Thanks I already understood it from your previous reply. Thank you for your assistence!
- ACG
Post a reply
Before posting, please read how to report bug or request support effectively.
Bug reports without an attached log file are usually useless.
Topic review
- martin
If you do not have read access to the bucket, it is almost impossible to work with it in GUI client.
- ACG
- I have set eu-central-1 in the Default region (Advanced Site Settings => S3 => Protocol options => Default region)
-
lsgives
so that might be the issue for doing this with WinSCPAn error occurred (AccessDenied) when calling the ListObjectsV2 operation: Access Denied
- martin
Thanks.
- The awscli uses
eu-central-1region. That is not the default region. Did you configure it somehow? Wouldn't WinSCP work, if you configure it to useeu-central-1by default? https://winscp.net/eng/docs/ui_login_s3 - The awslog shows only upload. Isn't it possible that you have only upload/write access to the bucket, but not read/listing permissions? Can you do
lsin awscli? Can you post log for that?
- ACG
AWS log.
- martin
Re: Now I use AWS CLI which works
Can you post AWS CLI log too?
- ACG
Now I use AWS CLI which works
Now I use AWS CLI which works
- ACG
tried but did not succeed
Log.
- martin
@ACG: Ok, in general, do not modify the Host name.
The bucket name goes to the Remote directory.
See https://winscp.net/eng/docs/guide_amazon_s3#buckets
The bucket name goes to the Remote directory.
See https://winscp.net/eng/docs/guide_amazon_s3#buckets
- ACG
ic-integration is bucket name, kpmg is bucket subdirectory name. I forgot to hide these probably
I have tried a lot of different variants, also using remote directory, but none of these worked unfortunatly
I have tried a lot of different variants, also using remote directory, but none of these worked unfortunatly
- martin
Re: The request signature we calculated does not match the signature you provided. Check your key and si
The
The next version will parse the path out of Host name box automatically:
Issue 2219 – Recognize path in Host name box on Login dialog
And what is
/KPMG should not be in the Host name. It should be in the Remote directory.
The next version will parse the path out of Host name box automatically:
Issue 2219 – Recognize path in Host name box on Login dialog
And what is
ic-integrations?
- ACG
The request signature we calculated does not match the signature you provided. Check your key and si
No sorry not using accelerated endpoints but the error is similar. Here the log.
I have already installed AWS CLI and can continue with that but still curious how the get it working in WinSCP.
I have already installed AWS CLI and can continue with that but still curious how the get it working in WinSCP.
- martin
Re: Same issue, don't know what to do
@ACG: Are you sure you have the same issue? I.e. with accelerated endpoints? Anyway, please attach a full session log file showing the problem (using the latest version of WinSCP).
To generate the session log file, enable logging, log in to your server and do the operation and only the operation that causes the error. Submit the log with your post as an attachment. Note that passwords and passphrases not stored in the log. You may want to remove other data you consider sensitive though, such as host names, IP addresses, account names or file names (unless they are relevant to the problem). If you do not want to post the log publicly, you can mark the attachment as private.
- ACG
Same issue, don't know what to do
A supplier gave me the S3 endpoint and I am trying to connect with WinSCP but getting the following error
I have checked the key and that is ok. Any idea?
The request signature we calculated does not match the signature you provided. Check your key and signing method.
