winscp fails connection with "Server's host key did not match the signature supplied"

Several odd things about this. It happens only with the updated ssh servers. Putty(0.67/0.68) and winscp 5.7.7 works fine, and have no problems with unix servers, so it's most likely a bug in winscp.

Enclosed the log, but doesn't have anything helpful. You can try a connection to aresearch.com (doesn't even get to the username) and see. Not sure what else to try at this point (it's probably unhappy about the ciphers, but not sure adding old ciphers is a good thing, plus putty release doesn't require this).

Thanks in advance.

I cannot connect to aresearch.com with PuTTY 0.68 either. I'm getting the same error message.

Show us your PuTTY 0.68 log file. You probably use a non-default configuration in PuTTY.

Ok... my putty log is attached. I'm not aware of any non-default configuration (not like I'm using a saved session), but since putty sticks things in the registry, who knows. Oddly, trying to connect to another site with putty 0.68 fails, so I'll try to figure out what's the difference between the two when I get the chance. Hopefully, one of us can figure out what is making something unhappy.

Your PuTTY probably has the RSA fingerprint of the host key cached. So it prefers that. And it works with RSA.

While I do not have any fingerprint of your host key, so the preferred ECDH is used. And it fails with that. Clear fingerprints in PuTTY registry key and you should get the same problem.

martin wrote:

Your PuTTY probably has the RSA fingerprint of the host key cached. So it prefers that. And it works with RSA.

While I do not have any fingerprint of your host key, so the preferred ECDH is used. And it fails with that. Clear fingerprints in PuTTY registry key and you should get the same problem.

This indeed is what is happening... BUT with putty, I can edit the SSH->Host Keys->Algorithm selection policy and move RSA up and I can make the connect. There doesn't seem to be a similar workaround in 5.9.5. It does work if I copy/paste the host key from putty into winscp2 in the registry, but that seems to be a really ugly workaround. Just as a curiosity, is this is a problem with putty not doing the right thing in host key exchange? Or is there something wrong with the server's sshd config?

kernelhacker wrote:

There doesn't seem to be a similar workaround in 5.9.5.

That's indeed not configurable in WinSCP, atm.

Just as a curiosity, is this is a problem with putty not doing the right thing in host key exchange? Or is there something wrong with the server's sshd config?

I'd assume the latter. While PuTTY bug is also possible, no one else has reported a similar problem, so it seems like something specific to your server.