Paramiko

Python SSHv2 library for securely connecting to remote machines to execute commands and transfer files programmatically.

Evaluated Mar 06, 2026 (0d ago) v3.x
Homepage ↗ Repo ↗ Developer Tools ssh python sftp remote-execution automation
⚙ Agent Friendliness
61
/ 100
Can an agent use this?
🔒 Security
86
/ 100
Is it safe for agents?
⚡ Reliability
79
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
--
Documentation
80
Error Messages
75
Auth Simplicity
82
Rate Limits
95

🔒 Security

TLS Enforcement
100
Auth Strength
88
Scope Granularity
80
Dep. Hygiene
80
Secret Handling
82

CRITICAL: Never use AutoAddPolicy in production; use RejectPolicy + known_hosts file; private keys must have restricted permissions (600)

⚡ Reliability

Uptime/SLA
78
Version Stability
82
Breaking Changes
80
Error Recovery
75
AF Security Reliability

Best When

Programmatically automating remote SSH commands and SFTP file transfers in Python without shelling out.

Avoid When

You need idempotent configuration management — Ansible is better suited for that pattern.

Use Cases

  • Execute shell commands on remote servers and capture stdout/stderr for automation scripts
  • Transfer files to/from remote servers via SFTP without command-line tools
  • Establish SSH tunnels for port forwarding to access internal services securely
  • Automate multi-server configuration tasks by connecting to a list of hosts in parallel
  • Check remote server health by running status commands and parsing output in Python

Not For

  • Large-scale infrastructure automation — use Ansible or Fabric for idempotent multi-host operations
  • Interactive SSH sessions with terminal emulation — use subprocess + ssh for interactive use
  • Windows Remote Management (WinRM) — use pywinrm for Windows targets

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
No
SDK
Yes
Webhooks
No

Authentication

Methods: ssh_key password
OAuth: No Scopes: No

RSA/ED25519 private key files or password auth; host key verification required in production

Pricing

Model: open_source
Free tier: Yes
Requires CC: No

Free open source

Agent Metadata

Pagination
none
Idempotent
Partial
Retry Guidance
Not documented

Known Gotchas

  • Host key verification is disabled by default (AutoAddPolicy) — always enable RejectPolicy in production to prevent MITM attacks
  • exec_command() returns immediately; must call recv() on stdout/stderr channels and check recv_exit_status() for completion — not a blocking call by default
  • Channels/connections are not automatically closed — must explicitly call channel.close() and client.close() to prevent resource leaks
  • Large SFTP transfers (>1GB) may silently fail or corrupt without checking transfer size — validate bytes transferred
  • ProxyJump/bastion host connections require nested paramiko clients (Transport + Channel + Transport) — not natively supported with simple API

Alternatives

fabric-api asyncssh-api

Full Evaluation Report

Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for Paramiko.

$99
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-06.

5208
Packages Evaluated
26151
Need Evaluation
173
Need Re-evaluation
Community Powered