curl / Mailing Lists / curl-users / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Possibility to specify preferred host key algorithms

From: hannes via curl-users <>
Date: Fri, 16 Aug 2019 13:47:58 +0000

In OpenSSH there exists the possibility to use the HostKeyAlgorithms option to specify which host key algorithms to use. When using curl/libcurl together with libssh2, there is however no counterpart to this option.

In a situation where curl is used with the --hostpubmd5 argument to communicate with a server (or libcurl, setting the CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 option) with for example one rsa key and one ecdsa key, the user of curl can not influence which key is actually used.

This might causes a problem when using the latest version of libssh2, since it allows more types of keys than before. It could be the case that a user expects an md5 fingerprint of an rsa key to be accepted, but now an ecdsa key is used instead, causing a mismatch.

With an option of setting a preferred host key algorithm, this problem could be avoided. Could this be a reasonable feature for curl/libcurl (and possibly libssh2)?

Received on 2019-08-16