stackoom
  简体   繁体   中英

How to set up a hostkey file using ssh-ed25519 as a key for pysftp

 原文  2020-01-30 02:09:31       python/ ssh/ sftp/ ssh-keys/ pysftp

Question

I am trying connect to a SFTP site in my Python script using pysftp .

Since I don't have the hostkey file, I've created one as suggested here , "hostkey", and I'm trying to load this file, but pysftp doesn't connect to the sftp site.

The python code is very simple: 

cnopts = pysftp.CnOpts()
cnopts.hostkeys.load(pathToTheFile)
with pysftp.Connection(host, username=username, private_key=pathToPKey, cnopts=cnopts) as sftp:
    #do things

I first tried adding the following in the hostkey file:

host.com ssh-ed25519 256 AZFsh0........Qy0=

But this results in InvalidHostKey error with the Incorrect padding error. I'm guessing it doesn't require 256 for the key. So, I've removed 256.

When I try without 256:

host.com ssh-ed25519 256 AZFsh0........Qy0=

Then it recognizes the key, but the 'utf-8' codec can't decode byte 0x90 in position 11: invalid start byte error shows up.

So, instead of loading the hostkey file, I've tried adding a hostkey with the following codes as suggested in here :

keydata = b"""AZFsh0........Qy0="""
key1 = paramiko.ed25519key.Ed25519Key(data=keydata)
key2 = paramiko.ed25519key.Ed25519Key(data=base64.b64decode(keydata))
key3 = paramiko.ed25519key.Ed25519Key(data=base64.b64decode(keydata).hex())
key4 = paramiko.ed25519key.Ed25519Key(data=decodebytes(keydata))
key5 = paramiko.ed25519key.Ed25519Key(data=decodebytes(keydata).hex())
cnopts.hostkeys.add("host.com", "ssh-ed25519", key1)

I tried with all the above keys but I still get errors like Incorrect padding ,

I see that someone mentioned that this may be a bug but the post is from 2018. Does anyone know if this is not feasible or I'm missing something?

EDIT (This worked)

The solution posted in Connection to an SFTP server using pysftp and Python 3 with just the server fingerprint , which was linked in the link in Martin Prikryl 's response worked.

This what I used (I've cleaned up some to remove unused functions).

import hashlib as hl

#Removed trim_fingerprint() and clean_fingerprint() because it wasn't necessary in my case
class FingerprintKey:
    def __init__(self, fingerprint):
        self.fingerprint = fingerprint
    def compare(self, other):
        if callable(getattr(other, "get_fingerprint", None)):
            return other.get_fingerprint() == self.fingerprint
        elif other == self.get_fingerprint():
            return True
        elif hl.md5(other).hexdigest() == self.fingerprint:
            return True
        else:
            return False
    def __cmp__(self, other):
        return self.compare(other)
    def __contains__(self, other):
        return self.compare(other)
    def __eq__(self, other):
        return self.compare(other)
    def __ne__(self, other):
        return not self.compare(other)
    def get_fingerprint(self):
        return self.fingerprint
    def get_name(self):
        return u'ssh-ed25519' # Including "256" errors out. 
    def asbytes(self):
        return self

And it was used in this way:

cnopts = pysftp.CnOpts()
cnopts.hostkeys.add('host.com', u'ssh-ed25519 256', FingerprintKey("e2d1............c957")) # Removed ":" from the MD5 value

The main thing I struggled was that I wasn't sure what value should be plugged in for the cnopts.hostkeys.add , etc, so I'll put those details in case there are people who are new to this.

In my case, I used WinSCP to get the host key fingerprint.

  1. Open WinSCP
  2. Enter Host name, User name, and specified the path to the private key to connect
  3. Click Session
  4. Click Server/Protocol Information
  5. Use the value in Algorithm for the second parameter ( keytype ) of cnopts.hostkeys.add
  6. Use the value in MD5 for the third parameter ( key ) of cnopts.hostkeys.add . The actual value is with colons (eg e2:d1:......c9:57), but as the author of Connection to an SFTP server using pysftp and Python 3 with just the server fingerprint mentioned, I had to manually remove the colons as well.

1 answers

solution1
 0 ACCPTED  2020-01-30 07:55:58

What goes to the "host key file" is a full host/public key, not only fingerprint.

For details, see (again):
Verify host key with pysftp

If you want to verify the host key using it's fingerprint only, see:
Python - pysftp / paramiko - Verify host key using its fingerprint
(though that' linked in the first answer already anyway).

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question "No hostkey for host ***** found" when connecting to SFTP server with pysftp using private key How to implement ed25519 algorithm into jwt using python? Decrypting Ed25519 private keys using python libraries without ssh-keygen -p How to use ssh-keygen ed25519 keys for encryption in Python? Connect to SFTP with key file using Python pysftp Load openssl Ed25519 private key in PEM format into Python ed25519.SigningKey pysftp ignoring disabled hostkey checking Sign a text with pynacl (Ed25519) importing a private key "No hostkey for ... found" in pysftp code even though cnopts.hostkeys is set to None Sign and verify using ed25519 in near protocol
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM