feat: update python-asyncssh to 2.21.1-1

.readthedocs.yaml

@@ -0,0 +1,14 @@
+version: 2
+
+build:
+  os: ubuntu-22.04
+  tools:
+    python: "3.11"
+
+python:
+  install:
+    - requirements: docs/requirements.txt
+
+sphinx:
+  configuration: docs/conf.py
+

CONTRIBUTING.rst

@@ -68,19 +68,18 @@ contributors list.
 Branches
 --------
 
-There are two long-lived branches in AsyncSSH at the moment:
+There are two long-lived branches in AsyncSSH:
 
 * The master branch is intended to contain the latest stable version
   of the code. All official versions of AsyncSSH are released from
   this branch, and each release has a corresponding tag added
-  matching its release number. Bug fixes and simple improvements
-  may be checked directly into this branch, but most new features
-  will be added to the develop branch first.
-
-* The develop branch is intended to contain features for developers
-  to test before they are ready to be added to an official release.
-  APIs in the develop branch may be subject to change until they
-  are migrated back to master, and there's no guarantee of backward
+  matching its release number.
+
+* The develop branch is intended to contain new features and bug fixes
+  ready to be tested before being added to an official release. APIs
+  in the develop branch may be subject to change until they are
+  migrated back to master, and there's no guarantee of backward
   compatibility in this branch. However, pulling from this branch
   will provide early access to new functionality and a chance to
-  influence this functionality before it is released.
+  influence this functionality before it is released. Also, all
+  pull requests should be submitted against this branch.

README.rst

@@ -1,3 +1,12 @@
+.. image:: https://readthedocs.org/projects/asyncssh/badge/?version=latest
+    :target: https://asyncssh.readthedocs.io/en/latest/?badge=latest
+    :alt: Documentation Status
+
+.. image:: https://img.shields.io/pypi/v/asyncssh.svg
+    :target: https://pypi.python.org/pypi/asyncssh/
+    :alt: AsyncSSH PyPI Project
+
+
 AsyncSSH: Asynchronous SSH for Python
 =====================================
 
@@ -32,6 +41,7 @@ Features
   * Environment variables, terminal type, and window size
   * Direct and forwarded TCP/IP channels
   * OpenSSH-compatible direct and forwarded UNIX domain socket channels
+  * OpenSSH-compatible TUN/TAP channels and packet forwarding
   * Local and remote TCP/IP port forwarding
   * Local and remote UNIX domain socket forwarding
   * Dynamic TCP/IP port forwarding via SOCKS
@@ -46,6 +56,9 @@ Features
 * Multiple SSH connections in a single event loop
 * Byte and string based I/O with settable encoding
 * A variety of `key exchange`__, `encryption`__, and `MAC`__ algorithms
+
+  * Including post-quantum kex algorithms ML-KEM and SNTRUP
+
 * Support for `gzip compression`__
 
   * Including OpenSSH variant to delay compression until after auth
@@ -88,7 +101,7 @@ License
 
 This package is released under the following terms:
 
-  Copyright (c) 2013-2022 by Ron Frederick <ronf@timeheart.net> and others.
+  Copyright (c) 2013-2024 by Ron Frederick <ronf@timeheart.net> and others.
 
   This program and the accompanying materials are made available under
   the terms of the Eclipse Public License v2.0 which accompanies this
@@ -114,7 +127,7 @@ Prerequisites
 To use AsyncSSH 2.0 or later, you need the following:
 
 * Python 3.6 or later
-* cryptography (PyCA) 2.8 or later
+* cryptography (PyCA) 3.1 or later
 
 Installation
 ------------
@@ -143,6 +156,10 @@ functionality:
 * Install gssapi from https://pypi.python.org/pypi/gssapi if you
   want support for GSSAPI key exchange and authentication on UNIX.
 
+* Install liboqs from https://github.com/open-quantum-safe/liboqs
+  if you want support for the OpenSSH post-quantum key exchange
+  algorithms based on ML-KEM and SNTRUP.
+
 * Install libsodium from https://github.com/jedisct1/libsodium
   and libnacl from https://pypi.python.org/pypi/libnacl if you have
   a version of OpenSSL older than 1.1.1b installed and you want
@@ -186,8 +203,8 @@ Windows, you can run:
 
 Note that you will still need to manually install the libsodium library
 listed above for libnacl to work correctly and/or libnettle for UMAC
-support. Unfortunately, since libsodium and libnettle are not Python
-packages, they cannot be directly installed using pip.
+support. Unfortunately, since liboqs, libsodium, and libnettle are not
+Python packages, they cannot be directly installed using pip.
 
