Menu
▾
▴
#1336 SCP login failure on Windows XP
Curl version: 7.35.0
I set up the SSHd service (using Cygwin) on my Windows XP system 10.10.16.96.
- When I used "scp" to download a file from the Windows box, I did not have any problem:
$ scp mnguyen@10.10.16.96:/home/mnguyen/test /tmp
mnguyen@10.10.16.96's password:
test 100% 16 0.0KB/s 00:00
- However, when I used "curl" to download the same file, I got errors:
$ ./curl -v -u mnguyen scp://10.10.16.96/home/mnguyen/test
Enter host password for user 'mnguyen':
Hostname was NOT found in DNS cache
Trying 10.10.16.96...
Connected to 10.10.16.96 (10.10.16.96) port 22 (#0)
SSH MD5 fingerprint: 28c9ed920380957018d758608272e6dd
SSH host check: 2, key:
curl: (51) SSL peer certificate or SSH remote key was not OK
Should "curl" use the same key defined in .ssh/known_hosts (as "scp" used)?
Note that I don't have any problem using "curl" to download a file from a Linux system.
Are you saying that the same known_hosts file works on Linux but not on Windows? Did curl find the known_hosts file in the windows case?
Hi,
To clarify my description of the problem, I tried to use "curl" to download a file from Windows to Linux.
Since it did not work, I tried the Linux utility "scp" to download the file from Windows to Linux to verify that the Windows host is available for file transfer via scp, and it worked.
Looking at the error message from "curl", it was related to the SSH/SSL key. That was unexpected since "scp" did not have any problem using the key for the Windows host in known_hosts file on the Linux system. Should "curl" use the same key generated for the Windows host in the known_hosts file?
From the "curl" verbose output, I did not see any indication that "curl" did not find the known_hosts file.
Thanks,
M. Nguyen
From: Daniel Stenberg [mailto:bagder@users.sf.net]
Sent: Thursday, February 20, 2014 1:36 AM
To: [curl:bugs]
Subject: [curl:bugs] #1336 Failed to download file from a Windows XP system
Are you saying that the same known_hosts file works on Linux but not on Windows? Did curl find the known_hosts file in the windows case?
[bugs:#1336]http://sourceforge.net/p/curl/bugs/1336/ Failed to download file from a Windows XP system
Status: open
Created: Wed Feb 19, 2014 09:45 PM UTC by Minh Nguyen
Last Updated: Wed Feb 19, 2014 09:45 PM UTC
Owner: Daniel Stenberg
Curl version: 7.35.0
I set up the SSHd service (using Cygwin) on my Windows XP system 10.10.16.96.
$ scp mnguyen@10.10.16.96:/home/mnguyen/testmnguyen@10.10.16.96:/home/mnguyen/test /tmp
mnguyen@10.10.16.96'smnguyen@10.10.16.96's password:
test 100% 16 0.0KB/s 00:00
$ ./curl -v -u mnguyen scp://10.10.16.96/home/mnguyen/test
Enter host password for user 'mnguyen':
Hostname was NOT found in DNS cache
Trying 10.10.16.96...
Connected to 10.10.16.96 (10.10.16.96) port 22 (#0)
SSH MD5 fingerprint: 28c9ed920380957018d758608272e6dd
SSH host check: 2, key:
Closing connection 0
curl: (51) SSL peer certificate or SSH remote key was not OK
Should "curl" use the same key defined in .ssh/known_hosts (as "scp" used)?
Note that I don't have any problem using "curl" to download a file from a Linux system.
Sent from sourceforge.net because you indicated interest in https://sourceforge.net/p/curl/bugs/1336/
To unsubscribe from further messages, please visit https://sourceforge.net/auth/subscriptions/
Related
Bugs:
#1336Does it work if you give the -k option?
It still did not work with -k option, it quit after the line "...left intact":
$ ./curl -v -k -u mnguyen scp://10.10.16.96/home/mnguyen/test /tmp
Enter host password for user 'mnguyen':
Hostname was NOT found in DNS cache
Trying 10.10.16.96...
