I have already converted the PKK key to PEM format (using PuTTY) and tested it with Filezilla, so I can access the SFTP server using both PKK and PEM keys. However, when I try to access the server from python code, I always get the following error message:
Secsh channel 0 open FAILED: The user has to be authenticated before open a new channel: Administratively prohibited
Traceback (most recent call last):
File "main.py", line 30, in <module>
connect_sftp()
File "main.py", line 12, in connect_sftp
sftp = ssh_client.open_sftp()
File "/home/runner/Test/venv/lib/python3.8/site-packages/paramiko/client.py", line 558, in open_sftp
return self._transport.open_sftp_client()
File "/home/runner/Test/venv/lib/python3.8/site-packages/paramiko/transport.py", line 1142, in open_sftp_client
return SFTPClient.from_transport(self)
File "/home/runner/Test/venv/lib/python3.8/site-packages/paramiko/sftp_client.py", line 164, in from_transport
chan = t.open_session(
File "/home/runner/Test/venv/lib/python3.8/site-packages/paramiko/transport.py", line 920, in open_session
return self.open_channel(
File "/home/runner/Test/venv/lib/python3.8/site-packages/paramiko/transport.py", line 1062, in open_channel
raise e
paramiko.ssh_exception.ChannelException: ChannelException(1, 'Administratively prohibited')
What might be important is that I'm trying to access the server from https://replit.com with this code snippet:
ssh_client = paramiko.SSHClient()
ssh_client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh_client.connect(hostname = '0.0.0.0',
username = username,
password = ********,
key_filename = 'key.pem',
port = port)
sftp = ssh_client.open_sftp()
sftp.close()
ssh_client.close()
I have also tried this, but the result was the same:
mykey = paramiko.RSAKey.from_private_key_file('key.pem')
ssh_client.connect(... pkey=mykey ...)
The key.pem file has the following format:
-----BEGIN RSA PRIVATE KEY-----
...
tYkT6F/FrDWxktgWMcPvqAu/38X2C1LB3xr25ORRl1nlfGvI8pwqIxOrSQduAUuJ
jbQEPpIkAT1pwgolIwwB/FqbKtVLC7hfgFrXzwIBJQKCAQAbG2+vgKCSwhnZyJKk
...
-----END RSA PRIVATE KEY-----
What am I doing wrong, any ideas?
EDIT 1:
The Paramiko log file contains the following:
DEB [20220804-09:18:08.041] thr=1 paramiko.transport: starting thread (client mode): 0x1aeed0a0
DEB [20220804-09:18:08.041] thr=1 paramiko.transport: Local version/idstring: SSH-2.0-paramiko_2.11.0
DEB [20220804-09:18:08.179] thr=1 paramiko.transport: Remote version/idstring: SSH-2.0-CerberusFTPServer_7.0
INF [20220804-09:18:08.179] thr=1 paramiko.transport: Connected (version 2.0, client CerberusFTPServer_7.0)
DEB [20220804-09:18:08.316] thr=1 paramiko.transport: === Key exchange possibilities ===
DEB [20220804-09:18:08.316] thr=1 paramiko.transport: kex algos: ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha1, diffie-hellman-group-exchange-sha256, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1
DEB [20220804-09:18:08.316] thr=1 paramiko.transport: server key: ssh-rsa
DEB [20220804-09:18:08.317] thr=1 paramiko.transport: client encrypt: aes128-ctr, aes128-cbc, aes192-ctr, aes192-cbc, aes256-ctr, aes256-cbc, 3des-cbc
DEB [20220804-09:18:08.317] thr=1 paramiko.transport: server encrypt: aes128-ctr, aes128-cbc, aes192-ctr, aes192-cbc, aes256-ctr, aes256-cbc, 3des-cbc
DEB [20220804-09:18:08.317] thr=1 paramiko.transport: client mac: hmac-sha1, hmac-sha1-96, hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512, hmac-sha2-512-96, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-md5
