wolfSSL - Embedded SSL Library — wolfSSH

Enabling Post-Quantum (ML-KEM) support

null@example.com (tjko) — Tue, 03 Mar 2026 05:46:52 +0000

As new OpenSSH versions have started nagging about not using post-quantum safe key exchange algorithms, I decided to test enabling ML-KEM on wolfSSH.

I added following in user_settings.h:

#define WOLFSSL_HAVE_MLKEM
#define WOLFSSL_WC_MLKEM
#define WOLFSSL_SHAKE128
#define WOLFSSL_SHAKE256

And that seemed to work, as (after re-compiling) wolfSSH server started advertising two new "mlkem" algorithms:

debug2: peer server KEXINIT proposal
debug2: KEX algorithms: mlkem768x25519-sha256,mlkem768nistp256-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256
debug2: host key algorithms: ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: aes256-gcm@openssh.com,aes192-gcm@openssh.com,aes128-gcm@openssh.com
debug2: ciphers stoc: aes256-gcm@openssh.com,aes192-gcm@openssh.com,aes128-gcm@openssh.com
debug2: MACs ctos: hmac-sha2-256,hmac-sha2-512
debug2: MACs stoc: hmac-sha2-256,hmac-sha2-512
debug2: compression ctos: none
debug2: compression stoc: none

However, when trying to connect using OpenSSH client (OpenSSH_10.2p1, LibreSSL 3.3.6), connection seems to hang indefinitely in key exchange:

debug1: kex: algorithm: mlkem768x25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: aes128-gcm@openssh.com MAC:  compression: none
debug1: kex: client->server cipher: aes128-gcm@openssh.com MAC:  compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

(client hangs here...)

If I try any of the other advertised kex algorithms (curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256) connection works just fine.... (I was testing on latest 'version' pulled from github)

Wolfssh on Microchip Harmony V3 with SAME70

null@example.com (bruce.lavoie) — Mon, 27 Oct 2025 21:10:51 +0000

I'm currently working on Microchip Harmony project for a SAME70 processor and I've integrated wolfSSH into the build along with WolfSSL and WolfCrypt. In Harmony wolfssl and wolfcrypt are already included, SSH just needs to be added.

I have a successful compile and my plan is to only use the SSH server capability on the package because I don't really need SCP or SFTP. I'm also looking to use public passkey authentication.

I noticed in the WolfSSH download an application exists for Microchip in the ~/wolfssh/ide/mplabx folder. I'm able to build that application, but it doesn't seem to run out of the box. I modified the user_settings.h to exclude the filesystem and include the MICROCHIP PIC32 settings, I believe it extends to the C devices.

The project is not complete and I'm questioning if the wolfssh.c had really been tested? I'm just looking for a really good working example of an "echo server".

Any help is greatly appreciated.

SERVER_KEXINIT_SENT Error -1009

null@example.com (ajith.k) — Sat, 05 Jul 2025 15:20:08 +0000

I’m setting up an SSH server on an Integrity OS environment. However, when a client attempts to connect, the server immediately terminates the connection and logs the following error:

accept error: SERVER_KEXINIT_SENT, -1009

The client initiates the connection from a Windows terminal using the command:

ssh -vvv -i ca-key-pkcs8-attribute.der -o MACs=hmac-sha2-256 -p 2222 user@

The SSH server is running SSH-2.0-wolfSSHv1.4.20, while the client uses OpenSSH_for_Windows_9.5p1 with LibreSSL 3.8.2.

Server Log is

1970-01-01 00:08:30 [DEBUG] Leaving DoKexInit(), ret = 0

1970-01-01 00:08:30 [DEBUG] PR3: peerMacSz = 0

1970-01-01 00:08:30 [DEBUG] PR4: Shrinking input buffer

1970-01-01 00:08:30 [DEBUG] Entering ShrinkBuffer()

1970-01-01 00:08:30 [DEBUG]   buf->bufferSz = 1432

1970-01-01 00:08:30 [DEBUG]   buf->idx = 1432

1970-01-01 00:08:30 [DEBUG]   buf->length = 1432

1970-01-01 00:08:30 [DEBUG] SB: usedSz = 0, forcedFree = 1

1970-01-01 00:08:30 [DEBUG] SB: releasing dynamic buffer

1970-01-01 00:08:30 [DEBUG] Leaving ShrinkBuffer()

