Menu
▾
▴
#1448 curl does not use port-number information in known_hosts check
Problem
When connect to scp/sftp, curl checks host key with known_hosts file.
But curl does not use port-number information in this check.
Therefore, there are problems at connecting to non-default port (eg. 10022).
Suggested fix
libssh2 has a check method with port number. So you can use it.
--- a/lib/ssh.c
+++ b/lib/ssh.c
@@ -543,8 +543,9 @@
keybit = (keytype == LIBSSH2_HOSTKEY_TYPE_RSA)?
LIBSSH2_KNOWNHOST_KEY_SSHRSA:LIBSSH2_KNOWNHOST_KEY_SSHDSS;
- keycheck = libssh2_knownhost_check(sshc->kh,
+ keycheck = libssh2_knownhost_checkp(sshc->kh,
conn->host.name,
+ (conn->remote_port != PORT_SSH)?conn->remote_port:-1,
remotekey, keylen,
LIBSSH2_KNOWNHOST_TYPE_PLAIN|
LIBSSH2_KNOWNHOST_KEYENC_RAW|
Example
(Using OpenSSH)
$ ssh -p 10022 ban@localhost cat /tmp/hello.txt
Password:
hello
(Before patching)
$ curl -u ban scp://localhost:10022/tmp/hello.txt
Enter host password for user 'ban':
curl: (51) SSL peer certificate or SSH remote key was not OK
(After patching)
$ ./curl -u ban scp://localhost:10022/tmp/hello.txt
Enter host password for user 'ban':
hello
Version info
I tried latest Debian package.
$ curl -V
curl 7.38.0 (x86_64-pc-linux-gnu) libcurl/7.38.0 OpenSSL/1.0.1j zlib/1.2.8 libidn/1.29 libssh2/1.4.3 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API SPNEGO NTLM NTLM_WB SSL libz TLS-SRP
Discussion
Thanks, I'll just add some version dependent check for that function since it didn't exist before libssh2 1.2.6 ...
Thanks a lot, pushed as commit 18e1a3022de just now!
I tested daily snapshot 7.39.1-20141110; it works well.
Thank you for the fix.