Skip to content

Releases: sshnet/SSH.NET

2024.2.0

11 Nov 21:40
Compare
Choose a tag to compare

New features

  • Add support for PKCS#8 private key files
  • Add additional async overloads on SftpClient
  • Add support for OpenSSH certificates
  • Add support for chacha20-poly1305@openssh.com cipher algorithm
  • Increase support for aes*-gcm@openssh.com and zlib@openssh.com on lower targets

This release takes a dependency on BouncyCastle in an effort to eliminate primitive crypto code from the library. It also takes a dependency on System.Formats.Asn1 on lower targets.

Breaking changes

  • A number of legacy algorithms were dropped in #1442
  • The implementation of DSA was changed from using handwritten code to using System.Cryptography in #1458. See the PR description for behaviour changes this could cause.
  • Renci.SshNet.Common.BigInteger was deleted and its uses replaced with System.Numerics.BigInteger in #1469
  • Renci.SshNet.Common.DerData and Renci.SshNet.Common.ObjectIdentifier were deleted in #1490 and uses replaced with System.Formats.Asn1
  • See the full API diff at the end

What's Changed

New Contributors

Full Changelog: 2024.1.0...2024.2.0

API diff
namespace Renci.SshNet
{
     public interface IBaseClient : System.IDisposable
     {
+        event System.EventHandler<Renci.SshNet.Common.SshIdentificationEventArgs>? ServerIdentificationReceived;
     }

     public interface ISftpClient : Renci.SshNet.IBaseClient, System.IDisposable
     {
+        System.Threading.Tasks.Task ChangeDirectoryAsync(string path, System.Threading.CancellationToken cancellationToken = default);
+        System.Threading.Tasks.Task CreateDirectoryAsync(string path, System.Threading.CancellationToken cancellationToken = default);
+        System.Threading.Tasks.Task DeleteAsync(string path, System.Threading.CancellationToken cancellationToken = default);
+        System.Threading.Tasks.Task DeleteDirectoryAsync(string path, System.Threading.CancellationToken cancellationToken = default);
     }

+    public interface ISshClient : Renci.SshNet.IBaseClient, System.IDisposable
+    {
+        System.Collections.Generic.IEnumerable<Renci.SshNet.ForwardedPort> ForwardedPorts { get; }
+        void AddForwardedPort(Renci.SshNet.ForwardedPort port);
+        Renci.SshNet.SshCommand CreateCommand(string commandText);
+        Renci.SshNet.SshCommand CreateCommand(string commandText, System.Text.Encoding encoding);
+        Renci.SshNet.Shell CreateShell(System.IO.Stream input, System.IO.Stream output, System.IO.Stream extendedOutput);
+        Renci.SshNet.Shell CreateShell(System.Text.Encoding encoding, string input, System.IO.Stream output, System.IO.Stream extendedOutput);
+        Renci.SshNet.Shell CreateShell(System.IO.Stream input, System.IO.Stream output, System.IO.Stream extendedOutput, string terminalName, uint columns, uint rows, uint width, uint height, System.Collections.Generic.IDictionary<Renci.SshNet.Common.TerminalModes, uint> terminalModes);
+        Renci.SshNet.Shell CreateShell(System.IO.Stream input, System.IO.Stream output, System.IO.Stream extendedOutput, string terminalName, uint columns, uint rows, uint width, uint height, System.Collections.Generic.IDictionary<Renci.SshNet.Common.TerminalModes, uint>? terminalModes, int bufferSize);
+        Renci.SshNet.Shell CreateShell(System.Text.Encoding encoding, string input, System.IO.Stream output, System.IO.Stream extendedOutput, string terminalName, uint columns, uint rows, uint width, uint height, System.Collections.Generic.IDictionary<Renci.SshNet.Common.TerminalModes, uint> terminalModes);
+        Renci.SshNet.Shell CreateShell(System.Text.Encoding encoding, string input, System.IO.Stream output, System.IO.Stream extendedOutput, string terminalName, uint columns, uint rows, uint width, uint height, System.Collections.Generic.IDictionary<Renci.SshNet.Common.TerminalModes, uint>? terminalModes, int bufferSize);
+        Renci.SshNet.Shell CreateShellNoTerminal(System.IO.Stream input, System.IO.Stream output, System.IO.Stream extendedOutput, int bufferSize = -1);
+        Renci.SshNet.ShellStream CreateShellStream(string terminalName, uint columns, uint rows, uint width, uint height, int bufferSize);
+        Renci.SshNet.ShellStream CreateShellStream(string terminalName, uint columns, uint rows, uint width, uint height, int bufferSize, System.Collections.Generic.IDictionary<Renci.SshNet.Common.TerminalModes, uint>? terminalModeValues);
+        Renci.SshNet.ShellStream CreateShellStreamNoTerminal(int bufferSize = -1);
+        void RemoveForwardedPort(Renci.SshNet.ForwardedPort port);
+        Renci.SshNet.SshCommand RunCommand(string commandText);
+    }

