now account created (to track this issue)
subject = message, issue reported above as guest
- ACG
Post a reply
Before posting, please read how to report bug or request support effectively.
Bug reports without an attached log file are usually useless.
Topic review
- ACG
Same issue, don't know what to do
A supplier gave me the S3 endpoint and I am trying to connect with WinSCP but getting the following errror
The request signature we calculated does not match the signature you provided. Check your key and signing method.
Extra Details: AWSAccessKeyId: XXXXremovedXXXX, StringToSign: AWS4-HMAC-SHA256
20231128T115438Z
20231128/eu-central-1/s3/aws4_request
f066766405090062e0cf5e71c50e2bf81e2b4a49a2a0612b01cef68fb0cca78b,
SignatureProvided: 5bd7a1b4d8167fb94d62d1e4a08f37e937a26bf0fb56e99538a8f60281f2ce39,
StringToSignBytes: 41 57 53 34 2d 48 4d 41 43 2d 53 48 41 32 35 36 0a 32 30 32 33 31 31 32 38 54 31 31 35 34 33 38 5a 0a 32 30 32 33 31 31 32 38 2f 65 75 2d 63 65 6e 74 72 61 6c 2d 31 2f 73 33 2f 61 77 73 34 5f 72 65 71 75 65 73 74 0a 66 30 36 36 37 36 36 34 30 35 30 39 30 30 36 32 65 30 63 66 35 65 37 31 63 35 30 65 32 62 66 38 31 65 32 62 34 61 34 39 61 32 61 30 36 31 32 62 30 31 63 65 66 36 38 66 62 30 63 63 61 37 38 62,
CanonicalRequest: GET
/[bucket subdirectory name/
max-keys=1
host:[bucket name].s3.eu-central-1.amazonaws.com
x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date:20231128T115438Z
host;x-amz-content-sha256;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855,
CanonicalRequestBytes: 47 45 54 0a 2f 6b 70 6d 67 2f 0a 6d 61 78 2d 6b 65 79 73 3d 31 0a 68 6f 73 74 3a 69 63 2d 69 6e 74 65 67 72 61 74 69 6f 6e 73 2e 73 33 2e 65 75 2d 63 65 6e 74 72 61 6c 2d 31 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 0a 78 2d 61 6d 7a 2d 63 6f 6e 74 65 6e 74 2d 73 68 61 32 35 36 3a 65 33 62 30 63 34 34 32 39 38 66 63 31 63 31 34 39 61 66 62 66 34 63 38 39 39 36 66 62 39 32 34 32 37 61 65 34 31 65 34 36 34 39 62 39 33 34 63 61 34 39 35 39 39 31 62 37 38 35 32 62 38 35 35 0a 78 2d 61 6d 7a 2d 64 61 74 65 3a 32 30 32 33 31 31 32 38 54 31 31 35 34 33 38 5a 0a 0a 68 6f 73 74 3b 78 2d 61 6d 7a 2d 63 6f 6e 74 65 6e 74 2d 73 68 61 32 35 36 3b 78 2d 61 6d 7a 2d 64 61 74 65 0a 65 33 62 30 63 34 34 32 39 38 66 63 31 63 31 34 39 61 66 62 66 34 63 38 39 39 36 66 62 39 32 34 32 37 61 65 34 31 65 34 36 34 39 62 39 33 34 63 61 34 39 35 39 39 31 62 37 38 35 32 62 38 35 35,
RequestId: C8Q9PNXXHPQPEFC3,
HostId: K2MfMucDzIk9QXCnQivd6Lqb3Ssdoa4imfAFWMsggf4Rlbo/5Km2mnABYpvC9J4arLReUEr63Ag=
Connection failed.
I have checked the key and that is ok. Any idea?
The request signature we calculated does not match the signature you provided. Check your key and signing method.
