curl SFTP transfer from Cygwin on Win10 to Ubuntu 18.04 fails with Unknown host key type: 1835008

[Ben-Voris]

I did this

curl -s -T t.cpp sftp://bvoris@nucnuc/tmp/t2.cpp

I expected the following

Successful transfer

I got

: curl -vvv -s -T t.cpp sftp://bvoris@nucnuc/tmp/t2.cpp
* STATE: INIT => CONNECT handle 0x800085338; line 1634 (connection #-5000)
* Added connection 0. The cache now contains 1 members
* STATE: CONNECT => RESOLVING handle 0x800085338; line 1680 (connection #0)
* family0 == v4, family1 == v6
*   Trying 192.168.1.5:22...
* STATE: RESOLVING => CONNECTING handle 0x800085338; line 1762 (connection #0)
* Connected to nucnuc (192.168.1.5) port 22 (#0)
* STATE: CONNECTING => PROTOCONNECT handle 0x800085338; line 1825 (connection #0)
* SFTP 0x8000847c8 state change from SSH_STOP to SSH_INIT
* Found host nucnuc in /home/BVoris/.ssh/known_hosts
* Unknown host key type: 1835008
* SFTP 0x8000847c8 state change from SSH_INIT to SSH_SESSION_FREE
* SFTP 0x8000847c8 state change from SSH_SESSION_FREE to SSH_STOP
* multi_done
* The cache now contains 0 members
* SSH DISCONNECT starts now
* SSH DISCONNECT is done
* Closing connection 0

The known_hosts entry:

nucnuc ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICmjvQ5jehz5Jwt1PDGJBSgcXVhoMRnbn/E2p3srSK+c

curl/libcurl version

curl 7.76.1 (x86_64-pc-cygwin) libcurl/7.76.1 OpenSSL/1.1.1f zlib/1.2.11 brotli/1.0.9 zstd/1.4.9 libidn2/2.2.0 libpsl/0.21.0 (+libidn2/2.0.4) libssh2/1.7.0 nghttp2/1.37.0
Release-Date: 2021-04-14
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli Debug GSS-API HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz Metalink NTLM NTLM_WB PSL SPNEGO SSL TLS-SRP TrackMemory UnixSockets zstd

operating system

curl is run on CYGWIN_NT-10.0 LNCECL5HRV 3.2.0(0.340/5/3) 2021-03-29 08:42 x86_64 Cygwin

The target system has:

OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017

I found curl with SFTP fails to verify ECDSA keys present in known hosts files
but this seems to have been fixed about a year ago.

sftp between the same systems works:

