curl-library
Re: connecting to sftp where server is not trusted yet
Date: Thu, 13 Oct 2016 08:34:28 +0200
> Date: Sat, 8 Oct 2016 09:36:19 +0200
> From: Dan Fandrich <dan_at_coneharvesters.com>
> Message-ID: <20161008073619.GA18704_at_coneharvesters.com>
>
> On Thu, Oct 06, 2016 at 05:26:21PM +0200, Miro Janosik wrote:
> > Hi, I'd like to know how to connect properly to sftp where server is not
> > trusted yet.
> >
> > If I try to connect to my SFTP server by FileZilla I get a information
> that
> > 'This server's host key is unknown so far' when I connect there for a
> first
> > time. I have to approve that key is correct and then I can login with
> user name
> > and password.
> >
> > I want to do the same with my C++ program. It seems that my connection
> always
> > freezes and times out; I guess that it is because my curl code does not
> handle
> > the approval of host key.
> >
> > My code is following:
> >
> > curl_global_init(CURL_GLOBAL_DEFAULT);
> > CURL* curlSession = curl_easy_init();
> > std::string str = user + std::string(":") + password;
> > curl_easy_setopt(curlSession, CURLOPT_USERPWD, str.c_str());
> > curl_easy_setopt(curlSession, CURLOPT_USERAGENT, "libcurl-agent/1.0");
> > curl_easy_setopt(m_session, CURLOPT_URL, "ftp.server.com");
>
> This isn't a proper URL; it's just a host name. curl is going to guess at
> the
> protocol in this case, and it' going to guess FTP, not SFTP. Try setting
> a URL
> like sftp://ftp.server.com/ and see if it works any better.
>
Thank you. After I added sftp:// I am getting a message:
"* Protocol "sftp" not supported or disabled in libcurl"
doh, so it looks to me that sftp is not built-in in the curl and I have to
recompile ... I will try to follow some document that describes it,
probably http://andrewberls.com/blog/post/adding-sftp-support-to-curl
> > curl_easy_setopt(curlSession, CURLOPT_PORT, 22);
> > curl_easy_setopt(curlSession, CURLOPT_WRITEFUNCTION,
> FileDownloadToStreamCallback);
> > curl_easy_setopt(curlSession, CURLOPT_WRITEDATA, &packageListData);
> > curl_easy_setopt(curlSession, CURLOPT_DIRLISTONLY, 1);
> > curl_easy_setopt(curlSession, CURLOPT_VERBOSE, 1);
>
> These two must be long, not int; use 1L instead.
>
It worked for me without L, but you are right, I will update it.
> > curl_easy_setopt(curlSession, CURLOPT_SSH_AUTH_TYPES,
> CURLSSH_AUTH_PUBLICKEY | CURLSSH_AUTH_PASSWORD);
> > curl_easy_setopt(curlSession, CURLOPT_SSH_HOST_PUBLIC_KEY_MD5, "
> b01fxxxxxxxxxxxxxxxxxxxxxxxxxxxx");
> > int res = curl_easy_perform(curlSession);
> >
> > I see this in verbose console:
> >
> > Started
> > * Rebuilt URL to: ftp.server.com/
> > * Trying 111.33.111.11...
> > * TCP_NODELAY set
> > * Connected to ftp.server.com (111.33.111.11) port 22 (#0)
> > < SSH-2.0-mod_sftp/0.9.9
> > * Operation timed out after 300281 milliseconds with 0 out of 0 bytes
> received
> > * Closing connection 0
> >
> > I'd like to make my code work without user's interaction (as I have
> username
> > and password) and it should check if the host key is correct.
> >
> > I'm missing some functions that would return me the server's host key so
> I
> > could compare it to my local key; and then approving the server that it
> is ok
> > to connect.
>
> curl will do this for you when you set CURLOPT_SSH_HOST_PUBLIC_KEY_MD5
>
Okay, it will do it for me, but how will I get the information if the
server's key has changed (something like the message 'key is unknown, do
you agree to proceed')? I mean if server's key has changed/is unknown then
user should approve the connection, right?
> >>> Dan
>
thanks, Miro
-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-10-16