Buy commercial curl support. We
help you work out your issues, debug your libcurl applications, use the API,
port to new platforms, add new features and more. With a team lead by the
curl founder Daniel himself.
Re: Unable to exchange encryption keys
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Jeffrey Walton via curl-users <curl-users_at_lists.haxx.se>
Date: Tue, 25 Nov 2025 11:10:00 -0500
On Tue, Nov 25, 2025 at 9:50 AM Werner Stolz via curl-users <
curl-users_at_lists.haxx.se> wrote:
> I have made a tiny bit of progress.
>
>
>
> For this particular file transfer partner, I can log in manually using the
> sftp command if I use the following command line option: -o
> HostKeyAlgorithms=+ssh-dss
>
>
You should have two (maybe three) keys nowadays. The first two are ed25519
and ecdsa keys. They should work just about everywhere. The third key is
a RSA key to connect to old SSH servers. If you don't connect to old
servers, then don't have a RSA key.
You should not be using DSS keys. They were deprecated about 10 years ago
in OpenSSH 7.0 (2015-08-11). From <
https://www.openssh.org/releasenotes.html>:
* Support for ssh-dss, ssh-dss-cert-* host and user keys is disabled
by default at run-time. These may be re-enabled using the
instructions at http://www.openssh.com/legacy.html
> This actually confuses me even more, because I am already using the ‘-k’
> option on the curl command line, which has always allowed
> this to work in the past.
>
>
>
> Also, when I remove the ‘-k’ option from curl, I get a different error
> message:
>
>
>
> * Unknown host key type: 3932160
>
> * closing connection #0
>
> curl: (79) Unknown host key type: 3932160
>
>
>
> It almost seems like someone broke the ‘-k’ option in this version of
> curl. Which seems unlikely, at the least.
>
Date: Tue, 25 Nov 2025 11:10:00 -0500
On Tue, Nov 25, 2025 at 9:50 AM Werner Stolz via curl-users <
curl-users_at_lists.haxx.se> wrote:
> I have made a tiny bit of progress.
>
>
>
> For this particular file transfer partner, I can log in manually using the
> sftp command if I use the following command line option: -o
> HostKeyAlgorithms=+ssh-dss
>
>
You should have two (maybe three) keys nowadays. The first two are ed25519
and ecdsa keys. They should work just about everywhere. The third key is
a RSA key to connect to old SSH servers. If you don't connect to old
servers, then don't have a RSA key.
You should not be using DSS keys. They were deprecated about 10 years ago
in OpenSSH 7.0 (2015-08-11). From <
https://www.openssh.org/releasenotes.html>:
* Support for ssh-dss, ssh-dss-cert-* host and user keys is disabled
by default at run-time. These may be re-enabled using the
instructions at http://www.openssh.com/legacy.html
> This actually confuses me even more, because I am already using the ‘-k’
> option on the curl command line, which has always allowed
> this to work in the past.
>
>
>
> Also, when I remove the ‘-k’ option from curl, I get a different error
> message:
>
>
>
> * Unknown host key type: 3932160
>
> * closing connection #0
>
> curl: (79) Unknown host key type: 3932160
>
>
>
> It almost seems like someone broke the ‘-k’ option in this version of
> curl. Which seems unlikely, at the least.
>
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2025-11-25