keepalive-time.md \
key-type.md \
key.md \
+ knownhosts.md \
krb.md \
libcurl.md \
limit-rate.md \
--- /dev/null
+---
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+SPDX-License-Identifier: curl
+Long: knownhosts
+Arg: <file>
+Protocols: SCP SFTP
+Help: Specify knownhosts path
+Category: ssh
+Added: 8.17.0
+Multi: single
+See-also:
+ - hostpubsha256
+ - hostpubmd5
+ - insecure
+ - key
+Example:
+ - --cert certificate --key here $URL
+---
+
+# `--knownhosts`
+
+When doing SCP and SFTP transfers, curl automatically checks a database
+containing identification for all hosts it has ever been used with to verify
+that the host it connects to is the same as previously. Host keys are stored
+in such a knownhosts file. By default curl uses ~/.ssh/known_hosts in the
+user's home directory.
+
+This option lets a user specify a specific file to check the host against.
+
+The known host check can be disabled with --insecure, but that makes the
+transfer insecure.
my_setopt_long(curl, CURLOPT_SSH_COMPRESSION, 1);
if(!config->insecure_ok) {
- char *known = global->knownhosts;
+ char *known = config->knownhosts;
if(!known)
known = findfile(".ssh/known_hosts", FALSE);
/* new in curl 7.19.6 */
result = my_setopt_str(curl, CURLOPT_SSH_KNOWNHOSTS, known);
if(result) {
- global->knownhosts = NULL;
+ config->knownhosts = NULL;
curl_free(known);
return result;
}
/* store it in global to avoid repeated checks */
- global->knownhosts = known;
+ config->knownhosts = known;
}
else if(!config->hostpubmd5 && !config->hostpubsha256) {
errorf("Couldn't find a known_hosts file");
tool_safefree(config->ech);
tool_safefree(config->ech_config);
tool_safefree(config->ech_public);
+ tool_safefree(config->knownhosts);
}
void config_free(struct OperationConfig *config)
char *proxyuserpwd;
char *proxy;
char *noproxy;
+ char *knownhosts;
char *mail_from;
struct curl_slist *mail_rcpt;
char *mail_auth;
FILE *trace_stream;
char *libcurl; /* Output libcurl code to this filename */
char *ssl_sessions; /* file to load/save SSL session tickets */
- char *knownhosts; /* known host path, if set. curl_free()
- this */
struct tool_var *variables;
struct OperationConfig *first;
struct OperationConfig *current;
{"keepalive-time", ARG_STRG, ' ', C_KEEPALIVE_TIME},
{"key", ARG_FILE, ' ', C_KEY},
{"key-type", ARG_STRG|ARG_TLS, ' ', C_KEY_TYPE},
+ {"knownhosts", ARG_FILE, ' ', C_KNOWNHOSTS},
{"krb", ARG_STRG|ARG_DEPR, ' ', C_KRB},
{"krb4", ARG_STRG|ARG_DEPR, ' ', C_KRB4},
{"libcurl", ARG_STRG, ' ', C_LIBCURL},
case C_KEY: /* --key */
err = getstr(&config->key, nextarg, DENY_BLANK);
break;
+ case C_KNOWNHOSTS: /* --knownhosts */
+ err = getstr(&config->knownhosts, nextarg, DENY_BLANK);
+ break;
case C_NETRC_FILE: /* --netrc-file */
err = getstr(&config->netrc_file, nextarg, DENY_BLANK);
break;
C_KEEPALIVE_TIME,
C_KEY,
C_KEY_TYPE,
+ C_KNOWNHOSTS,
C_KRB,
C_KRB4,
C_LIBCURL,
{" --key-type <type>",
"Private key file type (DER/PEM/ENG)",
CURLHELP_TLS},
+ {" --knownhosts <file>",
+ "Specify knownhosts path",
+ CURLHELP_SSH},
{" --krb <level>",
"Enable Kerberos with security <level>",
CURLHELP_DEPRECATED},
}
varcleanup();
- curl_free(global->knownhosts);
return result;
}
projects / thirdparty / curl.git / commitdiff
