Description of problem:
When the server uses an ECDSA key, curl fails to verify it's entry in the known hosts file when accessing using SFTP.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Create an ECDSA key pair for the SSH server:
# ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ''
2. Authorize the user key to access the SSH server (assuming the user has an RSA key):
$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
3. Add the entry to the known_hosts file
$ echo 'localhost $(cat "/etc/ssh/ssh_host_ecdsa_key.pub")' >> ~/.ssh/known_hosts
4. Create a file to download:
$ dd if=/dev/zero of=~/testfile bs=1M count=1
5. Restart SSH server
$ systemctl restart sshd
6. Download using curl and SFTP
$ curl -o ./sftp_file -u testuser: --key ~/.ssh/id_rsa \
--pubkey ~/.ssh/id_rsa.pub sftp://localhost/home/$(whoami)/testfile
curl: (60) SSL peer certificate or SSH remote key was not OK
No errors and the file is downloaded correctly.
Using RSA, ED25519, or DSA keys no error is generated and the download is successful
Anderson, thank you for creating the pull request upstream!
upstream commit: https://github.com/curl/curl/commit/14bf7eb6
dist-git commit: https://src.fedoraproject.org/rpms/curl/c/6a752013
FEDORA-2020-e763186d31 has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-e763186d31
FEDORA-2020-e763186d31 has been pushed to the Fedora 32 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-e763186d31`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-e763186d31
See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2020-e763186d31 has been pushed to the Fedora 32 stable repository.
If problem still persists, please make note of it in this bug report.