Subject: Re: Failed to exchange encryption keys when connect to Debian

Re: Failed to exchange encryption keys when connect to Debian

From: Moti Avrahami via libssh2-devel <libssh2-devel_at_cool.haxx.se>
Date: Tue, 13 Jun 2017 14:05:16 +0300

On Tue, Jun 28, 2016 at 12:34 PM, Moti Avrahami <moti.dp_at_gmail.com> wrote:

> Hi,
>
>
>
> I failed to connect to the SFTP server – SSH-2.0-OpenSSH_6.0p1
> Debian-4+deb7u4.
>
> I am using curl.exe (7.47.1) with libssh2 (1.7.0) and openSSL (0.9.8) and
> get the error:
>
> [libssh2] 0.506250 Failure Event: -5 - Unable to exchange encryption keys
>
> * Failure establishing ssh session
>
>
>
> Do you know what can be the cause?
>
> Maybe this doesn’t support the libssh2 algorithms?
>
>
>
> Thanks,
>
> Moti
>
>
>
> By the way, this is the full trace:
>
> [libssh2] 0.459375 Conn: Setting blocking mode OFF
>
> [libssh2] 0.459375 Transport: session_startup for socket 156
>
> [libssh2] 0.459375 Transport: Sending Banner: SSH-2.0-libssh2_1.7.0
>
> [libssh2] 0.459375 Socket: Sent 23/23 bytes at 004DA6C0+0
>
> [libssh2] 0.537500 Socket: Recved 1 bytes banner
>
> [libssh2] 0.537500 Socket: Recved 1 bytes banner
>
> [libssh2] 0.537500 Socket: Recved 1 bytes banner
>
> [libssh2] 0.537500 Socket: Recved 1 bytes banner
>
> [libssh2] 0.537500 Socket: Recved 1 bytes banner
>
> [libssh2] 0.537500 Socket: Recved 1 bytes banner
>
> [libssh2] 0.537500 Socket: Recved 1 bytes banner
>
> [libssh2] 0.537500 Socket: Recved 1 bytes banner
>
> [libssh2] 0.537500 Socket: Recved 1 bytes banner
>
> [libssh2] 0.537500 Socket: Recved 1 bytes banner
>
> [libssh2] 0.537500 Socket: Recved 1 bytes banner
>
> [libssh2] 0.537500 Socket: Recved 1 bytes banner
>
> [libssh2] 0.537500 Socket: Recved 1 bytes banner
>
> [libssh2] 0.537500 Socket: Recved 1 bytes banner
>
> [libssh2] 0.537500 Socket: Recved 1 bytes banner
>
> [libssh2] 0.537500 Socket: Recved 1 bytes banner
>
> [libssh2] 0.537500 Socket: Recved 1 bytes banner
>
> [libssh2] 0.537500 Socket: Recved 1 bytes banner
>
> [libssh2] 0.537500 Socket: Recved 1 bytes banner
>
> [libssh2] 0.537500 Socket: Recved 1 bytes banner
>
> [libssh2] 0.537500 Socket: Recved 1 bytes banner
>
> [libssh2] 0.537500 Socket: Recved 1 bytes banner
>
> [libssh2] 0.537500 Socket: Recved 1 bytes banner
>
> [libssh2] 0.537500 Socket: Recved 1 bytes banner
>
> [libssh2] 0.537500 Socket: Recved 1 bytes banner
>
> [libssh2] 0.537500 Socket: Recved 1 bytes banner
>
> [libssh2] 0.537500 Socket: Recved 1 bytes banner
>
> [libssh2] 0.537500 Socket: Recved 1 bytes banner
>
> [libssh2] 0.537500 Socket: Recved 1 bytes banner
