gssh-agent 1.0.3 → 1.0.7

package/.github/workflows/ci.yml

@@ -0,0 +1,27 @@
+name: CI
+
+on:
+  push:
+    branches:
+      - '**'
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.21'
+
+      - name: Build
+        run: go build ./...
+
+      - name: Test
+        run: go test ./...

package/.github/workflows/publish.yml

@@ -0,0 +1,104 @@
+name: Publish
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  # npm 发布
+  publish-npm:
+    if: "contains(github.event.head_commit.message, 'publish')"
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.21'
+
+      - name: Get version
+        id: version
+        run: |
+          VERSION=$(echo "${{ github.event.head_commit.message }}" | sed -n 's/.*publish[: ]*\(.*\)/\1/p')
+          echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
+          echo "Publishing version: $VERSION"
+
+      - name: Build
+        run: |
+          go build -ldflags="-s -w" -o bin/gssh ./cmd/gssh
+
+      - name: Update package.json version
+        run: |
+          VERSION="${{ steps.version.outputs.VERSION }}"
+          npm version $VERSION --no-git-tag-version
+
+      - name: Build npm package
+        run: npm pack
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Configure npm
+        run: |
+          echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" > .npmrc
+          cat .npmrc
+
+      - name: Publish to npm
+        run: npm publish --access public 
+
+  # GitHub Releases 发布
+  publish-github:
+    if: "startsWith(github.ref, 'refs/tags/v')"
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+
+    strategy:
+      matrix:
+        include:
+          - goos: linux
+            goarch: amd64
+          - goos: linux
+            goarch: arm64
+          - goos: darwin
+            goarch: amd64
+          - goos: darwin
+            goarch: arm64
+          - goos: windows
+            goarch: amd64
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.21'
+
+      - name: Build
+        env:
+          GOOS: ${{ matrix.goos }}
+          GOARCH: ${{ matrix.goarch }}
+        run: |
+          EXT=""
+          if [ "$GOOS" = "windows" ]; then
+            EXT=".exe"
+          fi
+          FILENAME="gssh-${GOOS}-${GOARCH}${EXT}"
+          go build -ldflags="-s -w" -o "$FILENAME" ./cmd/gssh
+          echo "$FILENAME" >> artifacts.txt
+
+      - name: Upload Release Asset
+        uses: softprops/action-gh-release@v2
+        with:
+          tag_name: ${{ github.ref }}
+          files: ${{ matrix.goos }}-${{ matrix.goarch }}*
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

package/cmd/gssh/main.go

@@ -21,58 +21,62 @@ const (
 	version          = "0.1.0"
 )
 
-var (
-	socketPath = flag.String("socket", defaultSocketPath, "Unix socket path")
-)
-
 func main() {
-	// Check for version flag before parsing
+	// Check for version flag before any parsing
 	if len(os.Args) > 1 && (os.Args[1] == "-v" || os.Args[1] == "--version") {
 		fmt.Printf("gssh version %s\n", version)
 		os.Exit(0)
 	}
 
-	// Check for help flag before parsing
-	for _, arg := range os.Args[1:] {
-		if arg == "-h" || arg == "--help" {
-			printUsage()
-			os.Exit(0)
-		}
+	// Check for help flag
+	if len(os.Args) > 1 && (os.Args[1] == "-h" || os.Args[1] == "--help") {
+		printUsage()
+		os.Exit(0)
 	}
 
-	flag.Parse()
+	// Parse global -socket flag manually
+	socketPath := defaultSocketPath
+	args := os.Args[1:]
+	for i := 0; i < len(args); i++ {
+		if args[i] == "-socket" && i+1 < len(args) {
+			socketPath = args[i+1]
+			args = append(args[:i], args[i+2:]...)
+			i--
+		}
+	}
 
