gssh-agent 1.0.0 → 1.0.1

package/README.md

@@ -10,6 +10,7 @@ gssh 是一个供 Agent 使用的 SSH Session 管理工具。通过 Go 语言实
 - 断线自动重连
 - 支持密码认证和 SSH 密钥认证
 - 被连接机器零配置（普通 SSH 即可）
+- SFTP 文件传输支持（上传/下载）
 
 ## 安装
 
@@ -124,6 +125,25 @@ gssh exec -s <session_id> "pwd"
 gssh forward -l 8080 -r 80
 ```
 
+### 文件传输（SFTP/SCP）
+
+```bash
+# 上传文件（本地 -> 远程）
+gssh scp -put /path/to/local/file.txt /path/to/remote/file.txt
+
+# 下载文件（远程 -> 本地）
+gssh scp -get /path/to/remote/file.txt /path/to/local/file.txt
+
+# 列出远程目录
+gssh sftp -c ls -p /path/to/remote/dir
+
+# 创建远程目录
+gssh sftp -c mkdir -p /path/to/remote/newdir
+
+# 删除远程文件
+gssh sftp -c rm -p /path/to/remote/file.txt
+```
+
 ### Session 管理
 
 ```bash
@@ -154,6 +174,10 @@ gssh reconnect -s <session_id>
 | `-l local` | 本地端口 |
 | `-r remote` | 远程端口 |
 | `-R` | 远程端口转发 |
+| `-put` | 上传模式（本地 -> 远程） |
+| `-get` | 下载模式（远程 -> 本地） |
+| `-c command` | SFTP 命令（ls/mkdir/rm） |
+| `-p path` | SFTP 路径 |
 
 ## 开发
 

package/cmd/gssh/main.go

@@ -7,9 +7,13 @@ import (
 	"fmt"
 	"net"
 	"os"
+	"os/signal"
 	"strings"
+	"syscall"
 
 	"gssh/internal/protocol"
+
+	"golang.org/x/term"
 )
 
 const (
@@ -50,6 +54,10 @@ func main() {
 		err = handleForwards()
 	case "forward-close":
 		err = handleForwardClose()
+	case "scp":
+		err = handleSCP()
+	case "sftp":
+		err = handleSFTP()
 	case "help", "-h", "--help":
 		printUsage()
 	default:
@@ -64,6 +72,50 @@ func main() {
 	}
 }
 
+// readPassword reads password from terminal without echo
+func readPassword() (string, error) {
+	// Check if stdin is a terminal
+	if !term.IsTerminal(int(os.Stdin.Fd())) {
+		// Try to read from stdin
+		reader := bufio.NewReader(os.Stdin)
+		fmt.Print("Password: ")
+		password, err := reader.ReadString('\n')
+		if err != nil {
+			return "", err
+		}
+		return strings.TrimSuffix(password, "\n"), nil
+	}
+
+	fmt.Print("Password: ")
+	bytePassword, err := term.ReadPassword(int(os.Stdin.Fd()))
+	fmt.Println()
+	if err != nil {
+		return "", err
+	}
+	return string(bytePassword), nil
+}
+
+// readPassphrase reads passphrase from terminal without echo
+func readPassphrase() (string, error) {
+	if !term.IsTerminal(int(os.Stdin.Fd())) {
+		reader := bufio.NewReader(os.Stdin)
+		fmt.Print("Key passphrase: ")
+		passphrase, err := reader.ReadString('\n')
+		if err != nil {
+			return "", err
+		}
+		return strings.TrimSuffix(passphrase, "\n"), nil
+	}
+
+	fmt.Print("Key passphrase: ")
+	bytePassphrase, err := term.ReadPassword(int(os.Stdin.Fd()))
+	fmt.Println()
+	if err != nil {
+		return "", err
+	}
+	return string(bytePassphrase), nil
+}
+
 func sendRequest(method string, params interface{}) ([]byte, error) {
 	conn, err := net.Dial("unix", *socketPath)
 	if err != nil {
@@ -129,6 +181,8 @@ func handleConnect() error {
 	port := flag.Int("p", 22, "Port")
 	password := flag.String("P", "", "Password")
 	keyPath := flag.String("i", "", "SSH key path")
+	askPassword := flag.Bool("ask-pass", false, "Ask for password interactively")
+	askPassphrase := flag.Bool("ask-passphrase", false, "Ask for key passphrase interactively")
 
 	flag.CommandLine.Parse(flag.Args()[1:])
 
@@ -136,6 +190,28 @@ func handleConnect() error {
 		return fmt.Errorf("user and host are required")
 	}
 
+	// If no password provided via flag and -ask-pass is set, read interactively
+	if *password == "" && *askPassword {
+		p, err := readPassword()
+		if err != nil {
+			return fmt.Errorf("failed to read password: %w", err)
+		}
+		*password = p
+	}
+
+	// If key path provided and -ask-passphrase is set, read interactively
+	if *keyPath != "" && *askPassphrase {
+		passphrase, err := readPassphrase()
+		if err != nil {
+			return fmt.Errorf("failed to read passphrase: %w", err)
+		}
+		// Note: Passphrase support would require modifying the SSH client
+		// For now, we'll just warn that it's not supported
+		if passphrase != "" {
+			fmt.Println("Note: Passphrase for keys is not yet supported, ignoring")
+		}
+	}
+
 	params := protocol.ConnectParams{
 		User:     *user,
 		Host:     *host,
@@ -202,6 +278,9 @@ func handleExec() error {
 	args := flag.Args()[1:]
 
 	sessionID := flag.String("s", "", "Session ID")
+	sudoPassword := flag.String("S", "", "sudo password (will prompt if empty and -s flag used)")
+	askSudoPassword := flag.Bool("ask-sudo-pass", false, "Interactively ask for sudo password")
+
 	flag.CommandLine.Parse(args)
 
 	if flag.NArg() < 1 {
@@ -209,6 +288,21 @@ func handleExec() error {
 	}
 	command := strings.Join(flag.Args(), " ")
 
+	// If sudo password needed but not provided, prompt for it
+	if *askSudoPassword && *sudoPassword == "" {
+		p, err := readPassword()
+		if err != nil {
+			return fmt.Errorf("failed to read sudo password: %w", err)
+		}
+		*sudoPassword = p
+	}
+
+	// If command contains sudo and password provided, wrap the command
+	if *sudoPassword != "" && strings.Contains(command, "sudo") {
+		// Use printf to pipe password to sudo -S
+		command = fmt.Sprintf("printf '%%s\\n' '%s' | %s -S", *sudoPassword, command)
+	}
+
 	params := protocol.ExecParams{
 		SessionID: *sessionID,
 		Command:   command,
@@ -364,31 +458,160 @@ func handleForwardClose() error {
 	return nil
 }
 
+func handleSCP() error {
+	sessionID := flag.String("s", "", "Session ID")
+	isUpload := flag.Bool("put", false, "Upload mode (local->remote)")
+	isDownload := flag.Bool("get", false, "Download mode (remote->local)")
+
+	flag.CommandLine.Parse(flag.Args()[1:])
+
+	if flag.NArg() < 2 {
+		return fmt.Errorf("source and destination paths required")
+	}
+
+	source := flag.Arg(0)
+	dest := flag.Arg(1)
+
+	if !*isUpload && !*isDownload {
+		return fmt.Errorf("must specify -put or -get")
+	}
+
+	params := protocol.SCPParams{
+		SessionID: *sessionID,
+		Source:    source,
+		Dest:      dest,
+		IsUpload:  *isUpload,
+	}
+
+	result, err := sendRequest("scp", params)
+	if err != nil {
+		return err
+	}
+
+	var scpResult protocol.SCPResult
+	if err := json.Unmarshal(result, &scpResult); err != nil {
+		return fmt.Errorf("failed to parse result: %w", err)
+	}
+
+	if scpResult.Success {
+		fmt.Printf("Success: %s\n", scpResult.Message)
+	} else {
+		return fmt.Errorf("failed: %s", scpResult.Message)
+	}
+
+	return nil
+}
+
+func handleSFTP() error {
+	sessionID := flag.String("s", "", "Session ID")
+	command := flag.String("c", "", "SFTP command (ls, mkdir, rm)")
+	path := flag.String("p", ".", "Path")
+
+	flag.CommandLine.Parse(flag.Args()[1:])
+
+	if *command == "" {
+		return fmt.Errorf("SFTP command required (-c ls|mkdir|rm)")
+	}
+
+	switch *command {
+	case "ls":
+		params := protocol.SFTPParams{
+			SessionID: *sessionID,
+			Command:   "ls",
+			Path:      *path,
+		}
+		result, err := sendRequest("sftp_list", params)
+		if err != nil {
+			return err
+		}
+
+		var files []string
+		if err := json.Unmarshal(result, &files); err != nil {
+			return fmt.Errorf("failed to parse result: %w", err)
+		}
+
+		for _, f := range files {
+			fmt.Println(f)
+		}
+
+	case "mkdir":
+		params := protocol.SFTPParams{
+			SessionID: *sessionID,
+			Command:   "mkdir",
+			Path:      *path,
+		}
+		_, err := sendRequest("sftp_mkdir", params)
+		if err != nil {
+			return err
+		}
+		fmt.Printf("Directory created: %s\n", *path)
+
+	case "rm":
+		params := protocol.SFTPParams{
+			SessionID: *sessionID,
+			Command:   "rm",
+			Path:      *path,
+		}
+		_, err := sendRequest("sftp_remove", params)
+		if err != nil {
+			return err
+		}
+		fmt.Printf("File removed: %s\n", *path)
+
+	default:
+		return fmt.Errorf("unknown SFTP command: %s", *command)
+	}
+
+	return nil
+}
+
 func printUsage() {
 	fmt.Println(`gssh - SSH Session Manager for Agents (Stateless)
 
