Curl failed to read known_hosts file
Clash Royale CLAN TAG#URR8PPP
up vote
4
down vote
favorite
I'm trying to download a file from a Centos 6 server using another Centos 6 server as client and curl
with the scp
protocol and I'm getting this error output:
$ curl -v -O scp://cz/path/to/file
* About to connect() to cz port 22 (#0)
* Trying 1.2.3.4... connected
* Connected to cz (1.2.3.4) port 22 (#0)
* Failed to read known hosts from /home/cpn/.ssh/known_hosts
* SSH host check: 0, key: AAAAB3NzaC1yc2EAAAABIwAAAQEAyeeDgYFsHi3Ks3PxCXt69IHBr7yNII720sXOm9WKIdGnwPf7QHbLsMf41mctcGRSJ2yO2EXpNEbZQhdUqs3oImdTn2OHF/K8STK1GXMVseusgmPuQWBt36AVPon7h9lSCjtxt+1UpFJoireXvhUDlgg9i1C9QbE04GAmA7vMOmtcVt3/3F6X/hKhOZvHj1gu5+RzCO8fXo2R8XeRoN0GcU2jVOhug0G+hXAiHymh5JzVm4YlCzsNIv3mDOF2lZRLdkor5FDKjBY8/o/5O8U0lWm4ie2S7qDppqCJP2SnNTWlaM3k5HDmdyEKKZ0lV+qG33q3ADZxjBeIKQtWLZfC3w==
* SSH authentication methods available: publickey,gssapi-keyex,gssapi-with-mic,password
* Using ssh public key file /home/cpn/.ssh/id_dsa.pub
* Using ssh private key file /home/cpn/.ssh/id_dsa
* SSH public key authentication failed: Username/PublicKey combination invalid
* Authentication failure
* Closing connection #0
I can download the file using scp
no questions asked:
$ scp cz:/path/to/file .
I can log in to the server with ssh
again no questions asked
$ ssh cz
There are both ssh-rsa
and ssh-dss
keys at the server's authorized_keys
file
What is exactly curl
complaining about? My only guess is that curl
wants a dsa
key in the client's known_hosts
file. If that is the case how to generate it? Or how to make curl
look for the rsa
key instead in that file?
Update
At the client:
$ ls -l /home/cpn/.ssh/known_hosts
-rw-r--r--. 1 cpn cpn 1970 Nov 12 16:12 /home/cpn/.ssh/known_hosts
centos scp curl
add a comment |Â
up vote
4
down vote
favorite
I'm trying to download a file from a Centos 6 server using another Centos 6 server as client and curl
with the scp
protocol and I'm getting this error output:
$ curl -v -O scp://cz/path/to/file
* About to connect() to cz port 22 (#0)
* Trying 1.2.3.4... connected
* Connected to cz (1.2.3.4) port 22 (#0)
* Failed to read known hosts from /home/cpn/.ssh/known_hosts
* SSH host check: 0, key: AAAAB3NzaC1yc2EAAAABIwAAAQEAyeeDgYFsHi3Ks3PxCXt69IHBr7yNII720sXOm9WKIdGnwPf7QHbLsMf41mctcGRSJ2yO2EXpNEbZQhdUqs3oImdTn2OHF/K8STK1GXMVseusgmPuQWBt36AVPon7h9lSCjtxt+1UpFJoireXvhUDlgg9i1C9QbE04GAmA7vMOmtcVt3/3F6X/hKhOZvHj1gu5+RzCO8fXo2R8XeRoN0GcU2jVOhug0G+hXAiHymh5JzVm4YlCzsNIv3mDOF2lZRLdkor5FDKjBY8/o/5O8U0lWm4ie2S7qDppqCJP2SnNTWlaM3k5HDmdyEKKZ0lV+qG33q3ADZxjBeIKQtWLZfC3w==
* SSH authentication methods available: publickey,gssapi-keyex,gssapi-with-mic,password
* Using ssh public key file /home/cpn/.ssh/id_dsa.pub
* Using ssh private key file /home/cpn/.ssh/id_dsa
* SSH public key authentication failed: Username/PublicKey combination invalid
* Authentication failure
* Closing connection #0
I can download the file using scp
no questions asked:
$ scp cz:/path/to/file .