Connected to 10.10.16.96 (10.10.16.96) port 22 (#0)
SSH MD5 fingerprint: 28c9ed920380957018d758608272e6dd
SSH authentication methods available: publickey,password,keyboard-interactive
Using ssh public key file /mnt/storage/home/mnguyen/.ssh/id_dsa.pub
Using ssh private key file /mnt/storage/home/mnguyen/.ssh/id_dsa
SSH public key authentication failed: Username/PublicKey combination invalid
Initialized password authentication
Authentication complete
SSH CONNECT phase done
Connection #0 to host 10.10.16.96 left intact
Thanks!
From: Dan Fandrich [mailto:dfandrich@users.sf.net]
Sent: Saturday, February 22, 2014 6:37 AM
To: [curl:bugs]
Subject: [curl:bugs] #1336 Failed to download file from a Windows XP system
Does it work if you give the -k option?
[bugs:#1336]http://sourceforge.net/p/curl/bugs/1336/ Failed to download file from a Windows XP system
Status: open
Created: Wed Feb 19, 2014 09:45 PM UTC by Minh Nguyen
Last Updated: Thu Feb 20, 2014 09:35 AM UTC
Owner: Daniel Stenberg
Curl version: 7.35.0
I set up the SSHd service (using Cygwin) on my Windows XP system 10.10.16.96.
$ scp mnguyen@10.10.16.96:/home/mnguyen/testmnguyen@10.10.16.96:/home/mnguyen/test /tmp
mnguyen@10.10.16.96'smnguyen@10.10.16.96's password:
test 100% 16 0.0KB/s 00:00
$ ./curl -v -u mnguyen scp://10.10.16.96/home/mnguyen/test
Enter host password for user 'mnguyen':
Hostname was NOT found in DNS cache
Trying 10.10.16.96...
Connected to 10.10.16.96 (10.10.16.96) port 22 (#0)
SSH MD5 fingerprint: 28c9ed920380957018d758608272e6dd
SSH host check: 2, key:
Closing connection 0
curl: (51) SSL peer certificate or SSH remote key was not OK
Should "curl" use the same key defined in .ssh/known_hosts (as "scp" used)?
Note that I don't have any problem using "curl" to download a file from a Linux system.
Sent from sourceforge.net because you indicated interest in https://sourceforge.net/p/curl/bugs/1336/
To unsubscribe from further messages, please visit https://sourceforge.net/auth/subscriptions/
Related
Bugs:
#1336That looks like a successful log to me. That's what you would expect to see if it transferred a zero-length file. Keep in mind that curl is not a drop-in replacement for scp. It transfers file to stdout by default, and doesn't take a destination directory argument.
Hi,
Yes it did work when I tried a different non-empty file. Thanks for pointing this out!
However, my follow-up question is that this "-k" option basically uses insecure SSL transfers.
Could you help suggest why curl would fail the secure transfer (without -k option) in my case?
Also, could you tell me which libcurl set up (i.e. curl_easy_setopt()) is equivalent to the "-k" option of the command line curl?
Thanks,
M. Nguyen
From: Dan Fandrich [mailto:dfandrich@users.sf.net]
Sent: Monday, February 24, 2014 12:46 PM
To: [curl:bugs]
Subject: [curl:bugs] #1336 Failed to download file from a Windows XP system
That looks like a successful log to me. That's what you would expect to see if it transferred a zero-length file. Keep in mind that curl is not a drop-in replacement for scp. It transfers file to stdout by default, and doesn't take a destination directory argument.
[bugs:#1336]http://sourceforge.net/p/curl/bugs/1336/ Failed to download file from a Windows XP system
Status: open
Created: Wed Feb 19, 2014 09:45 PM UTC by Minh Nguyen
Last Updated: Sat Feb 22, 2014 02:37 PM UTC
Owner: Daniel Stenberg
Curl version: 7.35.0
I set up the SSHd service (using Cygwin) on my Windows XP system 10.10.16.96.
$ scp mnguyen@10.10.16.96:/home/mnguyen/testmnguyen@10.10.16.96:/home/mnguyen/test /tmp
mnguyen@10.10.16.96'smnguyen@10.10.16.96's password:
test 100% 16 0.0KB/s 00:00
$ ./curl -v -u mnguyen scp://10.10.16.96/home/mnguyen/test
Enter host password for user 'mnguyen':
Hostname was NOT found in DNS cache
Trying 10.10.16.96...