     public class PrivateKeyConnectionInfo : ...
Read more

2024.1.0

28 Jun 07:06
a553152
Compare
Choose a tag to compare

New features:

  • Add support for aes*-gcm@openssh.com cipher algorithms on .NET 6+
  • Add cancellation of SshCommand via signals
  • Add SshCommand.ExecuteAsync
  • Add support for zlib@openssh.com compression algorithm on .NET 6+

Breaking changes:

  • SshCommand.ExitStatus was changed in #1423 from returning int to returning int? to reflect the fact that an exit status may not always be returned.
  • PipeStream (which provides the implementation of SshCommand.OutputStream and ExtendedOutputStream) was rewritten in #1399 to fix a number of bugs and become more "stream-like". As such:
    • It may now block where previously it may have returned 0 prematurely
    • It may now return partial data where previously it may have blocked until a certain amount of data was available.
    • The properties BlockLastReadBuffer and MaxBufferLength have been removed.
  • CommandAsyncResult was deleted in #1426
  • RsaCipher, AsymmetricCipher and CipherDigitalSignature were deleted in #1373
  • Encrypt/DecryptBlock were moved down from SymmetricCipher to BlockCipher in #1369
  • The previously nonfunctional ZlibStream was deleted and the API of Compressor was changed in #1326
  • SftpFileSytemInformation was renamed to SftpFileSystemInformation in #1425
  • See the full API diff at the end

What's Changed

New Contributors

Full Changelog: 2024.0.0...2024.1.0

API diff
namespace Renci.SshNet
{
     public abstract class BaseClient : Renci.SshNet.IBaseClient, System.IDisposable
     {
-        public bool IsConnected { get; }
+        public virtual bool IsConnected { get; }
-        public event System.EventHandler<Renci.SshNet.Common.ExceptionEventArgs> ErrorOccurred;
+        public event System.EventHandler<Renci.SshNet.Common.ExceptionEventArgs>? ErrorOccurred;
-        public event System.EventHandler<Renci.SshNet.Common.HostKeyEventArgs> HostKeyReceived;
+        public event System.EventHandler<Renci.SshNet.Common.HostKeyEventArgs>? HostKeyReceived;
-        public event System.EventHandler<Renci.SshNet.Common.SshIdentificationEventArgs> ServerIdentificationReceived;
+        public event System.EventHandler<Renci.SshNet.Common.SshIdentificationEventArgs>? ServerIdentificationReceived;
     }

     public class CipherInfo
     {
-        public CipherInfo(int keySize, System.Func<byte[], byte[], Renci.SshNet.Security.Cryptography.Cipher> cipher) { }
+        public CipherInfo(int keySize, System.Func<byte[], byte[], Renci.SshNet.Security.Cryptography.Cipher> cipher, bool isAead = false) { }
+        public bool IsAead { get; }
     }

