Server refused public-key signature despite accepting key

Advertisement

jhirst
Joined:
Posts:
18
Location:
Brisbane

Server refused public-key signature despite accepting key

I am using the WinSCP.net library for secure FTP file transfer (at work).
I have a scheduled job that connects to a bank's server every 3 minutes.
This job will upload files, download files and delete files from the bank's FTP site.

Most of the time this works without a problem but approximately 3 or 4 times per day there will be a SessionRemoteException while attempting to open the session.
This is not restricted to the .net library and can also happen when using the WinSCP client.

I am assuming that I have the session configured correctly as this is working in our production environment most of the time.
I do not have access to the server logs but this is not isolated.
The following was recently posted to a forum by another party and it is EXACTLY the same issue:
https://superuser.com/questions/587560/winscp-sometimes-throws-error-server-refused-public-key-signature-despite-acce

As requested by the bank I do not use a Password to connect to their FTP session, could this be an issue?

I would appreciate some insight here. I have had to code some fallback procedures for when the session fails to open.

Here is the callstack for the exception. Thanks

Exception:

Exception: WinSCP.SessionRemoteException: Connection has been unexpectedly closed. Server sent command exit status 0. ---> WinSCP.SessionRemoteException: Authentication log (see session log for details):
Using username "############".
Authenticating with public key "rsa-key-########".
Server refused public-key signature despite accepting key!

Authentication failed.
--- End of inner exception stack trace ---
at WinSCP.SessionLogReader.Read(LogReadFlags flags)
at WinSCP.ElementLogReader.Read(LogReadFlags flags)
at WinSCP.CustomLogReader.TryWaitForNonEmptyElement(String localName, LogReadFlags flags)
at WinSCP.Session.Open(SessionOptions sessionOptions)
[/b]

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
27,271
Location:
Prague, Czechia

Re: Server refused public-key signature despite accepting key

Do you have access to server's logs? Can you attach a sample for working and non-working session?

Reply with quote

jhirst
Joined:
Posts:
18
Location:
Brisbane

Re: Server refused public-key signature despite accepting key

martin wrote:

Do you have access to server's logs? Can you attach a sample for working and non-working session?

"I do not have access to the server logs but this is not isolated. "

The server is a bank and I do not have access to their logs.
I'm not sure that they will be able to supply them but will try.

Reply with quote

jhirst
Joined:
Posts:
18
Location:
Brisbane

This exception is still occurring, on average twice per day.
The server logs do not indicate any unusual activity at all at the times that the exceptions happen.
Do you have any idea on how I can troubleshoot this?
Previously I was regularly connecting to a single FTP site, for downloading and uploading every 3 minutes.
I am now also connecting to a second FTP site, also opening a session every 3 minutes.
I am getting the same occasional issue with the second site so the server is most likely not at fault.

Reply with quote

jhirst
Joined:
Posts:
18
Location:
Brisbane

I created a test app which loops 200 times, simply opening a session.
When I ran it, on iteration 112 I received the SessionRemoveException exception (Server refused public-key signature despite accepting key!).

for (int i = 0; i < 200; ++i)
{
using (var session = new Session())
{
session.ExecutablePath = @"c:\Program Files\WinSCP\WinSCP.exe";

if (!session.Opened)
{
session.Open(sessionOptions);
}
Console.WriteLine(string.Format("Session {0} opened", i));
}
}

Reply with quote

jhirst
Joined:
Posts:
18
Location:
Brisbane

I did the same but using the debug version of WinSCP
I have attached part of the log for when the authentication failed (max attachment size is 1mb and logs are 4mb..)

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
27,271
Location:
Prague, Czechia

Thanks for the log. Any chance of getting a test account on your server?

Reply with quote

jhirst
Joined:
Posts:
18
Location:
Brisbane

Hi Martin

The ftp site is a bank so I don't know if they will be happy to create another account. I'll see..

This is reproduce-able when I run this test on other servers.
I even ran the same test on my local pc and it causes an exception on the 20th session open.

Do you know of any test SFTP sites that I can use to see if the same thing happens?
I've reproduced this with two SFTP sites but would like to see a third.
I can't seem to find any test Secure FTP sites.

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
27,271
Location:
Prague, Czechia

I'm not aware of any test SFTP site.
Are you able to reproduce the problem using PuTTY SSH client? You can automate the test using plink tool from PuTTY package.
_________________
Martin Prikryl

Reply with quote

jhirst
Joined:
Posts:
18
Location:
Brisbane

Putty is providing me with this error when I try to connect:
Server refused to start shell/command

Google is not helping...

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
27,271
Location:
Prague, Czechia

Ok, so use psftp (also from PuTTY suite) for the test instead.
_________________
Martin Prikryl

Reply with quote

jhirst
Joined:
Posts:
18
Location:
Brisbane

Apparently we are not the only people experiencing this exception and it is due to a sluggish transfer system at the server.
This does not seem to be a WinSCP issue.

Thanks

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
27,271
Location:
Prague, Czechia

jhirst wrote:

Apparently we are not the only people experiencing this exception and it is due to a sluggish transfer system at the server.
This does not seem to be a WinSCP issue.
Thanks for your feedback.
_________________
Martin Prikryl

Reply with quote

Advertisement

You can post new topics in this forum