- update to 2.2.1:
* Missed a spot
* Update .travis.yml
* Whitespace
* Having this in a mini-toctree made the nav look funny and is also just unintuitive
* Changelog re #471, re #65
* these are bytes
* changelog: update for #990 and #993
* ecdh kex support
* flake8/whitespace
* Trailing comma
* Add test for posix-rename@openssh.com extension for SFTP client
* Changelog re #921
* Add a note about new Python-level deps to changelog re: Ed25519 support
* Add method for "posix-rename@openssh.com" extension for SFTP client.
* Add IOError in posix-rename@openssh.com test for python 2 support.
* this isnt bytes
* Added a auth_timeout to handle situations where SSH server stops responding during auth.
* small cleanups
* More changelog flimflammery
* Added changelog entry
* python 3 compatibility
* Incorrect comparison, should be <=
* DDD re #857
* Improve __hash__ functions
* Hrm that should always have been an h1
* No idea how this got past all the earlier flake8 work...
* comments
* Fixed test to support python 2.6
* Note ecdh-sha2 preferred-kex placement in changelog entry for #951, re #983
OBS-URL: https://build.opensuse.org/request/show/515893
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-paramiko?expand=0&rev=64
- update to 2.1.3
* Make util.log_to_file append instead of replace.
* SSHClient and Transport could cause a memory leak if there’s a connection
problem or protocol error, even if Transport.close() is called.
* Prior support for ecdsa-sha2-nistp(384|521) algorithms didn’t fully extend
to covering host keys, preventing connection to hosts which only offer
these key types and no others. This is now fixed.
* Prefer newer ecdsa-sha2-nistp keys over RSA and DSA keys during host key
selection. This improves compatibility with OpenSSH, both in terms of general
behavior, and also re: ability to properly leverage OpenSSH-modified
known_hosts files.
* The RC4/arcfour family of ciphers has been broken since version 2.0; but since
the algorithm is now known to be completely insecure, we are opting
to remove support outright instead of fixing it.
* Move sha1 above the now-arguably-broken md5 in the list of preferred MAC
algorithms, as an incremental security improvement for users whose target
systems offer both.
* Writing encrypted/password-protected private key files was silently broken
since 2.0 due to an incorrect API call
Includes a directly related fix, namely adding the ability to read AES-256-CBC
ciphered private keys (which is now what we tend to write out as it is
Cryptography’s default private key cipher.)
* Allow any type implementing the buffer API to be used with BufferedFile,
Channel, and SFTPFile. This resolves a regression introduced in 1.13
with the Python 3 porting changes, when using types such as memoryview.
* Enhance default cipher preference order such that aes(192|256)-cbc are preferred
over blowfish-cbc.
* SSHClient now requests the type of host key it has (e.g. from known_hosts)
and does not consider a different type to be a “Missing” host key. This fixes
a common case where an ECDSA key is in known_hosts and the server also has
OBS-URL: https://build.opensuse.org/request/show/502890
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-paramiko?expand=0&rev=62
- update to 2.1.2
* Fix a bug in server-mode concerning multiple interactive auth steps
* SSHClient now gives its internal Transport a handle on itself, preventing
garbage collection of the client until the session is closed. Without this,
some code which returns stream or transport objects without the client that
generated them, would result in premature session closure
when the client was GCd
* Avoid test suite exceptions on platforms lacking errno.ETIME
* weak how RSAKey.__str__ behaves so it doesn’t cause TypeError under Python 3.
OBS-URL: https://build.opensuse.org/request/show/460370
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-paramiko?expand=0&rev=56
- update to 2.1.1
* A tweak to the original patch implementing gh#398 was not fully applied,
causing calls to ~paramiko.client.SSHClient.invoke_shell to fail with
AttributeError. This has been fixed.
* Fix the implementation of PKey.write_private_key_file (this method is only
publicly defined on subclasses; the fix was in the private real
implementation) so it passes the correct params to open()
* Add an optional timeout parameter to Transport.start_clienti
<paramiko.transport.Transport.start_client> (and feed it the value of the
configured connection timeout when used within SSHClient
<paramiko.client.SSHClient>.)
