Hello, Due to some known vulnerabilities with various weak ciphers and algorithms, we have removed them from our FTP software today, but this had the side effect of breaking our SFTP sensors. Are you perhaps using an older OpenSSH library than our FTP software? Ours uses OpenSSH 126.96.36.199. Do you have any way for us to add more cipher options to this sensor? For now, we have had to re-enable a weak KEX cipher to make the sensor work again, but this is not a long term fix. I find it troubling that you support older, weak Diffie-Hellman KEX algorithms, but not newer, secure ones. It might give someone the impression that your company doesn't care about security. =)
Failed to connect. Please check the SSH log of the target device or try the Compatibility Mode of the sensor's SSH engine and consider updating the target system's operating system. Reason: ssh_connect failed (-1)kex error : no match for method kex algos: server [ diffie-hellman-group16-sha512, diffie-hellman-group14-sha256, diffie-hellman-group-exchange-sha256], client [ [email protected], ecdh-sha2-nistp256, diffie-hellman-group1-sha1, diffie-hellman-group14-sha1]
We are using PRTG 188.8.131.529+ I didn't see anything in the patch notes about updated KEX algorithms, so I didn't update yet. Let me know if there is an undocumented change on this perhaps.