bssh 1.2.0

Parallel SSH command execution tool for cluster management
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279

bssh (1.2.0-1~jammy1) jammy; urgency=medium

  * v1.2.0
  ### BREAKING CHANGES
  - **Exit Code Behavior Changed**: Now returns main rank's actual exit code by default
    - Old behavior (v1.0-v1.1): Returns 0 only if all nodes succeed, 1 if any fail
    - New behavior (v1.2.0+): Returns main rank's actual exit code (matches MPI standard)
    - Migration: Use --require-all-success flag to preserve old behavior
    - Benefit: Preserves actual exit codes (139=SIGSEGV, 137=OOM, 124=timeout)

  ### New Features
  - **Exit Code Strategy**: Main rank exit code returned by default
    - Matches MPI standard tools (mpirun, srun, mpiexec)
    - Preserves actual exit codes for better diagnostics
    - --require-all-success flag for legacy behavior
    - --check-all-nodes flag for hybrid mode
    - Automatic main rank detection via BACKENDAI_CLUSTER_ROLE
  - **Example Scripts**: Added mpi_exit_code.sh and health_check.sh examples

  ### Improvements
  - Exit code behavior aligns with HPC and distributed computing best practices
  - Enables sophisticated error handling in shell scripts and CI/CD pipelines

  ### Bug Fixes
  - Fixed security-framework dependency version (downgraded from 3.5.1 to 2.12.1)
  - Fixed cargo clippy warnings in test code

  ### Testing
  - Added comprehensive exit code tests (86 total test cases)
  - Added serial test runner for environment-dependent tests
  - Documentation updates for breaking changes in README, CHANGELOG, ARCHITECTURE

  ### Dependencies
  - Updated security-framework to 2.12.1 for better compatibility

 -- Jeongkyu Shin <inureyes@gmail.com>  Sun, 27 Oct 2025 21:00:00 +0900

bssh (1.1.0-1~jammy1) jammy; urgency=medium

  * v1.1.0
  ### New Features
  - **macOS Keychain Integration**: Complete Phase 2 implementation of UseKeychain SSH option
    - Automatic passphrase storage in macOS Keychain after successful authentication
    - Automatic passphrase retrieval before prompting user
    - Secure memory handling with Zeroizing for all sensitive data
    - Integration with SSH config UseKeychain option per host
  - **ProxyUseFdpass Support**: Added ProxyUseFdpass SSH configuration option
    - Optimizes ProxyCommand usage by passing connected file descriptors
    - Reduces overhead from lingering processes and extra read/write operations
  - **Password Authentication Fallback**: Automatic password retry when key-based auth fails
    - Matches OpenSSH standard behavior
    - Interactive terminal detection with TTY checks
    - Works for both exec and interactive modes

  ### Improvements
  - **Security Enhancements**: Multiple security improvements from PR review
    - SSH key file ownership validation (prevents storing passphrases for others' keys)
    - User consent prompt before password fallback authentication
    - Rate limiting between authentication attempts (prevents brute-force)
    - World-readable SSH key permission warnings
  - **Code Quality**: Eliminated 251 lines of code duplication in connection logic
  - **Cross-Platform**: All macOS-specific code properly isolated with conditional compilation

  ### Bug Fixes
  - Fixed clippy warnings (unused_mut, unused_imports, dead_code) on non-macOS platforms
  - Fixed interactive mode missing use_keychain field causing authentication failures
  - Fixed password prompt not appearing when connecting to new servers

  ### Dependencies
  - Added security-framework crate for macOS Keychain API integration
  - Added libc crate for macOS user ID checks

 -- Jeongkyu Shin <inureyes@gmail.com>  Fri, 24 Oct 2025 17:31:48 +0900

bssh (1.0.0-1~jammy1) jammy; urgency=medium

  * v1.0.0
  ### New Features
  - **Comprehensive SSH Configuration Support**: Added ~71 SSH configuration options (~69% coverage of OpenSSH's 103 options)
    - Certificate Authentication Options: CertificateFile, CASignatureAlgorithms, HostbasedAuthentication, HostbasedAcceptedAlgorithms
    - Advanced Port Forwarding Control: GatewayPorts, ExitOnForwardFailure, PermitRemoteOpen
    - Command Execution and Automation: PermitLocalCommand, LocalCommand, RemoteCommand, KnownHostsCommand, ForkAfterAuthentication, SessionType, StdinNull
    - Host Key Verification & Security: NoHostAuthenticationForLocalhost, HashKnownHosts, CheckHostIP, VisualHostKey, HostKeyAlias, VerifyHostKeyDNS, UpdateHostKeys
    - Additional Authentication Options: NumberOfPasswordPrompts, EnableSSHKeysign
    - Network & Connection Options: BindInterface, IPQoS, RekeyLimit
    - X11 Forwarding Options: ForwardX11Timeout, ForwardX11Trusted
    - Authentication and Security Management: IdentitiesOnly, AddKeysToAgent, IdentityAgent, PubkeyAcceptedAlgorithms, RequiredRSASize, FingerprintHash
    - Include and Match directive support for flexible configuration
    - Support for both "Option Value" and "Option=Value" syntax

  ### Improvements
  - **Modular SSH Config Parser**: Refactored oversized parser.rs (1706 lines) into category-based modules (~200-350 lines each)
  - **Enhanced Security**: Comprehensive security hardening for SSH configuration
    - Path validation to prevent usage of sensitive system files
    - Memory exhaustion prevention with entry limits
    - Command injection prevention for LocalCommand and KnownHostsCommand
    - Token validation and dangerous character detection
    - Algorithm list validation with deduplication
  - **Terminology Cleanup**: Removed phase terminology from codebase and documentation for better clarity

  ### Bug Fixes
  - Fixed critical security vulnerabilities in SSH config parser (Priority: CRITICAL/HIGH)
  - Enhanced input validation and error handling

  ### CI/CD Improvements
  None

  ### Technical Details
  - Enhanced SSH configuration merging logic with proper priority handling
  - Comprehensive test coverage: 278 tests including parser, resolver, integration, and security tests
  - Improved code organization and maintainability with modular structure
  - Support for scalar option override and vector option accumulation with deduplication

  ### Dependencies
  None

  ### Breaking Changes
  None

  ### Known Issues
  None

 -- Jeongkyu Shin <inureyes@gmail.com>  Thu, 24 Oct 2025 00:00:00 +0900

bssh (0.9.1-1~jammy1) jammy; urgency=medium

  * v0.9.1
  ### New Features
  None

  ### Improvements
  - **PTY Terminal Modes**: Complete implementation of PTY terminal modes for better interactive session support
  - **Shift Key Input Support**: Full Shift key input handling in PTY mode for proper terminal behavior

  ### Bug Fixes
  - Fixed terminal mode implementation for PTY sessions
  - Improved Shift key input handling in interactive mode

  ### CI/CD Improvements
  None

  ### Technical Details
  - Enhanced terminal mode settings for PTY allocation
  - Implemented proper terminal flag handling for interactive sessions
  - Improved keyboard input processing for special keys

  ### Dependencies
  None

  ### Breaking Changes
  None

  ### Known Issues
  None

 -- Jeongkyu Shin <inureyes@gmail.com>  Mon, 14 Oct 2025 00:00:00 +0900

bssh (0.9.0-1~jammy1) jammy; urgency=medium

  * v0.9.0
  ### New Features
  - **SSH ProxyJump File Transfer Support**: Added complete file transfer operations through SSH jump hosts (#39)
    - Upload single files through jump host chains
    - Download single files through jump hosts
    - Upload directories recursively through jump hosts
    - Download directories through jump hosts
    - All file transfer operations now fully support multi-hop SSH connections

  ### Improvements
  - **Jump Host Interactive Mode**: Interactive shell sessions now work through jump hosts
    - Dynamic timeout calculation based on hop count (30s base + 15s per hop)
    - Prevents premature timeouts on multi-hop connections
    - Full authentication support (SSH keys, agent, password) for each hop
  - **Package Updates**: Updated dependencies to latest versions for better security and stability

  ### Bug Fixes
  - Fixed interactive mode timeout issues when connecting through jump hosts
  - Fixed file transfer operations not working with jump host chains

  ### CI/CD Improvements
  None

  ### Technical Details
  - Parallel Executor Integration: Jump host support across all parallel operations
  - Updated executor.rs to propagate jump_hosts to all node operations
  - Maintains backward compatibility with Option<&str> type
  - All *_to_node() functions now accept jump_hosts parameter

  ### Dependencies
  - Added serial_test dependency for thread-safe environment variable testing
  - Updated various dependencies for security patches

  ### Breaking Changes
  None

  ### Known Issues
  None

 -- Jeongkyu Shin <inureyes@gmail.com>  Mon, 14 Oct 2025 00:00:00 +0900

bssh (0.8.0-1~jammy1) jammy; urgency=medium

  * v0.8.0
  ### New Features
  - **SSH Port Forwarding**: Added comprehensive SSH port forwarding support with local (-L), remote (-R), and dynamic (-D) SOCKS5 forwarding (#31)
    - Local port forwarding for accessing remote services through local ports
    - Remote port forwarding for exposing local services to remote servers
    - Dynamic port forwarding with SOCKS5 proxy support
    - Multiple simultaneous port forwarding configurations
    - Full integration with all authentication methods
  
  ### Improvements
  - **Error Handling**: Removed dangerous unwrap() calls throughout the codebase for better stability (#35)
  - **SSH Error Messages**: Improved error messages for SSH connection failures and authentication issues (#36)
  - **Command Execution**: Enabled automatic command execution for better usability
  
  ### Bug Fixes
  - Fixed potential panics from unwrap() calls in production code
  - Improved error recovery and reporting for SSH operations
  
  ### CI/CD Improvements
  None
  
  ### Technical Details
  - Complete SSH port forwarding implementation with Phase 1 and Phase 2 features
  - Comprehensive port forwarding architecture documentation
  - Enhanced error handling with proper Result types and context
  - Fixed DNS resolution errors in forwarding tests
  
  ### Dependencies
  - No major dependency changes in this release
  
  ### Breaking Changes
  None
  
  ### Known Issues
  None

 -- Jeongkyu Shin <inureyes@gmail.com>  Thu, 12 Sep 2025 00:00:00 +0900

bssh (0.7.0-1~jammy1) jammy; urgency=medium

  * v0.7.0
  ### New Features
  - **SSH Jump Host Support**: Added infrastructure and CLI integration for SSH jump hosts using OpenSSH-compatible -J syntax (#30)
    - Robust parsing of OpenSSH ProxyJump format (e.g., `user@host:port,user2@host2:port2`)
    - Support for single and multiple jump hosts in chain
    - IPv6 address handling with bracket notation
    - Comprehensive input validation and error handling
    - Full integration with all commands (exec, ping, upload, download)
  
  ### Improvements
  - **Ubuntu PPA**: Improved Ubuntu PPA build process and package generation
  - **Debian Packaging**: Enhanced Cargo vendor support for older distribution compatibility
  
  ### Bug Fixes
  - Fixed Ubuntu PPA update issues
  - Fixed deprecated GitHub Actions by replacing actions-rs/toolchain with dtolnay/rust-toolchain
  
  ### CI/CD Improvements
  - Modernized GitHub Actions workflow by removing deprecated actions
  - Improved build process for Debian-based distributions
  
  ### Technical Details
  - Jump host parser implementation with comprehensive error handling
  - OpenSSH-compatible command-line syntax for ProxyJump functionality
  - Enhanced logging for jump host connection debugging
  
  ### Dependencies
  - No major dependency changes in this release
  
  ### Breaking Changes
  None
  
  ### Known Issues
  None

 -- Jeongkyu Shin <inureyes@gmail.com>  Sat, 30 Aug 2025 08:48:19 +0900