ssh public key authentication problem using curl

ssh public key authentication problem using curl

[carolus]

After setup with ssh-host-config, ssh-user-config, and ssh-copy-id, 
public key authentication works with ssh but fails with curl. (Password 
authentication works with curl -u, but is less convenient.)

curl -v shows:

  SSH authentication methods available: 
publickey,password,keyboard-interactive
  Using ssh public key file /home/cdr/.ssh/id_dsa.pub
  Using ssh private key file /home/cdr/.ssh/id_dsa
  SSH public key authentication failed: Username/PublicKey combination 
invalid
  Authentication failure

However, ssh authenticates OK using RSA. ssh -v shows:

  Next authentication method: publickey
  Offering public key: /home/cdr/.ssh/id_rsa
  Server accepts key: pkalg ssh-rsa blen 279
  read PEM private key done: type RSA
  Authentication succeeded (publickey).


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: ssh public key authentication problem using curl

[Andrey Repin]

Greetings, carolus!

> After setup with ssh-host-config, ssh-user-config, and ssh-copy-id, 
> public key authentication works with ssh but fails with curl. (Password 
> authentication works with curl -u, but is less convenient.)

> curl -v shows:

>   SSH authentication methods available: 
> publickey,password,keyboard-interactive
>   Using ssh public key file /home/cdr/.ssh/id_dsa.pub
>   Using ssh private key file /home/cdr/.ssh/id_dsa
>   SSH public key authentication failed: Username/PublicKey combination 
> invalid
>   Authentication failure

What was exact command?

> However, ssh authenticates OK using RSA. ssh -v shows:

>   Next authentication method: publickey
>   Offering public key: /home/cdr/.ssh/id_rsa
>   Server accepts key: pkalg ssh-rsa blen 279
>   read PEM private key done: type RSA
>   Authentication succeeded (publickey).

Again: What was exact command?


--
WBR,
Andrey Repin (anrdaemon@freemail.ru) 03.11.2011, <19:51>

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: ssh public key authentication problem using curl

[Yaakov (Cygwin/X)]

On Tue, 2011-11-01 at 15:24 -0500, carolus wrote:
> After setup with ssh-host-config, ssh-user-config, and ssh-copy-id, 
> public key authentication works with ssh but fails with curl. (Password 
> authentication works with curl -u, but is less convenient.)
> 
> curl -v shows:
> 
>   SSH authentication methods available: 
> publickey,password,keyboard-interactive
>   Using ssh public key file /home/cdr/.ssh/id_dsa.pub
>   Using ssh private key file /home/cdr/.ssh/id_dsa
>   SSH public key authentication failed: Username/PublicKey combination 
> invalid
>   Authentication failure
> 
> However, ssh authenticates OK using RSA. ssh -v shows:
> 
>   Next authentication method: publickey
>   Offering public key: /home/cdr/.ssh/id_rsa
>   Server accepts key: pkalg ssh-rsa blen 279
>   read PEM private key done: type RSA
>   Authentication succeeded (publickey).

Look at the output:  You're using the wrong keys with the curl command.


Yaakov



--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: ssh public key authentication problem using curl

[carolus]

On 11/3/2011 10:51 AM, Andrey Repin wrote:

>
> What was exact command?
>

curl  -v -O sftp://dell03/cygdrive/f/transit_ext/this_is_external_drive.txt

(without the newline. I can't get rid of it using the Thunderbird 
newsreader to write this reply.)


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: ssh public key authentication problem using curl

[carolus]

On 11/3/2011 6:08 PM, Yaakov (Cygwin/X) wrote:

>
> Look at the output:  You're using the wrong keys with the curl
> command.
>
How do I get them right?  Why does curl insist on using
the DSA key, when ssh is quite happy with the RSA key?  I tried
appending the public DSA key from the client to known_hosts on the
server, but that didn't change anything.


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: ssh public key authentication problem using curl

[carolus]

On 11/3/2011 6:57 PM, carolus wrote:
  I tried
> appending the public DSA key from the client to known_hosts on the
> server, but that didn't change anything.

Correction: What I did was to append id_dsa.pub from the client to 
authorized_keys on the server, and to delete known_hosts on the server 
in case there was a conflict with prior data. There was no change in the 
behavior of either "ssh -v host" or "curl -v -O sftp://host/path".




--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: ssh public key authentication problem using curl

[Andrey Repin]

Greetings, carolus!

>>
>> What was exact command?
>>

> curl  -v -O sftp://dell03/cygdrive/f/transit_ext/this_is_external_drive.txt

> (without the newline. I can't get rid of it using the Thunderbird 
> newsreader to write this reply.)

And so, what the answer you've expected?
You didn't supplied a username to the remote host at all.
Quite predictable, you got a name mismatch...


--
WBR,
Andrey Repin (anrdaemon@freemail.ru) 04.11.2011, <23:32>

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: ssh public key authentication problem using curl

[carolus]

On 11/4/2011 2:33 PM, Andrey Repin wrote:

> You didn't supplied a username to the remote host at all.
> Quite predictable, you got a name mismatch...

Thanks.  That was the clue.  The following all work, connecting to my 
cygwin home directory on the server:

ssh dell03
sftp dell03
lftp sftp://dell03

but curl requires a more explicit syntax: curl sftp://cdr@dell03

I had tried curl -u cdr, but that asks for a password.  Since I want to 
use curl in a script, I did not want to have to enter a password.
I did not think of trying a different syntax until reading your suggestion.





--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: ssh public key authentication problem using curl

[Andrey Repin]

Greetings, carolus!

>> You didn't supplied a username to the remote host at all.
>> Quite predictable, you got a name mismatch...

> Thanks.  That was the clue.  The following all work, connecting to my 
> cygwin home directory on the server:

> ssh dell03
> sftp dell03
> lftp sftp://dell03

> but curl requires a more explicit syntax: curl sftp://cdr@dell03

> I had tried curl -u cdr, but that asks for a password.  Since I want to 
> use curl in a script, I did not want to have to enter a password.
> I did not think of trying a different syntax until reading your suggestion.

Many tools take your $USER as login name to remote host by default.
Which is a rather wild guess, in general, but often works... locally.


--
WBR,
Andrey Repin (anrdaemon@freemail.ru) 10.11.2011, <05:06>

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple