Buy commercial curl support. We
help you work out your issues, debug your libcurl applications, use the API,
port to new platforms, add new features and more. With a team lead by the
curl founder Daniel himself.
RE: Unable to exchange encryption keys
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Werner Stolz via curl-users <curl-users_at_lists.haxx.se>
Date: Tue, 25 Nov 2025 14:50:00 +0000
I have made a tiny bit of progress.
For this particular file transfer partner, I can log in manually using the sftp command if I use the following command line option: -o HostKeyAlgorithms=+ssh-dss
This actually confuses me even more, because I am already using the ‘-k’ option on the curl command line, which has always allowed
this to work in the past.
Also, when I remove the ‘-k’ option from curl, I get a different error message:
* Unknown host key type: 3932160
* closing connection #0
curl: (79) Unknown host key type: 3932160
It almost seems like someone broke the ‘-k’ option in this version of curl. Which seems unlikely, at the least.
[A black and pink logo Description automatically generated]
Werner Stolz
Advisor, Senior Software Developer
Office: 848.305.7158
Mobile: 630.404.3815
Chicago
InvestCloud.com<https://www.investcloud.com/> | LinkedIn<https://www.linkedin.com/company/investcloud/>
CNBC World’s Top Fintech Companies 2024
From: Bastian Jesuiter <bastian.jesuiter_at_gmail.com>
Sent: Monday, November 24, 2025 11:56 PM
To: curl-users - the curl tool <curl-users_at_lists.haxx.se>
Subject: Re: Unable to exchange encryption keys
Hi,
I can also improve on that answer.
Check your targets sshd config.
In the config file you can find exactly which encryption keys are allowed by the server.
You could also try and see with ssh -vvv what encryption keys your ssh offers, and what the target server will allow.
Most likely libssh is offering keys which are disabled by the target.
I do remember that there were (recent == 1y+) some ssh exploits. To combat those, the fix was to reduce the number of allowed encryption keys, as only some of the keys were flawed.
Potentially this is also affecting you.
Bastian
On Mon, 24 Nov 2025, 23:17 Daniel Stenberg via curl-users, <curl-users_at_lists.haxx.se<mailto:curl-users_at_lists.haxx.se>> wrote:
On Mon, 24 Nov 2025, Werner Stolz via curl-users wrote:
> We first encountered this error in 2022, and the only suggestion was to
> upgrade our version of curl. We have now done that, and the problem
> actually seems WORSE.
As you're using SFTP, I think this problem is within libssh2 and that a curl
update does almost nothing for improving this case.
> * libssh2 cryptography backend: openssl compatible
> * User: USER
> * Failure establishing ssh session: -5, Unable to exchange encryption keys
> * closing connection #0
> curl: (2) Failure establishing ssh session: -5, Unable to exchange encryption keys
This is libssh2 returning an error when it fails to establish an SSH session
with the server.
libssh2 is an understaffed and resource drained project. I propose you roll up
your sleeves and do some debugging of your own, and maybe check with other
libssh2 users if they have seen something similar.
--
/ daniel.haxx.se<http://daniel.haxx.se> || https://rock-solid.curl.dev
--
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users
Etiquette: https://curl.se/mail/etiquette.html
________________________________
Electronic Privacy Notice. This e-mail, and any attachments, contains information that is, or may be, covered by electronic communications privacy laws, and is also confidential and proprietary in nature. If you are not the intended recipient, please be advised that you are legally prohibited from retaining, using, copying, distributing, or otherwise disclosing this information in any manner. Instead, please reply to the sender that you have received this communication in error, and then immediately delete it. Thank you in advance for your cooperation.
________________________________
Received on 2025-11-25
Date: Tue, 25 Nov 2025 14:50:00 +0000
I have made a tiny bit of progress.
For this particular file transfer partner, I can log in manually using the sftp command if I use the following command line option: -o HostKeyAlgorithms=+ssh-dss
This actually confuses me even more, because I am already using the ‘-k’ option on the curl command line, which has always allowed
this to work in the past.
Also, when I remove the ‘-k’ option from curl, I get a different error message:
* Unknown host key type: 3932160
* closing connection #0
curl: (79) Unknown host key type: 3932160
It almost seems like someone broke the ‘-k’ option in this version of curl. Which seems unlikely, at the least.
[A black and pink logo Description automatically generated]
Werner Stolz
Advisor, Senior Software Developer
Office: 848.305.7158
Mobile: 630.404.3815
Chicago
InvestCloud.com<https://www.investcloud.com/> | LinkedIn<https://www.linkedin.com/company/investcloud/>
CNBC World’s Top Fintech Companies 2024
From: Bastian Jesuiter <bastian.jesuiter_at_gmail.com>
Sent: Monday, November 24, 2025 11:56 PM
To: curl-users - the curl tool <curl-users_at_lists.haxx.se>
Subject: Re: Unable to exchange encryption keys
Hi,
I can also improve on that answer.
Check your targets sshd config.
In the config file you can find exactly which encryption keys are allowed by the server.
You could also try and see with ssh -vvv what encryption keys your ssh offers, and what the target server will allow.
Most likely libssh is offering keys which are disabled by the target.
I do remember that there were (recent == 1y+) some ssh exploits. To combat those, the fix was to reduce the number of allowed encryption keys, as only some of the keys were flawed.
Potentially this is also affecting you.
Bastian
On Mon, 24 Nov 2025, 23:17 Daniel Stenberg via curl-users, <curl-users_at_lists.haxx.se<mailto:curl-users_at_lists.haxx.se>> wrote:
On Mon, 24 Nov 2025, Werner Stolz via curl-users wrote:
> We first encountered this error in 2022, and the only suggestion was to
> upgrade our version of curl. We have now done that, and the problem
> actually seems WORSE.
As you're using SFTP, I think this problem is within libssh2 and that a curl
update does almost nothing for improving this case.
> * libssh2 cryptography backend: openssl compatible
> * User: USER
> * Failure establishing ssh session: -5, Unable to exchange encryption keys
> * closing connection #0
> curl: (2) Failure establishing ssh session: -5, Unable to exchange encryption keys
This is libssh2 returning an error when it fails to establish an SSH session
with the server.
libssh2 is an understaffed and resource drained project. I propose you roll up
your sleeves and do some debugging of your own, and maybe check with other
libssh2 users if they have seen something similar.
--
/ daniel.haxx.se<http://daniel.haxx.se> || https://rock-solid.curl.dev
--
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users
Etiquette: https://curl.se/mail/etiquette.html
________________________________
Electronic Privacy Notice. This e-mail, and any attachments, contains information that is, or may be, covered by electronic communications privacy laws, and is also confidential and proprietary in nature. If you are not the intended recipient, please be advised that you are legally prohibited from retaining, using, copying, distributing, or otherwise disclosing this information in any manner. Instead, please reply to the sender that you have received this communication in error, and then immediately delete it. Thank you in advance for your cooperation.
________________________________
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users Etiquette: https://curl.se/mail/etiquette.html
(image/png attachment: image001.png)