0

I am working on an sftp connectivity set up:

import os
from Crypto.Cipher import AES 
import paramiko
import pysftp as sftp

cnopts = sftp.CnOpts(knownhosts='C:/Users/mposc/.shh/known_hosts/')
cnopts.hostkeys.load('projectKey.pub')
#cnopts.hostkeys = None

def sftpconnect():
    try:
        cnnt = sftp.Connection(host="example.host.com", username="usersample", password="*****", cnopts=cnopts)

        print("connection succesful")
        cnnt.close()
    except Exception as e:
        print (str(e))

sftpconnect()

and i have the following known argument:

UserWarning: Failed to load HostKeys from C:/Users/mposc/.shh/known_hosts/.  You will need to explicitly load HostKeys (cnopts.hostkeys.load(filename)) or disableHostKey checking (cnopts.hostkeys = None).

I have create the public key using Windows cmd (https://phoenixnap.com/kb/generate-ssh-key-windows-10) and the file is stored here: C:\Users\mposc.shh\known_hosts\projectKey.pub

I have searched around and find very useful notes form users, especially: Verify host key with pysftp

I am still struggling with this: if I set the cnopts.hostkeys.load('projectKey.pub') I cannot connect and with error: UserWarning: Failed to load HostKeys from C:/Users/mposc/.shh/known_hosts/. If I set cnopts.hostkeys = None I can connect..

I read that this is a pysftp bug, but I am concern that this is not safe. I have tried several different options from the pysftp library and as suggested in different site. How do I add the file name correctly?

maria
  • 33
  • 6
  • This is absolutely not the issue, but I presume you meant for that folder to be ".ssh". Anyway, you're correct that not verifying host keys isn't the idea solution. see here for a similar issue: https://stackoverflow.com/questions/38939454/verify-host-key-with-pysftp – theherk Oct 06 '21 at 13:48
  • 1
    This is the problem: *"I have create the public key using Windows cmd"* – If you aim to verify a host key, you are not supposed to *create* any key! The host (=server) has a key already. And you need to verify it. You are possibly confusing host key and the key used for authentication (in place of the password). Check my article [Understanding SSH Key Pairs](https://winscp.net/eng/docs/ssh_keys) and follow my answer to the question linked above by @theherk. – Martin Prikryl Oct 06 '21 at 13:51
  • I have changed the folder to folder: .shh > 'C:/Users/mposc/.shh/ and named the file: maybe my known_hosts.pub still error persist. The host I am connecting to is sftp.bloomberg.com and there is is no key to pair. we do not provide a pair key, user can connect to the host using client sftp (Win SCP, cute FTP, ect) but I am trying to connect using a script form python. Without the public key I created using cmd I was not able to connect. With the key I can connect.. but only if i set cnopts.hostkeys = None which however is not safe and still gives me a warning. – maria Oct 06 '21 at 16:15
  • 1
    Once again, did you read [Verify host key with pysftp](https://stackoverflow.com/q/38939454/850848#43389508)? It never mentions any `known_hosts.pub` – you have made that up. Also it's `.ssh`, not `.shh`. + Do not post any information in comments. Edit all your attempts into your question. – Martin Prikryl Oct 06 '21 at 16:35
  • Indeed, few issues here: file name was misspelled; I needed to add the host name to the known_hosts.pub (change it manually) and adjust the code slightly: 'fn = r"C:\Users\mposc\.ssh\known_hosts.pub" cnopts = sftp.CnOpts(knownhosts=fn) cnopts.hostkeys.load(fn)' I got rid of all the warnings and got ‘Bad host key from server’ which I resolved with paramiko.Transport class - https://stackoverflow.com/questions/45172792/using-python-pysftp-package-getting-a-sshexception-bad-host-key-from-server - now it works! thanks – maria Oct 06 '21 at 19:23
  • 1
    That answer is wrong. Using `Transport` class that way completely bypasses the host key verification. So you are basically back at `cnopts.hostkeys=None`. + Once again, do not post any information in comments. Edit all your attempts into your question. – Martin Prikryl Oct 06 '21 at 19:44

0 Answers0