Extra Details: AWSAccessKeyId: XXXXremovedXXXX, StringToSign: AWS4-HMAC-SHA256
20231128T115438Z
20231128/eu-central-1/s3/aws4_request
f066766405090062e0cf5e71c50e2bf81e2b4a49a2a0612b01cef68fb0cca78b,
SignatureProvided: 5bd7a1b4d8167fb94d62d1e4a08f37e937a26bf0fb56e99538a8f60281f2ce39,
StringToSignBytes: 41 57 53 34 2d 48 4d 41 43 2d 53 48 41 32 35 36 0a 32 30 32 33 31 31 32 38 54 31 31 35 34 33 38 5a 0a 32 30 32 33 31 31 32 38 2f 65 75 2d 63 65 6e 74 72 61 6c 2d 31 2f 73 33 2f 61 77 73 34 5f 72 65 71 75 65 73 74 0a 66 30 36 36 37 36 36 34 30 35 30 39 30 30 36 32 65 30 63 66 35 65 37 31 63 35 30 65 32 62 66 38 31 65 32 62 34 61 34 39 61 32 61 30 36 31 32 62 30 31 63 65 66 36 38 66 62 30 63 63 61 37 38 62,
CanonicalRequest: GET
/[bucket subdirectory name/
max-keys=1
host:[bucket name].s3.eu-central-1.amazonaws.com
x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date:20231128T115438Z
host;x-amz-content-sha256;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855,
CanonicalRequestBytes: 47 45 54 0a 2f 6b 70 6d 67 2f 0a 6d 61 78 2d 6b 65 79 73 3d 31 0a 68 6f 73 74 3a 69 63 2d 69 6e 74 65 67 72 61 74 69 6f 6e 73 2e 73 33 2e 65 75 2d 63 65 6e 74 72 61 6c 2d 31 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 0a 78 2d 61 6d 7a 2d 63 6f 6e 74 65 6e 74 2d 73 68 61 32 35 36 3a 65 33 62 30 63 34 34 32 39 38 66 63 31 63 31 34 39 61 66 62 66 34 63 38 39 39 36 66 62 39 32 34 32 37 61 65 34 31 65 34 36 34 39 62 39 33 34 63 61 34 39 35 39 39 31 62 37 38 35 32 62 38 35 35 0a 78 2d 61 6d 7a 2d 64 61 74 65 3a 32 30 32 33 31 31 32 38 54 31 31 35 34 33 38 5a 0a 0a 68 6f 73 74 3b 78 2d 61 6d 7a 2d 63 6f 6e 74 65 6e 74 2d 73 68 61 32 35 36 3b 78 2d 61 6d 7a 2d 64 61 74 65 0a 65 33 62 30 63 34 34 32 39 38 66 63 31 63 31 34 39 61 66 62 66 34 63 38 39 39 36 66 62 39 32 34 32 37 61 65 34 31 65 34 36 34 39 62 39 33 34 63 61 34 39 35 39 39 31 62 37 38 35 32 62 38 35 35,
RequestId: C8Q9PNXXHPQPEFC3,
HostId: K2MfMucDzIk9QXCnQivd6Lqb3Ssdoa4imfAFWMsggf4Rlbo/5Km2mnABYpvC9J4arLReUEr63Ag=
Connection failed.
I have checked the key and that is ok. Any idea?
- martin
Re: s3 buckets
I have create a new bucket, enabled S3 transfer acceleration on it.
I've configured WinSCP to connect via
Where do we differ? Can you post a session log file?
I've configured WinSCP to connect via
s3-accelerate.amazonaws.com (instead of the default s3.amazonaws.com). But I still can work with the bucket without any problem.
Where do we differ? Can you post a session log file?
- martin
Re: s3 buckets
I've didn't hear about accelerated endpoint until now. I'll check that.
- mprewitt007
s3 buckets
Ok, after testing, only some buckets are not working, so we are double checking this.
We did realize that we were using an accelerated endpoint, not the default "s3.amazonaws.com"
We had accelerated a bucket, which provides a new bucket name.
Our other tools supported this, so we just assumed WinSCP did, but it apparently provides a 403 error in the logs using an accelerated path.
Is this a known issue?
We did realize that we were using an accelerated endpoint, not the default "s3.amazonaws.com"
We had accelerated a bucket, which provides a new bucket name.
Our other tools supported this, so we just assumed WinSCP did, but it apparently provides a 403 error in the logs using an accelerated path.
Is this a known issue?
- martin
Re: s3 endpoint issues
Do you have a public test bucket in mind as none of our buckets are public.
I understand that. I was asking you would be able to create a test public bucket that would have the problem.
The ones we have working have an aws transfer in front of them, so are using ppks for authentication instead of accesskey & secrets.
So actually does any S3 bucket work for you, when you are connecting using S3 protocol? The buckets you are accessing via SFTP are irrelevant to this problem.
- mprewitt007
s3 endpoint issues
Do you have a public test bucket in mind as none of our buckets are public.
We are able to access some bucket.
We did isolate that accelerated endpoints are not working.
Normal s3 some work, some don't.
All our buckets are in east-1.
The ones we have working have an aws transfer in front of them, so are using ppks for authentication instead of accesskey & secrets.
I have a client who can access it, but it drops connection every so often without retrying and he's having to manually reconnect. He's using 5.20rc3
We are able to access some bucket.
We did isolate that accelerated endpoints are not working.
Normal s3 some work, some don't.
All our buckets are in east-1.
