With other partners we have had no trouble getting a password to connect with. This is the code we use presently to connect via proxy partner's SFTP server using a password:
import paramiko
proxy_command = '/usr/bin/ssh ' + proxy_address + ' -p 22 /usr/bin/nc ' + host_address + ' ' + str(host_port)
proxy = paramiko.ProxyCommand(proxy_command)
transport = paramiko.transport.Transport(proxy)
transport.connect(username=username, password=password)
sftp = paramiko.sftp_client.SFTPClient.from_transport(transport)
Our newest partner will not share a password with us – the connection should rely solely on keys. How can we modify the above to implement the keys on the proxy and not be reliant on using a password to connect to the host?
If you are asking for to authenticate using a key with the Paramiko low-level Transport class, just use the pkey parameter of the Transport.connect method:
pkey = paramiko.RSAKey.from_private_key_file(filename)
transport.connect(username=username, pkey=pkey)
Though in general, you should use the high-level SSHClient class instead:
ssh = paramiko.SSHClient()
pkey = paramiko.RSAKey.from_private_key_file('id_rsa')
ssh.connect(hostname=host_address, sock=sock, username=username, pkey=key)
sftp = ssh.open_sftp()
Though it turned out, you want to authenticate using a key stored on the proxy/jump server. You cannot use a key stored on the proxy server from a Paramiko code running on a local server. You would have to connect from the proxy server. Or download the key to the local machine. Or just read the key on run time from the server to local memory (what is a form of a download). See also Executing command from remote server into another remote server using Paramiko.