Differences
This shows you the differences between the selected revisions of the page.
2008-02-18 | 2008-04-16 | ||
reexchange (martin) | 4.1 Preference of GSS key exchange algorithms can be configured on //Key exchange// tab of login dialog. (martin) | ||
Line 21: | Line 21: | ||
WinSCP supports a variety of SSH-2 key exchange methods, and allows you to choose which one you prefer to use; configuration is similar to [[ui_login_ssh#encryption_options|cipher selection]]. | WinSCP supports a variety of SSH-2 key exchange methods, and allows you to choose which one you prefer to use; configuration is similar to [[ui_login_ssh#encryption_options|cipher selection]]. | ||
- | WinSCP currently supports the following varieties of Diffie-Hellman key exchange: | + | WinSCP currently supports the following varieties of Diffie-Hellman and GSS key exchange: |
* //Group 14//: a well-known 2048-bit group. | * //Group 14//: a well-known 2048-bit group. | ||
* //Group 1//: a well-known 1024-bit group. This is less secure than group 14, but may be faster with slow client or server machines, and may be the only method supported by older server software. | * //Group 1//: a well-known 1024-bit group. This is less secure than group 14, but may be faster with slow client or server machines, and may be the only method supported by older server software. | ||
* //Group exchange//: with this method, instead of using a fixed group, WinSCP requests that the server suggest a group to use for key exchange; the server can avoid groups known to be weak, and possibly invent new ones over time, without any changes required to WinSCP's configuration. We recommend use of this method, if possible. | * //Group exchange//: with this method, instead of using a fixed group, WinSCP requests that the server suggest a group to use for key exchange; the server can avoid groups known to be weak, and possibly invent new ones over time, without any changes required to WinSCP's configuration. We recommend use of this method, if possible. | ||
+ | |||
+ | The GSS varieties are used only when [[ui_login_authentication|GSSAPI/SSPI authentication]] is used. | ||
If the first algorithm WinSCP finds is below the //warn below here// line, you will see a warning box when you make the connection, similar to that for [[ui_login_ssh#encryption_options|cipher selection]]. | If the first algorithm WinSCP finds is below the //warn below here// line, you will see a warning box when you make the connection, similar to that for [[ui_login_ssh#encryption_options|cipher selection]]. |