds.
    Still waiting...
    Note: If the problem repeats, try turning off 'Optimize connection buffer size'.
    • To turn this off in CLI:
      • Add the flag -rawsettings SendBuf=0 to your command
    • To turn this off in GUI:
      • Uncheck "Optimize connection buffer size" under Advanced Site Settings
  • If you have a password that contains a space it will not be accepted in WinSCP. It will give an invalid login error even if you paste the password in.

Known Issues with Previous Versions of WinSCP

  • Previous versions of WinSCP attempts to set these permissions and timestamps as this is conventional in SCP. However in our SFTP server this will cause a stern warning message to pop up when uploading files.
    Despite this warning the files have still been saved successfully.
    • To turn this off in CLI:
      • Add the flag -nopreservetime to your command
    • To turn this off in GUI:
      • Go to Preferences and select the Transfer page. Select the Default preset and click the Edit button.On the Transfer Settings dialog uncheck the Preserve timestamp and make sure the Set permissions is unchecked.

  • Previous versions of WinSCP implement a resume feature by uploading a temporary file <yourfilename>.filepart, and then immediately renaming it when the upload is completed, which can cause another race against the server. Whenever the server loses this race a 404 File not found error is returned from the API as the client tries to rename a file that has not finished uploading or saving to disk. This can happen because the protocol does not require the client to receive confirmation of upload before continuing on to the next request.
    • To turn this off in CLI:
      • Add the flag -resumesupport=off to your command
      • To turn this off in GUI:
        • Under Preferences > Transfer > Endurance set "Enable transfer resume/transfer to temporary filename..." to Disable
          You can still resume uploads by overwriting the incomplete file and choosing to Resume when prompted

How Did We Do?