>
> [libssh2] 0.537500 Socket: Recved 1 bytes banner
>
> [libssh2] 0.537500 Socket: Recved 1 bytes banner
>
> [libssh2] 0.537500 Socket: Recved 1 bytes banner
>
> [libssh2] 0.537500 Socket: Recved 1 bytes banner
>
> [libssh2] 0.537500 Socket: Recved 1 bytes banner
>
> [libssh2] 0.537500 Socket: Recved 1 bytes banner
>
> [libssh2] 0.537500 Socket: Recved 1 bytes banner
>
> [libssh2] 0.537500 Socket: Recved 1 bytes banner
>
> [libssh2] 0.537500 Socket: Recved 1 bytes banner
>
> [libssh2] 0.537500 Socket: Recved 1 bytes banner
>
> [libssh2] 0.537500 Transport: Received Banner: SSH-2.0-OpenSSH_6.0p1
> Debian-4+deb7u4
>
> [libssh2] 0.615625 Key Ex: Sent KEX: diffie-hellman-group-exchange-
> sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-
> group14-sha1,diffie-hellman-group1-sha1
>
> [libssh2] 0.615625 Key Ex: Sent HOSTKEY: ssh-rsa,ssh-dss
>
> [libssh2] 0.615625 Key Ex: Sent CRYPT_CS: aes256-cbc,rijndael-cbc@
> lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,
> arcfour128,arcfour,cast128-cbc,3des-cbc
>
> [libssh2] 0.615625 Key Ex: Sent CRYPT_SC: aes256-cbc,rijndael-cbc@
> lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,
> arcfour128,arcfour,cast128-cbc,3des-cbc
>
> [libssh2] 0.615625 Key Ex: Sent MAC_CS: hmac-sha2-256,hmac-sha2-512,
> hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@
> openssh.com
>
> [libssh2] 0.615625 Key Ex: Sent MAC_SC: hmac-sha2-256,hmac-sha2-512,
> hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@
> openssh.com
>
> [libssh2] 0.615625 Key Ex: Sent COMP_CS: none
>
> [libssh2] 0.615625 Key Ex: Sent COMP_SC: none
>
> [libssh2] 0.615625 Key Ex: Sent LANG_CS:
>
> [libssh2] 0.615625 Key Ex: Sent LANG_SC:
>
> => libssh2_transport_write plain (663 bytes)
>
> 0000: 14 30 B0 BB FA 02 DA BC 09 75 DA 15 A5 20 E6 B2 : .0°»ת..¼
> u..¥ ז²
>
> 0010: 80 00 00 00 7E 64 69 66 66 69 65 2D 68 65 6C 6C : ....~diffie-hell
>
> 0020: 6D 61 6E 2D 67 72 6F 75 70 2D 65 78 63 68 61 6E : man-group-exchan
>
> 0030: 67 65 2D 73 68 61 32 35 36 2C 64 69 66 66 69 65 : ge-sha256,diffie
>
> 0040: 2D 68 65 6C 6C 6D 61 6E 2D 67 72 6F 75 70 2D 65 : -hellman-group-e
>
> 0050: 78 63 68 61 6E 67 65 2D 73 68 61 31 2C 64 69 66 : xchange-sha1,dif
>
> 0060: 66 69 65 2D 68 65 6C 6C 6D 61 6E 2D 67 72 6F 75 : fie-hellman-grou
>
> 0070: 70 31 34 2D 73 68 61 31 2C 64 69 66 66 69 65 2D : p14-sha1,diffie-
>
> 0080: 68 65 6C 6C 6D 61 6E 2D 67 72 6F 75 70 31 2D 73 : hellman-group1-s
>
> 0090: 68 61 31 00 00 00 0F 73 73 68 2D 72 73 61 2C 73 : ha1....ssh-rsa,s
>
> 00a0: 73 68 2D 64 73 73 00 00 00 71 61 65 73 32 35 36 : sh-dss...qaes256