1970-01-01 00:08:30 [DEBUG] PR5: txCount = 464, rxCount = 1432

1970-01-01 00:08:30 [DEBUG] PR1: size = 8

1970-01-01 00:08:30 [INFO] GID: readjust size

1970-01-01 00:08:30 [DEBUG] Receive: recvd = -1

1970-01-01 00:08:30 [DEBUG] accept error: SERVER_KEXINIT_SENT, -1009

1970-01-01 00:08:30 [DEBUG] Entering wolfSSH_get_error_name()

1970-01-01 00:08:30 [DEBUG] Entering wolfSSH_free()

1970-01-01 00:08:30 [DEBUG] Entering sshResourceFree()

1970-01-01 00:08:30 [DEBUG] Entering ShrinkBuffer()

1970-01-01 00:08:30 [DEBUG]   buf->bufferSz = 16

1970-01-01 00:08:30 [DEBUG]   buf->idx = 0

1970-01-01 00:08:30 [DEBUG]   buf->length = 0

1970-01-01 00:08:30 [DEBUG] SB: usedSz = 0, forcedFree = 1

1970-01-01 00:08:30 [DEBUG] Leaving ShrinkBuffer()

The client log is

debug3: order_hostkeyalgs: no algorithms matched; accept original
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
Bad packet length 825833264.
debug2: sshpkt_disconnect: sending SSH2_MSG_DISCONNECT: Packet corrupt
debug3: send packet: type 1
ssh_dispatch_run_fatal: Connection to  port 2222: message authentication code incorrect

wolfSSH Authentication Callback behavior

null@example.com (tjko) — Mon, 30 Jun 2025 20:19:10 +0000

When experimenting with wolfSSH on RP2040 MCU, I noticed couple things.

It seems "UserAuthResult" callback (set using wolfSSH_SetUserAuthResult()) doesn't always get called. It gets called when client is authenticating using "publickey" authentication, but seems like it does not get called at all when "password" authentication is used by client. This seems like a bug? (Or is there another way to easily track successful/failed logins?)

Looking src/internal.c, it seems callback is only called from DoUserAuthRequestPublicKey() function, so that seems to explain why it does not get called at all, if other type authentication is being used....

Another "odd" thing I noticed is with the "UserAuth" callback (set using wolfSSH_SetUserAuth()). I see it getting called twice when public key authentication succeeds...

Example (debug logs from server side):

user_auth_cb(8,20041918,20024E10): 2
user_auth_cb(2,20041AA0,20024E10): 6
user_auth_cb(2,20041870,20024E10): 0
user_auth_cb(2,20041AB8,20024E10): 0
user_auth_result_cb(0,20041AB8,20024E10): OK

Client log (OpenSSH):

debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/test/.ssh/id_rsa
debug1: Offering public key: /home/test/.ssh/id_ecdsa ECDSA SHA256:lHQBcPRpky2hfMiffYnoVfCww9XL/XC0JZ8CGaPLYCM
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/test/.ssh/id_ecdsa_sk
debug1: Offering public key: /home/test/.ssh/id_ed25519 ED25519 SHA256:NZHx/BI7BCGUS2WVIG+qdrwd/YaH8xk8GgN19L/QJdg
debug1: Server accepts key: /home/test/.ssh/id_ed25519 ED25519 SHA256:NZHx/BI7BCGUS2WVIG+qdrwd/YaH8xk8GgN19L/QJdg
Authenticated to 192.168.4.17 ([192.168.4.17]:22) using "publickey".
debug1: channel 0: new session [client-session] (inactive timeout: 0)
debug1: Entering interactive session.
debug1: pledge: filesystem
debug1: Sending environment.
debug1: channel 0: setting env LANG = "en_US.UTF-8"
debug1: channel 0: setting env LC_ALL = "en_US.UTF-8"

However, when client uses password authentication there is no "second" call to callback function after successful authentication...

Server side:

user_auth_cb(8,20041870,20024E10): 2
user_auth_cb(2,20041AA8,20024E10): 6
user_auth_cb(2,20041858,20024E10): 6
user_auth_cb(1,20041AC0,20024E10): 0

(notice, the "UserAuthResult" callback did not get called at all...)

