Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: Status of SSH_KNOWNHOSTS in pycurl

From: Mathieu Dubois via curl-and-python <curl-and-python_at_cool.haxx.se>
Date: Tue, 18 Feb 2020 14:12:34 +0100

Le 18/02/2020 à 13:26, Daniel Stenberg a écrit :
> On Tue, 18 Feb 2020, Mathieu Dubois via curl-and-python wrote:
>
>> I have read in some pycurl files (tests/ssh_key_cb_test.py) that
>> SSH_KNOWNHOSTS is not supported with the libssh backend. However, no
>> exception is raised. Is this the cause of the problem ?
>
> That "not supported" part is news to me. The code certainly looks like
> it tries to support it...

I was surprised by that too because it's not mentioned in the doc. I
didn't take time to dig further though.

>> I have noticed that if connect to the server with sftp and add the
>> key in ~/.ssh/known_hosts, curl (not pycurl) can connect without
>> problem. pycurl can too if I don't set SSH_KNOWNHOSTS (otherwise it
>> doesn't work).
>>
>> Note that pycurl uses ssh-rsa keys while ssh uses ecdsa-sha2-nistp256
>> keys.
>>
>> Can somebody explain that ?
>
> It looks like a bug to me. Exactly in which component the bug lies is
> harder to say, but libssh or libcurl seem like the most plausible ones
> to blame...

Can I be of any help here (I don't know libcurl or libssh internals) ?

I have installed curl 7.68.0 with libssh2 1.9.0 and pycurl and my test
program works (it stores ecdsa-sha2-nistp256 keys but ignores the
previous ssh-rsa key if any).

BTW, if somebody is interested in the code I sent in the first message
there is a slight mistake: line 14 should read
"crl.setopt(pycurl.SSH_KNOWNHOSTS, "/tmp/known_hosts")".

Mathieu
_______________________________________________
https://cool.haxx.se/cgi-bin/mailman/listinfo/curl-and-python
Received on 2020-02-18