-	if flag.NArg() < 1 {
+	if len(args) < 1 {
 		printUsage()
 		os.Exit(1)
 	}
 
-	cmd := flag.Arg(0)
+	cmd := args[0]
+	subArgs := args[1:]
 
 	var err error
 	switch cmd {
 	case "connect":
-		err = handleConnect()
+		err = handleConnect(subArgs, socketPath)
 	case "disconnect":
-		err = handleDisconnect()
+		err = handleDisconnect(subArgs, socketPath)
 	case "reconnect":
-		err = handleReconnect()
+		err = handleReconnect(subArgs, socketPath)
 	case "exec":
-		err = handleExec()
+		err = handleExec(subArgs, socketPath)
 	case "list", "ls":
-		err = handleList()
+		err = handleList(socketPath)
 	case "use":
-		err = handleUse()
+		err = handleUse(subArgs, socketPath)
 	case "forward":
-		err = handleForward()
+		err = handleForward(subArgs, socketPath)
 	case "forwards":
-		err = handleForwards()
+		err = handleForwards(socketPath)
 	case "forward-close":
-		err = handleForwardClose()
+		err = handleForwardClose(subArgs, socketPath)
 	case "scp":
-		err = handleSCP()
+		err = handleSCP(subArgs, socketPath)
 	case "sftp":
-		err = handleSFTP()
+		err = handleSFTP(subArgs, socketPath)
 	case "help":
 		printUsage()
 	default:
@@ -89,9 +93,7 @@ func main() {
 
 // readPassword reads password from terminal without echo
 func readPassword() (string, error) {
-	// Check if stdin is a terminal
 	if !term.IsTerminal(int(os.Stdin.Fd())) {
-		// Try to read from stdin
 		reader := bufio.NewReader(os.Stdin)
 		fmt.Print("Password: ")
 		password, err := reader.ReadString('\n')
@@ -131,8 +133,8 @@ func readPassphrase() (string, error) {
 	return string(bytePassphrase), nil
 }
 
-func sendRequest(method string, params interface{}) ([]byte, error) {
-	conn, err := net.Dial("unix", *socketPath)
+func sendRequest(socketPath, method string, params interface{}) ([]byte, error) {
+	conn, err := net.Dial("unix", socketPath)
 	if err != nil {
 		return nil, fmt.Errorf("failed to connect to daemon: %w", err)
 	}
@@ -155,7 +157,6 @@ func sendRequest(method string, params interface{}) ([]byte, error) {
 		return nil, fmt.Errorf("failed to marshal request: %w", err)
 	}
 
-	// Add newline to signal end of request
 	reqData = append(reqData, '\n')
 
 	_, err = conn.Write(reqData)
@@ -163,14 +164,12 @@ func sendRequest(method string, params interface{}) ([]byte, error) {
 		return nil, fmt.Errorf("failed to send request: %w", err)
 	}
 
-	// Read line by line
 	reader := bufio.NewReader(conn)
 	line, err := reader.ReadBytes('\n')
 	if err != nil {
 		return nil, fmt.Errorf("failed to read response: %w", err)
 	}
 
-	// Remove trailing newline
 	line = line[:len(line)-1]
 
 	var resp protocol.Response
@@ -190,22 +189,24 @@ func sendRequest(method string, params interface{}) ([]byte, error) {
 	return result, nil
 }
 
-func handleConnect() error {
-	user := flag.String("u", "", "Username")
-	host := flag.String("h", "", "Host")
-	port := flag.Int("p", 22, "Port")
-	password := flag.String("P", "", "Password")
-	keyPath := flag.String("i", "", "SSH key path")
-	askPassword := flag.Bool("ask-pass", false, "Ask for password interactively")
-	askPassphrase := flag.Bool("ask-passphrase", false, "Ask for key passphrase interactively")
+func handleConnect(args []string, socketPath string) error {
+	fs := flag.NewFlagSet("connect", flag.ContinueOnError)
+	fs.SetOutput(os.Stderr)
+
+	user := fs.String("u", "", "Username")
+	host := fs.String("h", "", "Host")
+	port := fs.Int("p", 22, "Port")
+	password := fs.String("P", "", "Password")
+	keyPath := fs.String("i", "", "SSH key path")
+	askPassword := fs.Bool("ask-pass", false, "Ask for password interactively")
+	askPassphrase := fs.Bool("ask-passphrase", false, "Ask for key passphrase interactively")
 
