dr_mumps wrote:
How do I either specify the first key exchange threshold and/or defeat the "warning below" check when using winSCP from the command line? I had to alter the server side to a "higher" level algorithm to allow my script to function.
"... The first key-exchange algorithm supported by the server is diffie-hellman-group1-sha1, which is below the configured warning threshold.
Do you want to continue with this connection?..."
When using the winSCP front end , setting the Advanced Site setting, Key Exchange works fine... but only for those sessions connected via the winSCP front end. It there a command line and/or winscp.ini parameter I can set to do the same thing?
Also, if a "YES" is answered to the above query, can winSCP store the response in the winscp.ini so it wouldn't be prompted again?
I should also mention that I have tried the following... none of which "bypass" the warning threshold:
-rawsettings SshProt=0 ==> "SSH protocol version 1 required by our configuration but not provided by server" ... no session
-rawsettings SshProt=1 ==> "SSH protocol version 1 required by our configuration but not provided by server" ... no session
-rawsettings SshProt=2 ==> prompts Yes or No regarding the warning threshold
-rawsettings SshProt=3 ==> prompts Yes or No regarding the warning threshold
0 to 3 appear to be the options allowed for "SshProt" ... with "2" no longer available according to the doc's
Also tried:
-rawsettings Cipher=diffie-hellman-group1-sha1,WARN ==>
"The first key-exchange algorithm supported by the server is diffie-hellman-group1-sha1, which is below the configured warning threshold.
Do you want to continue with this connection?
(Y)es, (N)o: No"