ssh-mux

Rust-related/ssh-mux

Fork 0

Commit Graph

Select branches

Hide Pull Requests

main

1.11.0

1.11.1

v0.5.0

v1.0.0

v1.1.0

v1.10.0

v1.10.1

v1.10.2

v1.10.3

v1.10.4

v1.10.5

v1.12.1

v1.13.0

v1.13.1

v1.13.2

v1.13.3

v1.13.5

v1.14.0

v1.14.1

v1.2.0

v1.3.0

v1.3.1

v1.4.0

v1.5.0

v1.5.1

v1.5.2

v1.5.3

v1.6.0

v1.6.1

v1.7.0

v1.7.1

v1.8.0

v1.9.0

cd6a517fec chore: bump version to v1.14.1, soften banner-detection rationale main v1.14.1 Myeongseon Choi 2026-04-29 13:39:27 +09:00
d4cf32dbed feat(pool): mimic local OpenSSH banner to fix VPN/Okta device fingerprinting Myeongseon Choi 2026-04-29 13:14:36 +09:00
9d267cf7a8 feat!: always allow remote loopback any-port for direct-tcpip v1.14.0 Myeongseon Choi 2026-04-28 18:45:45 +09:00
c63474eb86 feat(forwarding): top-level default_allow_remote_loopback_any_port v1.13.5 Myeongseon Choi 2026-04-28 17:48:27 +09:00
51210232a1 fix(forwarding): unblock VS Code/Cursor Remote-SSH with opt-in loopback flag Myeongseon Choi 2026-04-28 17:08:58 +09:00
e1e91a4741 chore: bump version to v1.13.3, document lockfile fix v1.13.3 Myeongseon Choi 2026-04-28 11:56:19 +09:00
ef3507e688 build: commit Cargo.lock to fix CI Myeongseon Choi 2026-04-28 11:56:13 +09:00
a92b86a382 chore: bump version to v1.13.2, document re-import fix v1.13.2 Myeongseon Choi 2026-04-28 11:51:55 +09:00
a5c0f65b17 fix(import): support re-import after Include line is in place Myeongseon Choi 2026-04-28 11:51:48 +09:00
480ed466d5 chore: bump version to v1.13.1, document ProxyCommand exclusion v1.13.1 Myeongseon Choi 2026-04-27 17:53:05 +09:00
3ad03f5e9b fix: import-config skips ProxyCommand hosts and ProxyCommand jumps Myeongseon Choi 2026-04-27 17:52:54 +09:00
31d5643ab6 chore: bump version to v1.13.0, document install bootstrap v1.13.0 Myeongseon Choi 2026-04-27 15:23:08 +09:00
e42a396daa feat: install runs the full bootstrap (import + setup-config + service) Myeongseon Choi 2026-04-27 15:23:02 +09:00
9527caca0e chore: bump version to v1.12.1, add CHANGELOG covering v1.11.0–v1.12.1 v1.12.1 Myeongseon Choi 2026-04-27 14:44:44 +09:00
43c1c77a30 fix(lint): satisfy clippy 1.95 collapsible_match in import.rs Myeongseon Choi 2026-04-27 14:44:36 +09:00
18f5972401 chore: bump version to v1.12.0 Myeongseon Choi 2026-04-27 14:35:08 +09:00
ed2521294b fix: clear upstream auth state after the KI driver terminates Myeongseon Choi 2026-04-27 14:35:01 +09:00
65a3248619 chore: bump version to v1.11.0, document import-config and idle-timer fix Myeongseon Choi 2026-04-27 14:09:06 +09:00
9cb95fac10 fix: freeze idle timer while a connection has open channels Myeongseon Choi 2026-04-27 14:08:59 +09:00
1b68854d00 feat: add import-config and stop mutating user host blocks Myeongseon Choi 2026-04-27 14:08:39 +09:00
e7a527e7e2 Harden IPC and forwarding policy v1.10.5 Myeongseon Choi 2026-04-25 21:01:39 +09:00
fe29db4b7e fix(lint): satisfy clippy 1.95 collapsible_match lints 1.11.1 Myeongseon Choi 2026-04-23 12:56:06 +09:00