I can log in to the server with ssh
again no questions asked
$ ssh cz
There are both ssh-rsa
and ssh-dss
keys at the server's authorized_keys
file
What is exactly curl
complaining about? My only guess is that curl
wants a dsa
key in the client's known_hosts
file. If that is the case how to generate it? Or how to make curl
look for the rsa
key instead in that file?
Update
At the client:
$ ls -l /home/cpn/.ssh/known_hosts
-rw-r--r--. 1 cpn cpn 1970 Nov 12 16:12 /home/cpn/.ssh/known_hosts
centos scp curl
Can you post the output ofls -l /home/cpn/.ssh/known_hosts
on the machine hosting this very file?
â John WH Smith
Nov 12 '14 at 18:37
@John Edited with the command output
â Clodoaldo
Nov 12 '14 at 18:49
Do you expectcurl
to prompt for an SSH/SCP password, or did you configure your RSA key for this remote host? It seems likecurl
is trying to perform publickey (passwordless) authentication here.
â John WH Smith
Nov 12 '14 at 18:51
@John I can doscp
copy andssh
login using publickey for the remote host. So I expectcurl
to use publickey.
â Clodoaldo
Nov 12 '14 at 19:53
add a comment |Â
up vote
4
down vote
favorite
up vote
4
down vote
favorite
I'm trying to download a file from a Centos 6 server using another Centos 6 server as client and curl
with the scp
protocol and I'm getting this error output:
$ curl -v -O scp://cz/path/to/file
* About to connect() to cz port 22 (#0)
* Trying 1.2.3.4... connected
* Connected to cz (1.2.3.4) port 22 (#0)
* Failed to read known hosts from /home/cpn/.ssh/known_hosts
* SSH host check: 0, key: AAAAB3NzaC1yc2EAAAABIwAAAQEAyeeDgYFsHi3Ks3PxCXt69IHBr7yNII720sXOm9WKIdGnwPf7QHbLsMf41mctcGRSJ2yO2EXpNEbZQhdUqs3oImdTn2OHF/K8STK1GXMVseusgmPuQWBt36AVPon7h9lSCjtxt+1UpFJoireXvhUDlgg9i1C9QbE04GAmA7vMOmtcVt3/3F6X/hKhOZvHj1gu5+RzCO8fXo2R8XeRoN0GcU2jVOhug0G+hXAiHymh5JzVm4YlCzsNIv3mDOF2lZRLdkor5FDKjBY8/o/5O8U0lWm4ie2S7qDppqCJP2SnNTWlaM3k5HDmdyEKKZ0lV+qG33q3ADZxjBeIKQtWLZfC3w==
* SSH authentication methods available: publickey,gssapi-keyex,gssapi-with-mic,password
* Using ssh public key file /home/cpn/.ssh/id_dsa.pub
* Using ssh private key file /home/cpn/.ssh/id_dsa
* SSH public key authentication failed: Username/PublicKey combination invalid
* Authentication failure
* Closing connection #0
I can download the file using scp
no questions asked:
$ scp cz:/path/to/file .
I can log in to the server with ssh
again no questions asked
$ ssh cz
There are both ssh-rsa
and ssh-dss
keys at the server's authorized_keys
file
What is exactly curl
complaining about? My only guess is that curl
wants a dsa
key in the client's known_hosts
file. If that is the case how to generate it? Or how to make curl
look for the rsa
key instead in that file?
