SCHWIGON / Net-SSH-Perl-1.37 / Changes

Revision history for Net::SSH::Perl

1.37 2014.03.17

    - RT #91840 - enabled config option "StrictHostKeyChecking"
                  (the corresponding code already existed)

1.36 2013.08.09

  Apply many bugfixes from RT discussions.

    - RT #48338 - FIX race condition with SSHv2
    - RT #55195 - FIX race condition in KEXINIT
    - RT #67586 - FIX test '03-packet.t' hangs forever
    - RT #64517 - enable PTY support in SSH2
    - RT #23947 - Replacement for KeyboardInt.pm

1.35 2012.12.03

    - rt#76482 - apply patch to t/03-packet.t for 5.15+ (chisel++)

1.34 2009.02.01

    - Rekey properly after 1 GB of data (rt.cpan.org #25044). Patch by Peter Oliver.
    - Don't try to process nonexistent or empty auth file (rt.cpan.org #41877).
    - Fix typo in croak message (rt.cpan.org #42056), thanks to jamie at audible.transient.net.
    - Move 'use base' call after Crypt module loading, per suggestion (rt.cpan.org #42051).
    - Only apply stdin if defined in SSH1 - John Payne (rt.cpan.org #42583)

1.33 2008.10.21

    - Fix open() calls (rt.cpan.org #40020)
    - Fix non-shell problem (rt.cpan.org #39980)
    - Allow full agent forwarding (rt.cpan.org #32190)
    - Handle hashed known_hosts files (Greg Sabino Mullane, rt.cpan.org #25175)

1.32 2008.10.16

    - Add IO::Handle to Perl.pm (rt.cpan.org #40057, #35985)
    - Minor test cleanups.

1.31 2008.10.02

    - New co-maintainer, Greg Sabino Mullane (TURNSTEP).
    - Prevent t/03-packet.t from hanging due to high file descriptor.
      (altblue at n0i.net, rt.cpan.org #6101)
    - Skip some tests if Math::GMP not installed (e.g. from choosing only 
      protocol 2 in Makefile.PL) (Greg Sabino Mullane, reported in 
      rt.cpan.org #25152)
    - If ENV{HOME} is not set, use getpwuid. If both fail and the dir 
      is needed, we croak. (Greg Sabino Mullane, expanded from patch 
      by dgehl at inverse.ca in rt.cpan.org #25174)
    - Fix incorrect logical/bitwise AND mixup (Peter.Haydon at uk.fujitsu.com, 
      rt.cpan.org #31490)
    - Allow empty stdin for SSH2 (rcp at rcable.co.uk, rt.cpan.org #32730)
    - Adjust terminal dimensions dynamically if Term::ReadKey is available
      (john at sackheads.org, rt.cpan.org #34874)

1.30  2005.10.12
    - Fix for local *READ/*WRITE tie problem in open2 function (Bas van
      Sisseren).

1.29  2005.10.08
    - Require Digest::SHA1 2.10 or greater (fixed problem with BSD connection)
      (Adam Callis).
    - Add suppress_shell SSH2 option for SFTP (Sean McMillan).
    - Use effective (not real) user-id to detect root (David Wheeler,
      rt.cpan.org #13373).
    - Make "ChallengeResponseAuthentication" configuration item boolean rather
      than string (mark AT blackmans.org, rt.cpan.org #14549).

1.28  2005.03.17
    - Patch to skip warning messages emitted by F-Secure sshd before the SSH
      signature (Neal Ley).
    - Fix for "Can't locate object method "blocking" via package "IO::Handle""
      error (rt.cpan.org #11674, Daniel C. Silverstein (dans AT pch.net)).

1.27  2005.02.06
    - Set socket to non-blocking in more portable manner (rt.cpan.org #6728).
    - Default port to 22 in case service list is not available (rt.cpan.org
      #5924, Gavin Brock).
    - Allow Net::SSH::Ciphers::supported to take a protocol option to get
      SSH2 ciphers (rt.cpan.org #4648, dan at midstream.com), and also change
      Net::SSH::Perl::Kex to map SSH1 names to SSH2 names.
    - Support BindAddress (bind to specific IP) (rt.cpan.org #6725, patch from
      matt at katipo.co.nz).
    - Have Makefile.PL only generate the prerequisites list, and not try to
      install any (let the install shell handle it); this allows compatibility
      with CPANPLUS and sudo installs (rt.cpan.org #6835, Michael Schwern).

1.26  2005.01.18
    - New co-maintainer, David Robins (DBROBINS).
    - Fix Math::Pari large integer leak in Net::SSH::Perl::Util::SSH2MP bin2mp
      function (has been brought to the attention of the Math::Pari maintainer
      since it's probably a Math::Pari problem, but fixed here because it's a
      big win for a small change and the same "fix" is already in mp2bin).
    - Require perl 5.6 in Makefile.PL (was '5.0006' change to '5.006').

1.25  2004.01.19
    - Fix a bizarre test failure in 03-packet.t if String::CRC32 isn't
      installed (the tests were testing SSH1 but we can't assume the
      user selected this protocol).  Reported by Damien Clark.
      rt.cpan.org ticket #4717.

1.24  2003.11.14
    - New (temporary) maintainer, Dave Rolsky.
    - Fixed a number of circular references in the SSH2
      implementation, which caused connections to be held open
      indefinitely in a persistent environment like mod_perl.  This
      uses weak references, so Perl 5.6.0+ is now required.  This work
      was funded by Kineticode, Inc.
    - Added a LICENSE file.

1.23  2001.10.04
    - Added --sdk option to Makefile.PL.
    - Added Net::SSH::Perl::SSH2::select_class so that Net::SSH::W32Perl
      can override it and reuse client_loop.

1.22  2001.08.28
    - Fixed bug with channel window sizes: Net::SSH::Perl in SSH-2 mode
      was not respecting the server's channel window size, and was
      sending data indiscriminately. It now buffers data to be sent and
      sends it when the sshd has enough window space available. Thanks
      to Megan Dorrah (and others) for the spot.
    - Fix receiving STDERR in SSH-2 protocol. This was broken. Thanks to
      Ulrich Scheid for the spot (and to Sagar Shah and Vicente J. Ruiz
      Jurado for subsequent spots :).
    - Added Channel::drain_outgoing, necessitated by the above fix to
      window sizes; that fix meant that output buffers were not being
      drained before EOF was sent on the channel. drain_outgoing must
      now be called before EOF is sent; it continually sends outgoing
      data, and checks for increased window sizes, until there is no more
      data to send. This will be done automatically, of course.
    - Display SSH-2 BANNER messages during authentication if the session
      is interactive.
    - Net::SSH::Perl::Packet now uses the third argument to syswrite
      (LENGTH). This was necessary to make the module work in Perl
      5.005_2, apparently. Thanks to Brian Carpenter for the spot.
    - Added -2 and -1 options (SSH-2 and SSH-1, respectively) to
      eg/pscp.

1.21  2001.07.18
    - Fixed Handle::SSH(?:1|2)::WRITE when sending large amounts of data,
      ie. data larger than the max packet size. Now we break up data
      into chunks of 32000 bytes, then send each in turn. Thanks to
      Doug Wilson for the spot.
    - Fixed SSH1::_start_interactive (SSH-1 client loop) so that we
      break the client loop on EOF reads from the sshd socket. This
      should fix some hangs when calling close on a tied open2 handle.
    - Better detection of exit status in Handle::SSH1.
    - Handle::SSH1::READ now looks to see if we have already hit EOF
      (ie. we have received exit status packet); if so, returns 0.
    - Added SSH1::send_data, which allows register_handler callbacks
      to be written that will (hopefully) work for both SSH-1 and
      SSH-2.

