Server refused public-key signature despite accepting key!
This looks like a problem you've been chasing for a while as I saw a couple different bug reports and forum postings when I search for the error: "Server refused public-key signature despite accepting key!".
Most of the time it works fine, but occasionally it fails with that error and then tries to fall back to an interactive login.
I started doing this transfer in early January about 3 times per day and it has had this trouble signing on only about 3 times total. Overall a pretty good percentage but something must still be going wrong occasionally.
The server I'm trying to connect to is a product called Axway SecureTransport, I think. I've tried to upgrade winscp twice now to see if the newer version fixed it, but last night the problem came back with WinSCP 5.7.1.
Here's the redacted version of the file winscp created:
I tried to find/replace so as to keep it possible for you to follow it but hopefully I didn't remove too much info.
. 2015-04-07 21:45:05.528 WinSCP Version 5.7.1 (Build 5235) (OS 6.1.7601 Service Pack 1 - Windows Server 2008 R2 Standard)
. 2015-04-07 21:45:05.528 Configuration: c:\Program Files (x86)\WinSCP\WinSCP.ini
. 2015-04-07 21:45:05.528 Log level: Normal
. 2015-04-07 21:45:05.528 Local account: local_process_username_redacted
. 2015-04-07 21:45:05.528 Working directory: C:\Windows\system32
. 2015-04-07 21:45:05.528 Process ID: 7920
. 2015-04-07 21:45:05.528 Command-line: "c:\Program Files (x86)\WinSCP\WinSCP.exe" /console=571 /consoleinstance=_4868_100 "/command" "option batch abort" "open sitename_redacted" "get /to_cust/*.xml d:\TransfersIN\" "exit"
. 2015-04-07 21:45:05.528 Time zone: Current: GMT-5, Standard: GMT-6 (Central Standard Time), DST: GMT-5 (Central Daylight Time), DST Start: 3/8/2015, DST End: 11/1/2015
. 2015-04-07 21:45:05.528 Login time: Tuesday, April 07, 2015 9:45:05 PM
. 2015-04-07 21:45:05.528 --------------------------------------------------------------------------
. 2015-04-07 21:45:05.528 Script: Retrospectively logging previous script records:
> 2015-04-07 21:45:05.528 Script: option batch abort
< 2015-04-07 21:45:05.528 Script: batch abort
< 2015-04-07 21:45:05.528 Script: reconnecttime 120
> 2015-04-07 21:45:05.528 Script: open sitename_redacted
. 2015-04-07 21:45:05.528 --------------------------------------------------------------------------
. 2015-04-07 21:45:05.528 Session name: sitename_redacted (Site)
. 2015-04-07 21:45:05.528 Host name: remote_hostname_redacted (Port: 22)
. 2015-04-07 21:45:05.528 User name: remote_username_redacted (Password: No, Key file: Yes)
. 2015-04-07 21:45:05.528 Tunnel: No
. 2015-04-07 21:45:05.528 Transfer Protocol: SFTP
. 2015-04-07 21:45:05.528 Ping type: -, Ping interval: 30 sec; Timeout: 15 sec
. 2015-04-07 21:45:05.528 Disable Nagle: No
. 2015-04-07 21:45:05.528 Proxy: none
. 2015-04-07 21:45:05.528 Send buffer: 262144
. 2015-04-07 21:45:05.528 SSH protocol version: 2; Compression: No
. 2015-04-07 21:45:05.528 Bypass authentication: No
. 2015-04-07 21:45:05.528 Try agent: No; Agent forwarding: No; TIS/CryptoCard: No; KI: Yes; GSSAPI: No
. 2015-04-07 21:45:05.528 Ciphers: aes,blowfish,3des,WARN,arcfour,des; Ssh2DES: No
. 2015-04-07 21:45:05.528 KEX: dh-gex-sha1,dh-group14-sha1,dh-group1-sha1,rsa,WARN
. 2015-04-07 21:45:05.528 SSH Bugs: A,A,A,A,A,A,A,A,A,A,A
. 2015-04-07 21:45:05.528 Simple channel: Yes
. 2015-04-07 21:45:05.528 Return code variable: Autodetect; Lookup user groups: A
. 2015-04-07 21:45:05.528 Shell: default
. 2015-04-07 21:45:05.528 EOL: 0, UTF: 2
. 2015-04-07 21:45:05.528 Clear aliases: Yes, Unset nat.vars: Yes, Resolve symlinks: Yes
. 2015-04-07 21:45:05.528 LS: ls -la, Ign LS warn: Yes, Scp1 Comp: No
. 2015-04-07 21:45:05.528 SFTP Bugs: A,A
. 2015-04-07 21:45:05.528 SFTP Server: default
. 2015-04-07 21:45:05.528 Local directory: C:\Users\rehetzel\Documents, Remote directory: /input, Update: Yes, Cache: Yes
. 2015-04-07 21:45:05.528 Cache directory changes: Yes, Permanent: Yes
