SSH, SFTP, public key authentication and python. SFTP is a simple and fairly reliable way to share the information within the organization. Let’s look at the situation when you need to pick up some files from a remote host with authorization by public key. And after that, let’s see how to use it with in python.

Moreover, let’s see how to work with SSH using python and execute any commands on the remote host. For example. if we need it to collect versions of installed packages and a version Linux distribution for further vulnerability analysis (see “Vulnerability Assessment without Vulnerability Scanner“). 😉

Generating public key:

cd ~
mkdir .ssh
chmod 700 .ssh

$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/vmuser/.ssh/id_rsa): [PRESS ENTER]
Enter passphrase (empty for no passphrase): [INPUT p@$phr4se PRESS ENTER]
Enter same passphrase again: [INPUT p@$phr4se PRESS ENTER]
Your identification has been saved in /home/vmuser/.ssh/id_rsa.
Your public key has been saved in /home/vmuser/.ssh/
The key fingerprint is:
52:14:a4:33:71:0a:b9:46:25:73:a0:96:94:b3:3b:03 vmuser@localhost.localdomain
The key's randomart image is:
+--[ RSA 2048]----+
|  ..=++.=.       |
| .ooo= *         |
|  ++ .= .        |
|E.. o  +         |
| . o  . S        |
|  +    .         |
|   o             |
|                 |
|                 |

Here is the public key, which we send to the server owner, who will add it to the list of known keys:

$ ls /home/vmuser/.ssh/
id_rsa known_hosts

Once he does this, we can go to that host by SSH:

[vmuser@localhost pycharm-community-2017.1.3]$ ssh
Enter passphrase for key '/home/vmuser/.ssh/id_rsa':
Last login: Mon Sep 3 10:50:10 2017 from

And how download the files on the host from the python script? You will need to install pysftp:

# sudo pip install pysftp

To connect and download files from the ‘data/’ directory on the remote server to the local directory ‘data/’ we need to do something like this:

import pysftp
sftp = pysftp.Connection(host = '', private_key = '/home/vmuser/.ssh/id_rsa', private_key_pass = 'p@$phr4se')
for file in sftp.listdir("data"):
    sftp.get(remotepath = "data/" + file, localpath="data/" + file )

Ok, we dealt with the downloading. Now let’s see how to execute commands with SSH in python using paramiko module. When we installed pysftp we also installed paramiko by dependencies. We can use authentication by keys and by password (commented):

#!/usr/bin/env python

import paramiko

command = 'cat /etc/centos-release; rpm -qa'

    client = paramiko.SSHClient()

    client.connect(hostname = '', key_filename='/home/vmuser/.ssh/id_rsa',
                    password = 'p@$phr4se')

    #client.connect(hostname = '', username="vmuser", password="1")

    stdin, stdout, stderr = client.exec_command(command)
And having a list of packages we can check them for vulnerabilities using your own scanner or Vulners API.

The output will be like this:

CentOS Linux release 7.3.1611 (Core) 

And having a list of packages we can check them for vulnerabilities using your own scripts or Vulners Audit API.