118163eace refactor: improve condition check readability in wait_for_daemon Myeongseon Choi 2026-04-23 12:04:17 +09:00
2948d0e6e5 refactor: simplify hash encoding and improve condition check Myeongseon Choi 2026-04-23 11:42:41 +09:00
e745c2666e refactor: drop toast notification on session open 1.11.0 Myeongseon Choi 2026-04-23 10:09:48 +09:00
47974483fb feat: forward upstream OTP to client's SSH session via keyboard-interactive Myeongseon Choi 2026-04-23 10:02:20 +09:00
6a37e8341c feat(pool): add ensure_{direct,jump}_connected warm-up methods Myeongseon Choi 2026-04-23 09:50:58 +09:00
f5f5d8e61d feat: implement serialized jump-host connection setup to prevent duplicate OTP prompts Myeongseon Choi 2026-04-15 09:27:57 +09:00
6c51d2f4a8 fix: work around Win32-OpenSSH askpass failure on non-ASCII usernames v1.10.4 명선 최 2026-03-23 13:34:20 +09:00
6a583abe42 chore: bump version to 1.10.3 v1.10.3 명선 최 2026-03-20 14:20:35 +09:00
9894e9ee75 fix: move OTP hostname display after pipe init and embed in Read-Host prompt 명선 최 2026-03-20 14:18:33 +09:00
029045d917 chore: bump version to 1.10.2 and update README security documentation v1.10.2 명선 최 2026-03-20 11:19:08 +09:00
3696ae93d4 refactor: deduplicate Windows DACL checks via security::check_dacl_permissions 명선 최 2026-03-20 11:17:51 +09:00
90fc99dc5f security: resolve Windows home directory via Known Folder API 명선 최 2026-03-20 11:17:06 +09:00
fc6f3d81d6 security: add 8 KiB line-length limit to IPC protocol reads 명선 최 2026-03-20 11:16:39 +09:00
af6ef76743 security: enforce DACL on token file and directory at creation time 명선 최 2026-03-20 11:15:54 +09:00
222bb217aa fix: embed OTP display name directly in PowerShell script 명선 최 2026-03-20 10:59:31 +09:00
fb15019431 security: harden install and SSH_MUX_SSH_DIR validation v1.10.1 명선 최 2026-03-18 19:44:36 +09:00
b0e3ee3b7e chore: bump version to v1.10.0, update README with security hardening docs v1.10.0 명선 최 2026-03-18 13:48:05 +09:00
76162d5357 security: replace panic with error return in Unix /tmp socket fallback 명선 최 2026-03-18 13:47:03 +09:00
0dcc148f37 security: use Known Folder API for token path and add token file DACL check 명선 최 2026-03-18 13:45:46 +09:00
22a94eb433 security: add Windows DACL check for SSH_MUX_SSH_DIR directory 명선 최 2026-03-18 13:43:10 +09:00
b7d8137c78 security: implement known_hosts wildcard pattern matching (*, ?, ! negation) 명선 최 2026-03-18 13:41:47 +09:00
d0306b2a95 chore: bump version to v1.9.0, add file logging with panic hook and log rotation v1.9.0 명선 최 2026-03-18 13:26:23 +09:00
99350cee4f chore: bump version to v1.8.0, update README with connection lifecycle and OTP docs v1.8.0 명선 최 2026-03-17 21:25:50 +09:00
563e584d4f fix: prevent jump host reaper from killing active via-jump connections, clean up OTP window title 명선 최 2026-03-17 21:24:31 +09:00
12f8b78b78 chore: bump version to v1.7.1, update README with security hardening docs v1.7.1 명선 최 2026-03-17 17:25:31 +09:00
