Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

martin

Thanks.
martin

Re: Cannot connect to a Debian 9.1 sshd server that only accepts diffie-hellman-group-exchange-sha256

Thanks for all the details. I'll try to contact Debian maintainers.
protput

Cannot connect to a Debian 9.1 sshd server that only accepts diffie-hellman-group-exchange-sha256

WinSCP cannot connect to a Debian 9.1 sshd server that only accepts diffie-hellman-group-exchange-sha256 as the key-exchange algorithm.

WinSCP returns this error:
Server unexpectedly closed network connection.


sshd however, logs this message:
fatal: No supported key exchange algorithms found [preauth]


sshd relevant config:
AuthenticationMethods publickey
Ciphers chacha20-poly1305@openssh.com
KexAlgorithms diffie-hellman-group-exchange-sha256


WinSCP is configured to prefer "Diffie-Hellman group exchange", all the other algorithms are set to warn.

Commenting out KexAlgorithms in sshd_config and restarting sshd causes WinSCP to return this message:
The first key-exchange algorithm supported by the server is diffie-hellman-group14-sha1, which is below the configured warning threshold.

Clicking Yes to the question if I want to continue with the connection does work fine, but this then uses the weaker key-exchange of course.


sshd version is: SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u1 (Debian 9.1)
WinSCP version is: 5.11.1


Edit:
After some testing I found that connecting to a similarly configured sshd server running on Debian 8.9 does work perfectly fine using WinSCP.

I also did a little bit of digging into the OpenSSH source code, and I think it is OpenSSH that is erroneously causing this problem.

I found this commit: https://github.com/openssh/openssh-portable/commit/2985d4062ebf4204bbd373456a810d558698f9f5
Make WinSCP patterns for SSH_OLD_DHGEX more specific to
exclude WinSCP 5.10.x and up. bz#2748, from martin at winscp.net, ok djm@


I suspect this is the problem here and that the OpenSSH version in Debian 9.1 doesn't have this change included, which in turn causes this issue of forcing a weak key-exchange on me.

Maybe you can also get the Debian package maintainers to pull this commit in and release an update as well?

How about also implementing a setting to override the WinSCP version string to circumvent any future problems like this, where operating systems are lagging behind on upstream patches like these for OpenSSH. This would at least let advanced users solve the issue quickly. I have temporarily downgraded WinSCP to 5.9.6 again.