 Usage:
-  gssh connect -u user -h host [-p port] [-i key_path] [-P password]
+  gssh connect -u user -h host [-p port] [-i key_path] [-P password] [--ask-pass]
   gssh disconnect [-s session_id]
   gssh reconnect [-s session_id]
-  gssh exec [-s session_id] "command"
+  gssh exec [-s session_id] [-S password | --ask-sudo-pass] "sudo command"
   gssh list
   gssh use <session_id>
   gssh forward [-s session_id] -l local_port -r remote_port
   gssh forwards
   gssh forward-close <forward_id>
+  gssh scp [-s session_id] [-put|-get] <source> <dest>
+  gssh sftp [-s session_id] -c <command> -p <path>
 
 Note: For sudo commands, use key-based authentication or configure passwordless sudo.
 
 Options:
-  -socket path    Unix socket path (default: /tmp/gssh.sock)
-  -s session_id   Session ID
-  -u user         Username
-  -h host         Host
-  -p port         Port (default: 22)
-  -P password     Password
-  -i key_path     SSH key path
-  -l local        Local port
-  -r remote       Remote port
-  -R              Remote port forward`)
+  -socket path        Unix socket path (default: /tmp/gssh.sock)
+  -s session_id       Session ID
+  -u user             Username
+  -h host             Host
+  -p port             Port (default: 22)
+  -P password         Password (or use --ask-pass for interactive input)
+  -i key_path        SSH key path
+  -S password        sudo password (for executing sudo commands)
+  --ask-sudo-pass    Interactively ask for sudo password
+  -l local            Local port
+  -r remote           Remote port
+  -R                  Remote port forward
+  -put                Upload mode (local -> remote)
+  -get                Download mode (remote -> local)
+  -c command          SFTP command (ls, mkdir, rm)
+  -p path             Path for SFTP command
+  --ask-pass          Interactively ask for SSH password (secure)
+  --ask-passphrase    Interactively ask for key passphrase (secure)`)
+}
+
+// Restore terminal on exit
+func init() {
+	// Setup cleanup to restore terminal state on unexpected exit
+	c := make(chan os.Signal, 1)
+	signal.Notify(c, syscall.SIGINT, syscall.SIGTERM)
+	go func() {
+		<-c
+		term.Restore(int(os.Stdin.Fd()), &term.State{})
+		os.Exit(1)
+	}()
 }

package/go.mod

@@ -4,7 +4,12 @@ go 1.21
 
 require (
 	github.com/google/uuid v1.5.0
+	github.com/pkg/sftp v1.13.6
 	golang.org/x/crypto v0.18.0
+	golang.org/x/term v0.16.0
 )
 
-require golang.org/x/sys v0.16.0 // indirect
+require (
+	github.com/kr/fs v0.1.0 // indirect
+	golang.org/x/sys v0.16.0 // indirect
+)

package/go.sum

@@ -1,8 +1,54 @@
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/google/uuid v1.5.0 h1:1p67kYwdtXjb0gL0BPiP1Av9wiZPo5A8z2cWkTZ+eyU=
 github.com/google/uuid v1.5.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/kr/fs v0.1.0 h1:Jskdu9ieNAYnjxsi0LbQp1ulIKZV1LAFgK1tWhpZgl8=
+github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
+github.com/pkg/sftp v1.13.6 h1:JFZT4XbOU7l77xGSpOdW+pwIMqP044IyjXX6FGyEKFo=
+github.com/pkg/sftp v1.13.6/go.mod h1:tz1ryNURKu77RL+GuCzmoJYxQczL3wLNNpPWagdg4Qk=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
 golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc=
 golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU=
 golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.16.0 h1:m+B6fahuftsE9qjo0VWp2FW0mB3MTJvR0BaMQrq0pmE=
 golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

package/internal/client/ssh.go

@@ -2,11 +2,14 @@ package client
 
 import (
 	"fmt"
+	"io"
 	"net"
 	"os"
 	"os/user"
 	"path/filepath"
+	"time"
 
