This error message occurs when WinSCP connects to a new SSH server. Every server identifies itself by means of a host key; once WinSCP knows the host key for a server, it will be able to detect if a malicious attacker redirects your connection to another machine.

If you see this message, it means that WinSCP has not seen this host key before, and has no way of knowing whether it is correct or not. You should attempt to verify the host key by other means, such as asking the machine’s administrator.

If you see this message and you know that your installation of WinSCP has connected to the same server before, it may have been recently upgraded to SSH protocol version 2. SSH protocols 1 and 2 use separate host keys, so when you first use SSH-2 with a server you have only used SSH-1 with before, you will see this message again. You should verify the correctness of the key as before.1)

Read more about verifying host keys.

This message, followed by “The server’s host key does not match the one WinSCP has is cache”, means that WinSCP has connected to the SSH server before, knows what its host key should be, but has found a different one.

This may mean that a malicious attacker has replaced your server with a different one, or has redirected your network connection to their own machine. On the other hand, it may simply mean that the administrator of your server has accidentally changed the key while upgrading the SSH software; this shouldn’t happen but it is unfortunately possible.

You should contact your server’s administrator and see whether they expect the host key to have changed. If so, verify the new host key in the same way as you would if it was new.1)

Read more about verifying host keys.

You may get this message when connecting to a server for following reasons:

• You are trying to use WinSCP for a purpose for which it is not designed. WinSCP needs a SSH or FTP server to be installed at the other end (on the machine you want to connect to). In particular, you cannot easily use it to connect to another Windows workstation, since Windows does not have an SSH or FTP server included by default.
• You are trying to use protocol that the server does not support. Particularly you are trying SFTP/SCP (over SSH), but the server supports FTP; or vice versa. Check selected protocol on login dialog.
• The server is running on non-standard port. Please make sure you enter actual port number of login dialog.
• You may need to connect through proxy server, but you have not specified one on login dialog.
• Connection was blocked by firewall. Please refer to FAQ.

If you are trying to use WinSCP to connect to your iPhone or iPod Touch, please refer to FAQ.

All reasons and hints for “Network error: Connection refused” above apply to this error too.

All reasons and hints for “Network error: Connection refused” above apply to this error too.

If you are getting the error while logging in or while initiating file transfer, all reasons and hints for “Network error: Connection refused” above apply to this error too.

If you are getting the error while logging in, your connection may have been blocked by firewall. Please refer to FAQ.

Even if you are getting the error in the middle of session, it means that Windows network code killed an established connection for some reason. For example, it might happen if you pull the network cable out of the back of an Ethernet-connected computer, or if Windows has any other similar reason to believe the entire network has become unreachable.

Windows also generates this error if it has given up on the machine at the other end of the connection ever responding to it. If the network between your client and server goes down and your client then tries to send some data, Windows will make several attempts to send the data and will then give up and kill the connection. In particular, this can occur even if you didn’t do anything, if you are using SSH-2 and WinSCP attempts a key re-exchange.

The problem can be caused also by the firewall. Try to disable it temporarily to see if the problem persists. Refer to FAQ.

It can also occur if you are using keepalives in your connection. Other people have reported that keepalives fix this error for them.1)

You may get this message when connecting to a server for following reasons:

• You may have typed a wrong hostname on Login dialog.
• Your domain name is new and is not fully distributed to DNS servers yet.
• Connection was blocked by firewall. Please refer to FAQ.

You probably see error message like:

General failure (server should provide error description).
Error code: 4
Error message from server: Failure
Request code: ?

What does particular error code mean is explained on the line above, i.e. “General failure” here. Particularly for “General failure”, the SFTP server should provide you more details, that you will see next to “Error message from server”. Unfortunatelly, SFTP server shipped with OpenSSH does not. That is, why you see there just “Failure” (very useful).

Some situations when OpenSSH server issues this useless error message:

• Renaming file to name of already existing file.
• Moving remote file to different filesystem (HDD).
• Uploading file to full filesystem (HDD).
• Exceeding user disk quota.

If none of the above helps, check your permissions or contact server administrator.

If you get this error message while logging into your server, it is most usually cause by the server not being able to run some process necessary to support your session. Possibilities are:

• Shell. Your account may not be allowed to start a shell at all. With some servers (like OpenSSH), you may need to be allowed to start a shell, even if using SFTP protocol. Also some servers refuse to start a shell if your password has expired or your account was terminated.
• SFTP server. Your account may not be able to start SFTP server binary (e.g. /bin/sftp-server) or the binary is not present on your server. Your SSH server may also lack the SFTP subsystem.

