Releases: therealpaulgg/ssh-sync
Releases · therealpaulgg/ssh-sync
v1.4.0
Added a few new quality of life features to make ssh-sync easier to use and more secure.
synccommand - does upload and download in one step- Add master key rotation support (
rotate-master-key). This can be used after post-quantum crypto migration to ensure the master key can never be broken by store now, decrypt later attacks. - Better known_hosts syncing - we now parse the known_hosts file and store each record, perfectly synced. No more conflicts!
- Skip authorized_keys file in the syncing process
- Remove legacy keypair.pub after post-quantum migration
- Codebase improvements (refactoring, additional unit testing)
v1.3.0
Post Quantum Cryptography Support 🎉🎉🎉🎉
- Leverages ML-KEM from golang std library, ML-DSA from fillipo proposal
- Provides migration command to post quantum cryptography standards
- Uses ML-KEM for key exchange to encrypt master key, ML-DSA for JWT signatures for authentication
This one was a lot of work and I had a lot of fun learning about post quantum cryptography standards.
➜ ~ ssh-sync migrate
This will migrate your keys from classical ECDSA/ECDH-ES to post-quantum
cryptography (ML-DSA-65 for signatures + ML-KEM-768 for key encapsulation).
What this does:
1. Decrypt your master key using the current EC keypair
2. Generate new post-quantum keypair (ML-DSA-65 + ML-KEM-768)
3. Re-encrypt your master key with the post-quantum key
4. Upload the new public key to the server
Your encrypted SSH keys on the server remain unchanged (AES-256-GCM
is already quantum-resistant). Only the key wrapping is upgraded.
Continue? (y/n): y
Decrypting master key with current EC keypair...
Authenticating with server using current EC key...
Generating post-quantum keypair (ML-DSA-65 + ML-KEM-768)...
Re-encrypting master key with ML-KEM-768...
Uploading new public key to server...
Migration complete! Your keys are now using post-quantum cryptography.
Auth: ML-DSA-65 (FIPS 204)
Encryption: ML-KEM-768 (FIPS 203)
Useful learning:
Post-quantum cryptography: Security after Shor’s algorithm
Lattice-based cryptography: The tricky math of dots
Learning with errors: Encrypting with unsolvable equations
v1.2.2
Add date comparison warning for key uploads (#75) Implement safety check to prevent accidentally overwriting newer server keys with older local versions during upload. When uploading keys, the client now: 1. Fetches existing keys from the server with their timestamps 2. Compares local file modification times with server timestamps 3. Prompts the user if attempting to overwrite a newer server key 4. Allows user to proceed or skip the file This mirrors the existing conflict detection on the download side and addresses the warning in the README about upload overwriting without checks. Changes: - Add UpdatedAt timestamp field to KeyDto (optional for backward compatibility) - Add PromptOverwriteNewerKey helper function in utils/io.go - Modify Upload action to decode server response and compare dates - Skip files when user chooses not to overwrite newer versions Co-authored-by: Claude <noreply@anthropic.com>
v1.2.1
Fix issue with windows installer not providing correct 'ssh-sync' executable name
v1.2.0
What's Changed
- Fixed a bug that would not allow users to delete machines
Code Changes
Full Changelog: v1.2.0...v1.1.5
Contributors
therealpaulgg
Assets 16
v1.1.5
Removed alpine support :(
v1.1.4
fix winget
v1.1.3
no arch linux
v1.1.2
Bump golang.org/x/crypto from 0.31.0 to 0.35.0 (#58) * Bump golang.org/x/crypto from 0.31.0 to 0.35.0 Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.31.0 to 0.35.0. - [Commits](https://github.com/golang/crypto/compare/v0.31.0...v0.35.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-version: 0.35.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * tidy --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Paul <paul@paul.systems>
v1.1.1
Small patch which updates golang's crypto version.