+	"github.com/pkg/sftp"
 	"golang.org/x/crypto/ssh"
 )
 
@@ -130,6 +133,231 @@ func (c *SSHClient) LocalForward(localPort, remotePort int) (net.Listener, error
 	return c.Client.Listen("tcp", fmt.Sprintf("localhost:%d", localPort))
 }
 
+// SFTPClient wraps SFTP client for file transfers
+type SFTPClient struct {
+	Client *sftp.Client
+}
+
+// NewSFTPClient creates a new SFTP client from SSH client
+func (c *SSHClient) NewSFTPClient() (*SFTPClient, error) {
+	sftpClient, err := sftp.NewClient(c.Client)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create SFTP client: %w", err)
+	}
+	return &SFTPClient{Client: sftpClient}, nil
+}
+
+// Upload uploads a local file to remote
+func (s *SFTPClient) Upload(localPath, remotePath string) (int64, error) {
+	localFile, err := os.Open(localPath)
+	if err != nil {
+		return 0, fmt.Errorf("failed to open local file: %w", err)
+	}
+	defer localFile.Close()
+
+	localInfo, err := localFile.Stat()
+	if err != nil {
+		return 0, fmt.Errorf("failed to stat local file: %w", err)
+	}
+
+	remoteFile, err := s.Client.Create(remotePath)
+	if err != nil {
+		return 0, fmt.Errorf("failed to create remote file: %w", err)
+	}
+	defer remoteFile.Close()
+
+	written, err := io.Copy(remoteFile, localFile)
+	if err != nil {
+		return 0, fmt.Errorf("failed to upload file: %w", err)
+	}
+
+	// Set file permissions
+	s.Client.Chmod(remotePath, localInfo.Mode())
+
+	return written, nil
+}
+
+// Download downloads a remote file to local
+func (s *SFTPClient) Download(remotePath, localPath string) (int64, error) {
+	remoteFile, err := s.Client.Open(remotePath)
+	if err != nil {
+		return 0, fmt.Errorf("failed to open remote file: %w", err)
+	}
+	defer remoteFile.Close()
+
+	localFile, err := os.Create(localPath)
+	if err != nil {
+		return 0, fmt.Errorf("failed to create local file: %w", err)
+	}
+	defer localFile.Close()
+
+	written, err := io.Copy(localFile, remoteFile)
+	if err != nil {
+		return 0, fmt.Errorf("failed to download file: %w", err)
+	}
+
+	// Get remote file info to set local permissions
+	remoteInfo, err := s.Client.Stat(remotePath)
+	if err == nil {
+		os.Chmod(localPath, remoteInfo.Mode())
+	}
+
+	return written, nil
+}
+
+// List lists files in a remote directory
+func (s *SFTPClient) List(path string) ([]string, error) {
+	entries, err := s.Client.ReadDir(path)
+	if err != nil {
+		return nil, fmt.Errorf("failed to read directory: %w", err)
+	}
+
+	names := make([]string, 0, len(entries))
+	for _, entry := range entries {
+		names = append(names, entry.Name())
+	}
+	return names, nil
+}
+
+// Mkdir creates a remote directory
+func (s *SFTPClient) Mkdir(path string) error {
+	return s.Client.Mkdir(path)
+}
+
+// Remove removes a remote file
+func (s *SFTPClient) Remove(path string) error {
+	return s.Client.Remove(path)
+}
+
+// Stat gets remote file info
+func (s *SFTPClient) Stat(path string) (os.FileInfo, error) {
+	return s.Client.Stat(path)
+}
+
+// Close closes the SFTP client
+func (s *SFTPClient) Close() error {
+	return s.Client.Close()
+}
+
