asyncssh 2.17.0__tar.gz → 2.18.0__tar.gz

{asyncssh-2.17.0 → asyncssh-2.18.0}/.github/workflows/run_tests.yml

@@ -38,7 +38,7 @@ jobs:
 
     runs-on: ${{ matrix.os }}
     env:
-      liboqs_version: '0.7.2'
+      liboqs_version: '0.10.1'
       nettle_version: nettle_3.8.1_release_20220727
 
     steps:
@@ -130,6 +130,7 @@ jobs:
         with:
           name: coverage-${{ matrix.os }}-${{ matrix.python-version }}
           path: asyncssh/.coverage.*
+          include-hidden-files: true
           retention-days: 1
 
   merge-coverage:
@@ -142,6 +143,7 @@ jobs:
         with:
           name: coverage
           pattern: coverage-*
+          include-hidden-files: true
 
   report-coverage:
     name: Report coverage

{asyncssh-2.17.0/asyncssh.egg-info → asyncssh-2.18.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: asyncssh
-Version: 2.17.0
+Version: 2.18.0
 Summary: AsyncSSH: Asynchronous SSHv2 client and server library
 Home-page: http://asyncssh.timeheart.net
 Author: Ron Frederick
@@ -27,14 +27,23 @@ Classifier: Topic :: Security :: Cryptography
 Classifier: Topic :: Software Development :: Libraries :: Python Modules
 Classifier: Topic :: System :: Networking
 Requires-Python: >= 3.6
+License-File: LICENSE
+Requires-Dist: cryptography>=39.0
+Requires-Dist: typing_extensions>=4.0.0
 Provides-Extra: bcrypt
+Requires-Dist: bcrypt>=3.1.3; extra == "bcrypt"
 Provides-Extra: fido2
+Requires-Dist: fido2>=0.9.2; extra == "fido2"
 Provides-Extra: gssapi
+Requires-Dist: gssapi>=1.2.0; extra == "gssapi"
 Provides-Extra: libnacl
+Requires-Dist: libnacl>=1.4.2; extra == "libnacl"
 Provides-Extra: pkcs11
-Provides-Extra: pyOpenSSL
+Requires-Dist: python-pkcs11>=0.7.0; extra == "pkcs11"
+Provides-Extra: pyopenssl
+Requires-Dist: pyOpenSSL>=23.0.0; extra == "pyopenssl"
 Provides-Extra: pywin32
-License-File: LICENSE
+Requires-Dist: pywin32>=227; extra == "pywin32"
 
 .. image:: https://readthedocs.org/projects/asyncssh/badge/?version=latest
     :target: https://asyncssh.readthedocs.io/en/latest/?badge=latest
@@ -95,8 +104,7 @@ Features
 * Byte and string based I/O with settable encoding
 * A variety of `key exchange`__, `encryption`__, and `MAC`__ algorithms
 
-  * Including OpenSSH post-quantum kex algorithm
-    sntrup761x25519-sha512\@openssh.com
+  * Including post-quantum kex algorithms ML-KEM and SNTRUP
 
 * Support for `gzip compression`__
 
@@ -140,7 +148,7 @@ License
 
 This package is released under the following terms:
 
-  Copyright (c) 2013-2022 by Ron Frederick <ronf@timeheart.net> and others.
+  Copyright (c) 2013-2024 by Ron Frederick <ronf@timeheart.net> and others.
 
   This program and the accompanying materials are made available under
   the terms of the Eclipse Public License v2.0 which accompanies this
@@ -197,7 +205,7 @@ functionality:
 
 * Install liboqs from https://github.com/open-quantum-safe/liboqs
   if you want support for the OpenSSH post-quantum key exchange
-  algorithm sntrup761x25519-sha512\@openssh.com.
+  algorithms based on ML-KEM and SNTRUP.
 
 * Install libsodium from https://github.com/jedisct1/libsodium
   and libnacl from https://pypi.python.org/pypi/libnacl if you have
@@ -267,5 +275,3 @@ Three mailing lists are available for AsyncSSH:
 __ http://groups.google.com/d/forum/asyncssh-announce
 __ http://groups.google.com/d/forum/asyncssh-dev
 __ http://groups.google.com/d/forum/asyncssh-users
-
-

{asyncssh-2.17.0 → asyncssh-2.18.0}/README.rst

@@ -57,8 +57,7 @@ Features
 * Byte and string based I/O with settable encoding
 * A variety of `key exchange`__, `encryption`__, and `MAC`__ algorithms
 
-  * Including OpenSSH post-quantum kex algorithm
-    sntrup761x25519-sha512\@openssh.com
+  * Including post-quantum kex algorithms ML-KEM and SNTRUP
 
 * Support for `gzip compression`__
 
@@ -102,7 +101,7 @@ License
 
 This package is released under the following terms:
 
-  Copyright (c) 2013-2022 by Ron Frederick <ronf@timeheart.net> and others.
+  Copyright (c) 2013-2024 by Ron Frederick <ronf@timeheart.net> and others.
 
