Forum » Support and Bug Reports »

Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

dr_mumps

Re: command line or winscp.ini key exchange threshold

martin wrote:

It's -rawsettings KEX="ecdh,dh-gex-sha1,dh-group14-sha1,rsa,dh-group1-sha1,WARN"

See https://winscp.net/eng/docs/rawsettings

The easiest is to have WinSCP generate the command for you:
https://winscp.net/eng/docs/ui_generateurl


FANTASTIC!.. did I just miss that rawsetting definition or was it just added? ... Doesn't matter. Thanks so much
dr_mumps

Re: command line or winscp.ini key exchange threshold

dr_mumps wrote:

How do I either specify the first key exchange threshold and/or defeat the "warning below" check when using winSCP from the command line? I had to alter the server side to a "higher" level algorithm to allow my script to function.

"... The first key-exchange algorithm supported by the server is diffie-hellman-group1-sha1, which is below the configured warning threshold.
Do you want to continue with this connection?..."

When using the winSCP front end , setting the Advanced Site setting, Key Exchange works fine... but only for those sessions connected via the winSCP front end. It there a command line and/or winscp.ini parameter I can set to do the same thing?

Also, if a "YES" is answered to the above query, can winSCP store the response in the winscp.ini so it wouldn't be prompted again?


I should also mention that I have tried the following... none of which "bypass" the warning threshold:
-rawsettings SshProt=0 ==> "SSH protocol version 1 required by our configuration but not provided by server" ... no session
-rawsettings SshProt=1 ==> "SSH protocol version 1 required by our configuration but not provided by server" ... no session
-rawsettings SshProt=2 ==> prompts Yes or No regarding the warning threshold
-rawsettings SshProt=3 ==> prompts Yes or No regarding the warning threshold

0 to 3 appear to be the options allowed for "SshProt" ... with "2" no longer available according to the doc's

Also tried:
-rawsettings Cipher=diffie-hellman-group1-sha1,WARN ==>
"The first key-exchange algorithm supported by the server is diffie-hellman-group1-sha1, which is below the configured warning threshold.
Do you want to continue with this connection?
(Y)es, (N)o: No"
dr_mumps

command line or winscp.ini key exchange threshold

How do I either specify the first key exchange threshold and/or defeat the "warning below" check when using winSCP from the command line? I had to alter the server side to a "higher" level algorithm to allow my script to function.

"... The first key-exchange algorithm supported by the server is diffie-hellman-group1-sha1, which is below the configured warning threshold.
Do you want to continue with this connection?..."

When using the winSCP front end , setting the Advanced Site setting, Key Exchange works fine... but only for those sessions connected via the winSCP front end. It there a command line and/or winscp.ini parameter I can set to do the same thing?

Also, if a "YES" is answered to the above query, can winSCP store the response in the winscp.ini so it wouldn't be prompted again?

Documentation

Support

Associations

Follow Us