>
> 00b0: 2D 63 62 63 2C 72 69 6A 6E 64 61 65 6C 2D 63 62 : -cbc,rijndael-cb
>
> 00c0: 63 40 6C 79 73 61 74 6F 72 2E 6C 69 75 2E 73 65 : c_at_lysator.liu.se
>
> 00d0: 2C 61 65 73 31 39 32 2D 63 62 63 2C 61 65 73 31 : ,aes192-cbc,aes1
>
> 00e0: 32 38 2D 63 62 63 2C 62 6C 6F 77 66 69 73 68 2D : 28-cbc,blowfish-
>
> 00f0: 63 62 63 2C 61 72 63 66 6F 75 72 31 32 38 2C 61 : cbc,arcfour128,a
>
> 0100: 72 63 66 6F 75 72 2C 63 61 73 74 31 32 38 2D 63 : rcfour,cast128-c
>
> 0110: 62 63 2C 33 64 65 73 2D 63 62 63 00 00 00 71 61 : bc,3des-cbc...qa
>
> 0120: 65 73 32 35 36 2D 63 62 63 2C 72 69 6A 6E 64 61 : es256-cbc,rijnda
>
> 0130: 65 6C 2D 63 62 63 40 6C 79 73 61 74 6F 72 2E 6C : el-cbc_at_lysator.l
>
> 0140: 69 75 2E 73 65 2C 61 65 73 31 39 32 2D 63 62 63 : iu.se,aes192-cbc
>
> 0150: 2C 61 65 73 31 32 38 2D 63 62 63 2C 62 6C 6F 77 : ,aes128-cbc,blow
>
> 0160: 66 69 73 68 2D 63 62 63 2C 61 72 63 66 6F 75 72 : fish-cbc,arcfour
>
> 0170: 31 32 38 2C 61 72 63 66 6F 75 72 2C 63 61 73 74 : 128,arcfour,cast
>
> 0180: 31 32 38 2D 63 62 63 2C 33 64 65 73 2D 63 62 63 : 128-cbc,3des-cbc
>
> 0190: 00 00 00 71 68 6D 61 63 2D 73 68 61 32 2D 32 35 : ...qhmac-sha2-25
>
> 01a0: 36 2C 68 6D 61 63 2D 73 68 61 32 2D 35 31 32 2C : 6,hmac-sha2-512,
>
> 01b0: 68 6D 61 63 2D 73 68 61 31 2C 68 6D 61 63 2D 73 : hmac-sha1,hmac-s
>
> 01c0: 68 61 31 2D 39 36 2C 68 6D 61 63 2D 6D 64 35 2C : ha1-96,hmac-md5,
>
> 01d0: 68 6D 61 63 2D 6D 64 35 2D 39 36 2C 68 6D 61 63 : hmac-md5-96,hmac
>
> 01e0: 2D 72 69 70 65 6D 64 31 36 30 2C 68 6D 61 63 2D : -ripemd160,hmac-
>
> 01f0: 72 69 70 65 6D 64 31 36 30 40 6F 70 65 6E 73 73 : ripemd160_at_openss
>
> 0200: 68 2E 63 6F 6D 00 00 00 71 68 6D 61 63 2D 73 68 : h.com...qhmac-sh
>
> 0210: 61 32 2D 32 35 36 2C 68 6D 61 63 2D 73 68 61 32 : a2-256,hmac-sha2
>
> 0220: 2D 35 31 32 2C 68 6D 61 63 2D 73 68 61 31 2C 68 : -512,hmac-sha1,h
>
> 0230: 6D 61 63 2D 73 68 61 31 2D 39 36 2C 68 6D 61 63 : mac-sha1-96,hmac
>
> 0240: 2D 6D 64 35 2C 68 6D 61 63 2D 6D 64 35 2D 39 36 : -md5,hmac-md5-96
>
> 0250: 2C 68 6D 61 63 2D 72 69 70 65 6D 64 31 36 30 2C : ,hmac-ripemd160,
>
> 0260: 68 6D 61 63 2D 72 69 70 65 6D 64 31 36 30 40 6F : hmac-ripemd160_at_o
>
> 0270: 70 65 6E 73 73 68 2E 63 6F 6D 00 00 00 04 6E 6F : penssh.com....no
>
> 0280: 6E 65 00 00 00 04 6E 6F 6E 65 00 00 00 00 00 00 : ne....none......
>
> 0290: 00 00 00 00 00 00 00 : .......
>
> [libssh2] 0.615625 Socket: Sent 832/832 bytes at 021D393C
>
> => libssh2_transport_write send() (832 bytes)
>
> 0000: 00 00 03 3C A4 14 30 B0 BB FA 02 DA BC 09 75 DA : ...<..0°»ת..¼
> u.
