When connect to scp/sftp, curl checks host key with known_hosts file.
But curl does not use port-number information in this check.
Therefore, there are problems at connecting to non-default port (eg. 10022).
libssh2 has a check method with port number. So you can use it.
--- a/lib/ssh.c +++ b/lib/ssh.c @@ -543,8 +543,9 @@ keybit = (keytype == LIBSSH2_HOSTKEY_TYPE_RSA)? LIBSSH2_KNOWNHOST_KEY_SSHRSA:LIBSSH2_KNOWNHOST_KEY_SSHDSS; - keycheck = libssh2_knownhost_check(sshc->kh, + keycheck = libssh2_knownhost_checkp(sshc->kh, conn->host.name, + (conn->remote_port != PORT_SSH)?conn->remote_port:-1, remotekey, keylen, LIBSSH2_KNOWNHOST_TYPE_PLAIN| LIBSSH2_KNOWNHOST_KEYENC_RAW|
(Using OpenSSH) $ ssh -p 10022 ban@localhost cat /tmp/hello.txt Password: hello (Before patching) $ curl -u ban scp://localhost:10022/tmp/hello.txt Enter host password for user 'ban': curl: (51) SSL peer certificate or SSH remote key was not OK (After patching) $ ./curl -u ban scp://localhost:10022/tmp/hello.txt Enter host password for user 'ban': hello
I tried latest Debian package.
$ curl -V curl 7.38.0 (x86_64-pc-linux-gnu) libcurl/7.38.0 OpenSSL/1.0.1j zlib/1.2.8 libidn/1.29 libssh2/1.4.3 librtmp/2.3 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smtp smtps telnet tftp Features: AsynchDNS IDN IPv6 Largefile GSS-API SPNEGO NTLM NTLM_WB SSL libz TLS-SRP
Thanks, I'll just add some version dependent check for that function since it didn't exist before libssh2 1.2.6 ...
Thanks a lot, pushed as commit 18e1a3022de just now!
I tested daily snapshot 7.39.1-20141110; it works well.
Thank you for the fix.