Version 0.1.35

v0.1.35

Released go-sshlib v0.1.35, the SSH library for lssh.

This release mainly expands automated test coverage and improves CI reliability across platforms.

Changes

• Added broad unit test coverage for reconnect handling, control socket helpers, proxy behavior, terminal helpers, tunnel frame handling, known_hosts updates, SMB path handling, PKCS#11 helpers, and NFS/SFTP change forwarding
• Added more integration coverage for AutoReconnect, including Command() and SFTP client creation paths
• Refactored known_hosts prompt handling so interactive confirmation logic can be tested more safely and predictably
• Adjusted tests for cross-platform behavior, including Windows path handling and Unix socket dependent cases
• Updated CI workflow behavior so release-side test execution is more aligned with the current test suite expectations
• Updated module dependencies in go.mod and go.sum

Purpose

• Increase confidence in core SSH session, forwarding, and filesystem-related behavior
• Reduce regressions in platform-specific code paths across Linux, macOS, and Windows
• Improve coverage for ControlPersist, reconnect flows, and helper utilities that are easy to break with small changes
• Make CI results more reliable and more representative of actual supported behavior

Version 0.1.34

v0.1.34

Released go-sshlib v0.1.34, the SSH library for lssh.

This release improves resilience for direct SSH connections and makes interactive session handling more stable.

Changes

• Added AutoReconnect support for direct SSH connections
• Added AutoReconnectInterval and AutoReconnectMax to control reconnect timing and retry count
• Updated CreateSession(), Command(), Shell(), Dial(), Listen(), and SFTP client creation to verify connection health before starting the next operation
• Added reconnect handling so direct sessions can recover when the underlying SSH transport has been lost
• Improved interactive ControlMaster stream handling by synchronizing output readiness before input forwarding begins
• Added integration test coverage for auto reconnect behavior
• Updated README.md with an AutoReconnect example
• Added CONTRIBUTING.md and SECURITY.md

Purpose

• Improve reliability when reusing direct SSH connections after disconnects
• Reduce failures caused by stale or already-closed SSH transports
• Make interactive ControlMaster sessions behave more predictably
• Improve repository maintenance documentation for contributors and security reporting

Version 0.1.33

v0.1.33

Released go-sshlib v0.1.33, the SSH library for lssh.

This release improves ControlPersist handling for temporary private key files.

Changes

• Added support for transient public key authentication in ControlPersist
• Added CreateAuthMethodPublicKeyTransient() for public key auth that is intended to be temporary
• Marked transient key definitions so detached ControlPersist helpers can rebuild the signer and then remove the source key file
• Added cleanup logic to remove transient key files after ControlPersist auth methods are reconstructed
• Added tests covering transient key serialization and cleanup behavior

Purpose

• Improve handling of temporary private keys used with ControlPersist
• Reduce the chance of leaving transient key material on disk longer than necessary
• Make detached ControlPersist helper behavior safer and more predictable

If you want, I can also rewrite this into:

• a shorter GitHub Releases version
• a more technical changelog-style version
• a Japanese/English bilingual version

Version 0.1.32

v0.1.32

Released go-sshlib v0.1.32, the SSH library for lssh.

This release mainly improves stability around the NFS/SFTP filesystem layer.

Changes

• Added local internal/third_party copies of github.com/go-git/go-billy/v5 and github.com/willscott/go-nfs
• Added replace directives in go.mod to pin NFS-related dependencies to the local copies
• Updated NewChangeSFTPFS() so billy.Change remains available when using chroot/temporal wrappers
• Added Chmod, Chown, Lchown, and Chtimes support to SFTPFS
• Added mutex protection around SFTP client operations to improve filesystem operation stability

Purpose

• Improve attribute handling stability when using the NFS backend
• Make SFTP-backed filesystem operations safer and more predictable
• Keep patched dependency behavior under explicit local control

If you want, I can also rewrite this into a more natural GitHub Releases style with a slightly smoother English tone.

Version 0.1.31

v0.1.31

This release focuses on stabilizing remote filesystem forwarding, especially around FUSE-based mounts and shared remote path handling.

It improves path validation across FUSE, NFS, and SMB forwarding, and fixes several issues related to root path handling, SFTPFS access, and keepalive behavior.

