Kamil Dudka | 30 Jul 12:46 2014

Re: FIPS Compliance.

On Tuesday, July 29, 2014 02:48:58 john gloster wrote:
> Hi,
> From http://git.libssh2.org/?p=libssh2.git;a=commitdiff;h=9f6fd5a
> Did you mean that the following are not FIPS compliant?
> ·         EVP_aes_256_cbc
> ·         EVP_aes_192_cbc
> ·         EVP_aes_128_cbc

I think the problem was that OpenSSL did not like that libssh2 implemented
the CTR cipher mode on its own when FIPS mode was enabled.  When I switched 
libssh2 back to use the OpenSSL-provided implementation of those ciphers, it 
started to work (after fixing the surrounding code to use correct block sizes 
via commit 5d567fa).


> On Fri, Jul 25, 2014 at 1:59 PM, Kamil Dudka <kdudka <at> redhat.com> wrote:
> > On Friday, July 25, 2014 10:08:02 Bert Huijben wrote:
> > > If I remember correctly there is a compile time flag for libssh2 to
> > 
> > enable a
> > 
> > > strict fips mode.
> > 
> > I do not think so.  Did not you mean a compile time flag for OpenSSL?
(Continue reading)

john gloster | 25 Jul 09:30 2014

FIPS Compliance.


I wanted to know whether libssh2 1.4.2/1.4.3 are compatible with FIPS compliant OpenSSL version openssl-1.0.0-20 ?

I compiled libssh2 1.4.3 with this particular version of openssl and i could see that my application linking to this libssh crashes.

In other cases, my application runs successfully if i compile libssh2 1.4.3 with openssl-1.0.1e-16.

Could some one please shed light on this one?

Alternately please let me know whether i can configure libssh2 to use a particular set crypto algorithms supported by the openssl.

Thanking you on advance. 

libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Eduardo Silva | 23 Jun 22:32 2014

Multiple channels and epoll(7)


i was searching around for a mechanism to listen in a local socket for
libssh2 session events through epoll and handle properly multiple
channels, i ended up on this thread:

      https://www.mail-archive.com/libssh2-devel <at> cool.haxx.se/msg03737.html

as of today, is there a mechanism to perform specific operations on
specific events ?, i am mostly interested into know when to accept a
channel request and when to read for channels waiting for data.

thanks for your help,


Eduardo Silva
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Nitin Deokate | 14 Jun 02:51 2014

Questions about libssh2_sftp_read()

Hi Guys,

I have couple questions to the libssh2 developers:

1.       I have an application, where I use libssh2_sftp_read(), and I pass larger buffer(say 8K to 16MB) to same function,

What I expect is, data of same bytes, but all I get is 2000Bytes.

What could help me to get as equal to the buffer size I passed and not 2000 bytes?


2.       Is it any significant reason for selecting value for

#define MAX_SFTP_READ_SIZE 2000

Why it can’t have more bytes than that?


Has anybody faced this scenario before, please revert as early as possible.



libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
sudheer kumar | 7 Jun 23:16 2014

libssh2 and select on multiple channels

I'm trying to write a event driven programming (written in perl through Net::SSH2 and EV) where if some data is available on socket I go over all the channels in non-blocking way to see if there is some data that can be read. 

I'm seeing issues with above approach in some cases where socket is not shown as readable with select but when tried to read channel, it is available (I expected select to return before i did read on channel). 

While browsing archives I found below one discussed back in 2010 with related topic: 

Did anyone try other approach that works where select always says when something can be read from channel? 
Does above approach work at all, as we have only one socket and multiple channels of it. And each read from channel should read from socket, and that is affecting select because if we have 'n' channels in a session, trying read on nth channel could have read data from socket which belongs to 1st channel and is stored in buffer and that affecting select to say socket is readable later?

Any leads on this topic if at all discussed before is greatly appreciated. 

libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
B Harder | 29 May 18:20 2014

bad username/password auth to Mac OS X/FreeBSD hosts.

I've got code that will connect to NetBSD, Solaris, Linux hosts and
authenticate and Do What I Want. However, attempting to connect to a
FreeBSD (10 release) or Mac OS X host yields authentication error. I'm
sure the username/password is correct. If I use key-based
authentication to these problem hosts though, everything works fine.

Is there a known issue w/ OS X/FreeBSD ? Is there some
boilerplate/reference code available for username/password
authentication to use as basis for example to demonstrate?

Kind regards,

libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel

Robert Zuber | 19 May 20:10 2014

public git server problem?


I'm trying to work on a project that has a git submodule dependency on libssh2, but since yesterday I've been
getting the following:

$ git clone git://git.libssh2.org/libssh2.git
Cloning into 'libssh2'...
fatal: read error: Connection reset by peer

Pretty sure it worked Saturday evening (US west coast time).

I've tried a few different machines in different locations on my side, but don't have any real git protocol
debugging skills beyond that.