1.20  2001.07.11
    - A read on an open2 tied filehandle that indicates a closed connection
      will now return 0 bytes instead of causing a fatal error. Thanks to
      Anthony Ball for the reasoning and the fix.
    - getpwuid is now called in an eval, so on systems that do not
      support it, it will not cause a fatal error. Thanks to Shaun
      Bramley for the spot.
    - Bug with "BatchMode no" in a config file overriding interactive => 1
      in the constructor is now fixed. Thanks to Doug Wilson for the spot.
    - Tildes ('~') in IdentityFile config file directive were not being
      expanded to $ENV{HOME} as they should have been. This is now
      fixed. Thanks to Doug Wilson for the spot.
    - Doug Wilson pointed out that it was impossible to use an open
      SSH-1 and SSH-2 handle at the same time, because of the way
      Buffer worked (setting method globs on import). This has now been
      fixed throughout the distribution by using function pointers in
      the object instead.
    - You can now use 'stdout' and 'stderr' in SSH-1 register_handler,
      as aliases for SSH_SMSG_STDOUT_DATA and SSH_SMSG_STDERR_DATA.
      Thanks to Doug Wilson for the idea.

1.19  2001.07.04
    - open2 interface now works with a shell, not just with running a
      remote command. This allows you to open up some sort of shell
      (Unix or otherwise) and talk to it directly, programatically.
      Thanks to Rob J for the idea.
    - Added Auth::ChallengeResponse, a generic SSH-1 challenge
      response authentication mechanism; this works for TIS, s/key,
      and other such mechanisms. Thanks to Surya Koneru for the idea.

1.18  2001.06.27
    - Fixed bug with 'protocol' arg to Net::SSH::Perl constructor.
      Protocol flag was not getting run through the Config object, which
      meant it wasn't getting turned into a bitmask and staying as '1,2'.
      Symptom was 'Protocol major versions differ: 1 vs. 1' or something
      such. Thanks to Mark Ethan Trostler for the spot.
    - Added key generation for RSA SSH-1 keys. Requires Crypt::RSA
      to implement the actual generation of key data. Thanks to
      Rob J for the idea.

1.17  2001.06.26
    - Added (experimental) open2 method, which returns 2 tied
      filehandles for reading and writing to the sshd server (or
      rather to the command executed on the remote server). Thanks
      to Mark Ethan Trostler for the idea, suggestions on functionality,
      code patches, and testing.

1.16  2001.06.06
    - Fixed bug in Net::SSH::Perl::Packet that caused client to
      sometimes hang after receiving DEBUG packets.
    - register_handler (for both SSH-1 and SSH-2) now takes any
      'extra' arguments (other than packet type and code ref) and
      will pass those arguments on to your callback function. This
      allows callbacks access to otherwise private variable states.
      Thanks to Mark Ethan Trostler for the idea and a patch.
    - Didn't need @EXPORT_OK in Net::SSH::Perl::Util, so took it
      out.

1.15  2001.06.03
    - Agent authentication is now supported for both SSH-1 and
      SSH-2 (SSH-2 agent is compatible with OpenSSH ssh-agent).
    - Added Net::SSH::Perl::Agent, which provides a client
      interface to an authentication agent.
    - Added IO::Socket as a prereq (for Net::SSH::Perl::Agent).
    - Abstracted out authentication management for SSH-2 login
      to Net::SSH::Perl::AuthMgr class. Holds authentication
      context and state during authentication negotiation and
      setup, and dispatches to appropriate functions based on
      packet types.
    - KeyboardInt auth now uses new AuthMgr::register_handler
      method.
    - pssh-keygen now changes permissions of private key file
      to 0600 on key generation.
    - Fixed bug where pssh-keygen RSA key generation was
      incompatible with OpenSSL (ie. OpenSSH); Crypt::RSA uses
      ipmq (inverse of p mod q), and OpenSSL uses iqmp
      (inverse of q mod p). So we now explicitly force
      generation of iqmp when writing private key files.
    - Key::RSA::keygen no longer forces generation of CRT
      (Chinese Remainder Theorem) members, because Crypt::RSA
      now does this itself on key generation.
    - Net::SSH::Perl::Packet::read_poll now handles IGNORE
      messages, as well as handling DISCONNECT and DEBUG messages
      more intelligently (depending on protocol version).

