|
|
|
@@ -1,3 +1,247 @@
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
|
|
Sat Jul 12 17:35:09 UTC 2025 - Dirk Müller <dmueller@suse.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- update to 2.21.0:
|
|
|
|
|
|
|
|
* Added sparse file support for SFTP, allowing file copying
|
|
|
|
|
|
|
|
which automatically skips over any "holes" in a source file,
|
|
|
|
|
|
|
|
transferring only the data ranges which are actually present.
|
|
|
|
|
|
|
|
* Added support for applications to request that session,
|
|
|
|
|
|
|
|
connection, or TUN/TAP requests arriving on an
|
|
|
|
|
|
|
|
SSHServerConnection be forwarded out some other established
|
|
|
|
|
|
|
|
SSHClientConnection. Callback methods on SSHServer which
|
|
|
|
|
|
|
|
decide how to handle these requests can now return an
|
|
|
|
|
|
|
|
SSHClientConnection to set up this tunneling, instead of
|
|
|
|
|
|
|
|
having to accept the request and implement their own
|
|
|
|
|
|
|
|
forwarding logic.
|
|
|
|
|
|
|
|
* Further hardened the SSH key exchange process to make
|
|
|
|
|
|
|
|
AsyncSSH more strict when accepting messages during key
|
|
|
|
|
|
|
|
exchange. Thanks go to Fabian Bäumer and Marcus Brinkmann for
|
|
|
|
|
|
|
|
identifying potential issues here.
|
|
|
|
|
|
|
|
* Added support for the auth_completed callback in SSHServer to
|
|
|
|
|
|
|
|
be either a callable or a coroutine, allowing async
|
|
|
|
|
|
|
|
operations to be performed when user authentication completes
|
|
|
|
|
|
|
|
successfully, prior to accepting session requests.
|
|
|
|
|
|
|
|
* Added support for the sftp_factory config argument be either
|
|
|
|
|
|
|
|
a callable or a coroutine, allowing async operations to be
|
|
|
|
|
|
|
|
performed when starting up a new SFTP server session.
|
|
|
|
|
|
|
|
* Fixed a bug where the exit() method of SFTPServer didn't
|
|
|
|
|
|
|
|
handle being declared as a coroutine. Thanks go to C. R.
|
|
|
|
|
|
|
|
Oldham for reporting this issue.
|
|
|
|
|
|
|
|
* Improved handling of exceptions in connection_lost()
|
|
|
|
|
|
|
|
callbacks. Exceptions in connection_lost() will now be
|
|
|
|
|
|
|
|
reported in the debug log, but other cleanup code in AsyncSSH
|
|
|
|
|
|
|
|
will continue, ignoring those exceptions. Thanks go to Danil
|
|
|
|
|
|
|
|
Slinchuk for reporting this issue.
|
|
|
|
|
|
|
|
* Added support for specifying an explicit path when
|
|
|
|
|
|
|
|
configuring agent forwarding. Thanks go to Aleksandr Ilin for
|
|
|
|
|
|
|
|
pointing out that this options supports more than just a
|
|
|
|
|
|
|
|
boolean value.
|
|
|
|
|
|
|
|
* Added support for environment variable expansion in SSH
|
|
|
|
|
|
|
|
config, for options which support percent expansion.
|
|
|
|
|
|
|
|
* Added a new begin_auth callback in SSHClient, reporting the
|
|
|
|
|
|
|
|
username being sent during SSH client authentication. This
|
|
|
|
|
|
|
|
can be useful when the user is conditionally set via an SSH
|
|
|
|
|
|
|
|
config file.
|
|
|
|
|
|
|
|
* Improved strict-kex interoperability during re-keying. Thanks
|
|
|
|
|
|
|
|
go to GitHub user emeryalden for reporting this issue and
|
|
|
|
|
|
|
|
helping to track down the source of the problem.
|
|
|
|
|
|
|
|
* Updated SFTP max_requests default to reduce memory usage when
|
|
|
|
|
|
|
|
using large block sizes.