Update
At the client:
$ ls -l /home/cpn/.ssh/known_hosts
-rw-r--r--. 1 cpn cpn 1970 Nov 12 16:12 /home/cpn/.ssh/known_hosts
centos scp curl
I'm trying to download a file from a Centos 6 server using another Centos 6 server as client and curl
with the scp
protocol and I'm getting this error output:
$ curl -v -O scp://cz/path/to/file
* About to connect() to cz port 22 (#0)
* Trying 1.2.3.4... connected
* Connected to cz (1.2.3.4) port 22 (#0)
* Failed to read known hosts from /home/cpn/.ssh/known_hosts
* SSH host check: 0, key: AAAAB3NzaC1yc2EAAAABIwAAAQEAyeeDgYFsHi3Ks3PxCXt69IHBr7yNII720sXOm9WKIdGnwPf7QHbLsMf41mctcGRSJ2yO2EXpNEbZQhdUqs3oImdTn2OHF/K8STK1GXMVseusgmPuQWBt36AVPon7h9lSCjtxt+1UpFJoireXvhUDlgg9i1C9QbE04GAmA7vMOmtcVt3/3F6X/hKhOZvHj1gu5+RzCO8fXo2R8XeRoN0GcU2jVOhug0G+hXAiHymh5JzVm4YlCzsNIv3mDOF2lZRLdkor5FDKjBY8/o/5O8U0lWm4ie2S7qDppqCJP2SnNTWlaM3k5HDmdyEKKZ0lV+qG33q3ADZxjBeIKQtWLZfC3w==
* SSH authentication methods available: publickey,gssapi-keyex,gssapi-with-mic,password
* Using ssh public key file /home/cpn/.ssh/id_dsa.pub
* Using ssh private key file /home/cpn/.ssh/id_dsa
* SSH public key authentication failed: Username/PublicKey combination invalid
* Authentication failure
* Closing connection #0
I can download the file using scp
no questions asked:
$ scp cz:/path/to/file .
I can log in to the server with ssh
again no questions asked
$ ssh cz
There are both ssh-rsa
and ssh-dss
keys at the server's authorized_keys
file
What is exactly curl
complaining about? My only guess is that curl
wants a dsa
key in the client's known_hosts
file. If that is the case how to generate it? Or how to make curl
look for the rsa
key instead in that file?
Update
At the client:
$ ls -l /home/cpn/.ssh/known_hosts
-rw-r--r--. 1 cpn cpn 1970 Nov 12 16:12 /home/cpn/.ssh/known_hosts
centos scp curl
centos scp curl
edited Nov 13 '14 at 10:15
asked Nov 12 '14 at 16:44
Clodoaldo
234314
234314
Can you post the output ofls -l /home/cpn/.ssh/known_hosts
on the machine hosting this very file?
â John WH Smith
Nov 12 '14 at 18:37
@John Edited with the command output
â Clodoaldo
Nov 12 '14 at 18:49
Do you expectcurl
to prompt for an SSH/SCP password, or did you configure your RSA key for this remote host? It seems likecurl
is trying to perform publickey (passwordless) authentication here.
â John WH Smith
Nov 12 '14 at 18:51
@John I can doscp
copy andssh
login using publickey for the remote host. So I expectcurl
to use publickey.
â Clodoaldo
Nov 12 '14 at 19:53
add a comment |Â
Can you post the output ofls -l /home/cpn/.ssh/known_hosts
on the machine hosting this very file?
â John WH Smith
Nov 12 '14 at 18:37
@John Edited with the command output
â Clodoaldo
Nov 12 '14 at 18:49
Do you expectcurl
to prompt for an SSH/SCP password, or did you configure your RSA key for this remote host? It seems likecurl
is trying to perform publickey (passwordless) authentication here.
â John WH Smith
Nov 12 '14 at 18:51
@John I can doscp
copy andssh
login using publickey for the remote host. So I expectcurl
to use publickey.
â Clodoaldo
Nov 12 '14 at 19:53
Can you post the output of
ls -l /home/cpn/.ssh/known_hosts
on the machine hosting this very file?â John WH Smith
Nov 12 '14 at 18:37
Can you post the output of
ls -l /home/cpn/.ssh/known_hosts
on the machine hosting this very file?â John WH Smith
Nov 12 '14 at 18:37
@John Edited with the command output
â Clodoaldo
Nov 12 '14 at 18:49
@John Edited with the command output
â Clodoaldo
Nov 12 '14 at 18:49
Do you expect
curl
to prompt for an SSH/SCP password, or did you configure your RSA key for this remote host? It seems like curl
is trying to perform publickey (passwordless) authentication here.â John WH Smith
Nov 12 '14 at 18:51
Do you expect
curl
to prompt for an SSH/SCP password, or did you configure your RSA key for this remote host? It seems like curl
is trying to perform publickey (passwordless) authentication here.â John WH Smith
Nov 12 '14 at 18:51
@John I can do
scp
copy and ssh
login using publickey for the remote host. So I expect curl
to use publickey.â Clodoaldo
Nov 12 '14 at 19:53
@John I can do
scp
copy and ssh
login using publickey for the remote host. So I expect curl
to use publickey.â Clodoaldo
Nov 12 '14 at 19:53
add a comment |Â
2 Answers
2
active
oldest
votes
up vote
2
down vote
I can at least explain what's probably going on: the .
