SCP - Server unexpectly closed network connection

When attempting to open a tunnel-ed SCP protocol connection, starting with WinSCP 6.4.2 Beta, I immediately receive a "Server unexpectly closed network connection".

I can successfully connect with previous version of WinSCP, I can also connect on the latest version of WinSCP, if I change the Protocol to SFTP (but would highly prefer to have SCP working again).

Tested on the following Portable versions:

6.3.1 | works
6.3.7 | works
6.4.0 (beta) | works
6.4.1 (beta) | works
6.4.2 (beta) | does not work
6.4.3 | does not work
6.5.1 | does not work
6.5.2 | does not work

Attached some logs of the attempts on both 6.4.1 (working) and 6.4.2 (not working)

I even tried compiling the WinSCP 6.4.2 Beta version to attempt to add additional debugging messages, but I'll be damned if I am paying $2400 to simply compile WinSCP (...and yes, I even tried with the latest Community Version 23.0 and ran into compatibility issues while compiling)

Possibly the same issue as here:
WinSCP fails SSH connection due to "Unsupported" Key exchange algorithm
The same SSH server ("dropbear").

I have added this issue to the tracker:
Issue 2388 – Dropbear SSH server on some devices rejects connection – possibly due to new KEX algorithms

Thanks for taking a look! Glad to see that you may think that you have a potential solution :)

P.S. Any chance of moving away from needing to use that specific compiler? I would think it could help better maintain things from a long term perspective.

I'm just moving to a new compiler. But I do not think the compiler is the problem. It's rather the IDE/libraries used. And that's unlikely to change any time soon, sorry.

Apologies, I guess I was lumping the IDE and the Compiler into one, if the Object Pascal programming language is still needing to be used, that is somewhat unfortunate... (due to the costs required), but I guess somewhat understandable.

I noticed that the Issue 2388 – Dropbear SSH server on some devices rejects connection – possibly due to new KEX algorithms, doesn't appear to have a lot of movement... is it still being considered to be resolved?

@SocraticBliss: I believe that this is primarily server-side problem. So it should be resolved on Dropbear side. A workaround on WinSCP side is possible, but only if there's sufficient demand – what is not the case atm. Sorry.

Ok understood, I will let the users know that they should continue to use WinSCP v6.3.1/7 if they want to connect.

Thanks!

I have an update on this issue!

After additional troubleshooting, I found the likely reason why it seems to be working in the older releases...

By default, the Diffie-Hellman group 1 (1024 bit) option is within the --warn below here-- section, then at the Security warning popup, the end user can select Yes and it successfully connects, with the newer versions, the Yes selection on the popup... does not seem to be enough to allow WinSCP to connect.

However... if you move the Diffie-Hellman group 1 (1024 bit) option above the --warn below here-- section and above the Diffie-Hellman group exchange option, it is able to connect without issue!

Would it be possible to still allow the connection if the end user accepts the Security Warning popup?

(Basically, I am trying to have the connection work without the end user needing to go into the settings and moving the Diffie-Hellman group 1 (1024 bit) option, having it work the same way as in previous WinSCP versions.)

Thanks in advance :)