From 5d2b0faec219db1cea07ef0ca6c804c4f172f93d Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 19 Dec 2023 08:48:21 +0100 Subject: [PATCH] CURLOPT_SSH_*_KEYFILE: clarify Closes #12554 --- docs/libcurl/opts/CURLOPT_SSH_PRIVATE_KEYFILE.3 | 9 +++++++-- docs/libcurl/opts/CURLOPT_SSH_PUBLIC_KEYFILE.3 | 7 ++++--- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/docs/libcurl/opts/CURLOPT_SSH_PRIVATE_KEYFILE.3 b/docs/libcurl/opts/CURLOPT_SSH_PRIVATE_KEYFILE.3 index 12cc5410da..974a5b786d 100644 --- a/docs/libcurl/opts/CURLOPT_SSH_PRIVATE_KEYFILE.3 +++ b/docs/libcurl/opts/CURLOPT_SSH_PRIVATE_KEYFILE.3 @@ -34,12 +34,17 @@ CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSH_PRIVATE_KEYFILE, .SH DESCRIPTION Pass a char * pointing to a \fIfilename\fP for your private key. If not used, libcurl defaults to \fB$HOME/.ssh/id_rsa\fP or \fB$HOME/.ssh/id_dsa\fP if the -HOME environment variable is set, and just \fB"id_rsa"\fP or \fB"id_dsa"\fP in -the current directory if HOME is not set. +HOME environment variable is set, and in the current directory if HOME is not +set. If the file is password-protected, set the password with \fICURLOPT_KEYPASSWD(3)\fP. +The SSH library derives the public key from this private key when possible. If +the SSH library cannot derive the public key from the private one and no +public one is provided with \fICURLOPT_SSH_PUBLIC_KEYFILE(3)\fP, the transfer +fails. + The application does not have to keep the string around after setting this option. .SH DEFAULT diff --git a/docs/libcurl/opts/CURLOPT_SSH_PUBLIC_KEYFILE.3 b/docs/libcurl/opts/CURLOPT_SSH_PUBLIC_KEYFILE.3 index 93d9241e08..6a1d6991bf 100644 --- a/docs/libcurl/opts/CURLOPT_SSH_PUBLIC_KEYFILE.3 +++ b/docs/libcurl/opts/CURLOPT_SSH_PUBLIC_KEYFILE.3 @@ -37,9 +37,10 @@ libcurl defaults to \fB$HOME/.ssh/id_dsa.pub\fP if the HOME environment variable is set, and just "id_dsa.pub" in the current directory if HOME is not set. -If NULL (or an empty string) is passed, libcurl passes no public key to -libssh2, which then computes it from the private key. This is known to work -with libssh2 1.4.0+ linked against OpenSSL. +If NULL (or an empty string) is passed to this option, libcurl passes no +public key to the SSH library, which then rather derives it from the private +key. If the SSH library cannot derive the public key from the private one and +no public one is provided, the transfer fails. The application does not have to keep the string around after setting this option.