From: Daniel Stenberg Date: Tue, 19 Dec 2023 07:48:21 +0000 (+0100) Subject: CURLOPT_SSH_*_KEYFILE: clarify X-Git-Tag: curl-8_6_0~183 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5d2b0faec219db1cea07ef0ca6c804c4f172f93d;p=thirdparty%2Fcurl.git CURLOPT_SSH_*_KEYFILE: clarify Closes #12554 --- diff --git a/docs/libcurl/opts/CURLOPT_SSH_PRIVATE_KEYFILE.3 b/docs/libcurl/opts/CURLOPT_SSH_PRIVATE_KEYFILE.3 index 12cc5410da..974a5b786d 100644 --- a/docs/libcurl/opts/CURLOPT_SSH_PRIVATE_KEYFILE.3 +++ b/docs/libcurl/opts/CURLOPT_SSH_PRIVATE_KEYFILE.3 @@ -34,12 +34,17 @@ CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSH_PRIVATE_KEYFILE, .SH DESCRIPTION Pass a char * pointing to a \fIfilename\fP for your private key. If not used, libcurl defaults to \fB$HOME/.ssh/id_rsa\fP or \fB$HOME/.ssh/id_dsa\fP if the -HOME environment variable is set, and just \fB"id_rsa"\fP or \fB"id_dsa"\fP in -the current directory if HOME is not set. +HOME environment variable is set, and in the current directory if HOME is not +set. If the file is password-protected, set the password with \fICURLOPT_KEYPASSWD(3)\fP. +The SSH library derives the public key from this private key when possible. If +the SSH library cannot derive the public key from the private one and no +public one is provided with \fICURLOPT_SSH_PUBLIC_KEYFILE(3)\fP, the transfer +fails. + The application does not have to keep the string around after setting this option. .SH DEFAULT diff --git a/docs/libcurl/opts/CURLOPT_SSH_PUBLIC_KEYFILE.3 b/docs/libcurl/opts/CURLOPT_SSH_PUBLIC_KEYFILE.3 index 93d9241e08..6a1d6991bf 100644 --- a/docs/libcurl/opts/CURLOPT_SSH_PUBLIC_KEYFILE.3 +++ b/docs/libcurl/opts/CURLOPT_SSH_PUBLIC_KEYFILE.3 @@ -37,9 +37,10 @@ libcurl defaults to \fB$HOME/.ssh/id_dsa.pub\fP if the HOME environment variable is set, and just "id_dsa.pub" in the current directory if HOME is not set. -If NULL (or an empty string) is passed, libcurl passes no public key to -libssh2, which then computes it from the private key. This is known to work -with libssh2 1.4.0+ linked against OpenSSL. +If NULL (or an empty string) is passed to this option, libcurl passes no +public key to the SSH library, which then rather derives it from the private +key. If the SSH library cannot derive the public key from the private one and +no public one is provided, the transfer fails. The application does not have to keep the string around after setting this option.