: sftp -vvv bvoris@nucnuc
OpenSSH_8.5p1, OpenSSL 1.1.1f  31 Mar 2020
debug1: Reading configuration data /home/BVoris/.ssh/config
debug3: kex names ok: [diffie-hellman-group1-sha1]
debug3: kex names ok: [diffie-hellman-group1-sha1]
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/BVoris/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/BVoris/.ssh/known_hosts2'
debug2: resolving "nucnuc" port 22
debug3: ssh_connect_direct: entering
debug1: Connecting to nucnuc [192.168.1.5] port 22.
debug3: set_sock_tos: set socket 3 IP_TOS 0x48
debug1: Connection established.
debug1: identity file /home/BVoris/.ssh/id_rsa type 0
debug1: identity file /home/BVoris/.ssh/id_rsa-cert type -1
debug1: identity file /home/BVoris/.ssh/id_dsa type -1
debug1: identity file /home/BVoris/.ssh/id_dsa-cert type -1
debug1: identity file /home/BVoris/.ssh/id_ecdsa type -1
debug1: identity file /home/BVoris/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/BVoris/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/BVoris/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/BVoris/.ssh/id_ed25519 type -1
debug1: identity file /home/BVoris/.ssh/id_ed25519-cert type -1
debug1: identity file /home/BVoris/.ssh/id_ed25519_sk type -1
debug1: identity file /home/BVoris/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/BVoris/.ssh/id_xmss type -1
debug1: identity file /home/BVoris/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.5
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: compat_banner: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to nucnuc:22 as 'bvoris'
debug3: record_hostkey: found key type ED25519 in file /home/BVoris/.ssh/known_hosts:27
debug3: load_hostkeys_file: loaded 1 keys from nucnuc
debug1: load_hostkeys: fopen /home/BVoris/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh_known_hosts2: No such file or directory
debug3: order_hostkeyalgs: have matching best-preference key type ssh-ed25519-cert-v01@openssh.com, using HostkeyAlgorithms verbatim
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:3msQatZtmrJEBT16oPBGz0tSARnLP3WRPee/gMO9Zm0
debug3: record_hostkey: found key type ED25519 in file /home/BVoris/.ssh/known_hosts:27
debug3: load_hostkeys_file: loaded 1 keys from nucnuc
debug1: load_hostkeys: fopen /home/BVoris/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh_known_hosts2: No such file or directory
debug1: Host 'nucnuc' is known and matches the ED25519 host key.
debug1: Found key in /home/BVoris/.ssh/known_hosts:27
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /home/BVoris/.ssh/id_rsa RSA SHA256:3avyBHQeTd2Z6+hDmolk1Xruozvf17RzVQpiyHxNk78
debug1: Will attempt key: /home/BVoris/.ssh/id_dsa
debug1: Will attempt key: /home/BVoris/.ssh/id_ecdsa
debug1: Will attempt key: /home/BVoris/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/BVoris/.ssh/id_ed25519
debug1: Will attempt key: /home/BVoris/.ssh/id_ed25519_sk
debug1: Will attempt key: /home/BVoris/.ssh/id_xmss
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/BVoris/.ssh/id_rsa RSA SHA256:3avyBHQeTd2Z6+hDmolk1Xruozvf17RzVQpiyHxNk78
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: /home/BVoris/.ssh/id_rsa RSA SHA256:3avyBHQeTd2Z6+hDmolk1Xruozvf17RzVQpiyHxNk78
debug3: sign_and_send_pubkey: RSA SHA256:3avyBHQeTd2Z6+hDmolk1Xruozvf17RzVQpiyHxNk78
debug3: sign_and_send_pubkey: signing using rsa-sha2-512 SHA256:3avyBHQeTd2Z6+hDmolk1Xruozvf17RzVQpiyHxNk78
debug3: send packet: type 50
debug3: receive packet: type 52
debug1: Authentication succeeded (publickey).
Authenticated to nucnuc ([192.168.1.5]:22).
debug2: fd 4 setting O_NONBLOCK
debug2: fd 5 setting O_NONBLOCK
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Requesting no-more-sessions@openssh.com
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: filesystem full
debug3: receive packet: type 80
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug3: client_input_hostkeys: received RSA key SHA256:610TtueR7Py613rTTfvLIIzF301s59Du54TaRny+8AY
debug3: client_input_hostkeys: received ECDSA key SHA256:QgPfoV5abFiHsix8dPIV6m0GPZmGfm9qDunhpjlGNdg
debug3: client_input_hostkeys: received ED25519 key SHA256:3msQatZtmrJEBT16oPBGz0tSARnLP3WRPee/gMO9Zm0
debug1: client_input_hostkeys: searching /home/BVoris/.ssh/known_hosts for nucnuc / (none)
debug3: hostkeys_foreach: reading file "/home/BVoris/.ssh/known_hosts"
debug3: hostkeys_find: found ssh-ed25519 key under different name/addr at /home/BVoris/.ssh/known_hosts:24
debug3: hostkeys_find: found ssh-ed25519 key at /home/BVoris/.ssh/known_hosts:27
debug1: client_input_hostkeys: searching /home/BVoris/.ssh/known_hosts2 for nucnuc / (none)
debug1: client_input_hostkeys: hostkeys file /home/BVoris/.ssh/known_hosts2 does not exist
debug3: client_input_hostkeys: 3 server keys: 2 new, 18446744073709551615 retained, 2 incomplete match. 0 to remove
debug1: client_input_hostkeys: host key found matching a different name/address, skipping UserKnownHostsFile update
debug3: receive packet: type 91
debug2: channel_input_open_confirmation: channel 0: callback start
debug2: fd 3 setting TCP_NODELAY
debug3: set_sock_tos: set socket 3 IP_TOS 0x20
debug2: client_session2_setup: id 0
debug1: Sending subsystem: sftp
debug2: channel 0: request subsystem confirm 1
debug3: send packet: type 98
debug2: channel_input_open_confirmation: channel 0: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel 0: rcvd adjust 2097152
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: subsystem request accepted on channel 0
debug2: Remote version: 3
debug2: Server supports extension "posix-rename@openssh.com" revision 1
debug2: Server supports extension "statvfs@openssh.com" revision 2
debug2: Server supports extension "fstatvfs@openssh.com" revision 2
debug2: Server supports extension "hardlink@openssh.com" revision 1
debug2: Server supports extension "fsync@openssh.com" revision 1
Connected to nucnuc.
debug3: Sent message fd 7 T:16 I:1
debug3: SSH_FXP_REALPATH . -> /home/bvoris size 0
sftp> pwd
Remote working directory: /home/bvoris

[bagder]

libssh2/1.7.0

Released in 2016

this seems to have been fixed about a year ago.

In their git repo, yes.

Also, the latest public libssh2 release is: libssh2 1.9.0 from June 20th 2019

This seems to be purely a libssh2 issue and not a curl one...

[BrianInglis]

Working on Cygwin curl update with updated libssh2 but issue @libssh2/libssh2#597 probably due to intended Windows-only addition @libssh2/libssh2#517.
I also currently have a local build issue with 32 bit i686/x86 Cygwin packages, possibly after installing patched base Cygwin DLL to test updated outputs from /proc/{cpuinfo,swaps} virtual file system info paths.

[bagder]

Just to be very clear. This issue happens "just" because libssh2 doesn't have the proper support in a release yet, right?

In other words, when you build with current git master libssh2, does this problem still occur?

[BrianInglis]

Resolved issues and rebuilt and checked stable production with libssh2 1.9.0, also built test with latest snapshots and git master, all issues resolved, both 32 and 64 bit.
Let those folks know and thanked them, for their help.
Took maintainership of libssh2, plus libidn2, libpsl, and publicsuffix-list, updated to current, rebuilt, and released those and lib-/curl.
Asked reporting user @Ben-Voris to upgrade, retest, report.
Will ping for confirmation here and on Cygwin ML.

[BrianInglis]

Reporting user @Ben-Voris is unresponsively OoO for another fortnight back June 7.

[Ben-Voris]

This problem no longer occurs in curl 7.770 (x86_64-pc-cygwin) libssh2/1.9.0, release date 2021-05-26.

@BrianInglis Thank you for fixing this. I don't understand issue handling on a mailing list. Is there some action I should take to "close" this on the Cygwin mailing list?

[BrianInglis]

Nothing special on any mailing list. It is nice to get a reply to confirm the fix works.
What you responded with above is fine anywhere. Please just copy and post your reply to Cygwin and ref this issue. [Hope you had a good trip! @Ben-Voris]