cURL Manager Manual

Contents Intro ..................................................................................................................................... 1

Creating and Changing Your Password ............................................................................... 2

Add a Known Host ............................................................................................................... 3

Remove a Known Host........................................................................................................ 4

Figure Out What’s in an Existing known_hosts File ............................................................. 4

Export Known Hosts Data .................................................................................................... 5

Importing Known Hosts ....................................................................................................... 7

Generating New SSH Keys .................................................................................................. 8

Importing SSH Keys ............................................................................................................ 9

Automatic Upgrade Notifications ...................................................................................... 10

Advanced Update Settings ................................................................................................ 12

Planned Features for Future Releases ................................................................................ 12

Intro

The cURL Manager serves two unrelated purposes. First, it provides automatic update notifications for curl. Second, it makes curl’s sftp functions easier to use on Windows by creating the necessary directories and files, and providing a graphical interface for managing a known_hosts file.

I decided to make the cURL Manager because it’s exactly what I would have wanted when I was trying to figure out how to use curl for sftp. I hope it makes your scripting and web-hacking a little less frustrating and a bit more fun.

Creating and Changing Your Password

You will be prompted to create a password the first time you try to add or import known hosts data. To change your password:

1. Select Options from the main menu, and then select Change password.

Figure 1 Menu item to change your password

2. Enter your old password, and then enter your new password twice and click OK.

Figure 2 Change password window

By default, new versions of OpenSSH irreversibly scramble (a.k.a. “hash”) the domain names in the known_hosts file. This provides an extra layer of security, but makes it difficult to keep the entries organized. The cURL Manager saves extra information in its own data file, such as the unscrambled domain names and the dates they were added, and then uses reversible encryption to scramble all of the data. The password is required for encrypting and decrypting your data.

Note: The cURL Manager data file, known_hosts.cbc, is located in the directory %AppData%\ConfusedByCode\cURLManager.

Add a Known Host

Figure 3 Manage Known Hosts tab

1. Double click the known hosts list and enter or create a password.

2. Type the domain name in the domain entry box, and then hit Enter or click the add host button.

3. You will be shown the public key fingerprint for the server you are connecting to. If the fingerprint is correct, click Yes.

Figure 4 Fingerprint prompt

4. The verified server will be added to your known_hosts file (%AppData%\_ssh\known_hosts), and it will appear in the known hosts list.

You should now be able to use curl to transfer data via sftp connections with the listed server.

Note: You can open the actual known_hosts file by selecting File > View known hosts file.

Remove a Known Host

1. Click anywhere on a row in the known hosts list to select the host server you want to remove.

2. Click the remove host button.

3. A window will pop up asking you to confirm your decision. Click OK.

Once you confirm, the server will be removed from your known_hosts file (%AppData%\_ssh\known_hosts), and it will disappear from the known hosts list. You will no longer be able to use curl to make sftp connections to that server.

Figure Out What’s in an Existing known_hosts File

You might have already figured out that curl looks for the known_hosts file in the %AppData%\_ssh directory, and so you might already have a known_hosts file where the cURL Manager looks for one. If this is the case, the first time you use the cURL Manager it will automatically import the existing known hosts into its data file and show them in the known hosts list.

Figure 5 Entry from existing known_hosts file

If you want to figure out which entries belong to which servers, simply enter a domain name as if you were adding a new host. The cURL Manager will automatically add the domain name to matching host keys.

Figure 6 Host name found

Note: If you remove the entry from the cURL Manager, it will be removed from your known_hosts file.

Export Known Hosts Data

You can export the known host data from the cURL Manager as a plaintext XML file, which can be imported by the cURL Manager from another user account on the same PC, or on a completely different PC that has the cURL Manager installed.

After entering your password:

1. Select File > Export known hosts

Figure 7 File > Export known hosts

2. Choose the folder or removable drive where you want to save the exported data, and click Save. By default, the exported file is called known_hosts.xml

Figure 8 Exporting known hosts

Note: The exported file is an unencrypted version of the data file used by the cURL Manager.

