Asyncssh

--------------------------

* Some API changes which should have been included in the 2.0.0 release
were missed. This release corrects that, but means that additional
changes may be needed in applications moving to 2.0.1. This should
hopefully be the last of such changes, but if any other issues are
discovered, additional changes will be limited to 2.0.x patch releases
and the API will stabilize again in the AsyncSSH 2.1 release. See the
next bullet for details about the additional incompatible change.

* To be consistent with other connect and listen functions, all methods
on SSHClientConnection which previously returned None on listen
failures have been changed to raise an exception instead. A new
ChannelListenError exception will now be raised when an SSH server
returns failure on a request to open a remote listener. This change
affects the following SSHClientConnection methods: create_server,
create_unix_server, start_server, start_unix_server,
forward_remote_port, and forward_remote_path.

* Restored the ability for SSHListener objects to be used as async
context managers. This previously worked in AsyncSSH 1.x and was
unintentionally broken in AsyncSSH 2.0.0.

* Added support for a number of additional functions to be called from
within an "async with" statement. These functions already returned
objects capable of being async context managers, but were not decorated
to allow them to be directly called from within "async with". This
change applies to the top level functions create_server, listen, and
listen_reverse and the SSHClientConnection methods create_server,
create_unix_server, start_server, start_unix_server, forward_local_port,
forward_local_path, forward_remote_port, forward_remote_path,
listen_ssh, and listen_reverse_ssh,

* Fixed a couple of issues in loading OpenSSH-format certificates which
were missing a trailing newline.

* Changed load_certificates() to allow multiple certificates to be loaded
from a single byte string argument, making it more consistent with
how load_certificates() works when reading from a file.

---------------------------

* NEW MAJOR VERSION: See below for potentially incompatible changes.

* Updated AsyncSSH to use the modern async/await syntax internally,
now requiring Python 3.6 or later. Those wishing to use AsyncSSH on
Python 3.4 or 3.5 should stick to the AsyncSSH 1.x releases.

* Changed first argument of SFTPServer constructor from an
SSHServerConnection (conn) to an SSHServerChannel (chan) to allow
custom SFTP server implementations to access environment variables
set on the channel that SFTP is run over. Applications which subclass
the SFTPServer class and implement an __init__ method will need to be
updated to account for this change and pass the new argument through
to the SFTPServer parent class. If the subclass has no __init__ and
just uses the connection, channel, and env properties of SFTPServer
to access this information, no changes should be required.

* Removed deprecated "session_encoding" and "session_errors" arguments
from create_server() and listen() functions. These arguments were
renamed to "encoding" and "errors" back in version 1.16.0 to be
consistent with other AsyncSSH APIs.

* Removed get_environment(), get_command(), and get_subsystem() methods
on SSHServerProcess class. This information was made available as
"env", "command", and "subsystem" properties of SSHServerProcess in
AsyncSSH 1.11.0.

* Removed optional loop argument from all public AsyncSSH APIs,
consistent with the deprecation of this argument in the asyncio
package in Python 3.8. Calls will now always use the event loop
which is active at the time of the call.

* Removed support for non-async context managers on AsyncSSH connections
and processes and SFTP client connections and file objects. Callers
should use "async with" to invoke the async the context managers on
these objects.

* Added support for SSHAgentClient being an async context manager. To
be consistent with other connect calls, connect_agent() will now
raise an exception when no agent is found or a connection failure
occurs, rather than logging a warning and returning None. Callers
should catch OSError or ChannelOpenError exceptions rather than
looking for a return value of None when calling this function.

* Added set_input() and clear_input() methods on SSHLineEditorChannel
to change the value of the current input line when line editing is
enabled.

* Added is_closing() method to the SSHChannel, SSHProcess, SSHWriter,
and SSHSubprocessTransport classes. mirroring the asyncio
BaseTransport and StreamWriter methods added in Python 3.7.

* Added wait_closed() async method to the SSHWriter class, mirroring
the asyncio StreamWriter method added in Python 3.7.

----------------------------

* Added support for GSSAPI ECDH and Edwards DH key exchange algorithms.

* Fixed gssapi-with-mic authentication to work with GSS key exchanges,
in cases where gssapi-keyex is not supported.