1.14  2001.05.24
    - Added keyboard-interactive authentication (only usable in
      an interactive session).
    - Fixed Net::SSH::Perl::Key, which was unconditionally pulling
      in MIME::Base64, Digest::SHA1, and Digest::BubbleBabble. This
      caused problems for users of SSH1 protocol, for which these
      modules shouldn't be prereqs (thanks to Jason Tolsma for
      the spot). These modules are now conditionally loaded.
    - Fixed 5.005_03 syntax error in Key::RSA (calling variable
      method w/o parens).
    - Fixed Key::RSA so that it works with version 1.42 of
      Crypt::RSA.

1.13  2001.05.14
    - Added Channel::check_window method to check the local "window"
      size of a channel object. Channels manage how much data they
      receive using the window, and the sshd refuses to send more
      data than is available in the window. We need to send an
      adjust message to increase the size of the window,
      periodically. Found this bug through working with Net::SFTP
      (thanks to Matt Good for the initial spot).

1.12  2001.05.13
    - Added ChannelMgr::register_handler to set handlers for
      specific packet types for all channels. Moved default
      handler initialization into init method.
    - Abstracted quit_pending behavior into two methods,
      break_client_loop and _quit_pending. The former can be
      used by packet handlers, buffer handlers, etc. to force
      breaking out of the client loop.
    - Added length arg to mp2bin.

1.11  2001.05.11
    - Auto-detect SSH2 private key files as identity files and read
      them accordingly. Thanks to Matt Good for the original idea
      of reading SSH2 key files, as well as the patch.

1.10  2001.05.11
    - Added Key::RSA, an SSH2 key implementation, using Crypt::RSA;
      this provides support for the 'ssh-rsa' public key
      negotiation. Also supported by pssh-keygen (even for key
      generation).
    - Added HostKeyAlgorithms as a supported config option to set
      server host key algorithms.
    - Restructured DSA/publickey-auth implementation to allow for
      multiple public key algorithms, not just DSA. Moved Auth/DSA
      => Auth/Pubkey.
    - Added support for determining PEM private key file types (eg.
      RSA vs. DSA) from the first line of the PEM file.
    - Fixed broken Rhosts-RSA support (SSH1).
    - Added support for reading/writing comments from read_private
      and write_private method for RSA1 SSH1 keys (-c option in
      pssh-keygen).
    - Renamed Key::RSA to Key::RSA1 to allow for Key::RSA as SSH2
      RSA implementation.
    - Changed Key::DSA::size to use Crypt::DSA::Key::size; removed
      redundant Key initialization from Key::DSA::init.
    - Kex::DH1 now works with any type of server public key, not
      just DSA (ie. also works with ssh-rsa in addition to ssh-dss).

1.06  2001.05.07
    - Fixed bug with Blowfish cipher in SSH1 protocol; symptom would
      be "Corrupted check bytes on input" after sending the
      RSA-encrypted session key, and turning on encryption.
      This was due to an incorrect key length when setting the
      Blowfish key. Thanks to Dan Berger for the spot.

1.05  2001.05.04
    - Fixed bug when entering password at prompt; entering an
      incorrect password more than three times would cause the
      authentication to hang. Thanks to Matt Good for the spot and
      a fix.

1.04  2001.05.04
    - Fixed bug in version/protocol exchange that was causing a DSA
      signature verification error. I was cutting off just a newline,
      and some versions of ssh2 were sending ctrl-M characters as
      well that should be cut off. This caused errors like "DSA
      verification failed for server host key" during key exchange.
      Thanks to Matt Good for the spot.
    - Fixed host wildcard matching in Net::SSH::Perl::Config so that
      the directive 'Host foo' no longer matches the host 'foobar';
      this was incorrect behavior and inconsistent with ssh.
    - Added more documentation for Key::DSA and Key::RSA.

