Topic "winscp fails connection with "Server's host key did not match the signature supplied""

Author Message
kernelhacker
[View user's profile]

Joined: 2017-03-10
Posts: 3
Location: Washington DC
Several odd things about this. It happens only with the updated ssh servers. Putty(0.67/0.6Cool and winscp 5.7.7 works fine, and have no problems with unix servers, so it's most likely a bug in winscp.

Enclosed the log, but doesn't have anything helpful. You can try a connection to aresearch.com (doesn't even get to the username) and see. Not sure what else to try at this point (it's probably unhappy about the ciphers, but not sure adding old ciphers is a good thing, plus putty release doesn't require this).

Thanks in advance.
ssh.log (5.22 KB) Private file

Description: Failure log

Advertisements
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 26150
Location: Prague, Czechia
I cannot connect to aresearch.com with PuTTY 0.68 either. I'm getting the same error message.

Show us your PuTTY 0.68 log file. You probably use a non-default configuration in PuTTY.
kernelhacker
[View user's profile]

Joined: 2017-03-10
Posts: 3
Location: Washington DC
Ok... my putty log is attached. I'm not aware of any non-default configuration (not like I'm using a saved session), but since putty sticks things in the registry, who knows. Oddly, trying to connect to another site with putty 0.68 fails, so I'll try to figure out what's the difference between the two when I get the chance. Hopefully, one of us can figure out what is making something unhappy.
putty.log (14.66 KB) Private file

Description: Log to aresearch.com

martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 26150
Location: Prague, Czechia
Your PuTTY probably has the RSA fingerprint of the host key cached. So it prefers that. And it works with RSA.

While I do not have any fingerprint of your host key, so the preferred ECDH is used. And it fails with that. Clear fingerprints in PuTTY registry key and you should get the same problem.
kernelhacker
[View user's profile]

Joined: 2017-03-10
Posts: 3
Location: Washington DC
martin wrote:
Your PuTTY probably has the RSA fingerprint of the host key cached. So it prefers that. And it works with RSA.

While I do not have any fingerprint of your host key, so the preferred ECDH is used. And it fails with that. Clear fingerprints in PuTTY registry key and you should get the same problem.


This indeed is what is happening... BUT with putty, I can edit the SSH->Host Keys->Algorithm selection policy and move RSA up and I can make the connect. There doesn't seem to be a similar workaround in 5.9.5. It does work if I copy/paste the host key from putty into winscp2 in the registry, but that seems to be a really ugly workaround. Just as a curiosity, is this is a problem with putty not doing the right thing in host key exchange? Or is there something wrong with the server's sshd config?
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 26150
Location: Prague, Czechia
kernelhacker wrote:
There doesn't seem to be a similar workaround in 5.9.5.

That's indeed not configurable in WinSCP, atm.

Quote:
Just as a curiosity, is this is a problem with putty not doing the right thing in host key exchange? Or is there something wrong with the server's sshd config?

I'd assume the latter. While PuTTY bug is also possible, no one else has reported a similar problem, so it seems like something specific to your server.
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License