|
|
|
|
|
|
|
|
* Updated testing to add Python 3.13 and drop Python 3.7,
|
|
|
|
|
|
|
|
avoiding deprecation warnings from the cryptography package.
|
|
|
|
|
|
|
|
* Fixed unit test issues under Windows, allowing unit tests to
|
|
|
|
|
|
|
|
run on Windows on all supported versions of Python.
|
|
|
|
|
|
|
|
* Fixed a couple of issues with Python 3.14. Thanks go to Georg
|
|
|
|
|
|
|
|
Sauthoff for initially reporting this.
|
|
|
|
|
|
|
|
* Added support for WebAuthN authentication with U2F security
|
|
|
|
|
|
|
|
keys, allowing non-admin Windows users to use these keys for
|
|
|
|
|
|
|
|
authentication. Previously, authentication with U2F keys
|
|
|
|
|
|
|
|
worked on Windows, but only for admin users.
|
|
|
|
|
|
|
|
* Added support for hostname canonicalization, compatible with
|
|
|
|
|
|
|
|
the configuration parameters used in OpenSSH, as well as
|
|
|
|
|
|
|
|
support for the "canonical" and "final" match keywords and
|
|
|
|
|
|
|
|
negation support for match. Thanks go to GitHub user
|
|
|
|
|
|
|
|
commonism who suggested this and provided a proposed
|
|
|
|
|
|
|
|
implementation for negation.
|
|
|
|
|
|
|
|
* Added client and server support for SFTP copy-data extension
|
|
|
|
|
|
|
|
and a new SFTP remote_copy() function which allows data to be
|
|
|
|
|
|
|
|
moved between two remote files without downloading and re-
|
|
|
|
|
|
|
|
uploading the data. Thanks go to Ali Khosravi for suggesting
|
|
|
|
|
|
|
|
this addition.
|
|
|
|
|
|
|
|
* Moved project metadata from setup.py to pyproject.toml.
|
|
|
|
|
|
|
|
Thanks go to Marc Mueller for contributing this.
|
|
|
|
|
|
|
|
* Updated SSH connection to keep strong references to
|
|
|
|
|
|
|
|
outstanding tasks, to avoid potential issues with the garbage
|
|
|
|
|
|
|
|
collector while the connection is active. Thanks go to GitHub
|
|
|
|
|
|
|
|
user Birnendampf for pointing out this potential issue and
|
|
|
|
|
|
|
|
suggesting a simple fix.
|
|
|
|
|
|
|
|
* Fixed some issues with block_size argument in SFTP copy
|
|
|
|
|
|
|
|
functions. Thanks go to Krzysztof Kotlenga for finding and
|
|
|
|
|
|
|
|
reporting these issues.
|
|
|
|
|
|
|
|
* Fixed an import error when fido2 package wasn't available.
|
|
|
|
|
|
|
|
Thanks go to GitHub user commonism for reporting this issue.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
|
|
Fri Jun 13 05:35:08 UTC 2025 - Steve Kowalik <steven.kowalik@suse.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- Switch to pyproject macros.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
|
|
Thu Nov 7 12:11:27 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- Update to 2.18.0
|
|
|
|
|
|
|
|
* Added support for post-quantum ML-KEM key exchange algorithms,
|
|
|
|
|
|
|
|
interoperable with OpenSSH 9.9.
|
|
|
|
|
|
|
|
* Added support for the OpenSSH "limits" extension, allowing the
|
|
|
|
|
|
|
|
client to query server limits such as the maximum supported read
|
|
|
|
|
|
|
|
and write sizes. The client will automatically default to the reported
|
|
|
|
|
|
|
|
maximum size on servers that support this extension.
|
|
|
|
|
|
|
|
* Added more ways to specify environment variables via the `env` option.
|
|
|
|
|
|
|
|
Sequences of either 'key=value' strings or (key, value) tuples are now
|
|
|
|
|
|
|
|
supported, in addition to a dict.
