From ca5b82bfa694cc58b671a4eccfb39523f266e1f7 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 18 Jun 2024 15:29:38 +0200 Subject: [PATCH 1/5] usingcurl/scpsftp.md: split into subpages --- SUMMARY.md | 5 +- usingcurl/scpsftp.md | 99 ------------------------------------- usingcurl/ssh/README.md | 19 +++++++ usingcurl/ssh/auth.md | 26 ++++++++++ usingcurl/ssh/knownhosts.md | 25 ++++++++++ usingcurl/ssh/url.md | 34 +++++++++++++ 6 files changed, 108 insertions(+), 100 deletions(-) delete mode 100644 usingcurl/scpsftp.md create mode 100644 usingcurl/ssh/README.md create mode 100644 usingcurl/ssh/auth.md create mode 100644 usingcurl/ssh/knownhosts.md create mode 100644 usingcurl/ssh/url.md diff --git a/SUMMARY.md b/SUMMARY.md index 0c51819b60..e124f6968f 100644 --- a/SUMMARY.md +++ b/SUMMARY.md @@ -133,7 +133,10 @@ * [TLS auth](usingcurl/tls/auth.md) * [TLS backends](usingcurl/tls/backends.md) * [SSLKEYLOGFILE](usingcurl/tls/sslkeylogfile.md) - * [SCP and SFTP](usingcurl/scpsftp.md) + * [SCP and SFTP](usingcurl/ssh/README.md) + * [URLs](usingcurl/ssh/url.md) + * [Authentication](usingcurl/ssh/auth.md) + * [Known hosts](usingcurl/ssh/knownhosts.md) * [Reading email](usingcurl/reademail.md) * [Sending email](usingcurl/smtp.md) * [DICT](usingcurl/dict.md) diff --git a/usingcurl/scpsftp.md b/usingcurl/scpsftp.md deleted file mode 100644 index 3233284006..0000000000 --- a/usingcurl/scpsftp.md +++ /dev/null @@ -1,99 +0,0 @@ -# SCP and SFTP - -curl supports the SCP and SFTP protocols if built with a prerequisite 3rd -party library: [libssh2](https://www.libssh2.org/), -[libssh](https://www.libssh.org/) or -[wolfSSH](https://www.wolfssl.com/products/wolfssh/). - -SCP and SFTP are both protocols that are built on top of SSH, a secure and -encrypted data protocol that is similar to TLS but differs in a few important -ways. For example, SSH does not use certificates of any sort but instead it -uses public and private keys. Both SSH and TLS provide strong crypto and -secure transfers when used correctly. - -The SCP protocol is generally considered to be the black sheep of the two -since it is not portable and usually only works between Unix systems. - -## URLs - -SFTP and SCP URLs are similar to other URLs and you download files using these -protocols the same as with others: - - curl sftp://example.com/file.zip -u user - -and: - - curl scp://example.com/file.zip -u user - -SFTP (but not SCP) supports getting a file listing back when the URL ends with -a trailing slash: - - curl sftp://example.com/ -u user - -Note that both these protocols work with "users" and you do not ask for a file -anonymously or with a standard generic name. Most systems require that users -authenticate, as outlined below. - -When requesting a file from an SFTP or SCP URL, the file path given is -considered to be the absolute path on the remote server unless you -specifically ask for the path relative to the user's home directory. You do that by -making sure the path starts with `/~/`. This is quite the opposite to how FTP -URLs work and is a common cause for confusion among users. - -For user `daniel` to transfer `todo.txt` from his home directory, it would -look similar to this: - - curl sftp://example.com/~/todo.txt -u daniel - -## Authentication - -Authentication with curl against an SSH server (when you specify an SCP or -SFTP URL) is done like this: - -1. curl connects to the server and learns which authentication methods that - this server offers -2. curl then tries the offered methods one by one until one works or they all - failed - -curl attempts to use your public key as found in the `.ssh` subdirectory in -your home directory if the server offers public key authentication. When doing -so, you still need to tell curl which username to use on the server. For -example, the user 'john' lists the entries in his home directory on the remote -SFTP server called 'sftp.example.com': - - curl -u john: sftp://sftp.example.com/ - -If curl cannot authenticate with the public key for any reason, it instead -attempts to use the username + password if the server allows it and the -credentials are passed on the command line. - -For example, the same user from above has the password `RHvxC6wUA` on a remote -system and can download a file via SCP like this: - - curl -u john:RHvxC6wUA -O scp://ssh.example.com/file.tar.gz - -## Known hosts - -A secure network client needs to make sure that the remote host is exactly the -host that it thinks it is communicating with. With TLS based protocols, it is -done by the client verifying the server's certificate. - -With SSH protocols there are no server certificates, but instead each server -can provide its unique key. Unlike TLS, SSH has no certificate authorities or -anything so the client simply has to make sure that the host's key matches -what it already knows (via other means) it should look like. - -The matching of keys is typically