spindlex 0.7.0

A modern, high-performance SSHv2 and SFTP client/server library

Quick Start • Documentation • Security • Contributing

---

⚡ Overview

SpindleX is a modern SSH protocol implementation for Python 3.9+. It is designed for high-performance automation and secure file transfers, providing a clean alternative to legacy SSH libraries.

[!NOTE] 0.7.x - ChaCha20-Poly1305 & SFTP throughput era. This release line adds full chacha20-poly1305@openssh.com support as the preferred cipher, adaptive SFTP write chunks via limits@openssh.com (up to 255 KB), and a hardened async transport. Review meta/SECURITY.md before deploying in production-facing workflows and pin exact versions.

🔥 Key Features

• 🚀 High Performance: Adaptive SFTP write chunks up to 255 KB via limits@openssh.com negotiation, pipelined transfers, and zero-copy internal buffering.
• 🔒 ChaCha20-Poly1305: Preferred AEAD cipher - no separate MAC pass, full Terrapin-defense strict-KEX, on par with leading SSH libraries.
• 🔄 Native Async: First-class asyncio support via AsyncSSHClient and AsyncSFTPClient.
• 🛡️ Secure by Default: Modern primitives only - Ed25519, ECDSA, ChaCha20-Poly1305, AES-CTR. Legacy/weak ciphers are not negotiated.
• 🔗 Advanced Tunneling: Support for ProxyJump (bastion hosts) and TCP port forwarding.
• 📂 Recursive SFTP: Native support for recursive directory uploads and downloads.
• 🏷️ Fully Typed: Comprehensive type hints for IDE integration and static analysis.

---

💎 Why SpindleX?

• 💼 Business Friendly: MIT Licensed. Permissive use for commercial and proprietary projects.
• 📖 Maintainable Code: Modular architecture designed for clarity and easier security auditing.
• 🛠️ Modern API: Clean, intuitive interface with consistent error handling and minimal dependencies.
• 🧊 Focused Scope: No support for insecure legacy protocols, resulting in a leaner and more secure codebase.

---

🛠️ Tech Stack

Core Logic

Protocol

Concurrency

---

🚀 Quick Start

Installation

# Using pip
pip install spindlex

# Using uv
uv pip install spindlex

💻 Usage Preview

Synchronous Example

from spindlex import SSHClient

with SSHClient() as client:
    client.get_host_keys().load()
    client.connect('example.com', username='admin')

    stdin, stdout, stderr = client.exec_command('uptime')
    print(f"Server Status: {stdout.read().decode().strip()}")

Asynchronous Example

import asyncio
from spindlex import AsyncSSHClient

async def main():
    async with AsyncSSHClient() as client:
        await client.connect('example.com', username='admin')
        stdin, stdout, stderr = await client.exec_command('df -h')
        print(await stdout.read())

asyncio.run(main())

---

📊 Performance Benchmarks

SpindleX is optimized for high-throughput environments. The 0.7.x line brings SFTP upload throughput in line with leading SSH libraries and adds ChaCha20-Poly1305 as the preferred cipher.

Operation	SpindleX	Other libs	Notes
SFTP upload (1 MiB, chacha20)	~14 ms	~14 ms	On par after limits negotiation
SFTP upload (1 MiB, AES-CTR)	~14 ms	~14 ms	Pipelined, 255 KB chunks
Handshake	~320 ms	~320 ms	Ed25519 + Curve25519

[!TIP] Run the benchmark suite on your own hardware:

python scripts/benchmark_ciphers.py     # cipher comparison
python scripts/benchmark_production.py  # full protocol correctness + perf

---

🛡️ Security

• Verification Enforced: Host key verification is mandatory by default.
• Log Sanitization: Credentials and sensitive data are automatically filtered from logs.
• AEAD Preferred: chacha20-poly1305@openssh.com is the default cipher - authentication is integral, no separate MAC.
• Terrapin Defense: Strict-KEX (kex-strict-c-v00@openssh.com) enabled, sequence numbers reset after NEWKEYS.
• Modern Defaults: Ed25519, ECDSA, ChaCha20-Poly1305, and AES-CTR only. SHA-1 and CBC mode are excluded.
• Full Policy: See meta/SECURITY.md for vulnerability reporting and security standards.

---

🤝 Contributing

Contributions are welcome. See meta/CONTRIBUTING.md for guidelines.

Distributed under the MIT License. See LICENSE for more information.

---

SpindleX Project © 2026 Stratza Labs