Unable to use hostkey from registry to connect to EFT server using pySFTP

Question

I'm at a total loss with this code. I'm trying to set up a script to transfer files from an EFT server to a local folder on a regular basis. I'n using pySFTP and by the looks of ti the file transfer code is very simple.

However I can't connect to the EFT server due to issues with the hostkey. I'm not familiar with how hostkeys work and despite reading a lot about it I'm still not sure I understand it. I've tried this first code, from Martin Prikryl. I've replaced the actual login details with placeholders as this is a work server so can't share here, however I'm 100% certain I'm using the right ones:

import pysftp
import paramiko
from base64 import decodebytes

keydata = b"""0x11,0xc83f438e85c279c64150c44db874ab091267f38a69843dbdfb0d5b729109b4db64c706af00a68f243740149afa1c3022ebb5435904256229f5820050678361a2880bdb8934d4876c8383d4bd457b74397178880c9ae669645d778510e3ff1dcc1ac91ab43701fda075afaab49a0c3526bd98e848895221791c68b4aa98fe196f2e7ba998a713d48608f38c2699dc8b8d1bd70bedee143a7aad1fd6b2409c77588bc0d9dd2fecae9cf272a0242f2080f5054e78a100a94fda577bdab18ba75676aa999d2dd31c3df56c62cbd6e45aa5bffcb44de2ef129dfe97f6bf6d6d51032fe138950409168c003d3d316588b40ba97b5cc8122d0a323bd809bc3c53074bdb"""
key = paramiko.RSAKey(data=decodebytes(keydata))
cnopts = pysftp.CnOpts()
cnopts.hostkeys.add('HOST', 'rsa2022', key)

host = "HOST"
username = "USER"
password = "PASS"

with pysftp.Connection(host, username, password, cnopts=cnopts) as sftp:
    print("Connection established...")

This fails due to a padding issue. I got this key by using Putty to connect to the server, which saved the key to my registry. I've also tried using the key provided by the server owner:

import pysftp
import paramiko
from base64 import decodebytes

keydata = b"""e1:98:d0:0e:85:f8:51:23:87:fa:24:4b:7e:81:88:e8"""
key = paramiko.RSAKey(data=decodebytes(keydata))
cnopts = pysftp.CnOpts()
cnopts.hostkeys.add('HOST', 'ssh-rsa', key)

host = "HOST"
username = "USER"
password = "PASS"

with pysftp.Connection(host, username, password, cnopts=cnopts) as sftp:
    print("Connection established...")

This gives me an error saying - UnicodeDecodeError: 'utf-8' codec can't decode bytes in position 2-3: invalid continuation byte - which I'm not sure on. I've tried removing the colons but I get the same error.

I've tried 5 or 6 different solutions and my biggest issue is, Putty has stored the hostkey in my Registry and pySFTP or Paramiko (to my knowledge) cannot access it there.

I've looked into creating a known_hosts file myself for pySFTP to reference but can't find any clear way of doing this.

Admittedly this is more advanced Python than I'm used to but how it wants the hostkey is completely confusing me. If anyone can suggest a solution or an alternative to try, I'm open to all suggestions.

Answer 1

Thank you so much for your help Martin Prikryl. I used ssh-keyscan (despite my permissions it let me use this in cmd prompt) and got the true hostkey. This then worked in your code for verifying hostkeys with pySFTP!

So, to answer my own question, here is my working code, with HOSTKEY being the key gathered through ssh-keyscan in command prompt:

import pysftp
import paramiko
from base64 import decodebytes

keydata = b"""HOSTKEY"""
key = paramiko.RSAKey(data=decodebytes(keydata))
cnopts = pysftp.CnOpts()
cnopts.hostkeys.add('HOST', 'ssh-rsa', key)

myHost = "HOST"
myUsername = "USER"
myPassword = "PASSWORD"

with pysftp.Connection(host=myHost, username=myUsername, password=myPassword, cnopts=cnopts) as sftp:
    print("Connection established...")

I still can't work out how to create or populate a known_hosts file but trying the '> known_hosts' command in cmd prompt gets me an access denied so it's entirely possible I don't have access to the location it would be stored in anyway. This code will be run on a secure machine only I have access to so it's not a massive issue.