Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: curl: (60) SSL peer certificate or SSH remote key was not OK
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Michael Newman via curl-users <curl-users_at_cool.haxx.se>
Date: Fri, 14 May 2021 05:46:24 +0700
It turns out there were two problems:
1 - The known_hosts file contained an entry for mydomain.com <http://mydomain.com/> but not for ftp.mydomain.com <http://ftp.mydomain.com/>. I believe that is what caused the "curl: (60) SSL peer certificate or SSH remote key was not OK" error. I fixed that by adding an entry for ftp.mydomain.com <http://ftp.mydomain.com/>.
2 - The id_rsa file was in the wrong format (OpenSSH). I fixed that with:
ssh-keygen -p -m PEM -f ~/.ssh/id_rsa
Now, curl sftp is working as expected.
Mike Newman
Korat, Thailand
> Date: Wed, 12 May 2021 09:26:34 +0700
> From: Michael Newman <mgnewman_at_mac.com>
> To: curl users <curl-users_at_cool.haxx.se>
> Subject: curl: (60) SSL peer certificate or SSH remote key was not OK
> Message-ID: <78F8734B-B988-4FE4-88BB-B2B4524F8300_at_mac.com>
> Content-Type: text/plain; charset=us-ascii
>
> I have two headless Raspberry Pi 4s that I use to upload webcam images to my web host. I have a new web host that support SFTP.
>
> On one machine, both ssh and curl sftp work fine:
>
> pi_at_raspsky:~/webcam$ ssh me_at_mydoman.com
> Last login: Tue May 11 19:16:15 2021 from node-1759.pool-101-51.dynamic.totinternet.net
>
> pi_at_raspsky:~/webcam$ curl -T test.txt -u me: --pubkey ~/.ssh/id_rsa.pub sftp://ftp.mydoman.com/~/public_html/
> % Total % Received % Xferd Average Speed Time Time Time Current
> Dload Upload Total Spent Left Speed
> 0 0 0 0 0 0 0 0 --:--:-- 0:00:05 --:--:-- 0
> 0 0 0 0 0 0 0 0 --:--:-- 0:00:05 --:--:-- 0
> pi_at_raspsky:~/webcam$ ssh me_at_mydoman.com
>
> On the other machine, ssh works, but curl sftp does not:
>
> pi_at_raspmountain:~/webcam $ ssh me_at_mydoman.com
> Last login: Tue May 11 19:10:06 2021 from node-1759.pool-101-51.dynamic.totinternet.net
>
> pi_at_raspmountain:~/webcam $ curl -T test.txt -u me: --pubkey ~/.ssh/id_rsa.pub sftp://ftp.mydoman.com/~/public_html/
> % Total % Received % Xferd Average Speed Time Time Time Current
> Dload Upload Total Spent Left Speed
> 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
> 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
> curl: (60) SSL peer certificate or SSH remote key was not OK
> More details here: https://curl.haxx.se/docs/sslcerts.html
> curl failed to verify the legitimacy of the server and therefore could not
> establish a secure connection to it. To learn more about this situation and
> how to fix it, please visit the web page mentioned above.
>
> I went to the "web page mentioned above", but I'm not smart enough to understand it. For example: "If libcurl was built with Schannel or Secure Transport support". How would I know?
>
> Can someone point me to a simple English explanation of what I need to do to "fix" the errant machine?
>
> TIA
>
> Mike Newman
> Korat, Thailand
-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2021-05-14
Date: Fri, 14 May 2021 05:46:24 +0700
It turns out there were two problems:
1 - The known_hosts file contained an entry for mydomain.com <http://mydomain.com/> but not for ftp.mydomain.com <http://ftp.mydomain.com/>. I believe that is what caused the "curl: (60) SSL peer certificate or SSH remote key was not OK" error. I fixed that by adding an entry for ftp.mydomain.com <http://ftp.mydomain.com/>.
2 - The id_rsa file was in the wrong format (OpenSSH). I fixed that with:
ssh-keygen -p -m PEM -f ~/.ssh/id_rsa
Now, curl sftp is working as expected.
Mike Newman
Korat, Thailand
> Date: Wed, 12 May 2021 09:26:34 +0700
> From: Michael Newman <mgnewman_at_mac.com>
> To: curl users <curl-users_at_cool.haxx.se>
> Subject: curl: (60) SSL peer certificate or SSH remote key was not OK
> Message-ID: <78F8734B-B988-4FE4-88BB-B2B4524F8300_at_mac.com>
> Content-Type: text/plain; charset=us-ascii
>
> I have two headless Raspberry Pi 4s that I use to upload webcam images to my web host. I have a new web host that support SFTP.
>
> On one machine, both ssh and curl sftp work fine:
>
> pi_at_raspsky:~/webcam$ ssh me_at_mydoman.com
> Last login: Tue May 11 19:16:15 2021 from node-1759.pool-101-51.dynamic.totinternet.net
>
> pi_at_raspsky:~/webcam$ curl -T test.txt -u me: --pubkey ~/.ssh/id_rsa.pub sftp://ftp.mydoman.com/~/public_html/
> % Total % Received % Xferd Average Speed Time Time Time Current
> Dload Upload Total Spent Left Speed
> 0 0 0 0 0 0 0 0 --:--:-- 0:00:05 --:--:-- 0
> 0 0 0 0 0 0 0 0 --:--:-- 0:00:05 --:--:-- 0
> pi_at_raspsky:~/webcam$ ssh me_at_mydoman.com
>
> On the other machine, ssh works, but curl sftp does not:
>
> pi_at_raspmountain:~/webcam $ ssh me_at_mydoman.com
> Last login: Tue May 11 19:10:06 2021 from node-1759.pool-101-51.dynamic.totinternet.net
>
> pi_at_raspmountain:~/webcam $ curl -T test.txt -u me: --pubkey ~/.ssh/id_rsa.pub sftp://ftp.mydoman.com/~/public_html/
> % Total % Received % Xferd Average Speed Time Time Time Current
> Dload Upload Total Spent Left Speed
> 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
> 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
> curl: (60) SSL peer certificate or SSH remote key was not OK
> More details here: https://curl.haxx.se/docs/sslcerts.html
> curl failed to verify the legitimacy of the server and therefore could not
> establish a secure connection to it. To learn more about this situation and
> how to fix it, please visit the web page mentioned above.
>
> I went to the "web page mentioned above", but I'm not smart enough to understand it. For example: "If libcurl was built with Schannel or Secure Transport support". How would I know?
>
> Can someone point me to a simple English explanation of what I need to do to "fix" the errant machine?
>
> TIA
>
> Mike Newman
> Korat, Thailand
-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2021-05-14