Connected to 10.10.16.96 (10.10.16.96) port 22 (#0)
SSH MD5 fingerprint: 28c9ed920380957018d758608272e6dd
SSH host check: 2, key:
Closing connection 0
curl: (51) SSL peer certificate or SSH remote key was not OK
Should "curl" use the same key defined in .ssh/known_hosts (as "scp" used)?
Note that I don't have any problem using "curl" to download a file from a Linux system.
Sent from sourceforge.net because you indicated interest in https://sourceforge.net/p/curl/bugs/1336/
To unsubscribe from further messages, please visit https://sourceforge.net/auth/subscriptions/
Related
Bugs:
#1336It's not SSL in this case but SSH, and -k disables the host fingerprint checking when using ssh. It sounds like for some reason curl can't interpret your ~/.ssh/known_hosts file correctly, or the host key actually has changed. Can you ssh into the box using OpenSSH without issue? What version of OpenSSH are you using?
Yes I was able to ssh into the Windows box without problem. The OpenSSH package installed together with Cygwin was version 6.1 according to the installation screen.
Thanks,
Minh Nguyen
From: Dan Fandrich [mailto:dfandrich@users.sf.net]
Sent: Monday, February 24, 2014 11:46 PM
To: [curl:bugs]
Subject: [curl:bugs] #1336 Failed to download file from a Windows XP system
It's not SSL in this case but SSH, and -k disables the host fingerprint checking when using ssh. It sounds like for some reason curl can't interpret your ~/.ssh/known_hosts file correctly, or the host key actually has changed. Can you ssh into the box using OpenSSH without issue? What version of OpenSSH are you using?
[bugs:#1336]http://sourceforge.net/p/curl/bugs/1336/ Failed to download file from a Windows XP system
Status: open
Created: Wed Feb 19, 2014 09:45 PM UTC by Minh Nguyen
Last Updated: Mon Feb 24, 2014 08:46 PM UTC
Owner: Daniel Stenberg
Curl version: 7.35.0
I set up the SSHd service (using Cygwin) on my Windows XP system 10.10.16.96.
$ scp mnguyen@10.10.16.96:/home/mnguyen/testmnguyen@10.10.16.96:/home/mnguyen/test /tmp
mnguyen@10.10.16.96'smnguyen@10.10.16.96's password:
test 100% 16 0.0KB/s 00:00
$ ./curl -v -u mnguyen scp://10.10.16.96/home/mnguyen/test
Enter host password for user 'mnguyen':
Hostname was NOT found in DNS cache
Trying 10.10.16.96...
Connected to 10.10.16.96 (10.10.16.96) port 22 (#0)
SSH MD5 fingerprint: 28c9ed920380957018d758608272e6dd
SSH host check: 2, key:
Closing connection 0
curl: (51) SSL peer certificate or SSH remote key was not OK
Should "curl" use the same key defined in .ssh/known_hosts (as "scp" used)?
Note that I don't have any problem using "curl" to download a file from a Linux system.
Sent from sourceforge.net because you indicated interest in https://sourceforge.net/p/curl/bugs/1336/
To unsubscribe from further messages, please visit https://sourceforge.net/auth/subscriptions/
Related
Bugs:
#1336Please don't quote the entire bug when you reply--it makes it hard to see what new information you've added each time.
SSH host check: 2,... means LIBSSH2_KNOWNHOST_CHECK_NOTFOUND so somehow libssh2 can't find the key for the host in your known_hosts file. Can you share the line in ~/.ssh/known_hosts for this host? What version of scp are you using? FWIW, you can use curl's --libcurl option to find the equivalent setopt name for -k or any option; in this case it's done by dropping the CURLOPT_SSH_KNOWNHOSTS option.
