Asyncssh

----------------------------

* Added client and server support for host-based SSH authentication.
If enabled, this will allow all users from a given host to be
authenticated by a shared host key, rather than each user needing
their own key. This should only be used with hosts which are trusted
to keep their host keys secure and provide accurate client usernames.

* Added support for RSA key exchange algorithms (rsa2048-sha256 and
rsa1024-sha1) available in PuTTY and some mobile SSH clients.

* Added support for the SECP256K1 elliptic curve for ECDSA keys and
ECDH key exchange. This curve is supported by the Bitvise SSH client
and server.

* Added debug logging of the algorithms listed in a received kexinit
message.

----------------------------

* Added support for dynamic port forwarding via SOCKS, where AsyncSSH
will open a listener which understands SOCKS connect requests and
for each request open a TCP/IP tunnel over SSH to the requested host
and port.

* Added support in SSHProcess for I/O redirection to file objects that
implement read(), write(), and close() functions as coroutines, such
as the "aiofiles" package. In such cases, AsyncSSH will automaically
detect that it needs to make async calls to these methods when it
performs I/O.

* Added support for using pathlib objects in SSHProcess I/O redirection.

* Added multiple improvements to pattern matching support in the SFTPClient
glob(), mget(), mput(), and mcopy() methods. AsyncSSH now allows you
to use '**' in a pattern to do a recursive directory search, allows
character ranges in square brackets in a pattern, and allows a trailing
slash in a pattern to be specified to request that only directories
matching the pattern should be returned.

* Fixed an issue with calling readline() and readuntil() with a timeout,
where partial data received before the timeout was sometimes discarded.
Any partial data which was received when a timeout occurs will now be
left in the input buffer, so it is still available to future read()
calls.

* Fixed a race condition where trying to restart a read() after a timeout
could sometimes raise an exception about multiple simultaneous reads.

* Changed readuntil() in SSHReader to raise IncompleteReadError if the
receive window fills up before a delimiter match is found. This also
applies to readline(), which will return a partial line without a
newline at the end when this occurs. To support longer lines, a caller
can call readuntil() or readline() as many times as they'd like,
appending the data returned to the previous partial data until a
delimiter is found or some maximum size is exceeded. Since the default
window size is 2 MBytes, though, it's very unlikely this will be needed
in most applications.

* Reworked the crypto support in AsyncSSH to separate packet encryption
and decryption into its own module and simplified the directory
structure of the asyncssh.crypto package, eliminating a pyca subdirectory
that was created back when AsyncSSH used a mix of PyCA and PyCrypto.

----------------------------

* Added support for using pathlib objects as paths in calls to SFTP
methods, in addition to Unicode and byte strings. This is mainly
intended for use in constructing local paths, but it can also be
used for remote paths as long as POSIX-style pathlib objects are
used and an appropriate path encoding is set to handle the
conversion from Unicode to bytes.

* Changed server EXT_INFO message to only be sent after the first SSH key
exchange, to match the specification recently published in RFC 8308.

* Fixed edge case in TCP connection forwarding where data received
on a forward TCP connection was not delivered if the connection was
closed or half-closed before the corresponding SSH tunnel was fully
established.

* Made note about OpenSSH not properly handling send_signal more visible.

----------------------------

* Implemented a fix for CVE-2018-7749, where a modified SSH client could
request that an AsyncSSH server perform operations before authentication
had completed. Thanks go to Matthijs Kooijman for discovering and
reporting this issue and helping to review the fix.

* Added a non-blocking collect_output() method to SSHClientProcess to
allow applications to retrieve data received on an output stream
without blocking. This call can be called multiple times and freely
intermixed with regular read calls with a guarantee that output will
always be returned in order and without duplication.

* Updated debug logging implementation to make it more maintainable, and
to fix an issue where unprocessed packets were not logged in some cases.

* Extended the support below for non-ASCII characters in comments to apply
to X.509 certificates, allowing an optional encoding to be passed in to
get_comment() and set_comment() and a get_comment_bytes() function to
get the raw comment bytes without performing Unicode decoding.

* Fixed an issue where a UnicodeDecodeError could be reported in some
cases instead of a KeyEncryptionError when a private key was imported
using the wrong passphrase.

* Fixed the reporting of the MAC algorithm selected during key exchange to
properly report the cipher name for GCM and Chacha ciphers that don't
use a separate MAC algorithm. The correct value was being returned in
queries after the key exchange was complete, but the logging was being
done before this adjustment was made.

* Fixed the documentation of connection_made() in SSHSession subclasses
to properly reflect the type of SSHChannel objects passed to them.

---------------------------

* Enhanced AsyncSSH logging framework to provide detailed logging of
events in the connection, channel, key exchange, authentication,
sftp, and scp modules. Both high-level information logs and more
detailed debug logs are available, and debug logging supports
multiple debug levels with different amounts of verboseness.
Logger objects are also available on various AsyncSSH classes to
allow applications to report their own log events in a manner that
can be tied back to a specific SSH connection or channel.

* Added support for begin_auth() to be a coroutine, so asynchronous
operations can be performed within it to load state needed to
perform SSH authentication.

* Adjusted key usage flags set on generated X.509 certificates to be more
RFC compliant and work around an issue with OpenSSL validation of
self-signed non-CA certificates.

* Updated key and certificate comment handling to be less sensitive to
the encoding of non-ASCII characters. The get_comment() and set_comment()
functions now take an optional encoding parameter, defaulting to UTF-8
but allowing for others encodings. There's also a get_comment_bytes()
function to get the comment data as bytes without performing Unicode
decoding.

* Updated AsyncSSH to be compatible with beta release of Python 3.7.

* Updated code to address warnings reported by the latest version of pylint.

* Cleaned up various formatting issues in Sphinx documentation.

* Significantly reduced time it takes to run unit tests by decreasing
the rounds of bcrypt encryption used when unit testing encrypted
OpenSSH private keys.

* Added support for testing against uvloop in Travis CI.

----------------------------

* Switched to using PBKDF2 implementation provided by PyCA, replacing a
much slower pure-Python implementation used in earlier releases.

* Improved support for file-like objects in process I/O redirection,
properly handling objects which don't support fileno() and allowing
both text and binary file objects based on whether they have an
'encoding' member.

* Changed PEM parser to be forgiving of trailing blank lines.

* Updated documentation to note lack of support in OpenSSH for send_signal(),
terminate(), and kill() channel requests.

* Updated unit tests to work better with OpenSSH 7.6.

* Updated Travis CI config to test with more recent Python versions.