Forum » Support and Bug Reports »

No support for key exchange with SHA-2?

Advertisement

Gatak
Guest

No support for key exchange with SHA-2?

I have configured OpenSSH with the following: 

Ciphers         aes256-cbc,aes192-cbc,aes256-ctr,aes192-ctr
MACs            hmac-sha1,hmac-sha2-256,hmac-sha2-512
KexAlgorithms   ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256

This works well with Putty (0.62 x64) and VX Connectbot (Android 4.2/4.3), but not with WinSCP (5.2.3). I get the following error: Couldn't agree on key exchange algorithm.

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
41,440
Location:
Prague, Czechia

Re: No support for key exchange with SHA-2?

Please attach a full log file showing the problem, using both the latest version of WinSCP (5.2.4 beta) and PuTTY (0.62)

To generate log file, enable logging, log in to your server and do the operation and only the operation that causes the error. Submit the log with your post as an attachment. Note that passwords and passphrases not stored in the log. You may want to remove other data you consider sensitive though, such as host names, IP addresses, account names or file names (unless they are relevant to the problem). If you do not want to post the log publicly, you may email it to me. You will find my address (if you log in) in my forum profile. Please include link back to this topic in your email. Also note in this topic that you have emailed the log.

Reply with quote

Gatak
Guest

Log from WinSCP and PuTTY

Here are the logs. Not sure if I posted something I shouldn't - i.e. SSH keys visible?
Description: Log output from connecting to a SSH2 server with SHA-2.
Description: Log output (debug 2) from connecting to a SSH2 server with SHA-2.

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
41,440
Location:
Prague, Czechia

Re: No support for key exchange with SHA-2?

Thanks.

This issue has been added to the tracker:
https://winscp.net/tracker/1067

Can you send me an email, so I can send you back a dev version of WinSCP for testing? Please include link back to this topic in your email. Also note in this topic that you have sent the email. Thanks.

You will find my address (if you log in) in my forum profile.

Reply with quote

Advertisement

You can post new topics in this forum

Documentation

Support

Associations

Follow Us