A modern, high-performance SSHv2 and SFTP client/server library

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for adirothbuilds from gravatar.com adirothbuilds Avatar for Di3Z1E from gravatar.com Di3Z1E

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Stratza Labs
  • Maintainer: Stratza Labs
  • Tags ssh , sftp , client , server , cryptography , security , automation , devops , asyncio , high-performance , remote-execution , file-transfer , modern-ssh , secure-shell
  • Requires: Python >=3.9
  • Provides-Extra: gssapi , dev , docs , test
Classifiers
Report project as malware

Project description

⚡ Overview

SpindleX is a modern SSH protocol implementation for Python 3.9+. It is designed for high-performance automation and secure file transfers, providing a clean alternative to legacy SSH libraries.

[!NOTE] 0.7.x - ChaCha20-Poly1305 & SFTP throughput era. This release line adds full chacha20-poly1305@openssh.com support as the preferred cipher, adaptive SFTP write chunks via limits@openssh.com (up to 255 KB), and a hardened async transport. Review SECURITY.md, production usage expectations, and compatibility policy before deploying in production-facing workflows.

🔥 Key Features

  • 🚀 High Performance: Adaptive SFTP write chunks up to 255 KB via limits@openssh.com negotiation, pipelined transfers, and zero-copy internal buffering.
  • 🔒 ChaCha20-Poly1305: Preferred AEAD cipher - no separate MAC pass, full Terrapin-defense strict-KEX, on par with leading SSH libraries.
  • 🔄 Native Async: First-class asyncio support via AsyncSSHClient and AsyncSFTPClient.
  • 🛡️ Secure by Default: Modern primitives only - Ed25519, ECDSA, ChaCha20-Poly1305, AES-CTR. Legacy/weak ciphers are not negotiated.
  • 🔗 Advanced Tunneling: Support for ProxyJump (bastion hosts) and TCP port forwarding.
  • 📂 Recursive SFTP: Native support for recursive directory uploads and downloads.
  • 🏷️ Fully Typed: Comprehensive type hints for IDE integration and static analysis.

💎 Why SpindleX?

  • 💼 Business Friendly: MIT Licensed. Permissive use for commercial and proprietary projects.
  • 📖 Maintainable Code: Modular architecture designed for clarity and easier security auditing.
  • 🛠️ Modern API: Clean, intuitive interface with consistent error handling and minimal dependencies.
  • 🧊 Focused Scope: No support for insecure legacy protocols, resulting in a leaner and more secure codebase.

🛠️ Tech Stack

Core Logic Python Cryptography

Protocol SSH SFTP

Concurrency Asyncio

🚀 Quick Start

Installation

# Using pip
pip install spindlex

# Using uv
uv pip install spindlex

💻 Usage Preview

Synchronous Example 
from spindlex import SSHClient

with SSHClient() as client:
    client.get_host_keys().load()
    client.connect('example.com', username='admin')

    stdin, stdout, stderr = client.exec_command('uptime')
    print(f"Server Status: {stdout.read().decode().strip()}")
Asynchronous Example 
import asyncio
from spindlex import AsyncSSHClient

async def main():
    async with AsyncSSHClient() as client:
        await client.connect('example.com', username='admin')
        stdin, stdout, stderr = await client.exec_command('df -h')
        print(await stdout.read())

asyncio.run(main())

📊 Performance Benchmarks

SpindleX is optimized for high-throughput environments. The 0.7.x line brings SFTP upload throughput in line with leading SSH libraries and adds ChaCha20-Poly1305 as the preferred cipher.

Operation SpindleX Other libs Notes
SFTP upload (1 MiB, chacha20) ~14 ms ~14 ms On par after limits negotiation
SFTP upload (1 MiB, AES-CTR) ~14 ms ~14 ms Pipelined, 255 KB chunks
Handshake ~320 ms ~320 ms Ed25519 + Curve25519

[!TIP] Run the benchmark suite on your own hardware:

python scripts/benchmark_ciphers.py     # cipher comparison
python scripts/benchmark_production.py  # full protocol correctness + perf

🛡️ Security

  • Verification Enforced: Host key verification is mandatory by default.
  • Log Sanitization: Credentials and sensitive data are automatically filtered from logs.
  • AEAD Preferred: chacha20-poly1305@openssh.com is the default cipher - authentication is integral, no separate MAC.
  • Terrapin Defense: Strict-KEX (kex-strict-c-v00@openssh.com) enabled, sequence numbers reset after NEWKEYS.
  • Modern Defaults: Ed25519, ECDSA, ChaCha20-Poly1305, and AES-CTR only. SHA-1 and CBC mode are excluded.
  • Full Policy: See SECURITY.md for vulnerability reporting and Security Guide for operational security guidance.

🤝 Contributing

Contributions are welcome. See CONTRIBUTING.md for the GitHub entry point and docs/contributing.md for the maintained guide.

Distributed under the MIT License. See LICENSE for more information.

SpindleX Project © 2026 Stratza Labs

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for adirothbuilds from gravatar.com adirothbuilds Avatar for Di3Z1E from gravatar.com Di3Z1E

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Stratza Labs
  • Maintainer: Stratza Labs
  • Tags ssh , sftp , client , server , cryptography , security , automation , devops , asyncio , high-performance , remote-execution , file-transfer , modern-ssh , secure-shell
  • Requires: Python >=3.9
  • Provides-Extra: gssapi , dev , docs , test
Classifiers

Release history Release notifications | RSS feed

0.7.3

0.7.2

This version

0.7.1

0.7.0

0.6.11

0.6.10

0.6.9

0.6.8

0.6.7

0.6.6

0.6.5

0.6.4

0.6.3

0.6.2

0.6.1

0.6.0

0.5.2

0.5.1

0.5.0

0.4.2

0.4.1

0.4.0

0.3.0

0.2.0

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

spindlex-0.7.1.tar.gz (147.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

spindlex-0.7.1-py3-none-any.whl (161.4 kB view details)

Uploaded Python 3

File details

Details for the file spindlex-0.7.1.tar.gz.

File metadata

  • Download URL: spindlex-0.7.1.tar.gz
  • Upload date:
  • Size: 147.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for spindlex-0.7.1.tar.gz
Algorithm Hash digest
SHA256 03bf71211dd806095fbdb330005b89682ad6d8537e21b722f3b9a1e7ee56529b
MD5 cde77f48e8ca37c8bb8f8802d01087a7
BLAKE2b-256 dea15cb60d713f3f3937569c2f104c1d1d530af076b5f3cb2cbf0ce802f7fc4c

See more details on using hashes here.

Provenance

The following attestation bundles were made for spindlex-0.7.1.tar.gz:

Publisher: release.yml on stratza/spindlex

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file spindlex-0.7.1-py3-none-any.whl.

File metadata

  • Download URL: spindlex-0.7.1-py3-none-any.whl
  • Upload date:
  • Size: 161.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for spindlex-0.7.1-py3-none-any.whl
Algorithm Hash digest
SHA256 ead1b8c7a92e7474c46b662965fd2b960e4bb8042cef519958e291857ced4133
MD5 dad85a35537872b02976fea498bda566
BLAKE2b-256 33111a0c0f896885a8b3d9a4c3cf607cd45ae535fbf152e44360804c15f97196

See more details on using hashes here.

Provenance

The following attestation bundles were made for spindlex-0.7.1-py3-none-any.whl:

Publisher: release.yml on stratza/spindlex

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page