Asyncssh

---------------------------

* Fixed a regression related to server host key selection when attempting
to use a leading '+' to add algorithms to the front of the default list.

* Fixed logging to properly handle SFTPName objects with string filenames.

* Fixed SSH_EXT_INFO to only be sent after the first key exchange.

--------------------------

* Added an option to allow encrypted keys to be ignored when no passphrase
is set. This behavior previously happened by default when loading keys
from default locations, but now this option to load_keypairs() can be
specified when loading any set of keys.

* Changed loading of default keys to automatically skip key types which
aren't supported due to missing dependencies.

* Added the ability to specify "default" for server_host_key_algs, as
a way for a client to request that its full set of default algorithms
be advertised to the server, rather than just the algorithms matching
keys in the client's known hosts list. Thanks go to Manfred Kaiser
for suggesting this improvement.

* Added support for tilde-expansion in the config file "include"
directive. Thanks go to Zack Cerza for reporting this and suggesting
a fix.

* Improved interoperatbility of AsyncSSH SOCKS listener by sending a zero
address rather than an empty hostname in the SOCKS CONNECT response.
Thanks go to Github user juouy for reporting this and suggesting a fix.

* Fixed a couple of issues related to sending SSH_EXT_INFO messages.

* Fixed an issue with using SSHAcceptor as an async context manager.
Thanks go to Paulo Costa for reporting this.

* Fixed an issue where a tunnel wasn't always cleaned up properly when
creating a remote listener.

* Improved handling of connection drops, avoiding exceptions from being
raised in some cases when the transport is abruptly closed.

* Made AsyncSSH SFTP support more tolerant of file permission values with
undefined bits set. Thanks go to GitHub user ccwufu for reporting this.

* Added some missing key exchange algorithms in the AsyncSSH documentation.
Thanks go to Jeremy Norris for noticing and reporting this.

* Added support for running AsyncSSH unit tests on systems with OpenSSL
3.0 installed. Thanks go to Ken Dreyer for raising this issue and
pointing out the new OpenSSL "provider" support for legacy algorithms.

---------------------------

* Added support for the ProxyCommand config file option and a
corresponding proxy_command argument in the SSH connection options,
allowing a subprocess to be used to make the connection to the SSH
server. When the config option is used, it should be fully compatible
with OpenSSH percent expansion in the command to run.

* Added support for accessing terminal information as properties in the
SSHServerProcess class. As part of this change, both the environment
and terminal modes are now available as read-only mappings. Thanks
again to velavokr for suggesitng this and submitting a PR with a
proposed version of the change.

* Fixed terminal information passed to pty_requested() callback to
properly reflect requested terminal type, size, and modes. Thanks go
to velavokr for reporting this issue and proposing a fix.

* Fixed an edge case where a connection object might not be cleaned up
properly if the connection request was cancelled before it was fully
established.

* Fixed an issue where some unit tests weren't properly closing
connection objects before exiting.

--------------------------

* Added support for the HostKeyAlias client config option and a
corresponding host_key_alias option, allowing known_hosts lookups
and host certificate validation to be done against a different
hoetname than what is used to make the connection. Thanks go to
Pritam Baral for contributing this feature!

* Added the capability to specify client channel options as connection
options, allowing them to be set in a connect() call or as values in
SSHClientConnectionOptions. These values will act as defaults for
any sessions opened on the connection but can still be overridden
via arguments in the create_session() call.

* Added support for dynamically updating SSH options set up in a
listen() or listen_reverse() call. A new SSHAcceptor class is now
returned by these calls which has an update() method which takes
the same keyword arguments as SSHClientConnectionOptions or
SSHServerConnectionOptions, allowing you to update any of the
options on an existing listener except those involved in setting
up the listening sockets themselves. Updates will apply to future
connections accepted by that listener.