done using hashes of the key and the file -that the client stores the hashes for known servers is often called -`known_hosts` and is put in a dedicated SSH directory. On Linux systems that -is usually called `~/.ssh`. - -When curl connects to a SFTP and SCP host, it makes sure that the host's key -hash is already present in the known hosts file or it denies continued -operation because it cannot trust that the server is the right one. Once the -correct hash exists in `known_hosts` curl can perform transfers. - -To force curl to skip checking and obeying to the `known_hosts` file, you can -use the `-k / --insecure` command-line option. You must use this option with -extreme care since it makes it possible for man-in-the-middle attacks not to -be detected. diff --git a/usingcurl/ssh/README.md b/usingcurl/ssh/README.md new file mode 100644 index 0000000000..325f9b7c4b --- /dev/null +++ b/usingcurl/ssh/README.md @@ -0,0 +1,19 @@ +# SCP and SFTP + +curl supports the SCP and SFTP protocols if built with a prerequisite 3rd +party library: [libssh2](https://www.libssh2.org/), +[libssh](https://www.libssh.org/) or +[wolfSSH](https://www.wolfssl.com/products/wolfssh/). + +SCP and SFTP are both protocols that are built on top of SSH, a secure and +encrypted data protocol that is similar to TLS but differs in a few important +ways. For example, SSH does not use certificates of any sort but instead it +uses public and private keys. Both SSH and TLS provide strong crypto and +secure transfers when used correctly. + +The SCP protocol is generally considered to be the black sheep of the two +since it is not portable and usually only works between Unix systems. + + * [URL](url.md) + * [Authentication](auth.md) + * [Known hosts](knownhosts.md) diff --git a/usingcurl/ssh/auth.md b/usingcurl/ssh/auth.md new file mode 100644 index 0000000000..1917587d7c --- /dev/null +++ b/usingcurl/ssh/auth.md @@ -0,0 +1,26 @@ +# Authentication + +Authentication with curl against an SSH server (when you specify an SCP or +SFTP URL) is done like this: + +1. curl connects to the server and learns which authentication methods that + this server offers +2. curl then tries the offered methods one by one until one works or they all + failed + +curl attempts to use your public key as found in the `.ssh` subdirectory in +your home directory if the server offers public key authentication. When doing +so, you still need to tell curl which username to use on the server. For +example, the user 'john' lists the entries in his home directory on the remote +SFTP server called 'sftp.example.com': + + curl -u john: sftp://sftp.example.com/ + +If curl cannot authenticate with the public key for any reason, it instead +attempts to use the username + password if the server allows it and the +credentials are passed on the command line. + +For example, the same user from above has the password `RHvxC6wUA` on a remote +system and can download a file via SCP like this: + + curl -u john:RHvxC6wUA -O scp://ssh.example.com/file.tar.gz diff --git a/usingcurl/ssh/knownhosts.md b/usingcurl/ssh/knownhosts.md new file mode 100644 index 0000000000..62a9b64270 --- /dev/null +++ b/usingcurl/ssh/knownhosts.md @@ -0,0 +1,25 @@ +# Known hosts + +A secure network client needs to make sure that the remote host is exactly the +host that it thinks it is communicating with. With TLS based protocols, it is +done by the client verifying the server's certificate. + +With SSH protocols there are no server certificates, but instead each server +can provide its unique key. Unlike TLS, SSH has no certificate authorities or +anything so the client simply has to make sure that the host's key matches +what it already knows (via other means) it should look like. + +The matching of keys is typically done using hashes of the key and the file +that the client stores the hashes for known servers is often called +`known_hosts` and is put in a dedicated SSH directory. On Linux systems that +is usually called `~/.ssh`. + +When curl connects to a SFTP and SCP host, it makes sure that the host's key +hash is already present in the known hosts file or it denies continued +operation because it cannot trust that the server is the right one. Once the +correct hash exists in `known_hosts` curl can perform transfers. + +To force curl to skip checking and obeying to the `known_hosts` file, you can +use the `-k / --insecure` command-line option. You must use this option with +extreme care since it makes it possible for man-in-the-middle attacks not to +be detected. diff --git a/usingcurl/ssh/url.md b/usingcurl/ssh/url.md new file mode 100644 index 0000000000..eefe1e5587 --- /dev/null +++ b/usingcurl/ssh/url.md @@ -0,0 +1,34 @@ +# URLs + +SFTP and SCP URLs are similar to other URLs and you download files using these +protocols the same as with others: + + curl sftp://example.com/file.zip -u user + +and: + + curl scp://example.com/file.zip -u user + +SFTP (but not SCP) supports getting a file listing back when the URL ends with +a trailing slash: + + curl sftp://example.com/ -u user + +Note that both these protocols work with "users" and you do not ask for a file +anonymously or with a standard generic name. Most systems require that users +authenticate, as outlined below. + +When requesting a file from an SFTP or SCP URL, the file path given is +considered to be the absolute path on the remote server unless you +specifically ask for the path relative to the user's home directory. You do that by +making sure the path starts with `/~/`. This is quite the opposite to how FTP +URLs work and is a common cause for confusion among users. + +For user `daniel` to transfer `todo.txt` from his home directory, it would +look similar to this: + + curl sftp://example.com/~/todo.txt -u daniel + +or for SCP + + curl scp://example.com/~/todo.txt -u daniel:secret From b2514e3f46df3c46d6063aece7b60adf7e8a9563 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 18 Jun 2024 15:30:10 +0200 Subject: [PATCH 2/5] bookindex: regen for page split --- bookindex.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/bookindex.md b/bookindex.md index 686bbf2062..5febe0ece2 100644 --- a/bookindex.md +++ b/bookindex.md @@ -30,7 +30,7 @@ - clone: [Building libcurl on MSYS2](install/windows/win-msys2.md#building-libcurl-on-msys2), [git](source/contributing.md#git), [Website](source/web.md#website), [build boringssl](build/boringssl.md#build-boringssl) - code of conduct: [Trust](project/trust.md#trust), [Code of Conduct](project/coc.md#code-of-conduct) - --compressed: [Gzipped transfers](http/response.md#gzipped-transfers), [Compression](http/modify/compression.md#compression) - - --compressed-ssh: [For SFTP/SCP](usingcurl/transfers/compression.md#for-sftp-slash-scp), [Compression](http/modify/compression.md#compression) + - --compressed-ssh: [For SFTP/SCP](usingcurl/transfers/compression.md#for-sftp-slash-scp) - configure: [root](source/layout.md#root), [Handling build options](source/options.md#handling-build-options), [Platform dependent code](source/style.md#platform-dependent-code), [Autotools](build/autotools.md#autotools), [`rpath`](build/separate.md#rpath), [configure](build/tls.md#configure), [set up the build tree to get detected by curl's configure](build/boringssl.md#set-up-the-build-tree-to-get-detected-by-curls-configure), [Ifdefs](internals/windows-vs-unix.md#ifdefs), [Memory debugging](internals/memory-debugging.md#memory-debugging), [Debug builds](internals/tests/debug.md#debug-builds) - --connect-timeout: [Connection timeout](usingcurl/connections/timeout.md#connection-timeout), [Never spend more than this to connect](usingcurl/timeouts.md#never-spend-more-than-this-to-connect) - --connect-to: [Provide a replacement name](usingcurl/connections/name.md#provide-a-replacement-name) @@ -288,8 +288,8 @@ - libpsl: [libpsl](build/deps.md#libpsl) - libressl: [TLS libraries](build/tls.md#tls-libraries), [Restrictions](usingcurl/tls/sslkeylogfile.md#restrictions) - librtmp: [librtmp](build/deps.md#librtmp) - - libssh: [SSH libraries](build/deps.md#ssh-libraries), [SCP and SFTP](usingcurl/scpsftp.md#scp-and-sftp), [``](internals/tests/file-format.md#sect--less-than-features-greater-than) - - libssh2: [SSH libraries](build/deps.md#ssh-libraries), [SCP and SFTP](usingcurl/scpsftp.md#scp-and-sftp), [``](internals/tests/file-format.md#sect--less-than-features-greater-than) + - libssh: [SSH libraries](build/deps.md#ssh-libraries), [``](internals/tests/file-format.md#sect--less-than-features-greater-than) + - libssh2: [SSH libraries](build/deps.md#ssh-libraries), [``](internals/tests/file-format.md#sect--less-than-features-greater-than) - license: [Finding users](project/users.md#finding-users), [License](source/opensource/license.md#license), [root](source/layout.md#root), [License](README.md#license) - --limit-rate: [Rate limiting](usingcurl/transfers/rate-limiting.md#rate-limiting) - --location: [Long options](cmdline/options.md#long-options), [Separate options per URL](cmdline/urls/options.md#separate-options-per-url), [Syntax](cmdline/configfile.md#syntax), [Tell curl to follow redirects](http/redirects.md#tell-curl-to-follow-redirects) @@ -321,7 +321,7 @@ ## O - - -O: [Many options and URLs](cmdline/urls/options.md#many-options-and-urls), [Numerical ranges](cmdline/globbing.md#numerical-ranges), [Download to a file named by the URL](usingcurl/downloads/url-named.md#download-to-a-file-named-by-the-url), [Use the target filename from the server](usingcurl/downloads/content-disp.md#use-the-target-filename-from-the-server), [Shell redirects](usingcurl/downloads/redirects.md#shell-redirects), [Multiple downloads](usingcurl/downloads/multiple.md#multiple-downloads), [Resuming and ranges](usingcurl/downloads/resume.md#resuming-and-ranges), [Request rate limiting](usingcurl/transfers/request-rate.md#request-rate-limiting), [For