|
|
|
|
|
|
|
|
* Added support for getting/setting environment variables as byte strings
|
|
|
|
|
|
|
|
on platforms which support it. Previously, only Unicode strings were
|
|
|
|
|
|
|
|
accepted and they were always encoded on the wire using UTF-8.
|
|
|
|
|
|
|
|
* Added support for non-TCP sockets (such as a socketpair) as the `sock`
|
|
|
|
|
|
|
|
parameter in connect calls. Thanks go to Christian Wendt for reporting
|
|
|
|
|
|
|
|
this problem and proposing a fix.
|
|
|
|
|
|
|
|
* Changed compression to be disabled by default to avoid it becoming a
|
|
|
|
|
|
|
|
performance bottleneck on high-bandwidth connections. This now also
|
|
|
|
|
|
|
|
matches the OpenSSH default.
|
|
|
|
|
|
|
|
* Improved speed of parallelized SFTP reads when read-ahead goes beyond
|
|
|
|
|
|
|
|
the end of the file. Thanks go to Maximilian Knespel for reporting
|
|
|
|
|
|
|
|
this issue and providing performance measurements on the code before
|
|
|
|
|
|
|
|
and after the change.
|
|
|
|
|
|
|
|
* Improved cancellation handling during SCP transfers.
|
|
|
|
|
|
|
|
* Improved support for selecting the currently available security key
|
|
|
|
|
|
|
|
when the application lists multiple keys to try. Thanks go to GitHub
|
|
|
|
|
|
|
|
user zanda8893 for reporting the issue and helping to work out the
|
|
|
|
|
|
|
|
details of the problem.
|
|
|
|
|
|
|
|
* Improved handling of reverse DNS failures in host-based authentication.
|
|
|
|
|
|
|
|
Thanks go to GitHub user xBiggs for suggesting this change.
|
|
|
|
|
|
|
|
* Improved debug logging of byte strings with non-printable characters.
|
|
|
|
|
|
|
|
* Switched to using an executor on GSSAPI calls to avoid blocking the
|
|
|
|
|
|
|
|
event loop.
|
|
|
|
|
|
|
|
* Fixed handling of "UserKnownHostsFile none" in config files. This
|
|
|
|
|
|
|
|
previously caused it to use the default known hosts, rather than
|
|
|
|
|
|
|
|
disabling known host checking.
|
|
|
|
|
|
|
|
* Fixed a runtime warning about not awaiting a coroutine in unit tests.
|
|
|
|
|
|
|
|
* Fixed a unit test failure on Windows when calling abort on a transport.
|
|
|
|
|
|
|
|
* Fixed a problem where a "MAC verification failed" error was sometimes
|
|
|
|
|
|
|
|
sent on connection close.
|
|
|
|
|
|
|
|
* Fixed SSHClientProcess code to not raise a runtime exception when
|
|
|
|
|
|
|
|
waiting more than once for a process to finish. Thanks go to GitHub
|
|
|
|
|
|
|
|
user starflows for reporting this issue.
|
|
|
|
|
|
|
|
* Handled an error when attempting to import older verions of pyOpenSSL.
|
|
|
|
|
|
|
|
Thanks go to Maximilian Knespel for reporting this issue and testing
|
|
|
|
|
|
|
|
the fix.
|
|
|
|
|
|
|
|
* Updated simple_server example code to switch from crypt to bcrypt,
|
|
|
|
|
|
|
|
since crypt has been removed in Python 3.13. Thanks go to Colin
|
|
|
|
|
|
|
|
Watson for providing this update.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
|
|
Thu Sep 26 20:05:34 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- update to 2.17.0:
|
|
|
|
|
|
|
|
* Add support for specifying a per-connection credential store
|
|
|
|
|
|
|
|
for GSSAPI authentication.
|
|
|
|
|
|
|
|
* Fixed a regression introduced in AsyncSSH 2.15.0 which could
|
|
|
|
|
|
|
|
cause connections to be closed with an uncaught exception when
|
|
|
|
|
|
|
|
a session on the connection was closed.