after the permissions in the output of ls -l
indicates the presence of an SELinux policy, which overrides file permissions based on which program is accessing the file. Use ls -Z ~/.ssh/known_hosts
to display the file's policy.
Presumably /usr/bin/ssh
and its companion programs (ssh-keygen
, scp
, etc.) are the only programs who are allowed to access that file. I'm skeptical about this policy: it is useful to edit ~/.ssh/known_hosts
manually sometimes. However I don't understand why curl would want to read that file instead of letting ssh
and friends do it.
You can use the chcon
command to edit the policy for that file, and restorecon
to restore the default policy. See the CentOS wiki for more information about SELinux.
+1 I didsetenforce 0
but still the same error message.
â Clodoaldo
Nov 13 '14 at 9:58
add a comment |Â
up vote
0
down vote
For people who find this page via google:
It looks like old versions of cURL choke on known_hosts
files with unrecognized keytypes, and sufficiently old versions of cURL don't recognize any keytype but ssh-rsa
.
For example, my cURL is version 7.29.0 (6 years old, and the latest available in CentOS 7 as of this writing), and will cease reading keys after the first ecdsa-sha2-nistp256
, which is the majority of the keys in my known_hosts
file.
New contributor
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
2
down vote
I can at least explain what's probably going on: the .
after the permissions in the output of ls -l
indicates the presence of an SELinux policy, which overrides file permissions based on which program is accessing the file. Use ls -Z ~/.ssh/known_hosts
to display the file's policy.
Presumably /usr/bin/ssh
and its companion programs (ssh-keygen
, scp
, etc.) are the only programs who are allowed to access that file. I'm skeptical about this policy: it is useful to edit ~/.ssh/known_hosts
manually sometimes. However I don't understand why curl would want to read that file instead of letting ssh
and friends do it.
You can use the chcon
command to edit the policy for that file, and restorecon
to restore the default policy. See the CentOS wiki for more information about SELinux.
+1 I didsetenforce 0
but still the same error message.
â Clodoaldo
Nov 13 '14 at 9:58
add a comment |Â
up vote
2
down vote
I can at least explain what's probably going on: the .
after the permissions in the output of ls -l
indicates the presence of an SELinux policy, which overrides file permissions based on which program is accessing the file. Use ls -Z ~/.ssh/known_hosts
to display the file's policy.
Presumably /usr/bin/ssh
and its companion programs (ssh-keygen
, scp
, etc.) are the only programs who are allowed to access that file. I'm skeptical about this policy: it is useful to edit ~/.ssh/known_hosts
manually sometimes. However I don't understand why curl would want to read that file instead of letting ssh
and friends do it.
You can use the chcon
command to edit the policy for that file, and restorecon
to restore the default policy. See the CentOS wiki for more information about SELinux.
+1 I didsetenforce 0
but still the same error message.
â Clodoaldo
Nov 13 '14 at 9:58
add a comment |Â
up vote
2
down vote
up vote
2
down vote
I can at least explain what's probably going on: the .
after the permissions in the output of ls -l
indicates the presence of an SELinux policy, which overrides file permissions based on which program is accessing the file. Use ls -Z ~/.ssh/known_hosts
to display the file's policy.
Presumably /usr/bin/ssh
and its companion programs (ssh-keygen
, scp
, etc.) are the only programs who are allowed to access that file. I'm skeptical about this policy: it is useful to edit ~/.ssh/known_hosts
manually sometimes. However I don't understand why curl would want to read that file instead of letting ssh
and friends do it.