+// TransferResult represents the result of a file transfer
+type TransferResult struct {
+	Bytes    int64
+	Duration time.Duration
+}
+
+// TransferWithProgress uploads or downloads a file with progress callback
+func (s *SFTPClient) TransferWithProgress(isUpload bool, src, dst string, progress func(int64)) (*TransferResult, error) {
+	start := time.Now()
+
+	if isUpload {
+		result, err := s.uploadWithProgress(src, dst, progress)
+		if err != nil {
+			return nil, err
+		}
+		return &TransferResult{
+			Bytes:    result,
+			Duration: time.Since(start),
+		}, nil
+	} else {
+		result, err := s.downloadWithProgress(src, dst, progress)
+		if err != nil {
+			return nil, err
+		}
+		return &TransferResult{
+			Bytes:    result,
+			Duration: time.Since(start),
+		}, nil
+	}
+}
+
+func (s *SFTPClient) uploadWithProgress(localPath, remotePath string, progress func(int64)) (int64, error) {
+	localFile, err := os.Open(localPath)
+	if err != nil {
+		return 0, fmt.Errorf("failed to open local file: %w", err)
+	}
+	defer localFile.Close()
+
+	localInfo, err := localFile.Stat()
+	if err != nil {
+		return 0, fmt.Errorf("failed to stat local file: %w", err)
+	}
+
+	remoteFile, err := s.Client.Create(remotePath)
+	if err != nil {
+		return 0, fmt.Errorf("failed to create remote file: %w", err)
+	}
+	defer remoteFile.Close()
+
+	// Create a writer with progress tracking
+	writer := &progressWriter{
+		w:        remoteFile,
+		progress: progress,
+		total:    localInfo.Size(),
+	}
+
+	written, err := io.Copy(writer, localFile)
+	if err != nil {
+		return 0, fmt.Errorf("failed to upload file: %w", err)
+	}
+
+	// Set file permissions
+	s.Client.Chmod(remotePath, localInfo.Mode())
+
+	return written, nil
+}
+
+func (s *SFTPClient) downloadWithProgress(remotePath, localPath string, progress func(int64)) (int64, error) {
+	remoteFile, err := s.Client.Open(remotePath)
+	if err != nil {
+		return 0, fmt.Errorf("failed to open remote file: %w", err)
+	}
+	defer remoteFile.Close()
+
+	remoteInfo, err := s.Client.Stat(remotePath)
+	if err != nil {
+		return 0, fmt.Errorf("failed to stat remote file: %w", err)
+	}
+
+	localFile, err := os.Create(localPath)
+	if err != nil {
+		return 0, fmt.Errorf("failed to create local file: %w", err)
+	}
+	defer localFile.Close()
+
+	// Create a writer with progress tracking
+	writer := &progressWriter{
+		w:        localFile,
+		progress: progress,
+		total:    remoteInfo.Size(),
+	}
+
+	written, err := io.Copy(writer, remoteFile)
+	if err != nil {
+		return 0, fmt.Errorf("failed to download file: %w", err)
+	}
+
+	// Set local file permissions
+	os.Chmod(localPath, remoteInfo.Mode())
+
+	return written, nil
+}
+
+type progressWriter struct {
+	w        io.Writer
+	progress func(int64)
+	total    int64
+	written  int64
+}
+
+func (pw *progressWriter) Write(p []byte) (n int, err error) {
+	n, err = pw.w.Write(p)
+	pw.written += int64(n)
+	if pw.progress != nil {
+		pw.progress(pw.written)
+	}
+	return
+}
+
 // expandPath expands ~ to home directory
 func expandPath(path string) string {
 	if len(path) > 0 && path[0] == '~' {

