Topic "Import more recent PuTTY code to support newer kex algorithm"

Author Message
rmenessec
[View user's profile]

Joined: 2012-09-21
Posts: 1
I strictly limit the MACs, ciphers, and key exchange algorithms on my servers to enforce the best possible security. The relevant section of my sshd_config looks like this:

Code:
Ciphers aes256-ctr,aes192-ctr,aes128-ctr
KexAlgorithms ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
MACs hmac-sha2-512,hmac-sha2-256,hmac-sha1,hmac-ripemd160,umac-64@openssh.com


Apparently, current PuTTY (I use nightly builds--not sure about 0.60) is fine with diffie-hellman-group-exchange-sha256. WinSCP 5.0.9 is not, and refuses to connect when this kex is enforced. Support for DH-SHA256 would be appreciated.

Thanks!
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25034
Location: Prague, Czechia
I definitely plan to upgrade to the more recent PuTTY code. But there has been quite a change in the PuTTY code after 0.62. So the upgrade is not something that can fit into stable branch of WinSCP.
_________________
Martin Prikryl
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License