1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
|
====
NEWS
====
Highlights of what's new in each release.
Issues noted as "'ssh' #NN" can be found at https://github.com/bitprophet/ssh/.
Issues noted as "Fabric #NN" can be found at https://github.com/fabric/fabric/.
Releases
========
v1.10.1 (5th Apr 2013)
----------------------
* #142: (Fabric #811) SFTP put of empty file will still return the attributes
of the put file. Thanks to Jason R. Coombs for the patch.
* #154: (Fabric #876) Forwarded SSH agent connections left stale local pipes
lying around, which could cause local (and sometimes remote or network)
resource starvation when running many agent-using remote commands. Thanks to
Kevin Tegtmeier for catch & patch.
v1.10.0 (1st Mar 2013)
--------------------
* #66: Batch SFTP writes to help speed up file transfers. Thanks to Olle
Lundberg for the patch.
* #133: Fix handling of window-change events to be on-spec and not
attempt to wait for a response from the remote sshd; this fixes problems with
less common targets such as some Cisco devices. Thanks to Phillip Heller for
catch & patch.
* #93: Overhaul SSH config parsing to be in line with `man ssh_config` (& the
behavior of `ssh` itself), including addition of parameter expansion within
config values. Thanks to Olle Lundberg for the patch.
* #110: Honor SSH config `AddressFamily` setting when looking up local
host's FQDN. Thanks to John Hensley for the patch.
* #128: Defer FQDN resolution until needed, when parsing SSH config files.
Thanks to Parantapa Bhattacharya for catch & patch.
* #102: Forego random padding for packets when running under `*-ctr` ciphers.
This corrects some slowdowns on platforms where random byte generation is
inefficient (e.g. Windows). Thanks to `@warthog618` for catch & patch, and
Michael van der Kolff for code/technique review.
* #127: Turn `SFTPFile` into a context manager. Thanks to Michael Williamson
for the patch.
* #116: Limit `Message.get_bytes` to an upper bound of 1MB to protect against
potential DoS vectors. Thanks to `@mvschaik` for catch & patch.
* #115: Add convenience `get_pty` kwarg to `Client.exec_command` so users not
manually controlling a channel object can still toggle PTY creation. Thanks
to Michael van der Kolff for the patch.
* #71: Add `SFTPClient.putfo` and `.getfo` methods to allow direct
uploading/downloading of file-like objects. Thanks to Eric Buehl for the
patch.
* #113: Add `timeout` parameter to `SSHClient.exec_command` for easier setting
of the command's internal channel object's timeout. Thanks to Cernov Vladimir
for the patch.
* #94: Remove duplication of SSH port constant. Thanks to Olle Lundberg for the
catch.
* #80: Expose the internal "is closed" property of the file transfer class
`BufferedFile` as `.closed`, better conforming to Python's file interface.
Thanks to `@smunaut` and James Hiscock for catch & patch.
v1.9.0 (6th Nov 2012)
---------------------
* #97 (with a little #93): Improve config parsing of `ProxyCommand` directives
and provide a wrapper class to allow subprocess-driven proxy commands to be
used as `sock=` arguments for `SSHClient.connect`.
* #77: Allow `SSHClient.connect()` to take an explicit `sock` parameter
overriding creation of an internal, implicit socket object.
* Thanks in no particular order to Erwin Bolwidt, Oskari Saarenmaa, Steven
Noonan, Vladimir Lazarenko, Lincoln de Sousa, Valentino Volonghi, Olle
Lundberg, and Github user `@acrish` for the various and sundry patches
leading to the above changes.
v1.8.1 (6th Nov 2012)
---------------------
* #90: Ensure that callbacks handed to `SFTPClient.get()` always fire at least
once, even for zero-length files downloaded. Thanks to Github user `@enB` for
the catch.
* #85: Paramiko's test suite overrides
`unittest.TestCase.assertTrue/assertFalse` to provide these modern assertions
to Python 2.2/2.3, which lacked them. However on newer Pythons such as 2.7,
this now causes deprecation warnings. The overrides have been patched to only
execute when necessary. Thanks to `@Arfrever` for catch & patch.
v1.8.0 (3rd Oct 2012)
---------------------
* #17 ('ssh' 28): Fix spurious `NoneType has no attribute 'error'` and similar
exceptions that crop up on interpreter exit.
