Hi Luke,
Thanks for the fast response.
On Sat, Sep 19, 2009 at 11:14:35AM -0500, Luke Dashjr wrote:
> On Saturday 19 September 2009 10:57:43 am Gary V. Vaughan wrote:
> > Now that I think about it, isn't this a bug (tweaking the script
> > from my last post slightly)?
>
> No. The entire security of SSH/SFTP/SSL comes from having the public key.
> If you just trust whatever key it sends, it is vulnerable to
> man-in-the-middle
> attacks.
So I should be passing the public key of the remote host to libcurl,
and not the public part of the private key I'm using to authenticate?
Cheers,
Gary
PS is this list moderated? It takes me 2 or 3 sends of any message
until I see one actually reflected back on the list.. I'm Bcc:ing
my gmail account with each copy, and those are turning up fine, so
I'm pretty sure it's not a problem at my end.
--
Gary V. Vaughan ([email protected])
