pysftp giving AuthenticationException

Question

I am trying to develop azure function in python where I have to upload some files on SFTP server. I have got following code for the same.

logging.info('Uploading file to mysguard sftp server')

# Get the variables from vault
user_name = os.getenv('UsernameFromKeyVault')
server_name = os.getenv('sftpserverFromKeyVault')
myskey_pass = os.getenv('myskeypasFromKeyVault')
myskey = os.getenv('myskeyFromKeyVault')
hostkey = os.getenv('hostkeyFromKeyVault')
known_hosts = bytes(str(hostkey), 'UTF-8')
key_path = os.getenv('myfunKeyPathFromKeyVault')

# Adding host key to pysftp connection
key = paramiko.RSAKey(data=decodebytes(known_hosts))
cnopts = pysftp.CnOpts()
#cnopts.hostkeys = None
cnopts.hostkeys.add(server_name, 'ssh-rsa', key)

# Write to file
f = open(key_path,"w+")
f.write(myskey)
f.close()


# Create a connection
with pysftp.Connection(host=server_name,username=user_name,private_key=key_path, private_key_pass=myskey_pass,cnopts=cnopts,log=1) as sftp:
        with sftp.cd('/'):
            dirs = sftp.listdir()
sftp.close()
os.remove(key_path)
return dirs

This code is working when I run on my local machine but when I upload on Azure it is throwing AuthenticationException.

Result: Failure Exception: AuthenticationException: Authentication failed. Stack: File "/azure-functions-host/workers/python/3.9/LINUX/X64/azure_functions_worker/dispatcher.py", line 402, in _handle__invocation_request call_result = await self._loop.run_in_executor( File "/usr/local/lib/python3.9/myfunrent/futures/thread.py", line 58, in run result = self.fn(*self.args, **self.kwargs) File "/azure-functions-host/workers/python/3.9/LINUX/X64/azure_functions_worker/dispatcher.py", line 611, in _run_sync_func return ExtensionManager.get_sync_invocation_wrapper(context, File "/azure-functions-host/workers/python/3.9/LINUX/X64/azure_functions_worker/extension.py", line 215, in _raw_invocation_wrapper result = function(**args) File "/home/site/wwwroot/myfunsftp/__init__.py", line 139, in main list = mysupload() File "/home/site/wwwroot/myfunsftp/__init__.py", line 46, in mysupload with pysftp.Connection(host=server_name,username=user_name,private_key=key_path, private_key_pass=myskey_pass,cnopts=cnopts,log=1) as sftp: File "/home/site/wwwroot/.python_packages/lib/site-packages/pysftp/__init__.py", line 143, in __init__ self._transport.connect(**self._tconnect) File "/home/site/wwwroot/.python_packages/lib/site-packages/paramiko/transport.py", line 1333, in connect self.auth_publickey(username, pkey) File "/home/site/wwwroot/.python_packages/lib/site-packages/paramiko/transport.py", line 1580, in auth_publickey return self.auth_handler.wait_for_response(my_event) File "/home/site/wwwroot/.python_packages/lib/site-packages/paramiko/auth_handler.py", line 250, in wait_for_response raise

All the variables are getting fetched correctly from key vault in Azure function. I though it might be related to Authentication failed pysftp with private key and tried to fix paramiko to 2.8.1 in requirements.txt but still it is throwing the same error. Any idea what could be the issue?

Paramiko logging enabled for local execution.

