Buy commercial curl support. We
help you work out your issues, debug your libcurl applications, use the API,
port to new platforms, add new features and more. With a team lead by the
curl founder Daniel himself.
Re: Help Understanding curl and tls/ssl certificates
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Dan Fandrich via curl-users <curl-users_at_lists.haxx.se>
Date: Thu, 20 Jun 2024 10:32:23 -0700
On Thu, Jun 20, 2024 at 03:50:00PM +0700, Michael Newman via curl-users wrote:
> Ah, there¢s just one more thing.
>
> After I fixed the url scheme on the Pies, I got this error:
>
> * Connected to mgnewman.com (192.254.225.101) port 22 (#0)
> * SSH MD5 fingerprint: 4b17cad500a405c850e118c1deec0f96
> * SSH host check: 2, key: <none>
>
> So, I used ssh-keyscan to update my known_hosts file. Now it works. But I still
> have to wonder how it worked before? I guess because curl was using ftp rather
> than sftp.
I was wrong about it using ftp from the logs, but this is another indication
that they may have been doing maintenance on the server. If they replaced a
server or reinstalled one then it would generate for itself a new host key and
you'd see this error. This matches the error in your original post. But, if
this only happened after changing host names in the URL, then it's all to be
expected since you're connecting to a new host.
There is another explanation that's less likely, but these symptoms would also
also be possible if there's a man-in-the-middle ssh server that's now
intercepting your connections. That's the whole reason to have this server
fingerprint functionality in ssh after all, to detect this kind of thing.
Dan
Date: Thu, 20 Jun 2024 10:32:23 -0700
On Thu, Jun 20, 2024 at 03:50:00PM +0700, Michael Newman via curl-users wrote:
> Ah, there¢s just one more thing.
>
> After I fixed the url scheme on the Pies, I got this error:
>
> * Connected to mgnewman.com (192.254.225.101) port 22 (#0)
> * SSH MD5 fingerprint: 4b17cad500a405c850e118c1deec0f96
> * SSH host check: 2, key: <none>
>
> So, I used ssh-keyscan to update my known_hosts file. Now it works. But I still
> have to wonder how it worked before? I guess because curl was using ftp rather
> than sftp.
I was wrong about it using ftp from the logs, but this is another indication
that they may have been doing maintenance on the server. If they replaced a
server or reinstalled one then it would generate for itself a new host key and
you'd see this error. This matches the error in your original post. But, if
this only happened after changing host names in the URL, then it's all to be
expected since you're connecting to a new host.
There is another explanation that's less likely, but these symptoms would also
also be possible if there's a man-in-the-middle ssh server that's now
intercepting your connections. That's the whole reason to have this server
fingerprint functionality in ssh after all, to detect this kind of thing.
Dan
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2024-06-20