Curl failed to read known_hosts file
Clash Royale CLAN TAG#URR8PPP
up vote
4
down vote
favorite
I'm trying to download a file from a Centos 6 server using another Centos 6 server as client and curl with the scp protocol and I'm getting this error output:
$ curl -v -O scp://cz/path/to/file
* About to connect() to cz port 22 (#0)
* Trying 1.2.3.4... connected
* Connected to cz (1.2.3.4) port 22 (#0)
* Failed to read known hosts from /home/cpn/.ssh/known_hosts
* SSH host check: 0, key: AAAAB3NzaC1yc2EAAAABIwAAAQEAyeeDgYFsHi3Ks3PxCXt69IHBr7yNII720sXOm9WKIdGnwPf7QHbLsMf41mctcGRSJ2yO2EXpNEbZQhdUqs3oImdTn2OHF/K8STK1GXMVseusgmPuQWBt36AVPon7h9lSCjtxt+1UpFJoireXvhUDlgg9i1C9QbE04GAmA7vMOmtcVt3/3F6X/hKhOZvHj1gu5+RzCO8fXo2R8XeRoN0GcU2jVOhug0G+hXAiHymh5JzVm4YlCzsNIv3mDOF2lZRLdkor5FDKjBY8/o/5O8U0lWm4ie2S7qDppqCJP2SnNTWlaM3k5HDmdyEKKZ0lV+qG33q3ADZxjBeIKQtWLZfC3w==
* SSH authentication methods available: publickey,gssapi-keyex,gssapi-with-mic,password
* Using ssh public key file /home/cpn/.ssh/id_dsa.pub
* Using ssh private key file /home/cpn/.ssh/id_dsa
* SSH public key authentication failed: Username/PublicKey combination invalid
* Authentication failure
* Closing connection #0
I can download the file using scp no questions asked:
$ scp cz:/path/to/file .
I can log in to the server with ssh again no questions asked
$ ssh cz
There are both ssh-rsa and ssh-dss keys at the server's authorized_keys file
What is exactly curl complaining about? My only guess is that curl wants a dsa key in the client's known_hosts file. If that is the case how to generate it? Or how to make curl look for the rsa key instead in that file?
Update
At the client:
$ ls -l /home/cpn/.ssh/known_hosts
-rw-r--r--. 1 cpn cpn 1970 Nov 12 16:12 /home/cpn/.ssh/known_hosts
centos scp curl
asked Nov 12 '14 at 16:44
Clodoaldo
234314
add a comment |Â
up vote
4
down vote
favorite
I'm trying to download a file from a Centos 6 server using another Centos 6 server as client and curl with the scp protocol and I'm getting this error output:
$ curl -v -O scp://cz/path/to/file
* About to connect() to cz port 22 (#0)
* Trying 1.2.3.4... connected
* Connected to cz (1.2.3.4) port 22 (#0)
* Failed to read known hosts from /home/cpn/.ssh/known_hosts
* SSH host check: 0, key: AAAAB3NzaC1yc2EAAAABIwAAAQEAyeeDgYFsHi3Ks3PxCXt69IHBr7yNII720sXOm9WKIdGnwPf7QHbLsMf41mctcGRSJ2yO2EXpNEbZQhdUqs3oImdTn2OHF/K8STK1GXMVseusgmPuQWBt36AVPon7h9lSCjtxt+1UpFJoireXvhUDlgg9i1C9QbE04GAmA7vMOmtcVt3/3F6X/hKhOZvHj1gu5+RzCO8fXo2R8XeRoN0GcU2jVOhug0G+hXAiHymh5JzVm4YlCzsNIv3mDOF2lZRLdkor5FDKjBY8/o/5O8U0lWm4ie2S7qDppqCJP2SnNTWlaM3k5HDmdyEKKZ0lV+qG33q3ADZxjBeIKQtWLZfC3w==
* SSH authentication methods available: publickey,gssapi-keyex,gssapi-with-mic,password
* Using ssh public key file /home/cpn/.ssh/id_dsa.pub
* Using ssh private key file /home/cpn/.ssh/id_dsa
* SSH public key authentication failed: Username/PublicKey combination invalid
* Authentication failure
* Closing connection #0
I can download the file using scp no questions asked:
$ scp cz:/path/to/file .
