Status of SSH_KNOWNHOSTS in pycurl
Date: Tue, 18 Feb 2020 10:14:23 +0100
I have been playing recently with pycurl and SFTP and I'm a bit confused
about the status of SSH_KNOWNHOSTS and SSH_KEYFUNCTION.
To illustrate this, I wrote a (hopefully correct) simple program (see
attached file) which connects to a public server, add the key to known
hosts file if needed and downloads a file. The program works but each
time I execute it, the known hosts file gets bigger and it looks like
the key inside is never matched.
I use Fedora 31. Here is the output of `curl --version':
$ curl --version
curl 7.66.0 (x86_64-redhat-linux-gnu) libcurl/7.66.0 OpenSSL/1.1.1d-fips
zlib/1.2.11 brotli/1.0.7 libidn2/2.3.0 libpsl/0.21.0 (+libidn2/2.2.0)
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps
pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS brotli GSS-API HTTP2 HTTPS-proxy IDN IPv6 Kerberos
Largefile libz Metalink NTLM NTLM_WB PSL SPNEGO SSL TLS-SRP UnixSockets
I have read in some pycurl files (tests/ssh_key_cb_test.py) that
SSH_KNOWNHOSTS is not supported with the libssh backend. However, no
exception is raised. Is this the cause of the problem ?
I have noticed that if connect to the server with sftp and add the key
in ~/.ssh/known_hosts, curl (not pycurl) can connect without problem.
pycurl can too if I don't set SSH_KNOWNHOSTS (otherwise it doesn't work).
Note that pycurl uses ssh-rsa keys while ssh uses ecdsa-sha2-nistp256 keys.
Can somebody explain that ?
Thanks in advance,
- text/x-python attachment: test_pycurl.py