Issue
I need to automate transferring of a file from one server to a client's SFTP server. I've done this hundreds of time using Python's pysftp package. However, on this occasion, there's a HostkeyAlgorithm that I need to set. I've read through Paramiko's doc since pysftp seems lacking of this option entirely and is built on Paramiko. But I honestly don't know what to do (I don't get to play with networking things often). I've been sending manually through bash with the following:
sftp -o HostkeyAlgorithms=+ssh-dss [email protected]
I've tried the following in Python to no success:
import paramiko
_host='somehostname.com'
_user='thisguy'
_pass='you_get_the_idea'
client = paramiko.SSHClient()
client.set_missing_host_key_policy(paramiko.MissingHostKeyPolicy())
client.connect(_host, 22, _user, _pass)
This returns:
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/local/lib/python2.7/dist-packages/paramiko/client.py", line 424, in connect
passphrase,
File "/usr/local/lib/python2.7/dist-packages/paramiko/client.py", line 714, in _auth
raise saved_exception
paramiko.ssh_exception.AuthenticationException: Authentication failed.
So I guess the question is where/how do I add the -o HostkeyAlgorithms=+ssh-dss when setting up my Paramiko connection?
Solution
Paramiko will use host key algorithm matching a host key that you configure for your session.
You do not specify any host key, instead you blindly accept all host keys (MissingHostKeyPolicy), what is a security flaw. You lose a protection against MITM attacks.
For a correct (and secure) approach, see:
Though, I actually do not understand, why do you want to set "HostkeyAlgorithms", if you do not even verify the host key due to MissingHostKeyPolicy? – The "Authentication failed" error is for sure not related to host key.
Answered By - Martin Prikryl Answer Checked By - Cary Denson (WPSolving Admin)