SFTP/SCP](usingcurl/transfers/compression.md#for-sftp-slash-scp), [Authentication](usingcurl/scpsftp.md#authentication), [Download](usingcurl/tftp.md#download), [Check by modification date](http/modify/conditionals.md#check-by-modification-date) + - -O: [Many options and URLs](cmdline/urls/options.md#many-options-and-urls), [Numerical ranges](cmdline/globbing.md#numerical-ranges), [Download to a file named by the URL](usingcurl/downloads/url-named.md#download-to-a-file-named-by-the-url), [Use the target filename from the server](usingcurl/downloads/content-disp.md#use-the-target-filename-from-the-server), [Shell redirects](usingcurl/downloads/redirects.md#shell-redirects), [Multiple downloads](usingcurl/downloads/multiple.md#multiple-downloads), [Resuming and ranges](usingcurl/downloads/resume.md#resuming-and-ranges), [Request rate limiting](usingcurl/transfers/request-rate.md#request-rate-limiting), [For SFTP/SCP](usingcurl/transfers/compression.md#for-sftp-slash-scp), [Authentication](usingcurl/ssh/auth.md#authentication), [Download](usingcurl/tftp.md#download), [Check by modification date](http/modify/conditionals.md#check-by-modification-date) - openldap: [openldap](build/deps.md#openldap) - OpenSSL: [Get curl and libcurl on MSYS2](install/windows/win-msys2.md#get-curl-and-libcurl-on-msys2), [lib/vtls](source/layout.md#lib-slash-vtls), [Select TLS backend](build/autotools.md#select-tls-backend), [TLS libraries](build/tls.md#tls-libraries), [Available exit codes](cmdline/exitcode.md#available-exit-codes), [Native CA stores](usingcurl/tls/verify.md#native-ca-stores), [OCSP stapling](usingcurl/tls/stapling.md#ocsp-stapling), [Restrictions](usingcurl/tls/sslkeylogfile.md#restrictions), [CA cert cache](libcurl/caches.md#ca-cert-cache), [All options](transfers/options/all.md#all-options), [SSL context](transfers/callbacks/sslcontext.md#ssl-context), [Available information](transfers/getinfo.md#available-information), [``](internals/tests/file-format.md#sect--less-than-features-greater-than) - --output-dir: [Store in another directory](usingcurl/downloads/url-named.md#store-in-another-directory) @@ -410,9 +410,9 @@ - Safari: [Copy as curl](cmdline/copyas.md#copy-as-curl) - Schannel: [TLS libraries](build/tls.md#tls-libraries), [Native CA stores](usingcurl/tls/verify.md#native-ca-stores), [CA cert cache](libcurl/caches.md#ca-cert-cache), [``](internals/tests/file-format.md#sect--less-than-features-greater-than) - Scheme: [Connect to port numbers](protocols/network.md#connect-to-port-numbers), [FILE](protocols/curl.md#file), [Naming](source/style.md#naming), [librtmp](build/deps.md#librtmp), [Scheme](cmdline/urls/scheme.md#scheme), [Name and password](cmdline/urls/auth.md#name-and-password), [TCP vs UDP](cmdline/urls/port.md#tcp-vs-udp), [Browsers](cmdline/urls/browsers.md#browsers), [Available exit codes](cmdline/exitcode.md#available-exit-codes), [Available --write-out variables](usingcurl/verbose/writeout.md#available---write-out-variables), [Proxy type](usingcurl/proxies/type.md#proxy-type), [SOCKS proxy](usingcurl/proxies/socks.md#socks-proxy), [Proxy authentication](usingcurl/proxies/auth.md#proxy-authentication), [TLS for emails](usingcurl/reademail.md#tls-for-emails), [Which libcurl version](libcurl/api.md#which-libcurl-version), [Proxy types](transfers/conn/proxies.md#proxy-types), [Available information](transfers/getinfo.md#available-information), [Authentication](libcurl-http/auth.md#authentication), [`CURLU_NON_SUPPORT_SCHEME`](helpers/url/parse.md#curlu_non_support_scheme), [`CURLU_DEFAULT_PORT`](helpers/url/get.md#curlu_default_port), [URLs](helpers/ws/urls.md#urls), [Get a response into memory](examples/getinmem.md#get-a-response-into-memory), [Protocol handler](internals/handler.md#protocol-handler), [Curl_handler](internals/structs.md#curl_handler) - - SCP: [What protocols does curl support?](protocols/protocols.md#what-protocols-does-curl-support), [SCP](protocols/curl.md#scp), [SSH libraries](build/deps.md#ssh-libraries), [Supported schemes](cmdline/urls/scheme.md#supported-schemes), [Version](cmdline/curlver.md#version), [Available exit codes](cmdline/exitcode.md#available-exit-codes), [Protocols allowing upload](usingcurl/uploads.md#protocols-allowing-upload), [Compression](usingcurl/transfers/compression.md#compression), [SCP and SFTP](usingcurl/scpsftp.md#scp-and-sftp), [Compression](http/modify/compression.md#compression), [All options](transfers/options/all.md#all-options), [Authentication](transfers/auth.md#authentication), [Curl_handler](internals/structs.md#curl_handler), [``](internals/tests/file-format.md#sect--less-than-server-greater-than) + - SCP: [What protocols does curl support?](protocols/protocols.md#what-protocols-does-curl-support), [SCP](protocols/curl.md#scp), [SSH libraries](build/deps.md#ssh-libraries), [Supported