I can log in to the server with ssh again no questions asked
$ ssh cz
There are both ssh-rsa and ssh-dss keys at the server's authorized_keys file
What is exactly curl complaining about? My only guess is that curl wants a dsa key in the client's known_hosts file. If that is the case how to generate it? Or how to make curl look for the rsa key instead in that file?
Update
At the client:
$ ls -l /home/cpn/.ssh/known_hosts
-rw-r--r--. 1 cpn cpn 1970 Nov 12 16:12 /home/cpn/.ssh/known_hosts
centos scp curl
asked Nov 12 '14 at 16:44
Clodoaldo
234314
Can you post the output ofls -l /home/cpn/.ssh/known_hostson the machine hosting this very file?
– John WH Smith
Nov 12 '14 at 18:37
@John Edited with the command output
– Clodoaldo
Nov 12 '14 at 18:49
Do you expectcurlto prompt for an SSH/SCP password, or did you configure your RSA key for this remote host? It seems likecurlis trying to perform publickey (passwordless) authentication here.
– John WH Smith
Nov 12 '14 at 18:51
@John I can doscpcopy andsshlogin using publickey for the remote host. So I expectcurlto use publickey.
– Clodoaldo
Nov 12 '14 at 19:53
add a comment |Â
up vote
4
down vote
favorite
up vote
4
down vote
favorite
I'm trying to download a file from a Centos 6 server using another Centos 6 server as client and curl with the scp protocol and I'm getting this error output:
$ curl -v -O scp://cz/path/to/file
* About to connect() to cz port 22 (#0)
* Trying 1.2.3.4... connected
* Connected to cz (1.2.3.4) port 22 (#0)
* Failed to read known hosts from /home/cpn/.ssh/known_hosts
* SSH host check: 0, key: AAAAB3NzaC1yc2EAAAABIwAAAQEAyeeDgYFsHi3Ks3PxCXt69IHBr7yNII720sXOm9WKIdGnwPf7QHbLsMf41mctcGRSJ2yO2EXpNEbZQhdUqs3oImdTn2OHF/K8STK1GXMVseusgmPuQWBt36AVPon7h9lSCjtxt+1UpFJoireXvhUDlgg9i1C9QbE04GAmA7vMOmtcVt3/3F6X/hKhOZvHj1gu5+RzCO8fXo2R8XeRoN0GcU2jVOhug0G+hXAiHymh5JzVm4YlCzsNIv3mDOF2lZRLdkor5FDKjBY8/o/5O8U0lWm4ie2S7qDppqCJP2SnNTWlaM3k5HDmdyEKKZ0lV+qG33q3ADZxjBeIKQtWLZfC3w==
* SSH authentication methods available: publickey,gssapi-keyex,gssapi-with-mic,password
* Using ssh public key file /home/cpn/.ssh/id_dsa.pub
* Using ssh private key file /home/cpn/.ssh/id_dsa
* SSH public key authentication failed: Username/PublicKey combination invalid
* Authentication failure
* Closing connection #0
I can download the file using scp no questions asked:
$ scp cz:/path/to/file .
I can log in to the server with ssh again no questions asked
$ ssh cz
There are both ssh-rsa and ssh-dss keys at the server's authorized_keys file
What is exactly curl complaining about? My only guess is that curl wants a dsa key in the client's known_hosts file. If that is the case how to generate it? Or how to make curl look for the rsa key instead in that file?