-    public class CommandAsyncResult : System.IAsyncResult
-    {
-        public object AsyncState { get; }
-        public System.Threading.WaitHandle AsyncWaitHandle { get; }
-        public int BytesReceived { get; set; }
-        public int BytesSent { get; set; }
-        public bool CompletedSynchronously { get; }
-        public bool IsCompleted { get; }
-    }

     public interface ISftpClient : Renci.SshNet.IBaseClient, System.IDisposable
     {
-        System.IAsyncResult BeginDownloadFile(string path, System.IO.Stream output, System.AsyncCallback asyncCallback);
+        System.IAsyncResult BeginDownloadFile(string path, System.IO.Stream output, System.AsyncCallback? asyncCallback);
-        System.IAsyncResult BeginListDirectory(string path, System.AsyncCallback asyncCallback, object state, System.Action<int> listCallback = null);
+        System.IAsyncResult BeginListDirectory(string path, System.AsyncCallback? asyncCallback, object? state, System.Action<int>? listCallb...
Read more

2024.0.0

21 Feb 19:20
a314700
Compare
Choose a tag to compare

New features:

  • ShellStream has been completely rewritten, all bugs fixed and performance improved.
  • Allow writing to stdin of SshCommand
  • Support for Trimming and AOT
  • Add new MAC algorithms:
    • hmac-md5-etm@openssh.com
    • hmac-md5-96-etm@openssh.com
    • hmac-sha1-etm@openssh.com
    • hmac-sha1-96-etm@openssh.com
    • hmac-sha2-256-etm@openssh.com
    • hmac-sha2-512-etm@openssh.com
  • Drop old MAC algorithms:
    • hmac-ripemd160
    • hmac-ripemd160@openssh.com

The list of changes:

New Contributors

Full Changelog: 2023.0.1...2024.0.0

2023.0.1

29 Dec 14:15
7436a38
Compare
Choose a tag to compare

New features:

  • Improve SFTP performance on medium/high latency connections
  • Use System.Security.Cryptography in AesCipher
  • Use hardware-accelerated AES
  • Add support for .NET 8.0
  • Reduces heap allocations
  • And many more.

The list of changes:

New Contributors

Full Changelog: 2023.0.0...2023.0.1

2023.0.0

10 Oct 19:26
1c7166a
Compare
Choose a tag to compare

New features:

  • Support for .NET 6, 7, and .NET Standard 2.1
  • Support for RSA-SHA256/512 signature algorithms
  • Support for parsing OpenSSH keys with ECDSA 256/384/521 and RSA
  • Support for SHA256 and MD5 fingerprints for host key validation
  • Added async support to SftpClient and SftpFileStream
  • Added ISftpFile interface to SftpFile
  • Removed support for old target frameworks
  • Improved performance and stability
  • Added the ability to set the last write and access time for Sftp files

The list of changes:

New Contributors

Thank you to all of our contributors for making SSH.NET the best SSH library for .NET!

Full Changelog: 2020.0.1...2023.0.0

API listing follows standard diff formatting.
Lines preceded by a '+' are additions and a '-' indicates removal.

