./security/py-asyncssh, Asynchronous SSHv2 client and server library

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.2.1, Package name: py37-asyncssh-2.2.1, Maintainer: pkgsrc-users

AsyncSSH is a Python package which provides an asynchronous client and server
implementation of the SSHv2 protocol on top of the Python 3.4+ asyncio
framework.


Required to run:
[security/py-OpenSSL] [devel/py-setuptools] [security/py-cryptography] [security/py-bcrypt] [security/py-gssapi] [lang/python37]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: 0099a67da83af93b7a4f23a98c65a8025da2a819
RMD160: dcd739da58c6d59de8ab5f0d275c3f97193cf3d3
Filesize: 330.463 KB

Version history: (Expand)


CVS history: (Expand)


   2020-04-23 08:10:29 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-asyncssh: updated to 2.2.1

Release 2.2.1:

Added optional timeout parameter to SSHClientProcess.wait() and \ 
SSHClientConnection.run() methods.
Created subclasses for SFTPError exceptions, allowing applications to more \ 
easily have distinct exception handling for different errors.
Fixed an issue in SFTP parallel I/O related to handling low-level connection \ 
failures. Thanks go to Mikhail Terekhov for reporting this issue.
Fixed an issue with SFTP file copy where a local file could sometimes be left \ 
open if an attempt to close a remote file failed.
Fixed an issue in the handling of boolean return values when \ 
SSHServer.server_requested() returns a coroutine. Thanks go to Tom van Neerijnen \ 
for contributing this fix.
Fixed an issue with passing tuples to the SFTP copy functions. Thanks go to Marc \ 
Gagné for reporting this and doing the initial analysis.
   2020-03-12 17:36:31 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
py-asyncssh: updated to 2.2.0

Release 2.2.0

Added support for U2F/FIDO2 security keys, with the following capabilities:
ECDSA (NISTP256) and Ed25519 key algorithms
Key generation, including control over the application and user the key is \ 
associated with and whether touch is required when using the key
Certificate generation, both as a key being signed and a CA key
Resident keys, allowing security keys to be used on multiple machines without \ 
any information being stored outside of the key
Access to and management of keys loaded in an OpenSSH ssh-agent
Support for both user and host keys and certificates
Support for “no-touch-required” option in authorized_keys files
Support for “no-touch-required” option in OpenSSH certificates
Compatibility with security key support added in OpenSSH version 8.2
Added login timeout client option and limits on the length and number of banner \ 
lines AsyncSSH will accept prior to the SSH version header.
Improved load_keypairs() to read public key files, confirming that they are \ 
consistent with their associated private key when they are present.
Fixed issues in the SCP server related to handling filenames with spaces.
Fixed an issue with resuming reading after readuntil() returns an incomplete read.
Fixed a potential issue related to asyncio not reporting sockname/peername when \ 
a connection is closed immediately after it is opened.
Made SSHConnection a subclass of asyncio.Protocol to please type checkers.
   2019-12-01 12:45:35 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-asyncssh: updated to 2.1.0

Release 2.1.0:
Added support in the SSHProcess redirect mechanism to accept asyncio \ 
StreamReader and StreamWriter objects, allowing asyncio streams to be plugged in \ 
as stdin/stdout/stderr in an SSHProcess.
Added support for key handlers in the AsyncSSH line editor to trigger signals \ 
being delivered when certain “hot keys” are hit while reading input.
Improved cleanup of unreturned connection objects when an error occurs or the \ 
connection request is canceled or times out.
Improved cleanup of SSH agent client objects to avoid triggering a false \ 
positive warning in Python 3.8.
Added an example to the documentation for how to create reverse-direction SSH \ 
client and server connections.
Made check of session objects against None explicit to avoid confusion on \ 
user-defined sessions that implement __len__ or __bool__.

Release 2.0.1:
Some API changes which should have been included in the 2.0.0 release were \ 
missed. This release corrects that, but means that additional changes may be \ 
needed in applications moving to 2.0.1. This should hopefully be the last of \ 
such changes, but if any other issues are discovered, additional changes will be \ 
limited to 2.0.x patch releases and the API will stabilize again in the AsyncSSH \ 
2.1 release. See the next bullet for details about the additional incompatible \ 
change.
To be consistent with other connect and listen functions, all methods on \ 
SSHClientConnection which previously returned None on listen failures have been \ 
changed to raise an exception instead. A new ChannelListenError exception will \ 
now be raised when an SSH server returns failure on a request to open a remote \ 
listener. This change affects the following SSHClientConnection methods: \ 
create_server, create_unix_server, start_server, start_unix_server, \ 
forward_remote_port, and forward_remote_path.
Restored the ability for SSHListener objects to be used as async context \ 
managers. This previously worked in AsyncSSH 1.x and was unintentionally broken \ 
in AsyncSSH 2.0.0.
Added support for a number of additional functions to be called from within an \ 
“async with” statement. These functions already returned objects capable of \ 
being async context managers, but were not decorated to allow them to be \ 
directly called from within “async with”. This change applies to the top \ 
level functions create_server, listen, and listen_reverse and the \ 
SSHClientConnection methods create_server, create_unix_server, start_server, \ 
start_unix_server, forward_local_port, forward_local_path, forward_remote_port, \ 
forward_remote_path, listen_ssh, and listen_reverse_ssh,
Fixed a couple of issues in loading OpenSSH-format certificates which were \ 
missing a trailing newline.
Changed load_certificates() to allow multiple certificates to be loaded from a \ 
single byte string argument, making it more consistent with how \ 
load_certificates() works when reading from a file.

Release 2.0.0:
NEW MAJOR VERSION: See below for potentially incompatible changes.
Updated AsyncSSH to use the modern async/await syntax internally, now requiring \ 
Python 3.6 or later. Those wishing to use AsyncSSH on Python 3.4 or 3.5 should \ 
stick to the AsyncSSH 1.x releases.
Changed first argument of SFTPServer constructor from an SSHServerConnection \ 
(conn) to an SSHServerChannel (chan) to allow custom SFTP server implementations \ 
to access environment variables set on the channel that SFTP is run over. \ 
Applications which subclass the SFTPServer class and implement an __init__ \ 
method will need to be updated to account for this change and pass the new \ 
argument through to the SFTPServer parent class. If the subclass has no __init__ \ 
and just uses the connection, channel, and env properties of SFTPServer to \ 
access this information, no changes should be required.
Removed deprecated “session_encoding” and “session_errors” arguments \ 
from create_server() and listen() functions. These arguments were renamed to \ 
“encoding” and “errors” back in version 1.16.0 to be consistent with \ 
other AsyncSSH APIs.
Removed get_environment(), get_command(), and get_subsystem() methods on \ 
SSHServerProcess class. This information was made available as “env”, \ 
“command”, and “subsystem” properties of SSHServerProcess in AsyncSSH \ 
1.11.0.
Removed optional loop argument from all public AsyncSSH APIs, consistent with \ 
the deprecation of this argument in the asyncio package in Python 3.8. Calls \ 
will now always use the event loop which is active at the time of the call.
Removed support for non-async context managers on AsyncSSH connections and \ 
processes and SFTP client connections and file objects. Callers should use \ 
“async with” to invoke the async the context managers on these objects.
Added support for SSHAgentClient being an async context manager. To be \ 
consistent with other connect calls, connect_agent() will now raise an exception \ 
when no agent is found or a connection failure occurs, rather than logging a \ 
warning and returning None. Callers should catch OSError or ChannelOpenError \ 
exceptions rather than looking for a return value of None when calling this \ 
function.
Added set_input() and clear_input() methods on SSHLineEditorChannel to change \ 
the value of the current input line when line editing is enabled.
Added is_closing() method to the SSHChannel, SSHProcess, SSHWriter, and \ 
SSHSubprocessTransport classes. mirroring the asyncio BaseTransport and \ 
StreamWriter methods added in Python 3.7.
Added wait_closed() async method to the SSHWriter class, mirroring the asyncio \ 
StreamWriter method added in Python 3.7.
   2019-08-25 14:24:06 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
py-asyncssh: updated to 1.18.0

Release 1.18.0:

Added support for GSSAPI ECDH and Edwards DH key exchange algorithms.
Fixed gssapi-with-mic authentication to work with GSS key exchanges, in cases \ 
where gssapi-keyex is not supported.
Made connect_ssh and connect_reverse_ssh methods into async context managers, \ 
simplifying the syntax needed to use them to create tunneled SSH connections.
Fixed a couple of issues with known hosts matching on tunneled SSH connections.
Improved flexibility of key/certificate parser automatic format detection to \ 
properly recognize PEM even when other arbitrary text is present at the \ 
beginning of the file. With this change, the parser can also now handle mixing \ 
of multiple key formats in a single file.
Added support for OpenSSL “TRUSTED” PEM certificates. For now, no \ 
enforcement is done of the additional trust restrictions, but such certificates \ 
can be loaded and used by AsyncSSH without converting them back to regular PEM \ 
format.
Fixed some additional SFTP and SCP issues related to parsing of Windows paths \ 
with drive letters and paths with multiple colons.
Made AsyncSSH tolerant of a client which sends multiple service requests for the \ 
“ssh-userauth” service. This is needed by the Paramiko client when it tries \ 
more than one form of authentication on a connection.
   2019-08-03 13:43:47 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-asyncssh: updated to 1.17.1

