Paramiko’s SSHClient with SFTP

Each Answer to this Q is separated by one/two green lines.

How I can make SFTP transport through SSHClient on the remote server? I have a local host and two remote hosts. Remote hosts are backup server and web server. I need to find on backup server necessary backup file and put it on web server over SFTP. How can I make Paramiko’s SFTP transport work with Paramiko’s SSHClient?


Sample Usage:

import paramiko

# Open a transport
host,port = "",22
transport = paramiko.Transport((host,port))

# Auth    
username,password = "bar","foo"

# Go!    
sftp = paramiko.SFTPClient.from_transport(transport)

# Download
filepath = "/etc/passwd"
localpath = "/home/remotepasswd"

# Upload
filepath = "/home/foo.jpg"
localpath = "/home/pony.jpg"

# Close
if sftp: sftp.close()
if transport: transport.close()

The accepted answer “works”. But with its use of the low-level Transport class, it bypasses a host key verification, what is a security flaw, as it makes the code susceptible to Man-in-the-middle attacks.

Better is to use the right Paramiko SSH API, the SSHClient, which does verify the host key:

import paramiko

ssh = paramiko.SSHClient()
ssh.connect(host, username="user", password='password')
# or 
# key = paramiko.RSAKey.from_private_key_file('id_rsa')
# ssh.connect(host, username="user", pkey=key)

sftp = ssh.open_sftp()

sftp.get(remotepath, localpath)
# or
sftp.put(localpath, remotepath)

For details about verifying the host key, see:
Paramiko “Unknown Server”

If you have a SSHClient, you can also use open_sftp():

import paramiko

# lets say you have SSH client...
client = paramiko.SSHClient()

sftp = client.open_sftp()

# then you can use upload & download as shown above

In addition to the first answer which is great but depends on username/password, the following shows how to use an ssh key:

from paramiko import Transport, SFTPClient, RSAKey
key = RSAKey(filename="path_to_my_rsakey")
con = Transport('remote_host_name_or_ip', 22)
con.connect(None,username="my_username", pkey=key)
sftp = SFTPClient.from_transport(con)

The answers/resolutions are collected from stackoverflow, are licensed under cc by-sa 2.5 , cc by-sa 3.0 and cc by-sa 4.0 .