Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Status of SSH_KNOWNHOSTS in pycurl

From: Mathieu Dubois via curl-and-python <>
Date: Tue, 18 Feb 2020 10:14:23 +0100

Dear list,

I have been playing recently with pycurl and SFTP and I'm a bit confused
about the status of SSH_KNOWNHOSTS and SSH_KEYFUNCTION.

To illustrate this, I wrote a (hopefully correct) simple program (see
attached file) which connects to a public server, add the key to known
hosts file if needed and downloads a file. The program works but each
time I execute it, the known hosts file gets bigger and it looks like
the key inside is never matched.

I use Fedora 31. Here is the output of `curl --version':
$ curl --version
curl 7.66.0 (x86_64-redhat-linux-gnu) libcurl/7.66.0 OpenSSL/1.1.1d-fips
zlib/1.2.11 brotli/1.0.7 libidn2/2.3.0 libpsl/0.21.0 (+libidn2/2.2.0)
libssh/0.9.3/openssl/zlib nghttp2/1.40.0
Release-Date: 2019-09-11
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps
pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS brotli GSS-API HTTP2 HTTPS-proxy IDN IPv6 Kerberos
Largefile libz Metalink NTLM NTLM_WB PSL SPNEGO SSL TLS-SRP UnixSockets

I have read in some pycurl files (tests/ that
SSH_KNOWNHOSTS is not supported with the libssh backend. However, no
exception is raised. Is this the cause of the problem ?

I have noticed that if connect to the server with sftp and add the key
in ~/.ssh/known_hosts, curl (not pycurl) can connect without problem.
pycurl can too if I don't set SSH_KNOWNHOSTS (otherwise it doesn't work).

Note that pycurl uses ssh-rsa keys while ssh uses ecdsa-sha2-nistp256 keys.

Can somebody explain that ?

Thanks in advance,


Received on 2020-02-18