* Added support for a number of algorithms supported by the ssh.com
Tectia SSH client/server:

Key exchange:

| diffie-hellman-group14-sha256\ssh.com (enabled by default)

| diffie-hellman-group14-sha224\ssh.com (available but not default)
| diffie-hellman-group15-sha256\ssh.com
| diffie-hellman-group15-sha384\ssh.com
| diffie-hellman-group16-sha384\ssh.com
| diffie-hellman-group16-sha512\ssh.com
| diffie-hellman-group18-sha512\ssh.com

HMAC:

| hmac-sha256-2\ssh.com (all enabled by default)
| hmac-sha224\ssh.com
| hmac-sha256\ssh.com
| hmac-sha384\ssh.com
| hmac-sha512\ssh.com

RSA public key algorithms:

| ssh-rsa-sha224\ssh.com (all enabled by default)
| ssh-rsa-sha256\ssh.com
| ssh-rsa-sha384\ssh.com
| ssh-rsa-sha512\ssh.com

Encryption:

| seed-cbc\ssh.com (available but not default)

* Added a new 'ignore-failure' value to the x11_forwarding argument in
create_session(). When specified, AsyncSSH will attempt to set up X11
forwarding but ignore failures, behaving as if forwarding was never
requested instead of raising a ConnectionOpenError.

* Extended support for replacing certificates in an SSHKeyPair, allowing
alternate certificates to be used with SSH agent and PKCS11 keys. This
provides a way to use X.509 certificates with an SSH agent key or
OpenSSH certificates with a PKCS11 key.

* Extended the config file parser to support '=' as a delimiter between
keywords and arguments. While this syntax appears to be rarely used,
it is supported by OpenSSH.

* Updated Fido2 support to use version 0.9.1 of the fido2 package,
which included some changes that were not backward compatible with
0.8.1.

* Fixed problem with setting config options with percent substitutions
to 'none'. Percent substitution should not be performed in this case.
Thanks go to Yuqing Miao for finding and reporting this issue!

* Fixed return type of filenames in SFTPClient scandir() and readlink()
when the argument passed in is a Path value. Previously, the return
value in this case was bytes, but that was only meant to apply when the
input argument was passed as bytes.

* Fixed a race condition related to closing a channel before it is fully
open, preventing a client from potentially hanging forever if a
session was closed while the client was still attempting to request a
PTY or make other requests as part of opening the session.

* Fixed a potential race condition related to making parallel calls to
SFTPClient makedirs() which try to create the same directory or a
common parent directory.

* Fixed RFC 4716 parser to allow colons in header values.

* Improved error message when AsyncSSH is unable to get the local
username on a client. Thanks go to Matthew Plachter for reporting
this issue.

---------------------------

* Added support for limiting which identities in an SSH agent will be
used when making a connection, via a new "agent_identities" config
option. This change also adds compatibility with the OpenSSL config
file option "IdentitiesOnly".

* Added support for including Subject Key Identifier and Authority Key
Identifier extensions in generated X.509 certificates to better comply
with RFC 5280.

* Added support for makedirs() and rmtree() methods in the AsyncSSH
SFTP client, as well as a new scandir() method which returns an async
iterator to more efficiently process very large directories. Thanks
go to Joseph Ernest for suggesting these improvements.

* Significantly reworked AsyncSSH line editor support to improve its
performance by several orders of magnitude on long input lines, and
added a configurable maximum line length when the editor is in use to
avoid potential denial-of-service attacks. This limit defaults to
1024 bytes, but with the improvements it can reasonably handle lines
which are megabytes in size if needed.

* Changed AsyncSSH to allow SSH agent identities to still be used when
an explicit list of client keys is specified, for better compatibility
with OpenSSH. The previous behavior can still be achieved by explicitly
setting the agent_path option to None when setting client_keys.

* Changed AsyncSSH to enforce a limit of 1024 characters on usernames
when acting as a server to avoid a potential denial-of-service issue
related to SASLprep username normalization.

* Changed SCP implementation to explicitly yield to other coroutines
when sending a large file to better share an event loop.

* Fixed a few potential race conditions related to cleanup of objects
during connection close. Thanks go to Thomas Léveil for reporting one
of these places and suggesting a fix.

* Re-applied a previous fix which was unintentionally lost to allow
Pageant to be used by default on Windows.

---------------------------

* Fixed a potential race condition when receiving EOF right after a
channel is opened. Thanks go to Alex Shafer for reporting this and
helping to track down the root cause.

* Fixed a couple of issues related to the error_handler and
progress_handler callbacks in AsyncSSH SFTP/SCP. Thanks go to
geraldnj for noticing and reporting these.

* Fixed a couple of issues related to using pathlib objects with
AsyncSSH SCP.