I copied an
authorized_keys file that I've been using for several years on an instance of Ubuntu 18.04.6, most recently with this version of WinSCP, into the
~/.ssh folder on the new VM and expected it would work with key authorisation (I use Pageant). Instead I got the message "Server refused public-key signature despite accepting key!". After some experimentation I found the key worked if I used PuTTY but not if I used WinSCP. I found a bug report of something similar at With WinSCP I get the error "Server refused our key", but the same key works with PuTTY, PSFTP, etc., which refers to Issue 1952 – Support rsa-sha2-256 and rsa-sha2-512 SSH public key algorithms, but it looks as if that should be fixed in version 5.21.2. I tried upgrading to the latest version anyway, 5.21.5, but there was no difference. In case it was a problem with the key being too short for the modern Ubuntu I also tried generating and using a new 2048 bit RSA key, but that also didn't work.
I then noticed the version of PuTTY I was using to connect successfully was an older version, (edit:)0.70. That inspired me to replace my WinSCP install on the PC with an older version, namely 5.19.6. It immediately started working!
I therefore have a good work-around for the moment, but would welcome suggestions for a better solution.