Skip to content

Releases: rwinkhart/sshyp

v1.5.3

09 Jan 03:20
Compare
Choose a tag to compare

sshyp v1.5.3
01/08/2024

the fortified flock update - patch three

this release is a quick hot-fix for some bugs that were noticed after the release of v1.5.2

fixes/optimizations:

  • fixed a regression with the entry list causing entries not part of a subdirectory to appear in-line with the entry list header
  • fixed extension group ownership under FreeBSD
    ^ the "wheel" group is now used where previously the non-existent "root" group was used
  • fixed notes sometimes being appended in the wrong position after editing an incomplete entry
  • addressed flake8 suggestions (slight optimization)
  • removed unnecessary empty variable declarations
    ^ these were previously included to silence PyCharm's PEP8 warnings
    ^ the project is now primarily developed in VSCodium with the flake8 linter
    ^ the only change to flake8 defaults is the line length limit (79->120)

v1.5.2

08 Jan 01:57
Compare
Choose a tag to compare

sshyp v1.5.2
01/07/2024

the fortified flock update - patch two

this release focuses on fixing various bugs, crashes, and visual oddities; additionally, the new-user setup experience has been vastly improved

compatibility-breaking changes:

  • this release is fully compatible with sshyp v1.5.0-v1.5.1
  • the minimum Python version has been raised from Python 3.7 to Python 3.8
    ^ this was needed for the new device id changing behavior
    ^ Python 3.7 no longer receives security updates, so this should have minimal impact
    ^ please create an issue on GitHub if any Python version (3.8 or newer) does not work as intended

user-facing features:

  • registered device ids can now be removed from the server tweak menu
    ^ all device id menus now stay open until the user manually exits
  • changing a client's device id now attempts to automatically remove the previous id from the server
  • the extension downloader now supports showing multiple lines of usage information
    ^ sshyp-mfa is taking advantage of this to display the info from the old man page
  • basic tweak/init menu text wrapping and terminal-resizing has been added
    ^ the tweak/init radio menus now warn if the terminal needs to be resized to see all content; this resizing can be done in real time without restarting sshyp (layout dynamically adjusts)
    ^ this avoids crashes on large radio menus in small terminals (crashes are still possible, but only on unreasonably small terminals - this will probably stay the way it is now)
  • ssh connections are no longer made from the init menu
    ^ this is to give the user time to register their ssh pubkey with the server
  • the user is now warned that gpg key generation may take time and that sshyp should not be terminated
  • the user is now warned about risks associated with changing or removing active device ids
  • back buttons have been added to menus that were missing a safe way to exit

fixes/optimizations:

  • quick-unlock has been fixed - invalid pins have been generated since v1.5.0
    ^ if quick-unlock is not working for you, re-generate your pin after this update!
  • extension removal now works on Busybox environments (Alpine Linux)
  • instead of crashing with an unhelpful error, sshyp now warns if a valid pinentry program is not found (gpg)
    ^ affects some Alpine Linux 3.19 base installs (pinentry does not always get installed with gpg)
  • a recursive curses.wrapper() function is no longer used (fixes menu crash on Alpine Linux 3.19)
    ^ the new method of transitioning menus is more efficient on all platforms
  • the wl-paste empty clipboard warning is no longer shown when multiple copies are done within 30 seconds (Wayland)
  • quotes are no longer copied to the Termux clipboard on clear
  • the entry reader and entry list should now be more visible in light terminals
    ^ in testing, I noticed some solarized dark themes bind color 8 to the same color as the terminal background, leading to some invisible text - this will not be fixed (unless custom accent colors are added), as I believe this is poor theme design and the fault of the particular solarized dark themes I tested
  • entry list text wrapping has been vastly improved
    ^ better utilization of full terminal width
    ^ less prone to splitting entry names in half (should be impossible now)
    ^ no longer crashes on small terminals
  • multi-word device ids can now verify via quick-unlock
  • various language standardization changes
    ^ all back buttons in menus are now named "BACK"
    ^ all mentions of device ids are now referred to as "ids", rather than "names"
    ^ various non-user-facing variable renamings have also been made
  • various menu helptext have been made more clear
    ^ this includes quick-unlock configuration, ssh configuration, device id configuration, and more

v1.5.1

24 Oct 03:24
Compare
Choose a tag to compare

sshyp v1.5.1
10/24/2023

the fortified flock update - patch one

this release fixes both long and short-standing bugs that managed to escape discovery in testing;
it also addresses some issues that first-time users may be put-off by upon encountering

user-facing features:

  • the clipboard is now only cleared if the contents of the clipboard still match what was placed onto it by sshyp
    ^ this means that sshyp will no longer remove data from the clipboard that it did not place there
  • a warning/explanation is now provided when the user attempts to sync in offline mode
  • a readable error is now provided if the user attempts to edit a note and the specified text editor cannot be found
  • the optional configuration menu is now explained when encountered during "sshyp init"
  • the man page now includes common troubleshooting information

fixes/optimizations:

  • custom, user-provided ssh keyfiles are now properly utilized in all cases
    ^ previously, using custom ssh keyfiles would break various features
  • clipboard contents are no longer leaked via the process list on Wayland
  • interpolation has been disabled for ConfigParser, allowing "%" to be stored in configuration files
  • gpg keys with ":" or "\" in their names are now properly written to the configuration file
  • copy_id_check() and whitelist_verify() are now safely callable from extensions
  • the ssh key selection will no longer see "known_hosts.old" as a valid keyfile
  • when possible, data from the configuration file is now read as boolean values
  • the Haiku package has been updated to use Python 3.11

v1.5.0

13 Jul 01:24
Compare
Choose a tag to compare

sshyp v1.5.0
07/12/2023

the fortified flock update

this release implements new curses-based TUI configuration menus and improves the security of sshyp

compatibility-breaking changes:

  • a completely new configuration system calls for a new configuration file
    ^ before using sshyp v1.5.0 for the first time, 'sshyp init' will need to be ran to create the new configuration file - the old configuration files can be safely deleted
    ^ 'sshyp tweak' has been repurposed as the configuration menu for changing individual options, rather than re-doing setup entirely - after initialization, this is the one you want to use
  • the new extension manager is replacing the old method of installing extensions as system packages
    ^ any older extensions you have installed should be uninstalled to prevent conflicts
    ^ extensions are now installed and removed through the 'sshyp tweak' menu's extension manager
    ^ this does not yet apply to Haiku and Termux, which will continue to install extensions using the previous method
  • all clients and servers must be updated to this release for the folder renaming bug fix to work
    ^ failure to update all devices will result in errors and/or potential data loss
  • various packaging changes
    ^ x-clip and wl-clipboard are now marked as optional dependencies, so the correct tool will need to be installed as needed - a warning has been added for this if neither package is installed
    ^ the changelog no longer ships with sshyp - it is still available on GitHub

user-facing features:

  • the old configuration menu, 'sshyp tweak', has been split into two new curses-based TUI menus
    ^ 'sshyp init' is for first-time setup/initialization
    ^ 'sshyp tweak' can be used at any time to quickly adjust individual settings
    ^ whitelist management tools have been moved to the new 'sshyp tweak' menu
    ^ clients and servers now each have their own dedicated 'sshyp tweak' menu
    ^ the new config file is in .INI format, making it easier to edit the config without sshyp
  • added a 'sshyp tweak' option for re-encrypting all entries with a new gpg key
  • added a security advisory when enabling quick-unlock to ensure the user understands potential risks
  • the user is now warned if the clipboard tool relevant to their platform is not installed
  • passwords are now hidden by default in the entry reader
    ^ they can be displayed by appending '--show' or '-s' to the end of the command
  • input is now hidden when adding/editing a password in an entry
  • entries are no longer re-encrypted and synced if the note editor is quit without saving

fixes/optimizations:

  • a tmpfs is no longer used for decrypting entries unless editing notes
    ^ data is now decrypted directly into sshyp and written to entries pre-encrypted
    ^ this makes reading entries much more secure
    ^ editing entries is similarly secure to before - greater improvements coming in a future update
  • folder renaming has been re-enabled and now functions as intended
  • some unnecessarily verbose outputs were silenced and/or made to appear more cleanly
  • FreeBSD packaging fixes
    ^ no longer incorrectly includes and uses the logic for the Termux clipboard
    ^ now specifies 'python3' dependency instead of 'python'
  • many lists provided to the subprocess module have been swapped with tuples
  • more correct and clear language is used to describe options and arguments in the help menus
  • properly display an error when attempting to copy blank fields from entries
  • shebangs have been removed from libraries not meant to be run directly

other factors of note:

  • with the release of Debian 12 Bookworm, sshyp is once again fully supported on vanilla Debian
    ^ previously, it was only working correctly in offline mode due to Debian 11's old OpenSSH package
  • this is the biggest release of sshyp ever
    ^ it includes LOTS of minor changes and optimizations not included in the patch notes summary
    ^ as such, keep an eye out for new bugs!
  • the next major release of sshyp may be even larger...
    ^ but it is also likely very far away
    ^ GnuPG is great, but it is inherently incompatible with sshyp's future security model
    ^ if all goes according to plan, GnuPG will be replaced in the next release
    ^ assuming this happens, this next release will be crowned v2.0.0
    ^ sshyp v1.5.X is expected to be the latest stable release for a longer amount of time than usual
    ^ sshyp v1.5.X may receive security/bug fix patches after the release of v2.0.0, as needed

v1.4.3

09 Jun 00:01
Compare
Choose a tag to compare

sshyp v1.4.3
06/08/2023

the argumentative agronomist update - patch three

IMPORTANT: the next major release of sshyp, v1.5.0, will make breaking changes that will require running through 'sshyp tweak' again - also starting with v1.5.0, a copy of the changelog will no longer be packaged with sshyp (it will still be available on GitHub) and clipboard tools (x-clip and wl-clipboard) will be set to optional dependencies ('sshyp tweak' will warn of this)

this is a highly unconventional release featuring backports to fix critical bugs found during the development of the upcoming v1.5.0

fixes:

  • folder renaming has been disabled to prevent a severe data loss bug from occuring
    ^ this has been properly fixed for v1.5.0, but the fix requires all clients and servers to be updated - to avoid breaking compatibility with 1.4.X, folder renaming was simply disabled for the time being
  • backported fix for syncing over IPv6
  • backported fix for multiple versions of Powershell being called under WSL
  • backported fix for checking /lib/sshyp instead of /usr/lib/sshyp

v1.4.2

30 Apr 04:24
Compare
Choose a tag to compare

sshyp v1.4.2
04/30/2023

the argumentative agronomist update - patch two

IMPORTANT: the next major release of sshyp, v1.5.0, will make breaking changes that will require running through 'sshyp tweak' again - also starting with v1.5.0, a copy of the changelog will no longer be packaged with sshyp (it will still be available on GitHub) and clipboard tools (x-clip and wl-clipboard) will be set to optional dependencies ('sshyp tweak' will warn of this)

update 05/11/2023: the FreeBSD package has been re-built to use the appropriate clipboard tools

this release makes use of a new ports framework to make sshyp even smaller and faster than before

user-facing features:

  • full WSL (Windows Subsystem for Linux) support
  • partial MacOS support
    ^ fully functional; packaging support has not yet been added
  • dedicated help screen for 'gen'
    ^ this was previously not included due to 'sshyp gen' being a valid command prior to v1.4.0
  • removed interactive input for whitelist management
    ^ this is to be consistent with the removal of interactive input on clients in v1.4.0

fixes/optimizations:

  • leading and following spaces are no longer stripped when printing entry contents
  • properly display an error when trying to remove a device from the whitelist that is not whitelisted
  • ports framework to remove unneeded code for each platform
    ^ BLANKS.py removes all blank lines
    ^ CLIPBOARD.py removes non-platform-critical clipboard code
    ^ COMMENTS.py removes all comments
    ^ RMSERVER.py removes server-only code for creating client-only packages
    ^ the Haiku package, which was already unsupported as a server, now only includes client code
    ^ SHEBANG.sh sets the shebang to what is required by the platform
    ^ TABS.sh converts all groups of spaces to tabs for space efficiency
    ^ UNAME.py removes all instances of platform detection and leaves only the platform-required code
    ^ THESE SCRIPTS ARE ONLY USED FOR PACKAGING AND DO NOT AFFECT THE SOURCE FILES IN THE GIT REPO

v1.4.1

02 Apr 04:59
Compare
Choose a tag to compare

sshyp v1.4.1

the argumentative agronomist update - patch one

this release improves sshyp's shell completions by adding zsh support and significantly optimizing and improving Bash support

user-facing features:

  • zsh completion support
    ^ ensure modern completions are enabled in your ~/.zshrc

fixes/optimizations:

  • Bash completions are now much faster due to the use of recursive globbing
  • Bash completions have been modified to be functionally similar to the new zsh completions

other notable changes:

  • some official packages now use more space-efficient compression

v1.4.0

05 Mar 00:31
Compare
Choose a tag to compare

sshyp v1.4.0

the argumentative agronomist update

this release overhauls sshyp's argument system and further streamlines
the experience with optimizations and the removal of legacy features

compatibility-breaking changes:

  • there are no technical breaking changes, but the UX has changed significantly due to the new argument system (detailed below)

user-facing features:

  • when typing an entry/folder name, it is now always the FIRST argument
    ^ e.g. instead of sshyp copy -p /example/test, it would now be sshyp /example/test copy -p
    ^ this allows more easily editing the previous command to copy/edit a different field
  • better extension integration
    ^ extensions can now ship with a config file that sshyp can use to call them from standard sshyp arguments
    ^ the first extension supporting this is sshyp-mfa
    ^ if sshyp-mfa v1.4.0.1+ is installed, sshyp /example/test copy -m will copy MFA keys to your clipboard
  • entry/folder names now MUST be specified as arguments
    ^ there is no longer a separate input prompt if the entry/folder name is not provided as an argument
    ^ the input prompt was a legacy feature from before arguments could specify entrys/folders with shell completion
    ^ the entry list generated by entry_list_gen() is still present and can be viewed by running sshyp with no arguments
  • better Bash completions
    ^ now correctly places backslashes to escape spaces in entry/folder names
    ^ slightly faster than the previous iteration
  • IPv6 configuration support

fixes/optimizations:

  • replaced "+=" with ".append" when extending lists to prevent creating an additional list
  • optimized usage of "str.split()" and replaced it with "str.splitlines()" where applicable
  • more concise "if... in ()" syntax replaces long "if" statement chains
  • lists have been substituted with tuples where applicable
  • entry_list_gen() has been re-written to be much smaller and faster
  • os.path is now used in place of pathlib.Path in areas where it is faster
  • the user's home directory is saved to a variable to prevent running expanduser() every time it is needed

other notable changes:

  • removed some uncommonly used, redundant arguments
    ^ e.g. "-rm", "-s", "delete"
    ^ their functionality was NOT removed, just their redundant arguments, since "shear", "sync", and "del" are the accepted syntax
  • errors containing entry/folder names reinforce correct syntax by adding leading/following slashes where necessary
  • thanks to pull request #25, there are new error messages for the read shortcut
    ^ includes when no entry name is provided or the entry name only refers to a directory
  • directories provided in user input are no longer denoted by a following slash
    ^ instead, os.path is used to determine if the user is referring to a file or directory

v1.3.0

14 Dec 08:10
Compare
Choose a tag to compare

sshyp v1.3.0

the serious shepherd update

this release ties up many of sshyp's loose ends where there was
room for major performance, compatibility, and security improvements

compatibility-breaking changes:

  • due to a near full re-write of the syncing functionality, all clients and servers
    must be updated to this release (v1.3.0 is not backwards compatible with any prior release)
  • it is recommended to either delete the contents of ~/.config/sshyp/deleted (on the server-side)
    or sync all of your clients before updating
    ^ old entries in this folder will throw errors with v1.3.0

user-facing features:

