How to configure WinSCP to use specific mac-algorithm?

Advertisement

jwessling
Joined:
Posts:
1
Location:
Seattle

How to configure WinSCP to use specific mac-algorithm?

Hello,

We have an business partner that would like us to use the following when uploading files to there SFTP site:
1) Cipher = aes256-ctr
2) MAC-Algorithm = hmac-sha256
We can specify the cipher in WinSCP easy enough, but haven't determined how or if we can specify the MAC-Algorithm to be used. We can see from the logs that hmac-sha1 is currently being used. Does anyone know how the mac-algorithm can be specified in WinSCP?

Thank you,
Jeff

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
28,658
Location:
Prague, Czechia

Re: How to configure WinSCP to use specific mac-algorithm?

There's no configuration option for that. Though WinSCP should always favor HMAC-SHA-256, if available. Please attach a full session log file showing the problem (using the latest version of WinSCP).

To generate the session log file, enable logging, log in to your server and do the operation and only the operation that causes the error. Submit the log with your post as an attachment. Note that passwords and passphrases not stored in the log. You may want to remove other data you consider sensitive though, such as host names, IP addresses, account names or file names (unless they are relevant to the problem). If you do not want to post the log publicly, you can mark the attachment as private.

Reply with quote

Guest

Re: How to configure WinSCP to use specific mac-algorithm?

martin wrote:

There's no configuration option for that. Though WinSCP should always favor HMAC-SHA-256, if available. Please attach a full session log file showing the problem (using the latest version of WinSCP).

Thanks Martin, here's what I've got. It looks like 'Doing Diffie-Hellman key exchange with hash SHA-256' , but then later the logs indicate 'Initialised HMAC-SHA1 client->server MAC algorithm'

. 2018-03-16 12:45:40.700 Looking up host "[REDACTED]"
. 2018-03-16 12:45:40.700 Connecting to [REDACTED] port 22
. 2018-03-16 12:45:40.779 Server version: SSH-2.0-SSHD
. 2018-03-16 12:45:40.779 Using SSH protocol version 2
. 2018-03-16 12:45:40.779 We claim version: SSH-2.0-WinSCP_release_5.7.7
. 2018-03-16 12:45:40.825 Doing Diffie-Hellman group exchange
. 2018-03-16 12:45:41.028 Doing Diffie-Hellman key exchange with hash SHA-256
. 2018-03-16 12:45:42.654 Verifying host key rsa2 [REDACTED]
. 2018-03-16 12:45:42.700 Host key matches cached key
. 2018-03-16 12:45:42.700 Host key fingerprint is:
. 2018-03-16 12:45:42.700 ssh-rsa 2048 [REDACTED]
. 2018-03-16 12:45:42.700 Initialised AES-256 SDCTR client->server encryption
. 2018-03-16 12:45:42.700 Initialised HMAC-SHA1 client->server MAC algorithm
. 2018-03-16 12:45:42.700 Initialised AES-256 SDCTR server->client encryption
. 2018-03-16 12:45:42.700 Initialised HMAC-SHA1 server->client MAC algorithm

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
28,658
Location:
Prague, Czechia

Re: How to configure WinSCP to use specific mac-algorithm?

Are you sure the server even supports HMAC-SHA-256? Can you connect with HMAC-SHA-256 using any other SSH/SFTP client?

Reply with quote

Advertisement

You can post new topics in this forum