40a3f7e1ff test: add security regression tests for v1.7.1 hardening 명선 최 2026-03-17 17:23:15 +09:00
e90a1f9d40 docs: fix stale DACL comment — SID failure is fail-closed, not OW fallback 명선 최 2026-03-17 17:20:48 +09:00
374717a7fe security: block non-interactive accept-new when @cert-authority entries exist 명선 최 2026-03-17 17:18:03 +09:00
e14abb46df security: use GetSystemDirectoryW API for PowerShell path resolution 명선 최 2026-03-17 17:16:06 +09:00
a2e68af10c security: reject SSH_MUX_SSH_DIR with bad ownership or permissions (fail-closed) 명선 최 2026-03-17 17:10:43 +09:00
877c0969f1 security: fail-closed on ACCESS_ALLOWED_OBJECT_ACE_TYPE instead of incorrect SID parsing 명선 최 2026-03-17 17:02:37 +09:00
ff2532018a chore: bump version to v1.7.0, update README with security hardening docs v1.7.0 명선 최 2026-03-17 15:48:00 +09:00
8dc1df78c5 test: add comprehensive security regression tests 명선 최 2026-03-17 15:46:36 +09:00
ba3e8ee977 security: validate SSH_MUX_SSH_DIR path and directory ownership 명선 최 2026-03-17 15:43:12 +09:00
2977574ef3 security: use CSPRNG-random temp filename and O_EXCL for known_hosts writes 명선 최 2026-03-17 15:42:18 +09:00
fb207a52bc security: warn and skip unsupported known_hosts markers like @cert-authority 명선 최 2026-03-17 15:41:18 +09:00
117181fbda security: add IPC read timeouts to prevent local DoS 명선 최 2026-03-17 15:40:19 +09:00
6d71cbe9d8 security: extend sanitize_for_display to strip DCS, PM, APC, SOS escape sequences 명선 최 2026-03-17 15:39:01 +09:00
e726a82d41 security: fail-closed on SID resolution failure instead of OW DACL fallback 명선 최 2026-03-17 15:35:30 +09:00
f2f4db2dde fix: collapse nested if to satisfy clippy collapsible_if lint v1.6.1 명선 최 2026-03-17 11:24:45 +09:00
9fb5057e87 chore: add pre-commit hook matching CI checks (fmt, clippy, test) 명선 최 2026-03-17 11:19:59 +09:00
1f41cb9a76 fix: resolve cargo fmt and clippy warnings 명선 최 2026-03-17 11:19:30 +09:00
3e5c4c69ce chore: bump version to v1.6.1, update README with OTP cancellation docs 명선 최 2026-03-17 11:07:44 +09:00
ddab00588d fix: allow OTP retry when prompt window is cancelled 명선 최 2026-03-17 11:07:20 +09:00
1c8415717b fix: prevent infinite hang when OTP prompt window is closed 명선 최 2026-03-17 11:06:56 +09:00
63bfc68ee6 feat: custom SSH directory via SSH_MUX_SSH_DIR environment variable (v1.6.0) v1.6.0 명선 최 2026-03-16 20:49:26 +09:00
b61e760044 fix: explicit disconnect on pool eviction to prevent zombie connections v1.5.3 Myeongseon Choi 2026-03-11 13:43:25 +09:00
b88b7ef060 bump version to 1.5.2 v1.5.2 Myeongseon Choi 2026-03-10 10:33:48 +09:00
a687ce2e50 feat: add periodic cleanup for idle connections Myeongseon Choi 2026-03-10 10:32:22 +09:00
a7ef9b3816 security: DACL hardening, Unix StrictModes, atomic write improvements (v1.5.1) v1.5.1 Myeongseon Choi 2026-03-09 19:29:39 +09:00
811f4bc549 security: comprehensive hardening from security audit (v1.5.0) v1.5.0 Myeongseon Choi 2026-03-09 18:12:55 +09:00
c15e9f18f6 refactor: enhance local SSH server configuration and command options Myeongseon Choi 2026-03-09 15:10:38 +09:00