DEB [20220804-09:18:08.317] thr=1 paramiko.transport: server mac: hmac-sha1, hmac-sha1-96, hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512, hmac-sha2-512-96, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-md5
DEB [20220804-09:18:08.317] thr=1 paramiko.transport: client compress: none
DEB [20220804-09:18:08.317] thr=1 paramiko.transport: server compress: none
DEB [20220804-09:18:08.317] thr=1 paramiko.transport: client lang: en-US
DEB [20220804-09:18:08.317] thr=1 paramiko.transport: server lang: en-US
DEB [20220804-09:18:08.317] thr=1 paramiko.transport: kex follows: False
DEB [20220804-09:18:08.317] thr=1 paramiko.transport: === Key exchange agreements ===
DEB [20220804-09:18:08.317] thr=1 paramiko.transport: Kex: ecdh-sha2-nistp256
DEB [20220804-09:18:08.317] thr=1 paramiko.transport: HostKey: ssh-rsa
DEB [20220804-09:18:08.318] thr=1 paramiko.transport: Cipher: aes128-ctr
DEB [20220804-09:18:08.318] thr=1 paramiko.transport: MAC: hmac-sha2-256
DEB [20220804-09:18:08.318] thr=1 paramiko.transport: Compression: none
DEB [20220804-09:18:08.318] thr=1 paramiko.transport: === End of kex handshake ===
DEB [20220804-09:18:08.582] thr=1 paramiko.transport: kex engine KexNistp256 specified hash_algo <built-in function openssl_sha256>
DEB [20220804-09:18:08.717] thr=1 paramiko.transport: Switch to new keys ...
DEB [20220804-09:18:08.718] thr=2 paramiko.transport: Adding ssh-rsa host key for [*.*.*.*]:****: b'***********************'
DEB [20220804-09:18:08.718] thr=2 paramiko.transport: Trying SSH key b'***********************'
DEB [20220804-09:18:08.857] thr=1 paramiko.transport: userauth is OK
DEB [20220804-09:18:08.858] thr=1 paramiko.transport: Finalizing pubkey algorithm for key of type 'ssh-rsa'
DEB [20220804-09:18:08.858] thr=1 paramiko.transport: Our pubkey algorithm list: ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-rsa']
DEB [20220804-09:18:08.858] thr=1 paramiko.transport: Server did not send a server-sig-algs list; defaulting to our first preferred algo ('rsa-sha2-512')
DEB [20220804-09:18:08.858] thr=1 paramiko.transport: NOTE: you may use the 'disabled_algorithms' SSHClient/Transport init kwarg to disable that or other algorithms if your server does not support them!
INF [20220804-09:18:08.995] thr=1 paramiko.transport: Auth banner: b'************************************\r\n'
INF [20220804-09:18:09.178] thr=1 paramiko.transport: Authentication (publickey) failed.
DEB [20220804-09:18:09.318] thr=1 paramiko.transport: userauth is OK
INF [20220804-09:18:09.455] thr=1 paramiko.transport: Auth banner: b'************************************\r\n'
INF [20220804-09:18:09.600] thr=1 paramiko.transport: Authentication continues...
DEB [20220804-09:18:09.601] thr=1 paramiko.transport: Methods: ['publickey']
DEB [20220804-09:18:09.601] thr=2 paramiko.transport: [chan 0] Max packet in: 32768 bytes
ERR [20220804-09:18:09.749] thr=1 paramiko.transport: Secsh channel 0 open FAILED: The user has to be authenticated before open a new channel: Administratively prohibited
DEB [20220804-09:23:11.407] thr=1 paramiko.transport: EOF in transport thread
Based on the posted logs and this question, I have finally managed to solve the error with disabling rsa-sha2-512 and rsa-sha2-256 algorithms to force the ssh-rsa algorithm.
ssh_client.connect(
disabled_algorithms={'pubkeys': ['rsa-sha2-512', 'rsa-sha2-256']}, ...)