|
|
|
|
|
|
|
|
* Added a workaround where getaddrinfo() on some systems may
|
|
|
|
|
|
|
|
return duplicate entries, causing bind() to fail when opening
|
|
|
|
|
|
|
|
a listener.
|
|
|
|
|
|
|
|
* Relaxed padding length check on OpenSSH private keys to
|
|
|
|
|
|
|
|
provide better compatibility with keys generated by PuTTYgen.
|
|
|
|
|
|
|
|
* Improved documentation on SSHClient and SSHServer classes to
|
|
|
|
|
|
|
|
explain when they are created and their relationship to the
|
|
|
|
|
|
|
|
SSHClientConnection and SSHServerConnection classes.
|
|
|
|
|
|
|
|
* Updated examples to use Python 3.7 and made some minor
|
|
|
|
|
|
|
|
improvements.
|
|
|
|
|
|
|
|
- update to 2.16.0:
|
|
|
|
|
|
|
|
* Added client and server support for the OpenSSH "hostkeys"
|
|
|
|
|
|
|
|
extension. When using known_hosts, clients can provide a
|
|
|
|
|
|
|
|
handler which will be called with the changes between the
|
|
|
|
|
|
|
|
keys currently trusted in the client's known hosts and those
|
|
|
|
|
|
|
|
available on the server. On the server side, an application
|
|
|
|
|
|
|
|
can choose whether or not to enable the sending of this host
|
|
|
|
|
|
|
|
key information.
|
|
|
|
|
|
|
|
* Related to the above, AsyncSSH now allows the configuration of
|
|
|
|
|
|
|
|
multiple server host keys of the same type when the
|
|
|
|
|
|
|
|
send_server_host_keys option is enabled. Only the first key of
|
|
|
|
|
|
|
|
each type will be used in the SSH handshake, but the others can
|
|
|
|
|
|
|
|
appear in the list of supported host keys for clients to begin
|
|
|
|
|
|
|
|
trusting, allowing for smoother key rotation.
|
|
|
|
|
|
|
|
* Fixed logging and typing issues in SFTP high-level copy
|
|
|
|
|
|
|
|
functions. A mix of bytes, str, and PurePath entries are now
|
|
|
|
|
|
|
|
supported in places where a list of file paths is allowed, and
|
|
|
|
|
|
|
|
the type signatures have been updated to reflect that the
|
|
|
|
|
|
|
|
functions accept either a single path or a list of paths.
|
|
|
|
|
|
|
|
* Improved typing on SFTP listdir() function.
|
|
|
|
|
|
|
|
* Reworked the config file parser to improve on a previous fix
|
|
|
|
|
|
|
|
related to handling key/value pairs with an equals delimiter.
|
|
|
|
|
|
|
|
* Improved handling of ciphers deprecated in cryptography 43.0.0.
|
|
|
|
|
|
|
|
* Improved support for use of Windows pathnames in ProxyCommand.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
|
|
Fri Aug 9 06:53:42 UTC 2024 - Dirk Müller <dmueller@suse.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- update to 2.15.0:
|
|
|
|
|
|
|
|
* Added experimental support for tunneling of TUN/TAP network
|
|
|
|
|
|
|
|
interfaces on Linux and macOS, allowing for either automatic
|
|
|
|
|
|
|
|
packet forwarding or explicit reading and writing of packets
|
|
|
|
|
|
|
|
sent through the tunnel by the application. Both callback and
|
|
|
|
|
|
|
|
stream APIs are available.
|
|
|
|
|
|
|
|
* Added support for forwarding terminal size and terminal size
|
|
|
|
|
|
|
|
changes when stdin on an SSHServerProcess is redirected to a
|
|
|
|
|
|
|
|
local TTY.
|
|
|
|
|
|
|
|
* Added support for multiple tunnel/ProxyJump hosts. Thanks go
|
|
|
|
|
|
|
|
to Adam Martin for suggesting this enhancement and proposing
|
|
|
|
|
|
|
|
a solution.