 Installing the development branch
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

SECURITY.md

@@ -0,0 +1,22 @@
+# Secuity Policy
+
+## Supported Versions
+
+AsyncSSH has only one active development branch at this time. Any bug or
+vulnerability fixes will be fixed in the "develop" branch first and then
+migrated to the "master" branch in preparation for putting out a new release.
+
+## Reporting Vulnerabilities
+
+**⚠️ Please do not file GitHub issues for security vulnerabilities as they are
+public! ⚠️**
+
+If you believe you have found a security vulnerability in AsyncSSH, please
+create a draft
+[security advisory](https://github.com/ronf/asyncssh/security/advisories/new)
+or send an e-mail to security@asyncssh.com with a description of the issue
+and details for how to reproduce it. This report will be reviewed and you'll
+be contacted if further information is required, or when a fix is available.
+
+Published security advisories for AsyncSSH can be found
+[here](https://github.com/ronf/asyncssh/security/advisories).

asyncssh/__init__.py

@@ -1,4 +1,4 @@
-# Copyright (c) 2013-2022 by Ron Frederick <ronf@timeheart.net> and others.
+# Copyright (c) 2013-2024 by Ron Frederick <ronf@timeheart.net> and others.
 #
 # This program and the accompanying materials are made available under
 # the terms of the Eclipse Public License v2.0 which accompanies this
@@ -34,7 +34,7 @@
 from .auth_keys import import_authorized_keys, read_authorized_keys
 
 from .channel import SSHClientChannel, SSHServerChannel
-from .channel import SSHTCPChannel, SSHUNIXChannel
+from .channel import SSHTCPChannel, SSHUNIXChannel, SSHTunTapChannel
 
 from .client import SSHClient
 
@@ -44,9 +44,10 @@
 
 from .connection import SSHAcceptor, SSHClientConnection, SSHServerConnection
 from .connection import SSHClientConnectionOptions, SSHServerConnectionOptions
+from .connection import SSHAcceptHandler
 from .connection import create_connection, create_server, connect, listen
 from .connection import connect_reverse, listen_reverse, get_server_host_key
-from .connection import get_server_auth_methods
+from .connection import get_server_auth_methods, run_client, run_server
 
 from .editor import SSHLineEditorChannel
 
@@ -86,10 +87,12 @@
 from .public_key import load_keypairs, load_public_keys, load_certificates
 from .public_key import load_resident_keys
 
+from .rsa import set_default_skip_rsa_key_validation
+
 from .scp import scp
 
 from .session import DataType, SSHClientSession, SSHServerSession
-from .session import SSHTCPSession, SSHUNIXSession
+from .session import SSHTCPSession, SSHUNIXSession, SSHTunTapSession
 
 from .server import SSHServer
 
@@ -106,7 +109,7 @@
 from .sftp import SFTPFileCorrupt, SFTPOwnerInvalid, SFTPGroupInvalid
 from .sftp import SFTPNoMatchingByteRangeLock
 from .sftp import SFTPConnectionLost, SFTPOpUnsupported
-from .sftp import SFTPAttrs, SFTPVFSAttrs, SFTPName
+from .sftp import SFTPAttrs, SFTPVFSAttrs, SFTPName, SFTPLimits
 from .sftp import SEEK_SET, SEEK_CUR, SEEK_END
 
 from .stream import SSHSocketSessionFactory, SSHServerSessionFactory
@@ -117,3 +120,54 @@
 