1.03  2001.05.03
    - Fixed error with Net::SSH::Perl::Key::DSA and MIME::Base64.
    - Added better docs for Key classes.

1.02  2001.05.03
    - Fixed some doc errors, both syntax and content.
    - Reworked Makefile.PL to give more feedback about what's
      happening w/r/t testing prerequisite modules. Added
      Digest::BubbleBabble as optional prereq, and made Convert::PEM
      optional as well.
    - Added support for bubble-babble fingerprints, both in
      Key libraries (restructured to work with multiple types
      of fingerprinting) and in pssh-keygen (-B option).

1.01  2001.05.02
    - Added SSH2 support.
    - Added Channel, ChannelMgr classes to manage open SSH2
      channels.
    - Added Key and subclasses Key::DSA, Key::RSA; managed
      access to keys and keyfiles.
    - Split Util functions into sub-modules that are loaded
      on demand. Added more utility functions for SSH2 bigints,
      etc. Deprecated _load_private_key, _save_private_key,
      _load_public_key, in favor of usage of Net::SSH::Perl::Key
      classes.
    - Changed Constants implementation; don't use 'constant'
      module, just keep constants in hash, then export them
      in custom import method.
    - Added eg/pssh-keygen, which has *almost* all of the
      functionality in the OpenSSH ssh-keygen.
    - Added Mac classes for MAC packet integrity.
    - Added Cipher/RC4, an arcfour implementation (only for
      SSH2).
    - Added Kex and subclass for Diffie-Hellman Group 1.
    - Buffer now works for both SSH1 and SSH2; different
      mp_int representations.
    - SSH1 implementation: now uses Net::SSH::Perl::Comp for
      compression; uses Net::SSH::Perl::Key::RSA to hold RSA
      keys; now lives in Net::SSH::Perl::SSH1 and is loaded on
      demand; etc.

0.67  2001.04.20
    - now use _mp_linearize in _rsa_private_decrypt.
    - fixed bug with sending large STDIN packets. The symptom was
      that, when trying to send STDIN packets larger than MAX_PACKET_SIZE,
      you'd get an error and the packet wouldn't be sent. Thanks to
      Chris Beatson for the spot and a patch.
    - fixed odd bug with _mp_linearize. Aaron Paetznick
      pointed this out, and I could only reproduce it on his system.
      The symptoms were that encryption would not work, resulting in
      "Corrupted check bytes on input" messages after encryption was
      turned on. This was due to a problem generating the session ID.
      Fixed by using a whole new version of _mp_linearize.

0.66  2001.03.22
    - fixed bug where calling 'cmd' more than once wouldn't get
      anything in returned stdout, stderr, or exit status. Thanks
      to John Tyrrell for the spot.

0.65  2001.03.21
    - fixed bug with "Cipher <name>" in config file or 'options'
      param. This wasn't mapping ssh cipher names to Net::SSH::Perl
      cipher names (ie. should map 'idea' => 'IDEA'). Thanks to
      Edward Vopata for the spot and a patch.
    - made it clearer that Net::SSH::Perl currently supports only
      SSH1 protocol.
    - better error checking for getservbyname lookup of ssh
      service (to get default port).
    - added eg/remoteinteract.pl, which demonstrates how to interact
      with a remote (interactive) command.

0.64  2001.03.13
    - fixed bug in Net::SSH::Perl::Cipher::new_from_key_str;
      empty key string (passphrase) was broken. This never
      cropped up in regular usage, only in testing.
    - added _save_private_key function to Net::SSH::Perl::Util,
      used to save private key files.
    - added cipher tests (05-cipher.t).
    - PasswordPromptLogin and PasswordPromptHost config options
      are now supported (on by default).
    - added untainting code for all places where data is read
      from external sources (ie. socket, key files, etc.),
      which should fix the "Corrupted check bytes" errors when
      using -T. It was breaking because substr replacement
      doesn't work on tainted values. See this p5p thread:
      http://www.xray.mpe.mpg.de/mailing-lists/perl5-porters/2000-09/msg00799.html

0.63  2001.03.09
    - added documentation to pssh (eg/pssh), as well as a -V
      option.
    - fixed bug where User specified in config file would be
      overridden by lack of user in login method.
    - return value of buffer->dump method no longer contains
      extra space at the end.

