Error: Key-exchange algorithm diffie-hellman-group1 -sha1 was not verified! :: Support Forum

tester Guest

Error: Key-exchange algorithm diffie-hellman-group1 -sha1 was not verified!

2016-08-19 02:28

Hi,
I'm trying to write a simple C# program just to scp a file to another device running Linux.

The program run just fine when I sent file to one Linux system, but got this error

Error: Key-exchange algorithm diffie-hellman-group1 -sha1 was not verified!

when I tried to sent to some other Linux machine.

When I use WinSCP, the warning popped up say

The first key-exchange algorithm supported by the server is diffie-hellman-group1 -sha1, which is below the configured warning threshold.

and I click Yes to continue and it works just fine. So somehow WinSCP can bypass this when I click Yes to continue.

How do I bypass this key-exchange error when written in C#? I don't care about security, just want to transfer a file.

Thanks.

Reply with quote

markvmt Guest

2016-08-25 20:01

I'm running into the same issue, has anyone found a work around?

Reply with quote

martin◆ Site Admin
Joined:: 2002-12-10
Posts:: 38,164
Location:: Prague, Czechia

Re: Error: Key-exchange algorithm diffie-hellman-group1 -sha1 was not verified!

2016-08-28

You can use KEX raw session setting:
https://winscp.net/eng/docs/rawsettings

Easy way is to

configure your session in WinSCP GUI
move the "Diffie-Hellman Group 1" above the warning threshold:
https://winscp.net/eng/docs/ui_login_kex
have WinSCP generate the code for you:
https://winscp.net/eng/docs/ui_generateurl#code

Reply with quote

r4v3n
Joined:: 2016-05-24
Posts:: 8
Location:: Stockholm, Sweden

2016-09-14 12:02

I also face same issue, and it is not always easy to recompile your automation applications which use this when you change the default settings.
It would be great with .ini, registry or other way to change this default value for user@site or globally so we don't have to recompile our automations. E g in my case I am not in control of the automation application and cannot recompile this, only the settings of site, user, port, file name mask, polling interval etc. I have some intermittent issues in older 5.x version so I would like to use the latest.

I created this bug to track this issue:
KEX Warn default option change force automation developers to have to recompile their applications

Reply with quote

DOR B Guest

Add raw settings

2016-11-28 09:46

I have encounter the same problem, simply add raw setting:

sessionOptions.AddRawSettings("KEX", "ecdh,dh-gex-sha1,dh-group14-sha1,rsa,dh-group1-sha1,WARN");

Reply with quote

2005732 Guest

Support for Diffie Helman SHA1

2018-08-03 00:54

This worked great for me, thank you.
The extra line of code it generated was this, if it helps anyone.

sessionOptions.AddRawSettings("KEX", "ecdh,dh-gex-sha1,dh-group14-sha1,rsa,dh-group1-sha1,WARN");

Reply with quote

Error: Key-exchange algorithm diffie-hellman-group1 -sha1 was not verified!