Post a reply

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

Oleriano

WINSCP Graphic solution

Hello,

using WINSCSP Graphic solution, go to advanced settings, and put EXchange group Dif-Hellman in first option to make the key send.

Works fine for me.
JSilva

Re: Key-exchange algorithm diffie-hellman-group1-sha1 was not verified!

Thank you very much Martin! This is exactly what i needed!

Best regards
martin

Re: Key-exchange algorithm diffie-hellman-group1-sha1 was not verified!

This should do:

open sftp://citmeddv:******@ftp.it.******.com/ -hostkey="*" -timeout=120 -rawsettings KEX=dh-group1-sha1

See https://winscp.net/eng/docs/rawsettings

Though, obviously, the correct solution to upgrade your server not to use an insecure KEX.
JSilva

Key-exchange algorithm diffie-hellman-group1-sha1 was not verified!

Hi Martin,

I have just updated the WinSCP to the latest version 5.9.2 and started to have some problems with some of SFTP accounts.
I mainly use WinSCP via scripting like so:

#--> This script was created by SQL <--#

# Automatically abort script on errors
option batch abort
# Disable overwrite confirmations that conflict with the previous
option confirm off
# Connect
open sftp://citmeddv:******@ftp.it.******.com/ -hostkey="*" -timeout=120
# Command Line
cd "Tmp_Input"
PUT "\\Device\Output\DM_201304_1203_1.csv"
# Disconnect
close
# Exit WinSCP
exit
#--> EOF This script was created by SQL <--#


And this is generating an error:

<?xml version="1.0" encoding="UTF-8"?>

<session xmlns="http://winscp.net/schema/session/1.0" name="citmeddv@ftp03.it.rxcorp.com" start="2016-09-28T06:16:58.867Z">
  <failure>
    <message>Key-exchange algorithm diffie-hellman-group1-sha1 was not verified!</message>
  </failure>
</session>


In the details we have:

. 2016-09-28 07:16:59.148 Enumerating network events for socket 1908

. 2016-09-28 07:16:59.148 Enumerated 1 network events making 1 cumulative events for socket 1908
. 2016-09-28 07:16:59.148 Handling network read event on socket 1908 with error 0
. 2016-09-28 07:16:59.148 Asking user:
. 2016-09-28 07:16:59.148 The first key-exchange algorithm supported by the server is diffie-hellman-group1-sha1, which is below the configured warning threshold.
. 2016-09-28 07:16:59.148
. 2016-09-28 07:16:59.148 Do you want to continue with this connection? ()
. 2016-09-28 07:16:59.148 Attempt to close connection due to fatal exception:
* 2016-09-28 07:16:59.148 Key-exchange algorithm diffie-hellman-group1-sha1 was not verified!
. 2016-09-28 07:16:59.148 Closing connection.
. 2016-09-28 07:16:59.148 Sending special code: 12
. 2016-09-28 07:16:59.148 Selecting events 0 for socket 1908


Is there a workaround for this problem?
I already saw the KEX option but I don't know how to implement it.

Best regards