cURL / Mailing Lists / curl-library / Single Mail

curl-library

RE: Problem authenticating with DSA key using SFTP and CURL

From: Alvaro Palma <Alvaro.Palma_at_synopsys.com>
Date: Wed, 30 Nov 2011 11:36:39 -0800

>> But in the other hand, libCURL is not capable to use the RSA key. I made the test, remove temporarily the DSA key from ~/.ssh and the error changed:
>>
>> * About to connect() to REMOTE_SERVER port 22 (#0)
>> * Trying 10.12.198.52... * connected
>> * SSH authentication methods available: publickey,gssapi-with-mic,password
>> * Using ssh public key file /remote/home/alvaro/.ssh/id_dsa.pub
>> * Using ssh private key file /remote/home/alvaro/.ssh/id_dsa
>> * SSH public key authentication failed: Unable to open public key file
>> * Authentication failure
>> * Closing connection #0

> I've never had a problem using RSA keys. Try the --key and --pubkey options
> to specify explictly the files you want. Note that both are required.

Hi, thanks for the tip, however, they didn't work :-(

BTW, I'm using libCURL, not the binary. But just to be sure, I forced the usage of the RSA keys in my app:

std::string szPrivKey(getenv("HOME"));
szPrivKey += "/.ssh/id_dsa";
curlCode = curl_easy_setopt(pCurl, CURLOPT_SSH_PRIVATE_KEYFILE, szPrivKey.c_str());
if(curlCode != CURLE_OK)
std::cerr << "Couldn't set fragments transference options: " << curl_easy_strerror(curlCode) << " -> " << pErrorBuffer <<std::endl;

std::string szPubKey(getenv("HOME"));
szPubKey += "/.ssh/id_dsa.pub";
curlCode = curl_easy_setopt(pCurl, CURLOPT_SSH_PUBLIC_KEYFILE, szPubKey.c_str());
if(curlCode != CURLE_OK)
std::cerr << "Couldn't set fragments transference options: " << curl_easy_strerror(curlCode) << " -> " << pErrorBuffer <<std::endl;

But still no success:

* Using ssh public key file /remote/home/alvaro/.ssh/id_rsa.pub
* Using ssh private key file /remote/home/alvaro/.ssh/id_rsa
* SSH public key authentication failed: Username/PublicKey combination invalid

I also tried one more time setting explicitly the DSA keys (not just using them by default as before), no luck either:

* Using ssh public key file /remote/home/alvaro/.ssh/id_dsa.pub
* Using ssh private key file /remote/home/alvaro/.ssh/id_dsa
* SSH public key authentication failed: Username/PublicKey combination invalid

In fact, using CURL as a binary doesn't work either:

[16:31 alvarop_at_LOCAL_HOST ~]% ~/bin/curl --version
curl 7.23.1 (x86_64-unknown-linux-gnu) libcurl/7.23.1 OpenSSL/0.9.7a zlib/1.2.3 libidn/0.5.6 libssh2/1.3.0
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp
Features: IDN IPv6 Largefile NTLM NTLM_WB SSL libz

1.- Using DSA key:

[16:31 alvarop@LOCAL_SERVER ~]% ~/bin/curl -v -T transfer.log sftp://REMOTE_SERVER/~ --key ~/.ssh/id_dsa --pubkey ~/.ssh/id_dsa.pub
* About to connect() to REMOTE_SERVER port 22 (#0)
* Trying 10.12.198.52... % Total % Received % Xferd Average Speed Time Time Time Current
                                 Dload Upload Total Spent Left Speed
  0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0connected
  0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* SSH host check: 0, key: AAAAB3NzaC1yc2EAAAABIwAAAIEA85XF6V98F0pxBIophM2AvQnCgcdZWwVvulYfYjhWvxc/3b6r+sGHjCKRIZQLM7Hpjcy4iM+1WPDUVWfyNUQ62qFWWcWnC8QQuF+WB4i00j2BLinHirExMbA4fsVJMHgWhWidQp4mATxLzAlzAKCzW8r55i1vyk8VWcep8sGeZD8=
* SSH authentication methods available: publickey,gssapi-with-mic,password
* Using ssh public key file /remote/home/alvaro/.ssh/id_dsa.pub
* Using ssh private key file /remote/home/alvaro/.ssh/id_dsa
* SSH public key authentication failed: Username/PublicKey combination invalid
* Authentication failure
* Closing connection #0
curl: (67) Authentication failure

2.- Using RSA key:

[16:31 alvarop@LOCAL_SERVER ~]% ~/bin/curl -v -T transfer.log sftp://REMOTE_SERVER/~ --key ~/.ssh/id_rsa --pubkey ~/.ssh/id_rsa.pub
* About to connect() to REMOTE_SERVER port 22 (#0)
* Trying 10.12.198.52... % Total % Received % Xferd Average Speed Time Time Time Current
                                 Dload Upload Total Spent Left Speed
  0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0connected
  0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* SSH host check: 0, key: AAAAB3NzaC1yc2EAAAABIwAAAIEA85XF6V98F0pxBIophM2AvQnCgcdZWwVvulYfYjhWvxc/3b6r+sGHjCKRIZQLM7Hpjcy4iM+1WPDUVWfyNUQ62qFWWcWnC8QQuF+WB4i00j2BLinHirExMbA4fsVJMHgWhWidQp4mATxLzAlzAKCzW8r55i1vyk8VWcep8sGeZD8=
* SSH authentication methods available: publickey,gssapi-with-mic,password
* Using ssh public key file /remote/home/alvaro/.ssh/id_rsa.pub
* Using ssh private key file /remote/home/alvaro/.ssh/id_rsa
* SSH public key authentication failed: Username/PublicKey combination invalid
  0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0* Authentication failure
* Closing connection #0
curl: (67) Authentication failure

Any ideas?!?!?

------------
Att.
Alvaro Palma

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2011-11-30

This message: [ Message body ]
Next message: Dan Fandrich: "Re: Problem authenticating with DSA key using SFTP and CURL"
Previous message: Steve Holme: "[PATCH] POP3: fixed escaped dot not being striped out=0A="
In reply to: Dan Fandrich: "Re: Problem authenticating with DSA key using SFTP and CURL"
Next in thread: Dan Fandrich: "Re: Problem authenticating with DSA key using SFTP and CURL"
Reply: Dan Fandrich: "Re: Problem authenticating with DSA key using SFTP and CURL"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]