diff --git a/src/libs/utils/ssh/sshconnection.cpp b/src/libs/utils/ssh/sshconnection.cpp
index 9d90b8d39af..2ccc18b2647 100644
--- a/src/libs/utils/ssh/sshconnection.cpp
+++ b/src/libs/utils/ssh/sshconnection.cpp
@@ -605,6 +605,12 @@ void SshConnectionPrivate::handleTimeout()
 
 void SshConnectionPrivate::sendKeepAlivePacket()
 {
+    // This type of message is not allowed during key exchange.
+    if (m_keyExchangeState != NoKeyExchange) {
+        m_keepAliveTimer.start();
+        return;
+    }
+
     Q_ASSERT(m_lastInvalidMsgSeqNr == InvalidSeqNr);
     m_lastInvalidMsgSeqNr = m_sendFacility.nextClientSeqNr();
     m_sendFacility.sendInvalidPacket();
diff --git a/src/libs/utils/ssh/sshpacket_p.h b/src/libs/utils/ssh/sshpacket_p.h
index fab9243b9cc..8a107a64d3a 100644
--- a/src/libs/utils/ssh/sshpacket_p.h
+++ b/src/libs/utils/ssh/sshpacket_p.h
@@ -68,6 +68,8 @@ enum SshPacketType {
     SSH_MSG_REQUEST_SUCCESS = 81,
     SSH_MSG_REQUEST_FAILURE = 82,
 
+    // TODO: We currently take no precautions against sending these messages
+    //       during a key re-exchange, which is not allowed.
     SSH_MSG_CHANNEL_OPEN = 90,
     SSH_MSG_CHANNEL_OPEN_CONFIRMATION = 91,
     SSH_MSG_CHANNEL_OPEN_FAILURE = 92,