Download: Stable · Snapshot | Docs | Changes | Wishlist
The variant of Diffie-Hellman key exchange in which the server
sends a different prime modulus every time (known in SSH as 'group
exchange') was revised by RFC 4419 to change the format of the
SSH_MSG_KEX_DH_GEX_REQUEST message, and also its message
number. PuTTY didn't get round to supporting the revised message for
quite a long time, but as of 0.65 it will now do so.
As of 6.9, the OpenSSH server has removed support for these messages. It has backwards-compatibility code for old versions of PuTTY (where it disables group exchange), which also triggers for some PuTTY-derived clients, but probably not all of them. If for some reason the backwards-compatibility arrangements don't work, there'll be a message like kex protocol error: type 30 seq 1 [preauth] in the SSH server log.
As of 7.2, the OpenSSH server additionally rejects the old messages with an UNIMPLEMENTED response (bz#2494). If this happens to you (again, if the server's backward-compatibility measures don't fire), you can expect to see a message like "Disconnected: Server protocol violation: unexpected SSH2_MSG_UNIMPLEMENTED packet". (Servers from 6.9 through 7.1 did something less helpful.)