* 'ssh' 32: Raise a more useful error explaining which `known_hosts` key line was
problematic, when encountering `binascii` issues decoding known host keys.
Thanks to `@thomasvs` for catch & patch.
* 'ssh' 33: Bring `ssh_config` parsing more in line with OpenSSH spec, re: order of
setting overrides by `Host` specifiers. Specifically, the overrides now go by
file order instead of automatically sorting by `Host` value length. In
addition, the first value found per config key (e.g. `Port`, `User` etc)
wins, instead of the last. Thanks to Jan Brauer for the contribution.
* 'ssh' 36: Support new server two-factor authentication option
(`RequiredAuthentications2`), at least re: combining key-based & password
auth. Thanks to Github user `bninja`.
* 'ssh' 11: When raising an exception for hosts not listed in
`known_hosts` (when `RejectPolicy` is in effect) the exception message was
confusing/vague. This has been improved somewhat. Thanks to Cal Leeming for
highlighting the issue.
* 'ssh' 40: Fixed up & expanded EINTR signal handling. Thanks to Douglas Turk.
* 'ssh' 15: Implemented parameter substitution in SSHConfig, matching the
implementation of `ssh_config(5)`. Thanks to Olle Lundberg for the patch.
* 'ssh' 24: Switch some internal type checking to use `isinstance` to help prevent
problems with client libraries using subclasses of builtin types. Thanks to
Alex Morega for the patch.
* Fabric #562: Agent forwarding would error out (with `Authentication response
too long`) or freeze, when more than one remote connection to the local agent
was active at the same time. This has been fixed. Thanks to Steven McDonald
for assisting in troubleshooting/patching, and to GitHub user `@lynxis` for
providing the final version of the patch.
* 'ssh' 5: Moved a `fcntl` import closer to where it's used to help avoid
`ImportError` problems on Windows platforms. Thanks to Jason Coombs for the
catch + suggested fix.
* 'ssh' 4: Updated implementation of WinPageant integration to work on 64-bit
Windows. Thanks again to Jason Coombs for the patch.
* Added an IO loop sleep() call to avoid needless CPU usage when agent
forwarding is in use.
* Handful of internal tweaks to version number storage.
* Updated `setup.py` with `==dev` install URL for `pip` users.
* Updated `setup.py` to account for packaging problems in PyCrypto 2.4.0
* Added an extra `atfork()` call to help prevent spurious RNG errors when
running under high parallel (multiprocess) load.
* Merge PR #28: https://github.com/paramiko/paramiko/pull/28 which adds a
ssh-keygen like demo module. (Sofian Brabez)
v1.7.7.2 16may12
----------------
* Merge pull request #63: https://github.com/paramiko/paramiko/pull/63 which
fixes exceptions that occur when re-keying over fast connections. (Dwayne
Litzenberger)
v1.7.7.1 (George) 21may11
-------------------------
* Make the verification phase of SFTP.put optional (Larry Wright)
* Patches to fix AIX support (anonymous)
* Patch from Michele Bertoldi to allow compression to be turned on in the
client constructor.
* Patch from Shad Sharma to raise an exception if the transport isn't active
when you try to open a new channel.