Can anyone confirm if there is a server issue (or let me know if I should keep debugging on my side)?

libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel

Daniel Stenberg | 19 May 10:29 2014

Back on the release track

Hey friends,

Let's take another shot at a new release soon. Is there any pressing 
change/bug we really SHOULD fix before a release can happen? If so, speak up 
now and please motivate.

If not, I think a release is possible by the end of this week.



  / daniel.haxx.se
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel

Mikhail Gusarov | 19 May 10:22 2014

[PATCH] Fix typos in manpages

 docs/libssh2_base64_decode.3           | 2 +-
 docs/libssh2_channel_get_exit_status.3 | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/libssh2_base64_decode.3 b/docs/libssh2_base64_decode.3
index 33e141c..932f03a 100644
--- a/docs/libssh2_base64_decode.3
+++ b/docs/libssh2_base64_decode.3
 <at>  <at>  -19,7 +19,7  <at>  <at>  The returned buffer is allocated by this function, but it is not clear how to
 free that memory!
 The memory that *dest points to is allocated by the malloc function libssh2
-uses, but there's no way for an appliction to free this data in a safe and
+uses, but there's no way for an application to free this data in a safe and
 reliable way!
 0 if successful, \-1 if any error occurred.
diff --git a/docs/libssh2_channel_get_exit_status.3 b/docs/libssh2_channel_get_exit_status.3
index 08d5555..4a8c9e2 100644
--- a/docs/libssh2_channel_get_exit_status.3
+++ b/docs/libssh2_channel_get_exit_status.3
 <at>  <at>  -8,7 +8,7  <at>  <at>  int
 libssh2_channel_get_exit_status(LIBSSH2_CHANNEL* channel)

-\fIchannel\fP - Closed channel stream to retreive exit status from.
+\fIchannel\fP - Closed channel stream to retrieve exit status from.

 Returns the exit code raised by the process running on the remote host at 
 the other end of the named channel. Note that the exit status may not be 


libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel

Mikhail Gusarov | 19 May 10:09 2014

[PATCH] Do not expose private libraries nor link flags to clients of libssh2

Reported in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747417
 libssh2.pc.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libssh2.pc.in b/libssh2.pc.in
index 26d8a45..3a4f7b6 100644
--- a/libssh2.pc.in
+++ b/libssh2.pc.in
 <at>  <at>  -12,6 +12,6  <at>  <at>  URL: http://www.libssh2.org/
 Description: Library for SSH-based communication
 Version:  <at> LIBSSH2VER <at> 
 Requires.private:  <at> LIBSREQUIRED <at> 
-Libs: -L${libdir} -lssh2  <at> LDFLAGS <at>   <at> LIBS <at> 
+Libs: -L${libdir} -lssh2
 Libs.private:  <at> LIBS <at> 
 Cflags: -I${includedir}


libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel

Jeremy Friesner | 17 May 00:48 2014

How should my libssh2 program detect when the data upload failed because the destination partition ran out of space?

Hi all,

I have a program that uses libssh2 to upload a 152MB file to a partition on a remote machine.  In general it works quite well.

The problem I ran into today involves the scenario when there isn't enough drive-space free on the remote machine to hold the entire 152MB file.  What I would expect to have happen in this case is for libssh2_channel_write() to return an error-code at some point to indicate the failure, but the behavior I observe instead is that libssh2_channel_write() keeps on behaving normally (i.e. returning positive values or -1/LIBSSH2_ERROR_EGAIN, since I'm using non-blocking I/O), as if the file transfer was working fine.

I'd like to have my program's GUI indicate than an error occurred when this happens -- is there some particular way for me to find out when a file upload has failed due to lack of space (or for any other reason)?  For what it's worth, my file transfers use the following sequence of calls (all with the appropriate error checking of the calls'  return values, which I've omitted here for clarity);

_uploadFileChannel = libssh2_scp_send(_session, filePath, permBits, numBytes);
        libssh2_channel_write(_uploadFileChannel, (const char *) firstToSend, numBytesLeft);   // called many times, of course

Btw, just as a sanity check, I ran the built-in scp utility on my Mac to upload a large file to the machine with the full partition:

jeremy-friesners-mac-pro-3:Downloads jaf$ scp dmitri-6.0.0-2014-05-16-1051-r14027-1-Beta.dmitriUniversalFirmware root-zDUBOsd0cgzoxTWJeinByrvdaCA0pRRr@public.gmane.org.:/mnt/user/
root-zDUBOsd0cgzoxTWJeinByrvdaCA0pRRr@public.gmane.org.'s password: 
dmitri-6.0.0-2014-05-16-1051-r14027-1-Beta.dmitriUniversalFirmware       100%  152MB  19.0MB/s   00:08    
scp: /mnt/user//dmitri-6.0.0-2014-05-16-1051-r14027-1-Beta.dmitriUniversalFirmware: No space left on device

I note that scp did detect the error, but not until *after* it had already uploaded all 152MB to the server.  That seems odd to me, since the destination (/mnt/user) was already completely full, I would expect the error to be reported and the uploaded aborted at the beginning of the transfer rather than at the end.  Otherwise, where are all those bytes of data being placed during the upload?

libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel