@Armin: Duplicate question:
https://winscp.net/forum/viewtopic.php?t=31644#117721

Is it possible to limit the KEX options that is available?

For security reason, they only want a few specific KEX to be used not all.

But I don't know how to remove the other options.

Thanks

I'm confused. It's the client that picks the algorithm, not the server. And I'm not aware of "RSA SHA512" KEX. Are you really sure this is about "KEX exchange" and not "host key"?
How exactly is the server "server is set up to accept SSH RSA, RSA SHA256, and RSA SHA512"? What server is that?

I can connect with PuTTY, but it also only connects via SSH RSA and not RSA SHA.

The server is set up to accept SSH RSA, RSA SHA256, and RSA SHA512, in that order. How do I force an exchange algorithm?

Can you connect with PuTTY? How do you configure it?

Hello. Yes, the key exchange. My apologies for the confusion.

Thank you.

Are you sure you mean the KEX and not a host key algorithm?
The host key algorithm cannot be configured in WinSCP GUI. You have to use Hostkey raw session setting:
https://winscp.net/eng/docs/rawsettings#hostkey

I am trying to get WinSCP 5.21.6 to use RSA-SHA2. I have moved up the RSA algorithms in Advanced -> SSH -> Key Exchange tab for the session properties.

It still will only connect at ssh-rsa 2048. I have cleared keys, but it didn't change anything.

Is there a way to force/limit/select which protocols I want to use in the client?

Thank you.