Release 1.17.1:
Improved construction of file paths in SFTP to better handle native Windows \ 
source paths containing backslashes or drive letters.
Improved SFTP parallel I/O for large reads and file copies to better handle the \ 
case where a read returns less data than what was requested when not at the end \ 
of the file, allowing AsyncSSH to get back the right result even if the \ 
requested block size is larger than the SFTP server can handle.
Fixed an issue where the requested SFTP block_size wasn’t used in the get, \ 
copy, mget, and mcopy functions if it was larger than the default size of 16 KB.
Fixed a problem where the list of client keys provided in an \ 
SSHClientConnectionOptions object wasn’t always preserved properly across the \ 
opening of multiple SSH connections.
Changed SSH agent client code to avoid printing a warning on Windows when unable \ 
to connect to the SSH agent using the default path. A warning will be printed if \ 
the agent_path or SSH_AUTH_SOCK is explicitly set, but AsyncSSH will remain \ 
quiet if no agent path is set and no SSH agent is running.
Made AsyncSSH tolerant of unexpected authentication success/failure messages \ 
sent after authentication completes. AsyncSSH previously treated this as a \ 
protocol error and dropped the connection, while most other SSH implementations \ 
ignored these messages and allowed the connection to continue.
Made AsyncSSH tolerant of SFTP status responses which are missing error message \ 
and language tag fields, improving interoperability with servers that omit these \ 
fields. When missing, AsyncSSH treats these fields as if they were set to empty \ 
strings.
   2019-06-10 11:36:36 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-asyncssh: updated to 1.17.0

Release 1.17.0:
Added support for “reverse direction” SSH connections, useful to support \ 
applications like NETCONF Call Home, described in RFC 8071.
Added support for the PyCA implementation of Chacha20-Poly1305, eliminating the \ 
dependency on libnacl/libsodium to provide this functionality, as long as \ 
OpenSSL 1.1.1b or later is installed.
Restored libnacl support for Curve25519/Ed25519 on systems which have an older \ 
version of OpenSSL that doesn’t have that support. This fallback also applies \ 
to Chacha20-Poly1305.
Fixed Pageant support on Windows to use the Pageant agent by default when it is \ 
available and client keys are not explicitly configured.
Disabled the use of RSA SHA-2 signatures when using the Pageant or Windows 10 \ 
OpenSSH agent on Windows, since neither of those support the signature flags \ 
options to request them.
Fixed a regression where a callable was no longer usable in the sftp_factory \ 
argument of create_server.
   2019-04-01 11:14:30 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-asyncssh: updated to 1.16.1:

Release 1.16.1:
Added channel, connection, and env properties to SFTPServer instances, so \ 
connection and channel information can be used to influence the SFTP server's \ 
behavior. Previously, connection information was made avaiable through the \ 
constructor, but channel and environment information was not. Now, all of these \ 
are available as properties on the SFTPServer instance without the need to \ 
explicitly store anything in a custom constructor.
Optimized SFTP glob matching when the glob pattern contains directory names \ 
without glob characters in them. Thanks go to Mikhail Terekhov for contributing \ 
this improvement!
Added support for PurePath in a few places that were missed when this support \ 
was originally added. Once again, thanks go to Mikhail Terehkov for these fixes.
Fixed bug in SFTP parallel I/O file reader where it sometimes returned EOF \ 
prematurely. Thanks go to David G for reporting this problem and providing a \ 
reproducible test case.
Fixed test failures seen on Fedora Rawhide. Thanks go to Georg Sauthof for \ 
reporting this issue and providing a test environment to help debug it.
Updated Ed25519/448 and Curve25519/448 tests to only run when these algorithms \ 
are available. Thanks go to Ondřej Súkup for reporting this issue and \ 
providing a suggested fix.
   2019-03-03 13:32:12 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
py-asyncssh: updated to 1.16.0

1.16.0:
Added support for Ed448 host/client keys and certificates and rewrote Ed25519 \ 
support to use the PyCA implementation, reducing the dependency on libnacl and \ 
libsodium to only be needed to support the chacha20-poly1305 cipher.
Added support for PKCS-8 format Ed25519 and Ed448 private and public keys (in \ 
addition to the OpenSSH format previously supported).
Added support for multiple delimiters in SSHReader’s readuntil() function, \ 
causing it to return data as soon as any of the specified delimiters are \ 
matched.
Added the ability to register custom key handlers in the line editor which can \ 
modify the input line, extending the built-in editing functionality.
Added SSHSubprocessProtocol and SSHSubprocessTransport classes to provide \ 
compatibility with asyncio.SubprocessProtocol and asyncio.SubprocessTransport. \ 
Code which is designed to call BaseEventLoop.subprocess_shell() or \ 
BaseEventLoop.subprocess_exec() can be easily adapted to work against a remote \ 
process by calling SSHClientConnection.create_subprocess().
Added support for sending keepalive messages when the SSH connection is idle, \ 
with an option to automatically disconnect the connection if the remote system \ 
doesn’t respond to these keepalives.
Changed AsyncSSH to ignore errors when loading unsupported key types from the \ 
default file locations.
Changed the reuse_port option to only be available on Python releases which \ 
support it (3.4.4 and later).
Fixed an issue where MSG_IGNORE packets could sometimes be sent between \ 
MSG_NEWKEYS and MSG_EXT_INFO, which caused some SSH implementations to fail to \ 
properly parse the MSG_EXT_INFO.
Fixed a couple of errors in the handling of disconnects occurring prior to \ 
authentication completing.
Renamed “session_encoding” and “session_errors” arguments in \ 
asyncssh.create_server() to “encoding” and “errors”, to match the names \ 
used for these arguments in other AsyncSSH APIs. The old names are still \ 
supported for now, but they are marked as deprecated and will be removed in a \ 
future release.