command line or winscp.ini key exchange threshold

Advertisement

dr_mumps
Joined:
Posts:
3

command line or winscp.ini key exchange threshold

How do I either specify the first key exchange threshold and/or defeat the "warning below" check when using winSCP from the command line? I had to alter the server side to a "higher" level algorithm to allow my script to function.

"... The first key-exchange algorithm supported by the server is diffie-hellman-group1-sha1, which is below the configured warning threshold.
Do you want to continue with this connection?..."

When using the winSCP front end , setting the Advanced Site setting, Key Exchange works fine... but only for those sessions connected via the winSCP front end. It there a command line and/or winscp.ini parameter I can set to do the same thing?

Also, if a "YES" is answered to the above query, can winSCP store the response in the winscp.ini so it wouldn't be prompted again?

Reply with quote

Advertisement

dr_mumps
Joined:
Posts:
3

Re: command line or winscp.ini key exchange threshold

dr_mumps wrote:

How do I either specify the first key exchange threshold and/or defeat the "warning below" check when using winSCP from the command line? I had to alter the server side to a "higher" level algorithm to allow my script to function.

"... The first key-exchange algorithm supported by the server is diffie-hellman-group1-sha1, which is below the configured warning threshold.
Do you want to continue with this connection?..."

When using the winSCP front end , setting the Advanced Site setting, Key Exchange works fine... but only for those sessions connected via the winSCP front end. It there a command line and/or winscp.ini parameter I can set to do the same thing?

Also, if a "YES" is answered to the above query, can winSCP store the response in the winscp.ini so it wouldn't be prompted again?

I should also mention that I have tried the following... none of which "bypass" the warning threshold:
-rawsettings SshProt=0 ==> "SSH protocol version 1 required by our configuration but not provided by server" ... no session
-rawsettings SshProt=1 ==> "SSH protocol version 1 required by our configuration but not provided by server" ... no session
-rawsettings SshProt=2 ==> prompts Yes or No regarding the warning threshold
-rawsettings SshProt=3 ==> prompts Yes or No regarding the warning threshold

0 to 3 appear to be the options allowed for "SshProt" ... with "2" no longer available according to the doc's

Also tried:
-rawsettings Cipher=diffie-hellman-group1-sha1,WARN ==>
"The first key-exchange algorithm supported by the server is diffie-hellman-group1-sha1, which is below the configured warning threshold.
Do you want to continue with this connection?
(Y)es, (N)o: No"

Reply with quote

Advertisement

You can post new topics in this forum