schemes](cmdline/urls/scheme.md#supported-schemes), [Version](cmdline/curlver.md#version), [Available exit codes](cmdline/exitcode.md#available-exit-codes), [Protocols allowing upload](usingcurl/uploads.md#protocols-allowing-upload), [Compression](usingcurl/transfers/compression.md#compression), [URLs](usingcurl/ssh/url.md#urls), [Authentication](usingcurl/ssh/auth.md#authentication), [Known hosts](usingcurl/ssh/knownhosts.md#known-hosts), [All options](transfers/options/all.md#all-options), [Authentication](transfers/auth.md#authentication), [Curl_handler](internals/structs.md#curl_handler), [``](internals/tests/file-format.md#sect--less-than-server-greater-than) - security: [curl-announce](project/maillists.md#curl-announce), [Commercial support](project/support.md#commercial-support), [Security](project/security.md#security), [Trust](project/trust.md#trust), [Security](protocols/network.md#security), [How much do protocols change?](protocols/protocols.md#how-much-do-protocols-change), [FTPS](protocols/curl.md#ftps), [docs](source/layout.md#docs), [Reporting vulnerabilities](source/reportvuln.md#reporting-vulnerabilities), [`http_proxy` in lower case only](usingcurl/proxies/env.md#http_proxy-in-lower-case-only), [TLS](usingcurl/tls.md#tls), [Ciphers](usingcurl/tls/ciphers.md#ciphers), [Enable TLS](usingcurl/tls/enable.md#enable-tls), [TLS versions](usingcurl/tls/versions.md#tls-versions), [HTTP/0.9](http/versions/http09.md#http-slash-0-dot-9), [HSTS](http/https/hsts.md#hsts), [Protocol version](transfers/options/tls.md#protocol-version), [All options](transfers/options/all.md#all-options), [HSTS](transfers/callbacks/hsts.md#hsts), [Authentication](transfers/auth.md#authentication), [URLs](helpers/ws/urls.md#urls), [HSTS](internals/caches.md#hsts) - - SFTP: [What protocols does curl support?](protocols/protocols.md#what-protocols-does-curl-support), [SFTP](protocols/curl.md#sftp), [SSH libraries](build/deps.md#ssh-libraries), [Supported schemes](cmdline/urls/scheme.md#supported-schemes), [Version](cmdline/curlver.md#version), [Available exit codes](cmdline/exitcode.md#available-exit-codes), [Trace options](usingcurl/verbose/trace.md#trace-options), [Protocols allowing upload](usingcurl/uploads.md#protocols-allowing-upload), [Compression](usingcurl/transfers/compression.md#compression), [SCP and SFTP](usingcurl/scpsftp.md#scp-and-sftp), [Compression](http/modify/compression.md#compression), [All options](transfers/options/all.md#all-options), [Authentication](transfers/auth.md#authentication), [Curl_handler](internals/structs.md#curl_handler), [``](internals/tests/file-format.md#sect--less-than-server-greater-than), [Run a range of tests](internals/tests/run.md#run-a-range-of-tests) + - SFTP: [What protocols does curl support?](protocols/protocols.md#what-protocols-does-curl-support), [SFTP](protocols/curl.md#sftp), [SSH libraries](build/deps.md#ssh-libraries), [Supported schemes](cmdline/urls/scheme.md#supported-schemes), [Version](cmdline/curlver.md#version), [Available exit codes](cmdline/exitcode.md#available-exit-codes), [Trace options](usingcurl/verbose/trace.md#trace-options), [Protocols allowing upload](usingcurl/uploads.md#protocols-allowing-upload), [Compression](usingcurl/transfers/compression.md#compression), [URLs](usingcurl/ssh/url.md#urls), [Authentication](usingcurl/ssh/auth.md#authentication), [Known hosts](usingcurl/ssh/knownhosts.md#known-hosts), [All options](transfers/options/all.md#all-options), [Authentication](transfers/auth.md#authentication), [Curl_handler](internals/structs.md#curl_handler), [``](internals/tests/file-format.md#sect--less-than-server-greater-than), [Run a range of tests](internals/tests/run.md#run-a-range-of-tests) - --silent: [Progress meter](cmdline/progressmeter.md#progress-meter), [Error message](cmdline/exitcode.md#error-message) - SMTP: [What protocols does curl support?](protocols/protocols.md#what-protocols-does-curl-support), [SMTP](protocols/curl.md#smtp), [Without scheme](cmdline/urls/scheme.md#without-scheme), [Version](cmdline/curlver.md#version), [Available exit codes](cmdline/exitcode.md#available-exit-codes), [Protocols allowing upload](usingcurl/uploads.md#protocols-allowing-upload), [Enable TLS](usingcurl/tls/enable.md#enable-tls), [Sending email](usingcurl/smtp.md#sending-email), [STARTTLS](transfers/options/tls.md#starttls), [All options](transfers/options/all.md#all-options), [`CURLU_GUESS_SCHEME`](helpers/url/parse.md#curlu_guess_scheme), [Variables](internals/tests/file-format.md#variables), [Test servers](internals/tests/servers.md#test-servers) - SMTPS: [What protocols does curl support?](protocols/protocols.md#what-protocols-does-curl-support), [SMTPS](protocols/curl.md#smtps), [TLS libraries](build/tls.md#tls-libraries), [Supported schemes](cmdline/urls/scheme.md#supported-schemes), [Version](cmdline/curlver.md#version), [Protocols allowing upload](usingcurl/uploads.md#protocols-allowing-upload), [Enable