Bugs item #3451592, was opened at 2011-12-05 10:39
Message generated for change (Comment added) made by arbab
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=3451592&group_id=976

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: SCP/SFTP
Group: wrong behaviour
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Reza Arbab (arbab)
Assigned to: Daniel Stenberg (bagder)
Summary: problem using --hostpubmd5 with sftp

Initial Comment:
### When a host is not in ~/.ssh/known_hosts, curl sftp fails as expected:
> curl sftp://root:password@linux-2mur/etc/resolv.conf
curl: (51) SSL peer certificate or SSH remote key was not OK

### Using an incorrect md5 value with --hostpubmd5 also fails as expected:
> curl --hostpubmd5 87a487deb4ce3420e3eb49f5263adbfa sftp://root:password@linux-2mur/etc/resolv.conf
curl: (51) Denied establishing ssh session: mismatch md5 fingerprint. Remote 87a487deb4ce3420e3eb49f5263adbf3 is not equal to 87a487deb4ce3420e3eb49f5263adbfa

### However, using the correct md5 value also fails. This is the bug:
> curl --hostpubmd5 87a487deb4ce3420e3eb49f5263adbf3 sftp://root:password@linux-2mur/etc/resolv.conf
curl: (51) SSL peer certificate or SSH remote key was not OK

### After adding the host to ~/.ssh/known_hosts, curl sftp works with or without --hostpubmd5:

> sftp linux-2mur
Connecting to linux-2mur...
The authenticity of host 'linux-2mur (9.53.40.189)' can't be established.
RSA key fingerprint is 87:a4:87:de:b4:ce:34:20:e3:eb:49:f5:26:3a:db:f3.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'linux-2mur,9.53.40.189' (RSA) to the list of known hosts.
Password:
sftp> quit
> curl -o resolv.conf --hostpubmd5 87a487deb4ce3420e3eb49f5263adbf3 sftp://root:password@linux-2mur/etc/resolv.conf
  % Total % Received % Xferd Average Speed Time Time Time Current
                                 Dload Upload Total Spent Left Speed
100 861 100 861 0 0 1371 0 --:--:-- --:--:-- --:--:-- 1371
> curl -o resolv.conf sftp://root:password@linux-2mur/etc/resolv.conf
  % Total % Received % Xferd Average Speed Time Time Time Current
                                 Dload Upload Total Spent Left Speed
100 861 100 861 0 0 1496 0 --:--:-- --:--:-- --:--:-- 1496
>

----------------------------------------------------------------------

>Comment By: Reza Arbab (arbab)
Date: 2011-12-05 10:41

Message:
Sorry, forgot my version info:

> curl -V
curl 7.23.1 (sh4-unknown-linux-gnu) libcurl/7.23.1 OpenSSL/0.9.8j
zlib/1.2.3 libssh2/1.3.0
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp
scp sftp smtp smtps telnet tftp
Features: IPv6 Largefile NTLM NTLM_WB SSL libz

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=3451592&group_id=976
Received on 2011-12-05