Client side:

debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/test/.ssh/id_rsa
debug1: Offering public key: /home/test/.ssh/id_ecdsa ECDSA SHA256:lHQBcPRpky2hfMiffYnoVfCww9XL/XC0JZ8CGaPLYCM
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/test/.ssh/id_ecdsa_sk
debug1: Offering public key: /home/test/.ssh/id_ed25519 ED25519 SHA256:NZHx/BI7BCGUS2WVIG+qdrwd/YaH8xk8GgN19L/QJdg
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/test/.ssh/id_ed25519_sk
debug1: Trying private key: /home/test/.ssh/id_xmss
debug1: Trying private key: /home/test/.ssh/id_dsa
debug1: Next authentication method: password
admin@192.168.4.17's password: 
Authenticated to 192.168.4.17 ([192.168.4.17]:22) using "password".
debug1: channel 0: new session [client-session] (inactive timeout: 0)
debug1: Entering interactive session.
debug1: pledge: filesystem
debug1: Sending environment.
debug1: channel 0: setting env LANG = "en_US.UTF-8"
debug1: channel 0: setting env LC_ALL = "en_US.UTF-8"

Error on compiling

null@example.com (fredwolff) — Thu, 20 Feb 2025 19:49:21 +0000

Hello,

Thank you for your work and ressources.

I try to compile and test your ssh delivery following instructions you prepared on old macbook pro running macos Big Sur 11.7.10.

I started
to clone wolfssl
to build it following autotools steps with success I guess
to clone solfssh
to build it with same steps

But I get the following in the compiling step triggered by make:

wolfssh % make             
/Applications/Xcode.app/Contents/Developer/usr/bin/make -j9  all-am
  CC       src/libwolfssh_la-internal.lo
  CC       examples/client/client.o
  CC       examples/client/common.o
  CC       src/libwolfssh_la-ssh.lo
  CC       src/libwolfssh_la-log.lo
  CC       src/libwolfssh_la-port.lo
  CC       src/libwolfssh_la-io.lo
  CC       src/libwolfssh_la-wolfterm.lo
  CC       examples/echoserver/echoserver-echoserver.o
src/internal.c:2215:15: error: implicit declaration of function 'wc_SSH_KDF' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
        ret = wc_SSH_KDF(hashId, keyId, key, keySz,
              ^
1 error generated.
make[1]: *** [src/libwolfssh_la-internal.lo] Error 1
make[1]: *** Waiting for unfinished jobs....
make: *** [all] Error 2

MobaXterm connect to WolfSSH SFTP

null@example.com (riker) — Fri, 27 Sep 2024 00:23:31 +0000

I am using WolfSSH (1.4.17) connect to MobaXterm (V24.2) SFTP server.
But authentication fail!
Old WolfSSH (1.4.3) is ok.

Then check WolfSSH debug log, shows:
>> DoKexDhReply: Signature Verify fail (-229)
>> Leaving DoKeyDhRelay(), ret = -1018

Check the error code -1018, is WS_RSA_E,
RSA signature fail, but why?

WolfSSH as a generic sshd service (alternative to OpenSSH server)

null@example.com (forza) — Wed, 03 Jul 2024 19:31:45 +0000

Hi,

I am investigating using wolfSSH as an alternative to OpenSSH server on my systems. Unfortunately it isn't packaged yet so I am building wolfSSL and wolfSSH from git sources.

I am able to run wolfsshd with a minor sshd_config that i took from the test unit.

There doesn't seem to be any official documentation on the wolfsshd itself. The manual at https://www.wolfssl.com/documentation/m … ter03.html simply says "This tool is a place holder." which makes me think that the server part is more of an example of how the wolfSSH library could be implemented?

I am also not sure if a key gen tool should be available. I built ssl and ssh with --enable-all as well as with --enable-keygen specifically, but no keygen tool is created. It means that I had to create host keys using the openssh key-gen tool 'ssh-keygen -t rsa -b 2048 -f server-key.pem -m PEM'

This is the configure output:

---
Configuration summary for wolfssh version 1.4.17
   * Installation prefix:       /opt/wolfssh
   * System type:               pc-linux-gnu
   * Host CPU:                  x86_64
   * C Compiler:                gcc
   * C Flags:                   -O2 -march=native -Wno-pragmas -Wall -Wno-strict-aliasing -Wextra -Wunknown-pragmas --param=ssp-buffer-size=1 -Waddress -Warray-bounds -Wbad-function-cast -Wchar-subscripts -Wcomment -Wfloat-equal -Wformat-security -Wformat=2 -Wmaybe-uninitialized -Wmissing-field-initializers -Wmissing-noreturn -Wmissing-prototypes -Wnested-externs -Wnormalized=id -Woverride-init -Wpointer-arith -Wpointer-sign -Wredundant-decls -Wshadow -Wsign-compare -Wstrict-overflow=1 -Wstrict-prototypes -Wswitch-enum -Wundef -Wunused -Wunused-result -Wunused-variable -Wwrite-strings -fwrapv
   * CPP Flags:                 -I/opt/wolfssl/include
   * Linker Flags:              -L/opt/wolfssl/lib
   Features
   * Inline Code:               yes
   * Small stack:               no
   * keygen:                    yes
   * psuedo-terminal:           yes
   * echoserver shell support:  yes
   * scp:                       yes
   * sftp:                      yes
   * sshd:                      yes
   * ssh client:                yes
   * agent:                     yes
   * TCP/IP Forwarding:         yes
   * X.509 Certs:               yes
   * Examples:                  yes
   * liboqs Integration:        no

