From 51c6a5d43b09835289a469165aa7a2bfb79dbdc6 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 3 Oct 2007 08:00:42 +0000 Subject: Based on a patch brought by Johnny Luong, libcurl now offers CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 and the curl tool --hostpubmd5. They both make the SCP or SFTP connection verify the remote host's md5 checksum of the public key before doing a connect, to reduce the risk of a man-in-the-middle attack. --- docs/libcurl/curl_easy_setopt.3 | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'docs/libcurl') diff --git a/docs/libcurl/curl_easy_setopt.3 b/docs/libcurl/curl_easy_setopt.3 index edf7473ff..ac460ae09 100644 --- a/docs/libcurl/curl_easy_setopt.3 +++ b/docs/libcurl/curl_easy_setopt.3 @@ -1411,6 +1411,11 @@ Pass a long set to a bitmask consisting of one or more of CURLSSH_AUTH_PUBLICKEY, CURLSSH_AUTH_PASSWORD, CURLSSH_AUTH_HOST, CURLSSH_AUTH_KEYBOARD. Set CURLSSH_AUTH_ANY to let libcurl pick one. (Added in 7.16.1) +.IP CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 +Pass a char * pointing to a string containing 32 hexadecimal digits. The +string should be the 128 bit MD5 cheksum of the remote host's public key, and +libcurl will reject the connection to the host unless the md5sums match. This +option is only for SCP and SFTP transfers. (Added in 7.17.1) .IP CURLOPT_SSH_PUBLIC_KEYFILE Pass a char * pointing to a file name for your public key. If not used, libcurl defaults to using \fB~/.ssh/id_dsa.pub\fP. -- cgit v1.2.3