-	flag.CommandLine.Parse(flag.Args()[1:])
+	fs.Parse(args)
 
 	if *user == "" || *host == "" {
 		return fmt.Errorf("user and host are required")
 	}
 
-	// If no password provided via flag and -ask-pass is set, read interactively
 	if *password == "" && *askPassword {
 		p, err := readPassword()
 		if err != nil {
@@ -214,14 +215,11 @@ func handleConnect() error {
 		*password = p
 	}
 
-	// If key path provided and -ask-passphrase is set, read interactively
 	if *keyPath != "" && *askPassphrase {
 		passphrase, err := readPassphrase()
 		if err != nil {
 			return fmt.Errorf("failed to read passphrase: %w", err)
 		}
-		// Note: Passphrase support would require modifying the SSH client
-		// For now, we'll just warn that it's not supported
 		if passphrase != "" {
 			fmt.Println("Note: Passphrase for keys is not yet supported, ignoring")
 		}
@@ -235,7 +233,7 @@ func handleConnect() error {
 		KeyPath:  *keyPath,
 	}
 
-	result, err := sendRequest("connect", params)
+	result, err := sendRequest(socketPath, "connect", params)
 	if err != nil {
 		return err
 	}
@@ -249,15 +247,24 @@ func handleConnect() error {
 	return nil
 }
 
-func handleDisconnect() error {
-	sessionID := flag.String("s", "", "Session ID")
-	flag.CommandLine.Parse(flag.Args()[1:])
+func handleDisconnect(args []string, socketPath string) error {
+	fs := flag.NewFlagSet("disconnect", flag.ContinueOnError)
+	fs.SetOutput(os.Stderr)
+
+	sessionID := fs.String("s", "", "Session ID")
+	fs.Parse(args)
+
+	// Support positional argument
+	sessionIDStr := *sessionID
+	if sessionIDStr == "" && fs.NArg() > 0 {
+		sessionIDStr = fs.Arg(0)
+	}
 
 	params := protocol.DisconnectParams{
-		SessionID: *sessionID,
+		SessionID: sessionIDStr,
 	}
 
-	_, err := sendRequest("disconnect", params)
+	_, err := sendRequest(socketPath, "disconnect", params)
 	if err != nil {
 		return err
 	}
@@ -266,15 +273,24 @@ func handleDisconnect() error {
 	return nil
 }
 
-func handleReconnect() error {
-	sessionID := flag.String("s", "", "Session ID")
-	flag.CommandLine.Parse(flag.Args()[1:])
+func handleReconnect(args []string, socketPath string) error {
+	fs := flag.NewFlagSet("reconnect", flag.ContinueOnError)
+	fs.SetOutput(os.Stderr)
+
+	sessionID := fs.String("s", "", "Session ID")
+	fs.Parse(args)
+
+	// Support positional argument
+	sessionIDStr := *sessionID
+	if sessionIDStr == "" && fs.NArg() > 0 {
+		sessionIDStr = fs.Arg(0)
+	}
 
 	params := protocol.ReconnectParams{
-		SessionID: *sessionID,
+		SessionID: sessionIDStr,
 	}
 
-	result, err := sendRequest("reconnect", params)
+	result, err := sendRequest(socketPath, "reconnect", params)
 	if err != nil {
 		return err
 	}
@@ -288,22 +304,22 @@ func handleReconnect() error {
 	return nil
 }
 
-func handleExec() error {
-	// Get remaining args after "exec"
-	args := flag.Args()[1:]
+func handleExec(args []string, socketPath string) error {
+	fs := flag.NewFlagSet("exec", flag.ContinueOnError)
+	fs.SetOutput(os.Stderr)
 
-	sessionID := flag.String("s", "", "Session ID")
-	sudoPassword := flag.String("S", "", "sudo password (will prompt if empty and -s flag used)")
-	askSudoPassword := flag.Bool("ask-sudo-pass", false, "Interactively ask for sudo password")
+	sessionID := fs.String("s", "", "Session ID")
+	timeout := fs.Int("t", 0, "Timeout in seconds (0 = no timeout)")
+	sudoPassword := fs.String("S", "", "sudo password")
+	askSudoPassword := fs.Bool("ask-sudo-pass", false, "Interactively ask for sudo password")
 
-	flag.CommandLine.Parse(args)
+	fs.Parse(args)
 
-	if flag.NArg() < 1 {
+	if fs.NArg() < 1 {
 		return fmt.Errorf("command required")
 	}
-	command := strings.Join(flag.Args(), " ")
+	command := strings.Join(fs.Args(), " ")
 
-	// If sudo password needed but not provided, prompt for it
 	if *askSudoPassword && *sudoPassword == "" {
 		p, err := readPassword()
 		if err != nil {
@@ -312,18 +328,17 @@ func handleExec() error {
 		*sudoPassword = p
 	}
 
-	// If command contains sudo and password provided, wrap the command
 	if *sudoPassword != "" && strings.Contains(command, "sudo") {
-		// Use printf to pipe password to sudo -S
 		command = fmt.Sprintf("printf '%%s\\n' '%s' | %s -S", *sudoPassword, command)
 	}
 
 	params := protocol.ExecParams{
 		SessionID: *sessionID,
 		Command:   command,
+		Timeout:   *timeout,
 	}
 
-	result, err := sendRequest("exec", params)
+	result, err := sendRequest(socketPath, "exec", params)
 	if err != nil {
 		return err
 	}
@@ -345,8 +360,8 @@ func handleExec() error {
 	return nil
 }
 
-func handleList() error {
-	result, err := sendRequest("list", nil)
+func handleList(socketPath string) error {
+	result, err := sendRequest(socketPath, "list", nil)
 	if err != nil {
 		return err
 	}
@@ -369,19 +384,22 @@ func handleList() error {
 	return nil
 }
 
-func handleUse() error {
-	flag.CommandLine.Parse(flag.Args()[1:])
+func handleUse(args []string, socketPath string) error {
+	fs := flag.NewFlagSet("use", flag.ContinueOnError)
+	fs.SetOutput(os.Stderr)
 
-	if flag.NArg() < 1 {
+	fs.Parse(args)
+
+	if fs.NArg() < 1 {
 		return fmt.Errorf("session ID required")
 	}
-	sessionIDStr := flag.Arg(0)
+	sessionIDStr := fs.Arg(0)
 
 	params := protocol.UseParams{
 		SessionID: sessionIDStr,
 	}
 
-	_, err := sendRequest("use", params)
+	_, err := sendRequest(socketPath, "use", params)
 	if err != nil {
 		return err
 	}
@@ -390,13 +408,16 @@ func handleUse() error {
 	return nil
 }
 
-func handleForward() error {
-	sessionID := flag.String("s", "", "Session ID")
-	local := flag.Int("l", 0, "Local port")
-	remote := flag.Int("r", 0, "Remote port")
-	isRemote := flag.Bool("R", false, "Remote port forward")
+func handleForward(args []string, socketPath string) error {
+	fs := flag.NewFlagSet("forward", flag.ContinueOnError)
+	fs.SetOutput(os.Stderr)
+
+	sessionID := fs.String("s", "", "Session ID")
+	local := fs.Int("l", 0, "Local port")
+	remote := fs.Int("r", 0, "Remote port")
+	isRemote := fs.Bool("R", false, "Remote port forward")
 
-	flag.CommandLine.Parse(flag.Args()[1:])
+	fs.Parse(args)
 
 	if *local == 0 || *remote == 0 {
 		return fmt.Errorf("local and remote ports are required")
@@ -414,7 +435,7 @@ func handleForward() error {
 		Remote:    *remote,
 	}
 
-	result, err := sendRequest("forward", params)
+	result, err := sendRequest(socketPath, "forward", params)
 	if err != nil {
 		return err
 	}
@@ -428,8 +449,8 @@ func handleForward() error {
 	return nil
 }
 
