Question
· Mar 21

SSH issue : unable to exchange encryption keys

Hi Allen,

A partner have decided to change the algorithms that were used to connect on it's SFTP, but our version of libssh2 don't match with the list of it's HOSTKEYS algorithms.  

If i update the library with the last version without to be sure that it includes the old algorithms, i risk to break the connection for other cases.

all suggestions are welcome. Thx

KR,

Amine

Product version: Caché 2018.1
Discussion (1)2
Log in or sign up to continue
  1. Check Compatibility: Review the list of encryption algorithms supported by the newer version of libssh2 to ensure that it includes both the old algorithms required for existing connections and the new algorithms required by your partner's SFTP server. You can usually find this information in the release notes or documentation of the updated library.
  2. Customize SSH Configuration: If the updated library supports customization of SSH configuration, you may be able to explicitly specify the list of supported encryption algorithms. This allows you to include both the old and new algorithms required for compatibility with existing and future connections. Ensure that your configuration aligns with the requirements of your partner's SFTP server.
  3. Testing and Validation: Before deploying any changes to production, thoroughly test the updated library in a development or testing environment. Verify that it can establish connections with both existing and new SFTP servers without any issues. Pay close attention to encryption algorithm negotiation during the SSH handshake.
  4. Fallback Mechanism: Implement a fallback mechanism that automatically switches to the old version of libssh2 if the updated version fails to establish a connection with existing SFTP servers. This ensures continuity of service while you work on resolving compatibility issues with the updated library.
  5. Communication with Partner: Engage in communication with your partner to discuss the changes they've made to their SFTP server and ensure that you have a clear understanding of their requirements. They may be willing to provide guidance or assistance in resolving compatibility issues.
  6. Consideration of Security: While maintaining compatibility is important, prioritize security considerations when making decisions about encryption algorithms. Ensure that the chosen algorithms meet security best practices and compliance requirements.