Update
At the client:
$ ls -l /home/cpn/.ssh/known_hosts
-rw-r--r--. 1 cpn cpn 1970 Nov 12 16:12 /home/cpn/.ssh/known_hosts
centos scp curl
asked Nov 12 '14 at 16:44
Clodoaldo
234314
I'm trying to download a file from a Centos 6 server using another Centos 6 server as client and curl with the scp protocol and I'm getting this error output:
$ curl -v -O scp://cz/path/to/file
* About to connect() to cz port 22 (#0)
* Trying 1.2.3.4... connected
* Connected to cz (1.2.3.4) port 22 (#0)
* Failed to read known hosts from /home/cpn/.ssh/known_hosts
* SSH host check: 0, key: AAAAB3NzaC1yc2EAAAABIwAAAQEAyeeDgYFsHi3Ks3PxCXt69IHBr7yNII720sXOm9WKIdGnwPf7QHbLsMf41mctcGRSJ2yO2EXpNEbZQhdUqs3oImdTn2OHF/K8STK1GXMVseusgmPuQWBt36AVPon7h9lSCjtxt+1UpFJoireXvhUDlgg9i1C9QbE04GAmA7vMOmtcVt3/3F6X/hKhOZvHj1gu5+RzCO8fXo2R8XeRoN0GcU2jVOhug0G+hXAiHymh5JzVm4YlCzsNIv3mDOF2lZRLdkor5FDKjBY8/o/5O8U0lWm4ie2S7qDppqCJP2SnNTWlaM3k5HDmdyEKKZ0lV+qG33q3ADZxjBeIKQtWLZfC3w==
* SSH authentication methods available: publickey,gssapi-keyex,gssapi-with-mic,password
* Using ssh public key file /home/cpn/.ssh/id_dsa.pub
* Using ssh private key file /home/cpn/.ssh/id_dsa
* SSH public key authentication failed: Username/PublicKey combination invalid
* Authentication failure
* Closing connection #0
I can download the file using scp no questions asked:
$ scp cz:/path/to/file .
I can log in to the server with ssh again no questions asked
$ ssh cz
There are both ssh-rsa and ssh-dss keys at the server's authorized_keys file
What is exactly curl complaining about? My only guess is that curl wants a dsa key in the client's known_hosts file. If that is the case how to generate it? Or how to make curl look for the rsa key instead in that file?
Update
At the client:
$ ls -l /home/cpn/.ssh/known_hosts
-rw-r--r--. 1 cpn cpn 1970 Nov 12 16:12 /home/cpn/.ssh/known_hosts
centos scp curl
centos scp curl
asked Nov 12 '14 at 16:44
Clodoaldo
234314
asked Nov 12 '14 at 16:44
Clodoaldo
234314
edited Nov 13 '14 at 10:15
asked Nov 12 '14 at 16:44
Clodoaldo
234314
asked Nov 12 '14 at 16:44
Clodoaldo
234314
asked Nov 12 '14 at 16:44
Clodoaldo
234314
234314
Can you post the output ofls -l /home/cpn/.ssh/known_hostson the machine hosting this very file?
– John WH Smith
Nov 12 '14 at 18:37
@John Edited with the command output
– Clodoaldo
Nov 12 '14 at 18:49
Do you expectcurlto prompt for an SSH/SCP password, or did you configure your RSA key for this remote host? It seems likecurlis trying to perform publickey (passwordless) authentication here.
– John WH Smith
Nov 12 '14 at 18:51
@John I can doscpcopy andsshlogin using publickey for the remote host. So I expectcurlto use publickey.
– Clodoaldo
Nov 12 '14 at 19:53
add a comment |Â
Can you post the output ofls -l /home/cpn/.ssh/known_hostson the machine hosting this very file?
– John WH Smith
Nov 12 '14 at 18:37
@John Edited with the command output
– Clodoaldo
Nov 12 '14 at 18:49
Do you expectcurlto prompt for an SSH/SCP password, or did you configure your RSA key for this remote host? It seems likecurlis trying to perform publickey (passwordless) authentication here.
– John WH Smith
Nov 12 '14 at 18:51
@John I can doscpcopy andsshlogin using publickey for the remote host. So I expectcurlto use publickey.
– Clodoaldo
Nov 12 '14 at 19:53
Can you post the output of
ls -l /home/cpn/.ssh/known_hosts on the machine hosting this very file?– John WH Smith
Nov 12 '14 at 18:37
Can you post the output of
ls -l /home/cpn/.ssh/known_hosts on the machine hosting this very file?– John WH Smith
Nov 12 '14 at 18:37
@John Edited with the command output
– Clodoaldo
Nov 12 '14 at 18:49
@John Edited with the command output
– Clodoaldo
Nov 12 '14 at 18:49
Do you expect
curl to prompt for an SSH/SCP password, or did you configure your RSA key for this remote host? It seems like curl is trying to perform publickey (passwordless) authentication here.– John WH Smith
Nov 12 '14 at 18:51
Do you expect
curl to prompt for an SSH/SCP password, or did you configure your RSA key for this remote host? It seems like curl is trying to perform publickey (passwordless) authentication here.– John WH Smith
Nov 12 '14 at 18:51
@John I can do
scp copy and ssh login using publickey for the remote host. So I expect curl to use publickey.– Clodoaldo
Nov 12 '14 at 19:53
@John I can do
scp copy and ssh login using publickey for the remote host. So I expect curl to use publickey.– Clodoaldo
Nov 12 '14 at 19:53
add a comment |Â
2 Answers
2
active
oldest
votes
up vote
2
down vote
I can at least explain what's probably going on: the . after the permissions in the output of ls -l indicates the presence of an SELinux policy, which overrides file permissions based on which program is accessing the file. Use ls -Z ~/.ssh/known_hosts to display the file's policy.