-func handleForwards() error {
-	result, err := sendRequest("forwards", nil)
+func handleForwards(socketPath string) error {
+	result, err := sendRequest(socketPath, "forwards", nil)
 	if err != nil {
 		return err
 	}
@@ -452,19 +473,22 @@ func handleForwards() error {
 	return nil
 }
 
-func handleForwardClose() error {
-	flag.CommandLine.Parse(flag.Args()[1:])
+func handleForwardClose(args []string, socketPath string) error {
+	fs := flag.NewFlagSet("forward-close", flag.ContinueOnError)
+	fs.SetOutput(os.Stderr)
+
+	fs.Parse(args)
 
-	if flag.NArg() < 1 {
+	if fs.NArg() < 1 {
 		return fmt.Errorf("forward ID required")
 	}
-	forwardID := flag.Arg(0)
+	forwardID := fs.Arg(0)
 
 	params := protocol.ForwardCloseParams{
 		ForwardID: forwardID,
 	}
 
-	_, err := sendRequest("forward_close", params)
+	_, err := sendRequest(socketPath, "forward_close", params)
 	if err != nil {
 		return err
 	}
@@ -473,19 +497,22 @@ func handleForwardClose() error {
 	return nil
 }
 
-func handleSCP() error {
-	sessionID := flag.String("s", "", "Session ID")
-	isUpload := flag.Bool("put", false, "Upload mode (local->remote)")
-	isDownload := flag.Bool("get", false, "Download mode (remote->local)")
+func handleSCP(args []string, socketPath string) error {
+	fs := flag.NewFlagSet("scp", flag.ContinueOnError)
+	fs.SetOutput(os.Stderr)
 
-	flag.CommandLine.Parse(flag.Args()[1:])
+	sessionID := fs.String("s", "", "Session ID")
+	isUpload := fs.Bool("put", false, "Upload mode (local->remote)")
+	isDownload := fs.Bool("get", false, "Download mode (remote->local)")
 
-	if flag.NArg() < 2 {
+	fs.Parse(args)
+
+	if fs.NArg() < 2 {
 		return fmt.Errorf("source and destination paths required")
 	}
 
-	source := flag.Arg(0)
-	dest := flag.Arg(1)
+	source := fs.Arg(0)
+	dest := fs.Arg(1)
 
 	if !*isUpload && !*isDownload {
 		return fmt.Errorf("must specify -put or -get")
@@ -498,7 +525,7 @@ func handleSCP() error {
 		IsUpload:  *isUpload,
 	}
 
-	result, err := sendRequest("scp", params)
+	result, err := sendRequest(socketPath, "scp", params)
 	if err != nil {
 		return err
 	}
@@ -517,12 +544,15 @@ func handleSCP() error {
 	return nil
 }
 
-func handleSFTP() error {
-	sessionID := flag.String("s", "", "Session ID")
-	command := flag.String("c", "", "SFTP command (ls, mkdir, rm)")
-	path := flag.String("p", ".", "Path")
+func handleSFTP(args []string, socketPath string) error {
+	fs := flag.NewFlagSet("sftp", flag.ContinueOnError)
+	fs.SetOutput(os.Stderr)
+
+	sessionID := fs.String("s", "", "Session ID")
+	command := fs.String("c", "", "SFTP command (ls, mkdir, rm)")
+	path := fs.String("p", ".", "Path")
 
-	flag.CommandLine.Parse(flag.Args()[1:])
+	fs.Parse(args)
 
 	if *command == "" {
 		return fmt.Errorf("SFTP command required (-c ls|mkdir|rm)")
@@ -535,7 +565,7 @@ func handleSFTP() error {
 			Command:   "ls",
 			Path:      *path,
 		}
-		result, err := sendRequest("sftp_list", params)
+		result, err := sendRequest(socketPath, "sftp_list", params)
 		if err != nil {
 			return err
 		}
@@ -555,7 +585,7 @@ func handleSFTP() error {
 			Command:   "mkdir",
 			Path:      *path,
 		}
-		_, err := sendRequest("sftp_mkdir", params)
+		_, err := sendRequest(socketPath, "sftp_mkdir", params)
 		if err != nil {
 			return err
 		}
@@ -567,7 +597,7 @@ func handleSFTP() error {
 			Command:   "rm",
 			Path:      *path,
 		}
-		_, err := sendRequest("sftp_remove", params)
+		_, err := sendRequest(socketPath, "sftp_remove", params)
 		if err != nil {
 			return err
 		}
@@ -585,8 +615,8 @@ func printUsage() {
 
