WinSCP: Server refused our key

Question

Ok, I've got a working connection to a server on our production machine. I need to replicate that on my development machine so that I can transfer my own files. Everything is the same, down to the OS.

When I attempt to connect, all I get is:

Server refused our key.

Here is my log file...

. 2013-01-28 15:26:25.738 Session name: [email protected] (Modified stored session)
. 2013-01-28 15:26:25.738 Host name: 65.XXX.XX.XXX (Port: 1XXXX)
. 2013-01-28 15:26:25.738 User name: hex166t (Password: Yes, Key file: Yes)
. 2013-01-28 15:26:25.738 Tunnel: No
. 2013-01-28 15:26:25.738 Transfer Protocol: SFTP
. 2013-01-28 15:26:25.738 Ping type: -, Ping interval: 30 sec; Timeout: 15 sec
. 2013-01-28 15:26:25.738 Proxy: none
. 2013-01-28 15:26:25.738 SSH protocol version: 2; Compression: No
. 2013-01-28 15:26:25.738 Bypass authentication: No
. 2013-01-28 15:26:25.738 Try agent: Yes; Agent forwarding: No; TIS/CryptoCard: No; KI: Yes; GSSAPI: No
. 2013-01-28 15:26:25.738 Ciphers: aes,blowfish,3des,WARN,arcfour,des; Ssh2DES: No
. 2013-01-28 15:26:25.738 SSH Bugs: A,A,A,A,A,A,A,A,A,A
. 2013-01-28 15:26:25.738 SFTP Bugs: A,A
. 2013-01-28 15:26:25.738 Return code variable: Autodetect; Lookup user groups: A
. 2013-01-28 15:26:25.738 Shell: default
. 2013-01-28 15:26:25.738 EOL: 0, UTF: 2
. 2013-01-28 15:26:25.738 Clear aliases: Yes, Unset nat.vars: Yes, Resolve symlinks: Yes
. 2013-01-28 15:26:25.738 LS: ls -la, Ign LS warn: Yes, Scp1 Comp: No
. 2013-01-28 15:26:25.738 Local directory: default, Remote directory: home, Update: Yes, Cache: Yes
. 2013-01-28 15:26:25.738 Cache directory changes: Yes, Permanent: Yes
. 2013-01-28 15:26:25.738 DST mode: 1
. 2013-01-28 15:26:25.738 --------------------------------------------------------------------------
. 2013-01-28 15:26:25.808 Looking up host "65.XXX.XX.XXX"
. 2013-01-28 15:26:25.808 Connecting to 65.XXX.XX.XXX port 1XXXX
. 2013-01-28 15:26:25.858 Waiting for the server to continue with the initialisation
. 2013-01-28 15:26:25.858 Detected network event
. 2013-01-28 15:26:25.938 Detected network event
. 2013-01-28 15:26:25.938 Server version: SSH-2.0-Connect:Enterprise_UNIX_2.4.02
. 2013-01-28 15:26:25.938 Using SSH protocol version 2
. 2013-01-28 15:26:25.938 We claim version: SSH-2.0-WinSCP_release_5.1.3
. 2013-01-28 15:26:25.938 Waiting for the server to continue with the initialisation
. 2013-01-28 15:26:25.998 Detected network event
. 2013-01-28 15:26:25.998 Doing Diffie-Hellman group exchange
. 2013-01-28 15:26:25.998 Waiting for the server to continue with the initialisation
. 2013-01-28 15:26:26.258 Detected network event
. 2013-01-28 15:26:26.258 Doing Diffie-Hellman key exchange with hash SHA-1
. 2013-01-28 15:26:26.438 Waiting for the server to continue with the initialisation
. 2013-01-28 15:26:26.678 Detected network event
. 2013-01-28 15:26:26.898 Verifying host key rsa2 0x23,0xdf2a07bac36 with fingerprint ssh-rsa 2048 fe:03:bc:ad:66 
. 2013-01-28 15:26:26.908 Host key matches cached key
. 2013-01-28 15:26:26.908 Host key fingerprint is:
. 2013-01-28 15:26:26.908 ssh-rsa 2048 fe:03:bc:ad:66 
. 2013-01-28 15:26:26.908 Initialised AES-256 CBC client-    >server encryption
. 2013-01-28 15:26:26.908 Initialised HMAC-SHA1 client-    >server MAC algorithm
. 2013-01-28 15:26:26.908 Initialised AES-256 CBC server-    >client encryption
. 2013-01-28 15:26:26.908 Initialised HMAC-SHA1 server-    >client MAC algorithm
. 2013-01-28 15:26:26.908 Waiting for the server to continue with the initialisation
. 2013-01-28 15:26:27.048 Detected network event
. 2013-01-28 15:26:27.048 Reading private key file "Z:\prd\PS_DATA\HSBCfingateway\hsbccerts\hsbc-ensco.ppk"
. 2013-01-28 15:26:27.058 Using username "hex166t".
. 2013-01-28 15:26:27.108 Waiting for the server to continue with the initialisation
. 2013-01-28 15:26:27.158 Detected network event
. 2013-01-28 15:26:27.168 Offered public key
. 2013-01-28 15:26:27.168 Waiting for the server to continue with the initialisation
. 2013-01-28 15:26:27.228 Detected network event
. 2013-01-28 15:26:27.228 Server refused our key
. 2013-01-28 15:26:27.258 Server refused our key
. 2013-01-28 15:26:27.258 Attempting keyboard-interactive authentication
. 2013-01-28 15:26:27.258 Waiting for the server to continue with the initialisation
. 2013-01-28 15:26:27.298 Detected network event
. 2013-01-28 15:26:27.298 Server refused keyboard-interactive authentication
. 2013-01-28 15:26:27.298 Prompt (7, SSH password, , &Password: )
. 2013-01-28 15:26:27.298 Using stored password.
. 2013-01-28 15:26:27.308 Sent password
. 2013-01-28 15:26:27.308 Waiting for the server to continue with the initialisation
. 2013-01-28 15:26:27.418 Detected network event
. 2013-01-28 15:26:27.418 Password authentication failed
. 2013-01-28 15:26:27.418 Access denied
. 2013-01-28 15:26:27.458 Prompt (7, SSH password, , &Password: )
. 2013-01-28 15:26:45.497 Attempt to close connection due to fatal exception:
. 2013-01-28 15:26:45.497 Closing connection.
. 2013-01-28 15:26:45.497 Sending special code: 12
. 2013-01-28 15:26:45.559 (ESshFatal) 

Answer 1

You do not have the private key authentication setup correctly.

Make sure you add the public key to your ~/.ssh/authorized_keys on the server.

You will obtain the public key fingerprint in the correct format in PuTTYgen in Public key for pasting into OpenSSH authorized_keys file box when your load your private key.

For more details refer to the article Set up SSH public key authentication.

---

While not the case for OP, you might get the same error message (Server refused our key), when connecting with an old version of WinSCP to a server that requires rsa-sha2. WinSCP supports rsa-sha2 since 5.20 only. OpenSSH servers require rsa-sha2 by default since 8.8. Older versions can be configured to require it too. On the other hand, even 8.8 and newer can be configured not to require rsa-sha2 (PubkeyAcceptedAlgorithms +ssh-rsa).

---

Yes another option is that you are trying to connect using a key signed by an OpenSSH detached certificate (supported by PuTTY since 0.78). The current version of WinSCP does not support OpenSSH certificates yet. The next version will.

Answer 2

For my case, I tried

$chmod 0600 authorized_keys

and it works fine then.