You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
feat: release 2.45.2. ProxyJump bastions get their own credentials
Each hop in a jump chain now resolves its own purple:askpass source.
Purple inspects the SSH password prompt argument to identify which hop
is being authenticated, builds the connection's ProxyJump chain from
the target alias, and looks up the matching entry's credential. A
malicious server cannot exfiltrate credentials for unrelated entries
in ~/.ssh/config because resolution is restricted to the chain.
Retry markers are scoped per resolved hop. The marker cleanup on
successful connection now sweeps every ~/.purple/.askpass_* file so
stranded bastion markers do not block the next reconnect.
Closes#43.
Copy file name to clipboardExpand all lines: CHANGELOG.md
+7Lines changed: 7 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,3 +1,10 @@
1
+
## 2.45.2 - 2026-04-25
2
+
3
+
- feat: ProxyJump bastions get their own credentials.
4
+
- feat: Each hop in your jump chain reads its own keychain, 1Password, Bitwarden, pass or Vault KV entry, so multi-hop SSH connects without typing.
5
+
- feat: Every hop is scoped to its own retry window, so a stale bastion marker no longer blocks the next reconnect.
6
+
- change: Prompt-based credential lookup is restricted to the hosts in your ProxyJump chain, so a malicious server cannot phish credentials for other entries in your config.
7
+
1
8
## 2.45.1 - 2026-04-20
2
9
3
10
- fix: Tighter releases. Build verification stays stable across calendar days and CI runners.
Copy file name to clipboardExpand all lines: Cargo.toml
+1-1Lines changed: 1 addition & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,6 @@
1
1
[package]
2
2
name = "purple-ssh"
3
-
version = "2.45.1"
3
+
version = "2.45.2"
4
4
edition = "2024"
5
5
description = "Open-source terminal SSH manager and SSH config editor. Search hundreds of hosts, sync from 16 clouds, transfer files, manage Docker and Podman over SSH, sign short-lived Vault SSH certs and expose an MCP server for AI agents. Rust TUI, MIT licensed."
@@ -983,7 +983,7 @@ <h2 class="tagline">Open-source terminal SSH manager and SSH config editor for m
983
983
<summary>How do I troubleshoot connection problems?</summary>
984
984
<divclass="answer">Run with <code>--verbose</code> to enable debug logging, then <code>purple logs --tail</code> in another terminal. Logs are written to <code>~/.purple/purple.log</code> with fault domain prefixes: <code>[external]</code> for remote/tool errors, <code>[config]</code> for local config issues. Set <code>PURPLE_LOG=trace</code> for maximum detail.</div>
<summary>How do I troubleshoot connection problems?</summary>
1120
1120
<div class="answer">Run with <code>--verbose</code> to enable debug logging, then <code>purple logs --tail</code> in another terminal. Logs are written to <code>~/.purple/purple.log</code> with fault domain prefixes: <code>[external]</code> for remote/tool errors, <code>[config]</code> for local config issues. Set <code>PURPLE_LOG=trace</code> for maximum detail.</div>
0 commit comments