Hi,
Here is the line corresponding to the Windows host 10.10.16.96 in the ~/.ssh/known_hosts on the Linux box:
10.10.16.96 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7uJ8LtpUXcBqng9Xmr6V9tUR8Q0l3tKQ2dz+1wnZznnF6cxUn7U+tbvWNt6oLg94bIJwJbQy8WwD0fNVkk2DSObjiyl0rnFxd6vmvo5YcfNyXO0lnALmGbkyeahZPm0mt6RArN+3cwL8ZZRzmmoWP4uFDEN4vNn4RielOGcWRfOimPws9P8XEwfjRkQKoKsaRiUBBUjj49clAphnr4bFuBu5fDt/hK/oSSRcLWCLuF3CE2Y2pVHKSVXfzDd6JLceke5nSFJXcKbqCcs6WXuiV9cRn61i9WbskzZ8QunUIqcvw2cfvywHv0S8QhbNkwdwCwMvbefCfQDWkq4u/PY4l
The ssh RPM that we use on the Linux box is openssh-clients-4.3p2-36.el5_4.4.
Thanks,
M. Nguyen
From: Dan Fandrich [mailto:dfandrich@users.sf.net]
Sent: Thursday, February 27, 2014 2:00 PM
To: [curl:bugs]
Subject: [curl:bugs] #1336 Failed to download file from a Windows XP system
Please don't quote the entire bug when you reply--it makes it hard to see what new information you've added each time.
SSH host check: 2,... means LIBSSH2_KNOWNHOST_CHECK_NOTFOUND so somehow libssh2 can't find the key for the host in your known_hosts file. Can you share the line in ~/.ssh/known_hosts for this host? What version of scp are you using? FWIW, you can use curl's --libcurl option to find the equivalent setopt name for -k or any option; in this case it's done by dropping the CURLOPT_SSH_KNOWNHOSTS option.
I don't see anything obviously wrong with your configuration. What is the output of curl --version? Are you using a recent libssh2 version?
$ curl --version
curl 7.35.0 (x86_64-unknown-linux-gnu) libcurl/7.35.0 OpenSSL/1.0.0d zlib/1.2.3 libssh2/1.2.2
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp
Features: IPv6 Largefile NTLM NTLM_WB SSL libz
From: Dan Fandrich [mailto:dfandrich@users.sf.net]
Sent: Thursday, February 27, 2014 2:35 PM
To: [curl:bugs]
Subject: [curl:bugs] #1336 Failed to download file from a Windows XP system
I don't see anything obviously wrong with your configuration. What is the output of curl --version? Are you using a recent libssh2 version?
Also, what's the output of "ssh-keygen -l -f ~/.ssh/known_hosts | grep 10.10.16.96" ?
2$ ssh-keygen -l -f ~/.ssh/known_hosts | grep 10.10.16.96
2048 28:c9:ed:92:03:80:95:70:18:d7:58:60:82:72:e6:dd 10.10.16.96
From: Dan Fandrich [mailto:dfandrich@users.sf.net]
Sent: Thursday, February 27, 2014 2:39 PM
To: [curl:bugs]
Subject: [curl:bugs] #1336 Failed to download file from a Windows XP system
Also, what's the output of "ssh-keygen -l -f ~/.ssh/known_hosts | grep 10.10.16.96" ?
The MD5 hash from your known_hosts file matches what curl gives, so that's not the problem. But I see that you're using a 4-year-old version of libssh2. Can you try upgrading it and see if that helps? There have been a number of fixes to the known_hosts parsing since that version.
<deleted by="" author="">
Last edit: Minh Nguyen 2014-03-11
That's then not a problem with the known_hosts file. You're not providing the correct key/password to the server so it rejects your login attempt!
<deleted by="" author="">
Last edit: Minh Nguyen 2014-03-11
Your command line examples with curl uses no passphrase! Do you use passphrase with scp?
<deleted by="" author="">
Last edit: Minh Nguyen 2014-03-11
<deleted by="" author="">
Last edit: Minh Nguyen 2014-03-11
Thank you very much for your help. So after upgrading to the latest libssh2 library (version 1.4.3), I am now able to retrieve file from a Windows host using curl. Thus, the earlier version(s) of libssh2 seemed to have problems with the authentication process.
Please close this bug accordingly. Thanks!
Last edit: Minh Nguyen 2014-03-11