cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: libcurl and libssh2

From: Michael Wood <esiotrot_at_gmail.com>
Date: Wed, 14 Oct 2009 10:03:17 +0200

2009/10/14 Xu, Qiang (FXSGSC) <Qiang.Xu_at_fujixerox.com>:
[...]
> qxu@durian(pts/0):~/opensrc/curl-7.19.6/src[234]$ ./curl -v -u qxu:fair123 -T CMakeLists.txt sftp://13.198.98.202/scan/test.txt
> * About to connect() to 13.198.98.202 port 22 (#0)
> *   Trying 13.198.98.202... connected
> * Connected to 13.198.98.202 (13.198.98.202) port 22 (#0)
> * Failed to read known hosts from /home/qxu/.ssh/known_hosts
> * SSH host check: 2, key: <none>
> * Closing connection #0
> * SSL peer certificate or SSH remote key was not OK
>
> curl: (51) SSL peer certificate or SSH remote key was not OK
> =====================================================
> How to overcome this hosts failure?

I have never used libcurl's libssh2 support, but according to this:

http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#SSH

it looks like you can either use CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 to
specify the MD5 hash of the remote hosts key, or you can make sure the
host key is cached in the .ssh/known_hosts file.

To get the key into the known_hosts files, you can just try to run the
ssh command line tool to connect to the remote machine. It does not
seem like there is a way to do it from within libcurl, but maybe I am
wrong.

Anyway, you would need to verify that this key is correct, otherwise
you would be vulnerable to man in the middle attacks, so maybe libcurl
just thinks it's someone else's problem to get the key before telling
libcurl to connect to the remote machine.

-- 
Michael Wood <esiotrot_at_gmail.com>
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2009-10-14