問題描述
WinSCP:服務器拒絕了我們的密鑰 (WinSCP: Server refused our key)
Ok, I've got a working connection to a server on our production machine. I need to replicate that on my development machine so that I can transfer my own files. Everything is the same, down to the OS.
When I attempt to connect, all I get is:
Server refused our key.
Here is my log file...
. 2013‑01‑28 15:26:25.738 Session name: hex166t@65.XXX.XX.XXX (Modified stored session)
. 2013‑01‑28 15:26:25.738 Host name: 65.XXX.XX.XXX (Port: 1XXXX)
. 2013‑01‑28 15:26:25.738 User name: hex166t (Password: Yes, Key file: Yes)
. 2013‑01‑28 15:26:25.738 Tunnel: No
. 2013‑01‑28 15:26:25.738 Transfer Protocol: SFTP
. 2013‑01‑28 15:26:25.738 Ping type: ‑, Ping interval: 30 sec; Timeout: 15 sec
. 2013‑01‑28 15:26:25.738 Proxy: none
. 2013‑01‑28 15:26:25.738 SSH protocol version: 2; Compression: No
. 2013‑01‑28 15:26:25.738 Bypass authentication: No
. 2013‑01‑28 15:26:25.738 Try agent: Yes; Agent forwarding: No; TIS/CryptoCard: No; KI: Yes; GSSAPI: No
. 2013‑01‑28 15:26:25.738 Ciphers: aes,blowfish,3des,WARN,arcfour,des; Ssh2DES: No
. 2013‑01‑28 15:26:25.738 SSH Bugs: A,A,A,A,A,A,A,A,A,A
. 2013‑01‑28 15:26:25.738 SFTP Bugs: A,A
. 2013‑01‑28 15:26:25.738 Return code variable: Autodetect; Lookup user groups: A
. 2013‑01‑28 15:26:25.738 Shell: default
. 2013‑01‑28 15:26:25.738 EOL: 0, UTF: 2
. 2013‑01‑28 15:26:25.738 Clear aliases: Yes, Unset nat.vars: Yes, Resolve symlinks: Yes
. 2013‑01‑28 15:26:25.738 LS: ls ‑la, Ign LS warn: Yes, Scp1 Comp: No
. 2013‑01‑28 15:26:25.738 Local directory: default, Remote directory: home, Update: Yes, Cache: Yes
. 2013‑01‑28 15:26:25.738 Cache directory changes: Yes, Permanent: Yes
. 2013‑01‑28 15:26:25.738 DST mode: 1
. 2013‑01‑28 15:26:25.738 ‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑
. 2013‑01‑28 15:26:25.808 Looking up host "65.XXX.XX.XXX"
. 2013‑01‑28 15:26:25.808 Connecting to 65.XXX.XX.XXX port 1XXXX
. 2013‑01‑28 15:26:25.858 Waiting for the server to continue with the initialisation
. 2013‑01‑28 15:26:25.858 Detected network event
. 2013‑01‑28 15:26:25.938 Detected network event
. 2013‑01‑28 15:26:25.938 Server version: SSH‑2.0‑Connect:Enterprise_UNIX_2.4.02
. 2013‑01‑28 15:26:25.938 Using SSH protocol version 2
. 2013‑01‑28 15:26:25.938 We claim version: SSH‑2.0‑WinSCP_release_5.1.3
. 2013‑01‑28 15:26:25.938 Waiting for the server to continue with the initialisation
. 2013‑01‑28 15:26:25.998 Detected network event
. 2013‑01‑28 15:26:25.998 Doing Diffie‑Hellman group exchange
. 2013‑01‑28 15:26:25.998 Waiting for the server to continue with the initialisation
. 2013‑01‑28 15:26:26.258 Detected network event
. 2013‑01‑28 15:26:26.258 Doing Diffie‑Hellman key exchange with hash SHA‑1
. 2013‑01‑28 15:26:26.438 Waiting for the server to continue with the initialisation
. 2013‑01‑28 15:26:26.678 Detected network event
. 2013‑01‑28 15:26:26.898 Verifying host key rsa2 0x23,0xdf2a07bac36 with fingerprint ssh‑rsa 2048 fe:03:bc:ad:66
. 2013‑01‑28 15:26:26.908 Host key matches cached key
. 2013‑01‑28 15:26:26.908 Host key fingerprint is:
. 2013‑01‑28 15:26:26.908 ssh‑rsa 2048 fe:03:bc:ad:66
. 2013‑01‑28 15:26:26.908 Initialised AES‑256 CBC client‑ >server encryption
. 2013‑01‑28 15:26:26.908 Initialised HMAC‑SHA1 client‑ >server MAC algorithm
. 2013‑01‑28 15:26:26.908 Initialised AES‑256 CBC server‑ >client encryption
. 2013‑01‑28 15:26:26.908 Initialised HMAC‑SHA1 server‑ >client MAC algorithm
. 2013‑01‑28 15:26:26.908 Waiting for the server to continue with the initialisation
. 2013‑01‑28 15:26:27.048 Detected network event
. 2013‑01‑28 15:26:27.048 Reading private key file "Z:\prd\PS_DATA\HSBCfingateway\hsbccerts\hsbc‑ensco.ppk"
. 2013‑01‑28 15:26:27.058 Using username "hex166t".
