I'm not trying to import the file, more accurately I am expecting it to work similarly to the sftp command Windows now deploys alongside OpenSSH. When I use sftp, I get logged right in:
However, if I were to remove the config I listed before, I get a "too many authentication failures" error because sftp tries to log in with all of my SSH keys instead of just the specific one as before.
As for WinSCP, if I remove the public key from the list, it gets the same "too many authentication failures" error. Here's the logs so you can see what it's doing, which is just rotating through SSH keys on my ssh-agent:
But if I define the public key in the private key field, the exact private key is used to log into the SFTP server as if -i was used. The ssh-agent handles the rest thanks to your recent changes.
I am basically asking you to support the Match directive since if WinSCP supported that, the public key is defined in one place. My personal reason is pure convenience, 1Password can be setup to automatically set these directives using the "Bookmarks" feature since this feature just writes .ssh config in the .ssh/1Password/config directory.
PS C:\Users\JimSpeir> sftp <redacted>
sftp>
However, if I were to remove the config I listed before, I get a "too many authentication failures" error because sftp tries to log in with all of my SSH keys instead of just the specific one as before.
As for WinSCP, if I remove the public key from the list, it gets the same "too many authentication failures" error. Here's the logs so you can see what it's doing, which is just rotating through SSH keys on my ssh-agent:
. 2026-07-03 18:45:48.051 Looking up host "<redacted>" for SSH connection
. 2026-07-03 18:45:48.132 Connecting to <redacted> port 22
. 2026-07-03 18:45:48.196 Connected to <redacted> (from 192.168.69.7:61537)
. 2026-07-03 18:45:48.263 We claim version: SSH-2.0-WinSCP_release_6.6.2
. 2026-07-03 18:45:48.264 Connected to <redacted> (from 192.168.69.7:61537)
. 2026-07-03 18:45:48.332 Remote version: SSH-2.0-AWS_SFTP_1.2
. 2026-07-03 18:45:48.333 Using SSH protocol version 2
. 2026-07-03 18:45:48.334 Have a known host key of type rsa2
. 2026-07-03 18:45:48.404 Doing ECDH key exchange with curve nistp256, using hash SHA-256
. 2026-07-03 18:45:48.514 Host key fingerprint is:
. 2026-07-03 18:45:48.514 ssh-rsa 2048 SHA256:7xHP0y0BdMjwpB4IWCQsm9WkEseCUkfT3GHVFx8Pzec
. 2026-07-03 18:45:48.524 Host key matches cached key
. 2026-07-03 18:45:48.525 Initialised AES-256 SDCTR (AES-NI accelerated) [aes256-ctr] outbound encryption
. 2026-07-03 18:45:48.525 Initialised HMAC-SHA-256 outbound MAC algorithm
. 2026-07-03 18:45:48.525 Initialised AES-256 SDCTR (AES-NI accelerated) [aes256-ctr] inbound encryption
. 2026-07-03 18:45:48.525 Initialised HMAC-SHA-256 inbound MAC algorithm
. 2026-07-03 18:45:48.584 Agent is running. Requesting keys.
. 2026-07-03 18:45:48.606 Agent has 21 SSH-2 keys
! 2026-07-03 18:45:48.606 Using username "<redacted>>".
. 2026-07-03 18:45:48.720 Server offered these authentication methods: publickey
. 2026-07-03 18:45:48.721 Trying Agent key #0
. 2026-07-03 18:45:48.881 Server refused our key
. 2026-07-03 18:45:48.881 Server offered these authentication methods: publickey
. 2026-07-03 18:45:48.881 Trying Agent key #1
. 2026-07-03 18:45:48.960 Server refused our key
. 2026-07-03 18:45:48.960 Server offered these authentication methods: publickey
. 2026-07-03 18:45:48.960 Trying Agent key #2
. 2026-07-03 18:45:49.052 Server refused our key
. 2026-07-03 18:45:49.052 Server offered these authentication methods: publickey
. 2026-07-03 18:45:49.052 Trying Agent key #3
. 2026-07-03 18:45:49.140 Server refused our key
. 2026-07-03 18:45:49.140 Server offered these authentication methods: publickey
. 2026-07-03 18:45:49.140 Trying Agent key #4
. 2026-07-03 18:45:49.257 Server refused our key
. 2026-07-03 18:45:49.257 Server offered these authentication methods: publickey
. 2026-07-03 18:45:49.257 Trying Agent key #5
. 2026-07-03 18:45:49.341 Remote side sent disconnect message type 2 (protocol error): "Too many authentication failures"
* 2026-07-03 18:45:49.424 (EFatal) Remote side sent disconnect message
* 2026-07-03 18:45:49.424 type 2 (protocol error):
* 2026-07-03 18:45:49.424 "Too many authentication failures"
* 2026-07-03 18:45:49.424 Authentication log (see session log for details):
* 2026-07-03 18:45:49.424 Using username "<redacted>>".
* 2026-07-03 18:45:49.424
* 2026-07-03 18:45:49.424 Authentication failed.
But if I define the public key in the private key field, the exact private key is used to log into the SFTP server as if -i was used. The ssh-agent handles the rest thanks to your recent changes.
I am basically asking you to support the Match directive since if WinSCP supported that, the public key is defined in one place. My personal reason is pure convenience, 1Password can be setup to automatically set these directives using the "Bookmarks" feature since this feature just writes .ssh config in the .ssh/1Password/config directory.