Sometimes I work with very old IT server infrastructure, but this should not be the topic of today. We focus on the client side today, where it happens from time to time that companies and people from various fields, such as old client software based on Java 5, 6, 7, or 8, are bound to this kind of legacy for other reasons.
As an operator of services such as SFTP, this really is not ideal. You either have to exclude such clients to maintain an up-to-date server infrastructure, or include them and provide some form of backwards compatibility.
To test that compatibility, you would need to either have all clients available that your peers use or at least be able to simulate them. I happened to have issues with clients that require, by nowadays’ standards, very short Diffie-Hellman parameters to be supplied by the server. Java 5, 6, 7, 8 are limited to 1024 bit of length.
Now, either I set up some random old Java-based SFTP client (if I were to get hold of it), or I would have to simulate in another way. My hacky approach follows:
# Install deps and pull things
apt install git unzip autoconf
git clone https://github.com/openssh/openssh-portable.git
cd openssh-portable
wget https://coders-home.de/wp-content/uploads/2026/04/1024.patch_.txt.zip
unzip 1024.patch_.txt.zip
# Apply patch for 1024 bit keys (use git diff if you would like to see what changes in colour)
git apply 1024.patch.txt
# Configure and compile
autoreconf
./configure
make -j 12
# Run
./sftp -S ./ssh -vvv -oKexAlgorithms=diffie-hellman-group-exchange-sha1 user@example.com
# Cleanup
make clean
This is simple and quick, but not super sophisticated. Feel free to leave a comment if this helped you debug your server infrastructure without having the actual client software at hand.
Leave a Reply