sftp_list not handling known_hosts correctly

[kingamajick]

Expected behaviour:

Successfully open a SFTP connection No hostkey for host $host found.

Actual behaviour:

Failure opening SFTP connection

Steps to reproduce:

• Step 1: Run docker container docker build -t flexget . && docker run -v "some/path/to/flexget:/home/flexget/.flexget" -v "some/path/to/ssh:/home/flexget/.ssh" -it flexget

The root of this problem appears to be that pysftp doesn't support port numbers in known_hosts, and is also appears to be abandoned (last update made in 2016). I tried the work around of not defining the port number in known hosts, but ran into unpack requires a buffer of 4 bytes

The known_hosts file is valid, ssh-keygen -l -f ~/some/path/to/ssh/known_hosts -F $host lists the fingerprints correctly.

Apparently Paramiko on which pysftp is based doesn't have these issues, so potentilly converting sftp_client to use Paramiko directly would be a fix.

Config:

templates:
  bar:
    sftp_list:
     host: '{? sftp.host ?}'
      port: '{? sftp.port ?}'
      username: '{? sftp.username ?}'
      private_key: '{? sftp.private_key ?}'
      recursive: True
      get_size: True
      files_only: False
      dirs:
        - "/srv/file"

tasks:

  foo task:
    template:
      - bar

Log:

(click to expand)

Salient parts of the logs

With port defined in known_hosts

2022-11-29 10:55:23 DEBUG    sftp_client   foo task        Connecting to $host
2022-11-29 10:55:23 DEBUG    sftp_client   foo task        Caught exception: No hostkey for host $host found.
2022-11-29 10:55:23 WARNING  sftp_client   foo task        Failed to connect to $host; waiting 15 seconds before retrying.

Without port defined 'workaround' in known_hosts

2022-11-29 10:57:27 DEBUG    sftp_client   foo task        Connecting to $host
2022-11-29 10:57:27 DEBUG    sftp_client   foo task        Caught exception: unpack requires a buffer of 4 bytes
2022-11-29 10:57:27 WARNING  sftp_client   foo task        Failed to connect to$host; waiting 15 seconds before retrying.

Additional information:

• FlexGet version: 3.5.6
• Python version: 3.10.6
• Installation method: In Docker container (see below)
• Using daemon (yes/no): no
• OS and version:
• Link to crash log:

Docker container

FROM ubuntu:jammy

RUN \
  echo "**** Create User ****" && \
  groupadd -g 1000 flexget && \
  useradd -m -g 1000 -u 1000 flexget && \
  echo "**** Install Packages ****" && \
  apt-get update && \
  apt-get install -y \ 
     python3-pip && \
  pip3 install \
      --no-cache-dir \
      flexget \ 
      pysftp && \
  apt-get remove -y python3-pip && \
  echo "**** Cleanup ****" && \
  rm -rf /tmp/* \
    /var/lib/apt/lists/* \
    /var/tmp/*

# Contains config.yml
VOLUME /home/flexget/.flexget
# Contains known_hosts
VOLUME /home/flexget/.ssh

USER flexget

CMD /usr/local/bin/flexget --loglevel DEBUG execute

[paranoidi]

Very good investigation and bug report. Unfortunately converting to paramiko seems rather large operation, I'm not sure who is brave enough to pick that work ...

edit: Problem might even be in paramiko

[kingamajick]

I'm semi tempted to give it a go (although as far as I can see there is no unit tests for this which makes me kinda nervous :) ).

So I guess to do this work:

1. Add unit tests for existing plugins (this is going to require a stub, luckily as pysftp is based on top of Paramiko, the same stub can be used going forward)
2. Convert to Paramiko

It seems it does work in Paramiko, see this post, although a small test would be worth while before undertaking the above.

[paranoidi]

@kingamajick Give it a go, see where the road leads :)

Feel free to drop into slack/discord/irc to chat with other devs.

Unit tests are nice, but not mandatory if plugin is battle tested enough by the author.

It might be far easier and preferable to patch pysftp, even dynamically if they do not accept PR in timely manner. Forking it is an option too, but comes with additional responsibilities.

[kingamajick]

I can confirm that changing to Paramiko works in term of been able to connect to a server with a non default port after creating a hacky version of list_dir with Paramiko.

[ianstalk]

Sorry about the lack of tests, I was having trouble mocking Pysftp and gave up. Here's a WIP commit in case it helps:
7df9e77

[kingamajick]

@ianstalk no worries and thanks for the link, I've got a work in progress change that works, I've taken the approach of creating a simple sftp server implementation with Paramiko which seems to be the approach Paramiko takes for testing itself. I've written tests for list and download so far, so I'll clean up the cl and get it out for a first review in the next week as I'll be on vacation and as will have more time.

[ianstalk]

I think at the time I was trying to make something less like an integration test.

[github-actions]

This issue is stale because it has been open 150 days with no activity. Remove stale label or comment or this will be closed in 30 days.

[kingamajick]

#3714 provides a work around for this issue, so closing

[github-actions]

This issue is stale because it has been open 150 days with no activity. Remove stale label or comment or this will be closed in 30 days.