I have made a tiny bit of progress. For this particular file transfer partner, I can log in manually using the sftp command if I use the following command line option: -o HostKeyAlgorithms=+ssh-dss
This actually confuses me even more, because I am already using the ‘-k’ option on the curl command line, which has always allowed this to work in the past. Also, when I remove the ‘-k’ option from curl, I get a different error message: * Unknown host key type: 3932160 * closing connection #0 curl: (79) Unknown host key type: 3932160 It almost seems like someone broke the ‘-k’ option in this version of curl. Which seems unlikely, at the least. [A black and pink logo Description automatically generated] Werner Stolz Advisor, Senior Software Developer Office: 848.305.7158 Mobile: 630.404.3815 Chicago InvestCloud.com<https://www.investcloud.com/> | LinkedIn<https://www.linkedin.com/company/investcloud/> CNBC World’s Top Fintech Companies 2024 From: Bastian Jesuiter <[email protected]> Sent: Monday, November 24, 2025 11:56 PM To: curl-users - the curl tool <[email protected]> Subject: Re: Unable to exchange encryption keys Hi, I can also improve on that answer. Check your targets sshd config. In the config file you can find exactly which encryption keys are allowed by the server. You could also try and see with ssh -vvv what encryption keys your ssh offers, and what the target server will allow. Most likely libssh is offering keys which are disabled by the target. I do remember that there were (recent == 1y+) some ssh exploits. To combat those, the fix was to reduce the number of allowed encryption keys, as only some of the keys were flawed. Potentially this is also affecting you. Bastian On Mon, 24 Nov 2025, 23:17 Daniel Stenberg via curl-users, <[email protected]<mailto:[email protected]>> wrote: On Mon, 24 Nov 2025, Werner Stolz via curl-users wrote: > We first encountered this error in 2022, and the only suggestion was to > upgrade our version of curl. We have now done that, and the problem > actually seems WORSE. As you're using SFTP, I think this problem is within libssh2 and that a curl update does almost nothing for improving this case. > * libssh2 cryptography backend: openssl compatible > * User: USER > * Failure establishing ssh session: -5, Unable to exchange encryption keys > * closing connection #0 > curl: (2) Failure establishing ssh session: -5, Unable to exchange encryption > keys This is libssh2 returning an error when it fails to establish an SSH session with the server. libssh2 is an understaffed and resource drained project. I propose you roll up your sleeves and do some debugging of your own, and maybe check with other libssh2 users if they have seen something similar. -- / daniel.haxx.se<http://daniel.haxx.se> || https://rock-solid.curl.dev -- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users Etiquette: https://curl.se/mail/etiquette.html ________________________________ Electronic Privacy Notice. This e-mail, and any attachments, contains information that is, or may be, covered by electronic communications privacy laws, and is also confidential and proprietary in nature. If you are not the intended recipient, please be advised that you are legally prohibited from retaining, using, copying, distributing, or otherwise disclosing this information in any manner. Instead, please reply to the sender that you have received this communication in error, and then immediately delete it. Thank you in advance for your cooperation. ________________________________
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users Etiquette: https://curl.se/mail/etiquette.html
