./security/py-asyncssh, Asynchronous SSHv2 client and server library

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.1.0, Package name: py37-asyncssh-2.1.0, Maintainer: pkgsrc-users

AsyncSSH is a Python package which provides an asynchronous client and server
implementation of the SSHv2 protocol on top of the Python 3.4+ asyncio
framework.


Required to run:
[security/py-OpenSSL] [devel/py-setuptools] [security/py-cryptography] [security/py-bcrypt] [security/py-gssapi] [lang/python37]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: b937691ab5a3b2dde3cc424b9fef13481a2a253d
RMD160: 3decf62c9f150aac3c41ba578cce7e5d69dbf48a
Filesize: 317.515 KB

Version history: (Expand)


CVS history: (Expand)


   2019-12-01 12:45:35 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-asyncssh: updated to 2.1.0

Release 2.1.0:
Added support in the SSHProcess redirect mechanism to accept asyncio \ 
StreamReader and StreamWriter objects, allowing asyncio streams to be plugged in \ 
as stdin/stdout/stderr in an SSHProcess.
Added support for key handlers in the AsyncSSH line editor to trigger signals \ 
being delivered when certain “hot keys” are hit while reading input.
Improved cleanup of unreturned connection objects when an error occurs or the \ 
connection request is canceled or times out.
Improved cleanup of SSH agent client objects to avoid triggering a false \ 
positive warning in Python 3.8.
Added an example to the documentation for how to create reverse-direction SSH \ 
client and server connections.
Made check of session objects against None explicit to avoid confusion on \ 
user-defined sessions that implement __len__ or __bool__.

Release 2.0.1:
Some API changes which should have been included in the 2.0.0 release were \ 
missed. This release corrects that, but means that additional changes may be \ 
needed in applications moving to 2.0.1. This should hopefully be the last of \ 
such changes, but if any other issues are discovered, additional changes will be \ 
limited to 2.0.x patch releases and the API will stabilize again in the AsyncSSH \ 
2.1 release. See the next bullet for details about the additional incompatible \ 
change.
To be consistent with other connect and listen functions, all methods on \ 
SSHClientConnection which previously returned None on listen failures have been \ 
changed to raise an exception instead. A new ChannelListenError exception will \ 
now be raised when an SSH server returns failure on a request to open a remote \ 
listener. This change affects the following SSHClientConnection methods: \ 
create_server, create_unix_server, start_server, start_unix_server, \ 
forward_remote_port, and forward_remote_path.
Restored the ability for SSHListener objects to be used as async context \ 
managers. This previously worked in AsyncSSH 1.x and was unintentionally broken \ 
in AsyncSSH 2.0.0.
Added support for a number of additional functions to be called from within an \ 
“async with” statement. These functions already returned objects capable of \ 
being async context managers, but were not decorated to allow them to be \ 
directly called from within “async with”. This change applies to the top \ 
level functions create_server, listen, and listen_reverse and the \ 
SSHClientConnection methods create_server, create_unix_server, start_server, \ 
start_unix_server, forward_local_port, forward_local_path, forward_remote_port, \ 
forward_remote_path, listen_ssh, and listen_reverse_ssh,
Fixed a couple of issues in loading OpenSSH-format certificates which were \ 
missing a trailing newline.
Changed load_certificates() to allow multiple certificates to be loaded from a \ 
single byte string argument, making it more consistent with how \ 
load_certificates() works when reading from a file.

