Wow I previously searched for such emulation, for sharing files over sftp/ssh. But I had done using ssh keys. Here is the HN Submission http://news.ycombinator.com/item?id=3554318
Um, instead of using Python and the pexpect module, just use /usr/bin/expect by itself. The Expect language is very simple [1] and could cut this script down to less than 10 lines, if all you need to do is automate a couple transfers.
The paramiko module is the "right" way of doing this in Python, and probably only appropriate if you need to integrate SFTP transactions into a larger, longer-running application.
Edit: I might add the use of a password in a command line argument is not advisable because it will get logged everywhere and show up in things like top, etc. Probably better to hardcode it or put it in a 0600 file.
From what I remember, paramiko is pretty straight forward when you're doing keys or password, but you need to hack in a little something if you're trying to connect to a server which insists on both.
pysftp [1] is a great wrapper around paramiko and pycrpyto. Simple to use whether you're using a password, ssh key, or passphrase-protected ssh key. I've never worked with a server that required both a password and a key, but it looks like it could probably handle that as well.
From the code in the link it looks like for basic sftp tasks paramiko is simple enough that you really don't need a wrapper for it, but I'll take the single-page google code README for pysftp over paramiko's docs [2] any day
Pysftp looks cool, though at it's core it's a really simple wrapper. Ive been using paramiko long enough that I probably have the equivalent of it for my environment.
It does provide another arguments for the requests style simple, sensible interface over whatever it is that you need to make the underlying connections work. If paramiko had a high level 1 or 2 line way to retrieve a file, pysftp wouldn't have been someone's itch.
This is immaterial to the "use keys" suggestion. I realize that you mentioned the key+password case, but I can't help but think that the solution to that is simply to go with a key without a password, limit the account on the other end as much as possible and swallow the bitter pill that if they have access to your passwordless private key, they probably have access to far more dangerous things.
In short, this can be solved with proper access restrictions and full key-based authentication, and nothing but bash and scp/sftp.
It could be, if the people running the other server were rational. In this case, it was faster to make it work than to have the meetings required to do a variance to their standards and to argue till I was blue in the tongue and still have them say no.
8 comments
[ 1.2 ms ] story [ 21.6 ms ] threadThe paramiko module is the "right" way of doing this in Python, and probably only appropriate if you need to integrate SFTP transactions into a larger, longer-running application.
Edit: I might add the use of a password in a command line argument is not advisable because it will get logged everywhere and show up in things like top, etc. Probably better to hardcode it or put it in a 0600 file.
[1]: http://en.wikipedia.org/wiki/Expect (In fact, there is a complete example for automating SFTP right in the article).
If you're going to keep credentials in plaintext on disk, at least make them keys and stop dicking about with expect.
From the code in the link it looks like for basic sftp tasks paramiko is simple enough that you really don't need a wrapper for it, but I'll take the single-page google code README for pysftp over paramiko's docs [2] any day
[1] http://code.google.com/p/pysftp/ [2] http://www.lag.net/paramiko/docs/
It does provide another arguments for the requests style simple, sensible interface over whatever it is that you need to make the underlying connections work. If paramiko had a high level 1 or 2 line way to retrieve a file, pysftp wouldn't have been someone's itch.
In short, this can be solved with proper access restrictions and full key-based authentication, and nothing but bash and scp/sftp.