 # Import these explicitly to trigger register calls in them
 from . import sk_eddsa, sk_ecdsa, eddsa, ecdsa, rsa, dsa, kex_dh, kex_rsa
+
+__all__ = [
+    '__author__', '__author_email__', '__url__', '__version__',
+    'BreakReceived', 'BytesOrStr', 'ChannelListenError',
+    'ChannelOpenError', 'CompressionError', 'ConfigParseError',
+    'ConnectionLost', 'DEVNULL', 'DataType', 'DisconnectError', 'Error',
+    'HostKeyNotVerifiable', 'IllegalUserName', 'KeyEncryptionError',
+    'KeyExchangeFailed', 'KeyExportError', 'KeyGenerationError',
+    'KeyImportError', 'MACError', 'PIPE', 'PasswordChangeRequired',
+    'PermissionDenied', 'ProcessError', 'ProtocolError',
+    'ProtocolNotSupported', 'SEEK_CUR', 'SEEK_END', 'SEEK_SET',
+    'SFTPAttrs', 'SFTPBadMessage', 'SFTPByteRangeLockConflict',
+    'SFTPByteRangeLockRefused', 'SFTPCannotDelete', 'SFTPClient',
+    'SFTPClientFile', 'SFTPConnectionLost', 'SFTPDeletePending',
+    'SFTPDirNotEmpty', 'SFTPEOFError', 'SFTPError', 'SFTPFailure',
+    'SFTPFileAlreadyExists', 'SFTPFileCorrupt', 'SFTPFileIsADirectory',
+    'SFTPGroupInvalid', 'SFTPInvalidFilename', 'SFTPInvalidHandle',
+    'SFTPInvalidParameter', 'SFTPLimits', 'SFTPLinkLoop', 'SFTPLockConflict',
+    'SFTPName', 'SFTPNoConnection', 'SFTPNoMatchingByteRangeLock',
+    'SFTPNoMedia', 'SFTPNoSpaceOnFilesystem', 'SFTPNoSuchFile',
+    'SFTPNoSuchPath', 'SFTPNotADirectory', 'SFTPOpUnsupported',
+    'SFTPOwnerInvalid', 'SFTPPermissionDenied', 'SFTPQuotaExceeded',
+    'SFTPServer', 'SFTPServerFactory', 'SFTPUnknownPrincipal', 'SFTPVFSAttrs',
+    'SFTPWriteProtect', 'SSHAcceptHandler', 'SSHAcceptor', 'SSHAgentClient',
+    'SSHAgentKeyPair', 'SSHAuthorizedKeys', 'SSHCertificate', 'SSHClient',
+    'SSHClientChannel', 'SSHClientConnection', 'SSHClientConnectionOptions',
+    'SSHClientProcess', 'SSHClientSession', 'SSHCompletedProcess',
+    'SSHForwarder', 'SSHKey', 'SSHKeyPair', 'SSHKnownHosts',
+    'SSHLineEditorChannel', 'SSHListener', 'SSHReader', 'SSHServer',
+    'SSHServerChannel', 'SSHServerConnection',
+    'SSHServerConnectionOptions', 'SSHServerProcess',
+    'SSHServerProcessFactory', 'SSHServerSession',
+    'SSHServerSessionFactory', 'SSHSocketSessionFactory',
+    'SSHSubprocessProtocol', 'SSHSubprocessReadPipe',
+    'SSHSubprocessTransport', 'SSHSubprocessWritePipe', 'SSHTCPChannel',
+    'SSHTCPSession', 'SSHTunTapChannel', 'SSHTunTapSession',
+    'SSHUNIXChannel', 'SSHUNIXSession', 'SSHWriter',
+    'STDOUT', 'ServiceNotAvailable', 'SignalReceived', 'TerminalSizeChanged',
+    'TimeoutError', 'connect', 'connect_agent', 'connect_reverse',
+    'create_connection', 'create_server', 'generate_private_key',
+    'get_server_auth_methods', 'get_server_host_key',
+    'import_authorized_keys', 'import_certificate', 'import_known_hosts',
+    'import_private_key', 'import_public_key', 'listen', 'listen_reverse',
+    'load_certificates', 'load_keypairs', 'load_pkcs11_keys',
+    'load_public_keys', 'load_resident_keys', 'logger', 'match_known_hosts',
+    'read_authorized_keys', 'read_certificate', 'read_certificate_list',
+    'read_known_hosts', 'read_private_key', 'read_private_key_list',
+    'read_public_key', 'read_public_key_list', 'run_client', 'run_server',
+    'scp', 'set_debug_level', 'set_default_skip_rsa_key_validation',
+    'set_log_level', 'set_sftp_log_level'
+]