Using the latest libssh 0.10.4 ssh_connect operation is failing at the key exchange step. Following is the log.
[2023/01/09 16:37:44.874356, 2] ssh_connect: libssh 0.10.4 (c) 2003-2022 Aris Adamantiadis, Andreas Schneider and libssh contributors. Distributed under the LGPL, please refer to COPYING file for information about your rights, using threading threads_winlock
[2023/01/09 16:37:44.881334, 3] getai: host x.x.x.x matches an IP address
[2023/01/09 16:37:44.885324, 2] ssh_socket_connect: Nonblocking connection socket: 512
[2023/01/09 16:37:44.887321, 2] ssh_connect: Socket connecting, now waiting for the callbacks to work
[2023/01/09 16:37:44.887903, 3] ssh_connect: Actual timeout : 10000
[2023/01/09 16:37:45.139544, 3] ssh_socket_pollcallback: Received POLLOUT in connecting state
[2023/01/09 16:37:45.140542, 1] socket_callback_connected: Socket connection callback: 1 (0)
[2023/01/09 16:37:45.140542, 3] ssh_socket_unbuffered_write: Enabling POLLOUT for socket
[2023/01/09 16:37:45.376008, 3] callback_receive_banner: Received banner: SSH-2.0-Cisco-1.25
[2023/01/09 16:37:45.377005, 2] ssh_client_connection_callback: SSH server banner: SSH-2.0-Cisco-1.25
[2023/01/09 16:37:45.377005, 2] ssh_analyze_banner: Analyzing banner: SSH-2.0-Cisco-1.25
[2023/01/09 16:37:45.390968, 3] ssh_client_select_hostkeys: Order of wanted host keys: "ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256"
[2023/01/09 16:37:45.391964, 1] ssh_known_hosts_read_entries: Failed to open the known_hosts file 'C:\Users\xxxxx/.ssh/known_hosts': No such file or directory
[2023/01/09 16:37:45.391964, 1] ssh_known_hosts_read_entries: Failed to open the known_hosts file '/etc/ssh/ssh_known_hosts': No such file or directory
[2023/01/09 16:37:45.391964, 3] ssh_client_select_hostkeys: No key found in known_hosts; changing host key method to "ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256"
[2023/01/09 16:37:45.391964, 3] ssh_socket_unbuffered_write: Enabling POLLOUT for socket
[2023/01/09 16:37:45.391964, 3] packet_send2: packet: wrote [type=20, len=852, padding_size=7, comp=844, payload=844]
[2023/01/09 16:37:45.392965, 3] ssh_send_kex: SSH_MSG_KEXINIT sent
[2023/01/09 16:37:45.626340, 3] ssh_packet_socket_callback: packet: read type 20 [len=308,padding=4,comp=303,payload=303]
[2023/01/09 16:37:45.627339, 3] ssh_packet_process: Dispatching handler for packet type 20
[2023/01/09 16:37:45.627339, 1] ssh_kex_select_methods: kex error : no match for method kex algos: server [diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1], client [curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256]
[2023/01/09 16:37:45.627339, 3] ssh_connect: current state : 9
Any idea about why it is failing? It connects with old libssh 0.9.4 and also via putty without any issues. I'm using the ssh.dll which I had compiled from source with openssl 1.1.1k. Did I miss selecting anything from CMake?
The problem is that the default set of enabled key exchange algorithms and host key algorithms no longer work with some old ssh servers. They can be enabled in the ssh run-time config file by setting the KexAlgorithms and HostKeyAlgorithms properties.
For example:
KexAlgorithms curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
HostKeyAlgorithms ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa
You could also add ,ssh-dss to the end of the HostKeyAlgorithms list, but you might not need it and it would probably only work if cmake was run with the -DWITH_DSA=ON option.