ChangeLog of JSch ==================================================================== Last modified: Thu Nov 22 01:06:27 UTC 2018 Changes since version 0.1.54: - bugfix: fixed vulnerabilities in examples; ScpTo.java, ScpFrom.java and ScpNoneCipher.java, https://gist.github.com/ymnk/2318108/revisions#diff-a5ec82fe8ccb2efa64aa42a5592bb137 https://gist.github.com/ymnk/2318108/revisions#diff-c1b069ab3a670f4fd3270d0f57550007 https://gist.github.com/ymnk/2318108/revisions#diff-a20032aa3cc9119fa627ec948b9ada46 thanks to Dylan Katz(http://dylankatz.com). - bugfix: OpenSSHConfig#getUser() should not overwrite the given user-name. - bugfix: fixed 'Invalid encoding for signature' errors in ssh-dss. - bugfix: fixed bugs in the key-exchange for ecdsa-sha2-nistp384, ecdsa-sha2-nistp521. - bugfix: failed to generate the key pair from private keys, ecdsa 384 and 521. - bugfix: failed to load the ecdsa 521 key identity from ssh-add command. - change: updating copyright messages; 2016 -> 2018 - feature: supporting key files on EBCDIC environment. Changes since version 0.1.53: - bugfix: fixed CVS-2016-5725 Refer to following links, http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-5725 https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725 Thanks a lot for tintinweb's contributions. - bugfix: sftp-put may send the garbage data in some rare case. - bugfix: fixed a deadlock bug in KnownHosts#getHostKey(). - bugfix: SftpProgressMonitor#init() was not invoked in sftp-put by using the output-stream. - change: KnownHosts#setKnownHosts() should accept the non-existing file. - change: excluding the user interaction time from the timeout value. - change: addressing SFTP slow file transfer speed with Titan FTP. - change: updating copyright messages; 2015 -> 2016 Changes since version 0.1.52: - bugfix: the rekey initiated by the remote may crash the session. - change: Logjam: use ecdh-sha2-nistp* if available, ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 - change: Logjam: diffie-hellman-group-exchange-sha256 and diffie-hellman-group-exchange-sha1 will use 2048-bit key on Java8's SunJCE, thanks to JDK-6521495 and JDK-7044060. - change: key words for OpenSSH's config file should be case-insensitive. - change: there should be the host name in "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED" message. Changes since version 0.1.51: - bugfix: resource leak: duplicate keys in LocalIdentityRepository. - feature: added the support for SSH ECC defined in RFC5656, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521 This functionality requires Java7 or later. - feature: added the support for server host keys in ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521 - feature: generating key-pairs in ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521 - change: aes192-ctr, aes256-ctr and diffie-hellman-group-exchange-sha256 have been enabled by the default. - change: key exchange methods, ecdh-sha2-nistp256, ecdh-sha2-nistp384 and ecdh-sha2-nistp521 have been enabled by the default. - change: the support for host keys in ecdsa-sha2-nistp256, ecdsa-sha2-nistp384 and ecdsa-sha2-nistp521 have been enabled by the default. - change: 'examples/KeyGen.java' demonstrates how to generate ecdsa-sha2-* key-pairs. - change: updating copyright messages; 2014 -> 2015 - TODO: The ECC support is not functional on Java6 with BouncyCastle. Changes since version 0.1.50: - bugfix: reproducibility of "verify: false". FIXED. Hundreds of thousands of connections had caused that exception. - bugfix: resource leaks at the failure of making local port forwarding. FIXED. - bugfix: NPE in connecting to the non-standard TCP port. FIXED. This problem had appeared if a host-key does not exist in "known_host" file. - bugfix: TCP connection may not be dropped if error messages from the remote are too long. FIXED. - bugfix: SftpATTRS#getAtimeString() returns the wrong string. FIXED. - bugfix: bytes to be added by SSH_MSG_CHANNEL_WINDOW_ADJUST must be in unsigned integer. FIXED. - bugfix: Util#checkTilde() should not convert a tilde in "C:\PROGRA~1\". FIXED. - bugfix: A long long command for ChannelExec will cause an ArrayIndexOutOfBoundsException. FIXED. - bugfix: ChannelSftp should not send bulk request greedily even if the remote window has the enough space. FIXED. - bugfix: Util.createSocket() should throw an exception with 'cause'. FIXED. - bugfix: failed to parse .ssh/config in the EBCDIC environment. FIXED. - bugfix: com.jcraft.jsch.jcraft.HMACSHA1(used only for MacOSX) is not reusable. FIXED. - bugfix: NPE caused by the delayed response for channel opening requests. FIXED. - bugfix: hung-up in uploading huge data to ProFTPd without the config 'SFTPClientMatch "JSCH.*" channelWindowSize 1GB' FIXED. - bugfix: Cipher#init() may cause an infinite loop with 100% cpu use due to https://bugs.openjdk.java.net/browse/JDK-8028627 FIXED. - bugfix: in some case, JSche#setKnowHosts(InputStream stream) may fail to close the given stream. FIXED - change: com.jcraft.jsch.jcraft.HMAC* will not be used. It seems Java6 on Mac OS X has fixed some memory leak bug in JCE, so there is no reason to use c.j.j.j.HMAC* introduced at 0.1.30. - change: updating copyright messages; 2013 -> 2014 - change: allowed to create the symbolic/hard link to the relative path by ChannelSftp#symlink(String oldpath, String newpath) ChannelSftp#hardlink(String oldpath, String newpath) - change: the availability of ciphers listed in "CheckCiphers" config will not be checked if they are not used. - change: Util#fromBase64() will