Renci.SshNet

 namespace Renci.SshNet {
-    public abstract class BaseClient : IDisposable {
+    public abstract class BaseClient : IBaseClient, IDisposable {
+        public Task ConnectAsync(CancellationToken cancellationToken);
     }
+    public interface IBaseClient
+    public interface IPrivateKeySource
-    public interface ISftpClient {
+    public interface ISftpClient : IBaseClient, IDisposable {
+        Task DeleteFileAsync(string path, CancellationToken cancellationToken);
-        IEnumerable<SftpFile> EndListDirectory(IAsyncResult asyncResult);
+        IEnumerable<ISftpFile> EndListDirectory(IAsyncResult asyncResult);
-        SftpFile Get(string path);
+        ISftpFile Get(string path);
+        Task<SftpFileSytemInformation> GetStatusAsync(string path, CancellationToken cancellationToken);
-        IEnumerable<SftpFile> ListDirectory(string path, Action<int> listCallback = null);
+        IEnumerable<ISftpFile> ListDirectory(string path, Action<int> listCallback = null);
+        IAsyncEnumerable<ISftpFile> ListDirectoryAsync(string path, CancellationToken cancellationToken);
+        Task<SftpFileStream> OpenAsync(string path, FileMode mode, FileAccess access, CancellationToken cancellationToken);
+        Task RenameFileAsync(string oldPath, string newPath, CancellationToken cancellationToken);
+        void SetLastAccessTime(string path, DateTime lastAccessTime);
+        void SetLastAccessTimeUtc(string path, DateTime lastAccessTimeUtc);
+        void SetLastWriteTime(string path, DateTime lastWriteTime);
+        void SetLastWriteTimeUtc(string path, DateTime lastWriteTimeUtc);
     }
     public class NetConfClient : BaseClient {
+        public NetConfClient(string host, int port, string username, params IPrivateKeySource[] keyFiles);
-        public NetConfClient(string host, int port, string username, params PrivateKeyFile[] keyFiles);
+        public NetConfClient(string host, string username, params IPrivateKeySource[] keyFiles);
-        public NetConfClient(string host, string username, params PrivateKeyFile[] keyFiles);
     }
     public class PrivateKeyAuthenticationMethod : AuthenticationMethod, IDisposable {
+        public PrivateKeyAuthenticationMethod(string username, params IPrivateKeySource[] keyFiles);
-        public PrivateKeyAuthenticationMethod(string username, params PrivateKeyFile[] keyFiles);
-        public ICollection<PrivateKeyFile> KeyFiles { get; private set; }
+        public ICollection<IPrivateKeySource> KeyFiles { get; private set; }
     }
     public class PrivateKeyConnectionInfo : ConnectionInfo, IDisposable {
+        public PrivateKeyConnectionInfo(string host, int port, string username, params IPrivateKeySource[] keyFiles);
-        public PrivateKeyConnectionInfo(string host, int port, string username, params PrivateKeyFile[] keyFiles);
+        public PrivateKeyConnectionInfo(string host, int port, string username, ProxyTypes proxyType, string proxyHost, int proxyPort, params IPrivateKeySource[] keyFiles);
-        public PrivateKeyConnectionInfo(string host, int port, string username, ProxyTypes proxyType, string proxyHost, int proxyPort, params PrivateKeyFile[] keyFiles);
+        public PrivateKeyConnectionInfo(string host, int port, string username, ProxyTypes proxyType, string proxyHost, int proxyPort, string proxyUsername, params IPrivateKeySource[] keyFiles);
-        public PrivateKeyConnectionInfo(string host, int port, string username, ProxyTypes proxyType, st...
Read more

2020.0.2

29 May 14:53
Compare
Choose a tag to compare

This release fixes a security vulnerability in our X25519 key exchange that could allow an attacker to eavesdrop the
communications to decrypt them.

More information is available in advisory CVE-2022-29245.

2020.0.1

24 Jan 14:07
Compare
Choose a tag to compare

Fixes

General

  • Support LF as line ending for banner and identification string

    Even though RFC 4253 requires that an identification string MUST be terminated by a carriage return and line feed, this fix restores support for banners and identification strings that are only terminated by a line feed.
    This is a workaround for an issue in version 7.4 of OpenSSH which was fixed in version 7.5.

    Fixes issue #761.

Feedback

Target framework support

While our list of supported target frameworks is impressive, it does come with a cost. Some of these target frameworks are no longer supported by Microsoft and even required software that is no longer available for download.

We'd like to gather feedback from our users through this issue to learn how important it is to continue supporting all these target frameworks.

Twitter

Do you want to keep track of general progress and annoucements for SSH.NET? You can now follow us on Twitter.

Supporting SSH.NET

Do you or your company rely on SSH.NET in your projects? If you want to encourage us to keep on going and show us that you appreciate our work, please consider becoming a sponsor through GitHub Sponsors.

2020.0.0

31 Dec 14:10
Compare
Choose a tag to compare

Changes

Target framework support

This release of SSH.NET adds support for .NET Standard 2.0.
This brings the full list of the supported target frameworks to:

  • .NET Framework 3.5
  • .NET Framework 4.0 (and higher)
  • .NET Standard 1.3
  • .NET Standard 2.0
  • Silverlight 4
  • Silverlight 5
  • Windows Phone 7.1
  • Windows Phone 8.0
  • Universal Windows Platform 10

Fixes issue #357, #436 and #474.

Key exchange algorithms

SSH.NET now supports the following additional key exchange algorithms:

  • curve25519-sha256
  • curve25519-sha256@libssh.org
  • ecdh-sha2-nistp256
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp521
  • diffie-hellman-group14-sha256
  • diffie-hellman-group16-sha512

Fixes issue #53, #406 and #504.

