Cargo `failed to start SSH session: Unable to exchange encryption keys; class=Ssh (23)`

One of the Cargo dependencies points to a private Git repo that is accessed by an SSH key.

On Linux+ssh-agent, it works fine.

On Windows+Pageant it doesn't work:

    Updating git repository `XXX`
error: failed to get `XXX` as a dependency of package `XXX`

Caused by:
  failed to load source for dependency `XXX`

Caused by:
  Unable to update XXX

Caused by:
  failed to fetch into: XXX

Caused by:
  network failure seems to have happened
  if a proxy or similar is necessary `net.git-fetch-with-cli` may help here

Caused by:
  failed to start SSH session: Unable to exchange encryption keys; class=Ssh (23)

I'm not sure how to debug this. On Linux, I would test this via ssh git@.... On Windows though, the external ssh program is not used. Pageant is running and the key is added to it. How can I troubleshoot this please?

Correction: On Windows, I can use plink to test Pageant. plink -ssh git@... works fine, but Cargo still cannot access the repo.

Have you tried manually running git clone <ssh-uri>?

Yes, and it works because I've specifically set it up to work, but Cargo does not run the external command git. Neither does it run the external command ssh like git does (confirmed with Process Monitor which is like strace). In my case it's something wrong with Cargo's internal SSH code it looks like.

I know this can be worked around with CARGO_NET_GIT_FETCH_WITH_CLI, but I'd like to figure out why Cargo's normal mode of operation is broken and somehow fix it.

Try adding

git-fetch-with-cli = true

to your Cargo config.

Also see: Appendix: Git Authentication - The Cargo Book

Yeah, like I said, I know forcing Cargo into CLI git can be a workaround, but I'd like Cargo's normal mode of operation to work as per docs. If this is Cargo's bug perhaps I should move this to GitHub issues, I just wasn't sure.

Cargo uses libgit2, which uses libssh2, so in regards to SSH handling, Cargo does whatever that library does.

This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.