Moti Avrahami | 26 May 14:30 2016

Fail to connect SFTP server in v1.7.0



I recently upgraded libssh2 from v1.4.1 to v1.7.0 and now I failed to connect SFTP servers.


I use it via libcurl v7.47/7.49 and got:

“Failed initialization: Failure establishing ssh session)”


When turning on the debug mode in libssh2 I  got the below output.

Does someone know how to solve it?






=> libssh2_transport_read() plain (692 bytes)

 [libssh2] 0.711551 Transport: Packet type 20 received, length=692

[libssh2] 0.711551 Transport: Looking for packet of type: 20

[libssh2] 0.711551 Key Ex: Agreed on KEX method: diffie-hellman-group-exchange-sha1

[libssh2] 0.711551 Key Ex: Agreed on HOSTKEY method: ssh-rsa

[libssh2] 0.711551 Key Ex: Agreed on CRYPT_CS method: aes128-ctr

[libssh2] 0.711551 Key Ex: Agreed on CRYPT_SC method: aes128-ctr

[libssh2] 0.711551 Key Ex: Agreed on MAC_CS method: hmac-sha1

[libssh2] 0.711551 Key Ex: Agreed on MAC_SC method: hmac-sha1

[libssh2] 0.711551 Key Ex: Agreed on COMP_CS method: none

[libssh2] 0.711551 Key Ex: Agreed on COMP_SC method: none

[libssh2] 0.711551 Key Ex: Initiating Diffie-Hellman Group-Exchange (New Method)


=> libssh2_transport_write plain (13 bytes)

0000: 22 00 00 04 00 00 00 06  00 00 00 08 00          : "............

[libssh2] 0.711551 Socket: Sent 40/40 bytes at 07A4BFAC

=> libssh2_transport_write send() (40 bytes)

0000: 00 00 00 24 16 22 00 00  04 00 00 00 06 00 00 00 : ...$."..........

0010: 08 00 8A B7 F1 C5 5C 79  A7 41 2C 15 10 41 14 7E : ......\y.A,..A.~

0020: 4E BC 6D 0D 19 D3 EA 5D                          : N.m....]

[libssh2] 0.711551 Transport: Looking for packet of type: 31

[libssh2] 0.727151 Socket: Recved 216/16384 bytes to 07A47F84+0

=> libssh2_transport_read() raw (216 bytes)

=> libssh2_transport_read() plain (203 bytes)

 [libssh2] 0.727151 Transport: Packet type 31 received, length=203

[libssh2] 0.727151 Transport: Looking for packet of type: 31

[libssh2] 0.727151 Key Ex: Sending KEX packet 32

=> libssh2_transport_write plain (198 bytes)

 [libssh2] 0.742751 Socket: Sent 208/208 bytes at 07A4BFAC

=> libssh2_transport_write send() (208 bytes)

 [libssh2] 0.742751 Transport: Looking for packet of type: 33

[libssh2] 0.742751 Socket: Recved 784/16384 bytes to 07A47F84+0

=> libssh2_transport_read() raw (784 bytes)

=> libssh2_transport_read() plain (753 bytes)

02f0: F3                                               : .

[libssh2] 0.742751 Transport: Packet type 33 received, length=753

[libssh2] 0.742751 Transport: Looking for packet of type: 33

[libssh2] 0.742751 Key Ex: Server's MD5 Fingerprint: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

[libssh2] 0.758351 Key Ex: Server's SHA1 Fingerprint: 0b:b3:54:44:b7:ba:f0:dc:14


[libssh2] 0.758351 Key Ex: Sending NEWKEYS message

=> libssh2_transport_write plain (1 bytes)

0000: 15                                               : .

[libssh2] 0.758351 Socket: Sent 184/184 bytes at 07A4BFAC

=> libssh2_transport_write send() (184 bytes)

 [libssh2] 0.758351 Transport: Looking for packet of type: 21

=> libssh2_transport_read() plain (1 bytes)

0000: 15                                               : .

[libssh2] 0.758351 Transport: Packet type 21 received, length=1

[libssh2] 0.758351 Transport: Looking for packet of type: 21

[libssh2] 0.758351 Key Ex: Received NEWKEYS message

[libssh2] 0.758351 Key Ex: session_id calculated

[libssh2] 0.758351 Failure Event: -8 - Unrecoverable error exchanging keys

[libssh2] 0.758351 Failure Event: -8 - Unable to exchange encryption keys

[libssh2] 0.758351 Transport: Freeing session resource

[libssh2] 0.758351 Transport: Extra packets left 0



Daniel Stenberg | 24 May 09:30 2016

Specification for agent protocol (fwd)


Seems like this could be interesting to some libssh2 peeps as well...