* Stop leaking file descriptors in the SSH agent (John Adams)
* More fixes for Windows address family support (Andrew Bennetts)
* Use Crypto.Random rather than Crypto.Util.RandomPool
(Gary van der Merwe, #271791)
* Support for openssl keys (tehfink)
* Fix multi-process support by calling Random.atfork (sugarc0de)
v1.7.6 (Fanny) 1nov09
---------------------
* fixed bugs 411099 (sftp chdir isn't unicode-safe), 363163 & 411910 (more
IPv6 problems on windows), 413850 (race when server closes the channel),
426925 (support port numbers in host keys)
v1.7.5 (Ernest) 19jul09
-----------------------
* added support for ARC4 cipher and CTR block chaining (Denis Bernard)
* made transport threads daemonize, to fix python 2.6 atexit behavior
* support unicode hostnames, and IP6 addresses (Maxime Ripard, Shikhar
Bhushan)
* various small bug fixes
v1.7.4 (Desmond) 06jul08
------------------------
* more randpool fixes for windows, from Dwayne Litzenberger
(NOTE: this may require a pycrypto upgrade on windows)
* fix potential deadlock during key exchange (Dwayne Litzenberger)
* remove MFC dependency from windows (Mark Hammond)
* added some optional API improvements for SFTPClient get() and put()
v1.7.3 (Clara) 23mar08
----------------------
* SSHClient can be asked not to use an SSH agent now, and not to search
for private keys
* added WarningPolicy option for SSHClient (warn, but allow, on unknown
server keys)
* added Channel.exit_status_ready to poll if a channel has received an
exit status yet
* new demo for reverse port forwarding
* (bug 177117) fix UTF-8 passwords
* (bug 189466) fix typo in osrandom.py
* (bug 191657) potentially fix a race at channel shutdown
* (bug 192749) document that SSHClient.connect may raise socket.error
* (bug 193779) translate EOFError into AuthException during authentication
* (bug 200416) don't create a new logger object for each channel
v1.7.2 (Basil) 21jan08
----------------------
* (bug 137219) catch EINTR and handle correctly
* (bug 157205) fix select() to trigger on stderr for a channel too
* added SSHClient.get_transport()
* added Channel.send_ready()
* added direct-tcpip forwarding [patch from david guerizec]
* fixed the PRNG to be more secure on windows and in cases where fork() is
called [patch from dwayne litzenberger]
v1.7.1 (Amy) 10jun07
--------------------
* windows SSH agent support can use the 'ctypes' module now if 'win32all' is
not available [patch from alexander belchenko]
* SFTPClient.listdir_attr() now preserves the 'longname' field [patch from
wesley augur]
* SFTPClient.get_channel() API added
* SSHClient constuctor takes an optional 'timeout' parameter [patch from
james bardin]
v1.7 (zubat) 18feb07
--------------------
* added x11 channel support (patch from david guerizec)
* added reverse port forwarding support
* (bug 75370) raise an exception when contacting a broken SFTP server
* (bug 80295) SSHClient shouldn't expand the user directory twice when reading
RSA/DSS keys
* (bug 82383) typo in DSS key in SSHClient
* (bug 83523) python 2.5 warning when encoding a file's modification time
* if connecting to an SSH agent fails, silently fallback instead of raising
an exception
v1.6.4 (yanma) 19nov06
----------------------
* fix setup.py on osx (oops!)
* (bug 69330) check for the existence of RSA/DSA keys before trying to open
them in SFTPClient
* (bug 69222) catch EAGAIN in socket code to workaround a bug in recent
Linux 2.6 kernels
* (bug 70398) improve dict emulation in HostKeys objects
* try harder to make sure all worker threads are joined on Transport.close()
v1.6.3 (xatu) 14oct06
---------------------
* fixed bug where HostKeys.__setitem__ wouldn't always do the right thing
* fixed bug in SFTPClient.chdir and SFTPAttributes.__str__ [patch from
mike barber]
* try harder not to raise EOFError from within SFTPClient
* fixed bug where a thread waiting in accept() could block forever if the
transport dies [patch from mike looijmans]
v1.6.2 (weedle) 16aug06
-----------------------
* added support for "old" group-exchange server mode, for compatibility
with the windows putty client
* fixed some more interactions with SFTP file readv() and prefetch()
* when saving the known_hosts file, preserve the original order [patch from
warren young]
* fix a couple of broken lines when exporting classes (bug 55946)
v1.6.1 (vulpix) 10jul06
-----------------------
* more unit tests fixed for windows/cygwin (thanks to alexander belchenko)
* a couple of fixes related to exceptions leaking out of SFTPClient
* added ability to set items in HostKeys via __setitem__
* HostKeys now retains order and has a save() method
* added PKey.write_private_key and PKey.from_private_key
