Hi, I am working on a RHEL-7 system that uses libssh2 to perform file transfers to a remote server. The current remote server uses the RHEL-7 OS and the file transfers work as expected. However the remote server is being upgraded to the RHEL-9 OS and must now operate in FIPS mode. Integration testing has uncovered an issue with the libssh2_session_handshake function. When this function executes it fails. The log file in the remote RHEL-9 server provides the following error message:
"Unable to negotiate with 192.168.1.130 port 54316: no matching host key type found. Their offer: ssh-rsa,ssh-dss [preauth]" The exchange is designed to happen with a public/private key pair. This key pair has been established between the two system. This key pair has been validated manually. For example, I can use the RHEL-7 command line to execute an "ssh" command to login to the remote RHEL-9 server without entering a password. I can also manually execute the "sftp" command to transfer a file to the remote RHEL-9 server without entering a password. At this time the only way I can get the RHEL-7 client to transfer a file using the libssh2 library is by altering the RHEL-9 server configuration to the DEFAULT:SHA1 mode instead of the FIPS mode. However, this is not a viable solution due to customer requirements. The RHEL-7 system is using the following libssh2 packages: - libssh2-devel-1.8.0-4.el7.x86_64 - libssh2-1.8.0-4.el7.x86_64 Is there anyway to alter the behavior of the libssh2 handshake process to send a host key type that is acceptable to the RHEL-9 server? Kind Regards Rick
-- libssh2-devel mailing list libssh2-devel@lists.haxx.se https://lists.haxx.se/mailman/listinfo/libssh2-devel
