Netmiko’s File Transfer Tools offer secure file copy capabilities that are widely used for automated configuration backups and firmware upgrades across several network device vendors and operating systems. The protocol support and transfer options can vary depending on the platform.

• Cisco IOS:
  • Transfer Types: SCP, TFTP, SFTP
  • Direction: Upload & Download
• Cisco ASA:
  • Transfer Types: SCP, FTP, TFTP
  • Direction: Upload & Download
• Cisco NX-OS:
  • Transfer Types: SCP, SFTP
  • Direction: Upload & Download
• Arista EOS:
  • Transfer Types: SCP, SFTP
  • Direction: Upload & Download
• Juniper Junos:
  • Transfer Types: SCP, SFTP
  • Direction: Upload & Download
• HP ProCurve:
  • Transfer Types: TFTP
  • Direction: Upload & Download

Note: Always verify device compatibility and enable the required protocols (such as SCP or SFTP) on network devices before initiating file transfers with Netmiko.

Before using Netmiko’s File Transfer Tools, make sure you have the necessary Python modules installed. These libraries enable SSH connectivity and secure file transfer features within your scripts.

• Netmiko: The primary library to manage SSH connections and file transfers with network devices.
• Paramiko: Handles SSH connections under the hood, providing the foundation for secure communication.
• SCP: Used by Netmiko to enable Secure Copy Protocol (SCP) file transfers. This allows you to transfer files between your automation host and network devices securely.

To install all the required modules, run the following command in your terminal or command prompt:

pip install netmiko scp paramiko

Tip: Install these modules in a virtual environment to keep your project dependencies organized and isolated.

Netmiko's file_transfer() function provides a simple way to upload or download files to and from network devices. Below is a step-by-step example that demonstrates how to upload a file to a Cisco IOS device using SCP.

1. Step 1 — Define your device parameters: Specify details such as device type, IP address, SSH credentials, and enable password.
2. Step 2 — Establish the SSH connection: Use ConnectHandler to initiate a session and enter privilege exec mode.
3. Step 3 — Call the file_transfer() function: Pass the source file, destination file, file system path, and direction as either "put" or "get".
4. Step 4 — Verify the transfer and disconnect: Check the returned dictionary for status and cleanup the session.

Here’s a complete working example:

from netmiko import ConnectHandler, file_transfer

device = {
    "device_type": "cisco_ios",
    "host": "192.168.1.1",
    "username": "admin",
    "password": "password",
    "secret": "enable_password",  # optional, if enable is required
}

source_file = "backup_config.txt"
dest_file = "backup_config.txt"
file_system = "flash:"  # Adjust to match the device
direction = "put"       # Use "get" to download from device

# Connect to device
net_connect = ConnectHandler(**device)
net_connect.enable()

# Perform file transfer
transfer_result = file_transfer(
    net_connect,
    source_file=source_file,
    dest_file=dest_file,
    file_system=file_system,
    direction=direction,
    overwrite_file=True,
)

net_connect.disconnect()

print("Transfer result:")
print(transfer_result)
  

The returned transfer_result dictionary will include key indicators such as MD5 match and file existence to confirm success.

The file_transfer() function in Netmiko provides a convenient wrapper around the file copy process for supported network devices. Understanding each parameter it accepts will help you control the behavior and accuracy of file uploads and downloads.

1. net_connect: The active SSH session created using ConnectHandler. This session is passed directly to file_transfer() to perform the file operation.
2. source_file: The path to the file on the local system for uploads (direction="put") or the remote device for downloads (direction="get").
3. dest_file: The target file name that will appear on the destination device or local system after the transfer.
4. file_system: The absolute path or storage location on the device (such as "flash:" for Cisco IOS). This varies between platforms.
5. direction: Specifies the direction of transfer. Use "put" to upload a file to the device, and "get" to download a file from the device.
6. overwrite_file: Boolean value specifying whether to overwrite an existing file. Set to True to allow overwrites.
7. disable_md5: Optional; when set to True, it skips MD5 hash comparison after the transfer. Default is False, which verifies the file’s integrity.

Example Call:

file_transfer(
    net_connect,
    source_file="backup_config.txt",
    dest_file="backup_config.txt",
    file_system="flash:",
    direction="put",
    overwrite_file=True,
    disable_md5=False
)
  

Tip: Always verify whether your device supports MD5 checks. Use disable_md5=True if compatibility issues arise.

When using Netmiko’s File Transfer Tools, you may encounter some common issues that can interrupt or prevent successful file uploads and downloads. Below is a step-by-step troubleshooting guide with typical error messages and recommended solutions.

1. Permission Denied or Authentication Failures
   • Symptoms: Errors like Permission denied (publickey, password) or authentication exceptions.
   • Fixes: Verify your username and password. Ensure the device allows SSH or SCP access and isn’t enforcing stricter authentication methods.
2. No Such File or Directory
   • Symptoms: FileNotFoundError or errors saying the source or destination file doesn’t exist.
   • Fixes: Make sure the specified file path exists both locally and on the remote device. Double-check file_system and directory syntax for your device.
3. Timeouts During File Transfer
   • Symptoms: Timeouts or lost connections during large file uploads.
   • Fixes: Increase SSH or file transfer timeouts in your script. Temporarily disable fast_cli for long running file transfers to some platforms.
4. MD5 or File Verification Failure
   • Symptoms: “MD5 failure between Source and Destination Hashes” or verification errors.
   • Fixes: Confirm the device supports MD5 hashing. Ensure the file finished copying and isn’t corrupt. Use disable_md5=True if the platform lacks robust MD5 support.
5. Insufficient Space Available
   • Symptoms: “Insufficient space available on remote device” or similar exceptions.
   • Fixes: Check available space with device commands before copying larger files. Delete unused files if needed to free up storage.
6. Unsupported Platform or Feature
   • Symptoms: Errors indicating unsupported platform or protocol.
   • Fixes: Confirm the target platform is supported by Netmiko for file transfers. Choose supported transfer protocols (like SCP/SFTP) based on device type.
7. Prompt Not Found or Connection Errors
   • Symptoms: Errors like "Router prompt not found" after SSH connects.
   • Fixes: Check device_type is set appropriately. Adjust prompt detection patterns for custom device prompts.
8. Module Import or Name Conflicts
   • Symptoms: Import errors or scripts failing to find Netmiko modules.
   • Fixes: Ensure you haven’t named your own scripts netmiko.py. Use unique filenames for your scripts.

Quick Tips:

• Always test file transfer manually (SCP/SFTP) if automation fails, to isolate network or credentials issues.
• Log the Netmiko session output or exceptions to aid troubleshooting.
• Keep your Netmiko and dependencies up-to-date for latest bug fixes and platform support.

When performing file transfers using Netmiko, it’s critical to maintain a strong security posture—especially since network device credentials and sensitive configuration files may be involved. Below are best practices and key precautions you should take:

1. Prefer Encrypted Protocols:
   • Always use secure methods like SCP and SFTP for file transfers instead of plaintext protocols like TFTP, which can expose credentials and file content on the network.
2. Limit Privileged Access:
   • Assign the minimum necessary privileges to automation accounts. Avoid sharing credentials and use role-based access where possible.
3. Enable MD5/SHA Hash Verification:
   • Verify file integrity with MD5 or SHA hash checks whenever possible, ensuring the transferred file wasn’t corrupted or tampered with in transit.
4. Rotate and Secure Credentials:
   • Store credentials in secure vaults or environment variables—not directly in code. Rotate passwords regularly to reduce exposure risks.
5. Audit and Log File Transfer Operations:
   • Keep logs of transfer activities to detect unauthorized access or unexpected changes on devices. Enable logging within both your scripts and network devices.
6. Restrict Source and Destination Hosts:
   • Limit file transfers to known source IP addresses. Configure device access controls to prevent unauthorized hosts from initiating file uploads or downloads.
7. Monitor for Unusual Activity:
   • Implement monitoring to alert on large, unexpected file transfers or failed authentication attempts that could indicate malicious activity.
8. Keep Dependencies Up-to-date:
   • Patch Netmiko, Paramiko, and SCP modules regularly to close security vulnerabilities discovered in dependencies.
9. Disable Unused Protocols:
   • On network devices, turn off file transfer protocols (such as TFTP or FTP) if not specifically required for your workflow.

Tip: Regularly review your automation and device configurations for compliance with your organization’s security policies.