cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Why does libcurl need the public key for SFTP auth anyway?

From: Albert Chin <curl-library_at_mlists.thewrittenword.com>
Date: Sun, 20 Sep 2009 09:38:25 -0500

On Sat, Sep 19, 2009 at 07:41:27PM +0000, Gary V. Vaughan wrote:
> On Sat, Sep 19, 2009 at 11:14:35AM -0500, Luke Dashjr wrote:
> > On Saturday 19 September 2009 10:57:43 am Gary V. Vaughan wrote:
> > > Now that I think about it, isn't this a bug (tweaking the script
> > > from my last post slightly)?
> >
> > No. The entire security of SSH/SFTP/SSL comes from having the public
> > key. If you just trust whatever key it sends, it is vulnerable to
> > man-in-the-middle attacks.
>
> So I should be passing the public key of the remote host to libcurl,
> and not the public part of the private key I'm using to authenticate?

All curl should need is the private key and the public key of the host.
That's all ssh needs.

-- 
albert chin (china_at_thewrittenword.com)

Received on 2009-09-20

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: Question regarding correct libcurl's license usage"
Previous message: Diego Massanti: "Question regarding correct libcurl's license usage"
In reply to: Gary V. Vaughan: "Re: Why does libcurl need the public key for SFTP auth anyway?"
Next in thread: Gary V. Vaughan: "Re: Why does libcurl need the public key for SFTP auth anyway?"
Reply: Gary V. Vaughan: "Re: Why does libcurl need the public key for SFTP auth anyway?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]