Topic "Import more recent PuTTY code to support newer kex algorithm"

Author Message
[View user's profile]

Joined: 2012-09-21
Posts: 1
I strictly limit the MACs, ciphers, and key exchange algorithms on my servers to enforce the best possible security. The relevant section of my sshd_config looks like this:

Ciphers aes256-ctr,aes192-ctr,aes128-ctr
KexAlgorithms ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
MACs hmac-sha2-512,hmac-sha2-256,hmac-sha1,hmac-ripemd160,

Apparently, current PuTTY (I use nightly builds--not sure about 0.60) is fine with diffie-hellman-group-exchange-sha256. WinSCP 5.0.9 is not, and refuses to connect when this kex is enforced. Support for DH-SHA256 would be appreciated.

[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 26889
Location: Prague, Czechia
I definitely plan to upgrade to the more recent PuTTY code. But there has been quite a change in the PuTTY code after 0.62. So the upgrade is not something that can fit into stable branch of WinSCP.
Martin Prikryl

You can post new topics in this forum


What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!


About donations

$9   $19   $49   $99

About donations


WinSCP Privacy Policy

WinSCP License