Verify host key with pysftp

前端 未结 9 872
北海茫月
北海茫月 2020-11-22 08:33

I am writing a program using pysftp, and it wants to verify the SSH host Key against C:\\Users\\JohnCalvin\\.ssh\\known_hosts.

Using PuTTY, the terminal

相关标签:
9条回答
  • 2020-11-22 08:56

    Try to use the 0.2.8 version of pysftp library. $ pip uninstall pysftp && pip install pysftp==0.2.8

    And try with this:

    try:
        ftp = pysftp.Connection(host, username=user, password=password)
     except:
        print("Couldn't connect to ftp")
        return False
    

    Why this? Basically is a bug with the 0.2.9 of pysftp here all details https://github.com/Yenthe666/auto_backup/issues/47

    0 讨论(0)
  • 2020-11-22 08:57

    I've implemented auto_add_key in my pysftp github fork.

    auto_add_key will add the key to known_hosts if auto_add_key=True
    Once a key is present for a host in known_hosts this key will be checked.

    Please reffer Martin Prikryl -> answer about security concerns.

    Though for an absolute security, you should not retrieve the host key remotely, as you cannot be sure, if you are not being attacked already.

    import pysftp as sftp
    
    def push_file_to_server():
        s = sftp.Connection(host='138.99.99.129', username='root', password='pass', auto_add_key=True)
        local_path = "testme.txt"
        remote_path = "/home/testme.txt"
    
        s.put(local_path, remote_path)
        s.close()
    
    push_file_to_server()
    

    Note: Why using context manager

    import pysftp
    with pysftp.Connection(host, username="whatever", password="whatever", auto_add_key=True) as sftp:
        #do your stuff here
    #connection closed
    
    0 讨论(0)
  • 2020-11-22 09:00

    Cook book to use different ways of pysftp.CnOpts() and hostkeys options.

    Source : https://pysftp.readthedocs.io/en/release_0.2.9/cookbook.html

    Host Key checking is enabled by default. It will use ~/.ssh/known_hosts by default. If you wish to disable host key checking (NOT ADVISED) you will need to modify the default CnOpts and set the .hostkeys to None.

    import pysftp
    cnopts = pysftp.CnOpts()
    cnopts.hostkeys = None
    with pysftp.Connection('host', username='me', password='pass', cnopts=cnopts):
        # do stuff here
    

    To use a completely different known_hosts file, you can override CnOpts looking for ~/.ssh/known_hosts by specifying the file when instantiating.

    import pysftp
    cnopts = pysftp.CnOpts(knownhosts='path/to/your/knownhostsfile')
    
    with pysftp.Connection('host', username='me', password='pass', cnopts=cnopts):
        # do stuff here
    

    If you wish to use ~/.ssh/known_hosts but add additional known host keys you can merge with update additional known_host format files by using .load method.

    import pysftp
    cnopts = pysftp.CnOpts()
    cnopts.hostkeys.load('path/to/your/extra_knownhosts')
    with pysftp.Connection('host', username='me', password='pass', cnopts=cnopts):
        # do stuff here
    
    0 讨论(0)
提交回复
热议问题