* Made connect_ssh and connect_reverse_ssh methods into async context
managers, simplifying the syntax needed to use them to create tunneled
SSH connections.

* Fixed a couple of issues with known hosts matching on tunneled SSH
connections.

* Improved flexibility of key/certificate parser automatic format
detection to properly recognize PEM even when other arbitrary text
is present at the beginning of the file. With this change, the
parser can also now handle mixing of multiple key formats in a
single file.

* Added support for OpenSSL "TRUSTED" PEM certificates. For now, no
enforcement is done of the additional trust restrictions, but such
certificates can be loaded and used by AsyncSSH without converting
them back to regular PEM format.

* Fixed some additional SFTP and SCP issues related to parsing of
Windows paths with drive letters and paths with multiple colons.

* Made AsyncSSH tolerant of a client which sends multiple service
requests for the "ssh-userauth" service. This is needed by the
Paramiko client when it tries more than one form of authentication
on a connection.

----------------------------

* Improved construction of file paths in SFTP to better handle native
Windows source paths containing backslashes or drive letters.

* Improved SFTP parallel I/O for large reads and file copies to better
handle the case where a read returns less data than what was requested
when not at the end of the file, allowing AsyncSSH to get back the
right result even if the requested block size is larger than the
SFTP server can handle.

* Fixed an issue where the requested SFTP block_size wasn't used in the
get, copy, mget, and mcopy functions if it was larger than the
default size of 16 KB.

* Fixed a problem where the list of client keys provided in an
SSHClientConnectionOptions object wasn't always preserved properly
across the opening of multiple SSH connections.

* Changed SSH agent client code to avoid printing a warning on Windows
when unable to connect to the SSH agent using the default path. A
warning will be printed if the agent_path or SSH_AUTH_SOCK is
explicitly set, but AsyncSSH will remain quiet if no agent path is
set and no SSH agent is running.

* Made AsyncSSH tolerant of unexpected authentication success/failure
messages sent after authentication completes. AsyncSSH previously
treated this as a protocol error and dropped the connection, while
most other SSH implementations ignored these messages and allowed
the connection to continue.

* Made AsyncSSH tolerant of SFTP status responses which are missing
error message and language tag fields, improving interoperability
with servers that omit these fields. When missing, AsyncSSH treats
these fields as if they were set to empty strings.

----------------------------

* Added support for "reverse direction" SSH connections, useful to
support applications like NETCONF Call Home, described in RFC 8071.

* Added support for the PyCA implementation of Chacha20-Poly1305,
eliminating the dependency on libnacl/libsodium to provide this
functionality, as long as OpenSSL 1.1.1b or later is installed.

* Restored libnacl support for Curve25519/Ed25519 on systems which
have an older version of OpenSSL that doesn't have that support.
This fallback also applies to Chacha20-Poly1305.

* Fixed Pageant support on Windows to use the Pageant agent by default
when it is available and client keys are not explicitly configured.

* Disabled the use of RSA SHA-2 signatures when using the Pageant
or Windows 10 OpenSSH agent on Windows, since neither of those
support the signature flags options to request them.

* Fixed a regression where a callable was no longer usable in the
sftp_factory argument of create_server.

----------------------------

* Added channel, connection, and env properties to SFTPServer instances,
so connection and channel information can be used to influence the
SFTP server's behavior. Previously, connection information was made
available through the constructor, but channel and environment
information was not. Now, all of these are available as properties
on the SFTPServer instance without the need to explicitly store anything
in a custom constructor.

* Optimized SFTP glob matching when the glob pattern contains directory
names without glob characters in them. Thanks go to Mikhail Terekhov
for contributing this improvement!

* Added support for PurePath in a few places that were missed when this
support was originally added. Once again, thanks go to Mikhail Terehkov
for these fixes.

* Fixed bug in SFTP parallel I/O file reader where it sometimes returned
EOF prematurely. Thanks go to David G for reporting this problem and
providing a reproducible test case.

* Fixed test failures seen on Fedora Rawhide. Thanks go to Georg Sauthof
for reporting this issue and providing a test environment to help debug
it.

* Updated Ed25519/448 and Curve25519/448 tests to only run when these
algorithms are available. Thanks go to Ondřej Súkup for reporting
this issue and providing a suggested fix.