Skip to main content

Production-grade async SSH client library with military-grade security features

Project description

AIOSSH

Production-grade async SSH client library with military-grade security.

Python License Version

AIOSSH is a high-performance, secure asynchronous SSH client for Python 3.12+. Built on top of asyncssh with additional layers of security, pooling, encryption, and advanced features for infrastructure automation, DevOps, and secure remote management at scale.

✨ Features

Core

  • Async-first architecture with full asyncio and TaskGroup support (Python 3.11+)
  • High-performance connection pooling with automatic cleanup, health checks, and strict limits
  • Encrypted session storage using AES-256-GCM + ChaCha20-Poly1305 with PBKDF2-HMAC-SHA512 (600k iterations)
  • Advanced rate limiting with sliding window + exponential backoff penalty system
  • 40+ specific exception types for precise error handling and recovery
  • Command injection prevention, SSRF protection, path traversal prevention
  • Audit logging with HMAC-SHA512 tamper-proof signatures

Security (Military-Grade)

  • Constant-time cryptographic comparisons (timing attack resistant)
  • Secure memory wiping for sensitive key material
  • Full support for modern SSH algorithms (curve25519, chacha20-poly1305, etc.)
  • Proxy support: SOCKS5, Jump hosts
  • Input validation and sanitization on all user-controlled data

Advanced Capabilities

  • Plugin system for middleware, hooks, and custom behaviors
  • Command queue with priority scheduling and batch execution
  • Webhook notifications (Discord, Telegram, custom)
  • Telnet support (legacy systems)
  • Kubernetes & Docker exec sessions
  • High-speed parallel SCP/SFTP transfers with progress tracking and disk space checks
  • Session recording & replay for auditing and debugging
  • Comprehensive logging handlers: File, Elasticsearch, Loki, Datadog, Syslog

Developer Experience

  • Full type hints (py.typed) + mypy strict mode compatible
  • Context manager support (async with)
  • Decorators for retry and timing
  • Clean, professional API

📦 Installation

pip install aiossh

For development:

pip install aiossh[dev]

🚀 Quickstart

import asyncio
from aiossh import AIOSSH

async def main():
    async with AIOSSH(master_password="your-very-strong-master-password-here") as client:
        # Connect with automatic pooling and security checks
        session = await client.connect(
            host="server.example.com",
            username="admin",
            password="secret",  # or use key_filename
            # port=22, known_hosts=..., etc.
        )

        # Execute command safely
        result = await client.execute_command(session, "uptime")
        print(result["stdout"])

        # File operations with security
        await client.upload_file(session, local_path="app.tar.gz", remote_path="/tmp/app.tar.gz")

        # Batch commands with controlled concurrency
        results = await client.batch_execute(
            session,
            ["df -h", "free -m", "cat /etc/os-release"],
            max_concurrency=5
        )

        await client.disconnect(session)

if __name__ == "__main__":
    asyncio.run(main())

🔐 Security Considerations

  • Never hardcode passwords in code. Use environment variables or secret managers.
  • Master password for session encryption must be at least 12 characters.
  • All connections go through strict input validation and rate limiting.
  • Private keys and credentials are wiped from memory after use.
  • Audit logs are signed to detect tampering.
  • By default, blocks connections to private/internal IPs (configurable).

For production, always:

  • Use SSH keys instead of passwords when possible.
  • Enable known_hosts verification.
  • Run behind proper firewall rules.
  • Monitor audit logs.

📚 API Overview

  • AIOSSH — Main client (recommended entrypoint)
  • ConnectionPool + PoolConfig — Low-level pooling
  • FastSSHSession + SSHConfig — Direct session management
  • SecurityConfig, RateLimiter, AuditLogger, SecureChannel
  • PluginManager, BasePlugin — Extensibility
  • CommandQueue, WebhookManager, ParallelSCP, etc.

See full documentation and examples in the source or GitHub wiki.

🛠️ Development & Contributing

We welcome contributions! Please open issues or PRs on GitHub.

To run tests (after installing dev deps):

pytest
ruff check .
mypy src/aiossh

📄 License

MIT License — see LICENSE file.

🙏 Acknowledgments

Built on the excellent asyncssh library. Security primitives powered by cryptography.


AIOSSH v2.1.0 — Secure. Fast. Professional.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

aiossh-2.2.0.tar.gz (47.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

aiossh-2.2.0-py3-none-any.whl (53.0 kB view details)

Uploaded Python 3

File details

Details for the file aiossh-2.2.0.tar.gz.

File metadata

  • Download URL: aiossh-2.2.0.tar.gz
  • Upload date:
  • Size: 47.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.6

File hashes

Hashes for aiossh-2.2.0.tar.gz
Algorithm Hash digest
SHA256 79ac1ae4deb22533945da5645cb9552710efb317edfdba4a629cb76a5588d1ef
MD5 dc7ed42e2ff03631b3b4fbb0453d97ae
BLAKE2b-256 fd22c39bf6cfd4cd89188b8fc3ba1d956175b8c32f5dff6eb31d85c9235a1ba2

See more details on using hashes here.

File details

Details for the file aiossh-2.2.0-py3-none-any.whl.

File metadata

  • Download URL: aiossh-2.2.0-py3-none-any.whl
  • Upload date:
  • Size: 53.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.6

File hashes

Hashes for aiossh-2.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 5840f8f5402abd5586e14a6c5cab6fd986d3e22a7d2e8893ec5b10f56dd96523
MD5 1931dbd64e627506037aa9df8cb4b7e6
BLAKE2b-256 c3708164c9514ced8319c396e17eae88ff38c3a474e0e026551580ace16ae79a

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page