Presumably /usr/bin/ssh and its companion programs (ssh-keygen, scp, etc.) are the only programs who are allowed to access that file. I'm skeptical about this policy: it is useful to edit ~/.ssh/known_hosts manually sometimes. However I don't understand why curl would want to read that file instead of letting ssh and friends do it.
You can use the chcon command to edit the policy for that file, and restorecon to restore the default policy. See the CentOS wiki for more information about SELinux.
answered Nov 13 '14 at 1:46
Gilles
518k12410321562
+1 I didsetenforce 0but still the same error message.
– Clodoaldo
Nov 13 '14 at 9:58
add a comment |Â
up vote
0
down vote
For people who find this page via google:
It looks like old versions of cURL choke on known_hosts files with unrecognized keytypes, and sufficiently old versions of cURL don't recognize any keytype but ssh-rsa.
For example, my cURL is version 7.29.0 (6 years old, and the latest available in CentOS 7 as of this writing), and will cease reading keys after the first ecdsa-sha2-nistp256, which is the majority of the keys in my known_hosts file.
answered 10 mins ago
tboz203
12
New contributor
tboz203 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
2
down vote
I can at least explain what's probably going on: the . after the permissions in the output of ls -l indicates the presence of an SELinux policy, which overrides file permissions based on which program is accessing the file. Use ls -Z ~/.ssh/known_hosts to display the file's policy.
Presumably /usr/bin/ssh and its companion programs (ssh-keygen, scp, etc.) are the only programs who are allowed to access that file. I'm skeptical about this policy: it is useful to edit ~/.ssh/known_hosts manually sometimes. However I don't understand why curl would want to read that file instead of letting ssh and friends do it.
You can use the chcon command to edit the policy for that file, and restorecon to restore the default policy. See the CentOS wiki for more information about SELinux.
answered Nov 13 '14 at 1:46
Gilles
518k12410321562
+1 I didsetenforce 0but still the same error message.
– Clodoaldo
Nov 13 '14 at 9:58
add a comment |Â
up vote
2
down vote
I can at least explain what's probably going on: the . after the permissions in the output of ls -l indicates the presence of an SELinux policy, which overrides file permissions based on which program is accessing the file. Use ls -Z ~/.ssh/known_hosts to display the file's policy.
Presumably /usr/bin/ssh and its companion programs (ssh-keygen, scp, etc.) are the only programs who are allowed to access that file. I'm skeptical about this policy: it is useful to edit ~/.ssh/known_hosts manually sometimes. However I don't understand why curl would want to read that file instead of letting ssh and friends do it.
You can use the chcon command to edit the policy for that file, and restorecon to restore the default policy. See the CentOS wiki for more information about SELinux.
answered Nov 13 '14 at 1:46
Gilles
518k12410321562
+1 I didsetenforce 0but still the same error message.
– Clodoaldo
Nov 13 '14 at 9:58
add a comment |Â
up vote
2
down vote
up vote
2
down vote
I can at least explain what's probably going on: the . after the permissions in the output of ls -l indicates the presence of an SELinux policy, which overrides file permissions based on which program is accessing the file. Use ls -Z ~/.ssh/known_hosts to display the file's policy.
Presumably /usr/bin/ssh and its companion programs (ssh-keygen, scp, etc.) are the only programs who are allowed to access that file. I'm skeptical about this policy: it is useful to edit ~/.ssh/known_hosts manually sometimes. However I don't understand why curl would want to read that file instead of letting ssh and friends do it.
You can use the chcon command to edit the policy for that file, and restorecon to restore the default policy. See the CentOS wiki for more information about SELinux.
answered Nov 13 '14 at 1:46
Gilles
518k12410321562
I can at least explain what's probably going on: the . after the permissions in the output of ls -l indicates the presence of an SELinux policy, which overrides file permissions based on which program is accessing the file. Use ls -Z ~/.ssh/known_hosts to display the file's policy.