Release 2.0.0:
NEW MAJOR VERSION: See below for potentially incompatible changes.
Updated AsyncSSH to use the modern async/await syntax internally, now requiring \ 
Python 3.6 or later. Those wishing to use AsyncSSH on Python 3.4 or 3.5 should \ 
stick to the AsyncSSH 1.x releases.
Changed first argument of SFTPServer constructor from an SSHServerConnection \ 
(conn) to an SSHServerChannel (chan) to allow custom SFTP server implementations \ 
to access environment variables set on the channel that SFTP is run over. \ 
Applications which subclass the SFTPServer class and implement an __init__ \ 
method will need to be updated to account for this change and pass the new \ 
argument through to the SFTPServer parent class. If the subclass has no __init__ \ 
and just uses the connection, channel, and env properties of SFTPServer to \ 
access this information, no changes should be required.
Removed deprecated “session_encoding” and “session_errors” arguments \ 
from create_server() and listen() functions. These arguments were renamed to \ 
“encoding” and “errors” back in version 1.16.0 to be consistent with \ 
other AsyncSSH APIs.
Removed get_environment(), get_command(), and get_subsystem() methods on \ 
SSHServerProcess class. This information was made available as “env”, \ 
“command”, and “subsystem” properties of SSHServerProcess in AsyncSSH \ 
1.11.0.
Removed optional loop argument from all public AsyncSSH APIs, consistent with \ 
the deprecation of this argument in the asyncio package in Python 3.8. Calls \ 
will now always use the event loop which is active at the time of the call.
Removed support for non-async context managers on AsyncSSH connections and \ 
processes and SFTP client connections and file objects. Callers should use \ 
“async with” to invoke the async the context managers on these objects.
Added support for SSHAgentClient being an async context manager. To be \ 
consistent with other connect calls, connect_agent() will now raise an exception \ 
when no agent is found or a connection failure occurs, rather than logging a \ 
warning and returning None. Callers should catch OSError or ChannelOpenError \ 
exceptions rather than looking for a return value of None when calling this \ 
function.
Added set_input() and clear_input() methods on SSHLineEditorChannel to change \ 
the value of the current input line when line editing is enabled.
Added is_closing() method to the SSHChannel, SSHProcess, SSHWriter, and \ 
SSHSubprocessTransport classes. mirroring the asyncio BaseTransport and \ 
StreamWriter methods added in Python 3.7.
Added wait_closed() async method to the SSHWriter class, mirroring the asyncio \ 
StreamWriter method added in Python 3.7.
   2019-08-25 14:24:06 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
py-asyncssh: updated to 1.18.0

Release 1.18.0:

Added support for GSSAPI ECDH and Edwards DH key exchange algorithms.
Fixed gssapi-with-mic authentication to work with GSS key exchanges, in cases \ 
where gssapi-keyex is not supported.
Made connect_ssh and connect_reverse_ssh methods into async context managers, \ 
simplifying the syntax needed to use them to create tunneled SSH connections.
Fixed a couple of issues with known hosts matching on tunneled SSH connections.
Improved flexibility of key/certificate parser automatic format detection to \ 
properly recognize PEM even when other arbitrary text is present at the \ 
beginning of the file. With this change, the parser can also now handle mixing \ 
of multiple key formats in a single file.
Added support for OpenSSL “TRUSTED” PEM certificates. For now, no \ 
enforcement is done of the additional trust restrictions, but such certificates \ 
can be loaded and used by AsyncSSH without converting them back to regular PEM \ 
format.
Fixed some additional SFTP and SCP issues related to parsing of Windows paths \ 
with drive letters and paths with multiple colons.
Made AsyncSSH tolerant of a client which sends multiple service requests for the \ 
“ssh-userauth” service. This is needed by the Paramiko client when it tries \ 
more than one form of authentication on a connection.
   2019-08-03 13:43:47 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-asyncssh: updated to 1.17.1

Release 1.17.1:
Improved construction of file paths in SFTP to better handle native Windows \ 
source paths containing backslashes or drive letters.
Improved SFTP parallel I/O for large reads and file copies to better handle the \ 
case where a read returns less data than what was requested when not at the end \ 
of the file, allowing AsyncSSH to get back the right result even if the \ 
requested block size is larger than the SFTP server can handle.
Fixed an issue where the requested SFTP block_size wasn’t used in the get, \ 
copy, mget, and mcopy functions if it was larger than the default size of 16 KB.
Fixed a problem where the list of client keys provided in an \ 
SSHClientConnectionOptions object wasn’t always preserved properly across the \ 
opening of multiple SSH connections.
Changed SSH agent client code to avoid printing a warning on Windows when unable \ 
to connect to the SSH agent using the default path. A warning will be printed if \ 
the agent_path or SSH_AUTH_SOCK is explicitly set, but AsyncSSH will remain \ 
quiet if no agent path is set and no SSH agent is running.
Made AsyncSSH tolerant of unexpected authentication success/failure messages \ 
sent after authentication completes. AsyncSSH previously treated this as a \ 
protocol error and dropped the connection, while most other SSH implementations \ 
ignored these messages and allowed the connection to continue.
Made AsyncSSH tolerant of SFTP status responses which are missing error message \ 
and language tag fields, improving interoperability with servers that omit these \ 
fields. When missing, AsyncSSH treats these fields as if they were set to empty \ 
strings.
   2019-06-10 11:36:36 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-asyncssh: updated to 1.17.0

Release 1.17.0:
Added support for “reverse direction” SSH connections, useful to support \ 
applications like NETCONF Call Home, described in RFC 8071.
Added support for the PyCA implementation of Chacha20-Poly1305, eliminating the \ 
dependency on libnacl/libsodium to provide this functionality, as long as \ 
OpenSSL 1.1.1b or later is installed.
Restored libnacl support for Curve25519/Ed25519 on systems which have an older \ 
version of OpenSSL that doesn’t have that support. This fallback also applies \ 
to Chacha20-Poly1305.
Fixed Pageant support on Windows to use the Pageant agent by default when it is \ 
available and client keys are not explicitly configured.
Disabled the use of RSA SHA-2 signatures when using the Pageant or Windows 10 \ 
OpenSSH agent on Windows, since neither of those support the signature flags \ 
options to request them.
Fixed a regression where a callable was no longer usable in the sftp_factory \ 
argument of create_server.
   2019-04-01 11:14:30 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-asyncssh: updated to 1.16.1:

Release 1.16.1:
Added channel, connection, and env properties to SFTPServer instances, so \ 
connection and channel information can be used to influence the SFTP server's \ 
behavior. Previously, connection information was made avaiable through the \ 
constructor, but channel and environment information was not. Now, all of these \ 
are available as properties on the SFTPServer instance without the need to \ 
explicitly store anything in a custom constructor.
Optimized SFTP glob matching when the glob pattern contains directory names \ 
without glob characters in them. Thanks go to Mikhail Terekhov for contributing \ 
this improvement!
Added support for PurePath in a few places that were missed when this support \ 
was originally added. Once again, thanks go to Mikhail Terehkov for these fixes.
Fixed bug in SFTP parallel I/O file reader where it sometimes returned EOF \ 
prematurely. Thanks go to David G for reporting this problem and providing a \ 
reproducible test case.
Fixed test failures seen on Fedora Rawhide. Thanks go to Georg Sauthof for \ 
reporting this issue and providing a test environment to help debug it.
Updated Ed25519/448 and Curve25519/448 tests to only run when these algorithms \ 
are available. Thanks go to Ondřej Súkup for reporting this issue and \ 
providing a suggested fix.
   2019-03-03 13:32:12 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
py-asyncssh: updated to 1.16.0

1.16.0:
Added support for Ed448 host/client keys and certificates and rewrote Ed25519 \ 
support to use the PyCA implementation, reducing the dependency on libnacl and \ 
libsodium to only be needed to support the chacha20-poly1305 cipher.
Added support for PKCS-8 format Ed25519 and Ed448 private and public keys (in \ 
addition to the OpenSSH format previously supported).
Added support for multiple delimiters in SSHReader’s readuntil() function, \ 
causing it to return data as soon as any of the specified delimiters are \ 
matched.
Added the ability to register custom key handlers in the line editor which can \ 
modify the input line, extending the built-in editing functionality.
Added SSHSubprocessProtocol and SSHSubprocessTransport classes to provide \ 
compatibility with asyncio.SubprocessProtocol and asyncio.SubprocessTransport. \ 
Code which is designed to call BaseEventLoop.subprocess_shell() or \ 
BaseEventLoop.subprocess_exec() can be easily adapted to work against a remote \ 
process by calling SSHClientConnection.create_subprocess().
Added support for sending keepalive messages when the SSH connection is idle, \ 
with an option to automatically disconnect the connection if the remote system \ 
doesn’t respond to these keepalives.
Changed AsyncSSH to ignore errors when loading unsupported key types from the \ 
default file locations.
Changed the reuse_port option to only be available on Python releases which \ 
support it (3.4.4 and later).
Fixed an issue where MSG_IGNORE packets could sometimes be sent between \ 
MSG_NEWKEYS and MSG_EXT_INFO, which caused some SSH implementations to fail to \ 
properly parse the MSG_EXT_INFO.
Fixed a couple of errors in the handling of disconnects occurring prior to \ 
authentication completing.
Renamed “session_encoding” and “session_errors” arguments in \ 
asyncssh.create_server() to “encoding” and “errors”, to match the names \ 
used for these arguments in other AsyncSSH APIs. The old names are still \ 
supported for now, but they are marked as deprecated and will be removed in a \ 
future release.
   2019-01-22 10:17:57 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-asyncssh: updated to 1.15.1

Release 1.15.1:
Added callback-based host validation in SSHClient, allowing callers to decide \ 
programmatically whether to trust server host keys and certificates rather than \ 
having to provide a list of trusted values in advance.
Changed SSH client code to only load the default known hosts file if if exists. \ 
Previously an error was returned if a known_hosts value wasn’t specified and \ 
the default known_hosts file didn’t exist. For host validate to work in this \ 
case, verification callbacks must be implemented or other forms of validation \ 
such as X.509 trusted CAs or GSS-based key exchange must be used.
Fixed known hosts validation to completely disable certificate checks when \ 
known_hosts is set to None. Previously, key checking was disabled in this case \ 
but other checks for certificate expiration and hostname mismatch were still \ 
performed, causing connections to fail even when checking was supposed to be \ 
disabled.
Switched curve25519 key exchange to use the PyCA implementation, avoiding a \ 
dependency on libnacl/libsodium. For now, support for Ed25519 keys still \ 
requires these libraries, but once that support appears in PyCA, it may be \ 
possible to remove this dependency entirely.
Added get_fingerprint() method to return a fingerprint of an SSHKey.
   2018-11-27 08:03:38 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-asyncssh: updated to 1.15.0

Release 1.15.0:

Added the ability to pass keyword arguments provided in the scp() command \ 
through to asyncssh.connect() calls it makes, allowing things like custom \ 
credentials to be specified.
Added support for a reuse_port argument in create_server(). If set, this will be \ 
passed to the asyncio loop.create_server() call which creates listening sockets.
Added support for “soft” EOF when line editing in enabled so that EOF can be \ 
signalled multiple times on a channel. When Ctrl-D is received on a channel with \ 
line editing enabled, EOF is returned to the application but the channel remains \ 
open and capable of accepting more input, allowing an interactive shell to \ 
process the EOF for one command but still accept input for subsequent commands.
Added support for the Windows 10 OpenSSH ssh-agent. Thanks go to SamP20 for \ 
providing an initial proof of concept and a suggested implementation.
Reworked scoped link-local IPv6 address normalization to work better on Linux \ 
systems.
Fixed a problem preserving directory structure in recursive scp().
Fixed SFTP chmod tests to avoid attempting to set the sticky bit on a plain \ 
file, as this caused test failures on FreeBSD.
Updated note in SSHClientChannel’s send_signal() documentation to reflect that \ 
OpenSSH 7.9 and later should now support processing of signal messages.