Server refused public-key signature despite accepting key!
I have a scheduled job that connects to vendor's server every 10 minutes.
This job will upload files to the vendor's SFTP site.
The scheduled job working fine few days ago, but suddenly it unable to connect to vendor server and return error message "Server refused public-key signature despite accepting key!"
This is not restricted to the .net library and can also happen when using the WinSCP client.
I have tried the new keys generated by vendor and turned on the "Requires padding on SSH-2 RSA signatures", but unfortunately, the issue persist.
I would appreciate some insight here
WinSCP Client exception
Authentication log (see session log for details):
Using username "remote_username_redacted".
Authenticating with public key "local_hostname_redacted-rsa-key-20190618".
Server refused public-key signature despite accepting key!
Log
. 2019-06-24 09:10:00.937 --------------------------------------------------------------------------
. 2019-06-24 09:10:00.937 WinSCP Version 5.7.7 (Build 6257) (OS 6.1.7601 Service Pack 1 - Windows Server 2008 R2 Enterprise)
. 2019-06-24 09:10:00.937 Configuration: HKCU\Software\Martin Prikryl\WinSCP 2\
. 2019-06-24 09:10:00.937 Log level: Normal
. 2019-06-24 09:10:00.937 Local account: local_process_username_redacted
. 2019-06-24 09:10:00.937 Working directory: C:\Windows\system32
. 2019-06-24 09:10:00.937 Process ID: 7580
. 2019-06-24 09:10:00.937 Command-line: "C:\Program Files (x86)\WinSCP\WinSCP.exe" /script=open script_redacted /log=log_redacted
. 2019-06-24 09:10:00.937 Time zone: Current: GMT+8 (Malay Peninsula Standard Time), No DST
. 2019-06-24 09:10:00.937 Login time: Monday, June 24, 2019 9:10:00 AM
. 2019-06-24 09:10:00.937 --------------------------------------------------------------------------
. 2019-06-24 09:10:00.937 Script: Retrospectively logging previous script records:
> 2019-06-24 09:10:00.937 Script: option batch on
< 2019-06-24 09:10:00.937 Script: batch on
< 2019-06-24 09:10:00.937 Script: reconnecttime 120
> 2019-06-24 09:10:00.937 Script: option confirm off
< 2019-06-24 09:10:00.937 Script: confirm off
> 2019-06-24 09:10:00.937 Script: open site name redacted
. 2019-06-24 09:10:00.937 --------------------------------------------------------------------------
. 2019-06-24 09:10:00.937 Session name: site name redacted (Ad-Hoc site)
. 2019-06-24 09:10:00.937 Host name: remote_hostname_redacted (Port: 22)
. 2019-06-24 09:10:00.937 User name: remote_username_redacted (Password: No, Key file: Yes)
. 2019-06-24 09:10:00.937 Tunnel: No
. 2019-06-24 09:10:00.937 Transfer Protocol: SFTP (SCP)
. 2019-06-24 09:10:00.937 Ping type: -, Ping interval: 30 sec; Timeout: 15 sec
. 2019-06-24 09:10:00.937 Disable Nagle: No
. 2019-06-24 09:10:00.937 Proxy: none
. 2019-06-24 09:10:00.937 Send buffer: 262144
. 2019-06-24 09:10:00.937 SSH protocol version: 2; Compression: No
. 2019-06-24 09:10:00.937 Bypass authentication: No
. 2019-06-24 09:10:00.937 Try agent: Yes; Agent forwarding: No; TIS/CryptoCard: No; KI: Yes; GSSAPI: No
. 2019-06-24 09:10:00.937 Ciphers: aes,blowfish,3des,WARN,arcfour,des; Ssh2DES: No
. 2019-06-24 09:10:00.937 KEX: dh-gex-sha1,dh-group14-sha1,dh-group1-sha1,rsa,WARN
. 2019-06-24 09:10:00.937 SSH Bugs: A,A,A,A,A,A,A,A,A,A,A,A
. 2019-06-24 09:10:00.937 Simple channel: Yes
. 2019-06-24 09:10:00.937 Return code variable: Autodetect; Lookup user groups: A
. 2019-06-24 09:10:00.937 Shell: default
. 2019-06-24 09:10:00.937 EOL: 0, UTF: 2
. 2019-06-24 09:10:00.937 Clear aliases: Yes, Unset nat.vars: Yes, Resolve symlinks: Yes
. 2019-06-24 09:10:00.937 LS: ls -la, Ign LS warn: Yes, Scp1 Comp: No
. 2019-06-24 09:10:00.937 SFTP Bugs: A,A
. 2019-06-24 09:10:00.937 SFTP Server: default
. 2019-06-24 09:10:00.937 Local directory: default, Remote directory: home, Update: Yes, Cache: Yes
. 2019-06-24 09:10:00.937 Cache directory changes: Yes, Permanent: Yes
. 2019-06-24 09:10:00.937 DST mode: 1
