Buy commercial curl support. We
help you work out your issues, debug your libcurl applications, use the API,
port to new platforms, add new features and more. With a team lead by the
curl founder Daniel himself.
Re: Unable to exchange encryption keys
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Bastian Jesuiter via curl-users <curl-users_at_lists.haxx.se>
Date: Tue, 25 Nov 2025 06:56:10 +0100
Hi,
I can also improve on that answer.
Check your targets sshd config.
In the config file you can find exactly which encryption keys are allowed
by the server.
You could also try and see with ssh -vvv what encryption keys your ssh
offers, and what the target server will allow.
Most likely libssh is offering keys which are disabled by the target.
I do remember that there were (recent == 1y+) some ssh exploits. To combat
those, the fix was to reduce the number of allowed encryption keys, as only
some of the keys were flawed.
Potentially this is also affecting you.
Bastian
On Mon, 24 Nov 2025, 23:17 Daniel Stenberg via curl-users, <
curl-users_at_lists.haxx.se> wrote:
> On Mon, 24 Nov 2025, Werner Stolz via curl-users wrote:
>
> > We first encountered this error in 2022, and the only suggestion was to
> > upgrade our version of curl. We have now done that, and the problem
> > actually seems WORSE.
>
> As you're using SFTP, I think this problem is within libssh2 and that a
> curl
> update does almost nothing for improving this case.
>
> > * libssh2 cryptography backend: openssl compatible
> > * User: USER
> > * Failure establishing ssh session: -5, Unable to exchange encryption
> keys
> > * closing connection #0
> > curl: (2) Failure establishing ssh session: -5, Unable to exchange
> encryption keys
>
> This is libssh2 returning an error when it fails to establish an SSH
> session
> with the server.
>
> libssh2 is an understaffed and resource drained project. I propose you
> roll up
> your sleeves and do some debugging of your own, and maybe check with other
> libssh2 users if they have seen something similar.
>
> --
>
> / daniel.haxx.se || https://rock-solid.curl.dev
> --
> Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users
> Etiquette: https://curl.se/mail/etiquette.html
>
Date: Tue, 25 Nov 2025 06:56:10 +0100
Hi,
I can also improve on that answer.
Check your targets sshd config.
In the config file you can find exactly which encryption keys are allowed
by the server.
You could also try and see with ssh -vvv what encryption keys your ssh
offers, and what the target server will allow.
Most likely libssh is offering keys which are disabled by the target.
I do remember that there were (recent == 1y+) some ssh exploits. To combat
those, the fix was to reduce the number of allowed encryption keys, as only
some of the keys were flawed.
Potentially this is also affecting you.
Bastian
On Mon, 24 Nov 2025, 23:17 Daniel Stenberg via curl-users, <
curl-users_at_lists.haxx.se> wrote:
> On Mon, 24 Nov 2025, Werner Stolz via curl-users wrote:
>
> > We first encountered this error in 2022, and the only suggestion was to
> > upgrade our version of curl. We have now done that, and the problem
> > actually seems WORSE.
>
> As you're using SFTP, I think this problem is within libssh2 and that a
> curl
> update does almost nothing for improving this case.
>
> > * libssh2 cryptography backend: openssl compatible
> > * User: USER
> > * Failure establishing ssh session: -5, Unable to exchange encryption
> keys
> > * closing connection #0
> > curl: (2) Failure establishing ssh session: -5, Unable to exchange
> encryption keys
>
> This is libssh2 returning an error when it fails to establish an SSH
> session
> with the server.
>
> libssh2 is an understaffed and resource drained project. I propose you
> roll up
> your sleeves and do some debugging of your own, and maybe check with other
> libssh2 users if they have seen something similar.
>
> --
>
> / daniel.haxx.se || https://rock-solid.curl.dev
> --
> Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users
> Etiquette: https://curl.se/mail/etiquette.html
>
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2025-11-25