Key-exchange algorithm diffie-hellman-group1-sha1 was not verified!

Advertisement

JSilva
Guest

Key-exchange algorithm diffie-hellman-group1-sha1 was not verified!

Hi Martin,

I have just updated the WinSCP to the latest version 5.9.2 and started to have some problems with some of SFTP accounts.
I mainly use WinSCP via scripting like so:

#--> This script was created by SQL <--#
# Automatically abort script on errors
option batch abort
# Disable overwrite confirmations that conflict with the previous
option confirm off
# Connect
open sftp://citmeddv:******@ftp.it.******.com/ -hostkey="*" -timeout=120
# Command Line
cd "Tmp_Input"
PUT "\\Device\Output\DM_201304_1203_1.csv"
# Disconnect
close
# Exit WinSCP
exit
#--> EOF This script was created by SQL <--#

And this is generating an error:

<?xml version="1.0" encoding="UTF-8"?>
<session xmlns="http://winscp.net/schema/session/1.0" name="citmeddv@ftp03.it.rxcorp.com" start="2016-09-28T06:16:58.867Z">
  <failure>
    <message>Key-exchange algorithm diffie-hellman-group1-sha1 was not verified!</message>
  </failure>
</session>

In the details we have:

. 2016-09-28 07:16:59.148 Enumerating network events for socket 1908
. 2016-09-28 07:16:59.148 Enumerated 1 network events making 1 cumulative events for socket 1908
. 2016-09-28 07:16:59.148 Handling network read event on socket 1908 with error 0
. 2016-09-28 07:16:59.148 Asking user:
. 2016-09-28 07:16:59.148 The first key-exchange algorithm supported by the server is diffie-hellman-group1-sha1, which is below the configured warning threshold.
. 2016-09-28 07:16:59.148 
. 2016-09-28 07:16:59.148 Do you want to continue with this connection? ()
. 2016-09-28 07:16:59.148 Attempt to close connection due to fatal exception:
* 2016-09-28 07:16:59.148 Key-exchange algorithm diffie-hellman-group1-sha1 was not verified!
. 2016-09-28 07:16:59.148 Closing connection.
. 2016-09-28 07:16:59.148 Sending special code: 12
. 2016-09-28 07:16:59.148 Selecting events 0 for socket 1908

Is there a workaround for this problem?
I already saw the KEX option but I don't know how to implement it.

Best regards

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
29,303
Location:
Prague, Czechia

Re: Key-exchange algorithm diffie-hellman-group1-sha1 was not verified!

This should do:

open sftp://citmeddv:******@ftp.it.******.com/ -hostkey="*" -timeout=120 -rawsettings KEX=dh-group1-sha1

See https://winscp.net/eng/docs/rawsettings

Though, obviously, the correct solution to upgrade your server not to use an insecure KEX.

Reply with quote

JSilva
Guest

Re: Key-exchange algorithm diffie-hellman-group1-sha1 was not verified!

Thank you very much Martin! This is exactly what i needed!

Best regards

Reply with quote

Oleriano
Guest

WINSCP Graphic solution

Hello,

using WINSCSP Graphic solution, go to advanced settings, and put EXchange group Dif-Hellman in first option to make the key send.

Works fine for me.

Reply with quote

Advertisement

You can post new topics in this forum