throw JSchException in stead of RuntimeException, if the given string is not in base64 format. - feature: added the support for private keys in PKCS#8 format. - feature: introduced the interface com.jcraft.jsch.PBKDF to abstract the implementation of Password-Based Key Derivation Function, and added its implementation com.jcraft.jsch.jce.PBKDF by using JCE. Changes since version 0.1.49: - bugfix: "verify: false" error on Java7u6(and later). FIXED. http://stackoverflow.com/questions/12279836/ssh-using-jschexception-verify-false-sometimes-fails https://issues.apache.org/jira/browse/IVY-1374 - bugfix: Session#setPortForwardingL(String bind_address, int lport, String host, int rport) will not work for the long host name. FIXED. - change: changed JSch#getIdentityRepository() to be public. - feature: added the following method to choose a canceled remote port-forwarding with the specified bind address, Session#delPortForwardingR(String bind_address, int rport) - feature: added support for following OpenSSH's sftp extensions, posix-rename@openssh.com, statvfs@openssh.com, hardlink@openssh.com, and some methods and a class to use those functionalities, ChannelSftp#hardlink(String oldpath, String newpath), ChannelSftp#statVFS(String path) SftpStatVFS - feature: added support for OpenSSH's configuration file, JSch#setConfigRepository(ConfigRepository configRepository) JSch#getConfigRepository() OpenSSHConfig class Session#getSession(String host) and added an example to demonstrate how to use it, examples/OpenSSHConfig.java OpenSSHConfig class will recognize the following keywords, Host User Hostname Port PreferredAuthentications IdentityFile NumberOfPasswordPrompts ConnectTimeout HostKeyAlias UserKnownHostsFile KexAlgorithms HostKeyAlgorithms Ciphers Macs Compression CompressionLevel ForwardAgent RequestTTY ServerAliveInterval LocalForward RemoteForward ClearAllForwardings - feature: added support for "diffie-hellman-group-exchange-sha256" - feature: allowed to use tilde(~) in the file name, JSch#setIdentity(String prvkey, String pubkey) JSch#setKnownHosts(String prvkey, String pubkey) - feature: added support for known_hosts file, which may include markers(@revoke) and comments. HostKey(String host, int type, byte[] key, String comment) HostKey(String marker, String host, int type, byte[] key, String comment) HostKey#getComment() HostKey#getMarker() - feature: added following methods to KeyPar class, writePrivateKey(java.io.OutputStream out, byte[] passphrase) writePrivateKey(String name, byte[] passphrase) - feature: allowed to set the connection timeout for the local port-forwarding, and added following methods, Session#setPortForwardingL(String bind_address, int lport, String host, int rport, ServerSocketFactory ssf, int connectTimeout) ChannelDirectTCPIP#connect(int connectTimeout) - feature: added the following method to Session class getStreamForwarder(String host, int port) and updated example/StreamForwarding.java to use that method. - feature: added following methods to Session class, setPortForwardingL(String conf) setPortForwardingR(String conf) - feature: allowed to have the session local HostkeyRepository, Session#setHostKeyRepository(HostKeyRepository hostkeyRepository) Session#getHostKeyRepository() - feature: added support for OpenSSH's local extension, "no-more-sessions@openssh.com" and the method, Session#noMoreSessionChannels() Changes since version 0.1.48: - bugfix: Some sftp servers will sometimes fail to handle bulk requests, and whenever detecting such failures, we should re-send requests again and again. FIXED - bugfix: KeyPair#getFingerPrint() should return a fingerprint instead of keysize + " " + fingerprint. FIXED - bugfix: KeyPair#getKeySize() should return its key size. FIXED - bugfix: SftpATTRS#isDir() should return false for unix domain socket files. FIXED - change: improved the heuristics for the password prompt in the keyboard-interactive authentication. It may not be started with "password:". - change: ChannelSftp#put(InputStream src, String dst) will not check if dst is directory or not, and if an exception is thrown, the check will be done. - change: if the compression is enabled without jzlib.jar, an exception will be thrown. - feature: JSch#addIdentity() and KeyPair#load() methods will accept Putty's private key files. Note that Putty encrypts its private key with "aes256-cbc". So, to handle such key files, "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files" must be installed. - feature: hmac-sha2-256 defined in RFC6668 is supported. - feature: added following methods to KeyPair class, byte[] getSignature(byte[] data) Signature getVerifier() byte[] forSSHAgent() void setPublicKeyComment(String comment) - feature: added following methods to SftpATTR class, boolean isChr() boolean isBlk() boolean isFifo() boolean isSock() Changes since version 0.1.47: - change: the file transfer speed with ChannelSftp#get(String src) has been improved; sending multiple requests at any one time. - change: by the default, at most, 16 requests will be sent at any one time in ChannelSftp. - feature: added Session#{setIdentityRepository(),getIdentityRepository()} Changes since version 0.1.46: - bugfix: failed to initialize channels for the stream forwarding. FIXED - change: Session#getHostKey() will return the given hostkey even if session is not established. - change: Logger will record additional messages about algorithm negotiations. - feature: added ChannelSftp#ls(String path, LsEntrySelector selector) method. - feature: added