sFTP is still used on a daily basis. Many times the simpler well proven technologies just do the job, just like a hammer. Today’s post will show how to use Python to connect to an sFTP site and securely upload or download your files.


Many times on stackoverflow you tend to get incomplete or partial samples of code that don’t explain step by step what you need to do. And with sFTP every step is critical. The code presented is not production ready; i.e. no Exception blocks but it wouldn’t take much more effort to adapt the code to be production ready. Instead we will concentrate on the important parts and get you downloading files quickly. Let’s go!



Directory Structure

The directory structure will look like the following:


main.py

This is the file we will invoke to start the program. It is rather simple.

The file is using the sys.argv[1:] to allow you to pass in arguments when you are running the program. In an effort to keep focus, we won’t being using arguments, and will just hard code the file names in the main function.

Now let’s go line by line.

This is the FileUpload class we will create later.

The main function, pretty simple isn’t it?

file_list is a list of files we will upload to the sFTP server. Conversely you could have a list of files you wish to download.

Next we check if the file_list has any values in it; in case the list is being passed in via sys.argv.

Next we assign fp to the FileUpload class

Last step is we send the files, by calling the send_files method in the class.

Configuration File

In the configuration directory we have three files.

  1. __init__.py
  2. known_hosts
  3. sftp_config.yaml

We are going to look at the sftp_config.yaml configuration file and the __init__.py file first. We will come back to the known_hosts file later on.


sftp_config.yaml

The configuration file will store the details on how to connect to the sFTP server and what files we want to upload.

The configuration file is in plain text, the values are pretty self-explanatory. We will talk about the KEY_FILENAME and KNOWN_HOSTS later on.

Make sure to specify your details, including HOSTNAME, USERNAME, LOCAL_DIRECTORY, REMOTE_DIRECTORY, etc…


config

The init file will be used to load the .yaml configuration file. It is handy way of being able to store the sFTP configuration parameters without having to change the main parts of the code.

We need three libraries the standard pathlib and sys, Additionally I use python-box to help referencing values in the configuration. Python-box has a dependency on yaml parser. I use ruamel, finding it easier and quicker.

If not already installed, from your command line you can use pip to install them.


File: __init__.py

The function load_config will take a file name as an argument and return the python-box object.

Next we get the path of the file and store it in the path variable.

Now we will open the file, and convert the .yaml file into a Box object to be used by the FileUpload class later on.

And last step, we call the load_config function.


File: file_upload.py

The FileUpload class will be used to connect to the sFTP server and than upload files. Additional methods could be added to download files, I will leave that exercise to you.

I am going to use the paramiko package. Again if not installed, from the command line use pip to install.

Here we will import in standard libraries and the sftp_config file we created earlier.

Here we are defining the class, and setting some variables to hold, the ssh client, sftp client, and known_hosts file_path.

__set_file_paths

Now we will read the contents of the known_hosts file. If the file doesn’t exist, we will raise an Exception.

__connect_client

When we connect to the ssh server, we will need a key. The user private key should be stored locally on your server. The key needs to be in the .pem file format. The private key should be created on the ssh_server or ask the ssh server’s admin to send one to you.

Then copy the .pem file to your local machine via FileZilla or another sftp tool.

We use paramiko function to read the key from the file.

Next we connect to the client and store the client object in self._ssh_client.

Know we need to load a list of known hosts to avoid a connection error.

Lastly we connect to the ssh server.


known_hosts file

One of the more difficult issues I saw with using the paramiko package was many folks were struggling with the error generated when there was not a known hosts file. Often the “solution” proposed by others was to use following line of code.

Using the option will leave you open to man-in-the-middle attacks. The proper way is to use a known_hosts file.

The file is a simple text file, with no file extension. You can have one if you want but… why?

Your known_hosts file should look like the following.

With the “….” replaced with many more characters. You should get the known hosts from the ssh server admin. However you can generate it if you are positive it is secure.


send_files

Here is the method for sending the files.

First call the private method to connect to the ssh_client.

Next we set the sftp client object.

Next we change the directory to the remote directory we set in the configuration file earlier.

Now we have a simple loop, that will read the name of each file in the file_list, and try to upload (PUT) the file to the sFTP server.

An exception will be raised if the local file path is invalid.

And at the end we close the sftp_client and ssh_client.


That’s it. Connecting to an sFTP server.