Import more recent PuTTY code to support newer kex algorithm

Advertisement

rmenessec
Joined:
Posts:
1

Import more recent PuTTY code to support newer kex algorithm

I strictly limit the MACs, ciphers, and key exchange algorithms on my servers to enforce the best possible security. The relevant section of my sshd_config looks like this:

Ciphers aes256-ctr,aes192-ctr,aes128-ctr
KexAlgorithms ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
MACs hmac-sha2-512,hmac-sha2-256,hmac-sha1,hmac-ripemd160,umac-64@openssh.com    

Apparently, current PuTTY (I use nightly builds--not sure about 0.60) is fine with diffie-hellman-group-exchange-sha256. WinSCP 5.0.9 is not, and refuses to connect when this kex is enforced. Support for DH-SHA256 would be appreciated.

Thanks!

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
27,253
Location:
Prague, Czechia

Re: Import more recent PuTTY code to support newer kex algorithm

I definitely plan to upgrade to the more recent PuTTY code. But there has been quite a change in the PuTTY code after 0.62. So the upgrade is not something that can fit into stable branch of WinSCP.
_________________
Martin Prikryl

Reply with quote

Advertisement

You can post new topics in this forum