asyncssh

Async SSH client/server library for Python — provides non-blocking SSH connections, SFTP, and port forwarding in asyncio. asyncssh features: asyncssh.connect() for client connections, asyncssh.create_server() for servers, run() for command execution, create_process() for interactive processes, start_client()/start_server() for SFTP, SFTPClient for file operations, port forwarding and tunneling, known_hosts verification, multiple auth methods (password, public key, keyboard-interactive, GSSAPI), agent forwarding, X.509 certificates, and cipher/MAC configuration. Pure Python asyncio SSH without blocking.

Evaluated Mar 06, 2026 (0d ago) v2.x
Homepage ↗ Repo ↗ Developer Tools python asyncssh ssh sftp async asyncio remote scp
⚙ Agent Friendliness
65
/ 100
Can an agent use this?
🔒 Security
89
/ 100
Is it safe for agents?
⚡ Reliability
84
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
--
Documentation
85
Error Messages
82
Auth Simplicity
88
Rate Limits
95

🔒 Security

TLS Enforcement
95
Auth Strength
92
Scope Granularity
88
Dep. Hygiene
85
Secret Handling
85

SSH is encrypted by default — all traffic encrypted. Always enable known_hosts verification in production — disable only for testing. Prefer SSH key auth over password auth. asyncssh supports modern ciphers (ChaCha20, AES-GCM) by default. Agent forwarding should be disabled unless needed: agent_forwarding=False. Commands run on remote host with remote user's privileges — validate commands before execution.

⚡ Reliability

Uptime/SLA
85
Version Stability
85
Breaking Changes
82
Error Recovery
82
AF Security Reliability

Best When

Async Python applications needing SSH — FastAPI background tasks, async agent infrastructure automation, parallel multi-host operations — asyncssh provides non-blocking SSH without separate threading.

Avoid When

Your code is synchronous (use paramiko), you need only simple shell commands (use subprocess + ssh), or you're building SSH servers on Windows.

Use Cases

  • Agent async SSH command — import asyncssh; async with asyncssh.connect('host', username='agent', client_keys=['~/.ssh/id_rsa']) as conn: result = await conn.run('ls -la /data/'); print(result.stdout) — non-blocking SSH; agent infrastructure management runs commands on remote hosts without blocking event loop; result.exit_status checks success
  • Agent parallel SSH — async with asyncssh.connect('host1', ...) as c1, asyncssh.connect('host2', ...) as c2: r1, r2 = await asyncio.gather(c1.run('cmd'), c2.run('cmd')) — concurrent SSH to multiple hosts; agent fleet management runs same command on 100 hosts in parallel; gather() handles concurrency with single event loop
  • Agent SFTP file transfer — async with asyncssh.connect('host', username='deploy') as conn: async with conn.start_sftp_client() as sftp: await sftp.put('local_file.txt', '/remote/path/file.txt'); await sftp.get('/remote/log.txt', 'local_log.txt') — async SFTP upload/download; agent deployment pushes artifacts to remote host; get() downloads results
  • Agent SSH tunnel — async with asyncssh.connect('bastion', username='user') as tunnel: async with tunnel.forward_local_port('', 8080, 'db.internal', 5432): conn = await asyncpg.connect(host='127.0.0.1', port=8080) — SSH tunnel to internal database; agent connects to private network resources through bastion host; port forwarding transparent to application
  • Agent interactive process — async with asyncssh.connect('host') as conn: process = await conn.create_process('python3 -i'); await process.stdin.write('import sys\n'); output = await process.stdout.read(100) — interactive remote process; agent drives remote interactive programs; stdin/stdout async streams

Not For

  • Sync Python code — asyncssh requires asyncio; for sync SSH use paramiko
  • Simple one-off SSH commands — asyncssh has startup overhead; for simple scripts use subprocess.run(['ssh', ...])
  • Windows SSH server — asyncssh server mode requires Unix pty; client mode works on Windows

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
No
SDK
Yes
Webhooks
No

Authentication

Methods: ssh_key password certificate
OAuth: No Scopes: No

SSH key authentication (preferred). Password auth supported but discouraged. X.509 certificate auth. GSSAPI/Kerberos for enterprise environments. Known hosts verification configurable.

Pricing

Model: open_source
Free tier: Yes
Requires CC: No

asyncssh is Eclipse Public License licensed. Free for all use.

Agent Metadata

Pagination
none
Idempotent
Partial
Retry Guidance
Not documented

Known Gotchas

  • known_hosts verification fails for new hosts — asyncssh.connect() raises HostKeyNotVerifiable for hosts not in ~/.ssh/known_hosts; agent automation against new hosts must: known_hosts=None (disable verification, insecure) or known_hosts='path/to/known_hosts' with host pre-added; never disable verification in production without alternative trust mechanism
  • Connection context manager required — asyncssh.connect() returns context manager; without async with, connection leaks; conn = await asyncssh.connect() without context manager: conn.close() must be called manually; agent code must always use: async with asyncssh.connect(...) as conn: or explicitly call conn.close() in finally block
  • run() vs create_process() for interactive commands — conn.run('cmd') captures complete stdout/stderr and returns when command exits; create_process() returns running process with stdin/stdout streams for interactive use; agent code using run() for interactive prompts hangs waiting for command to exit; use create_process() for any command requiring stdin input
  • SFTP client nested context manager — async with conn.start_sftp_client() as sftp: requires open connection; sftp operations outside this context raise asyncssh.SFTPError; agent code must keep both connection and sftp client open for duration of file operations; sftp.put() of 1GB file requires connection open for entire transfer
  • result.exit_status vs result.stderr for error diagnosis — conn.run('failing_cmd') raises asyncssh.ProcessError if check=True (default); exception has .exit_status and .stderr; conn.run('cmd', check=False) returns result without raising on non-zero exit; agent code needing both success and failure output: check=False then inspect result.exit_status
  • Concurrent connections share event loop but not threads — asyncssh is fully async; asyncio.gather(conn1.run(cmd), conn2.run(cmd)) runs both concurrently on same event loop; no thread creation; agent parallel SSH scales to 100s of concurrent connections without thread overhead; limit max concurrent connections with asyncio.Semaphore(max_connections)

Alternatives

paramiko-python-api

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for asyncssh.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

$3

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-06.

5229
Packages Evaluated
26151
Need Evaluation
173
Need Re-evaluation
Community Powered