. 2013‑01‑28 15:26:27.108 Waiting for the server to continue with the initialisation
. 2013‑01‑28 15:26:27.158 Detected network event
. 2013‑01‑28 15:26:27.168 Offered public key
. 2013‑01‑28 15:26:27.168 Waiting for the server to continue with the initialisation
. 2013‑01‑28 15:26:27.228 Detected network event
. 2013‑01‑28 15:26:27.228 Server refused our key
. 2013‑01‑28 15:26:27.258 Server refused our key
. 2013‑01‑28 15:26:27.258 Attempting keyboard‑interactive authentication
. 2013‑01‑28 15:26:27.258 Waiting for the server to continue with the initialisation
. 2013‑01‑28 15:26:27.298 Detected network event
. 2013‑01‑28 15:26:27.298 Server refused keyboard‑interactive authentication
. 2013‑01‑28 15:26:27.298 Prompt (7, SSH password, , &Password: )
. 2013‑01‑28 15:26:27.298 Using stored password.
. 2013‑01‑28 15:26:27.308 Sent password
. 2013‑01‑28 15:26:27.308 Waiting for the server to continue with the initialisation
. 2013‑01‑28 15:26:27.418 Detected network event
. 2013‑01‑28 15:26:27.418 Password authentication failed
. 2013‑01‑28 15:26:27.418 Access denied
. 2013‑01‑28 15:26:27.458 Prompt (7, SSH password, , &Password: )
. 2013‑01‑28 15:26:45.497 Attempt to close connection due to fatal exception:
. 2013‑01‑28 15:26:45.497 Closing connection.
. 2013‑01‑28 15:26:45.497 Sending special code: 12
. 2013‑01‑28 15:26:45.559 (ESshFatal)
‑‑‑‑‑
參考解法
方法 1:
You do not have the private key authentication setup correctly.
Make sure you add the public key to your ~/.ssh/authorized_keys on the server.
You will obtain the public key fingerprint in the correct format in PuTTYgen in Public key for pasting into OpenSSH authorized_keys file box when your load your private key.
For more details refer to the article Set up SSH public key authentication.
While not the case for OP, you might get the same error message (Server refused our key), when connecting with an old version of WinSCP to a server that requires rsa‑sha2. WinSCP supports rsa‑sha2 since 5.20 only. OpenSSH servers require rsa‑sha2 by default since 8.8. Older versions can be configured to require it too. On the other hand, even 8.8 and newer can be configured not to require rsa‑sha2 (PubkeyAcceptedAlgorithms +ssh‑rsa).
方法 2:
For my case, I tried
$chmod 0600 authorized_keys
and it works fine then.
方法 3:
I faced the same issue, finding around and I solved by run these commands on destination server:
chmod 700 .ssh
chmod 600 .ssh/authorized_keys
chown $USER:$USER .ssh ‑R
方法 4:
See also https://winscp.net/forum/viewtopic.php?t=31767: Winscp with version before 5.20 cannot authenticate anymore with openssh‑8.8.
(by Flynn Kinkade、Martin Prikryl、Doan Vu、m.nguyencntt、Uwe Mayer)