Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
curl/libssh2 ssh-rsa issue
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: João M. S. Silva via curl-users <curl-users_at_lists.haxx.se>
Date: Fri, 2 Jun 2023 14:12:27 +0100
Hi.
I've been recently able to fix the issue with libssh2, which is:
If curl * Set "rsa-sha2-256,rsa-sha2-512,ssh-rsa" as SSH hostkey type
libssh2 uses ssh-rsa (not rsa-sha2-256,rsa-sha2-512) and the connection
fails since the destination does not accept ssh-rsa.
$ grep HostKeyAlgorithms /etc/ssh/sshd_config
HostKeyAlgorithms
rsa-sha2-256,rsa-sha2-512,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
I fixed this building both curl and libssh2 from git master.
But now I was trying the same with the latest releases of both:
wget --no-check-certificate
https://www.libssh2.org/download/libssh2-1.11.0.tar.xz
tar xvf libssh2-1.11.0.tar.xz
cd libssh2-1.11.0
./configure CFLAGS="-DOPENSSL_NO_RSA=1 -DOPENSSL_NO_DSA=1
-DOPENSSL_NO_RC4=1 -DOPENSSL_NO_CAST=1 -DOPENSSL_NO_DES=1
-DOPENSSL_NO_MD5=1"
make -j
sudo find /usr/local > a.txt
sudo make install
sudo find /usr/local > b.txt
diff a.txt b.txt | grep ^\> | cut -f 2 -d ' ' > c.txt
tar acvf libssh2.tar.xz --files-from=c.txt -P
wget --no-check-certificate https://curl.se/download/curl-8.1.2.tar.xz
tar xvf curl-8.1.2.tar.xz
cd curl-8.1.2
./configure --enable-ares --with-openssl
--with-libssh2=/home/shared/libssh2-1.11.0
make -j
sudo find /usr/local > a.txt
sudo make install
sudo find /usr/local > b.txt
diff a.txt b.txt | grep ^\> | cut -f 2 -d ' ' > c.txt
tar acvf curl.tar.xz --files-from=c.txt -P
However, with these builds I cannot fix the issue, I get:
$ curl -vvvvvv -T A sftp://127.0.0.1//home/shared/B -u x:y
* !!! WARNING !!!
* This is a debug build of libcurl, do not use in production.
* STATE: INIT => CONNECT handle 0x55e16c7a5638; line 1951 (connection
#-5000)
* Added connection 0. The cache now contains 1 members
* STATE: CONNECT => CONNECTING handle 0x55e16c7a5638; line 2004 (connection
#0)
% Total % Received % Xferd Average Speed Time Time Time
Current
Dload Upload Total Spent Left
Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:--
0* Trying 127.0.0.1:22...
* Connected to 127.0.0.1 (127.0.0.1) port 22 (#0)
* STATE: CONNECTING => PROTOCONNECT handle 0x55e16c7a5638; line 2112
(connection #0)
* User: x
* Password: y
* SSH socket: 6
* SFTP 0x55e16c75da28 state change from SSH_STOP to SSH_INIT
* Found host 127.0.0.1 in /home/shared/.ssh/known_hosts
* Set "rsa-sha2-256,rsa-sha2-512,ssh-rsa" as SSH hostkey type
* SFTP 0x55e16c75da28 state change from SSH_INIT to SSH_SESSION_FREE
* SFTP 0x55e16c75da28 state change from SSH_SESSION_FREE to SSH_STOP
* multi_done: status: 79 prem: 1 done: 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:--
0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:--
0
* multi_done, not re-using connection=0, forbid=0, close=1, premature=1,
conn_multiplex=0
* The cache now contains 0 members
* Curl_disconnect(conn #0, dead=1)
* SSH DISCONNECT starts now
* SSH DISCONNECT is done
* Closing connection 0
* Expire cleared (transfer 0x55e16c7a5638)
curl: (79) Error in the SSH layer
I have also defined:
lib/vssh/libssh2.c:#define CURL_LIBSSH2_DEBUG
Is there a way, without writing custom code, to make curl/libssh2 output
the specific reason for failure?