package/internal/protocol/types.go

@@ -88,3 +88,26 @@ type ForwardCloseParams struct {
 type UseParams struct {
 	SessionID string `json:"session_id"`
 }
+
+// SCPParams represents SCP transfer parameters
+type SCPParams struct {
+	SessionID string `json:"session_id,omitempty"`
+	Source    string `json:"source"`
+	Dest      string `json:"dest"`
+	IsUpload  bool   `json:"is_upload"` // true = upload (local->remote), false = download (remote->local)
+}
+
+// SCPResult represents SCP transfer result
+type SCPResult struct {
+	Success  bool   `json:"success"`
+	Message  string `json:"message"`
+	Bytes    int64  `json:"bytes"`
+	Duration int64  `json:"duration_ms"`
+}
+
+// SFTPParams represents SFTP command parameters
+type SFTPParams struct {
+	SessionID string `json:"session_id,omitempty"`
+	Command   string `json:"command"` // "ls", "cd", "pwd", "mkdir", "rm", "rmdir"
+	Path      string `json:"path"`
+}

package/internal/session/manager.go

@@ -314,6 +314,164 @@ func (m *Manager) CloseForward(forwardID string) error {
 	return nil
 }
 
+// SCP uploads or downloads files via SFTP
+func (m *Manager) SCP(sessionID, source, dest string, isUpload bool) (*protocol.SCPResult, error) {
+	m.mu.RLock()
+	var ms *ManagedSession
+	if sessionID != "" {
+		ms = m.sessions[sessionID]
+	} else if m.defaultID != "" {
+		ms = m.sessions[m.defaultID]
+	}
+	m.mu.RUnlock()
+
+	if ms == nil {
+		return nil, fmt.Errorf("session not found")
+	}
+
+	ms.mu.RLock()
+	sshClient := ms.SSHClient
+	ms.mu.RUnlock()
+
+	if sshClient == nil {
+		return nil, fmt.Errorf("session not connected")
+	}
+
+	// Create SFTP client
+	sftpClient, err := sshClient.NewSFTPClient()
+	if err != nil {
+		return nil, fmt.Errorf("failed to create SFTP client: %w", err)
+	}
+	defer sftpClient.Close()
+
+	start := time.Now()
+
+	var bytes int64
+	var transferErr error
+
+	if isUpload {
+		// Upload: source is local, dest is remote
+		bytes, transferErr = sftpClient.Upload(source, dest)
+	} else {
+		// Download: source is remote, dest is local
+		bytes, transferErr = sftpClient.Download(source, dest)
+	}
+
+	duration := time.Since(start).Milliseconds()
+
+	if transferErr != nil {
+		return &protocol.SCPResult{
+			Success:  false,
+			Message:  transferErr.Error(),
+			Bytes:    bytes,
+			Duration: duration,
+		}, nil
+	}
+
+	return &protocol.SCPResult{
+		Success:  true,
+		Message:  fmt.Sprintf("Transferred %d bytes in %dms", bytes, duration),
+		Bytes:    bytes,
+		Duration: duration,
+	}, nil
+}
+
+// SFTPList lists files in a remote directory
+func (m *Manager) SFTPList(sessionID, path string) ([]string, error) {
+	m.mu.RLock()
+	var ms *ManagedSession
+	if sessionID != "" {
+		ms = m.sessions[sessionID]
+	} else if m.defaultID != "" {
+		ms = m.sessions[m.defaultID]
+	}
+	m.mu.RUnlock()
+
+	if ms == nil {
+		return nil, fmt.Errorf("session not found")
+	}
+
+	ms.mu.RLock()
+	sshClient := ms.SSHClient
+	ms.mu.RUnlock()
+
+	if sshClient == nil {
+		return nil, fmt.Errorf("session not connected")
+	}
+
+	sftpClient, err := sshClient.NewSFTPClient()
+	if err != nil {
+		return nil, fmt.Errorf("failed to create SFTP client: %w", err)
+	}
+	defer sftpClient.Close()
+
+	return sftpClient.List(path)
+}
+
+// SFTPMkdir creates a remote directory
+func (m *Manager) SFTPMkdir(sessionID, path string) error {
+	m.mu.RLock()
+	var ms *ManagedSession
+	if sessionID != "" {
+		ms = m.sessions[sessionID]
+	} else if m.defaultID != "" {
+		ms = m.sessions[m.defaultID]
+	}
+	m.mu.RUnlock()
+
+	if ms == nil {
+		return fmt.Errorf("session not found")
+	}
+
+	ms.mu.RLock()
+	sshClient := ms.SSHClient
+	ms.mu.RUnlock()
+
+	if sshClient == nil {
+		return fmt.Errorf("session not connected")
+	}
+
+	sftpClient, err := sshClient.NewSFTPClient()
+	if err != nil {
+		return fmt.Errorf("failed to create SFTP client: %w", err)
+	}
+	defer sftpClient.Close()
+
+	return sftpClient.Mkdir(path)
+}
+
+// SFTPRemove removes a remote file
+func (m *Manager) SFTPRemove(sessionID, path string) error {
+	m.mu.RLock()
+	var ms *ManagedSession
+	if sessionID != "" {
+		ms = m.sessions[sessionID]
+	} else if m.defaultID != "" {
+		ms = m.sessions[m.defaultID]
+	}
+	m.mu.RUnlock()
+
+	if ms == nil {
+		return fmt.Errorf("session not found")
+	}
+
+	ms.mu.RLock()
+	sshClient := ms.SSHClient
+	ms.mu.RUnlock()
+
+	if sshClient == nil {
+		return fmt.Errorf("session not connected")
+	}
+
+	sftpClient, err := sshClient.NewSFTPClient()
+	if err != nil {
+		return fmt.Errorf("failed to create SFTP client: %w", err)
+	}
+	defer sftpClient.Close()
+
+	return sftpClient.Remove(path)
+}
+
 // monitorReconnect monitors connection and auto-reconnects
 func (m *Manager) monitorReconnect(ms *ManagedSession) {
 	ticker := time.NewTicker(5 * time.Second)