IdentityRepository#{getName(),getStatus()} methods. Changes since version 0.1.45: - bugfix: in the agent forwarding mode, "ssh-add -l" on the remote will freeze. FIXED - bugfix: requests should not be sent to the closed channel. FIXED - bugfix: ChannelShell#setAgentForwarding(true) will cause resource leaks. FIXED - change: for the efficiency, channel opening will be delayed in local port forwarding. - change: added examples/Sudo.java to demonstrate sudo on exec channel. - change: authentication trials will be failed at 6 failures by the default. - change: updating copyright messages; 2011 -> 2012 - feature: added JSch#setIdentityRepository(IdentityRepository irepo) to integrate with jsch-agent-proxy. Changes since version 0.1.44: - bugfix: fields referred by multiple threads simultaneously should be volatile. FIXED - bugfix: use local window size offered by the remote in sftp put. FIXED - bugfix: SftpProgressMonitor#init was not invoked in sftp-put for input-stream. FIXED - bugfix: sftp protocol version 3, 4 and 5 should allow only UTF-8 encoding. FIXED - bugfix: Channel Subsystem had failed to set X forwarding flag. FIXED - bugfix: Channel X11 had leaked some resources. FIXED - bugfix: packet compression may break sessions in some case(transferring deflated data). FIXED - bugfix: failed to set dev-null for logger FIXED - bugfix: even in sftp protocol version 3 session, some sftpd sends data packets defined in sftp protocol 6 ;-( working around it. FIXED - bugfix: ChannelSftp file globbing logic had missed the string "foo\\\*bar" as a pattern. FIXED - bugfix: sequential accesses to ChannelSftp by multiple threads may break its I/O channel. https://bugs.eclipse.org/bugs/show_bug.cgi?id=359184 FIXED - bugfix: KeyPair.load can not handle private keys cyphered with AES. FIXED - change: to improve sftp-put performance, send multiple packet at one time. - change: wait/notify will be used instead of sleep loop in establishing channel connections. - change: increasing local window size for sftp get. - change: updating copyright messages; 2010 -> 2011 - change: src/com -> src/main/java/com - feature: key-exchange method "diffie-hellman-group14-sha1" (RFC4253#section-8.2) - feature: KeyPair#getPlulicKeyCommment() is added. Changes since version 0.1.43: - bugfix: hmac-md5-96 and hmac-sha1-96 are broken. FIXED. - bugfix: working around OOME in parsing broken data from the remote. FIXED. - bugfix: failed to send very long command for exec channels. FIXED. - bugfix: in some case, failed to get the response for remote port-forwarding request. FIXED. - feature: support for private keys ciphered with aes192-cbc and aes128-cbc. Changes since version 0.1.42: - bugfix: the remote window size must be in unsigned int. FIXED. - bugfix: support for EBCDIC environment. FIXED. - bugfix: data may be written to the closed channel. FIXED. - bugfix: NPE in closing channels. FIXED. - bugfix: the private key file may include garbage data before its header. FIXED. - bugfix: the session down may not be detected during the re-keying process. FIXED. - change: try keyboard-interactive auth with the given password if UserInfo is not given. - change: working around the wrong auth method list sent by some SSHD in the partial auth success. - change: working around the CPNI-957037 Plain-text Recovery Attack. - change: in searching for [host]:non-default port in known_hosts, host:22 should be also checked. - change: updating copyright messages; 2009 -> 2010 Changes since version 0.1.41: - bugfix: making exec request during re-keying process will cause the dead lock for the session. FIXED. Many thanks for PanLi at Prominic dot NET and www.prominic.net, US based hosting company. Without their testing JSch with hundreds of hosts and their bug reports, this problem was not fixed. - change: updating copyright messages; 2008 -> 2009 Changes since version 0.1.40: - bugfix: canceling the remote port-forwarding with the incorrect bind-address. FIXED. - bugfix: sftp had missed to close the file in some case. FIXED. - bugfix: ls(sftp) will throw an exception for the empty directory in connecting to some sftpd server. FIXED. - change: dropping the session gently in accepting incorrect packets. - change: by the default, aes128-ctr will be chosen if it is available on the local and the remote. - feature: adding the support for the private key ciphered in AES256. - feature: new ciphers: aes128-ctr,aes192-ctr,aes256-ctr, 3des-ctr,arcfour,arcfour128 ,arcfour256 Changes since version 0.1.39: - bugfix: ProxySOCKS4 had not been functional. FIXED. - bugfix: NPE at closing the session when it is not opened. FIXED. - change: JSch#getConfing has become public. Changes since version 0.1.38: - bugfix: session will be dropped at rekeying. FIXED. - bugfix: NPE should not be thrown at unexpected session drop. FIXED. - change: Channel#getSession() may throw JSchExecption. Changes since version 0.1.37: - bugfix: NPE should not be thrown at unexpected session drop. FIXED. - bugfix: AIOOBE at Session#connect(). FIXED. - bugfix: Even if 'true' is given for Channel#setOutputStream(OutputStream out, boolean dontclose) as the second paramter, 'out' will be closed. FIXED. - change: 'examples/Sftp.java' has been modified to demonstrate ChannelSftp#reaplpath(String path) - change: setEnv(Hashtable env) for exec and shell channels have been marked as @deprecated - feature: setEnv(String name, String value) has been added to exec and shell channels. - feature: setEnv(byte[] name, byte[] value) has been added to exec and shell channels. - feature: ChannelSftp#realpath(String path) has been added. - feature: ChannelExec#setCommand(byte[] command) has been added. - feature: com.jcraft.jsch.ChannelSftp.LsEntry has implemented java.lang.Comparable - feature: Session#getServerAliveInterval(), Session#getServerAliveCountMaX() have been added. Changes since version 0.1.36: - bugfix: some sftpd will send invalid data in sftp protocol point of view, and we need to work around such data. FIXED. - bugfix: the stream forwarding had been broken since 0.1.30. FIXED. - bugfix: failed to detect 'SSH_MSG_CHANNEL_OPEN_FAILURE'. FIXED. - bugfix: ChannelSftp will generate the unfavorable absolute pathname in some case. FIXED. - bugfix: failed to ignore the invalid public-key file. FIXED. - change: ignoring empty data sent by 'SSH_MSG_CHANNEL_DATA' and 'SSH_MSG_CHANNEL_EXTENDED_DATA'. - change: updating copyright messages; 2007 -> 2008 - change: build.xml will enable 'javac.debug' option by the default. - change: added logging messages to IndentityFile and Session class. - change: followings are deprecated methods, InputStream ChannelSftp#get(String src, int mode) InputStream ChannelSftp#get(String src, SftpProgressMonitor, int mode) - feature: following method is added, InputStream ChannelSftp#get(String src, SftpProgressMonitor monitor, long skip) Changes since version 0.1.35: - bugfix: ChannelSftp can not handle the local filenames correctly on Windows. FIXED. - bugfix: '/' must be handled as the file separator on JVM for Windows. FIXED. - change: the system property "javax.security.auth.useSubjectCredsOnly" will be set to "false" for "gssapi-with-mic" if that property is not given explicitly. - change: added changes about ChannelSftp#{pwd(), home()} to ChangeLog; 'Changes since version 0.1.34:' section. Changes since version 0.1.34: - bugfix: the OutputStream from the channel may make the JVM lockup in some case. FIXED. There was a possibility that Channel#connect() may be failed to initialize its internal without throwing the JSchException. On such case, the write operation for OutputStream from that channel will cause the system(JVM) to lock up. - bugfix: ChannelSftp had problems filename globbing. FIXED. - bugfix: the message included in SSH_FXP_STATUS must be UTF-8. FIXED. - change: ChannelSftp supports the filename globbing for the filename in multi-byte characters. - change: ChannelSftp will internally handle filenames in UTF-8 encoding. - change: ChannelSftp#pwd() may throw an SftpException. - change: ChannelSftp#home() may throw an SftpException. - feature: following methods have been added in ChannelSftp String getServerVersion() String getClientVersion() void setFilenameEncoding(String encoding) String getExtension(String key) Changes since version 0.1.33: - bugfix: there had a possibility that the session may be broken if ciphers for upward/downward streams are different. FIXED. - bugfix: the authentication method "keyboard-interactive" had not been tried without UserInfo. FIXED. - bugfix: ChannelShell#setTerminalMode(byte[] terminal_mode) had not been functional. FIXED. - bugfix: the remote port-forwarding to the daemon had been broken since 0.1.30. FIXED. - change: the cipher "aes128-cbc" will be used if AES is available. - change: the interface 'com.jcraft.jsch.ForwardedTCPIPDaemon' has been changed. - change: the data transfer rate will be improved on some environment. - feature: ChannelExec can control the size of pty; ChannelExec#setPtySize(int col, int row, int wp, int hp) is added. - feature: the property "CheckCiphers" has been added. Refer to 'examples/AES.java'. - feature: Session#setConfig(String key, String value), JSch#setConfig(String key, String value) have been added. Changes since version 0.1.32: - bugfix: freeze in 'diffie-hellman-group-exchange-sha1'. FIXED. By the default, 'diffie-hellman-group1-sha1' will be used and if you have not chosen 'diffie-hellman-group-exchange-sha1' explicitly, you don't have to worry about it. - bugfix: there should be timeout mechanism in opening a socket for remote port forwarding. FIXED. At the failure or timeout, 'SSH_MSG_CHANNEL_OPEN_FAILURE' will be sent to sshd. - bugfix: there should be timeout mechanism in opening a socket for X11 forwarding. FIXED. At the failure or timeout, 'SSH_MSG_CHANNEL_OPEN_FAILURE' will be sent to sshd. Changes since version 0.1.31: - bugfix: remote port forwarding will be hanged at its closing. FIXED. - bugfix: X forwarding channels will be hanged and some resources will be leaked whenever they are closed. FIXED. - bugfix: failed to detect "Connection refused". FIXED. - bugfix: at the failure for keyboard-interactive auth method, a session will be terminated. FIXED. - bugfix: due to the cancel for keyboard-interactive auth method, a session will be terminated. FIXED. - change: com.jcraft.jsch.jcraft.Compression#uncompress will respect the argument "start". - change: "gssapi-with-mic" will choose the default credential. - feature: Session#setPortForwardingL will return the assigned local TCP port number; TCP port will be assigned dynamically if lport==0. - feature: support for SSH_MSG_UNIMPLEMENTED. - feature: support for PASSWD_CHANGEREQ. Changes since version 0.1.30: - bugfix: a problem in padding for ciphered private key. PKCS#5 padding should be used. FIXED. - bugfix: crash in parsing invalid public key file. FIXED. - bugfix: a public key may not have a comment. FIXED. - bugfix: output stream from ChannelSftp#put will hang if it is closed twice. FIXED. - feature: agent forwarding. To enable this functionality, Channel{Exec,Shell,Sftp}#setAgentForwarding(boolean