Topic "command line or winscp.ini key exchange threshold"

Author Message
dr_mumps
[View user's profile]

Joined: 2016-06-30
Posts: 3
How do I either specify the first key exchange threshold and/or defeat the "warning below" check when using winSCP from the command line? I had to alter the server side to a "higher" level algorithm to allow my script to function.

"... The first key-exchange algorithm supported by the server is diffie-hellman-group1-sha1, which is below the configured warning threshold.
Do you want to continue with this connection?..."

When using the winSCP front end , setting the Advanced Site setting, Key Exchange works fine... but only for those sessions connected via the winSCP front end. It there a command line and/or winscp.ini parameter I can set to do the same thing?

Also, if a "YES" is answered to the above query, can winSCP store the response in the winscp.ini so it wouldn't be prompted again?
Advertisements
dr_mumps
[View user's profile]

Joined: 2016-06-30
Posts: 3
dr_mumps wrote:
How do I either specify the first key exchange threshold and/or defeat the "warning below" check when using winSCP from the command line? I had to alter the server side to a "higher" level algorithm to allow my script to function.

"... The first key-exchange algorithm supported by the server is diffie-hellman-group1-sha1, which is below the configured warning threshold.
Do you want to continue with this connection?..."

When using the winSCP front end , setting the Advanced Site setting, Key Exchange works fine... but only for those sessions connected via the winSCP front end. It there a command line and/or winscp.ini parameter I can set to do the same thing?

Also, if a "YES" is answered to the above query, can winSCP store the response in the winscp.ini so it wouldn't be prompted again?


I should also mention that I have tried the following... none of which "bypass" the warning threshold:
-rawsettings SshProt=0 ==> "SSH protocol version 1 required by our configuration but not provided by server" ... no session
-rawsettings SshProt=1 ==> "SSH protocol version 1 required by our configuration but not provided by server" ... no session
-rawsettings SshProt=2 ==> prompts Yes or No regarding the warning threshold
-rawsettings SshProt=3 ==> prompts Yes or No regarding the warning threshold

0 to 3 appear to be the options allowed for "SshProt" ... with "2" no longer available according to the doc's

Also tried:
-rawsettings Cipher=diffie-hellman-group1-sha1,WARN ==>
"The first key-exchange algorithm supported by the server is diffie-hellman-group1-sha1, which is below the configured warning threshold.
Do you want to continue with this connection?
(Y)es, (N)o: No"
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24993
Location: Prague, Czechia
It's -rawsettings KEX="ecdh,dh-gex-sha1,dh-group14-sha1,rsa,dh-group1-sha1,WARN"

See https://winscp.net/eng/docs/rawsettings

The easiest is to have WinSCP generate the command for you:
https://winscp.net/eng/docs/ui_generateurl
dr_mumps
[View user's profile]

Joined: 2016-06-30
Posts: 3
martin wrote:
It's -rawsettings KEX="ecdh,dh-gex-sha1,dh-group14-sha1,rsa,dh-group1-sha1,WARN"

See https://winscp.net/eng/docs/rawsettings

The easiest is to have WinSCP generate the command for you:
https://winscp.net/eng/docs/ui_generateurl


FANTASTIC!.. did I just miss that rawsetting definition or was it just added? ... Doesn't matter. Thanks so much
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License