>
> 0010: 15 A5 20 E6 B2 80 00 00 00 7E 64 69 66 66 69 65 : .¥ ז²....~diffie
>
> 0020: 2D 68 65 6C 6C 6D 61 6E 2D 67 72 6F 75 70 2D 65 : -hellman-group-e
>
> 0030: 78 63 68 61 6E 67 65 2D 73 68 61 32 35 36 2C 64 : xchange-sha256,d
>
> 0040: 69 66 66 69 65 2D 68 65 6C 6C 6D 61 6E 2D 67 72 : iffie-hellman-gr
>
> 0050: 6F 75 70 2D 65 78 63 68 61 6E 67 65 2D 73 68 61 : oup-exchange-sha
>
> 0060: 31 2C 64 69 66 66 69 65 2D 68 65 6C 6C 6D 61 6E : 1,diffie-hellman
>
> 0070: 2D 67 72 6F 75 70 31 34 2D 73 68 61 31 2C 64 69 : -group14-sha1,di
>
> 0080: 66 66 69 65 2D 68 65 6C 6C 6D 61 6E 2D 67 72 6F : ffie-hellman-gro
>
> 0090: 75 70 31 2D 73 68 61 31 00 00 00 0F 73 73 68 2D : up1-sha1....ssh-
>
> 00a0: 72 73 61 2C 73 73 68 2D 64 73 73 00 00 00 71 61 : rsa,ssh-dss...qa
>
> 00b0: 65 73 32 35 36 2D 63 62 63 2C 72 69 6A 6E 64 61 : es256-cbc,rijnda
>
> 00c0: 65 6C 2D 63 62 63 40 6C 79 73 61 74 6F 72 2E 6C : el-cbc_at_lysator.l
>
> 00d0: 69 75 2E 73 65 2C 61 65 73 31 39 32 2D 63 62 63 : iu.se,aes192-cbc
>
> 00e0: 2C 61 65 73 31 32 38 2D 63 62 63 2C 62 6C 6F 77 : ,aes128-cbc,blow
>
> 00f0: 66 69 73 68 2D 63 62 63 2C 61 72 63 66 6F 75 72 : fish-cbc,arcfour
>
> 0100: 31 32 38 2C 61 72 63 66 6F 75 72 2C 63 61 73 74 : 128,arcfour,cast
>
> 0110: 31 32 38 2D 63 62 63 2C 33 64 65 73 2D 63 62 63 : 128-cbc,3des-cbc
>
> 0120: 00 00 00 71 61 65 73 32 35 36 2D 63 62 63 2C 72 : ...qaes256-cbc,r
>
> 0130: 69 6A 6E 64 61 65 6C 2D 63 62 63 40 6C 79 73 61 : ijndael-cbc_at_lysa
>
> 0140: 74 6F 72 2E 6C 69 75 2E 73 65 2C 61 65 73 31 39 : tor.liu.se,aes19
>
> 0150: 32 2D 63 62 63 2C 61 65 73 31 32 38 2D 63 62 63 : 2-cbc,aes128-cbc
>
> 0160: 2C 62 6C 6F 77 66 69 73 68 2D 63 62 63 2C 61 72 : ,blowfish-cbc,ar
>
> 0170: 63 66 6F 75 72 31 32 38 2C 61 72 63 66 6F 75 72 : cfour128,arcfour
>
> 0180: 2C 63 61 73 74 31 32 38 2D 63 62 63 2C 33 64 65 : ,cast128-cbc,3de
>
> 0190: 73 2D 63 62 63 00 00 00 71 68 6D 61 63 2D 73 68 : s-cbc...qhmac-sh
>
> 01a0: 61 32 2D 32 35 36 2C 68 6D 61 63 2D 73 68 61 32 : a2-256,hmac-sha2
