Blink: curl: SSH remote key was not okay

Hi @saptarshiguha.
This is know issue. As a workaround you can ssh2 to that host first, so ssh2 will add host to known hosts file in format scp understands.

Thanks! Tried

blink> ssh2 rguha
Connected to 66.228.35.34
The authenticity of host rguha  can't be established.
RSA key fingerprint is PGOgoW@&*@(!@^@&*@
Are you sure you want to continue connecting (yes/no)?yes
Permanently added key for rguha  to list of known hosts.
Last login: Mon Nov  5 20:25:25 2018 from guest.net
[joy@li285-34 ~]$ logout

And then

blink> scp -vvvv test.jpg rguha:/tmp/
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
*  Trying XYZ
* TCP_NODELAY set
* Connected to rguha port 22 (#0)
* SSH MD5 fingerprint: 1f7008db6.....15d16b9
* SSH host check: 0, key: AAAA.....JRlP6mBqL
* SSH authentication methods available: publickey,gssapi-keyex,gssapi-with-mic,password
* Using private key stored in BlinkShell keys: 'mouchak'
* SSH public key authentication failed: Username/PublicKey combination invalid
* Failure connecting to agent
* Authentication failure
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
* Closing connection 0
curl: (67) Authentication failure

but i can ssh and ssh2 into the above host just fine.

What type of the key you are using? RSA?

DSA.

Hmm, switched to a RSA key and it worked fine.
Closing this issue
Thanks much

I’m using an ECDSA key and can’t use scp currently. Is there a way to specify an override key, one that is configured in Blink? I don’t see an id_ecdsa in the filesystem, so overriding with —key in scp/curl doesn’t seem right.

The output shows that key is <none>:

blink> scp file nuc.local:~/file -v
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 10.42.69.11...
* TCP_NODELAY set
* Connected to nuc.local (10.42.69.11) port 22 (#0)
* SSH MD5 fingerprint: 6e2814b3ace9570abc909b1158ac89a8
* SSH host check: 2, key: <none>
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
* Closing connection 0
curl: (51) SSL peer certificate or SSH remote key was not OK

Switching to an RSA key could be a workaround, but I’d prefer to keep my ECDSA key.

I have the same issue. I think my host key may be in a wrong format, but Imhave no control over it. All my iOS keys are RSA and generated by Blink itself.
This is a very frustrating issue as it misdirected to try to debug curl issues with scp, which even sounds weird.
Workaround with ssh2 unifi worked.

Here is an example output:

blink> ssh -v unifi ls -l /srv/unifi/data/sites/default/config.gateway.json
socket_callback_connected: Socket connection callback: 1 (0)
ssh_client_connection_callback: SSH server banner: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u7
ssh_analyze_banner: Analyzing banner: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u7
ssh_analyze_banner: We are talking to an OpenSSH client version: 6.7 (60700)
blink: setting socket keepalive: 1
ssh_userauth_request_service: Failed to request "ssh-userauth" service
ssh_packet_userauth_failure: Access denied. Authentication that can continue: publickey,password
blink: import key timothy@iOS
blink: open channels
blink: open session
-rw------- 1 unifi unifi 1019 Jul 12 15:25 /srv/unifi/data/sites/default/

blink> scp -vvv unifi:/srv/unifi/data/sites/default/config.gateway.json ./
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 192.168.0.149...
* TCP_NODELAY set
* Connected to unifi.home.timothybasanov.com (192.168.0.149) port 22 (#0)
* SSH MD5 fingerprint: 5a36644047814e202a86b22088ac5198
* SSH host check: 2, key: <none>
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
* Closing connection 0
curl: (51) SSL peer certificate or SSH remote key was not OK

Switching to RSA didn't work for me, but in case it helps, removing the certificate check with --insecure (a standard CURL option) AND being explicit with the username and remote target path worked to get past the "SSL peer certificate or SSH remote key" error:

scp --insecure -vvv <local-file-path> <user>@<host name or IP>:<remote-file-path>

Had an error exactly like this, turns out the ssh I used in the blink shell for ssh-keygen is a different SSH key when I go through config > Keys. After adding the actual public key to my destination host (and making sure the authorized_keys and .ssh folder has the correct permissions), I was able to use scp and sftp without issues! Hope this helps anyone else with similar issues.