I have a PC where I run
sshd as a SFTP server.
I have configured the KexAlgorithms as follows:
KexAlgorithms +diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
I deliberately want to allow the use of these old key exchange algorithms because I want this server to be accessible by a very old (Win98 based) PC that runs WinSCP which has only a small number of key exchange algorithms available.
However, even though I configured the KexAlgorithms on the server, even after a reboot the connection does not work. I checked on the server which ciphers it allows by
sshd -T | grep kex
and neither the diffie-hellman-group-exchange-sha1 nor the diffie-hellman-group14-sha1 are listed. Therefore it is impossible to connect to this server from WinSCP on Windows 98.
N.B.: I have deliberately used a PC with two network interfaces, i.e. one of them is connected to the regular LAN (with internet access and so on) and the other interface is connected to the old PC only. I cannot simply update the old PC because it is integrated in a very unique and expensive measuring instrument I cannot change.
Asked by T. Pluess
(626 rep)
Mar 11, 2021, 01:11 PM
Last activity: May 28, 2025, 09:00 AM
Last activity: May 28, 2025, 09:00 AM