cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Why does libcurl need the public key for SFTP auth anyway?

From: Luke Dashjr <luke_at_openmethods.com>
Date: Sat, 19 Sep 2009 11:14:35 -0500

On Saturday 19 September 2009 10:57:43 am Gary V. Vaughan wrote:
> Now that I think about it, isn't this a bug (tweaking the script
> from my last post slightly)?

No. The entire security of SSH/SFTP/SSL comes from having the public key.
If you just trust whatever key it sends, it is vulnerable to man-in-the-middle
attacks.
Received on 2009-09-19

This message: [ Message body ]
Next message: Joshua Kwan: "Re: Possible libcurl bugs"
Previous message: Gary V. Vaughan: "Why does libcurl need the public key for SFTP auth anyway?"
In reply to: Gary V. Vaughan: "Why does libcurl need the public key for SFTP auth anyway?"
Next in thread: Gary V. Vaughan: "Re: Why does libcurl need the public key for SFTP auth anyway?"
Reply: Gary V. Vaughan: "Re: Why does libcurl need the public key for SFTP auth anyway?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]