cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: connecting to sftp where server is not trusted yet

From: Dan Fandrich <dan_at_coneharvesters.com>
Date: Sat, 8 Oct 2016 09:36:19 +0200

On Thu, Oct 06, 2016 at 05:26:21PM +0200, Miro Janosik wrote:
> Hi, I'd like to know how to connect properly to sftp where server is not
> trusted yet.
>
> If I try to connect to my SFTP server by FileZilla I get a information that
> 'This server's host key is unknown so far' when I connect there for a first
> time. I have to approve that key is correct and then I can login with user name
> and password.
>
> I want to do the same with my C++ program. It seems that my connection always
> freezes and times out; I guess that it is because my curl code does not handle
> the approval of host key.
>
> My code is following:
>
> curl_global_init(CURL_GLOBAL_DEFAULT);
> CURL* curlSession = curl_easy_init();
> std::string str = user + std::string(":") + password;
> curl_easy_setopt(curlSession, CURLOPT_USERPWD, str.c_str());
> curl_easy_setopt(curlSession, CURLOPT_USERAGENT, "libcurl-agent/1.0");
> curl_easy_setopt(m_session, CURLOPT_URL, "ftp.server.com");

This isn't a proper URL; it's just a host name. curl is going to guess at the
protocol in this case, and it' going to guess FTP, not SFTP. Try setting a URL
like sftp://ftp.server.com/ and see if it works any better.

> curl_easy_setopt(curlSession, CURLOPT_PORT, 22);
> curl_easy_setopt(curlSession, CURLOPT_WRITEFUNCTION, FileDownloadToStreamCallback);
> curl_easy_setopt(curlSession, CURLOPT_WRITEDATA, &packageListData);
> curl_easy_setopt(curlSession, CURLOPT_DIRLISTONLY, 1);
> curl_easy_setopt(curlSession, CURLOPT_VERBOSE, 1);

These two must be long, not int; use 1L instead.

> curl_easy_setopt(curlSession, CURLOPT_SSH_AUTH_TYPES, CURLSSH_AUTH_PUBLICKEY | CURLSSH_AUTH_PASSWORD);
> curl_easy_setopt(curlSession, CURLOPT_SSH_HOST_PUBLIC_KEY_MD5, "b01fxxxxxxxxxxxxxxxxxxxxxxxxxxxx");
> int res = curl_easy_perform(curlSession);
>
> I see this in verbose console:
>
> Started
> * Rebuilt URL to: ftp.server.com/
> * Trying 111.33.111.11...
> * TCP_NODELAY set
> * Connected to ftp.server.com (111.33.111.11) port 22 (#0)
> < SSH-2.0-mod_sftp/0.9.9
> * Operation timed out after 300281 milliseconds with 0 out of 0 bytes received
> * Closing connection 0
>
> I'd like to make my code work without user's interaction (as I have username
> and password) and it should check if the host key is correct.
>
> I'm missing some functions that would return me the server's host key so I
> could compare it to my local key; and then approving the server that it is ok
> to connect.

curl will do this for you when you set CURLOPT_SSH_HOST_PUBLIC_KEY_MD5

>>> Dan
-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-10-08