Rclone sftp with ssh options

Thank for the awesome tool!

I'm working with a client that has sent me over a user/password credentials for a sftp server, BUT to connect to their server I need to use either -oPreferredAuthentications=password or -oPubkeyAuthentication=n with the sftp cli

Now my usual rclone is a connection string where I specify the pass argument, something like this:

rclone copy --config notfound :sftp,host='example.com',user='tim',pass='aaacE3-jIF7CFO-hxdSHrdFM6wn_q6I':Inbound/Test.txt .

with the above I get the same ssh disconnect host not allowed to connect that I'd get without the mentioned ssh options.

I there a workaround I could use with rclone have either -oPreferredAuthentications=password or -oPubkeyAuthentication=no

Thanks!

Can you do a connection attempt with -vv and post the log?

Hi! Here are the logs for the command in the post with -vv

2022/07/28 09:10:53 DEBUG : rclone: Version "v1.58.0" starting with parameters ["rclone" "copy" "--config" "notfound" ":sftp,host=example.com,user=tim,pass=D3KbcE3-jIF7CFO-hxdSHrdFM6wn_q6I:Inbound/Test.txt" "." "-vv"]                                                                                                                                                         
2022/07/28 09:10:53 DEBUG : Creating backend with remote ":sftp,host=example.com,user=tim,pass=D3KbcE3-jIF7CFO-hxdSHrdFM6wn_q6I:Inbound/Test.txt"                                        
2022/07/28 09:10:53 DEBUG : :sftp: detected overridden config - adding "{7DzbI}" suffix to name                                                                                          
2022/07/28 09:10:53 DEBUG : Using config file from ""                                                                                                                                    
2022/07/28 09:10:54 DEBUG : pacer: low level retry 1/10 (error couldn't connect SSH: ssh: handshake failed: ssh: disconnect, reason 1: ssh disconnect host not allowed to connect)       
2022/07/28 09:10:54 DEBUG : pacer: Rate limited, increasing sleep to 200ms                                                                                                               
2022/07/28 09:10:55 DEBUG : pacer: low level retry 2/10 (error couldn't connect SSH: ssh: handshake failed: ssh: disconnect, reason 1: ssh disconnect host not allowed to connect)       
2022/07/28 09:10:55 EBUG : pacer: Rate limited, increasing sleep to 400ms                                                                                                                
2022/07/28 09:10:56 DEBUG : pacer: low level retry 3/10 (error couldn't connect SSH: ssh: handshake failed: ssh: disconnect, reason 1: ssh disconnect host not allowed to connect)       
2022/07/28 09:10:56 DEBUG : pacer: Rate limited, increasing sleep to 800ms                                                                                                               
2022/07/28 09:10:56 DEBUG : pacer: low level retry 4/10 (error couldn't connect SSH: ssh: handshake failed: ssh: disconnect, reason 1: ssh disconnect host not allowed to connect)       
2022/07/28 09:10:56 DEBUG : pacer: Rate limited, increasing sleep to 1.6s                                                                                                                
2022/07/28 09:10:57 DEBUG : pacer: low level retry 5/10 (error couldn't connect SSH: ssh: handshake failed: ssh: disconnect, reason 1: ssh disconnect host not allowed to connect)       
2022/07/28 09:10:57 DEBUG : pacer: Rate limited, increasing sleep to 2s                                                                                                                  
2022/07/28 09:10:59 DEBUG : pacer: low level retry 6/10 (error couldn't connect SSH: ssh: handshake failed: ssh: disconnect, reason 1: ssh disconnect host not allowed to connect)       
2022/07/28 09:11:01 DEBUG : pacer: low level retry 7/10 (error couldn't connect SSH: ssh: handshake failed: ssh: disconnect, reason 1: ssh disconnect host not allowed to connect)       
2022/07/28 09:11:03 DEBUG : pacer: low level retry 8/10 (error couldn't connect SSH: ssh: handshake failed: ssh: disconnect, reason 1: ssh disconnect host not allowed to connect)       
2022/07/28 09:11:05 DEBUG : pacer: low level retry 9/10 (error couldn't connect SSH: ssh: handshake failed: ssh: disconnect, reason 1: ssh disconnect host not allowed to connect)       
2022/07/28 09:11:07 DEBUG : pacer: low level retry 10/10 (error couldn't connect SSH: ssh: handshake failed: ssh: disconnect, reason 1: ssh disconnect host not allowed to connect)      
2022/07/28 09:11:07 Failed to create file system for ":sftp,host=example.com,user=tim,pass=D3KbcE3-jIF7CFO-hxdSHrdFM6wn_q6I:Inbound/Test.txt": NewFs: couldn't connect SSH: ssh: handshake failed: ssh: disconnect, reason 1: ssh disconnect host not allowed to connect                                                                                                          
D  

Also here is the sftp tim@exmaple.com without -oPreferredAuthentications=password or -oPubkeyAuthentication=n

Received disconnect from 149.xxx.xxx.xxx port 22:1: ssh disconnect host not allowed to connect
Disconnected from 149.xxx.xxx.xxx port 22
Connection closed

Thank you for your time

Could you run that with -vvv so we can see what auth schemes it offers to the server? And then run it with the correct flags so we can see what differs?

