pysftp 0.2.9 breaks builds

Issue #97 closed
Maximilian Hils
created an issue

It looks like the pysftp 0.2.9 patch release fails when creating a connection:

  File ".\release\rtool.py", line 300, in upload_snapshot
    private_key_pass=private_key_password) as sftp:
  File "C:\projects\mitmproxy\venv\lib\site-packages\pysftp\__init__.py", line 132, in __init__
    self._tconnect['hostkey'] = self._cnopts.get_hostkey(host)
  File "C:\projects\mitmproxy\venv\lib\site-packages\pysftp\__init__.py", line 71, in get_hostkey
    raise SSHException("No hostkey for host %s found." % host)
paramiko.ssh_exception.SSHException: No hostkey for host snapshots.mitmproxy.org found.
Exception AttributeError: "'Connection' object has no attribute '_sftp_live'" in <bound method Connection.__del__ of <pysftp.Connection object at 0x03463FD0>> ignored

The corresponding code snippet is just this:

    with pysftp.Connection(host=host,
                           port=port,
                           username=user,
                           private_key=private_key,
                           private_key_pass=private_key_password) as sftp:

https://github.com/mitmproxy/mitmproxy/blob/38fd1d3ad77a08b7299b3c0319c522bc6b78f09e/release/rtool.py#L296

Comments (9)

  1. Jeff Hinrichs

    Hello, The important bit, "paramiko.ssh_exception.SSHException: No hostkey for host snapshots.mitmproxy.org found." Host key checking is enabled by default in 0.2.9, it was a bug that it wasn't enabled prior. Without it your are susceptible to man-in-the-middle attacks.

    http://pysftp.readthedocs.io/en/release_0.2.9/cookbook.html#pysftp-cnopts

    If you wish to disable host key checking (Not Recommended):

    import pysftp
    cnopts = pysftp.CnOpts()
    cnopts.hostkeys = None    # disable host key checking.
    with pysftp.Connection('host', username='me',private_key=private_key,
                               private_key_pass=private_key_password,
                               cnopts=cnopts) as sftp
        # do stuff here
    

    But actually the better thing to do is add the hostkey for your host to your known_hosts file.

    ssh snapshots.mitmproxy.org
    

    The when prompted,, verify and accept the host key.
    After that, when you run your code it will run just fine.

  2. Maximilian Hils reporter

    Thanks for the quick reply! It does not really matter much for us as this is our CI server and we require client auth on the snapshot machine, but surely this is a good decision for the project in general.

  3. Michael Connors

    But where does pysftp expect to find the hostkey? It is certainly not looking at my known hosts file at ~/.ssh/known_hosts I removed all my host keys and recreated by using my sftp client. The host keys were created, the sftp client no longer prompts me, but pysftp does.

    This should be reopened.

  4. Jeff Hinrichs repo owner

    by default: ~/.ssh/known_hosts
    see http://pysftp.readthedocs.io/en/release_0.2.9/cookbook.html#pysftp-cnopts

    Are you running your calling program as a cron job? If so ~ does not mean the same thing as when you are logged in.

    try this from an interactive python session:

    import pysftp
    sftp = pysftp.Connection('hostname', username='me', password='secret')
    #
    # ... do sftp operations
    #
    sftp.close()   
    

    substituting your username and password and host. Please report back any issue. But do so under a new issue. Thanks

  5. Owen Pearson

    I am getting this when using the exact same code as Jeff posted above.

    Can anyone help?

    Warning (from warnings module):
      File "C:\Users\Owen\AppData\Local\Programs\Python\Python35-32\lib\site-packages\pysftp\__init__.py", line 61
        warnings.warn(wmsg, UserWarning)
    UserWarning: Failed to load HostKeys from C:\Users\Owen\.ssh\known_hosts.  You will need to explicitly load HostKeys (cnopts.hostkeys.load(filename)) or disableHostKey checking (cnopts.hostkeys = None).
    Traceback (most recent call last):
      File "C:/Users/Owen/Desktop/Owen/Electronics/Code/Python Web Programming PySFTP3.py", line 2, in <module>
        sftp = pysftp.Connection('178.62.60.184', username='host', password='*****')
      File "C:\Users\Owen\AppData\Local\Programs\Python\Python35-32\lib\site-packages\pysftp\__init__.py", line 132, in __init__
        self._tconnect['hostkey'] = self._cnopts.get_hostkey(host)
      File "C:\Users\Owen\AppData\Local\Programs\Python\Python35-32\lib\site-packages\pysftp\__init__.py", line 71, in get_hostkey
        raise SSHException("No hostkey for host %s found." % host)
    paramiko.ssh_exception.SSHException: No hostkey for host 178.62.60.184 found.
    
  6. Michael Sexton

    Try a once-off manual ssh to this machine with PuTTY with the credentials you use in your python program e.g. ssh host@178.62.60.184. In this way your local machine's hosts file is updated.

    For me I experienced the same issue but I was using linux. I successfully did a 'ssh xxx@a.b.c.d' from a linux prompt, exited back to where I started from and then successfully ran my python script.

    -M

  7. Michael Connors

    No, I am using it interactively and I get the same failure from the python command line. The previous version works fine for me.

    If I get a chance I will trace through it and see where the issue is and then I will open a new ticket.

  8. stlee987

    I'm using pysftp and Python 3.6.0. Even though I have an except pysftp.SSHException, the AttributeError text still appears when there is no hostkey for host. I just want to display the one line error: No hostkey for host {0} found.

        try:
            with pysftp.Connection(myhost, username='user', password='secret') as sftp:
                sftp.put('myfile')
        except pysftp.SSHException as err:
            print('Error: {0}'.format(err))
    

    On a related not, I also tried to disable host key checking with pysftp.CnOpts().hostkeys = None, but that did not work.

  9. Log in to comment