0.62  2001.03.08
    - fixed test bug with StringThing package by adding FILENO
      method. Should fix problem with 5.6 test suite.
    - added merge_directive method to Net::SSH::Perl::Config,
      and 'options' arg to Net::SSH::Perl constructor.

0.61  2001.03.07
    - changed in_leftover implementation and name. The method
      is now named incoming_data, and the implementation is
      a Net::SSH::Perl::Buffer object.
    - changed to using non-blocking sockets. Net::SSH::Perl::Packet
      added a read_poll method, which doesn't block; read still
      blocks (using select).
    - added shell connection functionality, and abstracted out
      interactive session code a bit better. Added pty support.
      In the future 'shell' could conceivably be used to execute
      multiple commands over the same ssh connection.
    - added 3DES as fallback cipher if IDEA isn't supported.
    - _check_host_in_hostfile now returns HOST_NEW if the hostfile
      can't be opened, consistent with how ssh and openssh work.

0.60  2001.03.02
    - added compression support, along with Compression and
      CompressionLevel config directives, and docs
    - added ability to register handlers for specific packet
      types read during the client loop

0.53  2001.02.28
    - added Net::SSH::Perl::Config; reads ssh config files
      and merges constructor options with config options
    - updated DESCRIPTION for Net::SSH::Perl

0.52  2001.02.21
    - added ability to specify RSA identity files; defaults
      to "$ENV{HOME}/.ssh/identity"
    - Blowfish cipher will try to use Crypt::Blowfish_PP if
      it can't use Crypt::Blowfish
    - added lots of POD
    - fixed bug where unknown hosts wouldn't be added to
      hostfile
    - sorted out common sections between Net::SSH::Perl POD
      and README

0.51  2001.02.20
    - Blowfish support has now been added.

0.50  2001.02.19
    - moved my Net::SSH libraries into the Net::SSH::Perl
      namespace; hooked up the main Net::SSH interface lib.
    - added ssh and issh wrappers around OO methods.
    - added configure method to Net::SSH interface; used to
      set up connection params when using procedural
      interface.
    - added RSA authentication.
    - ripped out IO::Socket usage, replaced with manual
      socket creation and connection so we can try to bind to
      ports 1023 down through 512, if the user wants to
      connect on a privileged port.
    - added Rhosts-RSA and Rhosts authentication, with the
      caveat that they only work when running as root
      and on a privileged port.

0.03  2001.01.19
    - integrated modified CBC and CFB ciphers into distribution;
      no more reliance on Crypt::CFB and Crypt::CBC
    - improved cipher checking; added list of ciphers supported
      by client, based on which cipher drivers can be loaded
    - fixed rsa_private_decrypt bug (occurred when session key
      int was 255 chars long as hex string, rather than 256).
    - Chip Turner, author of Math::GMP, added my patch to his
      distribution, thus making installation much easier. Thanks
      Chip.
    - added cipher support to installation process.
    - abstracted the auth plugins into Auth modules; this will
      allow the addition of other authentication modules in
      the future.
    - moved utility routines into Net::SSH::Util.
    - changed Net::SSH::Constants to use Exporter.

0.02  2001.01.18
    - added DES and 3DES ciphers
    - more host key support: adds new host keys to user host key file
    - checked for unsupported Net::SSH::Buffer methods in AUTOLOAD
    - added example script, eg/cmd.pl
    - can now specify cipher via new method
    - checks against server's supported cipher list

0.01  2001.01.10
    - original version; created by h2xs 1.19

# vim:et



Hosting generously
sponsored by Bytemark