On Fri, May 22, 2015 at 12:27:01, Darren Tucker <dtucker@xxxxxxxxxx> wrote: > Note that PuTTY does do Diffie-Hellman Group Exchange, but until very > recently (ie after their 0.64 release) they didn't do the one that was > actually standardized in RFC4419. OpenSSH recently removed support for > that non-standard one and as a result we don't offer DHGEX to PuTTY > versions <= 0.64 so they'll fall back to group14 (2k bit fix group). I think this is wrong. This commit [0] from 2005 appears to show the addition of diffie-hellman-group-exchange-sha256 support to PuTTY. I've also just successfully connected to a local test OpenSSH server (v6.7p1, as packaged by Debian) with only diffie-hellman-group-exchange-sha256 enabled with an older release of PuTTY (0.63) without any issue. Indeed, PuTTY explicitly reported in its event log that it performed key-exchange using Diffie-Hellman group exchange and SHA-256, so I'm quite sure this is working! Unless there's more than one key-exchange mechanism going by the name diffie-hellman-group-exchange-sha256? Kind regards, David [0] http://tartarus.org/~simon-git/gitweb/?p=putty.git;a=commit;h=91319142781a69cb16053c180870878749477012 -- David McBride <dwm37@xxxxxxxxx> Unix Specialist, University Information Services _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev