./security/py-asyncssh, Asynchronous SSHv2 client and server library

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.16.0, Package name: py37-asyncssh-1.16.0, Maintainer: pkgsrc-users

AsyncSSH is a Python package which provides an asynchronous client and server
implementation of the SSHv2 protocol on top of the Python 3.4+ asyncio
framework.


Required to run:
[security/py-OpenSSL] [devel/py-setuptools] [security/py-cryptography] [security/py-bcrypt] [security/py-gssapi] [lang/python37]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: 8db47b410f3c36180719be12d83fa13aac20ac42
RMD160: b4303546559c5f43fded710bc71257b8eea652a1
Filesize: 314.452 KB

Version history: (Expand)


CVS history: (Expand)


   2019-03-03 13:32:12 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
py-asyncssh: updated to 1.16.0

1.16.0:
Added support for Ed448 host/client keys and certificates and rewrote Ed25519 \ 
support to use the PyCA implementation, reducing the dependency on libnacl and \ 
libsodium to only be needed to support the chacha20-poly1305 cipher.
Added support for PKCS-8 format Ed25519 and Ed448 private and public keys (in \ 
addition to the OpenSSH format previously supported).
Added support for multiple delimiters in SSHReader’s readuntil() function, \ 
causing it to return data as soon as any of the specified delimiters are \ 
matched.
Added the ability to register custom key handlers in the line editor which can \ 
modify the input line, extending the built-in editing functionality.
Added SSHSubprocessProtocol and SSHSubprocessTransport classes to provide \ 
compatibility with asyncio.SubprocessProtocol and asyncio.SubprocessTransport. \ 
Code which is designed to call BaseEventLoop.subprocess_shell() or \ 
BaseEventLoop.subprocess_exec() can be easily adapted to work against a remote \ 
process by calling SSHClientConnection.create_subprocess().
Added support for sending keepalive messages when the SSH connection is idle, \ 
with an option to automatically disconnect the connection if the remote system \ 
doesn’t respond to these keepalives.
Changed AsyncSSH to ignore errors when loading unsupported key types from the \ 
default file locations.
Changed the reuse_port option to only be available on Python releases which \ 
support it (3.4.4 and later).
Fixed an issue where MSG_IGNORE packets could sometimes be sent between \ 
MSG_NEWKEYS and MSG_EXT_INFO, which caused some SSH implementations to fail to \ 
properly parse the MSG_EXT_INFO.
Fixed a couple of errors in the handling of disconnects occurring prior to \ 
authentication completing.
Renamed “session_encoding” and “session_errors” arguments in \ 
asyncssh.create_server() to “encoding” and “errors”, to match the names \ 
used for these arguments in other AsyncSSH APIs. The old names are still \ 
supported for now, but they are marked as deprecated and will be removed in a \ 
future release.
   2019-01-22 10:17:57 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-asyncssh: updated to 1.15.1

Release 1.15.1:
Added callback-based host validation in SSHClient, allowing callers to decide \ 
programmatically whether to trust server host keys and certificates rather than \ 
having to provide a list of trusted values in advance.
Changed SSH client code to only load the default known hosts file if if exists. \ 
Previously an error was returned if a known_hosts value wasn’t specified and \ 
the default known_hosts file didn’t exist. For host validate to work in this \ 
case, verification callbacks must be implemented or other forms of validation \ 
such as X.509 trusted CAs or GSS-based key exchange must be used.
Fixed known hosts validation to completely disable certificate checks when \ 
known_hosts is set to None. Previously, key checking was disabled in this case \ 
but other checks for certificate expiration and hostname mismatch were still \ 
performed, causing connections to fail even when checking was supposed to be \ 
disabled.
Switched curve25519 key exchange to use the PyCA implementation, avoiding a \ 
dependency on libnacl/libsodium. For now, support for Ed25519 keys still \ 
requires these libraries, but once that support appears in PyCA, it may be \ 
possible to remove this dependency entirely.
Added get_fingerprint() method to return a fingerprint of an SSHKey.
   2018-11-27 08:03:38 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-asyncssh: updated to 1.15.0

Release 1.15.0:

Added the ability to pass keyword arguments provided in the scp() command \ 
through to asyncssh.connect() calls it makes, allowing things like custom \ 
credentials to be specified.
Added support for a reuse_port argument in create_server(). If set, this will be \ 
passed to the asyncio loop.create_server() call which creates listening sockets.
Added support for “soft” EOF when line editing in enabled so that EOF can be \ 
signalled multiple times on a channel. When Ctrl-D is received on a channel with \ 
line editing enabled, EOF is returned to the application but the channel remains \ 
open and capable of accepting more input, allowing an interactive shell to \ 
process the EOF for one command but still accept input for subsequent commands.
Added support for the Windows 10 OpenSSH ssh-agent. Thanks go to SamP20 for \ 
providing an initial proof of concept and a suggested implementation.
Reworked scoped link-local IPv6 address normalization to work better on Linux \ 
systems.
Fixed a problem preserving directory structure in recursive scp().
Fixed SFTP chmod tests to avoid attempting to set the sticky bit on a plain \ 
file, as this caused test failures on FreeBSD.
Updated note in SSHClientChannel’s send_signal() documentation to reflect that \ 
OpenSSH 7.9 and later should now support processing of signal messages.
   2018-09-21 12:58:59 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-asyncssh: updated to 1.14.0

