cURL / Mailing Lists / curl-library / Single Mail


Re: curl+sftp+man-in-the-middle-attck.

From: Daniel Stenberg <>
Date: Sat, 15 Mar 2014 12:05:46 +0100 (CET)

On Fri, 14 Mar 2014, san d wrote:

> curl_easy_setopt(curl, CURLOPT_SSH_AUTH_TYPES, CURLSSH_AUTH_ANY);
> curl_easy_setopt(curl, CURLOPT_USERNAME, userName);
> curl_easy_setopt(curl, CURLOPT_PASSWORD, Passwd);
> curl_easy_setopt(curl, CURLOPT_KEYPASSWD, Passwd);

CURLOPT_SSH_KNOWNHOSTS perhaps? (Dan also already mentioned

>>> Does the connection establishment/negotiation happen every call to
>>> curl_easy_perform()?
>> Unless it can re-use an existing connection, yes.

> You meant if curl handle was not cleaned up.

Yes, and if the previous connection was actually left alive and that the
subsequent request is made in a way that can re-use the previous one.

If you keep using the same host, the same protocol and the same user
credentials and the server doesn't close the connection then yes it will be
re-used. The CURLOPT_VERBOSE output will tell you.

List admin:
Received on 2014-03-15