TLS](usingcurl/tls/enable.md#enable-tls) @@ -424,7 +424,7 @@ - --socks5-hostname: [SOCKS proxy](usingcurl/proxies/socks.md#socks-proxy) - --speed-limit: [Stop slow transfers](usingcurl/transfers/tooslow.md#stop-slow-transfers) - --speed-time: [Stop slow transfers](usingcurl/transfers/tooslow.md#stop-slow-transfers) - - SSH: [SCP](protocols/curl.md#scp), [Select SSH backend](build/autotools.md#select-ssh-backend), [SSH libraries](build/deps.md#ssh-libraries), [Available exit codes](cmdline/exitcode.md#available-exit-codes), [SCP and SFTP](usingcurl/scpsftp.md#scp-and-sftp), [Historic TELNET](usingcurl/telnet.md#historic-telnet), [Trace everything](libcurl/verbose.md#trace-everything), [All options](transfers/options/all.md#all-options), [SSH key](transfers/callbacks/sshkey.md#ssh-key), [Authentication](transfers/auth.md#authentication), [Different backends](internals/backends.md#different-backends), [Curl_handler](internals/structs.md#curl_handler), [Variables](internals/tests/file-format.md#variables) + - SSH: [SCP](protocols/curl.md#scp), [Select SSH backend](build/autotools.md#select-ssh-backend), [SSH libraries](build/deps.md#ssh-libraries), [Available exit codes](cmdline/exitcode.md#available-exit-codes), [Authentication](usingcurl/ssh/auth.md#authentication), [Known hosts](usingcurl/ssh/knownhosts.md#known-hosts), [Historic TELNET](usingcurl/telnet.md#historic-telnet), [Trace everything](libcurl/verbose.md#trace-everything), [All options](transfers/options/all.md#all-options), [SSH key](transfers/callbacks/sshkey.md#ssh-key), [Authentication](transfers/auth.md#authentication), [Different backends](internals/backends.md#different-backends), [Curl_handler](internals/structs.md#curl_handler), [Variables](internals/tests/file-format.md#variables) - SSH backend: [Select SSH backend](build/autotools.md#select-ssh-backend) - SSL context callback: [All options](transfers/options/all.md#all-options) - SSLKEYLOGFILE: [TLS](usingcurl/tls.md#tls), [SSLKEYLOGFILE](usingcurl/tls/sslkeylogfile.md#sslkeylogfile), [Figure out what a browser sends](http/post/browsersends.md#figure-out-what-a-browser-sends) @@ -440,7 +440,7 @@ - --tftp-blksize: [TFTP options](usingcurl/tftp.md#tftp-options) - --tftp-no-options: [TFTP options](usingcurl/tftp.md#tftp-options) - --time-cond: [Check by modification date](http/modify/conditionals.md#check-by-modification-date) - - TLS: [Security](protocols/network.md#security), [How much do protocols change?](protocols/protocols.md#how-much-do-protocols-change), [GOPHERS](protocols/curl.md#gophers), [The URL converted to a request](protocols/http.md#the-url-converted-to-a-request), [Ubuntu and Debian](install/linux.md#ubuntu-and-debian), [lib/vtls](source/layout.md#lib-slash-vtls), [Handling build options](source/options.md#handling-build-options), [Select TLS backend](build/autotools.md#select-tls-backend), [TLS libraries](build/deps.md#tls-libraries), [TLS libraries](build/tls.md#tls-libraries), [Connection reuse](cmdline/urls/connreuse.md#connection-reuse), [Line 1: curl](cmdline/curlver.md#line-1-curl), [Available exit codes](cmdline/exitcode.md#available-exit-codes), [More data](usingcurl/verbose/trace.md#more-data), [Available --write-out variables](usingcurl/verbose/writeout.md#available---write-out-variables), [Change the Host: header](usingcurl/connections/name.md#change-the-host-header), [Never spend more than this to connect](usingcurl/timeouts.md#never-spend-more-than-this-to-connect), [MITM proxy](usingcurl/proxies/mitm.md#mitm-proxy), [TLS](usingcurl/tls.md#tls), [Ciphers](usingcurl/tls/ciphers.md#ciphers), [Enable TLS](usingcurl/tls/enable.md#enable-tls), [TLS versions](usingcurl/tls/versions.md#tls-versions), [Verifying server certificates](usingcurl/tls/verify.md#verifying-server-certificates), [Certificate pinning](usingcurl/tls/pinning.md#certificate-pinning), [OCSP stapling](usingcurl/tls/stapling.md#ocsp-stapling), [Client certificates](usingcurl/tls/clientcert.md#client-certificates), [TLS auth](usingcurl/tls/auth.md#tls-auth), [TLS backends](usingcurl/tls/backends.md#tls-backends), [SSLKEYLOGFILE](usingcurl/tls/sslkeylogfile.md#sslkeylogfile), [SCP and SFTP](usingcurl/scpsftp.md#scp-and-sftp), [TLS for emails](usingcurl/reademail.md#tls-for-emails), [Caveats](usingcurl/mqtt.md#caveats), [HTTPS only](http/versions/http3.md#https-only), [Figure out what a browser sends](http/post/browsersends.md#figure-out-what-a-browser-sends), [HTTPS](http/https.md#https), [TLS fingerprinting](http/browserlike.md#tls-fingerprinting), [FTPS](ftp/ftps.md#ftps), [Trace everything](libcurl/verbose.md#trace-everything), [Caches](libcurl/caches.md#caches), [reuse handles](libcurl/performance.md#reuse-handles), [TLS options](transfers/options/tls.md#tls-options), [All options](transfers/options/all.md#all-options), [SSL context](transfers/callbacks/sslcontext.md#ssl-context), [HTTP