 Usage:
   gssh connect -u user -h host [-p port] [-i key_path] [-P password] [--ask-pass]
-  gssh disconnect [-s session_id]
-  gssh reconnect [-s session_id]
+  gssh disconnect [session_id]
+  gssh reconnect [session_id]
   gssh exec [-s session_id] [-S password | --ask-sudo-pass] "command"
   gssh list
   gssh use <session_id>
@@ -621,16 +651,14 @@ Options:
 Examples:
   gssh connect -u admin -h 192.168.1.1 -P password
   gssh exec "ls -la"
+  gssh reconnect 549b6eff-f62c-4dae-a7e9-298815233cf4
   gssh forward -l 8080 -r 80
-  gssh forward -l 9000 -r 3000 -R
   gssh scp -put local.txt /home/user/remote.txt
-  gssh sftp -c ls -p /home/user
 `, version)
 }
 
 // Restore terminal on exit
 func init() {
-	// Setup cleanup to restore terminal state on unexpected exit
 	c := make(chan os.Signal, 1)
 	signal.Notify(c, syscall.SIGINT, syscall.SIGTERM)
 	go func() {

package/internal/portforward/forwarder.go

@@ -6,6 +6,7 @@ import (
 	"log"
 	"net"
 	"sync"
+	"time"
 
 	"golang.org/x/crypto/ssh"
 )
@@ -74,14 +75,22 @@ func (f *Forwarder) startLocalForward() {
 			}
 			f.mu.RUnlock()
 
+			// Set deadline to prevent blocking forever
+			f.listener.(*net.TCPListener).SetDeadline(time.Now().Add(5 * time.Second))
+
 			conn, err := f.listener.Accept()
 			if err != nil {
+				// Check if it's a timeout
+				if netErr, ok := err.(net.Error); ok && netErr.Timeout() {
+					continue
+				}
 				f.mu.RLock()
 				closed := f.closed
 				f.mu.RUnlock()
 				if closed {
 					return
 				}
+				log.Printf("[portforward] Accept error: %v", err)
 				continue
 			}
 
@@ -105,8 +114,10 @@ func (f *Forwarder) handleLocalConnection(localConn net.Conn) {
 
 	log.Printf("[portforward] Connection accepted from %s", localConn.RemoteAddr())
 
-	remoteAddr := fmt.Sprintf("localhost:%d", f.RemotePort)
-	remoteConn, err := f.sshClient.Dial("tcp", remoteAddr)
+	// Use 127.0.0.1 instead of localhost to avoid IPv6 issues
+	remoteAddr := fmt.Sprintf("127.0.0.1:%d", f.RemotePort)
+
+	remoteConn, err := net.DialTimeout("tcp", remoteAddr, 5*time.Second)
 	if err != nil {
 		log.Printf("[portforward] Failed to connect to remote %s: %v", remoteAddr, err)
 		return
@@ -136,27 +147,41 @@ func (f *Forwarder) startRemoteForward() {
 		defer f.wg.Done()
 
 		// Request the SSH server to listen on remote:remotePort and forward connections to us
-		// Payload format: string (address) + uint32 (port)
 		addr := fmt.Sprintf(":%d", f.RemotePort)
 		payload := ssh.Marshal(struct {
 			Addr string
 			Port uint32
 		}{Addr: addr, Port: uint32(f.RemotePort)})
 
