Problem:
When using pysftp to establish an SFTP connection, an error is encountered due to a missing host key in the known_hosts file. The terminal program Putty stores host keys in the Windows Registry, which differs from pysftp's expected location.
Resolution:
pysftp's handling of host keys has known limitations. Consider transitioning to Paramiko directly, as it offers greater flexibility in host key management.
For pysftp users, avoid setting cnopts.hostkeys = None, as it compromises security by disabling host key verification.
Use CnOpts.hostkeys to manage trusted host keys. Specify a known_hosts file that contains the server's public key or add keys manually using CnOpts.
An alternative is to use SSH's ssh-keyscan tool to retrieve the host key and add it to the known_hosts file. While convenient, this approach has limitations, such as not working for non-standard server ports.
For enhanced security, obtain the host key from a trusted source, such as the server administrator, to prevent attackers from intercepting the key and impersonating the server.
If fingerprint-based host key verification is desired, refer to the documentation for implementing such verification with pysftp or Paramiko.
The above is the detailed content of How to Safely Verify Host Keys When Using pysftp?. For more information, please follow other related articles on the PHP Chinese website!