>
> 01b0: 2D 35 31 32 2C 68 6D 61 63 2D 73 68 61 31 2C 68 : -512,hmac-sha1,h
>
> 01c0: 6D 61 63 2D 73 68 61 31 2D 39 36 2C 68 6D 61 63 : mac-sha1-96,hmac
>
> 01d0: 2D 6D 64 35 2C 68 6D 61 63 2D 6D 64 35 2D 39 36 : -md5,hmac-md5-96
>
> 01e0: 2C 68 6D 61 63 2D 72 69 70 65 6D 64 31 36 30 2C : ,hmac-ripemd160,
>
> 01f0: 68 6D 61 63 2D 72 69 70 65 6D 64 31 36 30 40 6F : hmac-ripemd160_at_o
>
> 0200: 70 65 6E 73 73 68 2E 63 6F 6D 00 00 00 71 68 6D : penssh.com...qhm
>
> 0210: 61 63 2D 73 68 61 32 2D 32 35 36 2C 68 6D 61 63 : ac-sha2-256,hmac
>
> 0220: 2D 73 68 61 32 2D 35 31 32 2C 68 6D 61 63 2D 73 : -sha2-512,hmac-s
>
> 0230: 68 61 31 2C 68 6D 61 63 2D 73 68 61 31 2D 39 36 : ha1,hmac-sha1-96
>
> 0240: 2C 68 6D 61 63 2D 6D 64 35 2C 68 6D 61 63 2D 6D : ,hmac-md5,hmac-m
>
> 0250: 64 35 2D 39 36 2C 68 6D 61 63 2D 72 69 70 65 6D : d5-96,hmac-ripem
>
> 0260: 64 31 36 30 2C 68 6D 61 63 2D 72 69 70 65 6D 64 : d160,hmac-ripemd
>
> 0270: 31 36 30 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 00 : 160_at_openssh.com.
>
> 0280: 00 00 04 6E 6F 6E 65 00 00 00 04 6E 6F 6E 65 00 : ...none....none.
>
> 0290: 00 00 00 00 00 00 00 00 00 00 00 00 44 EC 14 45 : ............Dל.E
>
> 02a0: D8 CB 8F 55 8E AA 05 C1 1B 5E F1 C6 CF 83 68 52 : ״..U.×...^ס..ƒhR
>
> 02b0: 3A 38 3A FE 39 4E C1 98 A2 BA 7F D0 B4 C4 A9 7C : :8:.9N..¢÷.׀´.©|
>
> 02c0: 24 8F 3F 73 40 4D DB 09 D0 C5 6E F4 9B 7E 51 7D : $.?s_at_M. ׀.nפ›~Q}
>
> 02d0: 26 67 F7 C3 F3 00 3B 4E AE 5D 50 28 4E D4 A6 6A : &gק.ף.;N®]P(Nװ¦j
>
> 02e0: 26 13 3C AF C1 22 17 53 57 05 7E 2E B2 37 79 97 : &.<¯.".SW.~.²7y—
>
> 02f0: 19 AA C8 F5 C1 92 70 63 64 F5 F2 F8 D5 88 18 F8 : .×.ץ.’pcdץערױ..ר
>
> 0300: 86 3C 7C 58 D4 8D 2C 1E 44 EF CC B7 58 68 B4 DE : †<|Xװ.,.Dן.·Xh´.
>
> 0310: 44 21 D9 9C D0 8D AE 9C EA DB 4D 1C 6A F2 FD 46 : D!..׀.®.ך.M.jע.F
>
> 0320: 7F A3 1B 45 23 FA 32 CA 7E D3 A6 B8 B4 CC CB 1B : .£.E#ת2.~׃¦¸´...
>
> 0330: CD 6E 01 D1 3B 6D 65 B8 BE 69 12 D4 38 E7 08 8E : .n..;me¸¾i.װ8ח..
