Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > Secure Shell

Reply
 
Thread Tools Display Modes
  #1  
Old 03-03-2019, 05:52 PM
dverbern dverbern is offline
Registered User
 
Join Date: Mar 2019
Posts: 23
Unhappy 3rd party changed key change algorithm, we don't seem to have them available

First time here.
We are licensed for and using VShell Enterprise Server with FTPS.

A vendor recently advised it was changing security, dropping support for some algorithms and adding some new ones.

We are now seeing the file transfer fail with error:

"Key exchange failed. No compatible key exchange method. The server supports these methods: diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha256"

In our version 4.0.4 (x64 build 636) of VShell, under Key Exchange, we have some algorithms checked:

"diffie-hellman-group14", "diffie-hellman" and "diffie-hellman-group"

Note the vendor ones are stated in error above are not listed. Under "Cipher/MAC", within "MAC", there are a couple of MACs not yet checked such as "SHA2-512" or "SHA2-256". I don't know enough about security to know how these concepts work together.

If anyone is able to advise how we might be able to make "diffie-hellman-group16-sha512" and/or "diffie-hellman-group14-sha256" OR "diffie-hellman-group-exchange-sha256" available within our VShell, that would be welcome.
Reply With Quote
  #2  
Old 03-04-2019, 10:21 AM
jdev's Avatar
jdev jdev is offline
VanDyke Technical Support
 
Join Date: Nov 2003
Location: Albuquerque, NM
Posts: 922
Quote:
Originally Posted by dverbern View Post
"Key exchange failed. No compatible key exchange method. The server supports these methods: diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha256"
<snip>
Note the vendor ones are stated in error above are not listed.
This is because you're using a version of VShell that does not implement support for any of the newer key exchange algorithms required by the client.

Support for the diffie-hellman-group-exchange-sha256 key exchange algorithm was first implemented in VShell version 4.1.

You're using VShell version 4.0, so this algorithm is not present in the SSH2 > Key Exchange category of the VShell control panel.

You also made reference to ciphers...
Quote:
Under "Cipher/MAC", within "MAC", there are a couple of MACs not yet checked such as "SHA2-512" or "SHA2-256". I don't know enough about security to know how these concepts work together.
Ciphers and MACs are components of the key exchange process for SSH2 connections, but the key exchange algorithm itself is at play here, not the Ciphers/MACs.

As I mentioned earlier, the reason why this connection is failing is that the client connecting to VShell is requiring algorithms that your older 4.0 version of VShell did not implement.

If you upgrade your VShell installation to a newer version that supports the diffie-hellman-group-exchange-sha256 key exchange method, this specific client will be able to get past that specific obstacle currently preventing successful connection.
--Jake
Attached Images
File Type: png VShell_4.4.1_ControlPanel_SSH2-KeyExchangeCategory.png (42.2 KB, 135 views)
__________________
Jake Devenport
VanDyke Software
Technical Support
YouTube Channel: https://www.youtube.com/vandykesoftware
Email: support@vandyke.com
Web: https://www.vandyke.com/support
Reply With Quote
Reply

Tags
vshell lgorithm


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 10:41 PM.