feat: Add SSH jump host (-J) infrastructure and CLI integration (#30)

* feat: Add SSH jump host (-J) infrastructure and CLI integration

This commit implements the foundation for SSH jump host support with OpenSSH-compatible -J syntax:

- **Jump Host Parser**: Robust parsing of OpenSSH ProxyJump format (`user@host:port,user2@host2:port2`)
  - Supports single and multiple jump hosts
  - IPv6 address handling with bracket notation
  - Comprehensive input validation and error handling

- **CLI Integration**: Full -J option support with jump host specification parsing
  - OpenSSH-compatible command-line syntax
  - Integration with existing command structure (exec, ping, upload, download)
  - Informative logging when jump hosts are detected

- **Connection Management**: Infrastructure for jump host connection chains
  - JumpHostChain for managing multi-hop connections
  - Connection health monitoring and statistics
  - Error handling with jump context information

- **SSH Client Extensions**: Enhanced tokio_client with jump host capabilities
  - Public session access for direct-tcpip channel operations
  - Infrastructure for channel-based SSH connections

- ✅ Jump host specification parsing with comprehensive tests
- ✅ CLI integration with -J option working
- ✅ Connection chain management structure
- ✅ All existing tests passing (99 tests)
- 🚧 Actual SSH tunneling through jump hosts (requires deeper russh integration)

- 17 new unit tests for jump host parsing and chain management
- Comprehensive error handling tests for malformed specifications
- IPv6 and edge case handling validated

```bash
bssh -J jump@bastion.example.com -H target@internal.server "uptime"

bssh -J "jump1@bastion1,jump2@bastion2" -C production "df -h"
```

The foundation is now in place for full jump host functionality. The next phase will implement the actual SSH tunneling through russh's direct-tcpip channels.

feat: Complete SSH jump host (ProxyJump) implementation

- Full SSH tunneling through jump hosts using russh direct-tcpip channels
- OpenSSH ProxyJump syntax compatibility with -J/--jump-host option
- Multi-hop connection chaining through intermediate jump hosts
- Comprehensive authentication support (SSH agent, key files, passwords)
- Connection timeout and error handling for all tunnel stages
- CLI integration with existing cluster and single-host operations
- Code refactoring to reduce function parameter counts via config structs
- Documentation updates in README.md with usage examples

Enables secure access to internal hosts through bastion servers with
syntax like: bssh -J jump@bastion.example.com user@internal-host

fix(security): Fix host key verification bypass and sensitive data handling - Priority: CRITICAL

- Always verify host keys for intermediate jump hosts to prevent MITM attacks
- Use Zeroizing wrapper for SSH key file contents to clear from memory
- Pass strict mode configuration through the entire jump chain
- Ensure all sensitive data (passwords, passphrases, keys) are properly zeroed

fix(security): Add rate limiting for connection attempts - Priority: HIGH

- Implement token bucket rate limiter to prevent DoS attacks
- Default limits: 10 connection burst, 2 connections/second sustained
- Per-host rate limiting with automatic cleanup of old buckets
- Configurable rate limits via with_rate_limit() method
- Apply rate limiting to all connection attempts (direct, jump hosts, destination)

fix(perf): Fix connection pool resource leak - Priority: HIGH

- Add automatic cleanup of stale connections (idle > 5 min, age > 30 min)
- Clean up connections periodically when pool size exceeds threshold
- Add connection age and idle time tracking
- Implement proper Drop trait logging for debugging
- Add methods to monitor active connection count

fix(security): Add input sanitization for command execution - Priority: HIGH

- Add comprehensive input sanitization module with validation functions
- Sanitize commands to detect injection patterns and dangerous constructs
- Validate and sanitize hostnames to prevent DNS/SSH injection
- Validate and sanitize usernames with proper character restrictions
- Apply sanitization to all command execution and jump host parsing
- Add CommandValidationFailed error variant for proper error handling
- Add comprehensive test coverage for sanitization functions

fix: remove vendor files

update: .gitignore

* update: Cargo.lock

* fix: handle IPv6 addresses in jump hosts and stabilize environment variable tests

