curl / Mailing Lists / curl-users / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: curl: (60) SSL peer certificate or SSH remote key was not OK

From: Michael Newman via curl-users <curl-users_at_cool.haxx.se>
Date: Fri, 14 May 2021 05:46:24 +0700

It turns out there were two problems:

1 - The known_hosts file contained an entry for mydomain.com <http://mydomain.com/> but not for ftp.mydomain.com <http://ftp.mydomain.com/>. I believe that is what caused the "curl: (60) SSL peer certificate or SSH remote key was not OK" error. I fixed that by adding an entry for ftp.mydomain.com <http://ftp.mydomain.com/>.

2 - The id_rsa file was in the wrong format (OpenSSH). I fixed that with:

ssh-keygen -p -m PEM -f ~/.ssh/id_rsa

Now, curl sftp is working as expected.

Mike Newman
Korat, Thailand

> Date: Wed, 12 May 2021 09:26:34 +0700
> From: Michael Newman <mgnewman_at_mac.com>
> To: curl users <curl-users_at_cool.haxx.se>
> Subject: curl: (60) SSL peer certificate or SSH remote key was not OK
> Message-ID: <78F8734B-B988-4FE4-88BB-B2B4524F8300_at_mac.com>
> Content-Type: text/plain; charset=us-ascii
>
> I have two headless Raspberry Pi 4s that I use to upload webcam images to my web host. I have a new web host that support SFTP.
>
> On one machine, both ssh and curl sftp work fine:
>
> pi_at_raspsky:~/webcam$ ssh me_at_mydoman.com
> Last login: Tue May 11 19:16:15 2021 from node-1759.pool-101-51.dynamic.totinternet.net
>
> pi_at_raspsky:~/webcam$ curl -T test.txt -u me: --pubkey ~/.ssh/id_rsa.pub sftp://ftp.mydoman.com/~/public_html/
> % Total % Received % Xferd Average Speed Time Time Time Current
> Dload Upload Total Spent Left Speed
> 0 0 0 0 0 0 0 0 --:--:-- 0:00:05 --:--:-- 0
> 0 0 0 0 0 0 0 0 --:--:-- 0:00:05 --:--:-- 0
> pi_at_raspsky:~/webcam$ ssh me_at_mydoman.com
>
> On the other machine, ssh works, but curl sftp does not:
>
> pi_at_raspmountain:~/webcam $ ssh me_at_mydoman.com
> Last login: Tue May 11 19:10:06 2021 from node-1759.pool-101-51.dynamic.totinternet.net
>
> pi_at_raspmountain:~/webcam $ curl -T test.txt -u me: --pubkey ~/.ssh/id_rsa.pub sftp://ftp.mydoman.com/~/public_html/
> % Total % Received % Xferd Average Speed Time Time Time Current
> Dload Upload Total Spent Left Speed
> 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
> 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
> curl: (60) SSL peer certificate or SSH remote key was not OK
> More details here: https://curl.haxx.se/docs/sslcerts.html
> curl failed to verify the legitimacy of the server and therefore could not
> establish a secure connection to it. To learn more about this situation and
> how to fix it, please visit the web page mentioned above.
>
> I went to the "web page mentioned above", but I'm not smart enough to understand it. For example: "If libcurl was built with Schannel or Secure Transport support". How would I know?
>
> Can someone point me to a simple English explanation of what I need to do to "fix" the errant machine?
>
> TIA
>
> Mike Newman
> Korat, Thailand



-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2021-05-14