Package: openssh-server Version: 1:7.4p1-10+deb9u1 Severity: important
The commit/patch at https://github.com/openssh/openssh-portable/commit/2985d4062ebf4204bbd373456a810d558698f9f5 was never picked up and merged, and now that WinSCP has recently released version 5.11(.x), this is causing problems when wanting to use this WinSCP version to connect to an ssh server running on Debian 9.1 that is configured to only accept diffie-hellman-group-exchange-sha256, using this setting in sshd_config: KexAlgorithms diffie-hellman-group-exchange-sha256 With the above setting, the client cannot connect at all and sshd logs: fatal: No supported key exchange algorithms found [preauth] Commenting it out, however, causes the ssh server to erroneously force a weaker key-exchange (diffie-hellman-group14-sha1) on the user. Connecting to a Debian 8.9 ssh server with WinSCP 5.11.1 works fine. Also, when downgrading to WinSCP 5.9.6 the problem does not occur. See also the report at: https://winscp.net/forum/viewtopic.php?t=25354