Author: inureyes

.gitignore

@@ -24,3 +24,4 @@ Thumbs.db
 .claude/
 .gemini/
 references/
+vendor/

Cargo.lock

@@ -12,6 +12,7 @@ A high-performance SSH client with **SSH-compatible syntax** for both single-hos
 ## Features
 
 - **SSH Compatibility**: Drop-in replacement for SSH with compatible command-line syntax
+- **Jump Host Support**: Connect through bastion hosts using OpenSSH ProxyJump syntax (`-J`)
 - **Parallel Execution**: Execute commands across multiple nodes simultaneously
 - **Cluster Management**: Define and manage node clusters via configuration files
 - **Progress Tracking**: Real-time progress indicators for each node
@@ -98,6 +99,24 @@ bssh -o StrictHostKeyChecking=no user@host
 bssh -Q cipher
 ```
 
+### Jump Host Support (ProxyJump)
+```bash
+# Connect through a single jump host (bastion)
+bssh -J jump@bastion.example.com user@internal-server
+
+# Multiple jump hosts (connection chain)
+bssh -J "jump1@proxy1,jump2@proxy2" user@final-destination
+
+# Jump host with custom port
+bssh -J admin@bastion:2222 user@internal-host
+
+# IPv6 jump host
+bssh -J "[2001:db8::1]:22" user@destination
+
+# Combine with cluster operations
+bssh -J bastion.example.com -C production "uptime"
+```
+
 ### Multi-Server Mode (Cluster Operations)
 ```bash
 # Using direct host specification

README.md

@@ -82,6 +82,13 @@ pub struct Cli {
     )]
     pub password: bool,
 
+    #[arg(
+        short = 'J',
+        long = "jump-host",
+        help = "Comma-separated list of jump hosts (ProxyJump)\nSpecify in [user@]hostname[:port] format, e.g.: 'jump1.example.com' or 'user@jump1:2222,jump2'\nSupports multiple hops for complex network topologies"
+    )]
+    pub jump_hosts: Option<String>,
+
     #[arg(
         long = "parallel",
         default_value = "10",
@@ -160,14 +167,6 @@ pub struct Cli {
     )]
     pub no_tty: bool,
 
-    #[arg(
-        short = 'J',
-        long = "jump",
-        value_name = "destination",
-        help = "Connect via jump host(s) (ProxyJump)"
-    )]
-    pub jump_hosts: Option<String>,
-
     #[arg(short = 'x', long = "no-x11", help = "Disable X11 forwarding")]
     pub no_x11: bool,
 

src/cli.rs

@@ -32,6 +32,7 @@ pub struct ExecuteCommandParams<'a> {
     pub use_password: bool,
     pub output_dir: Option<&'a Path>,
     pub timeout: Option<u64>,
+    pub jump_hosts: Option<&'a str>,
 }
 
 pub async fn execute_command(params: ExecuteCommandParams<'_>) -> Result<()> {
@@ -49,7 +50,8 @@ pub async fn execute_command(params: ExecuteCommandParams<'_>) -> Result<()> {
         params.use_agent,
         params.use_password,
     )
-    .with_timeout(params.timeout);
+    .with_timeout(params.timeout)
+    .with_jump_hosts(params.jump_hosts.map(|s| s.to_string()));
 
     let results = executor.execute(params.command).await?;
 

src/commands/exec.rs

@@ -720,11 +720,22 @@ mod tests {
 
     #[test]
     fn test_expand_tilde() {
-        unsafe {
-            std::env::set_var("HOME", "/home/user");
-        }
+        // Save original HOME value
+        let original_home = std::env::var("HOME").ok();
+
+        // Set test HOME value
+        std::env::set_var("HOME", "/home/user");
+
         let path = Path::new("~/.ssh/config");
         let expanded = expand_tilde(path);
+
+        // Restore original HOME value
+        if let Some(home) = original_home {
+            std::env::set_var("HOME", home);
+        } else {
+            std::env::remove_var("HOME");
+        }
+
         assert_eq!(expanded, PathBuf::from("/home/user/.ssh/config"));
     }