Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

martin

Re: Import more recent PuTTY code to support newer kex algorithm

I definitely plan to upgrade to the more recent PuTTY code. But there has been quite a change in the PuTTY code after 0.62. So the upgrade is not something that can fit into stable branch of WinSCP.
rmenessec

Import more recent PuTTY code to support newer kex algorithm

I strictly limit the MACs, ciphers, and key exchange algorithms on my servers to enforce the best possible security. The relevant section of my sshd_config looks like this:

Ciphers aes256-ctr,aes192-ctr,aes128-ctr

KexAlgorithms ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
MACs hmac-sha2-512,hmac-sha2-256,hmac-sha1,hmac-ripemd160,umac-64@openssh.com


Apparently, current PuTTY (I use nightly builds--not sure about 0.60) is fine with diffie-hellman-group-exchange-sha256. WinSCP 5.0.9 is not, and refuses to connect when this kex is enforced. Support for DH-SHA256 would be appreciated.

Thanks!