. 2019-06-24 09:10:00.937 --------------------------------------------------------------------------
. 2019-06-24 09:10:00.937 Looking up host "remote_hostname_redacted"
. 2019-06-24 09:10:00.937 Connecting to remote_hostname_redacted port 22
. 2019-06-24 09:10:00.968 Server version: SSH-2.0-WeOnlyDo 2.4.3
. 2019-06-24 09:10:00.968 Using SSH protocol version 2
. 2019-06-24 09:10:00.968 We claim version: SSH-2.0-WinSCP_release_5.7.7
. 2019-06-24 09:10:00.984 Using Diffie-Hellman with standard group "group14"
. 2019-06-24 09:10:00.984 Doing Diffie-Hellman key exchange with hash SHA-1
. 2019-06-24 09:10:01.155 Verifying host key rsa2 key_redacted with fingerprint ssh-rsa 1024 fingerprint_redacted
. 2019-06-24 09:10:01.155 Host key matches configured key
. 2019-06-24 09:10:01.155 Host key fingerprint is:
. 2019-06-24 09:10:01.155 ssh-rsa 1024 fingerprint_redacted
. 2019-06-24 09:10:01.155 Initialised AES-256 SDCTR client->server encryption
. 2019-06-24 09:10:01.155 Initialised HMAC-SHA-256 client->server MAC algorithm
. 2019-06-24 09:10:01.467 Initialised AES-256 SDCTR server->client encryption
. 2019-06-24 09:10:01.467 Initialised HMAC-SHA-256 server->client MAC algorithm
. 2019-06-24 09:10:01.483 Reading private key file "F:\WinSCP\Key\redacted-private-key-2019-06-18.ppk"
! 2019-06-24 09:10:01.483 Using username "remote_username_redacted".
. 2019-06-24 09:10:01.498 Offered public key
. 2019-06-24 09:10:01.498 Offer of public key accepted
! 2019-06-24 09:10:01.498 Authenticating with public key "local_hostname_redacted-rsa-key-20190618"
. 2019-06-24 09:10:01.498 Prompt (passphrase, "SSH key passphrase", <no instructions>, "Passphrase for key "local_hostname_redacted-rsa-key-20190618": ")
. 2019-06-24 09:10:01.498 Using configured passphrase.
. 2019-06-24 09:10:01.592 Sent public key signature
! 2019-06-24 09:10:01.920 Server refused public-key signature despite accepting key!
. 2019-06-24 09:10:01.920 Server refused public-key signature despite accepting key!
. 2019-06-24 09:10:01.920 Disconnected: No supported authentication methods available (server sent: publickey)
This job will upload files to the vendor's SFTP site.
The scheduled job working fine few days ago, but suddenly it unable to connect to vendor server and return error message "Server refused public-key signature despite accepting key!"
This is not restricted to the .net library and can also happen when using the WinSCP client.
I have tried the new keys generated by vendor and turned on the "Requires padding on SSH-2 RSA signatures", but unfortunately, the issue persist.
I would appreciate some insight here
WinSCP Client exception
Authentication log (see session log for details):
Using username "remote_username_redacted".
Authenticating with public key "local_hostname_redacted-rsa-key-20190618".
Server refused public-key signature despite accepting key!
Log
. 2019-06-24 09:10:00.937 --------------------------------------------------------------------------
. 2019-06-24 09:10:00.937 WinSCP Version 5.7.7 (Build 6257) (OS 6.1.7601 Service Pack 1 - Windows Server 2008 R2 Enterprise)
. 2019-06-24 09:10:00.937 Configuration: HKCU\Software\Martin Prikryl\WinSCP 2\
. 2019-06-24 09:10:00.937 Log level: Normal
. 2019-06-24 09:10:00.937 Local account: local_process_username_redacted
. 2019-06-24 09:10:00.937 Working directory: C:\Windows\system32
. 2019-06-24 09:10:00.937 Process ID: 7580
. 2019-06-24 09:10:00.937 Command-line: "C:\Program Files (x86)\WinSCP\WinSCP.exe" /script=open script_redacted /log=log_redacted
. 2019-06-24 09:10:00.937 Time zone: Current: GMT+8 (Malay Peninsula Standard Time), No DST
. 2019-06-24 09:10:00.937 Login time: Monday, June 24, 2019 9:10:00 AM
. 2019-06-24 09:10:00.937 --------------------------------------------------------------------------
. 2019-06-24 09:10:00.937 Script: Retrospectively logging previous script records:
> 2019-06-24 09:10:00.937 Script: option batch on
< 2019-06-24 09:10:00.937 Script: batch on
< 2019-06-24 09:10:00.937 Script: reconnecttime 120
