plus made --pass work on an SSH private key as well.
Changelog
+Dan F (23 March 2007)
+- Added --pubkey option to curl and made --key also work for SCP/SFTP,
+ plus made --pass work on an SSH private key as well.
+
Yang Tse (20 March 2007)
- Fixed: When a signal was caught awaiting for an event using Curl_select()
or Curl_poll() with a non-zero timeout both functions would restart the
Public curl release number: 98
Releases counted from the very beginning: 125
- Available command line options: 117
+ Available command line options: 118
Available curl_easy_setopt() options: 141
Number of public functions in libcurl: 54
Amount of public web site mirrors: 38
o includes VC8 Makefiles in the release archive
o --ftp-ssl-control is now honoured on ftps:// URLs
o added experimental CURL_ACKNOWLEDGE_EINTR symbol definition check
+ o --key and new --pubkey options for SSH public key file logins
+ o --pass now works for a SSH public key file, too
This release includes the following bugfixes:
SIMPLE USAGE
- Get the main page from netscape's web-server:
+ Get the main page from Netscape's web-server:
curl http://www.netscape.com/
curl --ftp-ssl ftp://files.are.secure.com/secrets.txt
+ Get a file from an SSH server using SFTP:
+
+ curl -u username sftp://shell.example.com/~/personal.txt
+
+ Get a file from an SSH server using SCP using a private key to authenticate:
+
+ curl -u username: --key ~/.ssh/id_dsa --pubkey ~/.ssh/id_dsa.pub \
+ scp://shell.example.com/~/personal.txt
+
DOWNLOAD TO A FILE
If this option is used twice, the second time will again disable it.
.IP "--key <key>"
-(SSL) Private key file name. Allows you to provide your private key in this
+(SSL/SSH) Private key file name. Allows you to provide your private key in this
separate file.
If this option is used several times, the last one will be used.
You may use this option as many times as you have number of URLs.
.IP "--pass <phrase>"
-(SSL) Pass phrase for the private key
+(SSL/SSH) Pass phrase for the private key
If this option is used several times, the last one will be used.
.IP "--proxy-anyauth"
remote port number curl wants to tunnel through to.
If this option is used twice, the second will again disable proxy tunnel.
+.IP "--pubkey <key>"
+(SSH) Public key file name. Allows you to provide your public key in this
+separate file.
+
+If this option is used several times, the last one will be used.
.IP "-P/--ftp-port <address>"
(FTP) Reverses the initiator/listener roles when connecting with ftp. This
switch makes Curl use the PORT command instead of PASV. In practice, PORT
\&"DER" format key file currently does not work because of a bug in OpenSSL.
.IP CURLOPT_SSLKEYPASSWD
Pass a pointer to a zero terminated string as parameter. It will be used as
-the password required to use the \fICURLOPT_SSLKEY\fP private key.
+the password required to use the \fICURLOPT_SSLKEY\fP or
+\fICURLOPT_SSH_PRIVATE_KEYFILE\fP private key.
.IP CURLOPT_SSLENGINE
Pass a pointer to a zero terminated string as parameter. It will be used as
the identifier for the crypto engine you want to use for your private
.IP CURLOPT_SSH_PRIVATE_KEYFILE
Pass a char * pointing to a file name for your private key. If not used,
libcurl defaults to using \fB~/.ssh/id_dsa\fP.
+If the file is password-protected, set the password with \fICURLOPT_SSLKEYPASSWD\fP.
.SH OTHER OPTIONS
.IP CURLOPT_PRIVATE
Pass a char * as parameter, pointing to data that should be associated with
struct SSHPROTO *ssh;
const char *fingerprint;
const char *authlist;
- char *home;
- char rsa_pub[PATH_MAX];
- char rsa[PATH_MAX];
char tempHome[PATH_MAX];
curl_socket_t sock;
char *real_path;
CURLcode result;
struct SessionHandle *data = conn->data;
- rsa_pub[0] = rsa[0] = '\0';
-
result = ssh_init(conn);
if (result)
return result;
*/
if ((data->set.ssh_auth_types & CURLSSH_AUTH_PUBLICKEY) &&
(strstr(authlist, "publickey") != NULL)) {
+ const char *home;
+ const char *passphrase;
+ char rsa_pub[PATH_MAX];
+ char rsa[PATH_MAX];
+
+ rsa_pub[0] = rsa[0] = '\0';
+
/* To ponder about: should really the lib be messing about with the HOME
environment variable etc? */
home = curl_getenv("HOME");
else if (home)
snprintf(rsa, sizeof(rsa), "%s/.ssh/id_dsa", home);
+ passphrase = data->set.key_passwd;
+ if (!passphrase)
+ passphrase = "";
+
curl_free(home);
infof(conn->data, "Using ssh public key file %s\n", rsa_pub);
/* The function below checks if the files exists, no need to stat() here.
*/
if (libssh2_userauth_publickey_fromfile(ssh->ssh_session, ssh->user,
- rsa_pub, rsa, "") == 0) {
+ rsa_pub, rsa, passphrase) == 0) {
authed = TRUE;
infof(conn->data, "Initialized SSH public key authentication\n");
}
char *key;
char *key_type;
char *key_passwd;
+ char *pubkey;
char *engine;
bool list_engines;
bool crlf;
" -e/--referer Referer URL (H)",
" -E/--cert <cert[:passwd]> Client certificate file and password (SSL)",
" --cert-type <type> Certificate file type (DER/PEM/ENG) (SSL)",
- " --key <key> Private key file name (SSL)",
+ " --key <key> Private key file name (SSL/SSH)",
" --key-type <type> Private key file type (DER/PEM/ENG) (SSL)",
- " --pass <pass> Pass phrase for the private key (SSL)",
+ " --pass <pass> Pass phrase for the private key (SSL/SSH)",
+ " --pubkey <key> Public key file name (SSH)",
" --engine <eng> Crypto engine to use (SSL). \"--engine list\" for list",
" --cacert <file> CA certificate to verify peer against (SSL)",
" --capath <directory> CA directory (made using c_rehash) to verify",
{"Ee","pass", TRUE},
{"Ef","engine", TRUE},
{"Eg","capath ", TRUE},
+ {"Eh","pubkey", TRUE},
{"f", "fail", FALSE},
{"F", "form", TRUE},
{"Fs","form-string", TRUE},
/* CA cert directory */
GetStr(&config->capath, nextarg);
break;
+ case 'h': /* --pubkey public key file */
+ GetStr(&config->pubkey, nextarg);
+ break;
default: /* certificate file */
{
char *ptr = strchr(nextarg, ':');
free(config->key);
if (config->key_type)
free(config->key_type);
+ if (config->pubkey)
+ free(config->pubkey);
if (config->referer)
free(config->referer);
my_setopt(curl, CURLOPT_SSLKEYTYPE, config->key_type);
my_setopt(curl, CURLOPT_SSLKEYPASSWD, config->key_passwd);
+ /* SSH private key uses the same command-line option as SSL private key */
+ my_setopt(curl, CURLOPT_SSH_PRIVATE_KEYFILE, config->key);
+ my_setopt(curl, CURLOPT_SSH_PUBLIC_KEYFILE, config->pubkey);
+
/* default to strict verifyhost */
my_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2);
if(config->cacert || config->capath) {
projects / curl / commitdiff