[2022-02-10T13:26:01.794Z] Executing 'Functions.myfunsftp' (Reason='This function was programmatically called via the host APIs.', Id=4a3a305d-9fae-4afc-bce4-0b59806cdb15)
[2022-02-10T13:26:02.095Z] Python HTTP trigger function processed a request.
[2022-02-10T13:26:02.100Z] Uploading file to mysguard sftp server
[2022-02-10T13:26:02.175Z] DEB [20220210-14:26:02.173] thr=1   paramiko.transport: starting thread (client mode): 0x56d160a0
[2022-02-10T13:26:02.177Z] DEB [20220210-14:26:02.174] thr=1   paramiko.transport: Local version/idstring: SSH-2.0-paramiko_2.8.1
[2022-02-10T13:26:02.184Z] DEB [20220210-14:26:02.184] thr=1   paramiko.transport: Remote version/idstring: SSH-2.0-CerberusFTPServer_12.0       
[2022-02-10T13:26:02.186Z] INF [20220210-14:26:02.184] thr=1   paramiko.transport: Connected (version 2.0, client CerberusFTPServer_12.0)        
[2022-02-10T13:26:02.272Z] DEB [20220210-14:26:02.271] thr=1   paramiko.transport: kex algos:['ecdh-sha2-nistp256', 'ecdh-sha2-nistp384', 'ecdh-sha2-nistp521', 'diffie-hellman-group-exchange-sha256', 'diffie-hellman-group18-sha512', 'diffie-hellman-group16-sha512', 'diffie-hellman-group14-sha256', 'diffie-hellman-group-exchange-sha1', 'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1'] server key:['rsa-sha2-256', 'rsa-sha2-512', 'ssh-rsa'] client encrypt:['aes128-ctr', 'aes128-cbc', 'aes192-ctr', 'aes192-cbc', 'aes256-ctr', 'aes256-cbc', '3des-cbc'] server encrypt:['aes128-ctr', 'aes128-cbc', 'aes192-ctr', 'aes192-cbc', 'aes256-ctr', 'aes256-cbc', '3des-cbc'] client mac:['hmac-sha1', 'hmac-sha1-96', 'hmac-sha2-256', 'hmac-sha2-256-96', 'hmac-sha2-512', 'hmac-sha2-512-96'] server mac:['hmac-sha1', 'hmac-sha1-96', 'hmac-sha2-256', 'hmac-sha2-256-96', 
'hmac-sha2-512', 'hmac-sha2-512-96'] client compress:['none'] server compress:['none'] client lang:['en-US'] server lang:['en-US'] kex follows?False
[2022-02-10T13:26:02.276Z] DEB [20220210-14:26:02.271] thr=1   paramiko.transport: Kex agreed: ecdh-sha2-nistp256
[2022-02-10T13:26:02.278Z] DEB [20220210-14:26:02.272] thr=1   paramiko.transport: HostKey agreed: ssh-rsa
[2022-02-10T13:26:02.279Z] DEB [20220210-14:26:02.273] thr=1   paramiko.transport: Cipher agreed: aes128-ctr
[2022-02-10T13:26:02.281Z] DEB [20220210-14:26:02.274] thr=1   paramiko.transport: MAC agreed: hmac-sha2-256
[2022-02-10T13:26:02.282Z] DEB [20220210-14:26:02.274] thr=1   paramiko.transport: Compression agreed: none
[2022-02-10T13:26:02.416Z] DEB [20220210-14:26:02.415] thr=1   paramiko.transport: kex engine KexNistp256 specified hash_algo <built-in function 
openssl_sha256>
[2022-02-10T13:26:02.455Z] DEB [20220210-14:26:02.454] thr=1   paramiko.transport: Switch to new keys ...
[2022-02-10T13:26:02.459Z] DEB [20220210-14:26:02.458] thr=2   paramiko.transport: Host key verified (ssh-rsa)
[2022-02-10T13:26:02.461Z] DEB [20220210-14:26:02.458] thr=2   paramiko.transport: Attempting public-key auth...
[2022-02-10T13:26:02.501Z] DEB [20220210-14:26:02.500] thr=1   paramiko.transport: userauth is OK
[2022-02-10T13:26:02.562Z] INF [20220210-14:26:02.559] thr=1   paramiko.transport: Authentication (publickey) successful!
[2022-02-10T13:26:02.565Z] DEB [20220210-14:26:02.561] thr=2   paramiko.transport: [chan 0] Max packet in: 32768 bytes
[2022-02-10T13:26:02.610Z] DEB [20220210-14:26:02.609] thr=1   paramiko.transport: [chan 0] Max packet out: 32768 bytes
[2022-02-10T13:26:02.613Z] DEB [20220210-14:26:02.610] thr=1   paramiko.transport: Secsh channel 0 opened.
[2022-02-10T13:26:02.658Z] DEB [20220210-14:26:02.657] thr=1   paramiko.transport: [chan 0] Sesch channel 0 request ok
[2022-02-10T13:26:02.703Z] INF [20220210-14:26:02.702] thr=2   paramiko.transport.sftp: [chan 0] Opened sftp connection (server version 3)
[2022-02-10T13:26:02.704Z] [chan 0] Opened sftp connection (server version 3)
[2022-02-10T13:26:02.706Z] DEB [20220210-14:26:02.702] thr=2   paramiko.transport.sftp: [chan 0] normalize(b'.')
[2022-02-10T13:26:02.746Z] DEB [20220210-14:26:02.745] thr=2   paramiko.transport.sftp: [chan 0] stat(b'/outbound')
[2022-02-10T13:26:02.790Z] DEB [20220210-14:26:02.789] thr=2   paramiko.transport.sftp: [chan 0] normalize(b'/outbound')
[2022-02-10T13:26:02.846Z] DEB [20220210-14:26:02.845] thr=2   paramiko.transport.sftp: [chan 0] listdir(b'/outbound/.')
[2022-02-10T13:26:03.041Z] DEB [20220210-14:26:03.040] thr=2   paramiko.transport.sftp: [chan 0] stat(b'/')
[2022-02-10T13:26:03.090Z] DEB [20220210-14:26:03.089] thr=2   paramiko.transport.sftp: [chan 0] normalize(b'/')
[2022-02-10T13:26:03.135Z] INF [20220210-14:26:03.134] thr=2   paramiko.transport.sftp: [chan 0] sftp session closed.
[2022-02-10T13:26:03.136Z] [chan 0] sftp session closed.
[2022-02-10T13:26:03.139Z] DEB [20220210-14:26:03.135] thr=2   paramiko.transport: [chan 0] EOF sent (0)
[2022-02-10T13:26:03.144Z] DEB [20220210-14:26:03.138] thr=1   paramiko.transport: EOF in transport thread
[2022-02-10T13:26:03.333Z] Executed 'Functions.myfunsftp' (Succeeded, Id=sdfdd-fsddfd-sdsd-34efdb15, Duration=1672ms)