Host key algorithms

The following additional host key algorithms are now supported:

  • ssh-ed25519
  • ecdsa-sha2-nistp256
  • ecdsa-sha2-nistp384
  • ecdsa-sha2-nistp521

Public key authentication

SSH.NET now supports the following private key formats:

  • RSA in OpenSSL PEM and ssh.com format
  • DSA in OpenSSL PEM and ssh.com format
  • ECDSA 256/384/521 in OpenSSL PEM format
  • ED25519 in OpenSSH key format

Fixes issue #485.

Troubleshooting

Until now any issue related to Protocol Version Exchange would be reported using a single message:

Server response does not contain SSH protocol identification.

As of this release, we identify - and report - three distinct issues:

  • The server immediately closed the connections upon reception of our SSH identification string.

    The server response does not contain an SSH identification string.
    The connection to the remote server was closed before any data was received.
    More information on the Protocol Version Exchange is available here:
    https://tools.ietf.org/html/rfc4253#section-4.2
    
  • The identification string of the server contains a null character (which is prohibited).

    The server response contains a null character at position 0x00000005:
    
    00000000  ED 95 9C 21 00                                   ...!.
    
    A server must not send a null character before the Protocol Version Exchange is complete.
    
    More information is available here:
    https://tools.ietf.org/html/rfc4253#section-4.2
    
  • The server response does not contain an SSH identification string.

    The server response does not contain an SSH identification string:
    
      00000000  48 54 54 50 2F 31 2E 30 20 32 30 30 20 4F 4B 0D  HTTP/1.0 200 OK.
      00000010  0A 43 6F 6E 74 65 6E 74 2D 4C 65 6E 67 74 68 3A  .Content-Length:
      00000020  20 31 30 0D 0A 43 6F 6E 74 65 6E 74 2D 54 79 70   10..Content-Typ
      00000030  65 3A 20 61 70 70 6C 69 63 61 74 69 6F 6E 2F 6F  e: application/o
      00000040  63 74 65 74 2D 73 74 72 65 61 6D 0D 0A           ctet-stream..
    
    More information on the Protocol Version Exchange is available here:
    https://tools.ietf.org/html/rfc4253#section-4.2
    

Channel close timeout

A ChannelCloseTimeout property has been introduced on ConnectionInfo that controls the timeout to apply when waiting for a server to acknowledge closing a channel. The default value is 1 second.

If a server does not report to our SSH_MSG_CHANNEL_CLOSE message with a SSH_MSG_CHANNEL_CLOSE message before the specified timeout elapses, we'll stop waiting and consider the channel to be closed.

Fixes issue #335.

SftpClient

  • SftpClient now implements ISftpClient to allow for each testing (issue #193).

Breaking changes

ScpClient

CVE-2018-20685 caused OpenSSH to implement more strict validation of file paths. ScpClient was updated to correctly deal with these changes.

In case of a recursive directory upload, ScpClient cannot fully absorb the impact of these changes and as such Upload(DirectoryInfo directoryInfo, string path) now fails if path does not exist on the remote host. For the same reason, the mode and modification/access time will also no longer be set on path.

The mode and modification/access time continue to be set on any files or subdirectories that are uploaded.

Fixes

General

  • Use big endian byte order for port number in SOCKS request (issue #125 and #447).
  • Connect() times out when server rejects initializing subsystem (issue #308).
  • Keep-alives are not activated if connection is already opened (issue #334).
  • Connection cannot be re-established when subsystem cannot be executed (issue #338).
  • Closed event on Channel is not deterministic (issue #319).
  • Disconnect() and Dispose() may block indefinitely on .NET Core (issue #355 and #686).
  • EAP implementation does not correctly deal with a socket operation that is completed synchronously (issue #377 and #571).
  • Identification string is not immediately sent when connection is established (issue #689 and #505).
  • Minor protocol version parsing bug (issue #749).

