Python Scripts for Downloading files via SFTP (opens in new tab)

(engineering.monetate.com)

34 pointsphillytom14y ago8 comments

8 comments

6 comments · 3 top-level

sneak14y ago· 3 in thread

Just use key-based auth, for fuck's sake.

If you're going to keep credentials in plaintext on disk, at least make them keys and stop dicking about with expect.

From what I remember, paramiko is pretty straight forward when you're doing keys or password, but you need to hack in a little something if you're trying to connect to a server which insists on both.

dcosson14y ago

pysftp [1] is a great wrapper around paramiko and pycrpyto. Simple to use whether you're using a password, ssh key, or passphrase-protected ssh key. I've never worked with a server that required both a password and a key, but it looks like it could probably handle that as well.

From the code in the link it looks like for basic sftp tasks paramiko is simple enough that you really don't need a wrapper for it, but I'll take the single-page google code README for pysftp over paramiko's docs [2] any day

[1] http://code.google.com/p/pysftp/ [2] http://www.lag.net/paramiko/docs/

1 more reply

DHowett14y ago

This is immaterial to the "use keys" suggestion. I realize that you mentioned the key+password case, but I can't help but think that the solution to that is simply to go with a key without a password, limit the account on the other end as much as possible and swallow the bitter pill that if they have access to your passwordless private key, they probably have access to far more dangerous things.

In short, this can be solved with proper access restrictions and full key-based authentication, and nothing but bash and scp/sftp.

1 more reply

pak14y ago

Um, instead of using Python and the pexpect module, just use /usr/bin/expect by itself. The Expect language is very simple [1] and could cut this script down to less than 10 lines, if all you need to do is automate a couple transfers.

The paramiko module is the "right" way of doing this in Python, and probably only appropriate if you need to integrate SFTP transactions into a larger, longer-running application.

Edit: I might add the use of a password in a command line argument is not advisable because it will get logged everywhere and show up in things like top, etc. Probably better to hardcode it or put it in a 0600 file.

[1]: http://en.wikipedia.org/wiki/Expect (In fact, there is a complete example for automating SFTP right in the article).

sravfeyn14y ago

Wow I previously searched for such emulation, for sharing files over sftp/ssh. But I had done using ssh keys. Here is the HN Submission http://news.ycombinator.com/item?id=3554318

j / k navigate · click thread line to collapse

8 comments

6 comments · 3 top-level

sneak14y ago· 3 in thread

Just use key-based auth, for fuck's sake.

If you're going to keep credentials in plaintext on disk, at least make them keys and stop dicking about with expect.

wiredfool14y ago

From what I remember, paramiko is pretty straight forward when you're doing keys or password, but you need to hack in a little something if you're trying to connect to a server which insists on both.

dcosson14y ago

[1] http://code.google.com/p/pysftp/ [2] http://www.lag.net/paramiko/docs/

1 more reply

DHowett14y ago

In short, this can be solved with proper access restrictions and full key-based authentication, and nothing but bash and scp/sftp.

1 more reply

pak14y ago

The paramiko module is the "right" way of doing this in Python, and probably only appropriate if you need to integrate SFTP transactions into a larger, longer-running application.

[1]: http://en.wikipedia.org/wiki/Expect (In fact, there is a complete example for automating SFTP right in the article).

sravfeyn14y ago

Wow I previously searched for such emulation, for sharing files over sftp/ssh. But I had done using ssh keys. Here is the HN Submission http://news.ycombinator.com/item?id=3554318

j / k navigate · click thread line to collapse