为什么 curl sftp 在一台机器上失败并显示 "curl: (60) SSL peer certificate or SSH remote key was not OK" 而在另一台机器上失败 - 同一主机
Why does curl sftp fail with "curl: (60) SSL peer certificate or SSH remote key was not OK" on one machine but not the other - same host
我有两个 Raspberry Pies,用于连接到同一个 Web 主机。 SSH 在两台机器上都能正常工作,但 curl SFTP 在一台机器上工作,但在另一台机器上不行。我该如何解决这个问题?
此处失败:
pi@raspmountain:~/webcam $ ssh me@mydoman.com
Last login: Tue May 11 19:10:06 2021 from node-1759.pool-101-51.dynamic.totinternet.net
pi@raspmountain:~/webcam $ curl -T test.txt -u me: --pubkey ~/.ssh/id_rsa.pub sftp://ftp.mydoman.com/~/public_html/
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
curl: (60) SSL peer certificate or SSH remote key was not OK
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
为寻求帮助而引用的页面似乎引用了主机上的 sslcerts。但是,我正在处理同一个主机并且可能是同一个 sslcert。没看懂。
在这里工作:
pi@raspsky:~/webcam$ ssh me@mydoman.com
Last login: Tue May 11 19:16:15 2021 from node-1759.pool-101-51.dynamic.totinternet.net
pi@raspsky:~/webcam$ curl -T test.txt -u me: --pubkey ~/.ssh/id_rsa.pub sftp://ftp.mydoman.com/~/public_html/
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:00:05 --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:05 --:--:-- 0
pi@raspsky:~/webcam$ ssh me@mydoman.com
Last login: Tue May 11 19:16:15 2021 from node-1759.pool-101-51.dynamic.totinternet.net
附加信息和详细的 curl 输出
pi@raspmountain:~/webcam $ ssh-keygen -H -F mydomain.com
# Host mydomain.com found: line 47
pi@raspmountain:~/webcam $ curl -v -T test.txt -u me: --pubkey ~/.ssh/id_rsa.pub sftp://ftp.mydomain.com/~/public_html/
* Expire in 0 ms for 6 (transfer 0x9e78b0)
* Expire in 1 ms for 1 (transfer 0x9e78b0)
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Expire in 1 ms for 1 (transfer 0x9e78b0)
* Expire in 2 ms for 1 (transfer 0x9e78b0)
* Expire in 1 ms for 1 (transfer 0x9e78b0)
* Expire in 1 ms for 1 (transfer 0x9e78b0)
* Expire in 4 ms for 1 (transfer 0x9e78b0)
* Expire in 2 ms for 1 (transfer 0x9e78b0)
* Expire in 2 ms for 1 (transfer 0x9e78b0)
* Expire in 2 ms for 1 (transfer 0x9e78b0)
* Trying 192.254.225.101...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x9e78b0)
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to ftp.mydomain.com (192.254.225.101) port 22 (#0)
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0* SSH MD5 fingerprint: fb50fba1d4f122aabeeed4d6cd3c99c2
* SSH host check: 2, key: <none>
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
* Closing connection 0
curl: (60) SSL peer certificate or SSH remote key was not OK
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
如果我使用 mydomain.com 而不是 ftp.mydomain.com 我会得到一个不同的错误:
pi@raspmountain:~/webcam $ curl -v -T test.txt -u me: --pubkey ~/.ssh/id_rsa.pub sftp://mydomain.com/~/public_html/
* Expire in 0 ms for 6 (transfer 0x6d78b0)
* Expire in 1 ms for 1 (transfer 0x6d78b0)
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Expire in 0 ms for 1 (transfer 0x6d78b0)
* Expire in 2 ms for 1 (transfer 0x6d78b0)
* Expire in 0 ms for 1 (transfer 0x6d78b0)
* Expire in 0 ms for 1 (transfer 0x6d78b0)
* Expire in 2 ms for 1 (transfer 0x6d78b0)
* Expire in 1 ms for 1 (transfer 0x6d78b0)
* Expire in 1 ms for 1 (transfer 0x6d78b0)
* Expire in 2 ms for 1 (transfer 0x6d78b0)
* Expire in 1 ms for 1 (transfer 0x6d78b0)
* Expire in 1 ms for 1 (transfer 0x6d78b0)
* Expire in 1 ms for 1 (transfer 0x6d78b0)
* Trying 192.254.225.101...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x6d78b0)
* Connected to mydomain.com (192.254.225.101) port 22 (#0)
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* SSH MD5 fingerprint: fb50fba1d4f122aabeeed4d6cd3c99c2
* SSH host check: 0, key: AAAAB3NzaC1yc2EAAAABIwAAAQEAvHiEi1H1jbmyADBcrAeq3J+t30T2XbwBqSsjzPghUrJNFbdSyNx+tstlV7VcoEMLdEtKODT8vxBgbu38W6Cirdc0uCshB9STKwULhe66f0NIPY0NGC5EAxOAhX7wVxzPquY4RtWJW7yXcyANvv8ab6mMtzAeIFOLKK6k7j/afDhXnsh6YQLevJ2J3auuU5XdxJUfV3e2/lIRSCe8IWuNY9ohjXfrXglBwo1qlftufujsiFSCfOeEIXJ20OSzvodlCyCzU/YjOrLBLrD9eJvLQovbp39hg7d41K84tsKCXJolTVKQNsWANqEvYw2TuNwW6bLbRlGM3yStSaCWW/WXPw==
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0* SSH authentication methods available: publickey,password,keyboard-interactive
* Using SSH public key file '/home/pi/.ssh/id_rsa.pub'
* Using SSH private key file '/home/pi/.ssh/id_rsa'
* SSH public key authentication failed: Callback returned error
* Failure connecting to agent
0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0* Authentication failure
0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0
* Closing connection 0
curl: (67) Authentication failure
raspmountain 上的 known_hosts 文件可能不包含服务器的主机密钥。
您肯定会在 curl 日志中获得更多详细信息。
失败是因为 rsa 密钥是 openssh 格式。当我将其转换为 rsa 格式时:
ssh-keygen -p -m PEM -f ~/.ssh/id_rsa
curl sftp 工作正常:
pi@raspmountain:~/webcam $ curl -v -s -T test.txt -u mike: --pubkey ~/.ssh/id_rsa.pub sftp://mydomain.com/~/public_html/
- 1 次 2 毫秒后过期(传输 0x1b378b0)
- 正在尝试 192.254.225.101...
- TCP_NODELAY 设置
- 200 毫秒后过期 4(传输 0x1b378b0)
- 连接到 mydomain.com (192.254.225.101) 端口 22 (#0)
- SSH MD5 指纹:fb50fba1d4f122aabeeed4d6cd3c99c2
- SSH 主机检查:0,密钥:AAAAB3NzaC1yc2EAAAABIwAAAQEAvHiEi1H1jbmyADBcrAeq3J+t30T2XbwBqSsjzPghUrJNFbdSyNx+tstlV7VcoEMLdEtKODT8vxBgbu38W6Cirdc0uCshB9STKwULhe66f0NIPY0NGC5EAxOAhX7wVxzPquY4RtWJW7yXcyANvv8ab6mMtzAeIFOLKK6k7j/afDhXnsh6YQLevJ2J3auuU5XdxJUfV3e2/lIRSCe8IWuNY9ohjXfrXglBwo1qlftufujsiFSCfOeEIXJ20OSzvodlCyCzU/YjOrLBLrD9eJvLQovbp39hg7d41K84tsKCXJolTVKQNsWANqEvYw2TuNwW6bLbRlGM3yStSaCWW/WXPw==
- 可用的 SSH 身份验证方法:public密钥、密码、键盘交互
- 使用 SSH public 密钥文件 '/home/pi/.ssh/id_rsa.pub'
- 使用 SSH 私钥文件'/home/pi/.ssh/id_rsa'
- 已初始化 SSH public 密钥验证
- 认证完成
- 0 毫秒后过期 6(传输 0x1b378b0)
- 与主机 mydomain.com 的连接 #0 完好无损
我有两个 Raspberry Pies,用于连接到同一个 Web 主机。 SSH 在两台机器上都能正常工作,但 curl SFTP 在一台机器上工作,但在另一台机器上不行。我该如何解决这个问题?
