From 51c6a5d43b09835289a469165aa7a2bfb79dbdc6 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 3 Oct 2007 08:00:42 +0000 Subject: Based on a patch brought by Johnny Luong, libcurl now offers CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 and the curl tool --hostpubmd5. They both make the SCP or SFTP connection verify the remote host's md5 checksum of the public key before doing a connect, to reduce the risk of a man-in-the-middle attack. --- docs/curl.1 | 5 +++++ docs/libcurl/curl_easy_setopt.3 | 5 +++++ 2 files changed, 10 insertions(+) (limited to 'docs') diff --git a/docs/curl.1 b/docs/curl.1 index f415d6f30..26d70b8d2 100644 --- a/docs/curl.1 +++ b/docs/curl.1 @@ -544,6 +544,11 @@ for you. See also the \fI-A/--user-agent\fP and \fI-e/--referer\fP options. This option can be used multiple times to add/replace/remove multiple headers. +.IP "--hostpubmd5" +Pass a string containing 32 hexadecimal digits. The string should be the 128 +bit MD5 cheksum of the remote host's public key, curl will refuse the +connection with the host unless the md5sums match. This option is only for SCP +and SFTP transfers. (Added in 7.17.1) .IP "--ignore-content-length" (HTTP) Ignore the Content-Length header. This is particularly useful for servers diff --git a/docs/libcurl/curl_easy_setopt.3 b/docs/libcurl/curl_easy_setopt.3 index edf7473ff..ac460ae09 100644 --- a/docs/libcurl/curl_easy_setopt.3 +++ b/docs/libcurl/curl_easy_setopt.3 @@ -1411,6 +1411,11 @@ Pass a long set to a bitmask consisting of one or more of CURLSSH_AUTH_PUBLICKEY, CURLSSH_AUTH_PASSWORD, CURLSSH_AUTH_HOST, CURLSSH_AUTH_KEYBOARD. Set CURLSSH_AUTH_ANY to let libcurl pick one. (Added in 7.16.1) +.IP CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 +Pass a char * pointing to a string containing 32 hexadecimal digits. The +string should be the 128 bit MD5 cheksum of the remote host's public key, and +libcurl will reject the connection to the host unless the md5sums match. This +option is only for SCP and SFTP transfers. (Added in 7.17.1) .IP CURLOPT_SSH_PUBLIC_KEYFILE Pass a char * pointing to a file name for your public key. If not used, libcurl defaults to using \fB~/.ssh/id_dsa.pub\fP. -- cgit v1.2.3