   This program and the accompanying materials are made available under
   the terms of the Eclipse Public License v2.0 which accompanies this
@@ -159,7 +158,7 @@ functionality:
 
 * Install liboqs from https://github.com/open-quantum-safe/liboqs
   if you want support for the OpenSSH post-quantum key exchange
-  algorithm sntrup761x25519-sha512\@openssh.com.
+  algorithms based on ML-KEM and SNTRUP.
 
 * Install libsodium from https://github.com/jedisct1/libsodium
   and libnacl from https://pypi.python.org/pypi/libnacl if you have

{asyncssh-2.17.0 → asyncssh-2.18.0}/asyncssh/__init__.py

@@ -109,7 +109,7 @@ from .sftp import SFTPByteRangeLockRefused, SFTPDeletePending
 from .sftp import SFTPFileCorrupt, SFTPOwnerInvalid, SFTPGroupInvalid
 from .sftp import SFTPNoMatchingByteRangeLock
 from .sftp import SFTPConnectionLost, SFTPOpUnsupported
-from .sftp import SFTPAttrs, SFTPVFSAttrs, SFTPName
+from .sftp import SFTPAttrs, SFTPVFSAttrs, SFTPName, SFTPLimits
 from .sftp import SEEK_SET, SEEK_CUR, SEEK_END
 
 from .stream import SSHSocketSessionFactory, SSHServerSessionFactory
@@ -122,6 +122,7 @@ from .subprocess import SSHSubprocessProtocol, SSHSubprocessTransport
 from . import sk_eddsa, sk_ecdsa, eddsa, ecdsa, rsa, dsa, kex_dh, kex_rsa
 
 __all__ = [
+    '__author__', '__author_email__', '__url__', '__version__',
     'BreakReceived', 'BytesOrStr', 'ChannelListenError',
     'ChannelOpenError', 'CompressionError', 'ConfigParseError',
     'ConnectionLost', 'DEVNULL', 'DataType', 'DisconnectError', 'Error',
@@ -136,15 +137,15 @@ __all__ = [
     'SFTPDirNotEmpty', 'SFTPEOFError', 'SFTPError', 'SFTPFailure',
     'SFTPFileAlreadyExists', 'SFTPFileCorrupt', 'SFTPFileIsADirectory',
     'SFTPGroupInvalid', 'SFTPInvalidFilename', 'SFTPInvalidHandle',
-    'SFTPInvalidParameter', 'SFTPLinkLoop', 'SFTPLockConflict', 'SFTPName',
-    'SFTPNoConnection', 'SFTPNoMatchingByteRangeLock', 'SFTPNoMedia',
-    'SFTPNoSpaceOnFilesystem', 'SFTPNoSuchFile', 'SFTPNoSuchPath',
-    'SFTPNotADirectory', 'SFTPOpUnsupported', 'SFTPOwnerInvalid',
-    'SFTPPermissionDenied', 'SFTPQuotaExceeded', 'SFTPServer',
-    'SFTPServerFactory', 'SFTPUnknownPrincipal', 'SFTPVFSAttrs',
-    'SFTPWriteProtect', 'SSHAcceptor', 'SSHAgentClient', 'SSHAgentKeyPair',
-    'SSHAuthorizedKeys', 'SSHCertificate', 'SSHClient', 'SSHClientChannel',
-    'SSHClientConnection', 'SSHClientConnectionOptions',
+    'SFTPInvalidParameter', 'SFTPLimits', 'SFTPLinkLoop', 'SFTPLockConflict',
+    'SFTPName', 'SFTPNoConnection', 'SFTPNoMatchingByteRangeLock',
+    'SFTPNoMedia', 'SFTPNoSpaceOnFilesystem', 'SFTPNoSuchFile',
+    'SFTPNoSuchPath', 'SFTPNotADirectory', 'SFTPOpUnsupported',
+    'SFTPOwnerInvalid', 'SFTPPermissionDenied', 'SFTPQuotaExceeded',
+    'SFTPServer', 'SFTPServerFactory', 'SFTPUnknownPrincipal', 'SFTPVFSAttrs',
+    'SFTPWriteProtect', 'SSHAcceptHandler', 'SSHAcceptor', 'SSHAgentClient',
+    'SSHAgentKeyPair', 'SSHAuthorizedKeys', 'SSHCertificate', 'SSHClient',
+    'SSHClientChannel', 'SSHClientConnection', 'SSHClientConnectionOptions',
     'SSHClientProcess', 'SSHClientSession', 'SSHCompletedProcess',
     'SSHForwarder', 'SSHKey', 'SSHKeyPair', 'SSHKnownHosts',
     'SSHLineEditorChannel', 'SSHListener', 'SSHReader', 'SSHServer',