  • none - all changes were under-the-hood - the user experience should be
    exactly the same as v1.2.0 - just faster, less buggy, and more secure

major fixes/optimizations:

  • a near full re-write of the syncing functionality
    ^ all syncing logic has been moved into sshync.py (from sshyp.py and sshypRemote.py)
    ^ in my setup, a dry, local "sshyp sync" went from 2.00+ seconds (v1.2.0) to 0.36 seconds (v1.3.0)
    ^ the performance improvements are even greater when syncing from outside your local network
  • the following character sequences will no longer break the syncing logic: "@", "^&", and "&^"
    ^ ASCII separator characters 29-31 are now used, instead
  • os.system has been replaced with subprocess.run in all cases, shell=True is no longer used with subprocess.run
    ^ this protects against shell escape attacks and potentially makes sshyp more compatible with some environments
  • replaced shell commands with python built-in library functions where applicable
    ^ this brings speed and compatibility improvements
  • sshyp should no longer incorrectly assume an X11 environment when Wayland is in use
    ^ this fixes clipboard support in some Wayland environments, such as Sway (Plasma/Gnome/Phosh were unaffected)
  • sshyp now uses the default pinentry on Haiku thanks to haikuports/haikuports#7457
    ^ this brings the Haiku port in-line with the other sshyp packages in terms of security
  • "python3" is now called over ssh, rather than "python"
    ^ some environments do not have a "python" symlink, or it links to "python2" - changing this increases compatibility
  • fixed an issue from v1.2.0 where renaming threw an error if not in offline mode

other notable changes:

  • quick-unlock password input is now hidden while the user is typing
    ^ user input is now invisible to prevent snooping
  • lots of smaller optimizations not listed here

v1.2.0

06 Nov 18:32
Compare
Choose a tag to compare

sshyp v1.2.0

the brisk bahh update

this release focuses on speeding up the sshyp user experience by adding
new features that reduce wasted time

compatibility-breaking changes:

  • new configuration options (quick-unlock, offline mode) have been added and
    the configuration files have been reorganized
    ^ simply running "sshyp tweak" and following the setup wizard will correct any compatibility
    issues
  • for quick-unlock security, device names have been replaced with more secure device ids
    ^ older device names are still compatible, but for security reasons it is recommended
    to delete any pre-existing device names from the server and allow "sshyp tweak" to re-register
    your devices

user-facing features:

  • quick-unlock mode has been added
    ^ this allows you to use a shortened version of your password by verifying that your device
    is whitelisted on your sshyp server - it's both faster and more secure than standard unlock,
    but it requires an active connection to your sshyp server to authenticate (otherwise it will
    fall back to standard unlock)
  • full support for offline usage
    ^ though sshyp could be used without a server before, it now can be configured to not attempt
    to find one ever - this saves time and hides sync failure error messages
  • bash completions have been added
    ^ if you have bash-completion installed, you can now use the tab key in bash to auto-complete
    sshyp arguments and entry names (client only, not added for server-specific arguments)
    ^ if you do not have bash-completion installed, you can source
    /usr/share/bash-completion/completions/sshyp (Linux/BSD) or
    /boot/system/data/bash-completion/completions/sshyp (Haiku) in your ~/.bashrc to
    use this feature

fixes/optimizations:

  • fixed entries with multi-word titles failing to decrypt
  • password generation is now much faster and more resource efficient
  • there is no longer a length limit on generated passwords
  • improved visual consistency of help menus
  • rarely used modules are now imported only when needed
  • sshyp now uses one fewer configuration file

other notable changes:

  • sshyp is now specifically licensed under the GPL-3.0-only (keyword: only)
  • sshyp now has some possible arguments and its own help menu when running in server mode
  • temporary files in /dev/shm are now generated with more complex names
  • sshyp now installs in /usr/lib/sshyp (Linux/BSD) or /system/lib/sshyp (Haiku) instead of
    /usr/bin or /bin (it is still symlinked to the old directories)