>
> [libssh2] 0.615625 Transport: Looking for packet of type: 20
>
> 0 0 0 0 0 0 0 0 --:--:-- --:--:--
> --:--:-- 0[libssh2] 0.693750 Socket: Recved 392/16384 bytes to
> 021CF914+0
>
> => libssh2_transport_read() raw (392 bytes)
>
> 0000: 00 00 01 84 07 14 AA 25 A8 63 3D 62 7D 7A 1F AC : ...„..×%¨c=b}z.¬
>
> 0010: 96 7D 83 EA 31 9C 00 00 00 5D 65 63 64 68 2D 73 : –}ƒך1....]ecdh-s
>
> 0020: 68 61 32 2D 6E 69 73 74 70 35 32 31 2C 65 63 64 : ha2-nistp521,ecd
>
> 0030: 68 2D 73 68 61 32 2D 6E 69 73 74 70 33 38 34 2C : h-sha2-nistp384,
>
> 0040: 65 63 64 68 2D 73 68 61 32 2D 6E 69 73 74 70 32 : ecdh-sha2-nistp2
>
> 0050: 35 36 2C 64 69 66 66 69 65 2D 68 65 6C 6C 6D 61 : 56,diffie-hellma
>
> 0060: 6E 2D 67 72 6F 75 70 2D 65 78 63 68 61 6E 67 65 : n-group-exchange
>
> 0070: 2D 73 68 61 32 35 36 00 00 00 23 73 73 68 2D 72 : -sha256...#ssh-r
>
> 0080: 73 61 2C 73 73 68 2D 64 73 73 2C 65 63 64 73 61 : sa,ssh-dss,ecdsa
>
> 0090: 2D 73 68 61 32 2D 6E 69 73 74 70 35 32 31 00 00 : -sha2-nistp521..
>
> 00a0: 00 20 61 65 73 32 35 36 2D 63 74 72 2C 61 65 73 : . aes256-ctr,aes
>
> 00b0: 31 39 32 2D 63 74 72 2C 61 65 73 31 32 38 2D 63 : 192-ctr,aes128-c
>
> 00c0: 74 72 00 00 00 20 61 65 73 32 35 36 2D 63 74 72 : tr... aes256-ctr
>
> 00d0: 2C 61 65 73 31 39 32 2D 63 74 72 2C 61 65 73 31 : ,aes192-ctr,aes1
>
> 00e0: 32 38 2D 63 74 72 00 00 00 2A 68 6D 61 63 2D 72 : 28-ctr...*hmac-r
>
> 00f0: 69 70 65 6D 64 31 36 30 2C 68 6D 61 63 2D 73 68 : ipemd160,hmac-sh
>
> 0100: 61 32 2D 32 35 36 2C 68 6D 61 63 2D 73 68 61 32 : a2-256,hmac-sha2
>
> 0110: 2D 35 31 32 00 00 00 2A 68 6D 61 63 2D 72 69 70 : -512...*hmac-rip
>
> 0120: 65 6D 64 31 36 30 2C 68 6D 61 63 2D 73 68 61 32 : emd160,hmac-sha2
>
> 0130: 2D 32 35 36 2C 68 6D 61 63 2D 73 68 61 32 2D 35 : -256,hmac-sha2-5
>
> 0140: 31 32 00 00 00 15 6E 6F 6E 65 2C 7A 6C 69 62 40 : 12....none,zlib@
>
> 0150: 6F 70 65 6E 73 73 68 2E 63 6F 6D 00 00 00 15 6E : openssh.com....n
>
> 0160: 6F 6E 65 2C 7A 6C 69 62 40 6F 70 65 6E 73 73 68 : one,zlib_at_openssh
>
> 0170: 2E 63 6F 6D 00 00 00 00 00 00 00 00 00 00 00 00 : .com............
>
> 0180: 00 00 00 00 00 00 00 00 : ........
>
> => libssh2_transport_read() plain (380 bytes)
>
> 0000: 14 AA 25 A8 63 3D 62 7D 7A 1F AC 96 7D 83 EA 31 : .×%¨c=b}z.¬–}ƒך1
>
> 0010: 9C 00 00 00 5D 65 63 64 68 2D 73 68 61 32 2D 6E : ....]ecdh-sha2-n
>
> 0020: 69 73 74 70 35 32 31 2C 65 63 64 68 2D 73 68 61 : istp521,ecdh-sha
>
> 0030: 32 2D 6E 69 73 74 70 33 38 34 2C 65 63 64 68 2D : 2-nistp384,ecdh-
>
> 0040: 73 68 61 32 2D 6E 69 73 74 70 32 35 36 2C 64 69 : sha2-nistp256,di
>
> 0050: 66 66 69 65 2D 68 65 6C 6C 6D 61 6E 2D 67 72 6F : ffie-hellman-gro
>
> 0060: 75 70 2D 65 78 63 68 61 6E 67 65 2D 73 68 61 32 : up-exchange-sha2
>
> 0070: 35 36 00 00 00 23 73 73 68 2D 72 73 61 2C 73 73 : 56...#ssh-rsa,ss
>
> 0080: 68 2D 64 73 73 2C 65 63 64 73 61 2D 73 68 61 32 : h-dss,ecdsa-sha2
>
> 0090: 2D 6E 69 73 74 70 35 32 31 00 00 00 20 61 65 73 : -nistp521... aes
>
> 00a0: 32 35 36 2D 63 74 72 2C 61 65 73 31 39 32 2D 63 : 256-ctr,aes192-c
>
> 00b0: 74 72 2C 61 65 73 31 32 38 2D 63 74 72 00 00 00 : tr,aes128-ctr...