. 2015-04-07 21:45:05.528 DST mode: 1
. 2015-04-07 21:45:05.528 --------------------------------------------------------------------------
. 2015-04-07 21:45:05.528 Looking up host "remote_hostname_redacted"
. 2015-04-07 21:45:05.606 Connecting to 170.40.16.145 port 22
. 2015-04-07 21:45:06.386 Server version: SSH-2.0-SSHD
. 2015-04-07 21:45:06.386 Using SSH protocol version 2
. 2015-04-07 21:45:06.386 We claim version: SSH-2.0-WinSCP_release_5.7.1
. 2015-04-07 21:45:06.433 Doing Diffie-Hellman group exchange
. 2015-04-07 21:45:06.526 Doing Diffie-Hellman key exchange with hash SHA-256
. 2015-04-07 21:45:06.792 Verifying host key rsa2 key_redacted with fingerprint ssh-rsa 2048 fingerprint_redacted
. 2015-04-07 21:45:06.792 Host key does not match cached key 0x10001,key_redacted
. 2015-04-07 21:45:06.792 Host key matches cached key
. 2015-04-07 21:45:06.792 Host key fingerprint is:
. 2015-04-07 21:45:06.792 ssh-rsa 2048 fingerprint_redacted
. 2015-04-07 21:45:06.792 Initialised AES-256 SDCTR client->server encryption
. 2015-04-07 21:45:06.792 Initialised HMAC-SHA-256 client->server MAC algorithm
. 2015-04-07 21:45:06.792 Initialised AES-256 SDCTR server->client encryption
. 2015-04-07 21:45:06.792 Initialised HMAC-SHA-256 server->client MAC algorithm
. 2015-04-07 21:45:06.870 Reading private key file "C:\keys\local_hostname_redacted-private-key-2014-12-03.ppk"
! 2015-04-07 21:45:06.870 Using username "remote_username_redacted".
. 2015-04-07 21:45:06.916 Offered public key
. 2015-04-07 21:45:07.228 Offer of public key accepted
! 2015-04-07 21:45:07.228 Authenticating with public key "local_hostname_redacted-rsa-key-20141203"
. 2015-04-07 21:45:07.556 Sent public key signature
! 2015-04-07 21:45:07.587 Server refused public-key signature despite accepting key!
. 2015-04-07 21:45:07.587 Server refused public-key signature despite accepting key!
. 2015-04-07 21:45:07.587 Attempting keyboard-interactive authentication
. 2015-04-07 21:45:07.634 Prompt (keyboard interactive, "SSH server: Password Authentication", "Using keyboard-interactive authentication.", "Password: ")
Most of the time it works fine, but occasionally it fails with that error and then tries to fall back to an interactive login.
I started doing this transfer in early January about 3 times per day and it has had this trouble signing on only about 3 times total. Overall a pretty good percentage but something must still be going wrong occasionally.
The server I'm trying to connect to is a product called Axway SecureTransport, I think. I've tried to upgrade winscp twice now to see if the newer version fixed it, but last night the problem came back with WinSCP 5.7.1.
Here's the redacted version of the file winscp created:
I tried to find/replace so as to keep it possible for you to follow it but hopefully I didn't remove too much info.
. 2015-04-07 21:45:05.528 WinSCP Version 5.7.1 (Build 5235) (OS 6.1.7601 Service Pack 1 - Windows Server 2008 R2 Standard)
. 2015-04-07 21:45:05.528 Configuration: c:\Program Files (x86)\WinSCP\WinSCP.ini
. 2015-04-07 21:45:05.528 Log level: Normal
. 2015-04-07 21:45:05.528 Local account: local_process_username_redacted
. 2015-04-07 21:45:05.528 Working directory: C:\Windows\system32
. 2015-04-07 21:45:05.528 Process ID: 7920
. 2015-04-07 21:45:05.528 Command-line: "c:\Program Files (x86)\WinSCP\WinSCP.exe" /console=571 /consoleinstance=_4868_100 "/command" "option batch abort" "open sitename_redacted" "get /to_cust/*.xml d:\TransfersIN\" "exit"
. 2015-04-07 21:45:05.528 Time zone: Current: GMT-5, Standard: GMT-6 (Central Standard Time), DST: GMT-5 (Central Daylight Time), DST Start: 3/8/2015, DST End: 11/1/2015
. 2015-04-07 21:45:05.528 Login time: Tuesday, April 07, 2015 9:45:05 PM
. 2015-04-07 21:45:05.528 --------------------------------------------------------------------------
. 2015-04-07 21:45:05.528 Script: Retrospectively logging previous script records:
> 2015-04-07 21:45:05.528 Script: option batch abort
