379 words

2 minutes

Python paramiko Module - Complete Tutorial

2026-02-05

Programming Foundamentals

python

/

paramiko

/

ssh

/

automation

/

cybersecurity

Python paramiko Module - Complete Tutorial#

Table of Contents#

What Is paramiko
Installation
SSH Basics
Basic SSH Connection
Run Commands Remotely
Authentication Options
SFTP File Transfer
Advanced Features
Error Handling
SSH Security
Cybersecurity Use Cases
Quick Reference

What Is paramiko#

paramiko is a Python implementation of SSHv2. It lets you connect to remote servers, run commands, and transfer files over SFTP.

Common uses:

Remote administration
Deployment automation
Secure file transfers
SSH based tooling

Installation#

1
pip install paramiko

Optional pin in requirements.txt:

1
paramiko==3.3.1

SSH Basics#

Key concepts:

Host: remote server address
Port: SSH default is 22
Username and password or SSH key
Host key: verifies server identity

Basic SSH Connection#

Password authentication#

1
import paramiko
2

3
ssh = paramiko.SSHClient()
4
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
5

6
try:
7
    ssh.connect(
8
        hostname="192.168.1.100",
9
        port=22,
10
        username="admin",
11
        password="secret123",
12
        timeout=10
13
    )
14
    print("Connected")
15
finally:
16
    ssh.close()

Run Commands Remotely#

1
import paramiko
2

3
ssh = paramiko.SSHClient()
4
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
5
ssh.connect("192.168.1.100", username="admin", password="secret123")
6

7
stdin, stdout, stderr = ssh.exec_command("whoami")
8
output = stdout.read().decode()
9
error = stderr.read().decode()
10
exit_code = stdout.channel.recv_exit_status()
11

12
print(output)
13
print(error)
14
print(exit_code)
15

16
ssh.close()

Authentication Options#

SSH key authentication#

1
import paramiko
2

3
ssh = paramiko.SSHClient()
4
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
5

6
key = paramiko.RSAKey.from_private_key_file("/home/user/.ssh/id_rsa")
7
ssh.connect("192.168.1.100", username="admin", pkey=key)
8

9
ssh.close()

SSH key with passphrase#

1
key = paramiko.RSAKey.from_private_key_file(
2
    "/home/user/.ssh/id_rsa",
3
    password="key-passphrase"
4
)

Host key verification#

1
import paramiko
2

3
ssh = paramiko.SSHClient()
4
ssh.load_host_keys("/home/user/.ssh/known_hosts")
5
ssh.set_missing_host_key_policy(paramiko.RejectPolicy())
6

7
ssh.connect("192.168.1.100", username="admin", password="secret123")
8
ssh.close()

SFTP File Transfer#

Upload#

1
import paramiko
2

3
ssh = paramiko.SSHClient()
4
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
5
ssh.connect("192.168.1.100", username="admin", password="secret123")
6

7
sftp = ssh.open_sftp()
8
sftp.put("/home/user/data.txt", "/tmp/data.txt")
9
sftp.close()
10
ssh.close()

Download#

1
import paramiko
2

3
ssh = paramiko.SSHClient()
4
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
5
ssh.connect("192.168.1.100", username="admin", password="secret123")
6

7
sftp = ssh.open_sftp()
8
sftp.get("/var/log/syslog", "/home/user/syslog.txt")
9
sftp.close()
10
ssh.close()

Advanced Features#

Interactive shell#

1
import paramiko
2
import time
3

4
ssh = paramiko.SSHClient()
5
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
6
ssh.connect("192.168.1.100", username="admin", password="secret123")
7

8
channel = ssh.invoke_shell()
9
channel.send("uname -a\n")
10

11
while not channel.recv_ready():
12
    time.sleep(0.1)
13

14
print(channel.recv(1024).decode())
15

16
channel.close()
17
ssh.close()

SSH tunnel (local port forward)#

1
import paramiko
2

3
ssh = paramiko.SSHClient()
4
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
5
ssh.connect("192.168.1.100", username="admin", password="secret123")
6

7
transport = ssh.get_transport()
8
transport.request_port_forward("127.0.0.1", 3307)
9

10
print("Tunnel open on 127.0.0.1:3307")

Error Handling#

1
import paramiko
2
import socket
3
from paramiko import AuthenticationException
4
from paramiko.ssh_exception import SSHException
5

6

7
def safe_connect(host, user, password):
8
    client = paramiko.SSHClient()
9
    client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
10
    try:
11
        client.connect(hostname=host, username=user, password=password, timeout=10)
12
        return client
13
    except AuthenticationException:
14
        print("Auth failed")
15
    except SSHException as e:
16
        print(f"SSH error: {e}")
17
    except socket.timeout:
18
        print("Timeout")
19
    except Exception as e:
20
        print(f"Unexpected error: {e}")
21
    return None

SSH Security#

Best practices:

Use SSH keys, not passwords
Verify host keys
Disable auto-accept in production
Rotate credentials regularly

Cybersecurity Use Cases#

1
import paramiko
2

3

4
def get_banner(host, port=22):
5
    transport = paramiko.Transport((host, port))
6
    transport.start_client()
7
    banner = transport.remote_version
8
    transport.close()
9
    return banner
10

11
print(get_banner("192.168.1.100"))

Brute force demo (authorized testing only)#

1
import paramiko
2
import time
3

4

5
def ssh_bruteforce(host, user, passwords):
6
    for pwd in passwords:
7
        client = paramiko.SSHClient()
8
        client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
9
        try:
10
            client.connect(hostname=host, username=user, password=pwd, timeout=3)
11
            return pwd
12
        except paramiko.AuthenticationException:
13
            pass
14
        finally:
15
            client.close()
16
        time.sleep(0.5)
17
    return None

Quick Reference#

1
import paramiko
2

3
ssh = paramiko.SSHClient()
4
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
5
ssh.connect("host", username="user", password="pass")
6

7
stdin, stdout, stderr = ssh.exec_command("ls -la")
8
output = stdout.read().decode()
9

10
sftp = ssh.open_sftp()
11
sftp.put("local.txt", "/tmp/remote.txt")
12
sftp.get("/tmp/remote.txt", "downloaded.txt")
13
sftp.close()
14

15
ssh.close()