As far as I can see, rclone should be offering password and keyboard-interactive but no public key based stuff with your command line.

Hi
Here is the output for sftp -vvv tim@example.com

OpenSSH_8.6p1, LibreSSL 3.3.5
debug1: Reading configuration data /Users/tim/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/Users/tim/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/Users/tim/.ssh/known_hosts2'
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to example.com port 22.
debug1: Connection established.
debug1: identity file /Users/tim/.ssh/id_rsa type 0
debug1: identity file /Users/tim/.ssh/id_rsa-cert type -1
debug1: identity file /Users/tim/.ssh/id_dsa type -1
debug1: identity file /Users/tim/.ssh/id_dsa-cert type -1
debug1: identity file /Users/tim/.ssh/id_ecdsa type -1
debug1: identity file /Users/tim/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/tim/.ssh/id_ecdsa_sk type -1
debug1: identity file /Users/tim/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /Users/tim/.ssh/id_ed25519 type -1
debug1: identity file /Users/tim/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/tim/.ssh/id_ed25519_sk type -1
debug1: identity file /Users/tim/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /Users/tim/.ssh/id_xmss type -1
debug1: identity file /Users/tim/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.6
debug1: Remote protocol version 2.0, remote software version XFB.Gateway Unix
debug1: compat_banner: no match: XFB.Gateway Unix
debug3: fd 5 is O_NONBLOCK
debug1: Authenticating to example.com:22 as 'es10fg3'
debug3: record_hostkey: found key type RSA in file /Users/tim/.ssh/known_hosts:200
debug3: load_hostkeys_file: loaded 1 keys from example.com
debug1: load_hostkeys: fopen /Users/tim/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug3: order_hostkeyalgs: prefer hostkeyalgs: rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
debug2: host key algorithms: rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org
debug2: host key algorithms: ssh-rsa
debug2: ciphers ctos: aes256-cbc,aes256-ctr,aes128-cbc,aes128-ctr
debug2: ciphers stoc: aes256-cbc,aes256-ctr,aes128-cbc,aes128-ctr
debug2: MACs ctos: hmac-sha2-256,hmac-sha1,hmac-sha1-96
debug2: MACs stoc: hmac-sha2-256,hmac-sha1,hmac-sha1-96
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-rsa SHA256:hGn3OiqHcSEVML4xIvmRDpGzhTEiHBpoQBhbs1U9rzo
debug3: record_hostkey: found key type RSA in file /Users/tim/.ssh/known_hosts:200
debug3: load_hostkeys_file: loaded 1 keys from example.com
debug1: load_hostkeys: fopen /Users/tim/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host 'example.com' is known and matches the RSA host key.
debug1: Found key in /Users/tim/.ssh/known_hosts:200
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 4294967296 blocks
debug1: Will attempt key: /Users/tim/.ssh/id_rsa RSA SHA256:mh5yZgT8qsP83ie6Ka1WMrnSnbLrzrmWcVJKubB+0Os agent
debug1: Will attempt key: /Users/tim/keys/example-prod.pem RSA SHA256:U7BxS2twTY0O+A7ra8vGM4NnlTa+r6rUIWuOZp5m6Xw agent
debug1: Will attempt key: /Users/tim/keys/example-production-bastion.pem RSA SHA256:0XefFR348UfoFWBqmfBAMAFs539y2HwoUQeGQRkscOE agent
debug1: Will attempt key: /Users/tim/.ssh/id_dsa 
debug1: Will attempt key: /Users/tim/.ssh/id_ecdsa 
debug1: Will attempt key: /Users/tim/.ssh/id_ecdsa_sk 
debug1: Will attempt key: /Users/tim/.ssh/id_ed25519 
debug1: Will attempt key: /Users/tim/.ssh/id_ed25519_sk 
debug1: Will attempt key: /Users/tim/.ssh/id_xmss 
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: password,publickey
debug3: start over, passed a different list password,publickey
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/tim/.ssh/id_rsa RSA SHA256:mh5yZgT8qsP83ie6Ka1WMrnSnbLrzrmWcVJKubB+0Os agent
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: /Users/tim/.ssh/id_rsa RSA SHA256:mh5yZgT8qsP83ie6Ka1WMrnSnbLrzrmWcVJKubB+0Os agent
debug3: sign_and_send_pubkey: RSA SHA256:mh5yZgT8qsP83ie6Ka1WMrnSnbLrzrmWcVJKubB+0Os
debug3: sign_and_send_pubkey: signing using ssh-rsa SHA256:mh5yZgT8qsP83ie6Ka1WMrnSnbLrzrmWcVJKubB+0Os
debug3: send packet: type 50
debug3: receive packet: type 1
Received disconnect from 168.183.167.31 port 22:1: ssh disconnect host not allowed to connect
Disconnected from 168.183.167.31 port 22
Connection closed