< 2015-04-07 21:45:05.528 Script: batch abort
< 2015-04-07 21:45:05.528 Script: reconnecttime 120
> 2015-04-07 21:45:05.528 Script: open sitename_redacted
. 2015-04-07 21:45:05.528 --------------------------------------------------------------------------
. 2015-04-07 21:45:05.528 Session name: sitename_redacted (Site)
. 2015-04-07 21:45:05.528 Host name: remote_hostname_redacted (Port: 22)
. 2015-04-07 21:45:05.528 User name: remote_username_redacted (Password: No, Key file: Yes)
. 2015-04-07 21:45:05.528 Tunnel: No
. 2015-04-07 21:45:05.528 Transfer Protocol: SFTP
. 2015-04-07 21:45:05.528 Ping type: -, Ping interval: 30 sec; Timeout: 15 sec
. 2015-04-07 21:45:05.528 Disable Nagle: No
. 2015-04-07 21:45:05.528 Proxy: none
. 2015-04-07 21:45:05.528 Send buffer: 262144
. 2015-04-07 21:45:05.528 SSH protocol version: 2; Compression: No
. 2015-04-07 21:45:05.528 Bypass authentication: No
. 2015-04-07 21:45:05.528 Try agent: No; Agent forwarding: No; TIS/CryptoCard: No; KI: Yes; GSSAPI: No
. 2015-04-07 21:45:05.528 Ciphers: aes,blowfish,3des,WARN,arcfour,des; Ssh2DES: No
. 2015-04-07 21:45:05.528 KEX: dh-gex-sha1,dh-group14-sha1,dh-group1-sha1,rsa,WARN
. 2015-04-07 21:45:05.528 SSH Bugs: A,A,A,A,A,A,A,A,A,A,A
. 2015-04-07 21:45:05.528 Simple channel: Yes
. 2015-04-07 21:45:05.528 Return code variable: Autodetect; Lookup user groups: A
. 2015-04-07 21:45:05.528 Shell: default
. 2015-04-07 21:45:05.528 EOL: 0, UTF: 2
. 2015-04-07 21:45:05.528 Clear aliases: Yes, Unset nat.vars: Yes, Resolve symlinks: Yes
. 2015-04-07 21:45:05.528 LS: ls -la, Ign LS warn: Yes, Scp1 Comp: No
. 2015-04-07 21:45:05.528 SFTP Bugs: A,A
. 2015-04-07 21:45:05.528 SFTP Server: default
. 2015-04-07 21:45:05.528 Local directory: C:\Users\rehetzel\Documents, Remote directory: /input, Update: Yes, Cache: Yes
. 2015-04-07 21:45:05.528 Cache directory changes: Yes, Permanent: Yes
. 2015-04-07 21:45:05.528 DST mode: 1
. 2015-04-07 21:45:05.528 --------------------------------------------------------------------------
. 2015-04-07 21:45:05.528 Looking up host "remote_hostname_redacted"
. 2015-04-07 21:45:05.606 Connecting to 170.40.16.145 port 22
. 2015-04-07 21:45:06.386 Server version: SSH-2.0-SSHD
. 2015-04-07 21:45:06.386 Using SSH protocol version 2
. 2015-04-07 21:45:06.386 We claim version: SSH-2.0-WinSCP_release_5.7.1
. 2015-04-07 21:45:06.433 Doing Diffie-Hellman group exchange
. 2015-04-07 21:45:06.526 Doing Diffie-Hellman key exchange with hash SHA-256
. 2015-04-07 21:45:06.792 Verifying host key rsa2 key_redacted with fingerprint ssh-rsa 2048 fingerprint_redacted
. 2015-04-07 21:45:06.792 Host key does not match cached key 0x10001,key_redacted
. 2015-04-07 21:45:06.792 Host key matches cached key
. 2015-04-07 21:45:06.792 Host key fingerprint is:
. 2015-04-07 21:45:06.792 ssh-rsa 2048 fingerprint_redacted
. 2015-04-07 21:45:06.792 Initialised AES-256 SDCTR client->server encryption
. 2015-04-07 21:45:06.792 Initialised HMAC-SHA-256 client->server MAC algorithm
. 2015-04-07 21:45:06.792 Initialised AES-256 SDCTR server->client encryption
. 2015-04-07 21:45:06.792 Initialised HMAC-SHA-256 server->client MAC algorithm
. 2015-04-07 21:45:06.870 Reading private key file "C:\keys\local_hostname_redacted-private-key-2014-12-03.ppk"
! 2015-04-07 21:45:06.870 Using username "remote_username_redacted".
. 2015-04-07 21:45:06.916 Offered public key
. 2015-04-07 21:45:07.228 Offer of public key accepted
! 2015-04-07 21:45:07.228 Authenticating with public key "local_hostname_redacted-rsa-key-20141203"
. 2015-04-07 21:45:07.556 Sent public key signature
! 2015-04-07 21:45:07.587 Server refused public-key signature despite accepting key!
. 2015-04-07 21:45:07.587 Server refused public-key signature despite accepting key!
. 2015-04-07 21:45:07.587 Attempting keyboard-interactive authentication
. 2015-04-07 21:45:07.634 Prompt (keyboard interactive, "SSH server: Password Authentication", "Using keyboard-interactive authentication.", "Password: ")