HVR Cannot Connect to an SFTP Server After the Host Key Changed

Issue

After an SFTP server's host key changes, HVR cannot connect to the server. Other tools, such as WinSCP, connect successfully, but HVR fails with SSH errors that mention unsupported host key types, such as ssh-rsa.

Environment

• HVR 6
• Source/Target: SFTP Server
• The SFTP server only advertises ssh-rsa as its host key algorithm

Resolution

To resolve this issue, contact your SFTP provider and request that they enable one or more secure host key algorithms, such as:

• rsa-sha2-256
• rsa-sha2-512
• ecdsa
• ed25519

When the server supports a modern host key algorithm, HVR connects successfully.

If the SFTP server cannot be updated, investigate whether you can lower the OpenSSL security level to allow deprecated algorithms. However, we do not recommend this workaround because it reduces security. It may also be unavailable on Windows or unsupported in HVR installations. For more information, see OpenSSH release notes on ssh-rsa deprecation.

For HVR SFTP requirements, see File, FTP, SFTP Requirements.

Cause

This issue occurs when an SFTP server only advertises ssh-rsa as its host key algorithm after a host key change. Modern HVR builds that use libssh2 with OpenSSL 3.x disable SHA-1 (ssh-rsa) signatures by default for security reasons. Tools such as WinSCP may still connect because they handle deprecated algorithms differently or allow users to override algorithm settings.