Download
Browse source Changelog
Documentation
Project   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Version numbers curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
API Bindings Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users curl-announce curl-commits Etiquette
Development
Autobuilds Code Style Contribute Internals Release Notes Release Procedure Roadmap Run Tests Security Specifications Test curl
News
Changelog Release table
cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: connecting to sftp where server is not trusted yet

From: Dan Fandrich <dan_at_coneharvesters.com>
Date: Sat, 8 Oct 2016 09:36:19 +0200

On Thu, Oct 06, 2016 at 05:26:21PM +0200, Miro Janosik wrote:
> Hi, I'd like to know how to connect properly to sftp where server is not
> trusted yet.
>
> If I try to connect to my SFTP server by FileZilla I get a information that
> 'This server's host key is unknown so far' when I connect there for a first
> time. I have to approve that key is correct and then I can login with user name
> and password.
>
> I want to do the same with my C++ program. It seems that my connection always
> freezes and times out; I guess that it is because my curl code does not handle
> the approval of host key.
>
> My code is following:
>
> curl_global_init(CURL_GLOBAL_DEFAULT);
> CURL* curlSession = curl_easy_init();
> std::string str = user + std::string(":") + password;
> curl_easy_setopt(curlSession, CURLOPT_USERPWD, str.c_str());
> curl_easy_setopt(curlSession, CURLOPT_USERAGENT, "libcurl-agent/1.0");
> curl_easy_setopt(m_session, CURLOPT_URL, "ftp.server.com");

This isn't a proper URL; it's just a host name. curl is going to guess at the
protocol in this case, and it' going to guess FTP, not SFTP. Try setting a URL
like sftp://ftp.server.com/ and see if it works any better.

> curl_easy_setopt(curlSession, CURLOPT_PORT, 22);
> curl_easy_setopt(curlSession, CURLOPT_WRITEFUNCTION, FileDownloadToStreamCallback);
> curl_easy_setopt(curlSession, CURLOPT_WRITEDATA, &packageListData);
> curl_easy_setopt(curlSession, CURLOPT_DIRLISTONLY, 1);
> curl_easy_setopt(curlSession, CURLOPT_VERBOSE, 1);

These two must be long, not int; use 1L instead.

> curl_easy_setopt(curlSession, CURLOPT_SSH_AUTH_TYPES, CURLSSH_AUTH_PUBLICKEY | CURLSSH_AUTH_PASSWORD);
> curl_easy_setopt(curlSession, CURLOPT_SSH_HOST_PUBLIC_KEY_MD5, "b01fxxxxxxxxxxxxxxxxxxxxxxxxxxxx");
> int res = curl_easy_perform(curlSession);
>
> I see this in verbose console:
>
> Started
> * Rebuilt URL to: ftp.server.com/
> * Trying 111.33.111.11...
> * TCP_NODELAY set
> * Connected to ftp.server.com (111.33.111.11) port 22 (#0)
> < SSH-2.0-mod_sftp/0.9.9
> * Operation timed out after 300281 milliseconds with 0 out of 0 bytes received
> * Closing connection 0
>
> I'd like to make my code work without user's interaction (as I have username
> and password) and it should check if the host key is correct.
>
> I'm missing some functions that would return me the server's host key so I
> could compare it to my local key; and then approving the server that it is ok
> to connect.

curl will do this for you when you set CURLOPT_SSH_HOST_PUBLIC_KEY_MD5

>>> Dan
-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-10-08