Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

ACG

now account created (to track this issue)

subject = message, issue reported above as guest
ACG

Same issue, don't know what to do

A supplier gave me the S3 endpoint and I am trying to connect with WinSCP but getting the following errror
The request signature we calculated does not match the signature you provided. Check your key and signing method.
Extra Details: AWSAccessKeyId: XXXXremovedXXXX, StringToSign: AWS4-HMAC-SHA256
20231128T115438Z
20231128/eu-central-1/s3/aws4_request
f066766405090062e0cf5e71c50e2bf81e2b4a49a2a0612b01cef68fb0cca78b,
SignatureProvided: 5bd7a1b4d8167fb94d62d1e4a08f37e937a26bf0fb56e99538a8f60281f2ce39,
StringToSignBytes: 41 57 53 34 2d 48 4d 41 43 2d 53 48 41 32 35 36 0a 32 30 32 33 31 31 32 38 54 31 31 35 34 33 38 5a 0a 32 30 32 33 31 31 32 38 2f 65 75 2d 63 65 6e 74 72 61 6c 2d 31 2f 73 33 2f 61 77 73 34 5f 72 65 71 75 65 73 74 0a 66 30 36 36 37 36 36 34 30 35 30 39 30 30 36 32 65 30 63 66 35 65 37 31 63 35 30 65 32 62 66 38 31 65 32 62 34 61 34 39 61 32 61 30 36 31 32 62 30 31 63 65 66 36 38 66 62 30 63 63 61 37 38 62,
CanonicalRequest: GET
/[bucket subdirectory name/
max-keys=1
host:[bucket name].s3.eu-central-1.amazonaws.com
x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date:20231128T115438Z

host;x-amz-content-sha256;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855,
CanonicalRequestBytes: 47 45 54 0a 2f 6b 70 6d 67 2f 0a 6d 61 78 2d 6b 65 79 73 3d 31 0a 68 6f 73 74 3a 69 63 2d 69 6e 74 65 67 72 61 74 69 6f 6e 73 2e 73 33 2e 65 75 2d 63 65 6e 74 72 61 6c 2d 31 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 0a 78 2d 61 6d 7a 2d 63 6f 6e 74 65 6e 74 2d 73 68 61 32 35 36 3a 65 33 62 30 63 34 34 32 39 38 66 63 31 63 31 34 39 61 66 62 66 34 63 38 39 39 36 66 62 39 32 34 32 37 61 65 34 31 65 34 36 34 39 62 39 33 34 63 61 34 39 35 39 39 31 62 37 38 35 32 62 38 35 35 0a 78 2d 61 6d 7a 2d 64 61 74 65 3a 32 30 32 33 31 31 32 38 54 31 31 35 34 33 38 5a 0a 0a 68 6f 73 74 3b 78 2d 61 6d 7a 2d 63 6f 6e 74 65 6e 74 2d 73 68 61 32 35 36 3b 78 2d 61 6d 7a 2d 64 61 74 65 0a 65 33 62 30 63 34 34 32 39 38 66 63 31 63 31 34 39 61 66 62 66 34 63 38 39 39 36 66 62 39 32 34 32 37 61 65 34 31 65 34 36 34 39 62 39 33 34 63 61 34 39 35 39 39 31 62 37 38 35 32 62 38 35 35,
RequestId: C8Q9PNXXHPQPEFC3,
HostId: K2MfMucDzIk9QXCnQivd6Lqb3Ssdoa4imfAFWMsggf4Rlbo/5Km2mnABYpvC9J4arLReUEr63Ag=
Connection failed.

I have checked the key and that is ok. Any idea?
martin

Re: s3 buckets

I have create a new bucket, enabled S3 transfer acceleration on it.

I've configured WinSCP to connect via s3-accelerate.amazonaws.com (instead of the default s3.amazonaws.com). But I still can work with the bucket without any problem.

Where do we differ? Can you post a session log file?
martin

Re: s3 buckets

I've didn't hear about accelerated endpoint until now. I'll check that.
mprewitt007

s3 buckets

Ok, after testing, only some buckets are not working, so we are double checking this.
We did realize that we were using an accelerated endpoint, not the default "s3.amazonaws.com"
We had accelerated a bucket, which provides a new bucket name.
Our other tools supported this, so we just assumed WinSCP did, but it apparently provides a 403 error in the logs using an accelerated path.
Is this a known issue?
martin

Re: s3 endpoint issues

mprewitt007 wrote:

Do you have a public test bucket in mind as none of our buckets are public.

I understand that. I was asking you would be able to create a test public bucket that would have the problem.

The ones we have working have an aws transfer in front of them, so are using ppks for authentication instead of accesskey & secrets.