* Catch AssertionError thrown by Cryptography when attempting to load bad
ECDSA keys, turning it into an SSHException.
* Add a missing .closed attribute (plus ._closed because reasons) to
ProxyCommand <paramiko.proxy.ProxyCommand>
* Make the subprocess import in proxy.py lazy so users on platforms without
it (such as Google App Engine) can import Paramiko successfully
* Fix incorrect docstring/param-list for Transport.auth_gssapi_keyex
<paramiko.transport.Transport.auth_gssapi_keyex> so it matches
the real signature.
* Add an environment dict argument to Client.exec_command
OBS-URL: https://build.opensuse.org/request/show/445578
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-paramiko?expand=0&rev=54
- update to 2.0.0:
* Add support for 384- and 512-bit elliptic curve groups in ECDSA
key types (aka ecdsa-sha2-nistp384 / ecdsa-sha2-nistp521).
* Due to an earlier bugfix, less-specific Host blocks' ProxyCommand
values were overriding ProxyCommand none in more-specific Host
blocks. This has been fixed in a backwards compatible manner (i.e.
ProxyCommand none continues to appear as a total lack of any
proxycommand key in parsed config structures).
* Fix a backwards incompatibility issue that cropped up in
SFTPFile.prefetch <~paramiko.sftp_file.prefetch> re: the
erroneously non-optional file_size parameter. Should only affect
users who manually call prefetch.
* Replace PyCrypto with the Python Cryptographic Authority (PyCA)
'Cryptography' library suite. This improves security,
installability, and performance; adds PyPy support; and much more.
* Fix stalled/hung SFTP downloads by cleaning up some threading lock
issues.
* Fix a Python 3 compatibility issue when handling two-factor
authentication.
* Clean up setup.py to always use setuptools, not doing so was a
historical artifact from bygone days.
* Update the module in charge of handling SSH moduli so it's
consistent with OpenSSH behavior re: prime number selection.
* Fix up ~paramiko.ssh_exception.NoValidConnectionsError so it
pickles correctly, and fix a related Python 3 compatibility issue.
* Update to jaraco.windows 3.4.1 to fix some errors related to
ctypes on Windows platforms.
* Annotate some public attributes on ~paramiko.channel.Channel such
as .closed.
* Fix logic bug in the SFTP client's callback-calling functionality;
OBS-URL: https://build.opensuse.org/request/show/394312
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-paramiko?expand=0&rev=43
- update to 1.13.1:
* :support:`256 backported` Convert API documentation to Sphinx, yielding a new
API docs website to replace the old Epydoc one.
* 🐛`-` Use constant-time hash comparison operations where possible, to
protect against `timing-based attacks
<http://codahale.com/a-lesson-in-timing-attacks/>`_. Thanks to Alex Gaynor
for the patch.
* :feature:`58` Allow client code to access the stored SSH server banner via
`Transport.get_banner <paramiko.transport.Transport.get_banner>`. Thanks to
``@Jhoanor`` for the patch.
* 🐛`252` (`Fabric #1020 <https://github.com/fabric/fabric/issues/1020>`_)
Enhanced the implementation of ``ProxyCommand`` to avoid a deadlock/hang
condition that frequently occurs at ``Transport`` shutdown time. Thanks to
Mateusz Kobos, Matthijs van der Vleuten and Guillaume Zitta for the original
reports and to Marius Gedminas for helping test nontrivial use cases.
* 🐛`268` Fix some missed renames of ``ProxyCommand`` related error classes.
Thanks to Marius Gedminas for catch & patch.
* 🐛`34` (PR :issue:`35`) Fix SFTP prefetching incompatibility with some
SFTP servers regarding request/response ordering. Thanks to Richard
Kettlewell.
* 🐛`193` (and its attentant PRs :issue:`230` & :issue:`253`) Fix SSH agent
problems present on Windows. Thanks to David Hobbs for initial report and to
Aarni Koskela & Olle Lundberg for the patches.
