On 5/4/2015 at 9:39 PM, "Darren Tucker" <[email protected]> wrote: >[...] >> debug1: Client protocol version 2.0; client software version >WinSCP_release_5.7.2 >[...] >> Hm, kex protocol error: type 30 seq 1 [preauth] > >message type 30 is the pre-RFC4419 group exchange message. Since >RFC4419 was published nearly 10 years ago support for the >non-standardized message was recently removed from OpenSSH. > >> What did we break and how can we fix it? > >Please try this patch on your server. > >Index: compat.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/compat.c,v >retrieving revision 1.91 >diff -u -p -r1.91 compat.c >--- compat.c 4 May 2015 06:10:48 -0000 1.91 >+++ compat.c 5 May 2015 04:33:04 -0000 >@@ -177,6 +177,7 @@ compat_datafellows(const char *version) > "TTSSH/2.70*," > "TTSSH/2.71*," > "TTSSH/2.72*", SSH_BUG_HOSTKEYS }, >+ { "WinSCP*", SSH_OLD_DHGEX }, > { NULL, 0 } > }; >
We upgrade from snapshots, and don't have the source installed, so we can't easily check this patch. However, your response prompted us to look again into the WinSCP options, and under Advanced Site Settings > SSH > Key exchange, there is the ability to reorder the preferred key exchange algorithms. Preferring "D-H group 14" before "D-H group exchange" allows the client to connect. If D-H group exchange is obsolete then the fix should really be applied to WinSCP? Thanks! (I think my email line-lengths are messed up, sorry)
