Verify host key with pysftp
Do not set cnopts.hostkeys = None (as the second most upvoted answer shows), unless you do not care about security. You lose a protection against Man-in-the-middle attacks by doing so.
Use CnOpts.hostkeys (returns HostKeys) to manage trusted host keys.
cnopts = pysftp.CnOpts(knownhosts='known_hosts')with pysftp.Connection(host, username, password, cnopts=cnopts) as sftp:where the known_hosts contains a server public key(s)] in a format like:
example.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQAB...If you do not want to use an external file, you can also use
from base64 import decodebytes# ...keydata = b"""AAAAB3NzaC1yc2EAAAADAQAB..."""key = paramiko.RSAKey(data=decodebytes(keydata))cnopts = pysftp.CnOpts()cnopts.hostkeys.add('example.com', 'ssh-rsa', key)with pysftp.Connection(host, username, password, cnopts=cnopts) as sftp:Though as of pysftp 0.2.9, this approach will issue a warning, what seems like a bug:
"Failed to load HostKeys" warning while connecting to SFTP server with pysftp
An easy way to retrieve the host key in the needed format is using OpenSSH ssh-keyscan:
$ ssh-keyscan example.com# example.com SSH-2.0-OpenSSH_5.3example.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQAB...(due to a bug in pysftp, this does not work, if the server uses non-standard port – the entry starts with [example.com]:port + beware of redirecting ssh-keyscan to a file in PowerShell)
You can also make the application do the same automatically:
Use Paramiko AutoAddPolicy with pysftp
(It will automatically add host keys of new hosts to known_hosts, but for known host keys, it will not accept a changed key)
Though for an absolute security, you should not retrieve the host key remotely, as you cannot be sure, if you are not being attacked already.
See my article Where do I get SSH host key fingerprint to authorize the server?
It's for my WinSCP SFTP client, but most information there is valid in general.
If you need to verify the host key using its fingerprint only, see Python - pysftp / paramiko - Verify host key using its fingerprint.
One option is to disable the host key requirement:
import pysftpcnopts = pysftp.CnOpts()cnopts.hostkeys = None with pysftp.Connection(host, username, password, cnopts=cnopts) as sftp: sftp.put(local_path, remote_path)You can find more info about that here:https://stackoverflow.com/a/38355117/1060738
Important note:
By setting cnopts.hostkeys=None you'll lose the protection against Man-in-the-middle attacks by doing so. Use @martin-prikryl answer to avoid that.
Try to use the 0.2.8 version of pysftp library. $ pip uninstall pysftp && pip install pysftp==0.2.8
And try with this:
try: ftp = pysftp.Connection(host, username=user, password=password) except: print("Couldn't connect to ftp") return FalseWhy this? Basically is a bug with the 0.2.9 of pysftp here all detailshttps://github.com/Yenthe666/auto_backup/issues/47