Changes

• Improved FUSE forwarding behavior
• Added shared remote path resolution and validation
• FUSE, NFS, and SMB forwarding now validate remote paths before use
• Fixed root path handling in FUSE
• Added debug logging support for FUSE
• Added locking for SFTPFS operations
• Fixed keepalive requests to use keepalive@openssh.com

Details

This release introduces a shared remote directory validation path so forwarding features fail earlier and more clearly when the target path does not exist, is not a directory, or is not readable.

On the FUSE side, root path handling was corrected and debug support was added to make troubleshooting easier. SFTPFS operations were also synchronized to reduce issues caused by concurrent access.

In addition, SSH keepalive handling was updated to use the OpenSSH-compatible keepalive@openssh.com request name, with improved tolerance for servers that reject the request.

Summary

v0.1.31 is a maintenance and stability release focused on making remote filesystem forwarding more reliable and easier to debug.

Version 0.1.30

v0.1.30

Released go-sshlib v0.1.30.

Added

• Added FUSE dynamic forward style support

  • FUSEForward(mountpoint, basepoint)
  • Mount a remote directory over SSH/SFTP as a local FUSE mount

• Added FUSE reverse dynamic forward style support

  • FUSEReverseForward(mountpoint, sharepoint)
  • Mount a local directory as a local FUSE loopback mount

• Added SMB dynamic forward style support

  • SMBForward(address, port, shareName, basepoint)
  • Export a remote directory over SSH/SFTP as a local SMB share

• Added SMB reverse dynamic forward style support

  • SMBReverseForward(address, port, shareName, sharepoint)
  • Start a local SMB server for a local directory and expose it through SSH remote forwarding

Internal changes

• Added github.com/hanwen/go-fuse/v2 for FUSE support
• Added github.com/absfs/smbfs and github.com/absfs/absfs for SMB support
• Added adapters to bridge billy.Filesystem into FUSE and SMB backends

Testing

• Added unit tests around the new FUSE and SMB adapters
• Verified with go test ./...

Notes

• FUSEReverseForward is implemented as a host-local loopback mount, not as a network filesystem export like NFS reverse forward
• SMB support currently starts with a minimal guest-access oriented configuration

Version 0.1.29

v0.1.29

NOTE: The release process failed, so we will skip one version.

This release expands forwarding support with Unix domain socket handling, improves ControlMaster compatibility for non-TCP forwarding scenarios, and adds a small public SFTP API improvement.

Changes

• Added Unix domain socket support for forwarding APIs
• Added:
  • LocalForward()
  • RemoteForward()
  • UnixLocalForward()
  • UnixRemoteForward()
• TCPLocalForward() and TCPRemoteForward() are now thin wrappers over the new generic forwarding helpers
• Improved ControlMaster forwarding compatibility so listener network/address information is preserved correctly for Unix socket listeners
• Added public OpenSFTP() as a simple exported entry point for creating an SFTP client
• Improved terminal handling for shared-control connections by extending OpenTerminal() support over ControlMaster
• Refreshed several dependencies, including:
  • golang.org/x/crypto
  • golang.org/x/net
  • golang.org/x/sys
  • golang.org/x/term
  • github.com/ScaleFT/sshkeys
  • github.com/pkg/sftp
  • github.com/miekg/pkcs11
  • github.com/moby/term

Details

Unix domain socket forwarding

Forwarding support is no longer limited to TCP only.

This release introduces generic forwarding helpers:

• LocalForward(localNetwork, localAddr, remoteNetwork, remoteAddr)
• RemoteForward(localNetwork, localAddr, remoteNetwork, remoteAddr)

and adds explicit Unix socket helpers:

• UnixLocalForward(localPath, remotePath)
• UnixRemoteForward(localPath, remotePath)

This makes it possible to forward both TCP and Unix domain sockets through the same library interface.

ControlMaster compatibility

ControlMaster forwarding support has been adjusted so listener address metadata keeps the correct network type instead of assuming TCP-only handling.

That change is important for Unix socket forwarding over shared-control connections, and integration coverage was added for ControlMaster + UnixLocalForward().

SFTP API improvement

Added:

• OpenSFTP()

This is a small public API convenience wrapper around the existing internal SFTP client creation flow.