Presumably /usr/bin/ssh and its companion programs (ssh-keygen, scp, etc.) are the only programs who are allowed to access that file. I'm skeptical about this policy: it is useful to edit ~/.ssh/known_hosts manually sometimes. However I don't understand why curl would want to read that file instead of letting ssh and friends do it.
You can use the chcon command to edit the policy for that file, and restorecon to restore the default policy. See the CentOS wiki for more information about SELinux.
answered Nov 13 '14 at 1:46
Gilles
518k12410321562
answered Nov 13 '14 at 1:46
Gilles
518k12410321562
answered Nov 13 '14 at 1:46
Gilles
518k12410321562
answered Nov 13 '14 at 1:46
Gilles
518k12410321562
518k12410321562
+1 I didsetenforce 0but still the same error message.
– Clodoaldo
Nov 13 '14 at 9:58
add a comment |Â
+1 I didsetenforce 0but still the same error message.
– Clodoaldo
Nov 13 '14 at 9:58
+1 I did
setenforce 0 but still the same error message.– Clodoaldo
Nov 13 '14 at 9:58
+1 I did
setenforce 0 but still the same error message.– Clodoaldo
Nov 13 '14 at 9:58
add a comment |Â
up vote
0
down vote
For people who find this page via google:
It looks like old versions of cURL choke on known_hosts files with unrecognized keytypes, and sufficiently old versions of cURL don't recognize any keytype but ssh-rsa.
For example, my cURL is version 7.29.0 (6 years old, and the latest available in CentOS 7 as of this writing), and will cease reading keys after the first ecdsa-sha2-nistp256, which is the majority of the keys in my known_hosts file.
answered 10 mins ago
tboz203
12
New contributor
tboz203 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |Â
up vote
0
down vote
For people who find this page via google:
It looks like old versions of cURL choke on known_hosts files with unrecognized keytypes, and sufficiently old versions of cURL don't recognize any keytype but ssh-rsa.
For example, my cURL is version 7.29.0 (6 years old, and the latest available in CentOS 7 as of this writing), and will cease reading keys after the first ecdsa-sha2-nistp256, which is the majority of the keys in my known_hosts file.
answered 10 mins ago
tboz203
12
New contributor
tboz203 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |Â
up vote
0
down vote
up vote
0
down vote
For people who find this page via google:
It looks like old versions of cURL choke on known_hosts files with unrecognized keytypes, and sufficiently old versions of cURL don't recognize any keytype but ssh-rsa.
For example, my cURL is version 7.29.0 (6 years old, and the latest available in CentOS 7 as of this writing), and will cease reading keys after the first ecdsa-sha2-nistp256, which is the majority of the keys in my known_hosts file.
answered 10 mins ago
tboz203
12
New contributor
tboz203 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
For people who find this page via google:
It looks like old versions of cURL choke on known_hosts files with unrecognized keytypes, and sufficiently old versions of cURL don't recognize any keytype but ssh-rsa.
For example, my cURL is version 7.29.0 (6 years old, and the latest available in CentOS 7 as of this writing), and will cease reading keys after the first ecdsa-sha2-nistp256, which is the majority of the keys in my known_hosts file.
answered 10 mins ago
tboz203
12
New contributor
tboz203 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited 3 mins ago
answered 10 mins ago
tboz203
12
New contributor
tboz203 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 10 mins ago
tboz203
12
answered 10 mins ago
tboz203
12
12
New contributor
tboz203 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
tboz203 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
tboz203 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f167599%2fcurl-failed-to-read-known-hosts-file%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Can you post the output of
ls -l /home/cpn/.ssh/known_hostson the machine hosting this very file?– John WH Smith
Nov 12 '14 at 18:37
@John Edited with the command output
– Clodoaldo
Nov 12 '14 at 18:49
Do you expect
curlto prompt for an SSH/SCP password, or did you configure your RSA key for this remote host? It seems likecurlis trying to perform publickey (passwordless) authentication here.– John WH Smith
Nov 12 '14 at 18:51
@John I can do
scpcopy andsshlogin using publickey for the remote host. So I expectcurlto use publickey.– Clodoaldo
Nov 12 '14 at 19:53