Extra Details: AWSAccessKeyId: XXXXremovedXXXX, StringToSign: AWS4-HMAC-SHA256
20231128T115438Z
20231128/eu-central-1/s3/aws4_request
f066766405090062e0cf5e71c50e2bf81e2b4a49a2a0612b01cef68fb0cca78b,
SignatureProvided: 5bd7a1b4d8167fb94d62d1e4a08f37e937a26bf0fb56e99538a8f60281f2ce39,
StringToSignBytes: 41 57 53 34 2d 48 4d 41 43 2d 53 48 41 32 35 36 0a 32 30 32 33 31 31 32 38 54 31 31 35 34 33 38 5a 0a 32 30 32 33 31 31 32 38 2f 65 75 2d 63 65 6e 74 72 61 6c 2d 31 2f 73 33 2f 61 77 73 34 5f 72 65 71 75 65 73 74 0a 66 30 36 36 37 36 36 34 30 35 30 39 30 30 36 32 65 30 63 66 35 65 37 31 63 35 30 65 32 62 66 38 31 65 32 62 34 61 34 39 61 32 61 30 36 31 32 62 30 31 63 65 66 36 38 66 62 30 63 63 61 37 38 62,
CanonicalRequest: GET
/[bucket subdirectory name/
max-keys=1
host:[bucket name].s3.eu-central-1.amazonaws.com
x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date:20231128T115438Z
host;x-amz-content-sha256;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855,
CanonicalRequestBytes: 47 45 54 0a 2f 6b 70 6d 67 2f 0a 6d 61 78 2d 6b 65 79 73 3d 31 0a 68 6f 73 74 3a 69 63 2d 69 6e 74 65 67 72 61 74 69 6f 6e 73 2e 73 33 2e 65 75 2d 63 65 6e 74 72 61 6c 2d 31 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 0a 78 2d 61 6d 7a 2d 63 6f 6e 74 65 6e 74 2d 73 68 61 32 35 36 3a 65 33 62 30 63 34 34 32 39 38 66 63 31 63 31 34 39 61 66 62 66 34 63 38 39 39 36 66 62 39 32 34 32 37 61 65 34 31 65 34 36 34 39 62 39 33 34 63 61 34 39 35 39 39 31 62 37 38 35 32 62 38 35 35 0a 78 2d 61 6d 7a 2d 64 61 74 65 3a 32 30 32 33 31 31 32 38 54 31 31 35 34 33 38 5a 0a 0a 68 6f 73 74 3b 78 2d 61 6d 7a 2d 63 6f 6e 74 65 6e 74 2d 73 68 61 32 35 36 3b 78 2d 61 6d 7a 2d 64 61 74 65 0a 65 33 62 30 63 34 34 32 39 38 66 63 31 63 31 34 39 61 66 62 66 34 63 38 39 39 36 66 62 39 32 34 32 37 61 65 34 31 65 34 36 34 39 62 39 33 34 63 61 34 39 35 39 39 31 62 37 38 35 32 62 38 35 35,
RequestId: C8Q9PNXXHPQPEFC3,
HostId: K2MfMucDzIk9QXCnQivd6Lqb3Ssdoa4imfAFWMsggf4Rlbo/5Km2mnABYpvC9J4arLReUEr63Ag=
Connection failed.
I have checked the key and that is ok. Any idea?
- martin
Re: s3 buckets
I have create a new bucket, enabled S3 transfer acceleration on it.
I've configured WinSCP to connect via
Where do we differ? Can you post a session log file?
I've configured WinSCP to connect via
s3-accelerate.amazonaws.com (instead of the default s3.amazonaws.com). But I still can work with the bucket without any problem.
Where do we differ? Can you post a session log file?
- martin
Re: s3 buckets
I've didn't hear about accelerated endpoint until now. I'll check that.
- mprewitt007
s3 buckets
Ok, after testing, only some buckets are not working, so we are double checking this.
We did realize that we were using an accelerated endpoint, not the default "s3.amazonaws.com"
We had accelerated a bucket, which provides a new bucket name.
Our other tools supported this, so we just assumed WinSCP did, but it apparently provides a 403 error in the logs using an accelerated path.
Is this a known issue?
We did realize that we were using an accelerated endpoint, not the default "s3.amazonaws.com"
We had accelerated a bucket, which provides a new bucket name.
Our other tools supported this, so we just assumed WinSCP did, but it apparently provides a 403 error in the logs using an accelerated path.
Is this a known issue?
- martin
Re: s3 endpoint issues
Do you have a public test bucket in mind as none of our buckets are public.
I understand that. I was asking you would be able to create a test public bucket that would have the problem.
The ones we have working have an aws transfer in front of them, so are using ppks for authentication instead of accesskey & secrets.
So actually does any S3 bucket work for you, when you are connecting using S3 protocol? The buckets you are accessing via SFTP are irrelevant to this problem.
- mprewitt007
s3 endpoint issues
Do you have a public test bucket in mind as none of our buckets are public.
We are able to access some bucket.
We did isolate that accelerated endpoints are not working.
Normal s3 some work, some don't.
All our buckets are in east-1.
The ones we have working have an aws transfer in front of them, so are using ppks for authentication instead of accesskey & secrets.
I have a client who can access it, but it drops connection every so often without retrying and he's having to manually reconnect. He's using 5.20rc3
We are able to access some bucket.
We did isolate that accelerated endpoints are not working.
Normal s3 some work, some don't.
All our buckets are in east-1.
The ones we have working have an aws transfer in front of them, so are using ppks for authentication instead of accesskey & secrets.
