Check host key algorithms before continuing key exchange #1642

Rob-Hague · 2025-05-11T14:03:05Z

The library currently does not check for matching host key algorithms until needed at the end of the key exchange, in contrast to other algorithm types which are checked beforehand. This leads to confusing or uninformative errors, normally from the server (correctly) closing the connection.

This change moves that check alongside the rest of them, and also improves the error messages that arise from no matching algorithms. For example, the error in #1641 (and probably #1636) is now

Renci.SshNet.Common.SshConnectionException: No matching host key algorithm (server offers ssh-dss)

The library currently does not check for matching host key algorithms until needed at the end of the key exchange, in contrast to other algorithm types which are checked beforehand. This leads to confusing or uninformative errors, normally from the server (correctly) closing the connection. This change moves that check alongside the rest of them, and also improves the error messages that arise from no matching algorithms.

Rob-Hague requested review from drieseng and WojciechNagorski as code owners May 11, 2025 14:03

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Check host key algorithms before continuing key exchange #1642

Check host key algorithms before continuing key exchange #1642

Rob-Hague commented May 11, 2025

Check host key algorithms before continuing key exchange #1642

Are you sure you want to change the base?

Check host key algorithms before continuing key exchange #1642

Conversation

Rob-Hague commented May 11, 2025