pythonsshsftpparamikopysftp

Negotiation failed while trying to connect to SFTP server using Paramiko, but command line SFTP works properly. Same failure with js ssh2-sftp-client


I am trying to move files into an SFTP server at 8001 port using code and not just GUI and command line tools. FileZilla, sftp CLI in Windows and Linux works just fine. But somehow the Python code or Java Script code I write fails to connect.

paramiko - SSHException: Negotiation failed.

When I looked at the known_hosts file in Windows saving public host key during initial sign in using FileZilla, I see that an ecdsa-sha2-nistp384 key and for host [xxx.xxxxxxx.com]:8001 is being created. There is also an ssh-rsa key for the same host.

I tried various ways to troubleshoot with Stack Overflow added ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())

I do not have access to the SFTP server. They just gave me username, password, host and port.

Should I ask them to whitelist my IP as suggested here?
"Could not authenticate with username and password" when trying to connect with SFTP

Because it's similar to that situation where I am able to connect with FileZilla and all other tools but not with code or script.

But I dont understand the logic behind that (because I am a beginner) since I am using FileZilla from my PC and am totally able to connect.

Paramiko Code ==>

import paramiko
from paramiko import client, sftp_client

host = "xxx.xxxxxx.com"
port = 8001
user = "xxxx"
password = "xxxxxxxx"

class SFTP:
    sftp: sftp_client.SFTPClient
    ssh: client.SSHClient
    host: str
    user: str
    password: str

    def __init__(self, host: str, user: str, password: str):
        self.host = host
        self.user = user
        self.password = password

    def __enter__(self) -> sftp_client.SFTPClient:
        ssh = paramiko.SSHClient()
        ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
        
        ssh.connect(self.host,8001, username=self.user, password=self.password)
        self.ssh = ssh

        sftp = ssh.open_sftp()
        self.sftp = sftp
        return sftp

    def __exit__(self, exc, _, __) -> bool:
        if exc is None:
            self.sftp.close()
            self.ssh.close()
            return True

        raise exc

with SFTP(host, user, password) as sftp:
    print("Connected to SFTP")

Output :

SSHException                              Traceback (most recent call last)
Cell In[5], line 1
----> 1 with SFTP(host, user, password) as sftp:
      2     print("Connected to SFTP")

Cell In[4], line 24, in SFTP.__enter__(self)
     22 ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
     23 # print(ssh.load_host_keys().keys())
---> 24 ssh.connect(self.host,8001, username=self.user, password=self.password)
     25 self.ssh = ssh
     27 sftp = ssh.open_sftp()

File ~\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.10_qbz5n2kfra8p0\LocalCache\local-packages\Python310\site-packages\paramiko\client.py:451, in SSHClient.connect(self, hostname, port, username, password, pkey, key_filename, timeout, allow_agent, look_for_keys, compress, sock, gss_auth, gss_kex, gss_deleg_creds, gss_host, banner_timeout, auth_timeout, channel_timeout, gss_trust_dns, passphrase, disabled_algorithms, transport_factory, auth_strategy)
    448     other_types = [x for x in sec_opts.key_types if x != keytype]
    449     sec_opts.key_types = [keytype] + other_types
--> 451 t.start_client(timeout=timeout)
    453 # If GSS-API Key Exchange is performed we are not required to check the
    454 # host key, because the host is authenticated via GSS-API / SSPI as
    455 # well as our client.
    456 if not self._transport.gss_kex_used:

File ~\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.10_qbz5n2kfra8p0\LocalCache\local-packages\Python310\site-packages\paramiko\transport.py:723, in Transport.start_client(self, event, timeout)
    721     if e is not None:
    722         raise e
...
    725     timeout is not None and time.time() >= max_time
    726 ):
    727     break

SSHException: Negotiation failed.

I tried pysftp code from
Paramiko/pysftp connection fails with "Negotiation failed/invalid DH value", however GUIs and sftp connects

To get same negotiation failed with pysftp.CnOpts log output as

DEB [20230914-09:57:50.277] thr=1   paramiko.transport: starting thread (client mode): 0x10143f70
DEB [20230914-09:57:50.281] thr=1   paramiko.transport: Local version/idstring: SSH-2.0-paramiko_3.3.1
DEB [20230914-09:57:50.290] thr=1   paramiko.transport: Remote version/idstring: SSH-2.0-8.43 FlowSsh: Bitvise SSH Server (WinSSHD) 8.43
INF [20230914-09:57:50.290] thr=1   paramiko.transport: Connected (version 2.0, client 8.43)
INF [20230914-09:57:50.293] thr=1   paramiko.transport: Disconnect (code 11): Client software or version not permitted.

Solution

  • This comes from the server:

    Client software or version not permitted

    We cannot help you with that. You have to ask the server administrator to allow your client (Paramiko).

    You can of course fake different "version string" using Transport.local_version (it defaults to SSH-2.0-paramiko_<version>).