Use Paramiko AutoAddPolicy with pysftp

python ssh paramiko pysftp
guettli picture guettli · Dec 7, 2018 · Viewed 7.8k times · Source

This code is not working:

def sftp_connection(self):
    import pysftp
    connection = pysftp.Connection(self.host, username=self.system_name,
                  private_key=os.path.join(HOME, '.ssh', 'id_rsa'))

    # in the next lines I try to use AutoAddPolicy
    client = connection.sftp_client()
    client.load_host_keys(os.path.expanduser('~/.ssh/known_hosts'))
    client.set_missing_host_key_policy(paramiko.client.AutoAddPolicy)
    return connection

This is the exception:

Traceback (most recent call last):
  File "/home/u/src/myapp-glo/myapp_doxis_archiv/tests/test_doxis_archiv.py", line 85, in test_beleg_to_archiv__ftpservercontext
    info_dict = beleg_to_archiv(beleg, self.archiv_belegart)
  File "/home/u/src/myapp-glo/myapp_doxis_archiv/beleg_to_archiv.py", line 28, in beleg_to_archiv
    transfer_log=send_data_via_ftp(temp_directory, archiv_belegart.doxis_archiv)
  File "/home/u/src/myapp-glo/myapp_doxis_archiv/beleg_to_archiv.py", line 71, in send_data_via_ftp
    with doxis_archiv.sftp_connection() as sftp:
  File "/home/u/src/myapp-glo/myapp_doxis_archiv/models.py", line 43, in sftp_connection
    private_key=os.path.join(HOME, '.ssh', 'id_rsa'))
  File "/home/u/local/lib/python2.7/site-packages/pysftp/__init__.py", line 132, in __init__
    self._tconnect['hostkey'] = self._cnopts.get_hostkey(host)
  File "/home/u/local/lib/python2.7/site-packages/pysftp/__init__.py", line 71, in get_hostkey
    raise SSHException("No hostkey for host %s found." % host)
SSHException: No hostkey for host localhost found.

I get the exception before I try to set the host_key_policy.

I could not find a different way to access the client instance via pysftp.

Is there a way to set AutoAddPolicy before I get the exception?

There is a related question. My question is about how to apply one of the several solutions which are provided in the old question.

Answer

Martin Prikryl picture Martin Prikryl · Dec 7, 2018

pysftp does not use Paramiko SSHClient class at all, it uses more low-level Transport class. So it does not have the MissingHostKeyPolicy functionality of SSHClient.

You would have to implement it on your own.

One possible implementation can be:

host = 'example.com'

# Loads .ssh/known_hosts    
cnopts = CnOpts()

hostkeys = None

if cnopts.hostkeys.lookup(host) == None:
    print("New host - will accept any host key")
    # Backup loaded .ssh/known_hosts file
    hostkeys = cnopts.hostkeys
    # And do not verify host key of the new host
    cnopts.hostkeys = None

with Connection(host, username=user, private_key=pkey, cnopts=cnopts) as sftp:
    if hostkeys != None:
        print("Connected to new host, caching its hostkey")
        hostkeys.add(host, sftp.remote_server_key.get_name(), sftp.remote_server_key)
        hostkeys.save(pysftp.helpers.known_hosts())

Related questions

pysftp AuthenticationException while connecting to server with private key

I am trying to connect to SFTP server. I have a private key along with a password. I have tried to read related questions on SO, but have been unable to successfully connect. This is what I have tried: pysftp.…

Read More
Python - pysftp / paramiko - Verify host key using its fingerprint

This code throws an exception. How can I verify an SSH fingerprint without storing it in a file? I believe the code below is designed for a public key. But the client with the SFTP server validated the fingerprint and …

Read More
pysftp -- paramiko SSHException, Bad host key from server

I'm trying to connect to a remote host via pysftp: try: with pysftp.Connection(inventory[0], username='transit', private_key='~/.ssh/id_rsa.sftp', port=8055) as sftp: sftp.put('/home/me/test.file') except Exception, err: print sys.exc_…

Read More