You will get the error while authenticating when:

• You have entered incorrect password, used used non-authorized key, etc.
• The account you are trying to use cannot be logged in. This can be case even when you get “Access denied” only after entering password, as for security reasons, most SSH servers do not reveal information about the accounts. Reasons for not being allowed to login include:
  • The account (username) you have entered on Login dialog does not exist at all.
  • The account is disabled.
  • The password has expired.
  • Number of parallel sessions allowed for the account has been exceeded.
  • You are trying to connect with super-user account (root), without having allowed that. Please read FAQ.

This message is produced by an OpenSSH (or Sun SSH) server if it receives more failed authentication attempts than it is willing to tolerate.

This can easily happen if you are using Pageant and have a large number of keys loaded into it, since these servers count each offer of a public key as an authentication attempt. This can be worked around by specifying the key that’s required for the authentication in the session configuration; WinSCP will ignore any other keys Pageant may have, but will ask Pageant to do the authentication, so that you don’t have to type your passphrase.1)

If you see one of these messages, it often indicates that you’ve tried to load a key of an inappropriate type into WinSCP.

You may have specified a key that’s inappropriate for the connection you’re making. The SSH-1 and SSH-2 protocols require different private key formats, and a SSH-1 key can’t be used for a SSH-2 connection (or vice versa).

Alternatively, you may have tried to load an SSH-2 key in a “foreign” format (OpenSSH or ssh.com), in which case you need to import it into PuTTY's native format.1)

You will get the error with SCP protocol, if output of ls command cannot be parsed by WinSCP. WinSCP expects listing in format:

<type><permissions> <inode> <owner> <group> <size> <timestamp> <filename>[ -> <target>]

Some common examples:

drw-r--r--    3 martinp users        4596 2007-06-06 11:18:33.000000000 +0200 private

lrwxrwxrwx    1 martinp users           4 Mar 24  2005 wiki -> dokuwiki

drwxr-xr-x+   2 martinp users          96 Oct 26 14:58 httpdocs

If your listing does not correspond to some of the above:

• Try using SFTP protocol instead of SCP.
• Always make sure you are using the latest version of WinSCP, as support for different listing format is being added continuously.
• Alter output of ls command to match any of the supported formatting. WinSCP has few session options that may be used for that, including:
  • Listing command (e.g. use sed to modify output of ls command to match the WinSCP requirements);
  • Clear aliases (may help if the ls command is aliased to display non standard output) and
  • Clear national variables (may help if your listing does not use english month names).
• Make sure you are using bash shell. If you do not want to set it as your default shell, force it for WinSCP sessions.

If … (from the subject) is a very large number then the problem is typically caused by a message printed from some profile/logon script. It violates the SFTP protocol. Some of these scripts are executed even for non-interactive (no TTY) sessions, so they cannot print anything (nor ask user to type something).

The number … represents the first four bytes read from the server. If your login scripts are printing words, this will be the first four characters cast into a number, and not an SFTP message at all.

To fix the problem find out what command in your login script prints text. Once you find it move the command to the proper interactive script, or remove it entirely. The scripts are usually hidden (their name starts with dot) and are located in your home directory on the server.

There are other possible sources of the message in addition to the profile script - some SSH servers print messages if they are unable to start the SFTP server, or encounter a fatal error. You should contact your server administrator.

Another possibility is that the server is configured to only allow the SCP protocol and not the SFTP protocol, in such a way that SCP fallback mechnism of WinSCP does not work. The solution is to choose SCP protocol on the login dialog.

You will get the error with SCP protocol, if command necessary for facilitate operation you were trying to do does not exist on remote server or the shell cannot find it. Typically your get the error for scp command that is used to transfer files.

If you are not an experienced Unix user, you should first try using SFTP protocol instead.

If you are sure that the command exists on the remote server, make sure that WinSCP (or rather the shell) can find it. You may need to add path to the command to PATH environment variable. Also make sure that the startup script that sets PATH is actually executed for non-interactive sessions.

You can also try to run the respective command from terminal (with the same account that you use with WinSCP), to verify that you can execute it. You may not have sufficient permissions, or the command dependencies may not be installed.

This error message is not useful for you as an end-user. It generally means that there is a bug in the software. Please report the bug.

SSH code of WinSCP is based on PuTTY. So if you are getting some error message while using SCP or SFTP protocols (particularly while connecting), you may check also the common error messages in PuTTY documentation.