Thanks.
João M. S. Silva
Date: Fri, 2 Jun 2023 14:12:27 +0100
Hi.
I've been recently able to fix the issue with libssh2, which is:
If curl * Set "rsa-sha2-256,rsa-sha2-512,ssh-rsa" as SSH hostkey type
libssh2 uses ssh-rsa (not rsa-sha2-256,rsa-sha2-512) and the connection
fails since the destination does not accept ssh-rsa.
$ grep HostKeyAlgorithms /etc/ssh/sshd_config
HostKeyAlgorithms
rsa-sha2-256,rsa-sha2-512,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
I fixed this building both curl and libssh2 from git master.
But now I was trying the same with the latest releases of both:
wget --no-check-certificate
https://www.libssh2.org/download/libssh2-1.11.0.tar.xz
tar xvf libssh2-1.11.0.tar.xz
cd libssh2-1.11.0
./configure CFLAGS="-DOPENSSL_NO_RSA=1 -DOPENSSL_NO_DSA=1
-DOPENSSL_NO_RC4=1 -DOPENSSL_NO_CAST=1 -DOPENSSL_NO_DES=1
-DOPENSSL_NO_MD5=1"
make -j
sudo find /usr/local > a.txt
sudo make install
sudo find /usr/local > b.txt
diff a.txt b.txt | grep ^\> | cut -f 2 -d ' ' > c.txt
tar acvf libssh2.tar.xz --files-from=c.txt -P
wget --no-check-certificate https://curl.se/download/curl-8.1.2.tar.xz
tar xvf curl-8.1.2.tar.xz
cd curl-8.1.2
./configure --enable-ares --with-openssl
--with-libssh2=/home/shared/libssh2-1.11.0
make -j
sudo find /usr/local > a.txt
sudo make install
sudo find /usr/local > b.txt
diff a.txt b.txt | grep ^\> | cut -f 2 -d ' ' > c.txt
tar acvf curl.tar.xz --files-from=c.txt -P
However, with these builds I cannot fix the issue, I get:
$ curl -vvvvvv -T A sftp://127.0.0.1//home/shared/B -u x:y
* !!! WARNING !!!
* This is a debug build of libcurl, do not use in production.
* STATE: INIT => CONNECT handle 0x55e16c7a5638; line 1951 (connection
#-5000)
* Added connection 0. The cache now contains 1 members
* STATE: CONNECT => CONNECTING handle 0x55e16c7a5638; line 2004 (connection
#0)
% Total % Received % Xferd Average Speed Time Time Time
Current
Dload Upload Total Spent Left
Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:--
0* Trying 127.0.0.1:22...
* Connected to 127.0.0.1 (127.0.0.1) port 22 (#0)
* STATE: CONNECTING => PROTOCONNECT handle 0x55e16c7a5638; line 2112
(connection #0)
* User: x
* Password: y
* SSH socket: 6
* SFTP 0x55e16c75da28 state change from SSH_STOP to SSH_INIT
* Found host 127.0.0.1 in /home/shared/.ssh/known_hosts
* Set "rsa-sha2-256,rsa-sha2-512,ssh-rsa" as SSH hostkey type
* SFTP 0x55e16c75da28 state change from SSH_INIT to SSH_SESSION_FREE
* SFTP 0x55e16c75da28 state change from SSH_SESSION_FREE to SSH_STOP
* multi_done: status: 79 prem: 1 done: 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:--
0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:--
0
* multi_done, not re-using connection=0, forbid=0, close=1, premature=1,
conn_multiplex=0
* The cache now contains 0 members
* Curl_disconnect(conn #0, dead=1)
* SSH DISCONNECT starts now
* SSH DISCONNECT is done
* Closing connection 0
* Expire cleared (transfer 0x55e16c7a5638)
curl: (79) Error in the SSH layer
I have also defined:
lib/vssh/libssh2.c:#define CURL_LIBSSH2_DEBUG
Is there a way, without writing custom code, to make curl/libssh2 output
the specific reason for failure?
Thanks.
João M. S. Silva
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2023-06-02