Conversation
melbahja
marked this pull request as ready for review
July 15, 2026 17:53
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
V2 Changelog
Breaking Changes
Removed
goph.Authtype andgoph.Configstruct.goph.New.Removed constructors:
NewUnknown,NewConn.goph.New(user, addr, opts...)withWithInsecureIgnoreHostKey()where needed.Removed auth constructor functions:
goph.Password(),goph.Key(),goph.UseAgent().WithPassword,WithKeyFile,WithDefaultAgent,WithAgentSocketetc.Client.Configfield removed.*ssh.ClientConfigis now ephemeral: built inNew, passed to options and dial helpers, then discarded. It is no longer stored on the connectedClient.Renamed key auth options:
WithKey(file, passphrase)=>WithKeyFile(file, passphrase)WithRawKey(pem, passphrase)=>WithKey(pem, passphrase)Renamed key parsing helpers:
GetSigner(file, passphrase)=>ParseKeyFile(file, passphrase)GetSignerForRawKey(key, passphrase)=>ParseKey(key, passphrase)New Features
Functional options API.
WithPassword,WithKeyFile,WithKey,WithAgent,WithAgentSocket,WithDefaultAgent,WithSigner,WithAuthWithPort,WithTimeout,WithKnownHosts,WithInsecureIgnoreHostKey,WithHostKeyCallback,WithBannerCallback,WithConfigWithProxy,WithJumpDialerfor reusable connections.d := goph.NewDialer(opts...)thend.New(user, addr)for multiple hosts with shared defaults.SOCKS5 proxy authentication.
WithProxycan accepts URLs with embedded credentials:socks5://user:pass@host:port.Context-aware command cancellation.
RunContextandCommandContextacceptcontext.Context.ssh.SIGINTto the remote session.goph.Dial.goph.Dial(c *Client, config *ssh.ClientConfig) errorfor manualClientconstruction and customssh.ClientConfig.Clientnow storesUser;Dialdefaultsconfig.UsertoClient.Useror the current OS user when empty.config.Timeout.Security fixes.
WithPasswordno longer includes a keyboard-interactive fallback. Added standaloneWithKeyboardInteractive(handler)that gives callers full control over each server prompt (password, OTP, 2FA, etc.).Cmd.Stringwarning now clearly states thatPathandArgsare not shell-escaped and that callers must sanitize untrusted input.Known-hosts helpers.
KnownHostsnow documents that the file must exist.EnsureKnownHostscreates the file (and parent directory) if missing.DefaultKnownHostsusesEnsureKnownHostsso first-time users no longer hit a file-read error when~/.ssh/known_hostsis absent.Related Issues
~/.ssh/configfile over$SSH_AUTH_SOCK+ ability set custom SSH socket path #57Example of usage of each issue solution will be referenced in docs.