Xshell Forum

XShell long connecting when server uses DH SHA256 and group-exchange-sha1

Last post: Tuesday, September 1, 2015 3:29 AM by Support, 7 reply

 
Sunday, March 22, 2015 12:42 PM - Yuri

XShell long connecting when server uses DH SHA256 and group-exchange-sha1

 
Hi.
XShell connecting with visible delay when server uses DH SHA256 and group-exchange-sha1.

Also if server contains key exchange in following order:

KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1

XShell 5 always prefer diffie-hellman-group14-sha1.

Using diffie-hellman-group-exchange-sha256 is only possible when server contains it as a single option.

Program Ver. : Xshell 5
Monday, March 30, 2015 3:21 AM - Support

Re: XShell long connecting when server uses DH SHA256 and group-exchange-sha1

 
We have tested using DH SHA256 and group-exchange-sha1 but the delay did not occur in our machines. Can you please send us the following informaton?

1. SSH log file. Try running the server in debug mode and send us the log file.

2. What is the SSHD version and UNIX/Linux OS name and version?

3. sshd_config file.


---
Technical Support
Monday, March 30, 2015 4:47 AM - Yuri

Yuri

 
Server OS is Solaris 10 x86_64, kernel 150401-16 (update 11)

SSH server is OpenSSH 6.8

SSHD debug level 1 log is attached, sshd_config attached.
Wednesday, April 1, 2015 3:39 AM - Support

Re: XShell long connecting when server uses DH SHA256 and group-exchange-sha1

 
We have tested the key exchange algorithm with Xshell but didn't find any performance issue. Can you make sure this problem is not on the server side?

We are going to add a feature that allows users to change the key exchange order. (Case # 3086)

---
Technical Support
Saturday, April 4, 2015 8:56 AM - Yuri

Yuri

 
Bitvise SSH client connects to the same servers without any delays and with the same Kex/MAC/Cipher's settings.
Monday, May 4, 2015 7:18 AM - Yuri

Yuri

 
Also, XShell hungs during connection up to 10 seconds.
Tuesday, August 25, 2015 9:13 AM - Yuri

Yuri

 
Hi, guys.

XShell 5 latest version completely cannot connect to OpenSSH 7.1 server with kex group-exchange-sha256. Only with group14. I've forced to downgrade my servers security settings. Server produces KEX error - timeouts with KEX procedure.

Check you code - I think this is continious problem with SHA256 - see above. Security is lower.

As at previous message - Bitwise SSH client connets without any problems/delays with DH group exchange SHA256.
Tuesday, September 1, 2015 3:29 AM - Support

Re: XShell long connecting when server uses DH SHA256 and group-exchange-sha1

 
Thank you for reporting this problem. We have successfully duplicated the problem and found the cause. Update will be released shortly.


Technical Support

Like us on Facebook
Follow us on Twitter
Visit our blog Blog