Skip to main content
Skip table of contents

159. SFTP authentication fails with error Permission Denied (keyboard-interactive)

The following applies to OpenSSH server when using public key authentication.

The below error is shown when connecting to the SFTP server from EzeScan:

image-20241024-133635.png

Reason:

A recent Windows update has rolled out a newer version of OpenSSH.

This version of OpenSSH has removed ssh-rsa from the default public key accepted algorithms.

This can be confirmed by the presence of the below error in sshd debug logs:

userauth_pubkey: signature algorithm ssh-rsa not in PubkeyAcceptedAlgorithms

Resolution:

Upgrade EzeScan to version 5.0.129 or higher. EzeScan now negotiates the stronger rsa-sha2-256 and rsa-sha2-512 algorithms when ssh-rsa is unavailable on the target SFTP server.

Older Versions of EzeScan (pre-5.0.129)

The below steps will re-enable the ssh-rsa algorithm which has been deprecated due to vulnerabilities in SHA-1. This is NOT recommended.

  1. Add the below line to the sshd configuration (located at C:\ProgramData\ssh\sshd_config)
    PubkeyAcceptedAlgorithms +ssh-rsa
    For example:

    image-20241024-134207.png

  2. Restart the OpenSSH SSH Server windows service

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close