>
> 00c0: 20 61 65 73 32 35 36 2D 63 74 72 2C 61 65 73 31 : aes256-ctr,aes1
>
> 00d0: 39 32 2D 63 74 72 2C 61 65 73 31 32 38 2D 63 74 : 92-ctr,aes128-ct
>
> 00e0: 72 00 00 00 2A 68 6D 61 63 2D 72 69 70 65 6D 64 : r...*hmac-ripemd
>
> 00f0: 31 36 30 2C 68 6D 61 63 2D 73 68 61 32 2D 32 35 : 160,hmac-sha2-25
>
> 0100: 36 2C 68 6D 61 63 2D 73 68 61 32 2D 35 31 32 00 : 6,hmac-sha2-512.
>
> 0110: 00 00 2A 68 6D 61 63 2D 72 69 70 65 6D 64 31 36 : ..*hmac-ripemd16
>
> 0120: 30 2C 68 6D 61 63 2D 73 68 61 32 2D 32 35 36 2C : 0,hmac-sha2-256,
>
> 0130: 68 6D 61 63 2D 73 68 61 32 2D 35 31 32 00 00 00 : hmac-sha2-512...
>
> 0140: 15 6E 6F 6E 65 2C 7A 6C 69 62 40 6F 70 65 6E 73 : .none,zlib_at_opens
>
> 0150: 73 68 2E 63 6F 6D 00 00 00 15 6E 6F 6E 65 2C 7A : sh.com....none,z
>
> 0160: 6C 69 62 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 00 : lib_at_openssh.com.
>
> 0170: 00 00 00 00 00 00 00 00 00 00 00 00 : ............
>
> [libssh2] 0.693750 Transport: Packet type 20 received, length=380
>
> [libssh2] 0.693750 Transport: Looking for packet of type: 20
>
> [libssh2] 0.693750 Failure Event: -5 - Unable to exchange encryption keys
>
> * Failure establishing ssh session
>
> [libssh2] 0.693750 Transport: Freeing session resource
>
> [libssh2] 0.693750 Transport: Extra packets left 0
>
> 0 0 0 0 0 0 0 0 --:--:-- --:--:--
> --:--:-- 0
>
> 0 0 0 0 0 0 0 0 --:--:-- --:--:--
> --:--:-- 0
>
> * Closing connection 0
>
> curl: (2) Failure establishing ssh session
>
>
>
>
>

Hi,

Before a year, I posted this question but no one have answered it that
days. Anyway, I already managed to solve it since then, so I wanted to
share my insights for a case it will help someone in the future:

If you would read carefully between the lines of the traffic output, you’ll
see that the supported ciphers of each side, are printed there. For
instance, here the AES-192-CBC cipher:

00d0: 2C 61 65 73 31 39 32 2D 63 62 63 2C 61 65 73 31 : ,aes192-cbc,aes1

After reading the whole ciphers list of each side, I noticed that the
server side supports only the CTR operation mode (related to symmetric
encryption. i.e. aes256-ctr) while the client side doesn’t support it at
all, and that’s resulted in “non-agreement” about the selected cipher, or
as libssh2 error message mentioned: “Unable to exchange encryption keys”.

Thanks,

Moti

_______________________________________________
libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2017-06-13