So actually does any S3 bucket work for you, when you are connecting using S3 protocol? The buckets you are accessing via SFTP are irrelevant to this problem.
mprewitt007

s3 endpoint issues

Do you have a public test bucket in mind as none of our buckets are public.
We are able to access some bucket.
We did isolate that accelerated endpoints are not working.
Normal s3 some work, some don't.
All our buckets are in east-1.
The ones we have working have an aws transfer in front of them, so are using ppks for authentication instead of accesskey & secrets.
I have a client who can access it, but it drops connection every so often without retrying and he's having to manually reconnect. He's using 5.20rc3
martin

Re: S3 endpoints not working 5.19.6 and 5.20.3rc

Thanks for your report. Would you able to reproduce the problem with some test public bucket that you can share with us?
mprewitt007

S3 endpoints not working 5.19.6 and 5.20.3rc

Good Day,
We use S3 extensively and WinSCP is our preference.
Starting today we noticed that some of our buckets are getting this error:
The request signature we calculated does not match the signature you provided. Check your key and signing method.

I've posted the full error below and will upload a scrubbed log as well.
FileZilla Pro still works with no issue, and some S3 buckets work with no issue.
We've checked the IAM key and endpoints and tried this from other computers
The request signature we calculated does not match the signature you provided. Check your key and signing method.
Extra Details: AWSAccessKeyId: XXXXremovedXXXX, StringToSign: AWS4-HMAC-SHA256
20220602T163240Z
20220602/us-east-1/s3/aws4_request
98ae89429d771c6de6adac4db0063fb2a06be38c8ba0c36962586444e2b6f4ec, SignatureProvided: 51b7d1201f713d8cbf1ec3f586356b8a91da3960bda48ed1a2cb8a7fde3b4b92, StringToSignBytes: 41 57 53 34 2d 48 4d 41 43 2d 53 48 41 32 35 36 0a 32 30 32 32 30 36 30 32 54 31 36 33 32 34 30 5a 0a 32 30 32 32 30 36 30 32 2f 75 73 2d 65 61 73 74 2d 31 2f 73 33 2f 61 77 73 34 5f 72 65 71 75 65 73 74 0a 39 38 61 65 38 39 34 32 39 64 37 37 31 63 36 64 65 36 61 64 61 63 34 64 62 30 30 36 33 66 62 32 61 30 36 62 65 33 38 63 38 62 61 30 63 33 36 39 36 32 35 38 36 34 34 34 65 32 62 36 66 34 65 63, CanonicalRequest: GET
/XXXXX bucketname removed xxx/
delimiter=%2F&max-keys=1&prefix=ingest%2F
host:s3.amazonaws.com
x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date:20220602T163240Z

host;x-amz-content-sha256;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855, CanonicalRequestBytes: 47 45 54 0a 2f 74 65 6e 61 6e 74 2d 64 72 6f 70 31 34 2d 6f 64 6f 6e 6e 65 6c 6c 63 68 72 69 73 74 6f 70 68 65 72 2d 65 64 64 6d 2f 0a 64 65 6c 69 6d 69 74 65 72 3d 25 32 46 26 6d 61 78 2d 6b 65 79 73 3d 31 26 70 72 65 66 69 78 3d 69 6e 67 65 73 74 25 32 46 0a 68 6f 73 74 3a 73 33 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 0a 78 2d 61 6d 7a 2d 63 6f 6e 74 65 6e 74 2d 73 68 61 32 35 36 3a 65 33 62 30 63 34 34 32 39 38 66 63 31 63 31 34 39 61 66 62 66 34 63 38 39 39 36 66 62 39 32 34 32 37 61 65 34 31 65 34 36 34 39 62 39 33 34 63 61 34 39 35 39 39 31 62 37 38 35 32 62 38 35 35 0a 78 2d 61 6d 7a 2d 64 61 74 65 3a 32 30 32 32 30 36 30 32 54 31 36 33 32 34 30 5a 0a 0a 68 6f 73 74 3b 78 2d 61 6d 7a 2d 63 6f 6e 74 65 6e 74 2d 73 68 61 32 35 36 3b 78 2d 61 6d 7a 2d 64 61 74 65 0a 65 33 62 30 63 34 34 32 39 38 66 63 31 63 31 34 39 61 66 62 66 34 63 38 39 39 36 66 62 39 32 34 32 37 61 65 34 31 65 34 36 34 39 62 39 33 34 63 61 34 39 35 39 39 31 62 37 38 35 32 62 38 35 35, RequestId: GCBFKH2SK2H5R9KG, HostId: P0k6v48phktgDYZSstp98aLtyfO4LXS6d7vp8tzaycDGgV6nnidsg0AzVrFrpqPIoIuNXDH0KgI=
Connection failed.