Brother ADS-1700W: SFTP setup

When moving to a new home server I also needed to connect my Brother ADS-1700W document scanner to the new Debian 12-based machine, which turned out to be harder than I expected.

Upon pressing a button on the UI, the scanner shall upload the PDFs to the paperless-ngx instance on my home server. The ADS-1700W supports SFTP uploads that can be configured via the web interface.

Until all problems were solved, the "connection test" showed the following (German) error message:

Profil 1 (SFTP)
Test: Fehler
Diese Meldung wird angezeigt, wenn Ihre Authentifizierungseinstellungen nicht ordnungsgemäß konfiguriert sind.

Prüfen Sie Folgendes:
* Benutzername ist korrekt.
* Kennwort ist korrekt. (Wenn Kennwort als Auth.-Methode ausgewählt ist.)
* Ausgewähltes Client-Schlüsselpaar ist korrekt. (Wenn Client-Schlüssel als Auth.-Methode ausgewählt ist.)
* Ausgewählter öffentlicher Serverschlüssel ist korrekt.

Host key

Each SFTP Profile has a Server Public Key which needs to be uploaded at first. I used the following file from my server: /etc/ssh/

Using did not work; the scanner firmware did not accept the key file. (The RSA file gave an error at first, but was accepted when uploading it a second time.)

The scanner was not able to connect to my server with that host key though. journalctl showed:

sshd[6275]: Unable to negotiate with port 59954: no matching host key type found. Their offer: ssh-rsa [preauth]

Debian 12 by default does not like RSA keys anymore and prefers different key types, so I had to allow RSA:

HostKeyAlgorithms +ssh-rsa

SFTP subsystem

Test connections from my laptop to the restricted "scanner-upload" account with scp did not work at first:

$ scp -v empty.ini
Executing: program /usr/bin/ssh host, user scanner-upload, command sftp
debug1: Sending subsystem: sftp
Transferred: sent 4336, received 3568 bytes, in 0.3 seconds
Bytes per second: sent 13255.8, received 10907.9
debug1: Exit status 1
scp: Connection closed

There was no indication in the server logs, even when setting LogLevel VERBOSE.

A CentOS forum post by edwardsmarkf gave me a solution: Change the SFTP subsystem from /usr/libexec/openssh/sftp-server to internal-sftp.

Subsystem       sftp    internal-sftp


With this two configuration changes the scanner could upload files!

Test OK message in Brother scanner web interface

Written by Christian Weiske.

Comments? Please send an e-mail.