enable) are added. - feature: ChannelShell#setTerminalMode(byte[] terminal_mode) is added. - feature: Session#setDaemonThread(boolean true) to run internal threads as daemon threads. - feature: an option "PreferredAuthentications" is added. The default value is "gssapi-with-mic,publickey,keyboard-interactive,password". - change: if alias-name is given, non-standard TCP port number will not be saved in 'known_hosts' file. Changes since version 0.1.29: - bugfix: ChannelSftp#cd() will not throw an exception even if a file is given. FIXED. - bugfix: ChannelSftp#put() has a bug which will appear in using on the slow network. FIXED. - bugfix: ChannelSftp#ls() has a bug which will appear in using on the slow network. FIXED. - bugfix: a bug had sneaked in the remote port forwarding. FIXED. - bugfix: some APIs from JCE have the memory leak on Mac OS X, so we have re-written the code(com.jcraft.jsch.jcraft.HMAC* classes) without them. On Mac OS X, such new classes will be used automatically. FIXED. - bugfix: the session will be crashed by the long banner message. FIXED. - change: '/dev/random' will not be referred on Gnu/Linux. - change: if non-standard TCP port number is used, that number will be saved in known_hosts file as recent OpenSSH's ssh client does. - change: Channel#getOutputStream will not use Piped{Output,Input}Stream. - change: com.jcraft.jsch.HostKeyRepository interface has been slightly modified. - feature: Session#setPortForwardingR(String bind_address, ...) has been added. - feature: the packet compression method 'zlib@openssh.com' has been supported. - feature: the hashed known_hosts file has been supported. Refer to 'examples/KnownHosts.java'. - feature: the authentication method 'gssapi-with-mic' has been experimentally supported. - feature: com.jcraft.jsch.Logger interface and JSch#setLogger(Logger logger) have been added. Refer to 'examples/Logger.java' for the usage. Changes since version 0.1.28: - bugfix: ChannelSftp#put will stack in some situations FIXED. - bugfix: ChannelSftp invoked 'glob_remote' redundantly. FIXED. - bugfix: ChannelSftp failed to make globbing for some file names. FIXED. - bugfix: ChannelSftp did not carefully read its input-stream. FIXED. - bugfix: ChannelSftp#lstat did not try globbing for given path. FIXED. - bugfix: at closing channel, eof_lcoal and eof_remote did not become true. FIXED. - bugfix: IdentityFile did not carefully read file input-streams. FIXED. - bugfix: KeyPair did not carefully read file input-streams. FIXED. - bugfix: ProxySOCKS4 did not carefully read file input-streams. FIXED. - bugfix: ProxySOCKS5 did not carefully read file input-streams. FIXED. - bugfix: ForwardedTCPIPDaemom may fail in some situation. FIXED. - bugfix: X forwarding failed to handle the magic-cookie in some case FIXED. Thanks to Walter Pfannenmller. - bugfix: setKnownHosts in KnownHosts.java doesn't read the last line if linefeed is missing FIXED. Thanks to Henrik Langos. - bugfix: With StrictHostKeyChecking set to yes connect() shouldn't ask. FIXED. Thanks to Henrik Langos. - change: Identity#setPassphrase(String passphrase) is replaced with Identity#setPassphrase(byte[] passphrase). - change: IdentityFile will clear its internal secrets at finalizing. - change: KeyPair will clear its internal secrets at finalizing. - change: KeyPair will clear its internal secrets at finalizing. - change: MAC#doFinal() is replaced with MAC#doFile(byte[] buf, int offset) - change: at TCP socket reading timeout, keep-alive message will be sent to the remote sshd. To disable this functionality, invoke explicitly Session.setServerAliveCountMax(0) - change: PortWatcher stops to use InetAddress.getByAddress(). - change: in the user authentication, username, password and passphrase will be encoded in UTF-8. - change: JSch#addIdentity will check duplicate keys. - change: SftpException#message has been deleted. - change: SftpException#getMessage() will return the detailed message. - feature: IdentityFile#setPassphrase(byte[] passphrase) is added. - feature: IdentityFile#clear() is added to clear its internal secrets. - feature: KeyPair#decrypt(byte[] passphrase) is added. - feature: JSch#addIdentity(String path, byte[] passphrase) is added. - feature: JSch#getIdentityNames() is added. - feature: JSch#removeIdentity(String name) is added. - feature: JSch#removeAllIdentity() is added. - feature: ChannelSftp#readlink(String path) is added. - feature: ChannelSftp#getHome() is added. - feature: Channel#connect(int connectTimeout) is added. - feature: ChannelShell#setPtyType(String ttype) is added. - feature: Session#setPassword(byte[] password) is added. - feature: Session#setHostKeyAlias(String alias) is added. - feature: KeepAlive is implemented and Session#setServerAliveInterval(int interval) and Session#setServerAliveCountMax(int count) are added. - feature: Session#sendKeepAliveMsg() is added. - feature: JSchException#getCause() may return a reason. - feature: SftpException#getCause() may return a reason. - feature: ChannelExec#setErrStream(OutputStream out, boolean dontclose) is added. Changes since version 0.1.27: - bugfix: ChannelSftp#localAbsolutePath did not work correctly. FIXED. - bugfix: ChannelSftp#chmod did not work for directory. FIXED. - bugfix: ProxyHTTP had a bug in processing HTTP headers. FIXED. - bugfix: messages before server's version string should be ignored. FIXED. - feature: Environment Variable Passing. Changes since version 0.1.26: - bugfix: there was a session crash bug. That occurrence is rare, but