仅使用服务器指纹即可使用pysftp和Python 3连接到SFTP服务器 [英] Connecting to an SFTP server using pysftp and Python 3 with just the server fingerprint

问题描述

我处于一种奇怪的情况下，我需要第一次连接到SFTP服务器，但似乎找不到找到访问该服务器已知主机条目的方法.我可以连接我说:

I'm in kind of a bizarre situation where I need to connect to an SFTP server for the first time but I can't seem to find a way to get access to the known host entry for the server.I can connect fine if I say:

import pysftp
cnopts = pysftp.CnOpts()
cnopts.hostkeys = None
with pysftp.Connection('host', username='me', password='pass', cnopts=cnopts):

但显然，这会让您在中间攻击时对男人敞开怀抱.所以我尝试连接:

But apparently that leaves you open to man in the middle attacks. So I attempt to connect with:

cnopts = pysftp.CnOpts(knownhosts='config/known_host')
cnopts.hostkeys = None

with pysftp.Connection(host, username=username, password=password, cnopts=cnopts) as sftp:

我得到各种错误消息.最新的是:

And I get all manner of error messages. The most recent one is:

paramiko.hostkeys.InvalidHostKey

paramiko.hostkeys.InvalidHostKey

问题是我没有主机密钥，因为我是第一次连接.我试图从其他连接中获取密钥.我使用WinSCP，但是它将密钥存储在注册表文件中，并且格式与known_host不同.我试图使用ssh-keyscan用PuTTY来获取它，但是服务器甚至不允许我启动终端会话.我们不是盒子的主人，托管服务提供商不太可能提供我们所需的东西.

The problem is I have no host key because I'm connecting for the first time. I tried to get the key from other connections. I use WinSCP but it stores the key in a registry file and the format is different than known_host. I tried to get it with PuTTY using ssh-keyscan but the server won't even let me start a terminal session. We don't own the box and the hosting provider is unlikely to give us what we need.

我不走运吗?我应该继续绕过按键检查吗?

Am I out of luck? Should I just go ahead and bypass checking the keys?

推荐答案

可以在

Solution can be found at Python - pysftp / paramiko - Verify host key using its fingerprint but I had to alter it a bit to use Python 3.

import hashlib as hl


def trim_fingerprint(fingerprint):
    #if fingerprint.startswith('ecdsa-sha2-nistp384 384 '):
        #return fingerprint[len('ecdsa-sha2-nistp384 384 '):]
    return fingerprint


def clean_fingerprint(fingerprint):
    #return trim_fingerprint(fingerprint).replace(':', '')
    return trim_fingerprint(fingerprint)

class FingerprintKey:

    def __init__(self, fingerprint):
        self.fingerprint = clean_fingerprint(fingerprint)

    def compare(self, other):
        if callable(getattr(other, "get_fingerprint", None)):
            return other.get_fingerprint() == self.fingerprint
        elif clean_fingerprint(other) == self.get_fingerprint():
            return True
        #elif hl.md5(other).digest().encode('hex') == self.fingerprint:
        #The line below is required for Python 3.  Above is Python 2.
        elif hl.md5(other).hexdigest() == self.fingerprint:
            return True
        else:
            return False

    def __cmp__(self, other):
        return self.compare(other)

    def __contains__(self, other):
        return self.compare(other)

    def __eq__(self, other):
        return self.compare(other)

    def __ne__(self, other):
        return not self.compare(other)

    def get_fingerprint(self):
        return self.fingerprint

    def get_name(self):
        return u'ecdsa-sha2-nistp384'

    def asbytes(self):
         # Note: This returns itself.
         #   That way when comparisons are done to asbytes return value,
         #   this class can handle the comparison.
        return self

我不得不从指纹中手动删除任何:"，因为它从未允许脚本执行此操作.

I had to manually remove any ":" from the fingerprint because it just never worked allowing the script to do it.

用法:

options = pysftp.CnOpts()
options.hostkeys.clear()
options.hostkeys.add('www.sample.com', u'ecdsa-sha2-nistp384 384 ', AuthOnFingerPrint.FingerprintKey(serverkey))

其中的serverkey是指纹.

Where serverkey is the finger print.

这篇关于仅使用服务器指纹即可使用pysftp和Python 3连接到SFTP服务器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！