This is output from make:

make[1]: Entering directory '/usr/src/wolf/wolfssh/wolfssh-1.4.17-stable'
  CC       apps/wolfsshd/test/test_configuration-test_configuration.o
  CC       apps/wolfssh/wolfssh.o
  CC       apps/wolfssh/common.o
  CC       src/libwolfssh_la-ssh.lo
  CC       src/libwolfssh_la-internal.lo
  CC       src/libwolfssh_la-log.lo
  CC       src/libwolfssh_la-io.lo
  CC       src/libwolfssh_la-port.lo
  CC       src/libwolfssh_la-keygen.lo
  CC       src/libwolfssh_la-wolfscp.lo
  CC       src/libwolfssh_la-wolfsftp.lo
  CC       src/libwolfssh_la-agent.lo
  CC       src/libwolfssh_la-certman.lo
  CC       apps/wolfsshd/wolfsshd.o
  CC       apps/wolfsshd/configuration.o
  CC       apps/wolfsshd/auth.o
  CC       apps/wolfsshd/test_test_configuration-configuration.o
  CC       examples/client/client.o
  CC       apps/wolfsshd/test_test_configuration-auth.o
  CC       examples/client/common.o
  CC       examples/echoserver/echoserver-echoserver.o
  CC       examples/portfwd/portfwd.o
  CC       examples/sftpclient/sftpclient.o
  CC       examples/scpclient/scpclient.o
  CC       tests/unit_test-unit.o
  CC       tests/api_test-api.o
  CC       examples/echoserver/tests_api_test-echoserver.o
  CC       tests/testsuite_test-testsuite.o
  CC       tests/testsuite_test-sftp.o
  CC       examples/echoserver/tests_testsuite_test-echoserver.o
  CC       examples/client/tests_testsuite_test-client.o
  CC       examples/client/tests_testsuite_test-common.o
  CC       examples/sftpclient/tests_testsuite_test-sftpclient.o
  CCLD     src/libwolfssh.la
  CCLD     apps/wolfsshd/wolfsshd
  CCLD     apps/wolfssh/wolfssh
  CCLD     apps/wolfsshd/test/test_configuration
  CCLD     examples/client/client
  CCLD     examples/echoserver/echoserver
  CCLD     examples/portfwd/portfwd
  CCLD     examples/sftpclient/wolfsftp
  CCLD     examples/scpclient/wolfscp
  CCLD     tests/unit.test
  CCLD     tests/api.test
  CCLD     tests/testsuite.test
make[1]: Leaving directory '/usr/src/wolf/wolfssh/wolfssh-1.4.17-stable'

How to compile wolfSSH without multi-threading?

null@example.com (medyuuna) — Sun, 30 Jun 2024 13:28:54 +0000

I'm trying to compile wolfSSH without multi-threading, and when I used the --enable-singlethreaded flag while compiling wolfSSL, now when I try to build wolfSSH I receieve the error:

In file included from tests/testsuite.c:41:
./wolfssh/test.h:954:32: error: unknown type name ‘THREAD_CB’; did you mean ‘THREAD_TYPE’?
954 | static INLINE void ThreadStart(THREAD_CB fun, void* args, THREAD_TYPE* thread)
| ^~~~~~~~~
| THREAD_TYPE
./wolfssh/test.h: In function ‘ThreadJoin’:
./wolfssh/test.h:961:11: error: implicit declaration of function ‘wolfSSL_JoinThread’ [-Werror=implicit-function-declaration]
961 | (void)wolfSSL_JoinThread(thread);
| ^~~~~~~~~~~~~~~~~~
./wolfssh/test.h:961:11: error: nested extern declaration of ‘wolfSSL_JoinThread’ [-Werror=nested-externs]

Any idea on how I can compile wolfSSH without multi-threading?

[SOLVED] Problem with long hashing time

null@example.com (machura.piotrek) — Mon, 13 May 2024 10:02:34 +0000

Hello,

I somehow managed to run ssh demo server without RTOS with LWIP raw api on STM32F429 (172MHz).
Unfortunately this CPU hasn't got CRYPT/HASH modules.
I notice that the handshake procedure takes over 3s before the login prompt and my superloop is blocked then.
Is it possible to change something in configuration to lower that time? Use smaller keys or something.

This is a log from wolfSSH. First column in the log is a sysTick value. You can see how much time SendKexDhReply() takes.

125235 Decoding MSGID_KEXDH_INIT
125238 Entering SendKexDhReply()
127438 Signing hash with ecdsa-sha2-nistp256.
128545 BP: paddingSz = 9
128547 CreateMac none
128549 Encrypt none
128551 Entering SendNewKeys()
128554 BP: paddingSz = 10
128557 CreateMac none
128559 Encrypt none
128561 SNK: using cipher aes-cbc
128564 Entering wolfSSH_SendPacket()

Unfortunately I can't attach whole log file here. (The server was unable to save the uploaded file. Please contact the forum administrator at support@wolfssl.com.)

Greetings
Piotr

Wolfssh interface with microchip pic32MZ microcontroller

null@example.com (keyankarthi2012a) — Thu, 28 Dec 2023 05:41:58 +0000

Hello everyone.,
I am trying to implement a ssh client in microchip pic32mz microcontroller to communicate with a ssh server for my application. From PC itself I have communicated with ssh sever using libssh library. Now I want to communicate from that microcontroller. But libssh is a large data size. I knew that wolfssh is a lightweight one and it will support pic32mz. But what is the process to link that library. I have a no idea. Pls suggest to achieve the above.

Thank you,
Karthikeyan.

wolfSSH_SFTP_connect does not return if username/password incorrect

null@example.com (jonathan.gebbie) — Mon, 25 Sep 2023 11:24:46 +0000

I'm trying to get a very simple SFTP client runnning, based on the example SFTP client in wolfSSH.
I'm currently using just username and password to log in (no SSH keys or certificates etc).
I need the client code to return an error if it can't connect because of incorrect username/password, but wolfSSH_SFTP_connect doesn't ever return if username/password is incorrect - there seems to be no timeout.
The example SFTP client does this.
How can I modify it so it returns an error on login failure?

Using FreeRTOS-FAT as user filesystem

null@example.com (andrew.lumsden) — Tue, 11 Apr 2023 14:22:42 +0000

As the title suggests I'm trying to use the FreeRTOS-FAT file system as a user provided filesystem for a ssh/scp server built with wolfssl/ssh.

I'm struggling to source the WOPENDIR, WREADDIR, WCLOSEDIR functions as equivalents are not provided in FreeRTOS-FAT as far as I can tell.

Does anyone have some good suggestions on how to get around this issue? Are these functions required? I noticed there is a WOLFSSH_NO_DIR option, but I'm not sure what the implications are when using a filesystem, and if it's useful for solving this issue.

Any help/tips would be very much appreciated.

[SOLVED] WS_OVERFLOW_E when using wolfSSH_connect() with epoll

null@example.com (testwolverinebagel) — Wed, 22 Mar 2023 17:10:16 +0000

Hey,

I'm having trouble figuring out how to use wolfSSH_connect() with epoll. wolfSSH_connect() is called again on every EPOLLIN/EPOLLOUT event if the previous call to the function returned WS_WANT_READ/WS_WANT_WRITE. But I always get an WS_OVERFLOW_E error after the server sent his DH Key Exchange Reply.

It works if I add a delay of about 100ms after (not before!) the call to wolfSSH_connect(), but that somehow defeats the purpose of using non-blocking sockets.

Am I using the function in a wrong way?

Wolfsftp from wolfssh cannot send/receive large files !

null@example.com (yass007) — Wed, 11 Aug 2021 10:12:55 +0000

Hello everyone,

I have implemented wolfsftp server on my embedded system and I am using FatFS as filesystem.
Everyting is working fine with little files about 5 KiloBytes.

However, when I try to send/receive a file with about 3 Megabytes size I get the following error message on Filezilla client:

FATAL ERROR: Network error: Software caused connection abort

Is there a Define or a parameter to be configured on wolfssh in order to make it able to handle larger files.

Thank you so much.

freeRTOS SFTP server

null@example.com (rr9mvp) — Mon, 26 Jul 2021 09:28:05 +0000

Hi.
Is there any example of a SFTP server running on freeRTOS+TCP? I have to point that I'm not using POSIX API of freeRTOS, so I can not use examples on wolfSSH Git because of their dependencies on lots of POSIX libraries.

Thanks in advance.