v1.6 (umbreon) 10may06
----------------------
* pageant support on Windows thanks to john arbash meinel and todd whiteman
* fixed unit tests to work under windows and cygwin (thanks to alexander
belchenko for debugging)
* various bugfixes/tweaks to SFTP file prefetch
* added SSHClient for a higher-level API
* SFTP readv() now yields results as it gets them
* several APIs changed to throw an exception instead of "False" on failure
v1.5.4 (tentacool) 11mar06
--------------------------
* fixed HostKeys to more correctly emulate a python dict
* fixed a bug where file read buffering was too aggressive
* improved prefetching so that out-of-order reads still use the prefetch
buffer
* added experimental SFTPFile.readv() call
* more unit tests
v1.5.3 (squirtle) 19feb06
-------------------------
* a few performance enhancements
* added HostKeys, for dealing with openssh style "known_hosts" files, and
added support for hashed hostnames
* added Transport.atfork() for dealing with forked children
* added SFTPClient.truncate, SFTPFile.chmod, SFTPFile.chown, SFTPFile.utime,
and SFTPFile.truncate
* improved windows demos [patch from mike looijmans], added an sftp demo, and
moved demos to the demos/ folder
* fixed a few interoperability bugs
* cleaned up logging a bit
* fixed a bug where EOF on a Channel might not be detected by select [found
by thomas steinacher]
* fixed python 2.4-ism that crept in [patch by jan hudec]
* fixed a few reference loops that could have interacted badly with the python
garbage collector
* fixed a bunch of pychecker warnings, some of which were bugs
v1.5.2 (rhydon) 04dec05
-----------------------
* compression support (opt-in via Transport.use_compression)
* sftp files may be opened with mode flag 'x' for O_EXCL (exclusive-open)
behavior, which has no direct python equivalent
* added experimental util functions for parsing openssh config files
* fixed a few bugs (and potential deadlocks) with key renegotiation
* fixed a bug that caused SFTPFile.prefetch to occasionally lock up
* fixed an sftp bug which affected van dyke sftp servers
* fixed the behavior of select()ing on a closed channel, such that it will
always trigger as readable
v1.5.1 (quilava) 31oct05
------------------------
* SFTPFile.prefetch() added to dramatically speed up downloads (automatically
turned on in SFTPClient.get())
* fixed bug where garbage-collected Channels could trigger the Transport to
close the session (reported by gordon good)
* fixed a deadlock in rekeying (reported by wendell wood)
* fixed some windows bugs and SFTPAttributes.__str__() (reported by grzegorz
makarewicz)
* better sftp error reporting by adding fake "errno" info to IOErrors
v1.5 (paras) 02oct05
--------------------
* added support for "keyboard-interactive" authentication
* added mode (on by default) where password authentication will try to
fallback to "keyboard-interactive" if it's supported
* added pipelining to SFTPFile.write and SFTPClient.put
* fixed bug with SFTPFile.close() not guarding against being called more
than once (thanks to Nathaniel Smith)
* fixed broken 'a' flag in SFTPClient.file() (thanks to Nathaniel Smith)
* fixed up epydocs to look nicer
* reorganized auth_transport into auth_handler, which seems to be a cleaner
separation
* demo scripts fixed to have a better chance of loading the host keys
correctly on windows/cygwin
v1.4 (oddish) 17jul05
---------------------
* added SSH-agent support (for posix) from john rochester
* added chdir() and getcwd() to SFTPClient, to emulate a "working directory"
* added get() and put() to SFTPClient, to emulate ftp whole-file transfers
* added check() to SFTPFile (a file hashing protocol extension)
* fixed Channels and SFTPFiles (among others) to auto-close when GC'd
* fixed Channel.fileno() for Windows, this time really
* don't log socket errors as "unknown exception"
* some misc. backward-compatible API improvements (like allowing
Transport.start_client() and start_server() to be called in a blocking way)
v1.3.1 (nidoran) 28jun05
------------------------
* added SFTPClient.close()
* fixed up some outdated documentation
* made SFTPClient.file() an alias for open()
* added Transport.open_sftp_client() for convenience
* refactored packetizing out of Transport
* fixed bug (reported by alain s.) where connecting to a non-SSH host could
cause paramiko to freeze up
* fixed Channel.fileno() for Windows (again)
* some more unit tests
v1.3 (marowak) 09apr05
----------------------
* fixed a bug where packets larger than about 12KB would cause the session
to die on all platforms except osx
* added a potential workaround for windows to let Channel.fileno() (and
therefore the select module) work!
