A modern, high-performance SSHv2 and SFTP client/server library

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for adirothbuilds from gravatar.com adirothbuilds Avatar for Di3Z1E from gravatar.com Di3Z1E

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Stratza Labs
  • Maintainer: Stratza Labs
  • Tags ssh , sftp , client , server , cryptography , security , automation , devops , asyncio , high-performance , remote-execution , file-transfer , modern-ssh , secure-shell
  • Requires: Python >=3.9
  • Provides-Extra: gssapi , dev , docs , test
Classifiers
Report project as malware

Project description

⚡ Overview

SpindleX is a modern SSH protocol implementation for Python 3.9+. It is designed for high-performance automation and secure file transfers, providing a clean alternative to legacy SSH libraries.

[!NOTE] 0.7.x - ChaCha20-Poly1305 & SFTP throughput era. This release line adds full chacha20-poly1305@openssh.com support as the preferred cipher, adaptive SFTP write chunks via limits@openssh.com (up to 255 KB), and a hardened async transport. Review SECURITY.md, production usage expectations, and compatibility policy before deploying in production-facing workflows.

🔥 Key Features

  • 🚀 High Performance: Adaptive SFTP write chunks up to 255 KB via limits@openssh.com negotiation, pipelined transfers, and zero-copy internal buffering.
  • 🔒 ChaCha20-Poly1305: Preferred AEAD cipher - no separate MAC pass, full Terrapin-defense strict-KEX, on par with leading SSH libraries.
  • 🔄 Native Async: First-class asyncio support via AsyncSSHClient and AsyncSFTPClient.
  • 🛡️ Secure by Default: Modern primitives only - Ed25519, ECDSA, ChaCha20-Poly1305, AES-CTR. Legacy/weak ciphers are not negotiated.
  • 🔗 Advanced Tunneling: Support for ProxyJump (bastion hosts) and TCP port forwarding.
  • 📂 Recursive SFTP: Native support for recursive directory uploads and downloads.
  • 🏷️ Fully Typed: Comprehensive type hints for IDE integration and static analysis.

💎 Why SpindleX?

  • 💼 Business Friendly: MIT Licensed. Permissive use for commercial and proprietary projects.
  • 📖 Maintainable Code: Modular architecture designed for clarity and easier security auditing.
  • 🛠️ Modern API: Clean, intuitive interface with consistent error handling and minimal dependencies.
  • 🧊 Focused Scope: No support for insecure legacy protocols, resulting in a leaner and more secure codebase.

🛠️ Tech Stack

Core Logic Python Cryptography

Protocol SSH SFTP

Concurrency Asyncio

🚀 Quick Start

Installation

# Using pip
pip install spindlex

# Using uv
uv pip install spindlex

💻 Usage Preview

Synchronous Example 
from spindlex import SSHClient

with SSHClient() as client:
    client.get_host_keys().load()
    client.connect('example.com', username='admin')

    stdin, stdout, stderr = client.exec_command('uptime')
    print(f"Server Status: {stdout.read().decode().strip()}")
Asynchronous Example 
import asyncio
from spindlex import AsyncSSHClient

async def main():
    async with AsyncSSHClient() as client:
        await client.connect('example.com', username='admin')
        stdin, stdout, stderr = await client.exec_command('df -h')
        print(await stdout.read())

asyncio.run(main())

📊 Performance Benchmarks

SpindleX is optimized for high-throughput environments. The 0.7.x line brings SFTP upload throughput in line with leading SSH libraries and adds ChaCha20-Poly1305 as the preferred cipher.

Operation SpindleX Other libs Notes
SFTP upload (1 MiB, chacha20) ~14 ms ~14 ms On par after limits negotiation
SFTP upload (1 MiB, AES-CTR) ~14 ms ~14 ms Pipelined, 255 KB chunks
Handshake ~320 ms ~320 ms Ed25519 + Curve25519

[!TIP] Run the benchmark suite on your own hardware:

python scripts/benchmark_ciphers.py     # cipher comparison
python scripts/benchmark_production.py  # full protocol correctness + perf

🛡️ Security

  • Verification Enforced: Host key verification is mandatory by default.
  • Log Sanitization: Credentials and sensitive data are automatically filtered from logs.
  • AEAD Preferred: chacha20-poly1305@openssh.com is the default cipher - authentication is integral, no separate MAC.
  • Terrapin Defense: Strict-KEX (kex-strict-c-v00@openssh.com) enabled, sequence numbers reset after NEWKEYS.
  • Modern Defaults: Ed25519, ECDSA, ChaCha20-Poly1305, and AES-CTR only. SHA-1 and CBC mode are excluded.
  • Full Policy: See SECURITY.md for vulnerability reporting and Security Guide for operational security guidance.

🤝 Contributing

Contributions are welcome. See CONTRIBUTING.md for the GitHub entry point and docs/contributing.md for the maintained guide.

Distributed under the MIT License. See LICENSE for more information.

SpindleX Project © 2026 Stratza Labs

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for adirothbuilds from gravatar.com adirothbuilds Avatar for Di3Z1E from gravatar.com Di3Z1E

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Stratza Labs
  • Maintainer: Stratza Labs
  • Tags ssh , sftp , client , server , cryptography , security , automation , devops , asyncio , high-performance , remote-execution , file-transfer , modern-ssh , secure-shell
  • Requires: Python >=3.9
  • Provides-Extra: gssapi , dev , docs , test
Classifiers

Release history Release notifications | RSS feed

0.7.3

This version

0.7.2

0.7.1

0.7.0

0.6.11

0.6.10

0.6.9

0.6.8

0.6.7

0.6.6

0.6.5

0.6.4

0.6.3

0.6.2

0.6.1

0.6.0

0.5.2

0.5.1

0.5.0

0.4.2

0.4.1

0.4.0

0.3.0

0.2.0

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

spindlex-0.7.2.tar.gz (148.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

spindlex-0.7.2-py3-none-any.whl (162.2 kB view details)

Uploaded Python 3

File details

Details for the file spindlex-0.7.2.tar.gz.

File metadata

  • Download URL: spindlex-0.7.2.tar.gz
  • Upload date:
  • Size: 148.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for spindlex-0.7.2.tar.gz
Algorithm Hash digest
SHA256 69de06d29445a4ed5b7c3e8c74db2247f91b1cb1e81292ed9dadd4a3787ac363
MD5 d250a28586bacf6d9cd4f7a6e95bdfef
BLAKE2b-256 f44e5c56ab0a680e674e876072a59fd9f943fc0db85eca39ae70b6139cc8d4f3

See more details on using hashes here.

Provenance

The following attestation bundles were made for spindlex-0.7.2.tar.gz:

Publisher: release.yml on stratza/spindlex

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file spindlex-0.7.2-py3-none-any.whl.

File metadata

  • Download URL: spindlex-0.7.2-py3-none-any.whl
  • Upload date:
  • Size: 162.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for spindlex-0.7.2-py3-none-any.whl
Algorithm Hash digest
SHA256 0a69dbfff4c131f7b6114609141793ad8da70656b515c97205e7c9989c530681
MD5 70d1eb1a74b12a9becc74f2173e0c38b
BLAKE2b-256 848d2475ade4475afd3fbe657d9e3c8b09751b071064b98e2f22474bf3f49457

See more details on using hashes here.

Provenance

The following attestation bundles were made for spindlex-0.7.2-py3-none-any.whl:

Publisher: release.yml on stratza/spindlex

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page