I don't see that detailed logs in Azure though.

Executing 'Functions.myfunsftp' (Reason='This function was programmatically called via the host APIs.', Id=sdfdd-fsddfd-sdsd-34efdb15)
Python HTTP trigger function processed a request.
Uploading file to mysguard sftp server
Result: Failure Exception: AuthenticationException: Authentication failed. Stack: File "/azure-functions-host/workers/python/3.9/LINUX/X64/azure_functions_worker/dispatcher.py", line 402, in _handle__invocation_request call_result = await self._loop.run_in_executor( File "/usr/local/lib/python3.9/myfunrent/futures/thread.py", line 58, in run result = self.fn(*self.args, **self.kwargs) File "/azure-functions-host/workers/python/3.9/LINUX/X64/azure_functions_worker/dispatcher.py", line 611, in _run_sync_func return ExtensionManager.get_sync_invocation_wrapper(context, File "/azure-functions-host/workers/python/3.9/LINUX/X64/azure_functions_worker/extension.py", line 215, in _raw_invocation_wrapper result = function(**args) File "/home/site/wwwroot/myfunsftp/__init__.py", line 139, in main list = mysupload() File "/home/site/wwwroot/myfunsftp/__init__.py", line 46, in mysupload with pysftp.Connection(host=server_name,username=user_name,private_key=key_path, private_key_pass=myskey_pass,cnopts=cnopts,log=1) as sftp: File "/home/site/wwwroot/.python_packages/lib/site-packages/pysftp/__init__.py", line 143, in __init__ self._transport.connect(**self._tconnect) File "/home/site/wwwroot/.python_packages/lib/site-packages/paramiko/transport.py", line 1333, in connect self.auth_publickey(username, pkey) File "/home/site/wwwroot/.python_packages/lib/site-packages/paramiko/transport.py", line 1580, in auth_publickey return self.auth_handler.wait_for_response(my_event) File "/home/site/wwwroot/.python_packages/lib/site-packages/paramiko/auth_handler.py", line 250, in wait_for_response raise e
Executed 'Functions.myfunsftp' (Failed, Id=sdfdd-fsddfd-sdsd-34efdb15, Duration=801ms)
Result: Failure Exception: AuthenticationException: Authentication failed. Stack: File "/azure-functions-host/workers/python/3.9/LINUX/X64/azure_functions_worker/dispatcher.py", line 402, in _handle__invocation_request call_result = await self._loop.run_in_executor( File "/usr/local/lib/python3.9/myfunrent/futures/thread.py", line 58, in run result = self.fn(*self.args, **self.kwargs) File "/azure-functions-host/workers/python/3.9/LINUX/X64/azure_functions_worker/dispatcher.py", line 611, in _run_sync_func return ExtensionManager.get_sync_invocation_wrapper(context, File "/azure-functions-host/workers/python/3.9/LINUX/X64/azure_functions_worker/extension.py", line 215, in _raw_invocation_wrapper result = function(**args) File "/home/site/wwwroot/myfunsftp/__init__.py", line 139, in main list = mysupload() File "/home/site/wwwroot/myfunsftp/__init__.py", line 46, in mysupload with pysftp.Connection(host=server_name,username=user_name,private_key=key_path, private_key_pass=myskey_pass,cnopts=cnopts,log=1) as sftp: File "/home/site/wwwroot/.python_packages/lib/site-packages/pysftp/__init__.py", line 143, in __init__ self._transport.connect(**self._tconnect) File "/home/site/wwwroot/.python_packages/lib/site-packages/paramiko/transport.py", line 1333, in connect self.auth_publickey(username, pkey) File "/home/site/wwwroot/.python_packages/lib/site-packages/paramiko/transport.py", line 1580, in auth_publickey return self.auth_handler.wait_for_response(my_event) File "/home/site/wwwroot/.python_packages/lib/site-packages/paramiko/auth_handler.py", line 250, in wait_for_response raise e

Answer 1

Glad that your issue was resolved on your own. Posting the resolution provided by Vijay to help the other community members who are facing related issues.

From the code the Username is getting an additional space from Keyvault because of that it is showing as Authentication Exception.