You can use the chcon
command to edit the policy for that file, and restorecon
to restore the default policy. See the CentOS wiki for more information about SELinux.
I can at least explain what's probably going on: the .
after the permissions in the output of ls -l
indicates the presence of an SELinux policy, which overrides file permissions based on which program is accessing the file. Use ls -Z ~/.ssh/known_hosts
to display the file's policy.
Presumably /usr/bin/ssh
and its companion programs (ssh-keygen
, scp
, etc.) are the only programs who are allowed to access that file. I'm skeptical about this policy: it is useful to edit ~/.ssh/known_hosts
manually sometimes. However I don't understand why curl would want to read that file instead of letting ssh
and friends do it.
You can use the chcon
command to edit the policy for that file, and restorecon
to restore the default policy. See the CentOS wiki for more information about SELinux.
answered Nov 13 '14 at 1:46
Gilles
518k12410321562
518k12410321562
+1 I didsetenforce 0
but still the same error message.
â Clodoaldo
Nov 13 '14 at 9:58
add a comment |Â
+1 I didsetenforce 0
but still the same error message.
â Clodoaldo
Nov 13 '14 at 9:58
+1 I did
setenforce 0
but still the same error message.â Clodoaldo
Nov 13 '14 at 9:58
+1 I did
setenforce 0
but still the same error message.â Clodoaldo
Nov 13 '14 at 9:58
add a comment |Â
up vote
0
down vote
For people who find this page via google:
It looks like old versions of cURL choke on known_hosts
files with unrecognized keytypes, and sufficiently old versions of cURL don't recognize any keytype but ssh-rsa
.
For example, my cURL is version 7.29.0 (6 years old, and the latest available in CentOS 7 as of this writing), and will cease reading keys after the first ecdsa-sha2-nistp256
, which is the majority of the keys in my known_hosts
file.
New contributor
add a comment |Â
up vote
0
down vote
For people who find this page via google:
It looks like old versions of cURL choke on known_hosts
files with unrecognized keytypes, and sufficiently old versions of cURL don't recognize any keytype but ssh-rsa
.
For example, my cURL is version 7.29.0 (6 years old, and the latest available in CentOS 7 as of this writing), and will cease reading keys after the first ecdsa-sha2-nistp256
, which is the majority of the keys in my known_hosts
file.
New contributor
add a comment |Â
up vote
0
down vote
up vote
0
down vote
For people who find this page via google:
It looks like old versions of cURL choke on known_hosts
files with unrecognized keytypes, and sufficiently old versions of cURL don't recognize any keytype but ssh-rsa
.
For example, my cURL is version 7.29.0 (6 years old, and the latest available in CentOS 7 as of this writing), and will cease reading keys after the first ecdsa-sha2-nistp256
, which is the majority of the keys in my known_hosts
file.
New contributor
For people who find this page via google:
It looks like old versions of cURL choke on known_hosts
files with unrecognized keytypes, and sufficiently old versions of cURL don't recognize any keytype but ssh-rsa
.
For example, my cURL is version 7.29.0 (6 years old, and the latest available in CentOS 7 as of this writing), and will cease reading keys after the first ecdsa-sha2-nistp256
, which is the majority of the keys in my known_hosts
file.
New contributor
edited 3 mins ago
New contributor
answered 10 mins ago
tboz203
12
12
New contributor
New contributor
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f167599%2fcurl-failed-to-read-known-hosts-file%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Can you post the output of
ls -l /home/cpn/.ssh/known_hosts
on the machine hosting this very file?â John WH Smith
Nov 12 '14 at 18:37
@John Edited with the command output
â Clodoaldo
Nov 12 '14 at 18:49
Do you expect
curl
to prompt for an SSH/SCP password, or did you configure your RSA key for this remote host? It seems likecurl
is trying to perform publickey (passwordless) authentication here.â John WH Smith
Nov 12 '14 at 18:51
@John I can do
scp
copy andssh
login using publickey for the remote host. So I expectcurl
to use publickey.â Clodoaldo
Nov 12 '14 at 19:53