WinSCP supports the following key exchange mechanisms:
While OpenSSH 6.9 supports these by default:
Which means that the following are common:
However, WinSCP is still using the old SSH2_MSG_KEX_DH_GEX_REQUEST_OLD message. Support for the old deprecated message was removed in OpenSSH 6.9:
compat.c Revision 1.90, Mon Apr 13 02:04:08 2015 UTC (2 months, 3 weeks ago) by djm
deprecate ancient, pre-RFC4419 and undocumented
ok markus@ deraadt@ "seems reasonable" dtucker@
Which means that WinSCP cannot successfully negotiate diffie-hellman-group-exchange-* ciphers. For this reason, they were blacklisted for WinSCP clients in OpenSSH 6.9:
compat.c Revision 1.92, Tue May 5 10:17:49 2015 UTC (2 months ago) by dtucker
WinSCP doesn't implement RFC4419 DH-GEX so flag it so we don't offer that
KEX method. ok markus@
This leaves WinSCP with diffie-hellman-group14-sha1. SHA-1 is deprecated and insecure, and security-conscious SSH server administrators disable SHA-1 key exchange mechanisms. WinSCP can no longer negotiate any key exchange mechanism with OpenSSH 6.9 that is considered secure.
PuTTY 0.65 supports the newer message type. Additionally, PuTTY snapshots support newer protocols like curve25519 kex and the chacha20 cipher, which are a really good idea. WinSCP should update to at least 0.65, and the WinSCP team should notify the OpenSSH developers of the minimum version number that will support the new message type, so they can limit the blacklist to older versions.