cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: On the hostpubmd5 option

From: Nick Zitzmann <nick_at_chronosnet.com>
Date: Wed, 20 Nov 2013 19:03:03 -0600

On Nov 20, 2013, at 11:48 AM, frank ernest <doark_at_mail.com> wrote:

> --hostpubmd5 <md5>
> (SCP/SFTP) Pass a string containing 32 hexadecimal digits. The
> string should be the 128 bit MD5 checksum of the remote host's
> public key, curl will refuse the connection with the host unless
> the md5sums match.
>
> How can I tell when to use this?

If you are not using an SSH-based protocol, like SCP or SFTP, then you never need to use this. But if you are, then providing the checksum of the host’s expected public key can protect you against an attack where some other site pretends to be the host.

Nick Zitzmann
<http://www.chronosnet.com/>

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-11-21