If you're running a SFTP service, chances are you've already received connectivity-related complaints involving the diffie-hellman-group1-sha1 key exchange algorithm. Here's how you fix that.
FileZilla can't connect to your SFTP server
We often hear this complaint from admins whose users are trying to connect through later versions of FileZilla. The specific error message they get goes like this:
Error: The first key-exchange algorithm supported by the server is diffie-hellman-group1-sha1, which is no longer secure. Aborting connection.
Error: Could not connect to server
Other SFTP client applications as well as SFTP servers acting as clients likewise generate similar error messages.
Where the problem lies
The error message gives us a hint. The problem lies in the SSH key exchange algorithm. During the negotiation process of the SSH file transfer, some SFTP servers recommend the Diffie-Hellman-Group1-SHA1 for the key exchange. Unfortunately, FileZilla has stopped supporting this particular algorithm due to vulnerability issues. Because the two (client and server) are unable to negotiate a key exchange method, no connection is established.
Certain elements in the Diffie Hellman key exchange algorithm can have vulnerabilities. In this particular case, the root of the problem is in the group being used, i.e., Group1. Each DH group corresponds to a bit length, which in turn determines the strength of the key to be used during the key exchange. The higher the bit length, the stronger. For example:
- Diffie-Hellman Group 1 uses 768-bit
- Diffie-Hellman Group 2 uses 1024 bit
- Diffie-Hellman group 14 uses 2048-bit
768-bit DH groups and even 1024-bit DH groups are vulnerable to precomputation attacks. Although these attacks require a great deal of processing power, the needed processing power is already considered within reach of nation states and large cybercrime syndicates.
How to fix it
You have a couple of choices here:
1. Ask your users to use an older version of FileZilla or another SFTP client that still supports Diffie-Hellman-Group1-SHA1. We don't recommend this option. Since you're using SFTP, that means you value the security of your data. It therefore makes no sense to continue using any component of it that could udermine its security functions.
2. Disable Diffie-Hellman-Group1-SHA1 on your server and only enable secure key exchange algorithms. If your server allows this, then this is the recommended option.
For those using JSCAPE MFT Server, we recommend you upgrade to the latest version. Older versions of JSCAPE MFT Server only support Diffie-Hellman-Group1-SHA1 and aren't capable of accepting other key exchange algorithms.
The latest version of JSCAPE MFT Server already supports multiple key exchange algorithms, including:
Note: For more information regarding diffie-hellman-group-exchange-sha1 and diffie-hellman-group-exchange-sha256, please refer to RFC 4419.
In addition, it offers the option to disable/enable algorithms. So, for example, you can choose to disable diffie-hellman-group1-sha1 and leave the rest enabled. You can do this by going to Services > SFTP/SCP tab > Algorithms > Key Exchanges tab.
Why not just select the strongest DH group and leave out the rest?
Well, if only all computers were created equal, then this would be the logical solution. Alas, there are fast computers and there are slow computers. As is the nature of cryptographic algorithms, a stronger DH group would require more processing power when generating keys. So, while higher diffie hellman groups can provide better security, the trade off would be a drop in processing speed.
If you're using JSCAPE MFT Server and your users are experiencing the problem discussed above, you may download the latest version of JSCAPE MFT Server from here: