==== NEWS ==== Highlights of what's new in each release. Issues noted as "'ssh' #NN" can be found at https://github.com/bitprophet/ssh/. Issues noted as "Fabric #NN" can be found at https://github.com/fabric/fabric/. Releases ======== v1.12.0 (27th Sep 2013) ----------------------- * #152: Add tentative support for ECDSA keys. *This adds the ecdsa module as a new dependency of Paramiko.* The module is available at [warner/python-ecdsa on Github](https://github.com/warner/python-ecdsa) and [ecdsa on PyPI](https://pypi.python.org/pypi/ecdsa). * Note that you might still run into problems with key negotiation -- Paramiko picks the first key that the server offers, which might not be what you have in your known_hosts file. v1.11.2 (27th Sep 2013) ----------------------- * #156: Fix potential deadlock condition when using Channel objects as sockets (e.g. when using SSH gatewaying). Thanks to Steven Noonan and Frank Arnold for catch & patch. v1.10.4 (27th Sep 2013) ----------------------- * #179: Fix a missing variable causing errors when an ssh_config file has a non-default AddressFamily set. Thanks to Ed Marshall & Tomaz Muraus for catch & patch. v1.11.1 (20th Sep 2013) ----------------------- * #162: Clean up HMAC module import to avoid deadlocks in certain uses of SSHClient. Thanks to Gernot Hillier for the catch & suggested fix. * #36: Fix the port-forwarding demo to avoid file descriptor errors. Thanks to Jonathan Halcrow for catch & patch. * #168: Update config handling to properly handle multiple 'localforward' and 'remoteforward' keys. Thanks to Emre Yılmaz for the patch. v1.10.3 (20th Sep 2013) ----------------------- * #162: Clean up HMAC module import to avoid deadlocks in certain uses of SSHClient. Thanks to Gernot Hillier for the catch & suggested fix. * #36: Fix the port-forwarding demo to avoid file descriptor errors. Thanks to Jonathan Halcrow for catch & patch. * #168: Update config handling to properly handle multiple 'localforward' and 'remoteforward' keys. Thanks to Emre Yılmaz for the patch. v1.11.0 (26th Jul 2013) ----------------------- * #98: On Windows, when interacting with the PuTTY PAgeant, Paramiko now creates the shared memory map with explicit Security Attributes of the user, which is the same technique employed by the canonical PuTTY library to avoid permissions issues when Paramiko is running under a different UAC context than the PuTTY Ageant process. Thanks to Jason R. Coombs for the patch. * #100: Remove use of PyWin32 in `win_pageant` module. Module was already dependent on ctypes for constructing appropriate structures and had ctypes implementations of all functionality. Thanks to Jason R. Coombs for the patch. * #87: Ensure updates to `known_hosts` files account for any updates to said files after Paramiko initially read them. (Includes related fix to guard against duplicate entries during subsequent `known_hosts` loads.) Thanks to `@sunweaver` for the contribution. v1.10.2 (26th Jul 2013) ----------------------- * #153, #67: Warn on parse failure when reading known_hosts file. Thanks to `@glasserc` for patch. * #146: Indentation fixes for readability. Thanks to Abhinav Upadhyay for catch & patch. v1.10.1 (5th Apr 2013) ---------------------- * #142: (Fabric #811) SFTP put of empty file will still return the attributes of the put file. Thanks to Jason R. Coombs for the patch. * #154: (Fabric #876) Forwarded SSH agent connections left stale local pipes lying around, which could cause local (and sometimes remote or network) resource starvation when running many agent-using remote commands. Thanks to Kevin Tegtmeier for catch & patch. v1.10.0 (1st Mar 2013) -------------------- * #66: Batch SFTP writes to help speed up file transfers. Thanks to Olle Lundberg for the patch. * #133: Fix handling of window-change events to be on-spec and not attempt to wait for a response from the remote sshd; this fixes problems with less common targets such as some Cisco devices. Thanks to Phillip Heller for catch & patch. * #93: Overhaul SSH config parsing to be in line with `man ssh_config` (& the behavior of `ssh` itself), including addition of parameter expansion within config values. Thanks to Olle Lundberg for the patch. * #110: Honor SSH config `AddressFamily` setting when looking up local host's FQDN. Thanks to John Hensley for the patch. * #128: Defer FQDN resolution until needed, when parsing SSH config files. Thanks to Parantapa Bhattacharya for catch & patch. * #102: Forego random padding for packets when running under `*-ctr` ciphers. This corrects some slowdowns on platforms where random byte generation is inefficient (e.g. Windows). Thanks to `@warthog618` for catch & patch, and Michael van der Kolff for code/technique review. * #127: Turn `SFTPFile` into a context manager. Thanks to Michael Williamson for the patch. * #116: Limit `Message.get_bytes` to an upper bound of 1MB to protect against potential DoS vectors. Thanks to `@mvschaik` for catch & patch. * #115: Add convenience `get_pty` kwarg to `Client.exec_command` so users not manually controlling a channel object can still toggle PTY creation. Thanks to Michael van der Kolff for the patch. * #71: Add `SFTPClient.putfo` and `.getfo` methods to allow direct uploading/downloading of file-like objects. Thanks to Eric Buehl for the patch. * #113: Add `timeout` parameter to `SSHClient.exec_command` for easier setting of the command's internal channel object's timeout. Thanks to Cernov Vladimir for the patch. * #94: Remove duplication of SSH port constant. Thanks to Olle Lundberg for the catch. * #80: Expose the internal "is closed" property of the file transfer class `BufferedFile` as `.closed`, better conforming to Python's file interface. Thanks to `@smunaut` and James Hiscock for catch & patch. v1.9.0 (6th Nov 2012) --------------------- * #97 (with a little #93): Improve config parsing of `ProxyCommand` directives and provide a wrapper class to allow subprocess-driven proxy commands to be used as `sock=` arguments for `SSHClient.connect`. * #77: Allow `SSHClient.connect()` to take an explicit `sock` parameter overriding creation of an internal, implicit socket object. * Thanks in no particular order to Erwin Bolwidt, Oskari Saarenmaa, Steven Noonan, Vladimir Lazarenko, Lincoln de Sousa, Valentino Volonghi, Olle Lundberg, and Github user `@acrish` for the various and sundry patches leading to the above changes. v1.8.1 (6th Nov 2012) --------------------- * #90: Ensure that callbacks handed to `SFTPClient.get()` always fire at least once, even for zero-length files downloaded. Thanks to Github user `@enB` for the catch. * #85: Paramiko's test suite overrides `unittest.TestCase.assertTrue/assertFalse` to provide these modern assertions to Python 2.2/2.3, which lacked them. However on newer Pythons such as 2.7, this now causes deprecation warnings. The overrides have been patched to only execute when necessary. Thanks to `@Arfrever` for catch & patch. v1.8.0 (3rd Oct 2012) --------------------- * #17 ('ssh' 28): Fix spurious `NoneType has no attribute 'error'` and similar exceptions that crop up on interpreter exit. * 'ssh' 32: Raise a more useful error explaining which `known_hosts` key line was problematic, when encountering `binascii` issues decoding known host keys. Thanks to `@thomasvs` for catch & patch. * 'ssh' 33: Bring `ssh_config` parsing more in line with OpenSSH spec, re: order of setting overrides by `Host` specifiers. Specifically, the overrides now go by file order instead of automatically sorting by `Host` value length. In addition, the first value found per config key (e.g. `Port`, `User` etc) wins, instead of the last. Thanks to Jan Brauer for the contribution. * 'ssh' 36: Support new server two-factor authentication option (`RequiredAuthentications2`), at least re: combining key-based & password auth. Thanks to Github user `bninja`. * 'ssh' 11: When raising an exception for hosts not listed in `known_hosts` (when `RejectPolicy` is in effect) the exception message was confusing/vague. This has been improved somewhat. Thanks to Cal Leeming for highlighting the issue. * 'ssh' 40: Fixed up & expanded EINTR signal handling. Thanks to Douglas Turk. * 'ssh' 15: Implemented parameter substitution in SSHConfig, matching the implementation of `ssh_config(5)`. Thanks to Olle Lundberg for the patch. * 'ssh' 24: Switch some internal type checking to use `isinstance` to help prevent problems with client libraries using subclasses of builtin types. Thanks to Alex Morega for the patch. * Fabric #562: Agent forwarding would error out (with `Authentication response too long`) or freeze, when more than one remote connection to the local agent was active at the same time. This has been fixed. Thanks to Steven McDonald for assisting in troubleshooting/patching, and to GitHub user `@lynxis` for providing the final version of the patch. * 'ssh' 5: Moved a `fcntl` import closer to where it's used to help avoid `ImportError` problems on Windows platforms. Thanks to Jason Coombs for the catch + suggested fix. * 'ssh' 4: Updated implementation of WinPageant integration to work on 64-bit Windows. Thanks again to Jason Coombs for the patch. * Added an IO loop sleep() call to avoid needless CPU usage when agent forwarding is in use. * Handful of internal tweaks to version number storage. * Updated `setup.py` with `==dev` install URL for `pip` users. * Updated `setup.py` to account for packaging problems in PyCrypto 2.4.0 * Added an extra `atfork()` call to help prevent spurious RNG errors when running under high parallel (multiprocess) load. * Merge PR #28: https://github.com/paramiko/paramiko/pull/28 which adds a ssh-keygen like demo module. (Sofian Brabez) v1.7.7.2 16may12 ---------------- * Merge pull request #63: https://github.com/paramiko/paramiko/pull/63 which fixes exceptions that occur when re-keying over fast connections. (Dwayne Litzenberger) v1.7.7.1 (George) 21may11 ------------------------- * Make the verification phase of SFTP.put optional (Larry Wright) * Patches to fix AIX support (anonymous) * Patch from Michele Bertoldi to allow compression to be turned on in the client constructor. * Patch from Shad Sharma to raise an exception if the transport isn't active when you try to open a new channel. * Stop leaking file descriptors in the SSH agent (John Adams) * More fixes for Windows address family support (Andrew Bennetts) * Use Crypto.Random rather than Crypto.Util.RandomPool (Gary van der Merwe, #271791) * Support for openssl keys (tehfink) * Fix multi-process support by calling Random.atfork (sugarc0de) v1.7.6 (Fanny) 1nov09 --------------------- * fixed bugs 411099 (sftp chdir isn't unicode-safe), 363163 & 411910 (more IPv6 problems on windows), 413850 (race when server closes the channel), 426925 (support port numbers in host keys) v1.7.5 (Ernest) 19jul09 ----------------------- * added support for ARC4 cipher and CTR block chaining (Denis Bernard) * made transport threads daemonize, to fix python 2.6 atexit behavior * support unicode hostnames, and IP6 addresses (Maxime Ripard, Shikhar Bhushan) * various small bug fixes v1.7.4 (Desmond) 06jul08 ------------------------ * more randpool fixes for windows, from Dwayne Litzenberger (NOTE: this may require a pycrypto upgrade on windows) * fix potential deadlock during key exchange (Dwayne Litzenberger) * remove MFC dependency from windows (Mark Hammond) * added some optional API improvements for SFTPClient get() and put() v1.7.3 (Clara) 23mar08 ---------------------- * SSHClient can be asked not to use an SSH agent now, and not to search for private keys * added WarningPolicy option for SSHClient (warn, but allow, on unknown server keys) * added Channel.exit_status_ready to poll if a channel has received an exit status yet * new demo for reverse port forwarding * (bug 177117) fix UTF-8 passwords * (bug 189466) fix typo in osrandom.py * (bug 191657) potentially fix a race at channel shutdown * (bug 192749) document that SSHClient.connect may raise socket.error * (bug 193779) translate EOFError into AuthException during authentication * (bug 200416) don't create a new logger object for each channel v1.7.2 (Basil) 21jan08 ---------------------- * (bug 137219) catch EINTR and handle correctly * (bug 157205) fix select() to trigger on stderr for a channel too * added SSHClient.get_transport() * added Channel.send_ready() * added direct-tcpip forwarding [patch from david guerizec] * fixed the PRNG to be more secure on windows and in cases where fork() is called [patch from dwayne litzenberger] v1.7.1 (Amy) 10jun07 -------------------- * windows SSH agent support can use the 'ctypes' module now if 'win32all' is not available [patch from alexander belchenko] * SFTPClient.listdir_attr() now preserves the 'longname' field [patch from wesley augur] * SFTPClient.get_channel() API added * SSHClient constuctor takes an optional 'timeout' parameter [patch from james bardin] v1.7 (zubat) 18feb07 -------------------- * added x11 channel support (patch from david guerizec) * added reverse port forwarding support * (bug 75370) raise an exception when contacting a broken SFTP server * (bug 80295) SSHClient shouldn't expand the user directory twice when reading RSA/DSS keys * (bug 82383) typo in DSS key in SSHClient * (bug 83523) python 2.5 warning when encoding a file's modification time * if connecting to an SSH agent fails, silently fallback instead of raising an exception v1.6.4 (yanma) 19nov06 ---------------------- * fix setup.py on osx (oops!) * (bug 69330) check for the existence of RSA/DSA keys before trying to open them in SFTPClient * (bug 69222) catch EAGAIN in socket code to workaround a bug in recent Linux 2.6 kernels * (bug 70398) improve dict emulation in HostKeys objects * try harder to make sure all worker threads are joined on Transport.close() v1.6.3 (xatu) 14oct06 --------------------- * fixed bug where HostKeys.__setitem__ wouldn't always do the right thing * fixed bug in SFTPClient.chdir and SFTPAttributes.__str__ [patch from mike barber] * try harder not to raise EOFError from within SFTPClient * fixed bug where a thread waiting in accept() could block forever if the transport dies [patch from mike looijmans] v1.6.2 (weedle) 16aug06 ----------------------- * added support for "old" group-exchange server mode, for compatibility with the windows putty client * fixed some more interactions with SFTP file readv() and prefetch() * when saving the known_hosts file, preserve the original order [patch from warren young] * fix a couple of broken lines when exporting classes (bug 55946) v1.6.1 (vulpix) 10jul06 ----------------------- * more unit tests fixed for windows/cygwin (thanks to alexander belchenko) * a couple of fixes related to exceptions leaking out of SFTPClient * added ability to set items in HostKeys via __setitem__ * HostKeys now retains order and has a save() method * added PKey.write_private_key and PKey.from_private_key v1.6 (umbreon) 10may06 ---------------------- * pageant support on Windows thanks to john arbash meinel and todd whiteman * fixed unit tests to work under windows and cygwin (thanks to alexander belchenko for debugging) * various bugfixes/tweaks to SFTP file prefetch * added SSHClient for a higher-level API * SFTP readv() now yields results as it gets them * several APIs changed to throw an exception instead of "False" on failure v1.5.4 (tentacool) 11mar06 -------------------------- * fixed HostKeys to more correctly emulate a python dict * fixed a bug where file read buffering was too aggressive * improved prefetching so that out-of-order reads still use the prefetch buffer * added experimental SFTPFile.readv() call * more unit tests v1.5.3 (squirtle) 19feb06 ------------------------- * a few performance enhancements * added HostKeys, for dealing with openssh style "known_hosts" files, and added support for hashed hostnames * added Transport.atfork() for dealing with forked children * added SFTPClient.truncate, SFTPFile.chmod, SFTPFile.chown, SFTPFile.utime, and SFTPFile.truncate * improved windows demos [patch from mike looijmans], added an sftp demo, and moved demos to the demos/ folder * fixed a few interoperability bugs * cleaned up logging a bit * fixed a bug where EOF on a Channel might not be detected by select [found by thomas steinacher] * fixed python 2.4-ism that crept in [patch by jan hudec] * fixed a few reference loops that could have interacted badly with the python garbage collector * fixed a bunch of pychecker warnings, some of which were bugs v1.5.2 (rhydon) 04dec05 ----------------------- * compression support (opt-in via Transport.use_compression) * sftp files may be opened with mode flag 'x' for O_EXCL (exclusive-open) behavior, which has no direct python equivalent * added experimental util functions for parsing openssh config files * fixed a few bugs (and potential deadlocks) with key renegotiation * fixed a bug that caused SFTPFile.prefetch to occasionally lock up * fixed an sftp bug which affected van dyke sftp servers * fixed the behavior of select()ing on a closed channel, such that it will always trigger as readable v1.5.1 (quilava) 31oct05 ------------------------ * SFTPFile.prefetch() added to dramatically speed up downloads (automatically turned on in SFTPClient.get()) * fixed bug where garbage-collected Channels could trigger the Transport to close the session (reported by gordon good) * fixed a deadlock in rekeying (reported by wendell wood) * fixed some windows bugs and SFTPAttributes.__str__() (reported by grzegorz makarewicz) * better sftp error reporting by adding fake "errno" info to IOErrors v1.5 (paras) 02oct05 -------------------- * added support for "keyboard-interactive" authentication * added mode (on by default) where password authentication will try to fallback to "keyboard-interactive" if it's supported * added pipelining to SFTPFile.write and SFTPClient.put * fixed bug with SFTPFile.close() not guarding against being called more than once (thanks to Nathaniel Smith) * fixed broken 'a' flag in SFTPClient.file() (thanks to Nathaniel Smith) * fixed up epydocs to look nicer * reorganized auth_transport into auth_handler, which seems to be a cleaner separation * demo scripts fixed to have a better chance of loading the host keys correctly on windows/cygwin v1.4 (oddish) 17jul05 --------------------- * added SSH-agent support (for posix) from john rochester * added chdir() and getcwd() to SFTPClient, to emulate a "working directory" * added get() and put() to SFTPClient, to emulate ftp whole-file transfers * added check() to SFTPFile (a file hashing protocol extension) * fixed Channels and SFTPFiles (among others) to auto-close when GC'd * fixed Channel.fileno() for Windows, this time really * don't log socket errors as "unknown exception" * some misc. backward-compatible API improvements (like allowing Transport.start_client() and start_server() to be called in a blocking way) v1.3.1 (nidoran) 28jun05 ------------------------ * added SFTPClient.close() * fixed up some outdated documentation * made SFTPClient.file() an alias for open() * added Transport.open_sftp_client() for convenience * refactored packetizing out of Transport * fixed bug (reported by alain s.) where connecting to a non-SSH host could cause paramiko to freeze up * fixed Channel.fileno() for Windows (again) * some more unit tests v1.3 (marowak) 09apr05 ---------------------- * fixed a bug where packets larger than about 12KB would cause the session to die on all platforms except osx * added a potential workaround for windows to let Channel.fileno() (and therefore the select module) work! * changed API for subsystem handlers (sorry!) to pass more info and make it easier to write a functional SFTP server v1.2 (lapras) 28feb05 --------------------- * added SFTPClient.listdir_attr() for fetching a list of files and their attributes in one call * added Channel.recv_exit_status() and Channel.send_exit_status() for manipulating the exit status of a command from either client or server mode * moved check_global_request into ServerInterface, where it should've been all along (oops) * SFTPHandle's default implementations are fleshed out more * made logging a bit more consistent, and started logging thread ids * fixed a few race conditions, one of which would sometimes cause a Transport to fail to start on slow machines * more unit tests v1.1 (kabuto) 12dec04 --------------------- * server-side SFTP support * added support for stderr streams on client & server channels * added a new distinct exception for failed client authentication when caused by the server rejecting that *type* of auth * added support for multi-part authentication * fixed bug where get_username() wasn't working in server mode v1.0 (jigglypuff) 06nov04 ------------------------- * fixed bug that broke server-mode authentication by private key * fixed bug where closing a Channel could end up killing the entire Transport * actually include demo_windows.py this time (oops!) * fixed recently-introduced bug in group-exchange key negotiation that would generate the wrong hash (and therefore fail the initial handshake) * server-mode subsystem handler is a bit more flexible v0.9 (ivysaur) 22oct04 ---------------------- * new ServerInterface class for implementing server policy, so it's no longer necessary to subclass Transport or Channel -- server code will need to be updated to follow this new API! (see demo_server.py) * some bugfixes for re-keying an active session * Transport.get_security_options() allows fine-tuned control over the crypto negotiation on a new session * Transport.connect() takes a single hostkey object now instead of two string parameters * the Channel request methods (like 'exec_command') now return True on success or False on failure * added a mechanism for providing subsystems in server mode (and a new class to be subclassed: SubsystemHandler) * renamed SFTP -> SFTPClient (but left an alias for existing code) * added SFTPClient.normalize() to resolve paths on the server * fleshed out the API a bit more for SFTPClient and private keys * a bunch of new unit tests! v0.9 (horsea) 27jun04 --------------------- * fixed a lockup that could happen if the channel was closed while the send window was full * better checking of maximum packet sizes * better line buffering for file objects * now chops sftp requests into smaller packets for some older servers * more sftp unit tests v0.9 (gyarados) 31may04 ----------------------- * Transport.open_channel() -- supports local & remote port forwarding now * now imports UTF-8 encodings explicitly as a hint to "freeze" utilities * no longer rejects older SFTP servers * default packet size bumped to 8kB * fixed deadlock in closing a channel * Transport.connect() -- fixed bug where it would always fail when given a host key to verify v0.9 (fearow) 23apr04 --------------------- * Transport.send_ignore() -- send random ignored bytes * RSAKey/DSSKey added from_private_key_file() as a factory constructor; write_private_key_file() & generate() to create and save ssh2 keys; get_base64() to retrieve the exported public key * Transport added global_request() [client] and check_global_request() [server] * Transport.get_remove_server_key() now returns a PKey object instead of a tuple of strings * Transport.get_username() -- return the username you auth'd as [client] * Transport.set_keepalive() -- makes paramiko send periodic junk packets to the remote host, to keep the session active * python 2.2 support (thanks to Roger Binns) * misc. bug fixes v0.9 (eevee) 08mar04 -------------------- v0.9 (doduo) 04jan04 -------------------- v0.1 (charmander) 10nov03 ------------------------- v0.1 (bulbasaur) 18sep03 ------------------------ v0.1 (aerodactyl) 13sep03 -------------------------