Releases: derekg/ts-ssh
Releases · derekg/ts-ssh
v0.4.0: Security Hardening and Post-Quantum Cryptography
ts-ssh v0.4.0 - Security Hardening and Post-Quantum Cryptography
This release focuses on security enhancements, post-quantum cryptography preparation, and code quality improvements.
🔒 Security Enhancements
Enterprise-Grade Security Hardening
- Modern SSH Key Discovery: Ed25519 prioritized over legacy RSA keys
- TTY Security: Multi-layer validation preventing hijacking attacks
- Process Protection: Credential masking in process lists and environment
- Atomic File Operations: Race condition prevention in file handling
- Host Key Verification: Enhanced verification against
~/.ssh/known_hosts - Cross-Platform Security: Platform-specific implementations for Windows/macOS/Linux
Critical Vulnerability Fixes
- CVE-TS-SSH-001: Host key verification bypass protections added
- CVE-TS-SSH-002: Credential exposure in process lists eliminated
- CVE-TS-SSH-003: File permission race conditions resolved
- CVE-TS-SSH-004: Unsafe TTY access vulnerabilities fixed
🔮 Post-Quantum Cryptography Preparation
Quantum-Resistant Infrastructure
- Algorithm Support: Foundation for
sntrup761x25519-sha512@openssh.comand other PQC algorithms - Algorithm Agility: Framework for seamless cryptographic transitions
- Monitoring System: PQC usage tracking and reporting capabilities
- Command-Line Flags:
--pqc,--pqc-level,--pqc-reportfor quantum cryptography control
🌍 Internationalization
Multi-Language Support
- Spanish Language: Complete CLI translation (
--lang es) - Language Detection: Automatic detection from environment variables (
LANG,TS_SSH_LANG) - Extensible Framework: Ready for additional language support
🛠️ Technical Improvements
Code Quality and Architecture
- Modular Refactoring: Clean separation with
internal/package structure - Security Package: Dedicated
internal/security/for security operations - PQC Package: New
internal/crypto/pqc/for quantum cryptography - Comprehensive Testing: Enhanced test coverage with security-focused scenarios
- Cross-Platform Compatibility: Improved Windows/macOS/Linux support
Documentation Updates
- Realistic Claims: Removed inconsistent numerical scores from documentation
- Security Architecture: Comprehensive security documentation
- Project Guidelines: Added guidance for quality assessment practices
📊 Technical Metrics
- 80+ Tests: Comprehensive test suite including security scenarios
- 5 Internal Packages: Modular architecture for maintainability
- Cross-Platform: Full Windows/macOS/Linux compatibility
- Security Events: Comprehensive audit logging and monitoring
🚨 Breaking Changes
None - this release maintains full backwards compatibility with existing ts-ssh usage.
📝 Installation
# Using go install (recommended)
go install github.com/derekg/ts-ssh@v0.4.0
# Build from source
git clone https://github.com/derekg/ts-ssh.git
cd ts-ssh
git checkout v0.4.0
go build -o ts-ssh .🆕 New Usage Examples
Multi-Language Support
# Use Spanish interface
ts-ssh --lang es --list
# Set permanent language preference
export TS_SSH_LANG=es
ts-ssh --helpPost-Quantum Cryptography (Preparation)
# Enable PQC monitoring (when available)
ts-ssh --pqc-report
# Future: PQC algorithm selection
ts-ssh --pqc-level 2 your-server # (when PQC is fully implemented)📋 Full Changelog
Security:
- Comprehensive security hardening with CVE fixes
- Modern SSH key discovery (Ed25519 priority)
- TTY security and process protection enhancements
- Atomic file operations and race condition prevention
Features:
- Spanish language support and i18n framework
- Post-quantum cryptography infrastructure
- Enhanced cross-platform compatibility
Quality:
- Major code quality improvements and refactoring
- Comprehensive test coverage expansion
- Modular internal package architecture
Documentation:
- Removed inconsistent quality scores
- Enhanced security architecture documentation
- Realistic security implementation claims
This release positions ts-ssh as a secure, future-ready SSH client with enterprise-grade security features and quantum-cryptography readiness.
v0.3.0 - Architecture Improvements and i18n
v0.3.0 - Architecture Improvements and i18n
- 0.x.Y (minor) - new features, improvements (backward compatible)
- 0.x.y (patch) - bug fixes (backward compatible)
- X.y.z (major) - will be used for first stable API (v1.0.0+)
🎯 New Features
🌍 Spanish Language Support
- Complete Spanish localization for CLI help, usage examples, and error messages
- Multiple language detection methods:
--lang,TS_SSH_LANG,LANG,LC_ALL - Dynamic help display that respects language preferences
- Extensible i18n framework for future language additions
⚡ Power CLI Features
- Multi-host operations with parallel execution support
- Built-in tmux session management for concurrent connections
- Advanced file transfer operations across multiple hosts
- Host discovery and interactive selection (
--pick)
🏗️ Major Improvements
🧹 Code Architecture Cleanup
- Removed 180+ lines of dead TUI code and dependencies
- Eliminated unused dependencies:
github.com/rivo/tview,github.com/gdamore/tcell/v2 - Consolidated 85+ lines of duplicated SSH connection logic
- Modular code organization with focused helper functions
🐛 Critical Bug Fixes
- FIXED: Password prompts now display correctly (
user@hostinstead of garbled text) - FIXED: i18n formatting issues throughout the application
- FIXED: Race conditions in parallel authentication and terminal management
- FIXED: Windows cross-compilation compatibility
🧪 Enhanced Testing & Quality
- Comprehensive test suite: 14.5% → 22% coverage improvement
- New test files:
i18n_test.go,ssh_helpers_test.go,terminal_state_test.go - Race condition testing: Concurrent access validation for critical components
- Thread safety: Improved synchronization and mutex usage
🔧 Cross-Platform Support
Pre-built binaries for all major platforms:
- Linux: AMD64, ARM64
- macOS: AMD64 (Intel), ARM64 (Apple Silicon)
- Windows: AMD64, ARM64
💾 Installation
Quick Install (Linux/macOS)
# Linux AMD64
curl -L -o ts-ssh https://github.com/derekg/ts-ssh/releases/download/v0.3.0/ts-ssh-linux-amd64
chmod +x ts-ssh && sudo mv ts-ssh /usr/local/bin/
# macOS (detect architecture automatically)
curl -L -o ts-ssh https://github.com/derekg/ts-ssh/releases/download/v0.3.0/ts-ssh-darwin-$(uname -m < /dev/null | sed 's/x86_64/amd64/')
chmod +x ts-ssh && sudo mv ts-ssh /usr/local/bin/Windows
Download the appropriate .exe file:
Build from Source
git clone https://github.com/derekg/ts-ssh.git
cd ts-ssh
go build -ldflags "-X main.version=v0.3.0" .🚀 Usage Examples
Spanish Interface
# Use Spanish interface
ts-ssh --lang es --help
ts-ssh --lang es --list
# Set via environment
LANG=es ts-ssh --helpMulti-Host Operations
# Interactive host selection
ts-ssh --pick
# Parallel command execution
ts-ssh --exec "uptime" host1,host2,host3 --parallel
# Multi-host file transfer
ts-ssh --copy "localfile host1,host2:/remote/path"📈 Impact
Code Quality Metrics:
- Removed: 568 lines (dead code elimination)
- Added: 796 lines (tests + improvements)
- Net Result: Cleaner, more maintainable, better tested codebase
User Experience:
- Fixed critical formatting bugs affecting daily usage
- Enhanced error messages and troubleshooting
- Multi-language support for international users
- Better cross-platform compatibility
🔄 Migration from Previous Versions
- No breaking changes - all existing functionality preserved
- Improved reliability - better error handling and user feedback
- Enhanced features - new multi-host and i18n capabilities
Semantic Versioning: This release follows semver.org guidelines. Thanks to the Hacker News community for the feedback on proper versioning practices!
Full Changelog: v0.2.0...v0.3.0
v0.2.0 - SSH Client with Escape Sequences and SCP
v0.2.0 - SSH Client with Escape Sequences and SCP
🎯 New Features
🔄 Interactive Escape Sequence (~.)
At any point in an interactive session, type ~. at the start of a new line to immediately terminate the SSH connection and restore your terminal.
⚡ Non-Interactive Command Execution
Pass a remote command directly on the command line (e.g. ts-ssh host uname -a). The client runs the command, streams its output, and returns its exit code.
🔀 ProxyCommand-Style TCP Forwarding (-W)
Implements ssh -W host:port behavior over Tailscale. Use ts-ssh -W target:22 as a ProxyCommand in ssh or scp configurations:
scp -o ProxyCommand="ts-ssh -W %h:%p user@gateway" localfile remote:/path🏷️ Version Flag (-version)
Print the client version and exit:
go build -ldflags "-X main.version=v0.2.0" -o ts-ssh .📚 Enhanced Documentation
- Comprehensive usage examples in built-in help
- Security notes about host-key verification
- ProxyCommand integration examples
🔒 Security & Stability
- Secure host-key verification against
~/.ssh/known_hostsby default - Interactive prompts for unknown hosts with MITM protection
- Graceful shutdown on
SIGINT/SIGTERMwith terminal restoration - Insecure mode (
-insecure) available for testing (discouraged)
🐛 Bug Fixes & Polish
- Fixed quoting in ProxyCommand examples
- Synchronized Tailscale auth-flow and client logs
- Improved exit-status propagation for commands
- Better error handling and user experience
🚀 Installation
Build from Source
git clone https://github.com/derekg/ts-ssh.git
cd ts-ssh
git checkout v0.2.0
go build -ldflags "-X main.version=v0.2.0" .Note: This project now follows Semantic Versioning. This release adds significant new features while maintaining backward compatibility.
Full Changelog: v0.1.0...v0.2.0
v0.1.0 - Initial Release
This marks the first official release of ts-ssh, a command-line SSH client built with Go! 🎉
ts-ssh leverages Tailscale's tsnet library to establish a userspace connection to your Tailscale network. This allows you to SSH into your Tailscale nodes directly from the tool without needing the full Tailscale client daemon running locally.
✨ Features in this Release:
- tsnet Integration: Connects directly to your Tailscale network in userspace.
- Tailscale Authentication: Handles the device authentication flow via a browser link. Authentication state is stored locally (in
~/.config/ts-ssh-clientby default) for subsequent runs. - SSH Authentication: Supports standard methods:
- Public Key Authentication (including passphrase-protected keys via interactive prompt).
- Password Authentication (via interactive prompt).
- Interactive Sessions: Provides a full interactive PTY session, respecting terminal size changes.
- Host Key Verification: Implements secure host key checking using
~/.ssh/known_hosts: 3E1D- Prompts interactively to add unknown host keys.
- Provides strong warnings and prevents connection on host key mismatches (potential MITM).
- Insecure Mode: Includes an
-insecureflag to bypass host key checks (use with extreme caution!). - Basic Command-Line Interface: Supports standard SSH flags like
-l(user) and-i(identity file).
Assets
Pre-compiled binaries are attached below for common platforms:
ts-ssh-darwin-arm64: For macOS on Apple Silicon (M1, M2, etc.)
To use a binary:
- Download the appropriate file for your system.
- Make it executable (e.g.,
chmod +x ./ts-ssh-darwin-arm64on macOS/Linux). - Run it! (See README for usage examples).
- Note for macOS users: Gatekeeper might block the first run. Right-click the file -> "Open" -> "Open" in the dialog, or use
xattr -d com.apple.quarantine ./<binary_name>.
- Note for macOS users: Gatekeeper might block the first run. Right-click the file -> "Open" -> "Open" in the dialog, or use
Usage
Please see the README.md for detailed installation instructions (including building from source) and usage examples.
Feedback
This is the initial release. Please report any bugs, issues, or feature suggestions by opening an issue in the repository.
Thanks for checking out ts-ssh!