Topic "Server refused public-key signature despite accepting key"

Author Message
jhirst
[View user's profile]

Joined: 2013-05-16
Posts: 17
Location: Brisbane
I am using the WinSCP.net library for secure FTP file transfer (at work).
I have a scheduled job that connects to a bank's server every 3 minutes.
This job will upload files, download files and delete files from the bank's FTP site.

Most of the time this works without a problem but approximately 3 or 4 times per day there will be a SessionRemoteException while attempting to open the session.
This is not restricted to the .net library and can also happen when using the WinSCP client.

I am assuming that I have the session configured correctly as this is working in our production environment most of the time.
I do not have access to the server logs but this is not isolated.
The following was recently posted to a forum by another party and it is EXACTLY the same issue:
http://superuser.com/questions/587560/winscp-sometimes-throws-error-server-refused-public-key-signature-despite-acce

As requested by the bank I do not use a Password to connect to their FTP session, could this be an issue?

I would appreciate some insight here. I have had to code some fallback procedures for when the session fails to open.

Here is the callstack for the exception. Thanks

Exception:

Exception: WinSCP.SessionRemoteException: Connection has been unexpectedly closed. Server sent command exit status 0. ---> WinSCP.SessionRemoteException: Authentication log (see session log for details):
Using username "############".
Authenticating with public key "rsa-key-########".
Server refused public-key signature despite accepting key!

Authentication failed.
--- End of inner exception stack trace ---
at WinSCP.SessionLogReader.Read(LogReadFlags flags)
at WinSCP.ElementLogReader.Read(LogReadFlags flags)
at WinSCP.CustomLogReader.TryWaitForNonEmptyElement(String localName, LogReadFlags flags)
at WinSCP.Session.Open(SessionOptions sessionOptions)
[/b]
Advertisements
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
Do you have access to server's logs? Can you attach a sample for working and non-working session?
jhirst
[View user's profile]

Joined: 2013-05-16
Posts: 17
Location: Brisbane
prikryl wrote:
Do you have access to server's logs? Can you attach a sample for working and non-working session?


"I do not have access to the server logs but this is not isolated. "

The server is a bank and I do not have access to their logs.
I'm not sure that they will be able to supply them but will try.
jhirst
[View user's profile]

Joined: 2013-05-16
Posts: 17
Location: Brisbane
This exception is still occurring, on average twice per day.
The server logs do not indicate any unusual activity at all at the times that the exceptions happen.
Do you have any idea on how I can troubleshoot this?
Previously I was regularly connecting to a single FTP site, for downloading and uploading every 3 minutes.
I am now also connecting to a second FTP site, also opening a session every 3 minutes.
I am getting the same occasional issue with the second site so the server is most likely not at fault.
jhirst
[View user's profile]

Joined: 2013-05-16
Posts: 17
Location: Brisbane
I created a test app which loops 200 times, simply opening a session.
When I ran it, on iteration 112 I received the SessionRemoveException exception (Server refused public-key signature despite accepting key!).

for (int i = 0; i < 200; ++i)
{
using (var session = new Session())
{
session.ExecutablePath = @"c:\Program Files\WinSCP\WinSCP.exe";

if (!session.Opened)
{
session.Open(sessionOptions);
}
Console.WriteLine(string.Format("Session {0} opened", i));
}
}
jhirst
[View user's profile]

Joined: 2013-05-16
Posts: 17
Location: Brisbane
I did the same but using the debug version of WinSCP
I have attached part of the log for when the authentication failed (max attachment size is 1mb and logs are 4mb..)
WinSCP2E64trace.log (914.03 KB) [Download]

Description: (none)

martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
Thanks for the log. Any chance of getting a test account on your server?
jhirst
[View user's profile]

Joined: 2013-05-16
Posts: 17
Location: Brisbane
Hi Martin

The ftp site is a bank so I don't know if they will be happy to create another account. I'll see..

This is reproduce-able when I run this test on other servers.
I even ran the same test on my local pc and it causes an exception on the 20th session open.

Do you know of any test SFTP sites that I can use to see if the same thing happens?
I've reproduced this with two SFTP sites but would like to see a third.
I can't seem to find any test Secure FTP sites.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
I'm not aware of any test SFTP site.
Are you able to reproduce the problem using PuTTY SSH client? You can automate the test using plink tool from PuTTY package.
_________________
Martin Prikryl
jhirst
[View user's profile]

Joined: 2013-05-16
Posts: 17
Location: Brisbane
Putty is providing me with this error when I try to connect:
Server refused to start shell/command

Google is not helping...
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
Ok, so use psftp (also from PuTTY suite) for the test instead.
_________________
Martin Prikryl
jhirst
[View user's profile]

Joined: 2013-05-16
Posts: 17
Location: Brisbane
Apparently we are not the only people experiencing this exception and it is due to a sluggish transfer system at the server.
This does not seem to be a WinSCP issue.

Thanks
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
jhirst wrote:
Apparently we are not the only people experiencing this exception and it is due to a sluggish transfer system at the server.
This does not seem to be a WinSCP issue.

Thanks for your feedback.
_________________
Martin Prikryl
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License