---------- Forwarded message ----------
Date: Tue, 24 May 2016 09:29:06
From: Damien Miller <djm <at>>
To: ietf-ssh <at>
Subject: Specification for agent protocol


A few people have asked over the years for a proper specification of the
agent protocol that most SSH implementations support. I've maintained
the PROTOCOL.agent file[1] in the OpenSSH source distribution as a
half-assed standard for some time, but I think that the protocol is
widely used enough to warrant an actual RFC.

So I've converted the half-assed documentation into something
a little bit more formal and published it as an I-D at

This is pretty much exactly the protocol as OpenSSH implements it. The
main changes from PROTOCOL.agent (for those who are familiar with it)
are removal of SSH v.1 bits and adding a couple of backwards-compatible
extension mechanisms to support user <at> extensibility.

I'd welcome any feedback and/or assistance in getting it completed and
published. Thanks to Simon Tatham for reviewing an earlier version.


Jeff Coffler | 19 May 00:00 2016

Can a remote TCP/IP server get connection information from libssh2


I'm working with one of the sample programs, direct_tcpip.c, which uses the libssh2_channel_direct_tcpip_ex to connect to a remote server via SSH.

That much is working great. I can talk to the server, everything is good. However, I would like the remote server (which may or may not be receiving a connection from SSH; it may also receive a connection directly over TCP/IP without SSH) to:

  1. Determine if the connection is coming in via SSH, and
  2. If coming in via SSH, determine the username and type of authentication that was used (password, key, etc). Or, if I can't determine the type of authentication, at least determine the username that was used to authenticate.

It's not clear to me if this is even possible:

  • The server may not be on the local host (I may connect from host A to server B, which connects via TCP/IP to server C, although that leg would not be encrypted),
  • For the life of me, I can't figure out a way to take the TCP/IP socket from accept() (that's all I've got on the server at the time) and turn that into something useful (like a LIBSSH2_SESSION * or something). And even if I had a valid session, I can't find an API that would return the username that was used to authenticate a session.

Is this sort of integration possible with libssh2?

Thanks in advance for any help!

Moti Avrahami | 15 May 17:41 2016

Problem in compiling libssh2


I just downloaded libssh2 v1.7.0 and try to compile it, but encountered a build errors.
I tried to compile it with Visual Studio 2003 and also 2013 (just created an empty C++ Static Library project and put inside all the source and header files) but failed because of the following error:
C2037 left of 'abstract' specifies undefined struct/union '_LIBSSH2_SESSION'

I have hundreds of errors like that.
As far as I saw, there is the following definition in libssh2.h:
and the _LIBSSH2_SESSION struct is defined in libssh2_priv.h 
but I still don't manage to compile this project and produce a .lib file.

I would add that today I have libssh2 v1.4.1 compiled successfully via Visual Studio 2003 and all works well. I even compare my project settings from 1.4.1 but found nothing.

Can someone help me out please?

John Petkovsek | 26 Apr 19:46 2016

libssh2_sftp_write failed: (-9) would block

I set the session to block with a timeout of 15 seconds but libssh2_sftp_write returns with a -9 (LIBSSH2_ERROR_TIMEOUT) after just a second or two.

Paolo Elefante | 19 Apr 11:13 2016

Multithreaded SFTP application crash on CRYPTO_free in SUSE SLES12 environment

Hi there,

I use libssh2 (libssh2-1-1.4.3-16.1.x86_64) to establish SFTP connections in parallel in my multithreaded application running on Linux SUSE.

That code perfectly works on SUSE SLES11, but as I tried to migrate to SLES12 I got a serious crash.


As the application tries to open an SFTP connection, I get a systematic crash on “CRYPTO_free” when invoking ‘libssh2_session_handshake’.

I have checked the core dump using symbols and I’m sure that both TCP connection and SSH Session have been established (‘libssh2_session_init’ is successful).