SftpClient

  • Fix UTC time handling in case of DST shifts (issue #356)

Feedback

Target framework support

While our list of supported target frameworks is impressive, it does come with a cost. Some of these target frameworks are no longer supported by Microsoft and even required software that is no longer available for download.

We'd like to gather feedback from our users through this issue to learn how important it is to continue supporting all these target frameworks.

Twitter

Do you want to keep track of general progress and annoucements for SSH.NET? You can now follow us on Twitter.

Supporting SSH.NET

Do you or your company rely on SSH.NET in your projects? If you want to encourage us to keep on going and show us that you appreciate our work, please consider becoming a sponsor through GitHub Sponsors.

Thanks

This release wouldn't have been possible without contributions from:
@darinkes, @AtosNicoS, @dancret, @menees, @ericbrumfield

Special thanks for @Filini producing our new logo assets!

2020.0.0-beta1

07 Jun 13:56
Compare
Choose a tag to compare
2020.0.0-beta1 Pre-release
Pre-release

Changes

Target framework support

This release of SSH.NET adds support for .NET Standard 2.0.
This brings the full list of the supported target frameworks to:

  • .NET Framework 3.5
  • .NET Framework 4.0 (and higher)
  • .NET Standard 1.3
  • .NET Standard 2.0
  • Silverlight 4
  • Silverlight 5
  • Windows Phone 7.1
  • Windows Phone 8.0
  • Universal Windows Platform 10

Fixes issue #357, #436 and #474.

Key exchange algorithms

SSH.NET now supports the following additional key exchange algorithms:

  • curve25519-sha256
  • curve25519-sha256@libssh.org
  • ecdh-sha2-nistp256
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp521
  • diffie-hellman-group14-sha256
  • diffie-hellman-group16-sha512

Fixes issue #53, #406 and #504.

Host key algorithms

The following additional host key algorithms are now supported:

  • ssh-ed25519
  • ecdsa-sha2-nistp256
  • ecdsa-sha2-nistp384
  • ecdsa-sha2-nistp521

Public key authentication

SSH.NET now supports the following private key formats:

  • RSA in OpenSSL PEM and ssh.com format
  • DSA in OpenSSL PEM and ssh.com format
  • ECDSA 256/384/521 in OpenSSL PEM format
  • ED25519 in OpenSSH key format

Fixes issue #485.

Channel close timeout

A ChannelCloseTimeout property has been introduced on ConnectionInfo that controls the timeout to apply when waiting for a server to acknowledge closing a channel. The default value is 1 second.

If a server does not report to our SSH_MSG_CHANNEL_CLOSE message with a SSH_MSG_CHANNEL_CLOSE message before the specified timeout elapses, we'll stop waiting and consider the channel to be closed.

Fixes issue #335.

Breaking changes

ScpClient

CVE-2018-20685 caused OpenSSH to implement more strict validation of file paths. ScpClient was updated to correctly deal with these changes.

In case of a recursive directory upload, ScpClient cannot fully absorb the impact of these changes and as such Upload(DirectoryInfo directoryInfo, string path) now fails if path does not exist on the remote host. For the same reason, the mode and modification/access time will also no longer be set on path.

The mode and modification/access time continue to be set on any files or subdirectories that are uploaded.

Fixes

General

  • Use big endian byte order for port number in SOCKS request (issue #125 and #447).
  • Connect() times out when server rejects initializing subsystem (issue #308).
  • Keep-alives are not activated if connection is already opened (issue #334).
  • Connection cannot be re-established when subsystem cannot be executed (issue #338).
  • Closed event on Channel is not deterministic (issue #319).
  • Disconnect() and Dispose() may block indefinitely on .NET Core (issue #355 and #686).
  • EAP implementation does not correctly deal with a socket operation that is completed synchronously (issue #377 and #571).
  • Identification string is not immediately sent when connection is established (issue #689 and #505).

Feedback

Target framework support

While our list of supported target frameworks is impressive, it does come with a cost. Some of these target frameworks are no longer supported by Microsoft and even required software that is no longer available for download.

We'd like to gather feedback from our users through this issue to learn how important it is to continue supporting all these target frameworks.

Twitter

Do you want to keep track of general progress and annoucements for SSH.NET? You can now follow us on Twitter.

Supporting SSH.NET

Do you or your company rely on SSH.NET in your projects? If you want to encourage us to keep on going and show us that you appreciate our work, please consider becoming a sponsor through GitHub Sponsors.

Thanks

This release wouldn't have been possible without contributions from:
@darinkes, @AtosNicoS, @dancret

2016.1.0

16 Oct 18:55
Compare
Choose a tag to compare

Changes

Distribution

The NuGet Package Manager in Visual Studio 2012 does not support packages in which a given dependency is defined for more than one TFM. Since a fix for this issue is not expected any time soon, we're reviving support for a binary distribution.

This plain .zip file contains the SSH.NET assembly, and where applicable any dependencies, for all supported target frameworks.

For Visual Studio 2015 and higher, the SSH.NET NuGet package remains our primary distribution mechanism.

General

  • Increase initial window size for SSH channels from 2 MB to 2147483647 (2^31 - 1) bytes. This results in less protocol overhead when receiving data from a SSH server.
  • Data of an SSH_MSG_IGNORE server request is now ignored when the specified length is greater than the actual available bytes (issue #41).
  • Reduce overhead when invoking both Disconnect() and Dispose().
  • Improve performance of SSH message processing by eliminating use of dynamic dispatching.

ScpClient

A RemotePathTransformation property has been added to ScpClient that can be used to change if and how a remote path is transformed before it is passed to the scp command on the remote server.

SSH.NET comes with the following path transformations that are exposed through the RemotePathTransformation class (in Renci.SshNet):

  • DoubleQuote
    Encloses a path in double quotes, and escapes any embedded double quote with a backslash.
    This is the default, as it works fine with most SCP servers.

  • ShellQuote
    Quotes a path in a way to be suitable to be used with a shell-based SCP server.
    This is the preferred mechanism for shell-based SCP servers, which typically means all Unix-like systems.

  • None
    Performs no transformation to the path.
    This is the recommended transformation when the remote host does not require any quoting to preserve the literal value of metacharacters, or when remote paths are guaranteed not to contain such characters.

When none of the built-in transformations match the specific requirements of a remote host, a custom transformation can be supplied.

More information on this change is available here.

Fixes issues #256 and #108.

Example:

Download a file using SCP, and apply shell quoting to the remote path:

using Renci.SshNet;

public class Program
{
  static void Main()
  {
      using (var client = new ScpClient("HOST", 22, "USER", "PWD"))
      {
          client.RemotePathTransformation = RemotePathTransformation.ShellQuote;
          client.Connect();

          using (var ms = new MemoryStream())
          {
              client.Download("/home/sshnet/file 123", ms);
          }
      }
  }
}

Since we've configured ScpClient to use the ShellQuote transformation, the /home/sshnet/file 123 path
will automatically be enclosed in single quotes.

The actual path that is passed to the scp command on the remote host is therefore '/home/sshnet/file 123'.

SftpClient

  • When the read buffer is empty, SftpFileStream.Read(byte[], int, int) only writes those bytes to the buffer that go beyond the number of bytes requested by the caller.
  • Reduced memory allocations in SftpFileStream by lazily allocating read and write buffer.
  • Improved compatibility of SftpFileStream.SetLength(long value) with System.IO.FileStream (PR #272):
    • Flush buffers before changing the length of stream.
    • Move the current position to the last byte of the stream if the current position is greater than the new length.
  • Eliminated extra read from server in SftpFileStream to determine EOF.
  • Greatly improved performance of SftpClient.(Begin)DownloadFile(...) by asynchronously reading ahead chunks (issue #145 and #100).

SshClient

  • A ForwardedPortDynamic now supports domain name addresses for SOCKS5 requests (issue #98).

Breaking changes

ScpClient

The Upload(FileInfo fileInfo, String path) method in ScpClient now expects path to be the remote path of the file to which you want to upload, and throws a ScpException if a directory exists on the remote host for that path (issue #286).

Up until now, uploading a file with a given (remote) path could lead a different result depending on whether a directory for that path exits on the remote host.

Example:

  using (var client = new ScpClient("host", "user", "pwd"))
  {
      client.Connect();

      client.Upload(new FileInfo(@"c:\temp\newlog.txt", "/home/sshnet/log");
  }

As of version 2016.1.0-beta 3 a ScpException will be thrown when /home/sshnet/log exists as a directory on the remote host.

In previous versions of SSH.NET this code would actually upload the content of the c:\temp\newlog.txt file to /home/sshnet/log/newlog.txt.

When /home/sshnet/log exists on the remote host as a file or does not exist at all, the content of the c:\temp\newlog.txt file will be uploaded to /home/sshnet/log. This has not changed.

SftpClient

  • The IsAsync property was removed from SftpFileStream. Previously this property always returned false.

  • The read and write position in SftpFileStream are no longer tracked separately. Reading from or seeking in the SftpFileStream will now also affect the position at which a subsequent write is performed, and vice versa (issue #253).

    For example, the following code snippet will now write "123456" to the console:

      var buffer = Encoding.UTF8.GetBytes("123456");
    
      using (var client = new SftpClient("host", "user", "pwd"))
      {
          client.Connect();
    
          using (var ws = client.OpenWrite(path))
          {
              ws.Write(buffer, 0, 3);
          }
    
          using (var ws = client.OpenWrite(path))
          {
              ws.Seek(3, SeekOrigin.Begin);
              ws.Write(buffer, 3, 3);
          }
    
          Console.WriteLine(client.ReadAllText(path, Encoding.UTF8));
      }
  • To improve compatibility of SftpFileStream with System.IO.FileStream, Append mode is now only allowed when combined with write-only access (issue #267). This only affects SftpClient.Open(string path, FileMode mode, FileAccess access).

    The following code snippet will now throw an ArgumentException:

      using (var client = new SftpClient("host", "user", "pwd"))
      {
          client.Connect();
    
          using (var fs = client.Open("/home/user/file.log", FileMode.Append, FileShare.Read))
          {
          }
      }

    Result:
    System.ArgumentException: Append mode can be requested only when combined with write-only access.

  • To improve compatibility of SftpClient with System.IO.File, the following methods now use UTF-8 encoding without a Byte-Order Mark (BOM):

    • void AppendAllLines(string path, IEnumerable<string> contents)
    • void AppendAllText(string path, string contents)
    • StreamWriter AppendText(string path)
    • StreamWriter CreateText(string path)
    • void WriteAllLines(string path, IEnumerable<string> contents)
    • void WriteAllLines(string path, string[] contents)
    • void WriteAllText(string path, string contents)

Fixes

General

  • Servers that do not implement RFC 4252 correctly may lead to stack overflow (issue #306).

    Section 5.1 of the aforementioned RFC states the following on SSH_MSG_USERAUTH_FAILURE response:

    The value of 'partial success' MUST be TRUE if the authentication request to which this is a response was successful. It MUST be FALSE if the request was not successfully processed.

    Some SSH servers set 'partial success' to TRUE even if the authentication request was not processed successfully, and do not update the name-list to remove the method name that failed.

    SSH.NET has now been updated only attempt authentication 5 times for a method that was considered partially successful.

    If this limit is reached for a given method name, and no other authentication method is available, a SshAuthenticationException with message "Reached authentication attempt limit for method (<method name>)" will be thrown.

  • Key exchange is slow when size of group is more than 1024 bit (issue #304 and #130).

    As part of the key exchange, SSH.NET sends a SSH_MSG_KEY_DH_GEX_REQUEST with a 1024 bit minimum and preferred group size, and 8192 bit maximum group size.

    Before this fix, we would generate a private exponent that matches the size of the safe prime generated by the server. In some cases this meant using a 8192 bit private component to generate the client exchange value, which is a CPU intensive operation.

    As from this fix, we generate a private exponent that is twice the hash size with a minimum of 1024 bit.

  • ConnectSocks5() throws a ProxyException with a wrong message (issue #167).

  • Comments in ProxyException.cs are not relevant (issue #163).

  • SSH exception after client connect using .NET 3.5 version (issue #113).

  • Handle leak when connection to SSH server fails (issue #55).

  • Race condition when both server and client close channel (issue #84).

  • Suppressing ...

Read more