* 🐛`225 (1.12+)` Note ecdsa requirement in README. Thanks to Amaury
Rodriguez for the catch.
* 🐛`176` Fix AttributeError bugs in known_hosts file (re)loading. Thanks
to Nathan Scowcroft for the patch & Martin Blumenstingl for the initial test
case.
OBS-URL: https://build.opensuse.org/request/show/235923
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-paramiko?expand=0&rev=35
- update to 1.11.0:
* #98: On Windows, when interacting with the PuTTY PAgeant, Paramiko now
creates the shared memory map with explicit Security Attributes of the user,
which is the same technique employed by the canonical PuTTY library to avoid
permissions issues when Paramiko is running under a different UAC context
than the PuTTY Ageant process. Thanks to Jason R. Coombs for the patch.
* #100: Remove use of PyWin32 in `win_pageant` module. Module was already
dependent on ctypes for constructing appropriate structures and had ctypes
implementations of all functionality. Thanks to Jason R. Coombs for the
patch.
* #87: Ensure updates to `known_hosts` files account for any updates to said
files after Paramiko initially read them. (Includes related fix to guard
against duplicate entries during subsequent `known_hosts` loads.) Thanks to
`@sunweaver` for the contribution.
OBS-URL: https://build.opensuse.org/request/show/197218
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-paramiko?expand=0&rev=28
- update to 1.10.1:
* SFTP put of empty file will still return the attributes
of the put file. Thanks to Jason R. Coombs for the patch.
* Forwarded SSH agent connections left stale local pipes
lying around, which could cause local (and sometimes remote or network
resource starvation when running many agent-using remote commands. Thanks to
* Batch SFTP writes to help speed up file transfers
* Fix handling of window-change events to be on-spec
* Overhaul SSH config parsing to be in line with `man ssh_config`
* Forego random padding for packets when running under `*-ctr` ciphers
* Add `SFTPClient.putfo` and `.getfo` methods to allow direct
uploading/downloading of file-like objects
* Add `timeout` parameter to `SSHClient.exec_command` for easier setting
of the command's internal channel object's timeout
* Expose the internal "is closed" property of the file transfer class
BufferedFile` as `.closed`, better conforming to Python's file interface
OBS-URL: https://build.opensuse.org/request/show/175235
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-paramiko?expand=0&rev=26
+ #97 (with a little #93): Improve config parsing of ProxyCommand directives
and provide a wrapper class to allow subprocess-driven proxy commands to be
used as sock= arguments for SSHClient.connect.
+ #77: Allow SSHClient.connect() to take an explicit sock parameter
overriding creation of an internal, implicit socket object.
- Changes from version 1.8.1:
+ #90: Ensure that callbacks handed to SFTPClient.get() always fire at least
once, even for zero-length files downloaded. Thanks to Github user @enB for
the catch.
+ #85: Paramiko's test suite overrides
unittest.TestCase.assertTrue/assertFalse to provide these modern assertions
to Python 2.2/2.3, which lacked them. However on newer Pythons such as 2.7,
this now causes deprecation warnings. The overrides have been patched to only
execute when necessary. Thanks to @Arfrever for catch & patch.
- Changes from version 1.8.0:
+ #17 ('ssh' 28): Fix spurious NoneType has no attribute 'error' and similar
exceptions that crop up on interpreter exit.
+ 'ssh' 32: Raise a more useful error explaining which known_hosts key line was
problematic, when encountering binascii issues decoding known host keys.
Thanks to @thomasvs for catch & patch.
+ 'ssh' 33: Bring ssh_config parsing more in line with OpenSSH spec, re: order of
setting overrides by Host specifiers. Specifically, the overrides now go by
file order instead of automatically sorting by Host value length. In
addition, the first value found per config key (e.g. Port, User etc)
wins, instead of the last. Thanks to Jan Brauer for the contribution.
+ 'ssh' 36: Support new server two-factor authentication option
(RequiredAuthentications2), at least re: combining key-based & password
auth. Thanks to Github user bninja.
+ 'ssh' 11: When raising an exception for hosts not listed in
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-paramiko?expand=0&rev=24