And here sftp -vvv -oPreferredAuthentications=password tim@exmaple.com ( which works and I can login ):

OpenSSH_8.6p1, LibreSSL 3.3.5
debug1: Reading configuration data /Users/tim/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/Users/tim/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/Users/tim/.ssh/known_hosts2'
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to example.com port 22.
debug1: Connection established.
debug1: identity file /Users/tim/.ssh/id_rsa type 0
debug1: identity file /Users/tim/.ssh/id_rsa-cert type -1
debug1: identity file /Users/tim/.ssh/id_dsa type -1
debug1: identity file /Users/tim/.ssh/id_dsa-cert type -1
debug1: identity file /Users/tim/.ssh/id_ecdsa type -1
debug1: identity file /Users/tim/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/tim/.ssh/id_ecdsa_sk type -1
debug1: identity file /Users/tim/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /Users/tim/.ssh/id_ed25519 type -1
debug1: identity file /Users/tim/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/tim/.ssh/id_ed25519_sk type -1
debug1: identity file /Users/tim/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /Users/tim/.ssh/id_xmss type -1
debug1: identity file /Users/tim/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.6
debug1: Remote protocol version 2.0, remote software version XFB.Gateway Unix
debug1: compat_banner: no match: XFB.Gateway Unix
debug3: fd 5 is O_NONBLOCK
debug1: Authenticating to example.com:22 as 'es10fg3'
debug3: record_hostkey: found key type RSA in file /Users/tim/.ssh/known_hosts:200
debug3: load_hostkeys_file: loaded 1 keys from example.com
debug1: load_hostkeys: fopen /Users/tim/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug3: order_hostkeyalgs: prefer hostkeyalgs: rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
debug2: host key algorithms: rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org
debug2: host key algorithms: ssh-rsa
debug2: ciphers ctos: aes256-cbc,aes256-ctr,aes128-cbc,aes128-ctr
debug2: ciphers stoc: aes256-cbc,aes256-ctr,aes128-cbc,aes128-ctr
debug2: MACs ctos: hmac-sha2-256,hmac-sha1,hmac-sha1-96
debug2: MACs stoc: hmac-sha2-256,hmac-sha1,hmac-sha1-96
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-rsa SHA256:hGn3OiqHcSEVML4xIvmRDpGzhTEiHBpoQBhbs1U9rzo
debug3: record_hostkey: found key type RSA in file /Users/tim/.ssh/known_hosts:200
debug3: load_hostkeys_file: loaded 1 keys from example.com
debug1: load_hostkeys: fopen /Users/tim/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host 'example.com' is known and matches the RSA host key.
debug1: Found key in /Users/tim/.ssh/known_hosts:200
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 4294967296 blocks
debug1: Will attempt key: /Users/tim/.ssh/id_rsa RSA SHA256:mh5yZgT8qsP83ie6Ka1WMrnSnbLrzrmWcVJKubB+0Os agent
debug1: Will attempt key: /Users/tim/keys/example-prod.pem RSA SHA256:U7BxS2twTY0O+A7ra8vGM4NnlTa+r6rUIWuOZp5m6Xw agent
debug1: Will attempt key: /Users/tim/keys/example-production-bastion.pem RSA SHA256:0XefFR348UfoFWBqmfBAMAFs539y2HwoUQeGQRkscOE agent
debug1: Will attempt key: /Users/tim/.ssh/id_dsa 
debug1: Will attempt key: /Users/tim/.ssh/id_ecdsa 
debug1: Will attempt key: /Users/tim/.ssh/id_ecdsa_sk 
debug1: Will attempt key: /Users/tim/.ssh/id_ed25519 
debug1: Will attempt key: /Users/tim/.ssh/id_ed25519_sk 
debug1: Will attempt key: /Users/tim/.ssh/id_xmss 
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: password,publickey
debug3: start over, passed a different list password,publickey
debug3: preferred password
debug3: authmethod_lookup password
debug3: remaining preferred: 
debug3: authmethod_is_enabled password
debug1: Next authentication method: password

The successful one was only password.

Can you do this one too? I want to see if keyboard interactive is ok or not.

Also try rclone making sure you unset any SSH* environment variables first so it is definitely not picking up an SSH agent.