proxy](transfers/conn/proxies.md#http-proxy), [Authentication](transfers/auth.md#authentication), [Available information](transfers/getinfo.md#available-information), [URLs](helpers/ws/urls.md#urls), [Different backends](internals/backends.md#different-backends), [connection cache](internals/caches.md#connection-cache), [Variables](internals/tests/file-format.md#variables) + - TLS: [Security](protocols/network.md#security), [How much do protocols change?](protocols/protocols.md#how-much-do-protocols-change), [GOPHERS](protocols/curl.md#gophers), [The URL converted to a request](protocols/http.md#the-url-converted-to-a-request), [Ubuntu and Debian](install/linux.md#ubuntu-and-debian), [lib/vtls](source/layout.md#lib-slash-vtls), [Handling build options](source/options.md#handling-build-options), [Select TLS backend](build/autotools.md#select-tls-backend), [TLS libraries](build/deps.md#tls-libraries), [TLS libraries](build/tls.md#tls-libraries), [Connection reuse](cmdline/urls/connreuse.md#connection-reuse), [Line 1: curl](cmdline/curlver.md#line-1-curl), [Available exit codes](cmdline/exitcode.md#available-exit-codes), [More data](usingcurl/verbose/trace.md#more-data), [Available --write-out variables](usingcurl/verbose/writeout.md#available---write-out-variables), [Change the Host: header](usingcurl/connections/name.md#change-the-host-header), [Never spend more than this to connect](usingcurl/timeouts.md#never-spend-more-than-this-to-connect), [MITM proxy](usingcurl/proxies/mitm.md#mitm-proxy), [TLS](usingcurl/tls.md#tls), [Ciphers](usingcurl/tls/ciphers.md#ciphers), [Enable TLS](usingcurl/tls/enable.md#enable-tls), [TLS versions](usingcurl/tls/versions.md#tls-versions), [Verifying server certificates](usingcurl/tls/verify.md#verifying-server-certificates), [Certificate pinning](usingcurl/tls/pinning.md#certificate-pinning), [OCSP stapling](usingcurl/tls/stapling.md#ocsp-stapling), [Client certificates](usingcurl/tls/clientcert.md#client-certificates), [TLS auth](usingcurl/tls/auth.md#tls-auth), [TLS backends](usingcurl/tls/backends.md#tls-backends), [SSLKEYLOGFILE](usingcurl/tls/sslkeylogfile.md#sslkeylogfile), [Known hosts](usingcurl/ssh/knownhosts.md#known-hosts), [TLS for emails](usingcurl/reademail.md#tls-for-emails), [Caveats](usingcurl/mqtt.md#caveats), [HTTPS only](http/versions/http3.md#https-only), [Figure out what a browser sends](http/post/browsersends.md#figure-out-what-a-browser-sends), [HTTPS](http/https.md#https), [TLS fingerprinting](http/browserlike.md#tls-fingerprinting), [FTPS](ftp/ftps.md#ftps), [Trace everything](libcurl/verbose.md#trace-everything), [Caches](libcurl/caches.md#caches), [reuse handles](libcurl/performance.md#reuse-handles), [TLS options](transfers/options/tls.md#tls-options), [All options](transfers/options/all.md#all-options), [SSL context](transfers/callbacks/sslcontext.md#ssl-context), [HTTP proxy](transfers/conn/proxies.md#http-proxy), [Authentication](transfers/auth.md#authentication), [Available information](transfers/getinfo.md#available-information), [URLs](helpers/ws/urls.md#urls), [Different backends](internals/backends.md#different-backends), [connection cache](internals/caches.md#connection-cache), [Variables](internals/tests/file-format.md#variables) - TLS backend: [Ubuntu and Debian](install/linux.md#ubuntu-and-debian), [lib/vtls](source/layout.md#lib-slash-vtls), [Select TLS backend](build/autotools.md#select-tls-backend), [Line 1: curl](cmdline/curlver.md#line-1-curl), [Available exit codes](cmdline/exitcode.md#available-exit-codes), [TLS](usingcurl/tls.md#tls), [Native CA stores](usingcurl/tls/verify.md#native-ca-stores), [Certificate pinning](usingcurl/tls/pinning.md#certificate-pinning), [OCSP stapling](usingcurl/tls/stapling.md#ocsp-stapling), [Client certificates](usingcurl/tls/clientcert.md#client-certificates), [TLS backends](usingcurl/tls/backends.md#tls-backends), [CA cert cache](libcurl/caches.md#ca-cert-cache), [SSL context](transfers/callbacks/sslcontext.md#ssl-context) - TODO: [Future](project/future.md#future), [Suggestions](source/contributing.md#suggestions) - --tr-encoding: [Transfer encoding](http/response.md#transfer-encoding), [Compression](http/modify/compression.md#compression) @@ -455,7 +455,7 @@ ## U - -U: [Building libcurl on MSYS2](install/windows/win-msys2.md#building-libcurl-on-msys2), [Proxy authentication](usingcurl/proxies/auth.md#proxy-authentication) - - -u: [Building libcurl on MSYS2](install/windows/win-msys2.md#building-libcurl-on-msys2), [Passwords](cmdline/passwords.md#passwords), [URLs](usingcurl/scpsftp.md#urls), [IMAP](usingcurl/reademail.md#imap), [Authentication](http/auth.md#authentication) + - -u: [Building libcurl on MSYS2](install/windows/win-msys2.md#building-libcurl-on-msys2), [Passwords](cmdline/passwords.md#passwords), [URLs](usingcurl/ssh/url.md#urls), [Authentication](usingcurl/ssh/auth.md#authentication), [IMAP](usingcurl/reademail.md#imap), [Authentication](http/auth.md#authentication) - Ubuntu: [Ubuntu and Debian](install/linux.md#ubuntu-and-debian) - URL Globbing: [URL globbing](cmdline/globbing.md#url-globbing) - URL parser: [Browsers](cmdline/urls/browsers.md#browsers), [trurl](cmdline/urls/trurl.md#trurl), [`CURLU_ALLOW_SPACE`](helpers/url/parse.md#curlu_allow_space) @@ -472,7 +472,7 @@ ## W - Wireshark: [Available exit codes](cmdline/exitcode.md#available-exit-codes), [Trace options](usingcurl/verbose/trace.md#trace-options), [SSLKEYLOGFILE](usingcurl/tls/sslkeylogfile.md#sslkeylogfile), [Figure out what a browser sends](http/post/browsersends.md#figure-out-what-a-browser-sends) - - wolfSSH: [SSH libraries](build/deps.md#ssh-libraries), [SCP and SFTP](usingcurl/scpsftp.md#scp-and-sftp), [``](internals/tests/file-format.md#sect--less-than-features-greater-than) + - wolfSSH: [SSH libraries](build/deps.md#ssh-libraries), [``](internals/tests/file-format.md#sect--less-than-features-greater-than) - wolfSSL: [Commercial support](project/support.md#commercial-support), [lib/vtls](source/layout.md#lib-slash-vtls), [TLS libraries](build/tls.md#tls-libraries), [Native CA stores](usingcurl/tls/verify.md#native-ca-stores), [Restrictions](usingcurl/tls/sslkeylogfile.md#restrictions), [All options](transfers/options/all.md#all-options), [SSL context](transfers/callbacks/sslcontext.md#ssl-context), [``](internals/tests/file-format.md#sect--less-than-features-greater-than) - Write callback: [make callbacks as fast as possible](libcurl/performance.md#make-callbacks-as-fast-as-possible), [Callback considerations](libcurl/cplusplus.md#callback-considerations), [All options](transfers/options/all.md#all-options), [Write data](transfers/callbacks/write.md#write-data), [Response body](libcurl-http/responses.md#response-body), [1. The callback approach](helpers/ws/concept.md#sect-1-dot--the-callback-approach), [Raw mode](helpers/ws/options.md#raw-mode), [Write callback](helpers/ws/read.md#write-callback), [Get a simple HTTP page](examples/get.md#get-a-simple-http-page), [Get a response into memory](examples/getinmem.md#get-a-response-into-memory) - --write-out: [Error message](cmdline/exitcode.md#error-message), [Write out](usingcurl/verbose/writeout.md#write-out), [Overwriting](usingcurl/downloads/storing.md#overwriting), [HTTP response codes](http/response.md#http-response-codes) From bef8ce1dd5f4028fd474751bdffc3b8efdbc0618 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 18 Jun 2024 15:31:53 +0200 Subject: [PATCH 3/5] fixup usingcurl/README.md --- usingcurl/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usingcurl/README.md b/usingcurl/README.md index 261a486be8..fc273f746d 100644 --- a/usingcurl/README.md +++ b/usingcurl/README.md @@ -18,7 +18,7 @@ conveniently as possible. * [.netrc](netrc.md) * [Proxies](proxies/) * [TLS](tls.md) - * [SCP and SFTP](scpsftp.md) + * [SCP and SFTP](ssh/) * [Reading email](reademail.md) * [Sending email](smtp.md) * [DICT](dict.md) From b882407f08ff1c5ad19c5edbb530e0930ab2cb5b Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 18 Jun 2024 15:36:02 +0200 Subject: [PATCH 4/5] fixup broken link --- cmdline/exitcode.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/cmdline/exitcode.md b/cmdline/exitcode.md index 329f7bb4a2..170421a68f 100644 --- a/cmdline/exitcode.md +++ b/cmdline/exitcode.md @@ -255,9 +255,8 @@ A basic Unix shell script could look like something like this: 51. The server's SSL/TLS certificate or SSH fingerprint failed verification. curl can then not be sure of the server being who it claims to be. See the - [using TLS with curl](../usingcurl/tls.md) and - [using SCP and SFTP with curl](../usingcurl/scpsftp.md) sections for more - details. + [using TLS with curl](../usingcurl/tls.md) and [using SCP and SFTP with + curl](../usingcurl/ssh/README.md) sections for more details. 52. The server did not reply anything, which in this context is considered an error. When an HTTP(S) server responds to an HTTP(S) request, it always From 4dd6b6046254b3f970c042ab1dc88ae54a684217 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 18 Jun 2024 15:37:36 +0200 Subject: [PATCH 5/5] fixup link better --- cmdline/exitcode.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmdline/exitcode.md b/cmdline/exitcode.md index 170421a68f..95a76c74b0 100644 --- a/cmdline/exitcode.md +++ b/cmdline/exitcode.md @@ -256,7 +256,7 @@ A basic Unix shell script could look like something like this: 51. The server's SSL/TLS certificate or SSH fingerprint failed verification. curl can then not be sure of the server being who it claims to be. See the [using TLS with curl](../usingcurl/tls.md) and [using SCP and SFTP with - curl](../usingcurl/ssh/README.md) sections for more details. + curl](../usingcurl/ssh/) sections for more details. 52. The server did not reply anything, which in this context is considered an error. When an HTTP(S) server responds to an HTTP(S) request, it always