package/package.json

@@ -1,10 +1,10 @@
 {
   "name": "gssh-agent",
-  "version": "1.0.0",
-  "description": "SSH Session Manager for Agents",
+  "version": "1.0.1",
+  "description": "SSH Session Manager for Agents - Stateless SSH client with SFTP support",
   "bin": {
-    "gssh": "bin/gssh",
-    "gssh-daemon": "bin/gssh-daemon"
+    "gssh": "./bin/gssh",
+    "gssh-daemon": "./bin/gssh-daemon"
   },
   "repository": {
     "type": "git",
@@ -12,14 +12,29 @@
   },
   "keywords": [
     "ssh",
+    "sftp",
+    "scp",
     "agent",
     "session-manager",
-    "port-forwarding"
+    "port-forwarding",
+    "remote-execution"
   ],
   "author": "",
   "license": "MIT",
   "bugs": {
     "url": "https://github.com/forechoandlook/gssh/issues"
   },
-  "homepage": "https://github.com/forechoandlook/gssh#readme"
+  "homepage": "https://github.com/forechoandlook/gssh#readme",
+  "preferGlobal": true,
+  "os": [
+    "darwin",
+    "linux"
+  ],
+  "cpu": [
+    "x64",
+    "arm64"
+  ],
+  "engines": {
+    "node": ">=14.0.0"
+  }
 }

package/pkg/rpc/handler.go

@@ -89,6 +89,34 @@ func (h *Handler) Handle(data []byte) ([]byte, error) {
 		}
 		err = h.manager.CloseForward(params.ForwardID)
 
+	case "scp":
+		var params protocol.SCPParams
+		if err := json.Unmarshal(req.Params, &params); err != nil {
+			return h.errorResponse(req.ID, -32602, "Invalid params")
+		}
+		result, err = h.manager.SCP(params.SessionID, params.Source, params.Dest, params.IsUpload)
+
+	case "sftp_list":
+		var params protocol.SFTPParams
+		if err := json.Unmarshal(req.Params, &params); err != nil {
+			return h.errorResponse(req.ID, -32602, "Invalid params")
+		}
+		result, err = h.manager.SFTPList(params.SessionID, params.Path)
+
+	case "sftp_mkdir":
+		var params protocol.SFTPParams
+		if err := json.Unmarshal(req.Params, &params); err != nil {
+			return h.errorResponse(req.ID, -32602, "Invalid params")
+		}
+		err = h.manager.SFTPMkdir(params.SessionID, params.Path)
+
+	case "sftp_remove":
+		var params protocol.SFTPParams
+		if err := json.Unmarshal(req.Params, &params); err != nil {
+			return h.errorResponse(req.ID, -32602, "Invalid params")
+		}
+		err = h.manager.SFTPRemove(params.SessionID, params.Path)
+
 	default:
 		return h.errorResponse(req.ID, -32601, fmt.Sprintf("Method not found: %s", req.Method))
 	}

package/skill.md

@@ -1,96 +1,60 @@
-# gssh 使用指南
+---
+name: use-gssh
+description: "Manage SSH sessions with gssh CLI for agents"
+allowed-tools: Read, Write, Glob, Grep, Bash
+triggers:
+  - gssh
+  - ssh session
+  - ssh 连接
+  - ssh 管理
+---
 
 ## 快速开始
 
-### 1. 安装
-
-```bash
-git clone <repository-url>
-cd gssh
-go build -o bin/daemon cmd/daemon/main.go
-go build -o bin/gssh cmd/gssh/main.go
-./homebrew/install.sh
-```
-
-### 2. 基本使用
-
 ```bash
-# 连接 SSH
-gssh connect -u admin1 -h 192.168.1.100 -P 1234
+# 连接 SSH（交互式输入密码）
+gssh connect -u admin -h 192.168.1.100 --ask-pass
 
 # 执行命令
 gssh exec "ls -la"
 
-# 列出 session
-gssh list
+# 断开连接
+gssh disconnect
 ```
 
