[SOLVED] SSH Login works WinSCP fails?

odongarma · 21 April 2022 08:30

Hello,

please, someone can help me. I’m using putty to ssh into my machine using public keys. Works like a charme.

Doing to same using WinSCP to copy some files fails with error “Der entfernte Rechner hat unseren Schlüssel abgelehnt.”

Here is the WinSCP (5.19.6) log:

. 2022-04-21 10:47:39.939 Reading key file “mykey.prv”
! 2022-04-21 10:47:39.939 Using username “root”.
. 2022-04-21 10:47:39.955 Server offered these authentication methods: publickey
. 2022-04-21 10:47:39.955 Offered public key
! 2022-04-21 10:47:39.970 Server refused our key
. 2022-04-21 10:47:40.002 Server refused our key
. 2022-04-21 10:47:40.002 See Issue 1952 – Support rsa-sha2-256 and rsa-sha2-512 SSH public key algorithms :: Tracker :: WinSCP
. 2022-04-21 10:47:40.002 Server offered these authentication methods: publickey
. 2022-04-21 10:47:40.002 No supported authentication methods available (server sent: publickey)
. 2022-04-21 10:47:40.002 Attempt to close connection due to fatal exception:

2022-04-21 10:47:40.002 No supported authentication methods available (server sent: publickey)
. 2022-04-21 10:47:40.002 Closing connection.

2022-04-21 10:47:40.028 (EFatal) No supported authentication methods available (server sent: publickey)

2022-04-21 10:47:40.028 Anmeldungsprotokoll (siehe Sitzungsprotokoll für Details):

2022-04-21 10:47:40.028 Benutzername „root“ wird verwendet.

2022-04-21 10:47:40.028 Der entfernte Rechner hat unseren Schlüssel abgelehnt.

I don’t know how long this problem exist, i’m using WinSCP (SFTP) only rarely.

I was trying to import the working putty setup into WinSCP, but this leads to the same error.

What do you think?

odongarma · 21 April 2022 08:58

The WinSCP Log tells everything about the problem, sorry i just read this.

So i added “PubkeyAcceptedAlgorithms +ssh-rsa” to sshd_config.

But is this a good decision?

After some minutes of thinking, i replaced the RSA key with a new EdDSA key and removed the sshd_config line mentioned above.

Maybe this is worth for the wiki?

Greetz

bonnietwin · 21 April 2022 11:37

The problem is that the formal release version of winscp is still using the weak sha1 version of rsa which openssh has removed from the default list a while back.

This basically tells openssh to allow use of the weak sha1 version of the rsa key, which I don’t think is the best approach.

The 5.20 beta version and later of winscp has added the sha2 versions of the rsa key so if you use the beta version then it should work again.

Alternatively winscp non beta release does have alternative keys such as the ecdsa and ed25519 which can be used, as you indicated.