pysftp AuthenticationException while connecting to server with a private key

Question

I am unable to get the python pysftp package to connect, I get this error: paramiko.ssh_exception.AuthenticationException: Authentication failed.

I am trying to connect using pysftp to a server which does connect using filezilla. I have an RSA pkk file. I am using python 3.7 with pysftp 0.2.9. I am running on Windows.

import pysftp
cnopts = pysftp.CnOpts()
cnopts.hostkeys = None
sftp = pysftp.Connection(host='host', username='username', 
     private_key="xxxx.pem",cnopts=cnopts)

I have no passphrase and have double checked the pem file. Is there anyway I can find out why it refuses to authenticate please?

I am also able to connect using sftp without issue: sftp -i xxxx.pem user@host

This is the paramiko debug log:

DEBUG:paramiko.transport:starting thread (client mode): 0x6f5e2f98
DEBUG:paramiko.transport:Local version/idstring: SSH-2.0-paramiko_2.9.2
DEBUG:paramiko.transport:Remote version/idstring: SSH-2.0-FTP Server ready.
INFO:paramiko.transport:Connected (version 2.0, client FTP)
DEBUG:paramiko.transport:=== Key exchange possibilities ===
DEBUG:paramiko.transport:kex algos: ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1, rsa1024-sha1
DEBUG:paramiko.transport:server key: ssh-rsa
DEBUG:paramiko.transport:client encrypt: aes256-ctr, aes192-ctr, aes128-ctr, aes256-cbc, aes192-cbc, aes128-cbc, blowfish-ctr, blowfish-cbc, cast128-cbc, arcfour256, arcfour128, 3des-ctr, 3des-cbc
DEBUG:paramiko.transport:server encrypt: aes256-ctr, aes192-ctr, aes128-ctr, aes256-cbc, aes192-cbc, aes128-cbc, blowfish-ctr, blowfish-cbc, cast128-cbc, arcfour256, arcfour128, 3des-ctr, 3des-cbc
DEBUG:paramiko.transport:client mac: hmac-sha2-256, hmac-sha2-512, hmac-sha1, hmac-sha1-96, hmac-md5, hmac-md5-96, hmac-ripemd160, umac-64@openssh.com
DEBUG:paramiko.transport:server mac: hmac-sha2-256, hmac-sha2-512, hmac-sha1, hmac-sha1-96, hmac-md5, hmac-md5-96, hmac-ripemd160, umac-64@openssh.com
DEBUG:paramiko.transport:client compress: zlib@openssh.com, zlib, none
DEBUG:paramiko.transport:server compress: zlib@openssh.com, zlib, none
DEBUG:paramiko.transport:client lang: <none>
DEBUG:paramiko.transport:server lang: <none>
DEBUG:paramiko.transport:kex follows: False
DEBUG:paramiko.transport:=== Key exchange agreements ===
DEBUG:paramiko.transport:Kex: ecdh-sha2-nistp256
DEBUG:paramiko.transport:HostKey: ssh-rsa
DEBUG:paramiko.transport:Cipher: aes128-ctr
DEBUG:paramiko.transport:MAC: hmac-sha2-256
DEBUG:paramiko.transport:Compression: none
DEBUG:paramiko.transport:=== End of kex handshake ===
DEBUG:paramiko.transport:kex engine KexNistp256 specified hash_algo <built-in function openssl_sha256>
DEBUG:paramiko.transport:Switch to new keys ...
DEBUG:paramiko.transport:Attempting public-key auth...
DEBUG:paramiko.transport:userauth is OK
DEBUG:paramiko.transport:Finalizing pubkey algorithm for key of type 'ssh-rsa'
DEBUG:paramiko.transport:Our pubkey algorithm list: ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-rsa']
DEBUG:paramiko.transport:Server did not send a server-sig-algs list; defaulting to our first preferred algo ('rsa-sha2-512')
DEBUG:paramiko.transport:NOTE: you may use the 'disabled_algorithms' SSHClient/Transport init kwarg to disable that or other algorithms if your server does not support them!
INFO:paramiko.transport:Auth banner: b'This system is solely for the use of authorized users for business purposes.\r\nIndividuals using this system are subject to having all of their activities\r\nmonitored and recorded by system personnel. Unauthorized access or use\r\nshall be subject to prosecution.\r\n\r\n'
INFO:paramiko.transport:Authentication (publickey) failed.
Traceback (most recent call last):
  File "<stdin>", line 3, in <module>
  File "C:\Users\andrewhostname\AppData\Local\Programs\Python\Python37\lib\site-packages\pysftp\__init__.py", line 143, in __init__
    self._transport.connect(**self._tconnect)
  File "C:\Users\andrewhostname\AppData\Local\Programs\Python\Python37\lib\site-packages\paramiko\transport.py", line 1387, in connect
    self.auth_publickey(username, pkey)
  File "C:\Users\andrewhostname\AppData\Local\Programs\Python\Python37\lib\site-packages\paramiko\transport.py", line 1634, in auth_publickey
    return self.auth_handler.wait_for_response(my_event)
  File "C:\Users\andrewhostname\AppData\Local\Programs\Python\Python37\lib\site-packages\paramiko\auth_handler.py", line 258, in wait_for_response
    raise e
paramiko.ssh_exception.AuthenticationException: Authentication failed.

See [Pysftp fails with "Authentication failed" and "Server did not send a server-sig-algs list; defaulting to our first preferred algo ('rsa-sha2-512')"](https://stackoverflow.com/q/70812056/850848). — Martin Prikryl, Feb 10 '22 at 14:19

pysftp AuthenticationException while connecting to server with a private key

0 Answers0