-## 核心概念
-
-- **daemon**: 后台服务，管理 SSH 连接
-- **session**: 一个 SSH 连接会话
-- **默认 session**: 不指定 session ID 时使用的会话
-
-## 命令列表
+## 核心命令
 
 | 命令 | 说明 |
 |------|------|
-| `connect` | 建立新 SSH 连接 |
+| `connect` | 建立 SSH 连接 |
 | `exec` | 执行命令 |
-| `list` | 列出所有 session |
-| `use` | 切换默认 session |
-| `disconnect` | 断开 session |
-| `reconnect` | 重连 session |
+| `scp` | 文件传输（上/下载） |
+| `sftp` | SFTP 操作 |
 | `forward` | 端口转发 |
-| `forwards` | 列出转发 |
-| `forward-close` | 关闭转发 |
+| `list` | 列出 session |
 
-## 典型工作流
+## 认证
 
 ```bash
-# 1. 连接远程主机
-gssh connect -u admin -h 192.168.1.100 -P password
-
-# 2. 执行命令（使用默认 session）
-gssh exec "pwd"
-gssh exec "uname -a"
+# 交互式密码（推荐）
+gssh connect -u user -h host --ask-pass
 
-# 3. 断开连接
-gssh disconnect
-
-# 4. 重连
-gssh reconnect -s <session-id>
+# SSH 密钥
+gssh connect -u user -h host -i ~/.ssh/id_rsa
 ```
 
-## SSH 密钥认证
+## sudo 命令
 
 ```bash
-# 使用密钥连接
-gssh connect -u admin -h 192.168.1.100 -i ~/.ssh/id_rsa
+gssh exec --ask-sudo-pass "sudo apt update"
 ```
 
-## 端口转发
+## 文件传输
 
 ```bash
-# 本地转发：localhost:8080 -> remote:80
-gssh forward -l 8080 -r 80
-```
+# 上传
+gssh scp -put local.txt /remote/path/
 
-## 服务管理
-
-```bash
-# 启动
-brew services start gssh
-
-# 停止
-brew services stop gssh
-
-# 状态
-brew services list
+# 下载
+gssh scp -get /remote/file.txt ./
 ```
-
-## 注意事项
-
-- Agent 使用场景：无状态，每次请求独立完成
-- sudo 命令：需要配置 passwordless sudo 或使用密钥认证
-- Session 状态由 daemon 维护，CLI 只负责发送请求

package/homebrew/gssh.plist

@@ -1,22 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-<plist version="1.0">
-<dict>
-    <key>Label</key>
-    <string>com.gssh.daemon</string>
-    <key>ProgramArguments</key>
-    <array>
-        <string>/usr/local/bin/gssh-daemon</string>
-        <string>-socket</string>
-        <string>/tmp/gssh.sock</string>
-    </array>
-    <key>RunAtLoad</key>
-    <true/>
-    <key>KeepAlive</key>
-    <true/>
-    <key>StandardOutPath</key>
-    <string>/var/log/gssh.log</string>
-    <key>StandardErrorPath</key>
-    <string>/var/log/gssh.error.log</string>
-</dict>
-</plist>

package/homebrew/install.sh

@@ -1,43 +0,0 @@
-#!/bin/bash
-# gssh service installation script
-
-set -e
-
-# Detect architecture
-ARCH=$(uname -m)
-if [ "$ARCH" = "arm64" ]; then
-    PREFIX="/opt/homebrew"
-else
-    PREFIX="/usr/local"
-fi
-
-DAEMON_BIN="$PREFIX/bin/gssh-daemon"
-CLI_BIN="$PREFIX/bin/gssh"
-
-echo "Installing gssh to $PREFIX/bin/..."
-
-# Copy binaries
-cp bin/daemon "$DAEMON_BIN"
-cp bin/gssh "$CLI_BIN"
-
-chmod +x "$DAEMON_BIN" "$CLI_BIN"
-
-# Install launchd plist
-PLIST_DIR="$HOME/Library/LaunchAgents"
-mkdir -p "$PLIST_DIR"
-cp homebrew/gssh.plist "$PLIST_DIR/"
-
-echo "Loading gssh service..."
-launchctl load "$PLIST_DIR/gssh.plist"
-
-echo "gssh installed successfully!"
-echo ""
-echo "Usage:"
-echo "  Start:   launchctl start com.gssh.daemon"
-echo "  Stop:    launchctl stop com.gssh.daemon"
-echo "  Status:  launchctl list | grep gssh"
-echo ""
-echo "Or use Homebrew services:"
-echo "  brew services start gssh"
-echo "  brew services stop gssh"
-echo "  brew services list"