> 2019-06-24 09:10:00.937 Script: option confirm off
< 2019-06-24 09:10:00.937 Script: confirm off
> 2019-06-24 09:10:00.937 Script: open site name redacted
. 2019-06-24 09:10:00.937 --------------------------------------------------------------------------
. 2019-06-24 09:10:00.937 Session name: site name redacted (Ad-Hoc site)
. 2019-06-24 09:10:00.937 Host name: remote_hostname_redacted (Port: 22)
. 2019-06-24 09:10:00.937 User name: remote_username_redacted (Password: No, Key file: Yes)
. 2019-06-24 09:10:00.937 Tunnel: No
. 2019-06-24 09:10:00.937 Transfer Protocol: SFTP (SCP)
. 2019-06-24 09:10:00.937 Ping type: -, Ping interval: 30 sec; Timeout: 15 sec
. 2019-06-24 09:10:00.937 Disable Nagle: No
. 2019-06-24 09:10:00.937 Proxy: none
. 2019-06-24 09:10:00.937 Send buffer: 262144
. 2019-06-24 09:10:00.937 SSH protocol version: 2; Compression: No
. 2019-06-24 09:10:00.937 Bypass authentication: No
. 2019-06-24 09:10:00.937 Try agent: Yes; Agent forwarding: No; TIS/CryptoCard: No; KI: Yes; GSSAPI: No
. 2019-06-24 09:10:00.937 Ciphers: aes,blowfish,3des,WARN,arcfour,des; Ssh2DES: No
. 2019-06-24 09:10:00.937 KEX: dh-gex-sha1,dh-group14-sha1,dh-group1-sha1,rsa,WARN
. 2019-06-24 09:10:00.937 SSH Bugs: A,A,A,A,A,A,A,A,A,A,A,A
. 2019-06-24 09:10:00.937 Simple channel: Yes
. 2019-06-24 09:10:00.937 Return code variable: Autodetect; Lookup user groups: A
. 2019-06-24 09:10:00.937 Shell: default
. 2019-06-24 09:10:00.937 EOL: 0, UTF: 2
. 2019-06-24 09:10:00.937 Clear aliases: Yes, Unset nat.vars: Yes, Resolve symlinks: Yes
. 2019-06-24 09:10:00.937 LS: ls -la, Ign LS warn: Yes, Scp1 Comp: No
. 2019-06-24 09:10:00.937 SFTP Bugs: A,A
. 2019-06-24 09:10:00.937 SFTP Server: default
. 2019-06-24 09:10:00.937 Local directory: default, Remote directory: home, Update: Yes, Cache: Yes
. 2019-06-24 09:10:00.937 Cache directory changes: Yes, Permanent: Yes
. 2019-06-24 09:10:00.937 DST mode: 1
. 2019-06-24 09:10:00.937 --------------------------------------------------------------------------
. 2019-06-24 09:10:00.937 Looking up host "remote_hostname_redacted"
. 2019-06-24 09:10:00.937 Connecting to remote_hostname_redacted port 22
. 2019-06-24 09:10:00.968 Server version: SSH-2.0-WeOnlyDo 2.4.3
. 2019-06-24 09:10:00.968 Using SSH protocol version 2
. 2019-06-24 09:10:00.968 We claim version: SSH-2.0-WinSCP_release_5.7.7
. 2019-06-24 09:10:00.984 Using Diffie-Hellman with standard group "group14"
. 2019-06-24 09:10:00.984 Doing Diffie-Hellman key exchange with hash SHA-1
. 2019-06-24 09:10:01.155 Verifying host key rsa2 key_redacted with fingerprint ssh-rsa 1024 fingerprint_redacted
. 2019-06-24 09:10:01.155 Host key matches configured key
. 2019-06-24 09:10:01.155 Host key fingerprint is:
. 2019-06-24 09:10:01.155 ssh-rsa 1024 fingerprint_redacted
. 2019-06-24 09:10:01.155 Initialised AES-256 SDCTR client->server encryption
. 2019-06-24 09:10:01.155 Initialised HMAC-SHA-256 client->server MAC algorithm
. 2019-06-24 09:10:01.467 Initialised AES-256 SDCTR server->client encryption
. 2019-06-24 09:10:01.467 Initialised HMAC-SHA-256 server->client MAC algorithm
. 2019-06-24 09:10:01.483 Reading private key file "F:\WinSCP\Key\redacted-private-key-2019-06-18.ppk"
! 2019-06-24 09:10:01.483 Using username "remote_username_redacted".
. 2019-06-24 09:10:01.498 Offered public key
. 2019-06-24 09:10:01.498 Offer of public key accepted
! 2019-06-24 09:10:01.498 Authenticating with public key "local_hostname_redacted-rsa-key-20190618"
. 2019-06-24 09:10:01.498 Prompt (passphrase, "SSH key passphrase", <no instructions>, "Passphrase for key "local_hostname_redacted-rsa-key-20190618": ")
. 2019-06-24 09:10:01.498 Using configured passphrase.
. 2019-06-24 09:10:01.592 Sent public key signature
! 2019-06-24 09:10:01.920 Server refused public-key signature despite accepting key!
. 2019-06-24 09:10:01.920 Server refused public-key signature despite accepting key!
. 2019-06-24 09:10:01.920 Disconnected: No supported authentication methods available (server sent: publickey)