|
|
|
|
|
|
|
|
* Added support for OpenSSH lsetstat SFTP extension to set
|
|
|
|
|
|
|
|
attributes on symbolic links on platforms which support that
|
|
|
|
|
|
|
|
and use it to improve symlink handling in the SFTP get, put,
|
|
|
|
|
|
|
|
and copy methods. In addition, a follow_symlinks option has
|
|
|
|
|
|
|
|
been added on various SFTPClient methods which get and set
|
|
|
|
|
|
|
|
these attributes. Thanks go to GitHub user eyalgolan1337 for
|
|
|
|
|
|
|
|
reporting this issue.
|
|
|
|
|
|
|
|
* Added support for password and passphrase arguments to be a
|
|
|
|
|
|
|
|
callable or awaitable, called when performing authentication
|
|
|
|
|
|
|
|
or loading encrypted private keys. Thanks go to GitHub user
|
|
|
|
|
|
|
|
goblin for suggesting this enhancement.
|
|
|
|
|
|
|
|
* Added support for proper flow control when using
|
|
|
|
|
|
|
|
AsyncFileWriter or StreamWriter classes to do SSH process
|
|
|
|
|
|
|
|
redirection. Thanks go to Benjy Wiener for reporting this
|
|
|
|
|
|
|
|
issue and providing feedback on the fix.
|
|
|
|
|
|
|
|
* Added is_closed() method
|
|
|
|
|
|
|
|
SSHClientConnection/SSHServerConnection to return whether the
|
|
|
|
|
|
|
|
associated network connection is closed or not.
|
|
|
|
|
|
|
|
* Added support for setting and matching tags in OpenSSH config
|
|
|
|
|
|
|
|
files.
|
|
|
|
|
|
|
|
* Added an example of using "await" in addition to "async with"
|
|
|
|
|
|
|
|
when opening a new SSHClientConnection. Thanks go to Michael
|
|
|
|
|
|
|
|
Davis for suggesting this added documentation.
|
|
|
|
|
|
|
|
* Improved handling CancelledError in SCP, avoiding an issue
|
|
|
|
|
|
|
|
where AsyncSSH could sometimes get stuck waiting for the
|
|
|
|
|
|
|
|
channel to close. Thanks go to Max Orlov for reporting the
|
|
|
|
|
|
|
|
problem and providing code to reproduce it.
|
|
|
|
|
|
|
|
* Fixed a regression from 2.14.1 related to rekeying an SSH
|
|
|
|
|
|
|
|
connection when there's acitivty on the connection in the
|
|
|
|
|
|
|
|
middle of rekeying. Thanks go to GitHub user eyalgolan1337
|
|
|
|
|
|
|
|
for helping to narrow down this problem and test the fix.
|
|
|
|
|
|
|
|
* Fixed a problem with process redirection when a close is
|
|
|
|
|
|
|
|
received without a preceding EOF. Thanks go to GitHub user
|
|
|
|
|
|
|
|
xuoguoto who helped to provide sample scripts and ran tests
|
|
|
|
|
|
|
|
to help track this down.
|
|
|
|
|
|
|
|
* Fixed the processing of paths in SFTP client symlink
|
|
|
|
|
|
|
|
requests. Thanks go to André Glüpker for reporting the
|
|
|
|
|
|
|
|
problem and providing test code to demonstrate it.
|
|
|
|
|
|
|
|
* Fixed an OpenSSH config file parsing issue. Thanks go to
|
|
|
|
|
|
|
|
Siddh Raman Pant for reporting this issue.
|
|
|
|
|
|
|
|
* Worked around a bug in a user auth banner generated by the
|
|
|
|
|
|
|
|
cryptlib library. Thanks go to GitHub user mmayomoar for
|
|
|
|
|
|
|
|
reporting this issue and suggesting a fix.
|
|
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Mon Dec 18 15:55:18 UTC 2023 - Dirk Müller <dmueller@suse.com>
|
|
|
|
Mon Dec 18 15:55:18 UTC 2023 - Dirk Müller <dmueller@suse.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