{asyncssh-2.17.0 → asyncssh-2.18.0}/asyncssh/agent.py

@@ -21,7 +21,6 @@
 """SSH agent client"""
 
 import asyncio
-import errno
 import os
 import sys
 from types import TracebackType
@@ -58,17 +57,10 @@ class AgentWriter(Protocol):
         """Wait for the connection to the SSH agent to close"""
 
 
-try:
-    if sys.platform == 'win32': # pragma: no cover
-        from .agent_win32 import open_agent
-    else:
-        from .agent_unix import open_agent
-except ImportError as _exc: # pragma: no cover
-    async def open_agent(agent_path: str) -> \
-            Tuple[AgentReader, AgentWriter]:
-        """Dummy function if we're unable to import agent support"""
-
-        raise OSError(errno.ENOENT, 'Agent support unavailable: %s' % str(_exc))
+if sys.platform == 'win32': # pragma: no cover
+    from .agent_win32 import open_agent
+else:
+    from .agent_unix import open_agent
 
 
 class _SupportsOpenAgentConnection(Protocol):
@@ -260,7 +252,7 @@ class SSHAgentClient:
 
                 resplen = int.from_bytes((await reader.readexactly(4)), 'big')
 
-                resp = SSHPacket((await reader.readexactly(resplen)))
+                resp = SSHPacket(await reader.readexactly(resplen))
                 resptype = resp.get_byte()
 
                 return resptype, resp
@@ -306,7 +298,7 @@ class SSHAgentClient:
             resp.check_end()
             return result
         else:
-            raise ValueError('Unknown SSH agent response: %d' % resptype)
+            raise ValueError(f'Unknown SSH agent response: {resptype}')
 
     async def sign(self, key_blob: bytes, data: bytes,
                    flags: int = 0) -> bytes:
@@ -323,7 +315,7 @@ class SSHAgentClient:
         elif resptype == SSH_AGENT_FAILURE:
             raise ValueError('Unable to sign with requested key')
         else:
-            raise ValueError('Unknown SSH agent response: %d' % resptype)
+            raise ValueError(f'Unknown SSH agent response: {resptype}')
 
     async def add_keys(self, keylist: KeyPairListArg = (),
                        passphrase: Optional[str] = None,
@@ -405,7 +397,7 @@ class SSHAgentClient:
                 if not ignore_failures:
                     raise ValueError('Unable to add key')
             else:
-                raise ValueError('Unknown SSH agent response: %d' % resptype)
+                raise ValueError(f'Unknown SSH agent response: {resptype}')
 
     async def add_smartcard_keys(self, provider: str,
                                  pin: Optional[str] = None,
@@ -446,7 +438,7 @@ class SSHAgentClient:
         elif resptype == SSH_AGENT_FAILURE:
             raise ValueError('Unable to add keys')
         else:
-            raise ValueError('Unknown SSH agent response: %d' % resptype)
+            raise ValueError(f'Unknown SSH agent response: {resptype}')
 
     async def remove_keys(self, keylist: Sequence[SSHKeyPair]) -> None:
         """Remove a key stored in the agent
@@ -469,7 +461,7 @@ class SSHAgentClient:
             elif resptype == SSH_AGENT_FAILURE:
                 raise ValueError('Key not found')
             else:
-                raise ValueError('Unknown SSH agent response: %d' % resptype)
+                raise ValueError(f'Unknown SSH agent response: {resptype}')
 
     async def remove_smartcard_keys(self, provider: str,
                                     pin: Optional[str] = None) -> None:
@@ -495,7 +487,7 @@ class SSHAgentClient:
         elif resptype == SSH_AGENT_FAILURE:
             raise ValueError('Keys not found')
         else:
-            raise ValueError('Unknown SSH agent response: %d' % resptype)
+            raise ValueError(f'Unknown SSH agent response: {resptype}')
 