The ones we have working have an aws transfer in front of them, so are using ppks for authentication instead of accesskey & secrets.
I have a client who can access it, but it drops connection every so often without retrying and he's having to manually reconnect. He's using 5.20rc3
- martin
Re: S3 endpoints not working 5.19.6 and 5.20.3rc
Thanks for your report. Would you able to reproduce the problem with some test public bucket that you can share with us?
- mprewitt007
S3 endpoints not working 5.19.6 and 5.20.3rc
Good Day,
We use S3 extensively and WinSCP is our preference.
Starting today we noticed that some of our buckets are getting this error:
I've posted the full error below and will upload a scrubbed log as well.
FileZilla Pro still works with no issue, and some S3 buckets work with no issue.
We've checked the IAM key and endpoints and tried this from other computers
We use S3 extensively and WinSCP is our preference.
Starting today we noticed that some of our buckets are getting this error:
The request signature we calculated does not match the signature you provided. Check your key and signing method.
I've posted the full error below and will upload a scrubbed log as well.
FileZilla Pro still works with no issue, and some S3 buckets work with no issue.
We've checked the IAM key and endpoints and tried this from other computers
The request signature we calculated does not match the signature you provided. Check your key and signing method.
Extra Details: AWSAccessKeyId: XXXXremovedXXXX, StringToSign: AWS4-HMAC-SHA256
20220602T163240Z
20220602/us-east-1/s3/aws4_request
98ae89429d771c6de6adac4db0063fb2a06be38c8ba0c36962586444e2b6f4ec, SignatureProvided: 51b7d1201f713d8cbf1ec3f586356b8a91da3960bda48ed1a2cb8a7fde3b4b92, StringToSignBytes: 41 57 53 34 2d 48 4d 41 43 2d 53 48 41 32 35 36 0a 32 30 32 32 30 36 30 32 54 31 36 33 32 34 30 5a 0a 32 30 32 32 30 36 30 32 2f 75 73 2d 65 61 73 74 2d 31 2f 73 33 2f 61 77 73 34 5f 72 65 71 75 65 73 74 0a 39 38 61 65 38 39 34 32 39 64 37 37 31 63 36 64 65 36 61 64 61 63 34 64 62 30 30 36 33 66 62 32 61 30 36 62 65 33 38 63 38 62 61 30 63 33 36 39 36 32 35 38 36 34 34 34 65 32 62 36 66 34 65 63, CanonicalRequest: GET
/XXXXX bucketname removed xxx/
delimiter=%2F&max-keys=1&prefix=ingest%2F
host:s3.amazonaws.com
x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date:20220602T163240Z
host;x-amz-content-sha256;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855, CanonicalRequestBytes: 47 45 54 0a 2f 74 65 6e 61 6e 74 2d 64 72 6f 70 31 34 2d 6f 64 6f 6e 6e 65 6c 6c 63 68 72 69 73 74 6f 70 68 65 72 2d 65 64 64 6d 2f 0a 64 65 6c 69 6d 69 74 65 72 3d 25 32 46 26 6d 61 78 2d 6b 65 79 73 3d 31 26 70 72 65 66 69 78 3d 69 6e 67 65 73 74 25 32 46 0a 68 6f 73 74 3a 73 33 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 0a 78 2d 61 6d 7a 2d 63 6f 6e 74 65 6e 74 2d 73 68 61 32 35 36 3a 65 33 62 30 63 34 34 32 39 38 66 63 31 63 31 34 39 61 66 62 66 34 63 38 39 39 36 66 62 39 32 34 32 37 61 65 34 31 65 34 36 34 39 62 39 33 34 63 61 34 39 35 39 39 31 62 37 38 35 32 62 38 35 35 0a 78 2d 61 6d 7a 2d 64 61 74 65 3a 32 30 32 32 30 36 30 32 54 31 36 33 32 34 30 5a 0a 0a 68 6f 73 74 3b 78 2d 61 6d 7a 2d 63 6f 6e 74 65 6e 74 2d 73 68 61 32 35 36 3b 78 2d 61 6d 7a 2d 64 61 74 65 0a 65 33 62 30 63 34 34 32 39 38 66 63 31 63 31 34 39 61 66 62 66 34 63 38 39 39 36 66 62 39 32 34 32 37 61 65 34 31 65 34 36 34 39 62 39 33 34 63 61 34 39 35 39 39 31 62 37 38 35 32 62 38 35 35, RequestId: GCBFKH2SK2H5R9KG, HostId: P0k6v48phktgDYZSstp98aLtyfO4LXS6d7vp8tzaycDGgV6nnidsg0AzVrFrpqPIoIuNXDH0KgI=
Connection failed.