I am working with hardware devices which supports SFTP protocol for file transfer. for that i have created SFTP server in AWS transfer family.
The issue i am facing is that device does not support any cryptographic algorithm that is supported by AWS transfer family
Due to that i am getting following error
ERRORS KEX_FAILURE Message="no matching key exchange method found" Kex=diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 SourceIP=121.244.200.210
Algorithms which are supported by the instrument :
Key Exchange Algorithms (Kex_Algorithms) diffie-hellman-group1-sha1 ssh-rsa Cipher 3des-cbc MAC hmac-md5
These are deprecated set of cryptographic algorithm which is not supported by AWS transfer family. https://docs.aws.amazon.com/transfer/latest/userguide/security-policies.html
Also currently there is no way to upgrade the device to change the cryptographic algorithm
what alternative do i have for making the connection.
You could consider a standalone SFTP server that supports deprecated ciphers, and install it on a dedicated EC2 instance.
Check this out https://zappysys.com/forums/topic/ciphers-algorithms-supported-sftp-connection/ I think it matches your device cryptos. It may not be HIPAA approved set-up would be my concern, should you be subject to that.
Perhaps you can add compensating controls like a VPN endpoint and you could tunnel deprecated protocols though it. This would provide better security for data in transit, as 3DES is considered a weak cipher. For a security analysis see https://crypto.stackexchange.com/questions/51629/is-triple-des-still-considered-safe-to-use