SFTP connection requires deprecated ssh-rsa (SHA-1) signature algorithm

taylorjp75 · Post by **taylorjp75** » Wed Feb 12, 2025 9:25 pm

I have a client using FTP Rush to connect to my SFTP server. We recently updated the server's cryptography configuration and found that FTP Rush was unable to connect.

Issue Details:
We updated our SFTP server to allow only the following secure signature algorithms:

rsa-sha2-256
rsa-sha2-512
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp512

After making this change, a client using FTP Rush encountered a protocol error and was unable to connect. We performed additional testing and found that re-enabling the deprecated ssh-rsa (SHA-1) signature algorithm allowed the connection to succeed.

Question:
Is this expected behavior? Does FTP Rush support rsa-sha2-256 or ecdsa signatures, or is ssh-rsa required for compatibility?

Post by **FTP** » Thu Feb 13, 2025 1:18 am

Yes, because old FTP Rush 2.x doesn't support those key exchange algorithms, maybe you can use FTP Rush 3.x instead: https://www.wftpserver.com/ftprush.htm

taylorjp75 · Post by **taylorjp75** » Fri Feb 14, 2025 7:22 pm

Hello,
Thank you for the reply. The client and our testing used the latest version, 3.5.8.

SFTP connection requires deprecated ssh-rsa (SHA-1) signature algorithm

SFTP connection requires deprecated ssh-rsa (SHA-1) signature algorithm

Re: SFTP connection requires deprecated ssh-rsa (SHA-1) signature algorithm

Re: SFTP connection requires deprecated ssh-rsa (SHA-1) signature algorithm