In detail, libssh2_session_handshake crashes while invoking HMAC_Init_ex, EVP_DigestInit_ex, CRYPTO_free:

#0 0x00007fe3600eb0a7 in raise () from /lib64/

#1 0x00007fe3600ec458 in abort () from /lib64/

#2 0x00007fe360128764 in __libc_message () from /lib64/

#3 0x00007fe36012dfce in malloc_printerr () from /lib64/

#4 0x00007fe361e6b3fd in CRYPTO_free () from /lib64/

#5 0x00007fe361ef4009 in EVP_DigestInit_ex () from /lib64/

#6 0x00007fe361e79360 in HMAC_Init_ex () from /lib64/

#7 0x00007fe36291ee7a in ?? () from /usr/lib64/

#8 0x00007fe36292d3e9 in ?? () from /usr/lib64/

#9 0x00007fe362924bd3 in libssh2_session_handshake () from /usr/lib64/


I have initialized OpenSSL for a multithreaded environment using static locking callbacks. I have also verified that callbacks are triggered by the underlying openssl stratum.

I initialized libssh2 using “libssh2_init(0)


I guess there's problem in the setup of my environment, but I can’t figure it out.


The same code works on SUSE SLES11 where my application linked and, on the contrary on SLES12 my application is linking and


Has anyone experienced this problem or have a suggestion?


Thank you so much for your support.


Best Regards



Daniel Stenberg | 9 Apr 11:20 2016

I'm slow


If you think I'm slow and behind on my duties in this project, it is because 
that is true and it is a legitimate observation. And I don't expect my 
situtation regarding libssh2 to change much anytime soon.

So, I'm hoping others will step up and help out and drive where things need to 
get done etc. If you review a patch and you like it, say so. If you review a 
patch and don't like it, say so. Grab an issue and try to reproduce it. 
Respond in issues and help them get clarified. Open source only works fine 
when we all join in and do our share.

If you think you'd do the project good by getting push rights so that *you* 
can merge patches and push commits, do say so. But only bother if you've 
actually been around and shown yourself worthy in the project for a good while 




Cody P Schafer | 6 Apr 21:08 2016

dh parameter generation still not quite right?

I was looking into CVE-2016-0787 (bits vs bytes confusion within dh
exponent generation) and noted that someone had taken a look at the
code and commented on the github commit:

After some examination myself, it appears that diffie_hellman_sha1 is
vulnerable to the same issue that diffie_hellman_sha256 was vulnerable
to, and there are other issues with private exponent generation that
should be examined.

I'm including the comments from github below for posterity:

yumkam commented on ca5222e on Feb 23:
> Something feels eerily wrong here.
> 1) compare diffie_hellman_sha1 and diffie_hellman_sha256; is not there exactly same problem in sha1 variant?
> 2) if I was not mistaken, this is generation of "private exponent"; but "private exponent" need not be as
large as group order! Normal size is "twice as generated key material", something from 256 bits to 512 bits
for usual symmetric algos and key sizes, see rfc4419 section 6.2 (Private exponent) [1].
> That is, it was, indeed, about 2 times too small before (and still wrong for diffie_hellman_sha1?), but it
is more than 4 times too large now. (Well, at least later is only performance issue).
> Disclaimer: I'm not real cryptographer, but only playing one.
> P.S. openssh uses min(2*max(symmetric_{key,iv,block,mac}_in_bits),p_bits-1)

yumkam commented on ca5222e on Feb 23:
> Also, for diffie-hellman-group-exchange-*, if p_bits+1 is not multiply of 8, group_order*8 can be
larger than p_bits (by up to 7 bits); thus, generated group_order*8-1-bit random value x can fail 1 < x <
(p-1)/2 test, see rfc4419[2]


Checking the code in git today shows the same flaws noted in those
comments still exist.

bch | 26 Mar 00:10 2016

speeling error (and fix) in channel error message

--- libssh2/src/channel.c
+++ libssh2/src/channel.c
 <at>  <at>  -268,11 +268,11  <at>  <at> 
         if (session->open_data[0] == SSH_MSG_CHANNEL_OPEN_FAILURE) {
             unsigned int reason_code =
_libssh2_ntohu32(session->open_data + 5);
             switch (reason_code) {
                 _libssh2_error(session, LIBSSH2_ERROR_CHANNEL_FAILURE,
-                               "Channel open failure
(admininstratively prohibited)");
+                               "Channel open failure
(administratively prohibited)");
             case SSH_OPEN_CONNECT_FAILED:
                 _libssh2_error(session, LIBSSH2_ERROR_CHANNEL_FAILURE,
                                "Channel open failure (connect failed)");
Ismail Aseen | 22 Mar 19:10 2016

libssh2_sftp_init() hangs and does not return while consuming 100% CPU


I have an application which uses libssh2 to transfer files using SFTP. It was working well till I had this problem where libssh2_sftp_init() hangs and does not return while consuming 100% CPU.  I did a stack trace using gstack and got the following stack. Please note that this incident occurred only once for me and it is not re created again. This incident happened while communicating with Windows based SFTP server(Tectia). I am using libssh2-1.6.0. version. Is this a known issue? could anybody assist on this?