* changed API for subsystem handlers (sorry!) to pass more info and make it
easier to write a functional SFTP server
v1.2 (lapras) 28feb05
---------------------
* added SFTPClient.listdir_attr() for fetching a list of files and their
attributes in one call
* added Channel.recv_exit_status() and Channel.send_exit_status() for
manipulating the exit status of a command from either client or server
mode
* moved check_global_request into ServerInterface, where it should've been
all along (oops)
* SFTPHandle's default implementations are fleshed out more
* made logging a bit more consistent, and started logging thread ids
* fixed a few race conditions, one of which would sometimes cause a Transport
to fail to start on slow machines
* more unit tests
v1.1 (kabuto) 12dec04
---------------------
* server-side SFTP support
* added support for stderr streams on client & server channels
* added a new distinct exception for failed client authentication
when caused by the server rejecting that *type* of auth
* added support for multi-part authentication
* fixed bug where get_username() wasn't working in server mode
v1.0 (jigglypuff) 06nov04
-------------------------
* fixed bug that broke server-mode authentication by private key
* fixed bug where closing a Channel could end up killing the entire
Transport
* actually include demo_windows.py this time (oops!)
* fixed recently-introduced bug in group-exchange key negotiation that
would generate the wrong hash (and therefore fail the initial handshake)
* server-mode subsystem handler is a bit more flexible
v0.9 (ivysaur) 22oct04
----------------------
* new ServerInterface class for implementing server policy, so it's no
longer necessary to subclass Transport or Channel -- server code will
need to be updated to follow this new API! (see demo_server.py)
* some bugfixes for re-keying an active session
* Transport.get_security_options() allows fine-tuned control over the
crypto negotiation on a new session
* Transport.connect() takes a single hostkey object now instead of two
string parameters
* the Channel request methods (like 'exec_command') now return True on
success or False on failure
* added a mechanism for providing subsystems in server mode (and a new
class to be subclassed: SubsystemHandler)
* renamed SFTP -> SFTPClient (but left an alias for existing code)
* added SFTPClient.normalize() to resolve paths on the server
* fleshed out the API a bit more for SFTPClient and private keys
* a bunch of new unit tests!
v0.9 (horsea) 27jun04
---------------------
* fixed a lockup that could happen if the channel was closed while the
send window was full
* better checking of maximum packet sizes
* better line buffering for file objects
* now chops sftp requests into smaller packets for some older servers
* more sftp unit tests
v0.9 (gyarados) 31may04
-----------------------
* Transport.open_channel() -- supports local & remote port forwarding now
* now imports UTF-8 encodings explicitly as a hint to "freeze" utilities
* no longer rejects older SFTP servers
* default packet size bumped to 8kB
* fixed deadlock in closing a channel
* Transport.connect() -- fixed bug where it would always fail when given a
host key to verify
v0.9 (fearow) 23apr04
---------------------
* Transport.send_ignore() -- send random ignored bytes
* RSAKey/DSSKey added from_private_key_file() as a factory constructor;
write_private_key_file() & generate() to create and save ssh2 keys;
get_base64() to retrieve the exported public key
* Transport added global_request() [client] and check_global_request()
[server]
* Transport.get_remove_server_key() now returns a PKey object instead of a
tuple of strings
* Transport.get_username() -- return the username you auth'd as [client]
* Transport.set_keepalive() -- makes paramiko send periodic junk packets
to the remote host, to keep the session active
* python 2.2 support (thanks to Roger Binns)
* misc. bug fixes
v0.9 (eevee) 08mar04
--------------------
v0.9 (doduo) 04jan04
--------------------
v0.1 (charmander) 10nov03
-------------------------
v0.1 (bulbasaur) 18sep03
------------------------
v0.1 (aerodactyl) 13sep03
-------------------------
|