此处失败:
pi@raspmountain:~/webcam $ ssh me@mydoman.com
Last login: Tue May 11 19:10:06 2021 from node-1759.pool-101-51.dynamic.totinternet.net
pi@raspmountain:~/webcam $ curl -T test.txt -u me: --pubkey ~/.ssh/id_rsa.pub sftp://ftp.mydoman.com/~/public_html/
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
curl: (60) SSL peer certificate or SSH remote key was not OK
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
为寻求帮助而引用的页面似乎引用了主机上的 sslcerts。但是,我正在处理同一个主机并且可能是同一个 sslcert。没看懂。
在这里工作:
pi@raspsky:~/webcam$ ssh me@mydoman.com
Last login: Tue May 11 19:16:15 2021 from node-1759.pool-101-51.dynamic.totinternet.net
pi@raspsky:~/webcam$ curl -T test.txt -u me: --pubkey ~/.ssh/id_rsa.pub sftp://ftp.mydoman.com/~/public_html/
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:00:05 --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:05 --:--:-- 0
pi@raspsky:~/webcam$ ssh me@mydoman.com
Last login: Tue May 11 19:16:15 2021 from node-1759.pool-101-51.dynamic.totinternet.net
附加信息和详细的 curl 输出
pi@raspmountain:~/webcam $ ssh-keygen -H -F mydomain.com
# Host mydomain.com found: line 47
pi@raspmountain:~/webcam $ curl -v -T test.txt -u me: --pubkey ~/.ssh/id_rsa.pub sftp://ftp.mydomain.com/~/public_html/
* Expire in 0 ms for 6 (transfer 0x9e78b0)
* Expire in 1 ms for 1 (transfer 0x9e78b0)
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Expire in 1 ms for 1 (transfer 0x9e78b0)
* Expire in 2 ms for 1 (transfer 0x9e78b0)
* Expire in 1 ms for 1 (transfer 0x9e78b0)
* Expire in 1 ms for 1 (transfer 0x9e78b0)
* Expire in 4 ms for 1 (transfer 0x9e78b0)
* Expire in 2 ms for 1 (transfer 0x9e78b0)
* Expire in 2 ms for 1 (transfer 0x9e78b0)
* Expire in 2 ms for 1 (transfer 0x9e78b0)
* Trying 192.254.225.101...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x9e78b0)
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to ftp.mydomain.com (192.254.225.101) port 22 (#0)
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0* SSH MD5 fingerprint: fb50fba1d4f122aabeeed4d6cd3c99c2
* SSH host check: 2, key: <none>
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
* Closing connection 0
curl: (60) SSL peer certificate or SSH remote key was not OK
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
如果我使用 mydomain.com 而不是 ftp.mydomain.com 我会得到一个不同的错误:
pi@raspmountain:~/webcam $ curl -v -T test.txt -u me: --pubkey ~/.ssh/id_rsa.pub sftp://mydomain.com/~/public_html/
* Expire in 0 ms for 6 (transfer 0x6d78b0)
* Expire in 1 ms for 1 (transfer 0x6d78b0)
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Expire in 0 ms for 1 (transfer 0x6d78b0)
* Expire in 2 ms for 1 (transfer 0x6d78b0)
* Expire in 0 ms for 1 (transfer 0x6d78b0)
* Expire in 0 ms for 1 (transfer 0x6d78b0)
* Expire in 2 ms for 1 (transfer 0x6d78b0)
* Expire in 1 ms for 1 (transfer 0x6d78b0)
* Expire in 1 ms for 1 (transfer 0x6d78b0)
* Expire in 2 ms for 1 (transfer 0x6d78b0)
* Expire in 1 ms for 1 (transfer 0x6d78b0)
* Expire in 1 ms for 1 (transfer 0x6d78b0)
* Expire in 1 ms for 1 (transfer 0x6d78b0)
* Trying 192.254.225.101...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x6d78b0)
* Connected to mydomain.com (192.254.225.101) port 22 (#0)
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* SSH MD5 fingerprint: fb50fba1d4f122aabeeed4d6cd3c99c2
* SSH host check: 0, key: AAAAB3NzaC1yc2EAAAABIwAAAQEAvHiEi1H1jbmyADBcrAeq3J+t30T2XbwBqSsjzPghUrJNFbdSyNx+tstlV7VcoEMLdEtKODT8vxBgbu38W6Cirdc0uCshB9STKwULhe66f0NIPY0NGC5EAxOAhX7wVxzPquY4RtWJW7yXcyANvv8ab6mMtzAeIFOLKK6k7j/afDhXnsh6YQLevJ2J3auuU5XdxJUfV3e2/lIRSCe8IWuNY9ohjXfrXglBwo1qlftufujsiFSCfOeEIXJ20OSzvodlCyCzU/YjOrLBLrD9eJvLQovbp39hg7d41K84tsKCXJolTVKQNsWANqEvYw2TuNwW6bLbRlGM3yStSaCWW/WXPw==
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0* SSH authentication methods available: publickey,password,keyboard-interactive
* Using SSH public key file '/home/pi/.ssh/id_rsa.pub'
* Using SSH private key file '/home/pi/.ssh/id_rsa'
* SSH public key authentication failed: Callback returned error
* Failure connecting to agent
0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0* Authentication failure
0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0
* Closing connection 0
curl: (67) Authentication failure
raspmountain 上的 known_hosts 文件可能不包含服务器的主机密钥。
您肯定会在 curl 日志中获得更多详细信息。
失败是因为 rsa 密钥是 openssh 格式。当我将其转换为 rsa 格式时:
ssh-keygen -p -m PEM -f ~/.ssh/id_rsa
curl sftp 工作正常:
pi@raspmountain:~/webcam $ curl -v -s -T test.txt -u mike: --pubkey ~/.ssh/id_rsa.pub sftp://mydomain.com/~/public_html/
- 1 次 2 毫秒后过期(传输 0x1b378b0)
- 正在尝试 192.254.225.101...
- TCP_NODELAY 设置
- 200 毫秒后过期 4(传输 0x1b378b0)
- 连接到 mydomain.com (192.254.225.101) 端口 22 (#0)
- SSH MD5 指纹:fb50fba1d4f122aabeeed4d6cd3c99c2
- SSH 主机检查:0,密钥:AAAAB3NzaC1yc2EAAAABIwAAAQEAvHiEi1H1jbmyADBcrAeq3J+t30T2XbwBqSsjzPghUrJNFbdSyNx+tstlV7VcoEMLdEtKODT8vxBgbu38W6Cirdc0uCshB9STKwULhe66f0NIPY0NGC5EAxOAhX7wVxzPquY4RtWJW7yXcyANvv8ab6mMtzAeIFOLKK6k7j/afDhXnsh6YQLevJ2J3auuU5XdxJUfV3e2/lIRSCe8IWuNY9ohjXfrXglBwo1qlftufujsiFSCfOeEIXJ20OSzvodlCyCzU/YjOrLBLrD9eJvLQovbp39hg7d41K84tsKCXJolTVKQNsWANqEvYw2TuNwW6bLbRlGM3yStSaCWW/WXPw==
- 可用的 SSH 身份验证方法:public密钥、密码、键盘交互
- 使用 SSH public 密钥文件 '/home/pi/.ssh/id_rsa.pub'
- 使用 SSH 私钥文件'/home/pi/.ssh/id_rsa'
- 已初始化 SSH public 密钥验证
- 认证完成
- 0 毫秒后过期 6(传输 0x1b378b0)
- 与主机 mydomain.com 的连接 #0 完好无损