0

I am new to pysftp I am trying to do the following task

  1. Connect to ftp server and download the files
  2. Generate md5 checksum on files and making sure they are not tampered with

Can someone help me with this script?

I tried connecting to the server but I am unsure how to go about downloading the files and generating a checksum for the files on the downloaded files using python.

As of now I have connected to the server with the below code: *

import pysftp
cnopts = pysftp.CnOpts()
cnopts.hostkeys = None   
myHostname = "abc.org"
myUsername = "username"
myPassword = "password"

with pysftp.Connection(host=myHostname, username=myUsername, password=myPassword, cnopts=cnopts) as sftp:
    print ("Connection succesfully stablished ... ")
    directory_structure = sftp.listdir_attr()
    for attr in directory_structure:
        print (attr.filename, attr)

**

stack overflow
  • 7
  • 2
  • 1
    2 security considerations : 1 - `pysftp` has been updated for the last time in 2016 and seems to be unmaintained. It's a bit risky to use a client that has'nt received security fixes for so long. I would recommend another lib for example [paramiko](https://docs.paramiko.org/en/stable/api/sftp.html). 2 - md5 is now considered outdated and unsecure. It's recommended to use another hash crypto function such as SHA2. – 0x0fba Nov 07 '22 at 19:48
  • Oh okok thank you for the headsup is there a way you could help me with script using paramiko. It would be really helpful. – stack overflow Nov 07 '22 at 20:14
  • paramiko (as well as pysftp) has a good documentation, you can find the sftp chapter [here](https://docs.paramiko.org/en/stable/api/sftp.html). Usage is quite similar. – 0x0fba Nov 07 '22 at 20:23

1 Answers1

0

The psftp get() method is documented here.

The python hashlib module is documented here. It provides many hash algorithms including MD5 and SHA256.

Example :

import hashlib

content = "header\foobar\nfooter\n"  # your file content as a string
h = hashlib.sha256(content.encode())

tampered_content = "header\foobar2\nfooter\n"  # your file content (modified) as a string
h2 = hashlib.sha256(tampered_content.encode())

h.digest() == h2.digest()  # False

print(h.hexdigest())  # an hexadecimal human-readable string to provide on the server

# 17f1212df75eac78cd7c01c19ea44823add3f778ebe39b22cb5d7415c94c8395
0x0fba
  • 1,520
  • 1
  • 1
  • 11