You’ll need to upgrade to the latest release, 1.10, which supports ed-25519 and ecdsa keys. The main branch also supports upgrading RSA key encryption if your sever supports it.
Will > On Apr 3, 2023, at 7:27 AM, Richard Beppel via libssh2-devel > <libssh2-devel@lists.haxx.se> wrote: > > Hi, > > I am working on a RHEL-7 system that uses libssh2 to perform file transfers > to a remote server. The current remote server uses the RHEL-7 OS and the file > transfers work as expected. However the remote server is being upgraded to > the RHEL-9 OS and must now operate in FIPS mode. > > Integration testing has uncovered an issue with the libssh2_session_handshake > function. When this function executes it fails. The log file in the remote > RHEL-9 server provides the following error message: > > > "Unable to negotiate with 192.168.1.130 port 54316: no matching host key type > found. Their offer: ssh-rsa,ssh-dss [preauth]" > > > The exchange is designed to happen with a public/private key pair. This key > pair has been established between the two system. This key pair has been > validated manually. For example, I can use the RHEL-7 command line to execute > an "ssh" command to login to the remote RHEL-9 server without entering a > password. I can also manually execute the "sftp" command to transfer a file > to the remote RHEL-9 server without entering a password. > > At this time the only way I can get the RHEL-7 client to transfer a file > using the libssh2 library is by altering the RHEL-9 server configuration to > the DEFAULT:SHA1 mode instead of the FIPS mode. However, this is not a viable > solution due to customer requirements. > > The RHEL-7 system is using the following libssh2 packages: > libssh2-devel-1.8.0-4.el7.x86_64 > libssh2-1.8.0-4.el7.x86_64 > Is there anyway to alter the behavior of the libssh2 handshake process to > send a host key type that is acceptable to the RHEL-9 server? > > Kind Regards > > Rick > > > -- > libssh2-devel mailing list > libssh2-devel@lists.haxx.se > https://lists.haxx.se/mailman/listinfo/libssh2-devel
-- libssh2-devel mailing list libssh2-devel@lists.haxx.se https://lists.haxx.se/mailman/listinfo/libssh2-devel