Figure 9 Plaintext known host xml data

Importing Known Hosts

To import known hosts from an XML file:

1. Select File > Import known hosts

Figure 10 File > Import known hosts

2. Browse to the folder or removable drive where the exported known hosts file was saved, and select the file. Click Open.

Figure 11 Selecting a known hosts xml data file

Any new hosts from the imported file will be added to the known_hosts file and the cURL Manager data file. Entries will not be duplicated, so it doesn’t matter if some of the imported hosts are already in the cURL Manager.

Note: As a security precaution, you should delete the plaintext XML file after importing the data.

Generating New SSH Keys

Figure 12 SSH Keys tab

The cURL Manager includes a basic SSH key generator. It’s intended to be a convenient way to generate the type of SSH key understood by curl (OpenSSH). For a more complete SSH key generator, try the free and excellent PuTTYgen, available at www.chiark.greenend.org.uk/~sgtatham/putty/.

To create a new SSH Key pair (a public key and a private key), simply click the new key button. When the key is ready, the text below the button will change from “Load or generate a key to export…” to “New SSH key ready!” The generated key will be an SSH2-RSA key with 2048 bits of data.

Once the key pair has been generated, you can choose to export the OpenSSH public key, the private key, or both.

To export the OpenSSH public key simply click the save public key button.

To export the private key enter and confirm a password in the new password boxes, and then click the save private key button.

To export a key pair, first enter and confirm a private key password in the new password boxes. Second, enter a name for your key pair in the quick pair name box. Finally, click the save quick pair button.

The keys will be automatically saved in %AppData%\_ssh. The private key will take the name you entered in the quick pair name box, and the public key will use the same name with a “.pub” file extension. For example, if you named your quick pair “my_key”, the private key file would be “my_key”, and the public key would be “my_key.pub”.

Importing SSH Keys

You can import an existing private key to save a new public or private key. The imported key can be OpenSSH format or Putty Private Key format, but the exported key will always be OpenSSH format. It’s a convenient way to convert a Putty key to an OpenSSH key pair that you can use with curl, or to simply change the password or generate public keys for an existing OpenSSH key.

To import a key:

1. Enter the private key password of the key you want to import in the password entry box.

2. Click the load key button.

3. Browse to the private key you want to load, and select the file.

Figure 13 Loading an existing private key

Once the key is loaded, you can export public and private keys the same way as you do when generating new keys.

Tip: Did you know curl can actually use Pageant for agent-based logons? Simply load a key into Pageant, and run your sftp command with curl without specifying any keys. Curl will automatically use Pageant to log you in.

Automatic Upgrade Notifications

Figure 14 Auto upgrade settings

The Update Settings tab is self-explanatory: choose whether or not cURL Manager checks for upgrades. You must run the cURL Manager as an Administrator to change this setting.

The cURL Manager will check confusedbycode.com for updates every Friday at 7:05PM. If the computer is off or asleep at that time, it will skip the update check and try again the following week.

If an upgrade is found you will be receive a desktop notification:

Figure 15 Update notification

If you click on the notification, the update package will be downloaded to your %temp% folder:

Figure 16 Download notification

You will be notified again when the download is complete. Click the notification to install:

Figure 17 Install prompt

Known bug: Occasionally after the installation completes, you will receive an error message with .NET debugging info. If you see this, don’t panic; the upgrade was most likely successful. The cURL Manager update program, UpdateNotification.exe, usually deletes the upgrade package from your temp folder after the installation completes. If you see the error message, it simply means that the updater failed to delete the temporary file.

Advanced Update Settings

The cURL Manager update program is triggered by Windows Task Scheduler. You can tweak settings like the update time and frequency by opening the task scheduler and selecting the task called cURLUpdater, as seen below.

Figure 18 View of scheduled cURLUpdate task in Task Scheduler

Planned Features for Future Releases

Here’s a list of a few features that are in the works:

1. Synchronize known hosts data with PuTTY known hosts data.

2. Bulk host verification: provide list of domains with correct fingerprint, and cURL Manager will check them and add valid entries to known_hosts.

3. More options for key generation.

4. More options for updates from within the cURL Manager application.