depends on the thread scheduling. FIXED. - bugfix: problems in generating remote/local absolute paths on sftp. FIXED. - bugfix: problems in handling cancel operations for sftp. FIXED. - bugfix: ChannelX11s were not terminated for a wrong cookie. FIXED. - bugfix: NoSuchAlgorithmException should be thrown if JCE is not accessible. FIXED. - bugfix: ProxyHTTP should check the return code from proxy. FIXED. - bugfix: server's version string should be checked carefully. FIXED. - feature: some more improvements on sftp uploading. - feature: 'getUserName' method is added to Session class. Changes since version 0.1.25: - bugfix: infinite loop/hang on connection at unexpected error during key-exchanging operation. FIXED - bugfix: delays on sftp uploading. FIXED - bugfix: failed to purge a host-key from its repository in some case. FIXED. - feature: SOCKS4 proxy Changes since version 0.1.24: - bugfix: remote port forwarding is not established. FIXED. - bugfix: failed to parse known_hosts file if it has a long public key blob. FIXED. - bugfix: sftp put/get operations keep failing. FIXED. - bugfix: ChannelShell.setXForwarding always set xforwarding to be true. FIXED. - change: ChannelShell.setPty is added. - change: Proxy interface is free from session object. - change: added examples/ScpToNoneCipher.java to demonstrate NONE Cipher switching. - feature: added NONE Cipher switching support. - feature: timeout check will be enabled for proxy connections. Changes since version 0.1.23: - bugfix: there was resource leak problems in closing local port forwardings. FIXED. - bugfix: there was a session crash problems in using aes-cbc cipher. FIXED. - change: ChannelSession.setPtySize was redefined. - feature: added SocketFactory for remote port forwarding. Session.setPortForwardingR(int rport, String host, int lport, SocketFactory sf) - feature: added ServerSocketFactory for local port forwarding. Session.setPortForwardingL(String boundaddress, int lport, String host, int rport, ServerSocketFactory ssf) Changes since version 0.1.22: - bugfix: there was a freeze problem at fails on key-exchanging. FIXED. - bugfix: race-condition forcefully disconnects session in closing channels. FIXED. Changes since version 0.1.21: - bugfix: there is a bug in read() method implementation for the input-stream returned from ChannelSftp.get(). FIXED. - bugfix: at fail on requesting for the remote port forwarding, an exception should be thrown. FIXED. - bugfix: SSH_MSG_CHANNEL_OPEN request for the X11 forwarding should not be accepted if clients don not expect it. FIXED. - bugfix: there is a problem in transferring large data(mote than 1GB) to sshd from recent OpenSSH(3.6.1 or later). FIXED. For security concerns, those sshd will re-key periodically and jsch had failed to handle it. - bugfix: 'exec', 'shell' and 'sftp' channels will fail if the acceptable packet size by remote sshd is not so large. FIXED. - bugfix: there are problems in 'InputStream ChannelSftp.get(String)' and 'OutputStream put(String)'. FIXED. - feature: added boolean flag 'dontclose' to * setInputStream(), * setOutputStream() and * setExtOutputStream() methods of Channel class. - feature: added 'com.jcraft.jsch.ChannelSubsystem' - feature: allowed to control the compression level in the packet compression. Refer to 'examples/Compression.java'. - change: modified 'com/jcraft/jsch/jce/KeyPairGenRSA.java' to be complied on JDK 1.2. - change: 'examples/ScpTo.java' and 'examples/ScpFrom.java' will use 'long' type for the file size instead of 'int'. - change: 'Identity.getSignature' method will not expect 'session'. - change: while waiting for socket connection establishment, Thread.join will be used instead of Thread.sleep. Changes since version 0.1.20: - known issue: there are problems in 'InputStream ChannelSftp.get(String)' and 'OutputStream put(String)'. They will be re-implemented in the next release. - bugfix: EOF packets should not be sent twice. This bug had crashed the session on every channel close. FIXED. - bugfix: at the fail on opening connection to remote sshd, a misleading exception "invalid server's version string" had been thrown. FIXED. - bugfix: fixed a bug in hadling the size of remote channel window. - bugfix: channels should not be closed even if EOF is received. FIXED. - bugfix: fixed bugs in file name globbing on sftp. - change: to transfer packets efficiently, the size of internal buffer for each channel has been increased. - change: ChannelSftp.ls will return a vector of com.jcraft.jsch.ChannelSftp.LsEntry. Sorry for inconveniences. - feature: added ForwardedTCPIPDaemon. Refer to 'examples/Daemon.java', which demonstrates to provide network services like inetd. - feature: ChannelExec.setPty() method to request for assigning pseudo tty. - feature: added ciphers "aes128-cbc", "aes192-cbc" and "aes256-cbc". Refer to 'examples/AES.java'. - feature: local port-forwarding settings can be dynamically deleted by the bound address. - feature: added 'Channel.isClosed()'. Channel.getExitStatus() should be invoked after Channel.isClosed()==true. Changes since version 0.1.19: - ClassCastException while calling ChannelExec.finalize() method. FIXED. Thanks to wswiatek at ais dot pl. Changes since version 0.1.18: - fixed problems related to thread-safety. Thanks to Eric Meek at cs dot utk dot edu. - At the lost of the network connectivity to the remote SSHD, clients connected to the local port were never made aware of the disconnection. FIXED. - fixed confusions in handling EOFs from local input stream and the input stream for remote process. - 'com.jcraft.jsch.jce.AES128CBC' is added, but it is not be functional in this release. It will work in the next release. - Some sshd(Foxit-WAC-Serve) waits for SSH_MSG_NEWKEYS request before sending it. FIXED. - fixed a problem in connecting to Cisco Devices. Thanks to Jason Jeffords at comcast dot net. - changed the method 'add' of 'HostKeyRepository' interface. - 'UIKeyborarInteracetive' will ignore empty prompt by sshd. - added 'sendIgnore()' method to 'Session' class. - added '-p' for scp command in 'examples/ScpTo.java' to preserve modification times, access times, and modes from the original file. Changes since version 0.1.17: - added 'com.jcraft.jsch.HostKeyRepository' interface. It will allow you to handle host keys in your own repository (for example, RDB) instead of using 'known_hosts' file. - added methods to get the finger-print of host keys. refer to 'examples/KnownHosts.java'. - improved 'known_hosts' file handling. - comment lines will be kept. - SSH1 host keys will be kept. - each hostname can have multiple host keys. - fixed a crash bug in processing private keys which have too long key-bits. Changes since version 0.1.16: - 'com.jcraft.jsch.jce.DHG1' and 'com.jcraft.jsch.jce.DHGEX' are moved to 'com.jcraft.jsch' package. - added APIs to handle hostkeys included in 'known_hosts', JSch.getHostKeys(), JSch.removeHostKey() - allowing to set timeout value in opening sockets, Session.connect(int timeout) Changes since version 0.1.15: - adding support of setting mtime for remote files on sftp channel. - setKnownHosts method of JSch class will accept InputStream. - implementation of Basic password authentication for HTTP proxy. - fixed a bug in checking which ssh protocol version remote sshd supports - SSH_MSG_CHANNEL_OPEN_FAILURE will be handled correctly. - methods in SftpATTRS class has been public. - working around SIGBLOB bug hidden in older sshd. Changes since version 0.1.14: - fixed a crash bug in accepting keep-alive messages. - the parent directory of 'known_hosts' file will be created if it does not exist. - the Subsystem channel support was removed. Changes since version 0.1.13: - added 'setClientVersion' method to Session class. - fixed hung-up problem on SftpChannel in connecting to the sshd, which does not support sftp. - fixed OutOfMemory exception problem in decrypting a private key with bad passphrase. - fixed hung-up problem in communicating with the sshd, whose window size is small. - RuntimeExceptions will be thrown from jsch APIs. - SSH_MSG_CHANNEL_SUCCESS and SSH_MSG_CHANNEL_FAILURE requests have been supported. Changes since version 0.1.12: - added the partial authentication support. - allowing to change the passphrase of a private key file instead of creating a new private key. - added 'examples/ChangePassphrase.java' - the interface 'UIKeyboardInteractive' has been modified. Changes since version 0.1.11: - RSA keypair generation. - added the method 'getFingerPrint' to KeyPair class, which will return the finger print of the public key. - fixed a bug in generating non-ciphered private key. Changes since version 0.1.10: - fixed a bug in the password authentication, sneaked in 0.1.9. By this bug, the password authentication had failed every time. Changes since version 0.1.9: - username and password can be in UTF-8 encoding. - DSA keypair generation. - added 'examples/KeyGen.java', which demonstrates the DSA keypair generation. Changes since version 0.1.8: - fixed crash problems on the local port forwarding. - fixed crash problems on the remote port forwarding. - added setErrStream() and getErrStream() to ChannelExec. - added keyboard-interactive authentication support. - modified TripleDESCBC to support IBM's JDK 1.4.1. - added 'examples/UserAuthKI.java', which demonstrates keyboard-interactive authentication. Changes since version 0.1.7: - added APIs for sftp resume downloads and uploads. The author greatly appreciates elpernotador(webmaster at unlix dot com dot ar), who motivated him to hack this functionality. - 'examples/Sftp.java' demonstrates sftp resume functionality. Please refer to "put-resume", "put-append", "get-resume" and "get-append" command. - added the support of 'window-change' request. - fixed a freeze bug in 'Inputstream get(String src)' method of 'ChannelSftp' class. Changes since version 0.1.6: - added 'int getExitStatus()' method to 'Channel' class. - fixed crash bugs in closing channels for port forwarding. - fixed glitches in managing forwarded ports. Changes since version 0.1.5: - fixed crash bugs in port forwarding. - modified to use "ssh-rsa" for key-exchanging by the default. - the port forwarding setting can be canceled dynamically. - fixed a freeze bug in getting an empty file on sftp channel. Changes since version 0.1.4: - fixed a bug in managing local window size. The local window should be consumed by CHANNEL_EXTENDED_DATA packet. - checking the availability of the ssh session in opening channels. In some case, ssh session had been freezed. - java.io.File.separator will be refereed in generating local pathname on sftp channel. - absolute local pathname will be handled correctly on sftp channel. Changes since version 0.1.3: - fixed a serious bug, which had leaked resources related to ChannelExec. - added the older SFTP protocol(version 0, 1, 2) support. - fixed a problem in the authentication step for FSecure's sshd. - fixed a bug, which had broken Diffie-Hellman key exchange in some case. - implemented the file name globbing for local files on sftp session. - fixed a bug in the