login about faq

sftp connect failed due to hmac-sha1-96 not supported, will this be supported?

    DllDate: Aug 15 2013
    UnlockPrefix: Anything for 30-day trial
    Username: CV0017595N0:zhiyongr
    Architecture: Little Endian; 32-bit
    Language: ActiveX
    VerboseLogging: 0
    SftpVersion: 0
    hcCurDate: Tue, 18 Feb 2014 14:20:03 +0800
    hcExpire: 11/2013
    hostname: enb704
    port: 22
    ConnectTimeoutMs_1: 5000
    calling ConnectSocket2
    IPV6 enabled connect with NO heartbeat.
    connectingTo: enb704
      Resolving domain name (IPV4) via gethostbyname
    GetHostByNameHB_ipv4: Elapsed time: 16 millisec
    myPort_1: 63807
    connect successful (1)
    Established TCP/IP connection with SSH server
    Turning on TCP_NODELAY.
    clientIdentifier: SSH-2.0-PuTTY_Local:_May_11_2009_17:22:38
    Sending client identifier...
    Done sending client identifier.
    Reading server version...
    initialDataFromSshServer: SSH-2.0-OpenSSH_5.4

serverVersion: SSH-2.0-OpenSSH_5.4
      algorithm: diffie-hellman-group-exchange-sha256
      algorithm: diffie-hellman-group-exchange-sha1
      algorithm: diffie-hellman-group14-sha1
      algorithm: diffie-hellman-group1-sha1
      algorithm: ssh-rsa
      algorithm: aes128-cbc
      algorithm: aes128-ctr
      algorithm: aes256-ctr
      algorithm: aes256-cbc
      algorithm: aes128-cbc
      algorithm: aes128-ctr
      algorithm: aes256-ctr
      algorithm: aes256-cbc
      algorithm: hmac-sha1-96
      algorithm: hmac-sha1-96
      algorithm: none
      algorithm: zlib@openssh.com
      algorithm: none
      algorithm: zlib@openssh.com
    Encryption: 256-bit AES CTR
    Encryption: 256-bit AES CTR
    Unable to agree upon server-to-client MAC algorithm.
    Unable to agree upon client-to-server MAC algorithm.
    Compression: zlib@openssh.com
    Compression: zlib@openssh.com
    Key Exchange: DH Group Exchange SHA256
    Host Key Algorithm: RSA
    numBits: 256
    pbits: 4096
    Using GEX Group.
    Sending KEX_DH_GEX_REQUEST...
    pbits: 4096
    numBytesRequested: 8
    Connection closed by connected peer.
    sshRawPacket: Socket connection closed.
    sshDhGex: Socket connection closed.
    Failed to read KEX_DH_GEX_REQUEST response

asked Feb 18 '14 at 01:40

scott's gravatar image


edited Feb 18 '14 at 20:48

The server will need to support at least hmac-sha1 or hmac-md5 to work with Chilkat.

Chilkat may support other algorithms in the future, such as hmac-sha1-96, but not in the very near future.


answered Feb 18 '14 at 22:01

chilkat's gravatar image

chilkat ♦♦

edited Feb 18 '14 at 22:03

for security enhancement, the target node only supports hmac-sha1-96, then we cannot use chilkat at this moment. anyway thanks for your information.

(Feb 18 '14 at 23:22) scott

I may not fully understand why hmac-sha1-96 would be more secure, but I do know this: hmac-sha1-96 is simply hmac-sha1 but only keeping the first 96 bits of the hash. In other words, hmac-sha1 produces a 160 bit hash. Hmac-sha1-96 produces exactly the same hash, but only keeps the 1st 96 bits. I'm not sure how this adds to security. Maybe it does, but I'm not aware of the explanation.

(Feb 19 '14 at 09:58) chilkat ♦♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported



Asked: Feb 18 '14 at 01:40

Seen: 4,067 times

Last updated: Feb 19 '14 at 09:58

powered by OSQA