{"id":5702,"library":"pysftp","title":"PySFTP","description":"PySFTP is a Python library that provides a simplified, high-level interface for Secure File Transfer Protocol (SFTP) operations. It acts as a wrapper around the lower-level Paramiko library, aiming to make common SFTP tasks more approachable. The current version, 0.2.9, was released in July 2016, and the project appears to be unmaintained with no new releases since then.","status":"abandoned","version":"0.2.9","language":"en","source_language":"en","source_url":"https://bitbucket.org/dundeemt/pysftp","tags":["SFTP","SSH","file transfer","networking","paramiko"],"install":[{"cmd":"pip install pysftp","lang":"bash","label":"Install with pip"}],"dependencies":[{"reason":"Core SSH/SFTP functionality, required version >= 1.15.2 but < 4.0.0.","package":"paramiko","optional":false},{"reason":"Cryptographic primitives, likely a transitive dependency via older Paramiko versions.","package":"pycrypto","optional":false}],"imports":[{"symbol":"Connection","correct":"from pysftp import Connection"}],"quickstart":{"code":"import pysftp\nimport os\n\n# It is highly recommended to NOT disable host key checking in production.\n# For proper security, manage known_hosts or explicitly add server keys.\ncnopts = pysftp.CnOpts()\n# !!! In production, configure hostkeys properly. DO NOT SET TO NONE. !!!\n# For demonstration, we disable it here for easier local testing. \ncnopts.hostkeys = None \n\nHOSTNAME = os.environ.get('SFTP_HOSTNAME', 'sftp.example.com')\nUSERNAME = os.environ.get('SFTP_USERNAME', 'user')\nPASSWORD = os.environ.get('SFTP_PASSWORD', 'secret_password')\n\ntry:\n    with pysftp.Connection(host=HOSTNAME, username=USERNAME, password=PASSWORD, cnopts=cnopts) as sftp:\n        print(f\"Connection successfully established with {HOSTNAME}!\")\n        print(f\"Current remote directory: {sftp.pwd}\")\n\n        # Example: Upload a file\n        local_file = 'local_test_file.txt'\n        remote_path = f'/remote/{local_file}'\n        with open(local_file, 'w') as f:\n            f.write('Hello, SFTP World!')\n\n        sftp.put(local_file, remote_path)\n        print(f\"Uploaded {local_file} to {remote_path}\")\n\n        # Example: Download a file\n        downloaded_file = 'downloaded_test_file.txt'\n        sftp.get(remote_path, downloaded_file)\n        print(f\"Downloaded {remote_path} to {downloaded_file}\")\n\n        # Example: List remote directory\n        print(f\"Files in remote directory {sftp.pwd}:\")\n        for entry in sftp.listdir():\n            print(f\"- {entry}\")\n\nexcept pysftp.ConnectionException as e:\n    print(f\"SFTP connection failed: {e}\")\nexcept Exception as e:\n    print(f\"An unexpected error occurred: {e}\")\nfinally:\n    # Clean up local test file if it was created\n    if os.path.exists(local_file):\n        os.remove(local_file)\n    if os.path.exists(downloaded_file):\n        os.remove(downloaded_file)\n","lang":"python","description":"This quickstart demonstrates how to establish an SFTP connection using `pysftp.Connection` with a context manager, upload a local file, download a remote file, and list the contents of the current remote directory. It highlights the importance of host key verification, showing a common (but insecure for production) method to disable it for testing purposes. Credentials are retrieved from environment variables for security."},"warnings":[{"fix":"Pin your `paramiko` dependency to a version less than 4.0.0 (e.g., `paramiko < 4.0.0`). For new projects, consider migrating to `paramiko` directly or a more actively maintained SFTP library.","message":"PySFTP is incompatible with Paramiko versions 4.0.0 and newer. Paramiko 4.0.0 removed the `DSSKey` class, which `pysftp` directly imports, leading to an `ImportError` when `paramiko >= 4.0.0` is installed.","severity":"breaking","affected_versions":"All PySFTP versions (0.2.9 and earlier)"},{"fix":"Evaluate the security risks for your specific use case. For new development or applications requiring strong security, it is highly recommended to use `paramiko` directly or an actively maintained alternative SFTP client library.","message":"The PySFTP project has been inactive since its last release in July 2016. This means it may contain unpatched security vulnerabilities from its underlying dependencies (Paramiko) or within PySFTP itself, and lacks support for modern SSH features (e.g., newer key types like Ed25519, ECDSA).","severity":"gotcha","affected_versions":"All PySFTP versions (0.2.9 and earlier)"},{"fix":"Always implement proper host key verification. Load known hosts from a file (e.g., `cnopts.hostkeys.load('/path/to/known_hosts')`) or explicitly add server keys. Never disable host key checking in production.","message":"Disabling host key checking by setting `cnopts.hostkeys = None` is often shown in examples for convenience but exposes your connection to Man-in-the-Middle (MITM) attacks. This is a severe security vulnerability for production environments.","severity":"gotcha","affected_versions":"All PySFTP versions (0.2.9 and earlier)"},{"fix":"On Windows, consider implementing recursive transfers manually by iterating through directories with `pysftp.Connection.listdir()` and using individual `get()`/`put()` calls, or use `paramiko` directly for more robust control.","message":"The recursive file transfer methods (`pysftp.Connection.put_r()` and `pysftp.Connection.get_r()`) are reported to have issues and may not function correctly on Windows operating systems.","severity":"gotcha","affected_versions":"All PySFTP versions (0.2.9 and earlier)"}],"env_vars":null,"last_verified":"2026-04-06T00:00:00.000Z","next_check":"2026-07-05T00:00:00.000Z"}