Error: Key-exchange algorithm diffie-hellman-group1 -sha1 was not verified!

Advertisement

tester
Guest

Error: Key-exchange algorithm diffie-hellman-group1 -sha1 was not verified!

Hi,
I'm trying to write a simple c# program just to scp a file to another device running linux.

the program run just fine when i sent file to one linux system, but got this error "Error: Key-exchange algorithm diffie-hellman-group1 -sha1 was not verified!" when I tried to sent to some other linux machine.

when i use winSCP, the warning poped up say "The first key-exchange algorithm supported by teh server is diffie-hellman-group1 -sha1, which is below the configured warning threshold." and i click yes to continue and it works just fine. so some how winSCP can bypass this when i click yes to continue.

how do I bypass this key-exchange error when written in c#? I don't care about security, just want to transfer a file.

thanks

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
29,562
Location:
Prague, Czechia

Re: Error: Key-exchange algorithm diffie-hellman-group1 -sha1 was not verified!

You can use KEX raw session setting:
https://winscp.net/eng/docs/rawsettings

Easy way is to
- configure your session in WinSCP GUI
- move the "Diffie-Hellman Group 1" above the warning threshold:
https://winscp.net/eng/docs/ui_login_kex
- have WinSCP generate the code for you:
https://winscp.net/eng/docs/ui_generateurl#code

Reply with quote

r4v3n
Joined:
Posts:
5

I also face same issue, and it is not always easy to recompile your automation applications which use this when you change the default settings.
It would be great with .ini, registry or other way to change this default value for user@site or globally so we don't have to recompile our automations. E g in my case I am not in control of the automation application and cannot recompile this, only the settings of site, user, port, file name mask, polling interval etc. I have some intermittent issues in older 5.x version so I would like to use the latest.

I created this bug to track this issue:
https://winscp.net/forum/viewtopic.php?t=23731

Reply with quote

DOR B
Guest

ADD RAW SETTINGS

I HAVE ENCOUNTER THE SAME PROBLEM,SIMPLY ADD RAW SETTING : sessionOptions.AddRawSettings("KEX", "ecdh,dh-gex-sha1,dh-group14-sha1,rsa,dh-group1-sha1,WARN");

Reply with quote

Advertisement

2005732
Guest

Support for Diffie Helman SHA1

This worked great for me, thank you.
The extra line of code it generated was this, if it helps anyone.

sessionOptions.AddRawSettings("KEX", "ecdh,dh-gex-sha1,dh-group14-sha1,rsa,dh-group1-sha1,WARN");

Reply with quote

Advertisement

You can post new topics in this forum