Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

martin

juul wrote:

Those appear in the lists in the PuTTY settings.

But in a development version only. Not in the stable one.
juul

This is actually not entirely the same, its because WinSCP is missing a cipher and key exchange algorithm.

I ran into the same problem when connecting to a hardened server. The policy of this server had to be relaxed to allow WinSCP to connect because the server was very strict at first.

The cipher missing is: ChaCha20 (SSH-2 only)
The key exchange algorithm missing is: ECDH key exchange

Those appear in the lists in the PuTTY settings, however in WinSCP these do not appear in the cipher and kex selection policy lists.
jawnsy_

Couldn't agree on key exchange algorithm (hardened server)

Hi,

I followed the instructions for "modern compatibility" listed here: https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67

So these are my cipher settings in /etc/ssh/sshd_config:
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256

Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com

Unfortunately, this breaks WinSCP. PuTTY 0.65 has no issues, so perhaps this is just an issue where an upgrade is required. This issue looks very similar to https://winscp.net/tracker/1067

Cheers,
Jonathan Yu
jonathan.i.yu@gmail.com