Topic "Key-exchange algorithm diffie-hellman-group1-sha1 was not verified!"

Author Message
JSilva

Guest


Hi Martin,

I have just updated the WinSCP to the latest version 5.9.2 and started to have some problems with some of SFTP accounts.
I mainly use WinSCP via scripting like so:

Code:

#--> This script was created by SQL <--#
# Automatically abort script on errors
option batch abort
# Disable overwrite confirmations that conflict with the previous
option confirm off
# Connect
open sftp://citmeddv:******@ftp.it.******.com/ -hostkey="*" -timeout=120
# Command Line
cd "Tmp_Input"
PUT "\\Device\Output\DM_201304_1203_1.csv"
# Disconnect
close
# Exit WinSCP
exit
#--> EOF This script was created by SQL <--#



And this is generating an error:

Code:

<?xml version="1.0" encoding="UTF-8"?>
<session xmlns="http://winscp.net/schema/session/1.0" name="citmeddv@ftp03.it.rxcorp.com" start="2016-09-28T06:16:58.867Z">
  <failure>
    <message>Key-exchange algorithm diffie-hellman-group1-sha1 was not verified!</message>
  </failure>
</session>


In the details we have:

Code:

. 2016-09-28 07:16:59.148 Enumerating network events for socket 1908
. 2016-09-28 07:16:59.148 Enumerated 1 network events making 1 cumulative events for socket 1908
. 2016-09-28 07:16:59.148 Handling network read event on socket 1908 with error 0
. 2016-09-28 07:16:59.148 Asking user:
. 2016-09-28 07:16:59.148 The first key-exchange algorithm supported by the server is diffie-hellman-group1-sha1, which is below the configured warning threshold.
. 2016-09-28 07:16:59.148
. 2016-09-28 07:16:59.148 Do you want to continue with this connection? ()
. 2016-09-28 07:16:59.148 Attempt to close connection due to fatal exception:
* 2016-09-28 07:16:59.148 Key-exchange algorithm diffie-hellman-group1-sha1 was not verified!
. 2016-09-28 07:16:59.148 Closing connection.
. 2016-09-28 07:16:59.148 Sending special code: 12
. 2016-09-28 07:16:59.148 Selecting events 0 for socket 1908


Is there a workaround for this problem?
I already saw the KEX option but I don't know how to implement it.

Best regards
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24994
Location: Prague, Czechia
This should do:

open sftp://citmeddv:******@ftp.it.******.com/ -hostkey="*" -timeout=120 -rawsettings KEX=dh-group1-sha1

See https://winscp.net/eng/docs/rawsettings

Though, obviously, the correct solution to upgrade your server not to use an insecure KEX.
JSilva

Guest


Thank you very much Martin! This is exactly what i needed!

Best regards
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License