Release 1.14.0:
Changed license from EPL 1.0 to EPL 2.0 with GPL 2.0 or later as an available \ 
secondary license.
Added support for automatically parallelizing large reads and write made using \ 
the SFTPClientFile class, similar to what was already available in the \ 
get/put/copy methods of SFTPClient.
Added support for get_extra_info() in SSH process classes, returning information \ 
associated with the channel the process is tied to.
Added new set_extra_info() method on SSH connection and channel classes, \ 
allowing applications to store additional information on these objects.
Added handlers for OpenSSH keepalive global & channel requests to avoid \ 
messages about unknown requests in the debug log. These requests are still \ 
logged, but at debug level 2 instead of 1 and they are not labeled as unknown.
Fixed race condition when closing sockets associated with forwarded connections.
Improved error handling during connection close in SFTPClient.
Worked around issues with integer overflow on systems with a 32-bit time_t value \ 
when dates beyond 2038 are used in X.509 certificates.
Added guards around some imports and tests which were causing problems on Fedora 27.
Changed debug level for reporting PTY modes from 1 to 2 to reduce noise in the logs.
Improved SFTP debug log output when sending EOF responses.
   2018-07-24 08:09:33 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-asyncssh: updated to 1.13.3

1.13.3:
Added support for setting the Unicode error handling strategy in conjunction \ 
with setting an encoding when creating new SSH sessions, streams, and processes. \ 
This strategy can also be set when specifying a session encoding in \ 
create_server(), and when providing an encoding in the get_comment() and \ 
set_comment() functions on private/public keys and certificates.
Changed handling of Unicode in channels to use incrmeental codec, similar to \ 
what was previously done in process redirection.
Added Python 3.7 to the list of classifiers in setup.py, now that it has been \ 
released.
Updated Travis CI configuration to add Python 3.7 builds, and moved Linux builds \ 
on never versions of Python up to xenial.
Added missing coroutine decorator in test_channel.
   2018-07-04 05:38:34 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
py-asyncssh: updated to 1.13.2

Release 1.13.2:
Added support for accessing client host keys via the OpenSSH ssh-keysign program \ 
when doing host-based authentication. If ssh-keysign is present and enabled on \ 
the system, an AsyncSSH based SSH client can use host-based authentication \ 
without access to the host private keys.
Added support for using pathlib path objects when reading and writing private \ 
and public keys and certificates.
Added support for auth_completed() callback in the SSHServer class which runs \ 
when authentication completes successfully on each new connection.
Fixed host-based authentication unit tests to mock out calls to getnameinfo() to \ 
avoid failures on systems with restricted network functionality.
   2018-06-19 13:37:28 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
py-asyncssh: updated to 1.13.1

Release 1.13.1:
Added client and server support for host-based SSH authentication. If enabled, \ 
this will allow all users from a given host to be authenticated by a shared host \ 
key, rather than each user needing their own key. This should only be used with \ 
hosts which are trusted to keep their host keys secure and provide accurate \ 
client usernames.
Added support for RSA key exchange algorithms (rsa2048-sha256 and rsa1024-sha1) \ 
available in PuTTY and some mobile SSH clients.
Added support for the SECP256K1 elliptic curve for ECDSA keys and ECDH key \ 
exchange. This curve is supported by the Bitvise SSH client and server.
Added debug logging of the algorithms listed in a received kexinit message.
   2018-05-29 09:18:57 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
py-asyncssh: updated to 1.13.0

Release 1.13.0:
Added support for dynamic port forwarding via SOCKS, where AsyncSSH will open a \ 
listener which understands SOCKS connect requests and for each request open a \ 
TCP/IP tunnel over SSH to the requested host and port.
Added support in SSHProcess for I/O redirection to file objects that implement \ 
read(), write(), and close() functions as coroutines, such as the “aiofiles” \ 
package. In such cases, AsyncSSH will automaically detect that it needs to make \ 
async calls to these methods when it performs I/O.
Added support for using pathlib objects in SSHProcess I/O redirection.
Added multiple improvements to pattern matching support in the SFTPClient \ 
glob(), mget(), mput(), and mcopy() methods. AsyncSSH now allows you to use \ 
‘**’ in a pattern to do a recursive directory search, allows character \ 
ranges in square brackets in a pattern, and allows a trailing slash in a pattern \ 
to be specified to request that only directories matching the pattern should be \ 
returned.
Fixed an issue with calling readline() and readuntil() with a timeout, where \ 
partial data received before the timeout was sometimes discarded. Any partial \ 
data which was received when a timeout occurs will now be left in the input \ 
buffer, so it is still available to future read() calls.
Fixed a race condition where trying to restart a read() after a timeout could \ 
sometimes raise an exception about multiple simultaneous reads.
Changed readuntil() in SSHReader to raise IncompleteReadError if the receive \ 
window fills up before a delimiter match is found. This also applies to \ 
readline(), which will return a partial line without a newline at the end when \ 
this occurs. To support longer lines, a caller can call readuntil() or \ 
readline() as many times as they’d like, appending the data returned to the \ 
previous partial data until a delimiter is found or some maximum size is \ 
exceeded. Since the default window size is 2 MBytes, though, it’s very \ 
unlikely this will be needed in most applications.
Reworked the crypto support in AsyncSSH to separate packet encryption and \ 
decryption into its own module and simplified the directory structure of the \ 
asyncssh.crypto package, eliminating a pyca subdirectory that was created back \ 
when AsyncSSH used a mix of PyCA and PyCrypto.