Search code examples
pythoncommand-linesubprocesssftpwinscp

Passing hostkey with spaces to WinSCP via Python subprocess.Popen

As part of a larger task I want to move some files, work on them and return the new files to the sftp server. Due to restrictions laid upon me I am only able to use Python 3.4, which excludes me from any nice and fancy modules like Paramiko and pysftp.

Connection to the server fails, according to the stdout pipe the hostkey is incorrect. The returned "incorrect" key is not identical to the one that was passed to the function. It has an additional, leading backslash and is cut short. The originally passed key is "ssh-XXXXXXX 256 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX". The "incorrect" key is "\ssh-XXXXXXX". The presumption is, that subprocess.Popen mangles the string in a way.

  • hostkey, passphrase, and privatekey are all necessary
  • the hostkey has been generated directly by the server and matches the fingerprint returned by the stdout pipe
  • the connection works when done in a windows shell, but implementation in python is desired.
  • the connection works when accepting any given Key through usage of *, but that would obviously be insecure, therefore not viable.

Code is as follows:

array_to_be_joined = ['path/WinSCP.com',
    '/ini=nul',
    '/command',
    'open sftp://sessionURL/ -hostkey="{}" -passphrase={} -privatekey=path/privatekey.ppk'.format(hostkey,passphrase),
    'echo helloWorld']

process = subprocess.Popen(
    array_to_be_joined,
    stdin=subprocess.PIPE,stdout=subprocess.PIPE, stderr=subprocess.PIPE)

Things I have tried:

  • wrote the parameters in the subprocess.Popen function

  • wrote the parameters into a list and passed the list to the function

  • passed the hostkey in a variable through string.format

  • passed the hostkey in plaintext

  • tried the hostkey in:

    • single quotes
    • single quotes escaped with \
    • single quotes escaped with `
    • two single quotes
    • two single quotes escaped with \
    • two single quotes escaped with `
    • double quotes
    • double quotes escaped with \
    • double quotes escaped with `
    • two double quotes
    • two double quotes escaped with \
    • two double quotes escaped with `
    • without quotes

Screenshot of the Output

I have attached a picture of the output, please excuse the German. It translates to:

Looking for remote computer...
Connecting to remote computer...
Authenticating...
Hostkey does not match konfigured key "\ssh-XXXXXXX"!
Server Key-Fingerprint is ssh-XXXXXXX 256 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Sign-up failed.

I would greatly appreciate any help. The alternative would be to write and call shell scripts, but that would be cumbersome and awkward to implement in the larger code. Thank you for your time.

Solution

  • I believe it's Windows Python issue.

    Just format the commandline yourself, instead of having Popen doing (incorrectly) it for you:

    command = ' '.join(f'"{w}"' for w in array_to_be_joined)

    See also Python double quotes in subprocess.Popen aren't working when executing WinSCP scripting

    Another option is passing the fingerprint as part of the session URL in whitespace-less format:
    https://winscp.net/eng/docs/session_url#hostkey