Thanks for sharing your findings.

Martin,
I worked with server host to look at things.

I had set permissions on the ssh folder and on the administrators_authorized_keys file to "Full Control", but apparently something else was needed. They altered the permissions, and now it is working.

A side benefit of the problem being hard to solve is that I ended up studying SSH and keys _far_ more than I would have.

Thank you for your time and help.
Kyle

Martin,

Yes it was a typo, it is C:\ProgramData.

And yes, it may not be a WinSCP problem directly. However, I did generate the first key pair with \WinSCP\PuTTY\puttygen.exe software, and the second pair from within WinSCP. I've studied documents from many websites and tutorials. I'm familiar with ssh_config and relevant settings (none of which needed to be changed for a successful connection). I've triple checked everything, and tried some variations. I've copied the public keys very carefully, not adding any characters or spaces (except a final CR I tried with and without the final CR).

I could have missed something, but I have been very systematic, and I feel like I have good understanding of how it is all supposed to work. I feel like all the settings and permissions on the server are correct. The WinSCP log show successful connection and reading of the private key.
At that point the server refuses they key, which to me implies that the format or something is wrong with the key as generated. Assuming that I got the public key properly placed.

Would it be useful for you to see the keys as generated by WinSCP?

What do you recommend? I could delete all keys on client and server, and start fresh, using a) the Login screen in WinSCP, or b) ssh key gen

Thanks
Kyle

Is this WinSCP problem? Can you authenticate using any other SSH/SFTP client?

Btw, are you sure about the c:\Windows\ProgramData\ssh\administrators_authorized_keys path? Common path to administrators_authorized_keys is C:\ProgramData\ssh\administrators_authorized_keys, unless anything checked recently.
See https://winscp.net/eng/docs/guide_windows_openssh_server#key_authentication

Hello,

I've attached the log

Here are the details of my configuration:

• Server host keys are recognized and match (according to log)
  
• The server user is in the Administrators Group
  
• sshd_config has this:
  

  Match Group administrators
  
         AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

  
  
• The file is located on the server:
  c:\Windows\ProgramData\ssh\administrators_authorized_keys
  
• The file administrators_authorized_keys has permissions for full control for the administrators group
  
• (there is no separate .ssh\authorized_keys because I understood that the administrators version would apply to all accounts in the Administrators Group)
  
• The user key pair was generated from within WinSCP for SHA2 2048
  
• the public key was opened in Notepad (running as Administrator)
  
  
  
  • and was copied to the server file above, which was opened by
    
  • notepad running as administrator on the server
    
  • There is no linefeed after the end of the public key
    
  
  

The user attempting to connect is in the Administrators Group
The user can log in to the server using Remote Desktop
I've studied the documentation pretty thoroughly, and I'm not sure what I am missing,

Thanks for your help. I hope to contribute as soon as I am able, it is hard to imagine how work this is,

Kyle