#0  0x00007fd3c719e6ac in recv () from /lib64/
#1  0x00007fd3c947511b in _libssh2_recv () from /x01/nptsapp/current/libs/
#2  0x00007fd3c948bc01 in _libssh2_transport_read () from /x01/nptsapp/current/libs/
#3  0x00007fd3c946cfb1 in _libssh2_channel_read () from /x01/nptsapp/current/libs/
#4  0x00007fd3c94800fb in sftp_packet_read () from /x01/nptsapp/current/libs/
#5  0x00007fd3c94806bd in sftp_packet_require () from /x01/nptsapp/current/libs/
#6  0x00007fd3c9480fd1 in sftp_init () from /x01/nptsapp/current/libs/
#7  0x00007fd3c9481285 in libssh2_sftp_init () from /x01/nptsapp/current/libs/

Ismail Aseen
Craig A. Berry | 15 Mar 03:41 2016

[PATCH] VMS updates

A few years ago Jose Baars ported libssh2 to OpenVMS.  I took it for a spin recently and there were a handful of
changes necessary to catch up with changes since.  I’ve attached five patches generated with git
format-patch and also include the commit messages inline below.  Please let me know if there are any
questions or a better way to submit these.

commit 57f7f6e2a92b3cc1699e569ccdc489be79421791
Author: Craig A. Berry <craigberry@...>
Date:   Sun Mar 13 13:29:16 2016 -0500

    Tweak VMS help file building.

    Primarily this is handling cases where top-level files moved into
    the docs/ directory.  I also corrected a typo and removed the
    claim that libssh2 is public domain.

commit 54fe6cef48102c73c5dac3ea15d18eb216c76359
Author: Craig A. Berry <craigberry@...>
Date:   Sun Mar 13 10:20:10 2016 -0500

    Build with standard stat structure on VMS.

    This gets us large file support, is available on any VMS release
    in the last decade and more, and gives stat other modern features
    such as 64-bit ino_t.

commit 7b539d654e5aa4670866742dbe719999afffd1d7
Author: Craig A. Berry <craigberry@...>
Date:   Sat Mar 12 18:46:04 2016 -0600

    Update vms/libssh2_config.h.

    VMS does have stdlib.h, gettimeofday(), and OpenSSL.  The latter
    is appropriate to hard-wire in the configuration because it's
    installed by default as part of the base operating system and
    there is currently no libgcrypt port.

commit 49aeaf04138e0fe90f7c691d568ff0baa2454cbe
Author: Craig A. Berry <craigberry@...>
Date:   Sat Mar 12 18:32:21 2016 -0600

    VMS can't use %zd for off_t format.

    %z is a C99-ism that VMS doesn't currently have; even though the
    compiler is C99-compliant, the library isn't quite.  The off_t used
    for the st_size element of the stat can be 32-bit or 64-bit, so
    detect what we've got and pick a format accordingly.

commit e1b1ba0c8fef782717c90f816507bd3d991ae1ac
Author: Craig A. Berry <craigberry@...>
Date:   Sat Mar 12 18:11:33 2016 -0600

    Normalize line endings in libssh2_sftp_get_channel.3.

    Somehow it got Windows-style CRLF endings so convert to just LF,
    for consistency as well as not to confuse tools that will regard
    the \r as content (e.g. the OpenVMS help librarian).

Craig A. Berry

"... getting out of a sonnet is much more
 difficult than getting in."
                 Brad Leithauser

Attachment (0002-VMS-can-t-use-zd-for-off_t-format.patch): application/octet-stream, 1827 bytes

Attachment (0003-Update-vms-libssh2_config.h.patch): application/octet-stream, 1988 bytes

Attachment (0005-Tweak-VMS-help-file-building.patch): application/octet-stream, 3021 bytes