-		ok, _, err := f.sshClient.SendRequest("tcpip-forward", true, payload)
-		if err != nil {
-			log.Printf("[portforward] Failed to send tcpip-forward request: %v", err)
-			return
+		// Use timeout for the request
+		type result struct {
+			ok  bool
+			err error
 		}
-		if !ok {
-			log.Printf("[portforward] SSH server rejected tcpip-forward request for port %d", f.RemotePort)
+		resultCh := make(chan result, 1)
+		go func() {
+			ok, _, err := f.sshClient.SendRequest("tcpip-forward", true, payload)
+			resultCh <- result{ok: ok, err: err}
+		}()
+
+		select {
+		case r := <-resultCh:
+			if r.err != nil {
+				log.Printf("[portforward] Failed to send tcpip-forward request: %v", r.err)
+				return
+			}
+			if !r.ok {
+				log.Printf("[portforward] SSH server rejected tcpip-forward request for port %d", f.RemotePort)
+				return
+			}
+		case <-time.After(5 * time.Second):
+			log.Printf("[portforward] tcpip-forward request timed out")
 			return
 		}
 
 		log.Printf("[portforward] Remote forward: SSH server listening on port %d", f.RemotePort)
 
-		// Now we need to accept forwarded connections from the SSH server
-		// The SSH server will open a "forwarded-tcpip" channel for each connection
+		// Accept forwarded connections in a loop
 		for {
 			f.mu.RLock()
 			if f.closed {
@@ -165,7 +190,7 @@ func (f *Forwarder) startRemoteForward() {
 			}
 			f.mu.RUnlock()
 
-			// Wait for a forwarded connection
+			// Wait for a forwarded connection with timeout
 			ch, reqs, err := f.sshClient.OpenChannel("forwarded-tcpip", nil)
 			if err != nil {
 				f.mu.RLock()
@@ -174,7 +199,9 @@ func (f *Forwarder) startRemoteForward() {
 				if closed {
 					return
 				}
+				// Log and continue - don't block
 				log.Printf("[portforward] Error accepting forwarded connection: %v", err)
+				time.Sleep(1 * time.Second)
 				continue
 			}
 
@@ -182,8 +209,8 @@ func (f *Forwarder) startRemoteForward() {
 			go ssh.DiscardRequests(reqs)
 
 			// Connect to local port
-			localAddr := fmt.Sprintf("localhost:%d", f.LocalPort)
-			localConn, err := net.Dial("tcp", localAddr)
+			localAddr := fmt.Sprintf("127.0.0.1:%d", f.LocalPort)
+			localConn, err := net.DialTimeout("tcp", localAddr, 5*time.Second)
 			if err != nil {
 				log.Printf("[portforward] Failed to connect to local port %d: %v", f.LocalPort, err)
 				ch.Close()

package/internal/protocol/types.go

@@ -72,6 +72,7 @@ type ReconnectParams struct {
 type ExecParams struct {
 	SessionID string `json:"session_id,omitempty"`
 	Command   string `json:"command"`
+	Timeout   int    `json:"timeout,omitempty"` // 超时时间（秒），0 表示无超时
 }
 
 type ForwardParams struct {
@@ -108,6 +109,7 @@ type SCPResult struct {
 // SFTPParams represents SFTP command parameters
 type SFTPParams struct {
 	SessionID string `json:"session_id,omitempty"`
-	Command   string `json:"command"` // "ls", "cd", "pwd", "mkdir", "rm", "rmdir"
+	Command   string `json:"command"`
+	Timeout   int    `json:"timeout,omitempty"` // 超时时间（秒），0 表示无超时 // "ls", "cd", "pwd", "mkdir", "rm", "rmdir"
 	Path      string `json:"path"`
 }

package/internal/session/manager.go

@@ -65,7 +65,6 @@ func needsShell(cmd string) bool {
 
 	// Check for redirection
 	if strings.ContainsAny(cmd, "><") {
-		// Make sure it's not in a string context
 		if strings.Contains(cmd, ">") || strings.Contains(cmd, "<") {
 			return true
 		}
@@ -150,6 +149,11 @@ func (m *Manager) Connect(user, host string, port int, password, keyPath string)
 
 // Disconnect closes a session
 func (m *Manager) Disconnect(sessionID string) error {
+	// Use default session if not specified
+	if sessionID == "" {
+		sessionID = m.defaultID
+	}
+
 	m.mu.Lock()
 	defer m.mu.Unlock()
 
