Asyncssh

---------------------------

* Added support for X.509 certificate based client and server authentication,
as defined in RFC 6187.

* DSA, RSA, and ECDSA keys are supported.
* New methods are available on SSHKey private keys to generate X.509
user, host, and CA certificates.
* Authorized key and known host support has been enhanced to support
matching on X.509 certificates and X.509 subject names.
* New arguments have been added to create_connection() and create_server()
to specify X.509 trusted root CAs, X.509 trusted root CA hash directories,
and allowed X.509 certificate purposes.
* A new load_certificates() function has been added to more easily pre-load
a list of certificates from byte strings or files.
* Support for including and validating OCSP responses is not yet available,
but may be added in a future release.
* This support adds a new optional dependency on pyOpenSSL in setup.py.

* Added command, subsystem, and environment properties to SSHProcess,
SSHCompletedProcess, and ProcessError classes, as well as stdout and
stderr properties in ProcessError which mirror what is already present
in SSHCompletedProcess. Thanks go to iforapsy for suggesting this.

* Worked around a datetime.max bug on Windows.

* Increased the build timeout on TravisCI to avoid build failures.

----------------------------

* Fixed SCP to properly call exit() on SFTPServer when the copy completes.
Thanks go to Arthur Darcet for discovering this and providing a
suggested fix.

* Added support for passphrase to be specified when loading default client
keys, and to ignore encrypted default keys if no passphrase is specified.

* Added additional known hosts test cases. Thanks go to Rafael Viotti
for providing these.

* Increased the default number of rounds for OpenSSH-compatible bcrypt
private key encryption to avoid a warning in the latest version of the
bcrypt module, and added a note that the encryption strength scale
linearly with the rounds value, not logarithmically.

* Fixed SCP unit test errors on Windows.

* Fixed some issues with Travis and Appveyor CI builds.

---------------------------

* Added SCP client and server support, The new asyncssh.scp() function
can get and put files on a remote SCP server and copy files between
two or more remote SCP servers, with options similar to what was
previously supported for SFTP. On the server side, an SFTPServer used
to serve files over SFTP can also serve files over SCP by simply
setting allow_scp to True in the call to create_server().

* Added a new SSHServerProcess class which supports I/O redirection on
inbound connections to an SSH server, mirroring the SSHClientProcess
class added previously for outbound SSH client connections.

* Enabled TCP keepalive on SSH client and server connections.

* Enabled Python 3 highlighting in Sphinx documentation.

* Fixed a bug where a previously loaded SSHKnownHosts object wasn't
properly accepted as a known_hosts value in create_connection() and
enhanced known_hosts to accept a callable to allow applications to
provide their own function to return trusted host keys.

* Fixed a bug where an exception was raised if the connection closed
while waiting for an asynchronous authentication callback to complete.

* Fixed a bug where empty passwords weren't being properly supported.

---------------------------

* Added support for GSSAPI key exchange and authentication when the
"gssapi" module is installed on UNIX or the "sspi" module from pypiwin32
is installed on Windows.

* Added support for additional Diffie Hellman groups, and added the ability
for Diffie Hellman and GSS group exchange to select larger group sizes.

* Added overridable methods format_user() and format_group() to format user
and group names in the SFTP server, defaulting to the previous behavior of
using pwd.getpwuid() and grp.getgrgid() on platforms that support those.

* Added an optional progress reporting callback on SFTP file transfers,
and made the block size for these transfers configurable.

* Added append_private_key(), append_public_key(), and append_certificate()
methods on the corresponding key and certificate classes to simplify
the creating of files containing a list of keys/certificates.

* Updated readdir to break responses into chunks to avoid hitting maximum
message size limits on large directories.

* Updated SFTP to work better on Windows, properly handling drive letters
and conversion between forward and back slashes in paths and handling
setting of attributes on open files and proper support for POSIX rename.
Also, file closes now block until the close completes, to avoid issues
with file locking.

* Updated the unit tests to run on Windows, and enabled continuous
integration builds for Windows to automatically run on Appveyor.

---------------------------

* Fix an issue in attempting to load the 'nettle' library on Windows.

---------------------------

* Added support for forwarding X11 connections. When requested, AsyncSSH
clients will allow remote X11 applications to tunnel data back to a local
X server and AsyncSSH servers can request an X11 DISPLAY value to export
to X11 applications they launch which will tunnel data back to an X
server associated with the client.

* Improved ssh-agent forwarding support on UNIX to allow AsyncSSH
servers to request an SSH_AUTH_SOCK value to export to applications
they launch in order to access the client's ssh-agent. Previously,
there was support for agent forwarding on server connections within
AsyncSSH itself, but they did not provide this forwarding to other
applications.

* Added support for PuTTY's Pageant agent on Windows systems, providing
functionality similar to the OpenSSH agent on UNIX. AsyncSSH client
connections from Windows can now access keys stored in the Pageant
agent when they perform public key authentication.

* Added support for the umac-64 and umac-128 MAC algorithms, compatible
with the implementation in OpenSSH. These algorithms are preferred
over the HMAC algorithms when both are available and the cipher chosen
doesn't already include a MAC.

* Added curve25519-sha256 as a supported key exchange algorithm. This
algorithm is identical to the previously supported algorithm named
'curve25519-sha256\libssh.org', matching what was done in OpenSSH 7.3.
Either name may now be used to request this type of key exchange.

* Changed the default order of key exchange algorithms to prefer the
curve25519-sha256 algorithm over the ecdh-sha2-nistp algorithms.

* Added support for a readuntil() function in SSHReader, modeled after
the readuntil() function in asyncio.StreamReader added in Python 3.5.2.
Thanks go to wwjiang for suggesting this and providing an example
implementation.

* Fixed issues where the explicitly provided event loop value was not
being passed through to all of the places which needed it. Thanks go
to Vladimir Rutsky for pointing out this problem and providing some
initial fixes.

* Improved error handling when port forwarding is requested for a port
number outside of the range 0-65535.

* Disabled use of IPv6 in unit tests when opening local loopback sockets
to avoid issues with incomplete IPv6 support in TravisCI.

* Changed the unit tests to always start with a known set of environment
variables rather than inheriting the environment from the shell
running the tests. This was leading to test breakage in some cases.