"Error reading SSH protocol banner" when connecting to port 443 with Paramiko in Python

Question

Connecting to the server using WinSCP and Linux sftp command works. But paramiko fails to connect. The problem may be that the banner has a strange format (banner: ). Could someone help me how to make paramiko work?

I tried to increase the banner timeout (as seen in the code), but the problem does not seem to be connected with the timeout. The error appears immediately and says EOFError together with

SSHException: Error reading SSH protocol banner

I have the following code (the host, username, and password were left) out:

import logging
import paramiko
import socket

logging.basicConfig()
logging.getLogger("paramiko").setLevel(logging.DEBUG)

host = xxx
port = 443

username = xxx
password = xxx

ssh=paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.connect(host, port, username, password, banner_timeout=200)

The debug output:

DEBUG:paramiko.transport:starting thread (client mode): 0xfabf4150
DEBUG:paramiko.transport:Local version/idstring: SSH-2.0-paramiko_2.7.1
DEBUG:paramiko.transport:Banner: 
ERROR:paramiko.transport:Exception: Error reading SSH protocol banner
ERROR:paramiko.transport:Traceback (most recent call last):
ERROR:paramiko.transport:  File "/local_disk0/.ephemeral_nfs/envs/pythonEnv-db54fca7-6304-4f77-98df-05eee0abdd0c/lib/python3.7/site-packages/paramiko/transport.py", line 2211, in _check_banner
ERROR:paramiko.transport:    buf = self.packetizer.readline(timeout)
ERROR:paramiko.transport:  File "/local_disk0/.ephemeral_nfs/envs/pythonEnv-db54fca7-6304-4f77-98df-05eee0abdd0c/lib/python3.7/site-packages/paramiko/packet.py", line 380, in readline
ERROR:paramiko.transport:    buf += self._read_timeout(timeout)
ERROR:paramiko.transport:  File "/local_disk0/.ephemeral_nfs/envs/pythonEnv-db54fca7-6304-4f77-98df-05eee0abdd0c/lib/python3.7/site-packages/paramiko/packet.py", line 609, in _read_timeout
ERROR:paramiko.transport:    raise EOFError()
ERROR:paramiko.transport:EOFError
ERROR:paramiko.transport:
ERROR:paramiko.transport:During handling of the above exception, another exception occurred:
ERROR:paramiko.transport:
ERROR:paramiko.transport:Traceback (most recent call last):
ERROR:paramiko.transport:  File "/local_disk0/.ephemeral_nfs/envs/pythonEnv-db54fca7-6304-4f77-98df-05eee0abdd0c/lib/python3.7/site-packages/paramiko/transport.py", line 2039, in run
ERROR:paramiko.transport:    self._check_banner()
ERROR:paramiko.transport:  File "/local_disk0/.ephemeral_nfs/envs/pythonEnv-db54fca7-6304-4f77-98df-05eee0abdd0c/lib/python3.7/site-packages/paramiko/transport.py", line 2216, in _check_banner
ERROR:paramiko.transport:    "Error reading SSH protocol banner" + str(e)
ERROR:paramiko.transport:paramiko.ssh_exception.SSHException: Error reading SSH protocol banner
ERROR:paramiko.transport:

The error:

---------------------------------------------------------------------------
EOFError                                  Traceback (most recent call last)
/local_disk0/.ephemeral_nfs/envs/pythonEnv-db54fca7-6304-4f77-98df-05eee0abdd0c/lib/python3.7/site-packages/paramiko/transport.py in _check_banner(self)
   2210             try:
-> 2211                 buf = self.packetizer.readline(timeout)
   2212             except ProxyCommandFailure:

/local_disk0/.ephemeral_nfs/envs/pythonEnv-db54fca7-6304-4f77-98df-05eee0abdd0c/lib/python3.7/site-packages/paramiko/packet.py in readline(self, timeout)
    379         while linefeed_byte not in buf:
--> 380             buf += self._read_timeout(timeout)
    381         n = buf.index(linefeed_byte)

/local_disk0/.ephemeral_nfs/envs/pythonEnv-db54fca7-6304-4f77-98df-05eee0abdd0c/lib/python3.7/site-packages/paramiko/packet.py in _read_timeout(self, timeout)
    608                 if len(x) == 0:
--> 609                     raise EOFError()
    610                 break

EOFError:

During handling of the above exception, another exception occurred:

SSHException                              Traceback (most recent call last)
<command-587691805458922> in <module>
      7 ssh=paramiko.SSHClient()
      8 ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
----> 9 ssh.connect(host, port, username, password, banner_timeout=200)

/local_disk0/.ephemeral_nfs/envs/pythonEnv-db54fca7-6304-4f77-98df-05eee0abdd0c/lib/python3.7/site-packages/paramiko/client.py in connect(self, hostname, port, username, password, pkey, key_filename, timeout, allow_agent, look_for_keys, compress, sock, gss_auth, gss_kex, gss_deleg_creds, gss_host, banner_timeout, auth_timeout, gss_trust_dns, passphrase, disabled_algorithms)
    404             sec_opts.key_types = [keytype] + other_types
    405 
--> 406         t.start_client(timeout=timeout)
    407 
    408         # If GSS-API Key Exchange is performed we are not required to check the

/local_disk0/.ephemeral_nfs/envs/pythonEnv-db54fca7-6304-4f77-98df-05eee0abdd0c/lib/python3.7/site-packages/paramiko/transport.py in start_client(self, event, timeout)
    658                 e = self.get_exception()
    659                 if e is not None:
--> 660                     raise e
    661                 raise SSHException("Negotiation failed.")
    662             if event.is_set() or (

/local_disk0/.ephemeral_nfs/envs/pythonEnv-db54fca7-6304-4f77-98df-05eee0abdd0c/lib/python3.7/site-packages/paramiko/transport.py in run(self)
   2037                     "Local version/idstring: {}".format(self.local_version),
   2038                 )  # noqa
-> 2039                 self._check_banner()
   2040                 # The above is actually very much part of the handshake, but
   2041                 # sometimes the banner can be read but the machine is not

/local_disk0/.ephemeral_nfs/envs/pythonEnv-db54fca7-6304-4f77-98df-05eee0abdd0c/lib/python3.7/site-packages/paramiko/transport.py in _check_banner(self)
   2214             except Exception as e:
   2215                 raise SSHException(
-> 2216                     "Error reading SSH protocol banner" + str(e)
   2217                 )
   2218             if buf[:4] == "SSH-":

SSHException: Error reading SSH protocol banner

WinSCP log:

. 2020-11-25 10:40:22.195 sess: Destroying session.
. 2020-11-25 10:40:22.195 sess: Closing connection.
. 2020-11-25 10:40:22.195 sess: Connection closed.
. 2020-11-25 10:40:24.043 --------------------------------------------------------------------------
. 2020-11-25 10:40:24.043 WinSCP Version 5.17.7 (Build 10640) (OS 10.0.18363 - Windows 10 Enterprise)
. 2020-11-25 10:40:24.043 Configuration: HKCU\Software\Martin Prikryl\WinSCP 2\
. 2020-11-25 10:40:24.044 Log level: Normal
. 2020-11-25 10:40:24.044 Local account: DESKTOP-xxxx\xxx
. 2020-11-25 10:40:24.044 Working directory: C:\Program Files (x86)\WinSCP
. 2020-11-25 10:40:24.044 Process ID: 27336
. 2020-11-25 10:40:24.044 Command-line: "C:\Program Files (x86)\WinSCP\WinSCP.exe" 
. 2020-11-25 10:40:24.045 Time zone: Current: GMT+1, Standard: GMT+1 (W. Europe Standard Time), DST: GMT+2 (W. Europe Daylight Time), DST Start: 2020-03-29, DST End: 2020-10-25
. 2020-11-25 10:40:24.045 Login time: Wednesday, 25 November 2020 10:40:24
. 2020-11-25 10:40:24.045 --------------------------------------------------------------------------
. 2020-11-25 10:40:24.045 Session name: [email protected] (Site)
. 2020-11-25 10:40:24.045 Host name: xxxx.com (Port: 443)
. 2020-11-25 10:40:24.045 User name: xxxx (Password: Yes, Key file: No, Passphrase: No)
. 2020-11-25 10:40:24.045 Transfer Protocol: WebDAV
. 2020-11-25 10:40:24.045 Proxy: None
. 2020-11-25 10:40:24.046 HTTPS: Yes [Client certificate: No]
. 2020-11-25 10:40:24.046 TLS/SSL versions: TLSv1.0-TLSv1.2
. 2020-11-25 10:40:24.046 Local directory: default, Remote directory: /xxxx, Update: Yes, Cache: Yes
. 2020-11-25 10:40:24.046 Cache directory changes: Yes, Permanent: Yes
. 2020-11-25 10:40:24.046 Recycle bin: Delete to: No, Overwritten to: No, Bin path: 
. 2020-11-25 10:40:24.046 DST mode: Unix
. 2020-11-25 10:40:24.046 Compression: No
. 2020-11-25 10:40:24.046 --------------------------------------------------------------------------
. 2020-11-25 10:40:24.071 HTTP session to https://xxxxxxx.com:443 begins.
. 2020-11-25 10:40:24.072 ssl: SNI enabled by default.
. 2020-11-25 10:40:24.072 ah_create, for WWW-Authenticate
. 2020-11-25 10:40:24.072 Sending request headers:
. 2020-11-25 10:40:24.072 OPTIONS /xxxx HTTP/1.1

. 2020-11-25 10:40:24.072 User-Agent: WinSCP/5.17.7 neon/0.31.1

. 2020-11-25 10:40:24.072 Keep-Alive: 

. 2020-11-25 10:40:24.072 Connection: TE, Keep-Alive

. 2020-11-25 10:40:24.072 TE: trailers

. 2020-11-25 10:40:24.072 Host: xxxxxx.com
. 2020-11-25 10:40:24.072 Sending request-line and headers:
. 2020-11-25 10:40:24.072 Doing DNS lookup on xxxx.com...
. 2020-11-25 10:40:24.074 req: Connecting to xxxxx:443
. 2020-11-25 10:40:24.091 Doing SSL negotiation.
. 2020-11-25 10:40:24.198 Identity match for 'xxxx.com': good
. 2020-11-25 10:40:24.198 Verifying certificate for "xxx" with fingerprint xx:xx:xxxx and 08 failures
. 2020-11-25 10:40:24.215 Certificate verified against Windows certificate store
. 2020-11-25 10:40:24.215 Using TLSv1.2, cipher TLSv1.2: AES256-GCM-SHA384, 2048 bit RSA
. 2020-11-25 10:40:24.215 Request sent; retry is 0.
. 2020-11-25 10:40:24.237 [status-line] < HTTP/1.1 200 OK
. 2020-11-25 10:40:24.237 Header Name: [pragma], Value: [no-cache]
. 2020-11-25 10:40:24.237 Header Name: [x-responding-server], Value: [sslngn018]
. 2020-11-25 10:40:24.237 Header Name: [x-dmuser], Value: [username]
. 2020-11-25 10:40:24.237 Header Name: [ms-author-via], Value: [DAV]
. 2020-11-25 10:40:24.237 Header Name: [allow], Value: [GET, HEAD, OPTIONS, PUT, POST, COPY, PROPFIND, DELETE, LOCK, MKCOL, MOVE, PROPPATCH, UNLOCK, ACL, TRACE]
. 2020-11-25 10:40:24.237 Header Name: [dav], Value: [1,2, access-control, <http://apache.org/dav/propset/fs/1>]
. 2020-11-25 10:40:24.237 Header Name: [content-type], Value: [text/plain]
. 2020-11-25 10:40:24.237 Header Name: [date], Value: [Wed, 25 Nov 2020 09:40:24 GMT]
. 2020-11-25 10:40:24.237 Header Name: [server], Value: [CrushFTP HTTP Server]
. 2020-11-25 10:40:24.237 Header Name: [p3p], Value: [policyref="/WebInterface/w3c/p3p.xml", CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"]
. 2020-11-25 10:40:24.237 Header Name: [x-frame-options], Value: [SAMEORIGIN]
. 2020-11-25 10:40:24.237 Header Name: [connection], Value: [close]
. 2020-11-25 10:40:24.237 Header Name: [content-length], Value: [0]
. 2020-11-25 10:40:24.237 End of headers.
. 2020-11-25 10:40:24.278 ah_post_send (#0), code is 200 (want 401), WWW-Authenticate is (none)
. 2020-11-25 10:40:24.278 sess: Closing connection.
. 2020-11-25 10:40:24.278 sess: Connection closed.
. 2020-11-25 10:40:24.278 Request ends, status 200 class 2xx, error line:
. 2020-11-25 10:40:24.278 200 OK
. 2020-11-25 10:40:24.278 Request ends.
. 2020-11-25 10:40:24.278 Server capabilities: 1, 2, <http://apache.org/dav/propset/fs/1>, access-control
. 2020-11-25 10:40:24.278 --------------------------------------------------------------------------
. 2020-11-25 10:40:24.278 Using WebDAV protocol.
. 2020-11-25 10:40:24.278 Doing startup conversation with host.
. 2020-11-25 10:40:24.291 Changing directory to xxxxx

Answer 1

You are using WebDAV with WinSCP.

That has nothing to do with SFTP, Paramiko nor any symbols in any banner.

If your server supports WebDAV only, you have to use a WebDAV library or client in your Python code.

Though as you claim that sftp works, your server seems to support SFTP too. So just connect to the standard SSH/SFTP port 22.