@@ -174,6 +178,11 @@ func (m *Manager) Disconnect(sessionID string) error {
 
 // Reconnect reconnects a session
 func (m *Manager) Reconnect(sessionID string) (*protocol.Session, error) {
+	// Use default session if not specified
+	if sessionID == "" {
+		sessionID = m.defaultID
+	}
+
 	m.mu.Lock()
 	ms, ok := m.sessions[sessionID]
 	m.mu.Unlock()
@@ -215,7 +224,7 @@ func (m *Manager) Reconnect(sessionID string) (*protocol.Session, error) {
 }
 
 // Exec executes a command on a session
-func (m *Manager) Exec(sessionID, command string) (*protocol.ExecResult, error) {
+func (m *Manager) Exec(sessionID, command string, timeout int) (*protocol.ExecResult, error) {
 	m.mu.RLock()
 	var ms *ManagedSession
 	if sessionID != "" {
@@ -246,12 +255,38 @@ func (m *Manager) Exec(sessionID, command string) (*protocol.ExecResult, error)
 	// 检测是否需要通过 shell 执行
 	fullCmd := command
 	if needsShell(command) {
-		fullCmd = fmt.Sprintf("/bin/zsh -c %q", command)
+		// 使用 /bin/sh 更通用
+		fullCmd = fmt.Sprintf("/bin/sh -c %q", command)
+	}
+
+	// 执行命令，支持超时
+	var output []byte
+	var exitErr *ssh.ExitError
+	var ok bool
+
+	if timeout > 0 {
+		done := make(chan struct{})
+		go func() {
+			output, err = session.CombinedOutput(fullCmd)
+			close(done)
+		}()
+		select {
+		case <-done:
+			// 命令执行完成
+		case <-time.After(time.Duration(timeout) * time.Second):
+			session.Signal(ssh.SIGKILL)
+			return &protocol.ExecResult{
+				Stdout:   string(output),
+				Stderr:   "",
+				ExitCode: -1,
+			}, fmt.Errorf("command timed out after %d seconds", timeout)
+		}
+	} else {
+		output, err = session.CombinedOutput(fullCmd)
 	}
 
-	output, err := session.CombinedOutput(fullCmd)
 	if err != nil {
-		exitErr, ok := err.(*ssh.ExitError)
+		exitErr, ok = err.(*ssh.ExitError)
 		if ok {
 			ms.LastCmd = command
 			return &protocol.ExecResult{

package/package.json

@@ -1,10 +1,9 @@
 {
   "name": "gssh-agent",
-  "version": "1.0.3",
+  "version": "1.0.7",
   "description": "SSH Session Manager for Agents - Stateless SSH client with SFTP support",
   "bin": {
-    "gssh": "./bin/gssh",
-    "gssh-daemon": "./bin/gssh-daemon"
+    "gssh": "./bin/gssh"
   },
   "repository": {
     "type": "git",

package/pkg/rpc/handler.go

@@ -60,7 +60,7 @@ func (h *Handler) Handle(data []byte) ([]byte, error) {
 		if err := json.Unmarshal(req.Params, &params); err != nil {
 			return h.errorResponse(req.ID, -32602, "Invalid params")
 		}
-		result, err = h.manager.Exec(params.SessionID, params.Command)
+		result, err = h.manager.Exec(params.SessionID, params.Command, params.Timeout)
 
 	case "list":
 		result = h.manager.List()

package/skill.md

@@ -41,8 +41,14 @@ gssh exec "ls -la"
 
 # sudo 命令
 gssh exec -S password "sudo systemctl restart nginx"
+
+# 后台运行（推荐格式）
+gssh exec "nohup python3 app.py > /dev/null 2>&1 &"
+gssh exec "python3 app.py &"
 ```
 
+**后台运行说明**：推荐使用 `nohup command > /dev/null 2>&1 &` 格式，可确保命令立即返回且不阻塞。
+
 ## 文件传输
 
 ```bash