0cd734fc3b feat: default max-lifetime to 12 hours (43200s) Myeongseon Choi 2026-03-05 11:25:52 +09:00
a9f2b353ab ci: remove Windows cross-check (ring requires MSVC toolchain) v1.4.0 Myeongseon Choi 2026-02-26 16:25:09 +09:00
1a30e9615b ci: drop cargo-xwin, use plain cargo clippy --target for Windows check Myeongseon Choi 2026-02-26 16:13:35 +09:00
11ee7d8075 fix: gate STARTUP_VBS const with cfg(windows) Myeongseon Choi 2026-02-26 15:35:23 +09:00
ab8037c9ee ci: add Windows cross-check via cargo-xwin Myeongseon Choi 2026-02-26 15:32:12 +09:00
1289d9dc6f fix: gate Windows-only functions with #[cfg(windows)] for cross-platform CI Myeongseon Choi 2026-02-26 15:29:21 +09:00
efc5864e90 release: v1.4.0 — security hardening (3rd-party audit) Myeongseon Choi 2026-02-26 15:08:08 +09:00
132f9a50a6 style: cargo fmt Myeongseon Choi 2026-02-26 15:07:09 +09:00
01d446945f security: use CSPRNG for OTP pipe name generation Myeongseon Choi 2026-02-26 15:06:40 +09:00
36fdd6e340 security: use proper buffer reallocation for SID query Myeongseon Choi 2026-02-26 15:06:07 +09:00
1831d844fb security: sanitize terminal output to prevent escape sequence injection Myeongseon Choi 2026-02-26 15:05:28 +09:00
b7736ba0ef security: validate known_hosts on read and check full ancestor path Myeongseon Choi 2026-02-26 15:04:58 +09:00
7fa21c02b5 security: OTP pipe DACL uses user SID instead of OW Myeongseon Choi 2026-02-26 15:04:14 +09:00
b39d3b8024 security: make Unix fallback dir validation fail-closed Myeongseon Choi 2026-02-26 15:03:24 +09:00
5a854dd43d security: use absolute path for powershell.exe Myeongseon Choi 2026-02-26 15:02:35 +09:00
0843dedb9f security: fix PowerShell injection RCE in OTP prompt Myeongseon Choi 2026-02-26 15:01:02 +09:00
525cffdeba feat: show friendly host name in OTP prompts v1.3.1 Myeongseon Choi 2026-02-26 13:07:55 +09:00
4c0f693385 feat: add SSH host alias registration for friendly display names Myeongseon Choi 2026-02-26 11:24:24 +09:00
92f4f62475 refactor: enhance PowerShell script title and improve auth_keyboard_interactive function Myeongseon Choi 2026-02-26 10:49:44 +09:00
bea052cb68 fix: move Context import inside cfg(windows) to fix unused-import on non-Windows targets v1.3.0 Myeongseon Choi 2026-02-26 10:23:57 +09:00
854a8c2720 Bump version to 1.3.0 Myeongseon Choi 2026-02-26 10:11:35 +09:00
d963fbac8c refactor: improve code formatting and readability in host_key, ipc, local_server, and pool modules Myeongseon Choi 2026-02-26 10:02:27 +09:00
445d717881 fix: zombie sessions persisting after client disconnect Myeongseon Choi 2026-02-26 09:59:52 +09:00
64ac1cad05 docs: update security section for audit v2 hardening Myeongseon Choi 2026-02-26 09:54:34 +09:00
234ae14d3d security: centralize reparse-point defense and apply to all write paths Myeongseon Choi 2026-02-26 09:54:02 +09:00
cda7427c2d security: enforce DACL write-permission checks on Windows Myeongseon Choi 2026-02-26 09:53:53 +09:00

1 2