2009/10/14 Xu, Qiang (FXSGSC) <[email protected]>: [...] > q...@durian(pts/0):~/opensrc/curl-7.19.6/src[234]$ ./curl -v -u qxu:fair123 > -T CMakeLists.txt sftp://13.198.98.202/scan/test.txt > * About to connect() to 13.198.98.202 port 22 (#0) > * Trying 13.198.98.202... connected > * Connected to 13.198.98.202 (13.198.98.202) port 22 (#0) > * Failed to read known hosts from /home/qxu/.ssh/known_hosts > * SSH host check: 2, key: <none> > * Closing connection #0 > * SSL peer certificate or SSH remote key was not OK > > curl: (51) SSL peer certificate or SSH remote key was not OK > ===================================================== > How to overcome this hosts failure?
I have never used libcurl's libssh2 support, but according to this: http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#SSH it looks like you can either use CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 to specify the MD5 hash of the remote hosts key, or you can make sure the host key is cached in the .ssh/known_hosts file. To get the key into the known_hosts files, you can just try to run the ssh command line tool to connect to the remote machine. It does not seem like there is a way to do it from within libcurl, but maybe I am wrong. Anyway, you would need to verify that this key is correct, otherwise you would be vulnerable to man in the middle attacks, so maybe libcurl just thinks it's someone else's problem to get the key before telling libcurl to connect to the remote machine. -- Michael Wood <[email protected]> ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