Terminal improvements

OpenTerminal() handling was expanded for ControlMaster-backed connections so low-level terminal usage works more consistently in shared-control mode, including stream handling, resize propagation, and wait/close behavior.

Summary

v0.1.29 is a feature-focused release that improves forwarding flexibility, especially for Unix domain sockets and ControlMaster users, while also adding a small SFTP API improvement and dependency refreshes.

Version 0.1.27

v0.1.27

This is a small maintenance release focused on improving compatibility for non-cgo builds.

Changes

• Added auth_pkcs11_stub.go for !cgo builds
• PKCS#11-related functions now return a clear error when cgo is not available, instead of causing build or test issues in downstream projects such as lssh

Details

When building without cgo, PKCS#11 support is not available.
This release adds stub implementations for the following functions:

• CreateAuthMethodPKCS11
• CreateAuthMethodPKCS11WithPrompt
• CreateSignerPKCS11
• CreateSignerPKCS11WithPrompt

These stubs return explicit errors such as:

• sshlib: PKCS#11 authentication requires cgo
• sshlib: PKCS#11 signer requires cgo

Summary

v0.1.27 is a compatibility fix release intended to make non-cgo environments behave more cleanly and predictably, especially for downstream consumers running tests without PKCS#11 support enabled.

Version 0.1.26

v0.1.26

This release brings master up beyond v0.1.25 with dependency updates only.

There are no new user-facing library features in this release compared to v0.1.25. All major functionality introduced in v0.1.25, including the expanded ControlMaster / ControlPersist support, forwarding improvements, tunnel support, terminal handling, proxy route support, and authentication updates, is already included.

Changes

• Updated golang.org/x/crypto
• Updated golang.org/x/net
• Refreshed related Go modules pulled in by those updates:
  • golang.org/x/sys
  • golang.org/x/term
  • golang.org/x/text

Summary

v0.1.26 is a maintenance release focused on dependency refreshes from the current master branch, with no additional feature changes beyond v0.1.25.

Version 0.1.25

v0.1.25

This release significantly expands ControlMaster / ControlPersist support and improves feature parity between direct SSH connections and shared-control connections.

Highlights

• Added broader ControlMaster support across the library
• Forwarding features now work over ControlMaster
• Added support for Tunnel() over ControlMaster
• Added Connect.Dial() and Connect.Listen() to unify direct and shared-control connection handling
• Improved ControlPersist authentication and proxy route handling
• Added low-level terminal session support

Details

ControlMaster / ControlPersist improvements

ControlMaster is now much more practical for real-world use. In addition to command and shell execution, it now supports more session types and transport operations through the control socket.

This release also improves detached ControlPersist handling by allowing authentication definitions to be reconstructed safely, including support for:

• password authentication
• public key authentication
• PKCS#11 authentication

Prompt bridging was added so detached helpers can handle interactive prompts such as PKCS#11 PIN input.

Forwarding support over ControlMaster

Forwarding-related features now behave much more like they do on a normal direct connection.

This includes support for:

• local TCP forwarding
• remote TCP forwarding
• dynamic TCP forwarding
• reverse dynamic TCP forwarding
• HTTP dynamic forwarding
• reverse HTTP dynamic forwarding
• NFS reverse forwarding

Tunnel support over ControlMaster

Tunnel() now works over ControlMaster, including support for control-socket-based handling of tun@openssh.com.

Unified connection APIs

Added:

• Connect.Dial()
• Connect.Listen()

These methods make it possible to use the same API names whether the connection is direct or backed by ControlMaster.

Terminal and session improvements

Added a new low-level terminal API:

• OpenTerminal()
• Terminal

This provides more direct control over interactive PTY sessions.

TTY setup and keepalive behavior were also cleaned up and made more consistent across command, shell, and control-based session handling.

Proxy route support

Added ProxyRoute support for chaining connection routes using:

• HTTP / HTTPS proxy
• SOCKS / SOCKS5 proxy
• command-based proxy
• SSH hop

These routes can also be reconstructed inside detached ControlPersist helpers.

Examples and tests

Added a new example for:

• ControlPersist + ProxyRoute + PKCS11

Also expanded test coverage around:

• ControlMaster session handling
• forwarding behavior
• tunnel handling
• SFTP subsystem support
• agent forwarding support