Import more recent PuTTY code to support newer kex algorithm

rmenessec
Joined:: 2012-09-21
Posts:: 1

Import more recent PuTTY code to support newer kex algorithm

2012-09-21 23:11

I strictly limit the MACs, ciphers, and key exchange algorithms on my servers to enforce the best possible security. The relevant section of my sshd_config looks like this:

Ciphers aes256-ctr,aes192-ctr,aes128-ctr
KexAlgorithms ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
MACs hmac-sha2-512,hmac-sha2-256,hmac-sha1,hmac-ripemd160,umac-64@openssh.com

Apparently, current PuTTY (I use nightly builds--not sure about 0.60) is fine with diffie-hellman-group-exchange-sha256. WinSCP 5.0.9 is not, and refuses to connect when this kex is enforced. Support for DH-SHA256 would be appreciated.

Thanks!

Reply with quote

martin◆ Site Admin
Joined:: 2002-12-10
Posts:: 41,517
Location:: Prague, Czechia

Re: Import more recent PuTTY code to support newer kex algorithm

2012-09-26

I definitely plan to upgrade to the more recent PuTTY code. But there has been quite a change in the PuTTY code after 0.62. So the upgrade is not something that can fit into stable branch of WinSCP.

Reply with quote

You can post new topics in this forum

Import more recent PuTTY code to support newer kex algorithm

Import more recent PuTTY code to support newer kex algorithm

Re: Import more recent PuTTY code to support newer kex algorithm

Documentation

Support

Associations

Follow Us