file name globbing. - added an interface 'SftpProgressMonitor'. - modified 'examples/Sftp.java' to demonstrate displaying progress-bar in transferring files. Changes since version 0.1.2: - modified 'build.xml' to allow Ant users to compile jsch with debug support (i.e. line-number tables) by overriding the property javac.debug on the command line. - added a property 'StrictHostKeyChecking'. - added 'UserAuthNone' class to request a list of authentication methods on remote sshd. - channels will be managed in each sessions. - added 'ChannelSubsystem', which allows users to use their own implementations for subsystems. - added 'isEOF()' method to 'Channel' class. - supported key pair files in DOS file format. Changes since version 0.1.1: - added the file name globbing support on sftp session. - fixed a bug in the public key authentication. When there was not a public key in ~/.ssh/, that problem occurred. - improved the 'setTimeout' method. - fixed a typo in 'LICENSE.txt' Changes since version 0.1.0: - added 'rekey' method to 'Session' class for key re-exchanging. - added 'rekey' and 'compression' command to 'examples/Sftp.java'. - added new 'get' and 'put' methods to 'ChannelSftp'. Those methods will operate I/O streams. - methods in 'ChannelSftp' will throw 'SftpException' - 'ChannelSftp.Ssh_exp_name' is added for the output of 'ls'. Thanks to Graeme Vetterlein. - added 'setTimeout' and 'getTimeout' methods to 'Session' class. - guess will be done in the algorithm negotiation step. - FSecure's DSA private key has been supported partially. - hostkeys will be saved into 'known_hosts' file. - fixed a bug in 'Util.toBase64' method. - 'Identity' will reject unrecognized keys. - 'build.xml' will check if jzlib is available or not. Thanks to Stefan Bodewig. - added javadoc target in 'build.xml'. Thanks to Robert Anderson. Changes since version 0.0.13: - fixed a bug in connecting to Fsecure's sshd on Windows. - the license is changed to BSD style. Changes since version 0.0.12: - fixed a bug in verifying DAS signatures. - added 'SftpATTR' class, which allow you to get attributes of remote files on sftp channel, and 'stat', 'lstat' method are added to 'ChannelSftp' class. - added 'getInputStream' and 'getOutputStream' methods Channel class, which return passive I/O streams. - 'setIdentity' method is deleted from 'Session' class and 'addIdentity' method is added to 'JSch' class - 'setUserName' method is deleted from 'Session' class and 'getSession' method of 'JSch' class is changed. - 'isConnected' method is added to 'Session' class. - 'UserInfo' interface is changed. Changes since version 0.0.11: - taking care of remote window size. - adding 'disconnect' method to 'Channel' and 'Session' classes. - signal sending support. - 'mkdir' command for sftp. - 'fromBase64' method has been moved to Util class and 'toBase64' method has also been added to that class. - 'KnownHosts' class for checking host-key in 'known_host' file. - 'examples/KnownHosts.java' has been added. - 'setUserName' and 'setPassword' methods have been added to Session class. - 'UserInfo' interface has been changed. - The implementation of compression has moved to 'com.jcraft.jsch.jcraft' package. - fixed a bug in handling 'SSH_MSG_CHANNEL_REQUET' request. - fixed a bug in sending multiple requests on a single session. Changes since version 0.0.10: - Diffie-Hellman key exchange 'diffie-hellman-group1-sha1' is supported. Refer to 'src/com/jcraft/jsch/jce/DHG1.java'. Thanks to Mitsugu Kitano, whose feedback was very helpful. - By the default, 'diffie-hellman-group1-sha1' will be used in the key exchange step. - The file attribute on 'SSH File Transfer Protocol' is supported. Now, we can say JSch supports 'SSH File Transfer Protocol'. - 'examples/Sftp.java' is updated. 'chgrp','chown','chmod' commands are supported. Changes since version 0.0.9: - SSH File Transfer Protocol is supported partially. - 'examples/Sftp.java' is added. This example is a tiny sftp command and supports 'cd','put','get','rm',etc. - 'close' method is added to Channel interface. - build.xml for examples is added. Thanks to Ronald Broberg. Changes since version 0.0.8: - the tunneling through a SOCKS5 proxy is supported. - 'examples/ScpFrom.java' is added. - 'com.jcraft.jsch.UserInfo' interface is modified. Changes since version 0.0.7: - Packet comression is supported. - 'examples/Compression.java' is added. - JZlib is included. Changes since version 0.0.6: - RSA host key is supported. - RSA public key authentication is supported. Changes since version 0.0.5: - DSA public key authentication is supported. - examples/UserAuthPubKey.java is added. - examples/ScpTo.java is added. Changes since version 0.0.4: - 3des-cbc is supported. - hmac-sha1 is supported. - hmac-md5-96 is supported. - hmac-sha1-96 is supported. Changes since version 0.0.3: - port forwarding, similar to the -L option of SSH. - examples/PortForwardingL.java is added. - examples/StreamForwarding.java is added. - examples/Exec.java is renamed as examples/Shell.java - stream forwarding is added. - ChannelSftp class is added for implementing filexfer. - interfaces for jsch users are changed. Changes since version 0.0.2: - remote exec is supported. - examples/Exec.java is added. - build.xml and some scripts for Ant are added. (lbruand) - Const class is added. (lbruand) Changes since version 0.0.1: - the tunneling via HTTP proxy is supported. - port forwarding like option -R of ssh command. the given port on the remote host will be forwarded to the given host and port on the local side.