I have a client who can access it, but it drops connection every so often without retrying and he's having to manually reconnect. He's using 5.20rc3
- martin
Re: S3 endpoints not working 5.19.6 and 5.20.3rc
Thanks for your report. Would you able to reproduce the problem with some test public bucket that you can share with us?
- mprewitt007
S3 endpoints not working 5.19.6 and 5.20.3rc
Good Day,
We use S3 extensively and WinSCP is our preference.
Starting today we noticed that some of our buckets are getting this error:
I've posted the full error below and will upload a scrubbed log as well.
FileZilla Pro still works with no issue, and some S3 buckets work with no issue.
We've checked the IAM key and endpoints and tried this from other computers
We use S3 extensively and WinSCP is our preference.
Starting today we noticed that some of our buckets are getting this error:
The request signature we calculated does not match the signature you provided. Check your key and signing method.
I've posted the full error below and will upload a scrubbed log as well.
FileZilla Pro still works with no issue, and some S3 buckets work with no issue.
We've checked the IAM key and endpoints and tried this from other computers
The request signature we calculated does not match the signature you provided. Check your key and signing method.
Extra Details: AWSAccessKeyId: XXXXremovedXXXX, StringToSign: AWS4-HMAC-SHA256
20220602T163240Z
20220602/us-east-1/s3/aws4_request
98ae89429d771c6de6adac4db0063fb2a06be38c8ba0c36962586444e2b6f4ec, SignatureProvided: 51b7d1201f713d8cbf1ec3f586356b8a91da3960bda48ed1a2cb8a7fde3b4b92, StringToSignBytes: 41 57 53 34 2d 48 4d 41 43 2d 53 48 41 32 35 36 0a 32 30 32 32 30 36 30 32 54 31 36 33 32 34 30 5a 0a 32 30 32 32 30 36 30 32 2f 75 73 2d 65 61 73 74 2d 31 2f 73 33 2f 61 77 73 34 5f 72 65 71 75 65 73 74 0a 39 38 61 65 38 39 34 32 39 64 37 37 31 63 36 64 65 36 61 64 61 63 34 64 62 30 30 36 33 66 62 32 61 30 36 62 65 33 38 63 38 62 61 30 63 33 36 39 36 32 35 38 36 34 34 34 65 32 62 36 66 34 65 63, CanonicalRequest: GET
/XXXXX bucketname removed xxx/
delimiter=%2F&max-keys=1&prefix=ingest%2F
host:s3.amazonaws.com
x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date:20220602T163240Z
host;x-amz-content-sha256;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855, CanonicalRequestBytes: 47 45 54 0a 2f 74 65 6e 61 6e 74 2d 64 72 6f 70 31 34 2d 6f 64 6f 6e 6e 65 6c 6c 63 68 72 69 73 74 6f 70 68 65 72 2d 65 64 64 6d 2f 0a 64 65 6c 69 6d 69 74 65 72 3d 25 32 46 26 6d 61 78 2d 6b 65 79 73 3d 31 26 70 72 65 66 69 78 3d 69 6e 67 65 73 74 25 32 46 0a 68 6f 73 74 3a 73 33 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 0a 78 2d 61 6d 7a 2d 63 6f 6e 74 65 6e 74 2d 73 68 61 32 35 36 3a 65 33 62 30 63 34 34 32 39 38 66 63 31 63 31 34 39 61 66 62 66 34 63 38 39 39 36 66 62 39 32 34 32 37 61 65 34 31 65 34 36 34 39 62 39 33 34 63 61 34 39 35 39 39 31 62 37 38 35 32 62 38 35 35 0a 78 2d 61 6d 7a 2d 64 61 74 65 3a 32 30 32 32 30 36 30 32 54 31 36 33 32 34 30 5a 0a 0a 68 6f 73 74 3b 78 2d 61 6d 7a 2d 63 6f 6e 74 65 6e 74 2d 73 68 61 32 35 36 3b 78 2d 61 6d 7a 2d 64 61 74 65 0a 65 33 62 30 63 34 34 32 39 38 66 63 31 63 31 34 39 61 66 62 66 34 63 38 39 39 36 66 62 39 32 34 32 37 61 65 34 31 65 34 36 34 39 62 39 33 34 63 61 34 39 35 39 39 31 62 37 38 35 32 62 38 35 35, RequestId: GCBFKH2SK2H5R9KG, HostId: P0k6v48phktgDYZSstp98aLtyfO4LXS6d7vp8tzaycDGgV6nnidsg0AzVrFrpqPIoIuNXDH0KgI=
Connection failed.