This month's Index
Subject: RE: Unable to exchange encryption keys
RE: Unable to exchange encryption keys
From: Oliver Nelson <oliver_at_ootbc.com>
Date: Tue, 29 Dec 2009 22:40:43 -0800
I've done some more work on this problem. Using the released version of 1.2.2 now. I haven't been able to get libssh2 debug mode to work for some odd reason (my fault no doubt), but I did get some debug output from my openssh server which all looked fine. Upon further investigation, I can see that in the session object, the SHA1 and MD5 hash of the encryption key is shown correctly (based on looking at the fingerprint from another client connecting to the same host). This seems to indicate that the key exchange is working, but libssh2_session_hostkey returns an empty string. I get this behaviour on any host I connect to. My test code looks like this:
retval = getaddrinfo("126.96.36.199", "222",&hints,&result);
SOCKET sshsock = socket(AF_INET, SOCK_STREAM, 0);
LIBSSH2_SESSION * session = NULL;
const char* fingerprint = libssh2_session_hostkey(session,&len,&type);
Now, I could use libssh2_hostkey_hash (which returns a correct fingerprint) and do the check myself, but I think I'm supposed to call libssh2_knownhost_check which seems to want the whole key, not just the fingerprint of the key. Is there something wrong with my code here?
NOTE: You can test against this host if you like (no need to authenticate as the problem is pre-authentication), it has ssh running on port 222 rather than 22.
I'm connecting to an OpenSSH server (banner is SSH-2.0-OpenSSH_5.1p1