     async def remove_all(self) -> None:
         """Remove all keys stored in the agent
@@ -512,7 +504,7 @@ class SSHAgentClient:
         elif resptype == SSH_AGENT_FAILURE:
             raise ValueError('Unable to remove all keys')
         else:
-            raise ValueError('Unknown SSH agent response: %d' % resptype)
+            raise ValueError(f'Unknown SSH agent response: {resptype}')
 
     async def lock(self, passphrase: str) -> None:
         """Lock the agent using the specified passphrase
@@ -536,7 +528,7 @@ class SSHAgentClient:
         elif resptype == SSH_AGENT_FAILURE:
             raise ValueError('Unable to lock SSH agent')
         else:
-            raise ValueError('Unknown SSH agent response: %d' % resptype)
+            raise ValueError(f'Unknown SSH agent response: {resptype}')
 
     async def unlock(self, passphrase: str) -> None:
         """Unlock the agent using the specified passphrase
@@ -560,7 +552,7 @@ class SSHAgentClient:
         elif resptype == SSH_AGENT_FAILURE:
             raise ValueError('Unable to unlock SSH agent')
         else:
-            raise ValueError('Unknown SSH agent response: %d' % resptype)
+            raise ValueError(f'Unknown SSH agent response: {resptype}')
 
     async def query_extensions(self) -> Sequence[str]:
         """Return a list of extensions supported by the agent
@@ -589,7 +581,7 @@ class SSHAgentClient:
         elif resptype == SSH_AGENT_FAILURE:
             return []
         else:
-            raise ValueError('Unknown SSH agent response: %d' % resptype)
+            raise ValueError(f'Unknown SSH agent response: {resptype}')
 
     def close(self) -> None:
         """Close the SSH agent connection

{asyncssh-2.17.0 → asyncssh-2.18.0}/asyncssh/agent_win32.py

@@ -78,7 +78,7 @@ class _PageantTransport:
     """Transport to connect to Pageant agent on Windows"""
 
     def __init__(self) -> None:
-        self._mapname = '%s%08x' % (_AGENT_NAME, win32api.GetCurrentThreadId())
+        self._mapname = f'{_AGENT_NAME}{win32api.GetCurrentThreadId():08x}'
 
         try:
             self._mapfile = mmapfile.mmapfile('', self._mapname,

{asyncssh-2.17.0 → asyncssh-2.18.0}/asyncssh/asn1.py

@@ -1,4 +1,4 @@
-# Copyright (c) 2013-2021 by Ron Frederick <ronf@timeheart.net> and others.
+# Copyright (c) 2013-2024 by Ron Frederick <ronf@timeheart.net> and others.
 #
 # This program and the accompanying materials are made available under
 # the terms of the Eclipse Public License v2.0 which accompanies this
@@ -169,8 +169,8 @@ class RawDERObject:
         self.content = content
 
     def __repr__(self) -> str:
-        return ('RawDERObject(%s, %s, %r)' %
-                (_asn1_class[self.asn1_class], self.tag, self.content))
+        return f'RawDERObject({_asn1_class[self.asn1_class]}, ' \
+               f'{self.tag}, {self.content!r})'
 
     def __eq__(self, other: object) -> bool:
         if not isinstance(other, RawDERObject): # pragma: no cover
@@ -213,10 +213,10 @@ class TaggedDERObject:
 
     def __repr__(self) -> str:
         if self.asn1_class == CONTEXT_SPECIFIC:
-            return 'TaggedDERObject(%s, %r)' % (self.tag, self.value)
+            return f'TaggedDERObject({self.tag}, {self.value!r})'
         else:
-            return ('TaggedDERObject(%s, %s, %r)' %
-                    (_asn1_class[self.asn1_class], self.tag, self.value))
+            return f'TaggedDERObject({_asn1_class[self.asn1_class]}, ' \
+                   f'{self.tag}, {self.value!r})'
 
     def __eq__(self, other: object) -> bool:
         if not isinstance(other, TaggedDERObject): # pragma: no cover
@@ -469,7 +469,7 @@ class BitString(DERType):
         return result
 
     def __repr__(self) -> str:
-        return "BitString('%s')" % self
+        return f"BitString('{self}')"
 
     def __eq__(self, other: object) -> bool:
         if not isinstance(other, BitString): # pragma: no cover
@@ -508,10 +508,10 @@ class IA5String(DERType):
         self.value = value
 
     def __str__(self) -> str:
-        return '%s' % self.value.decode('ascii')
+        return self.value.decode('ascii')
 
     def __repr__(self) -> str:
-        return 'IA5String(%r)' % self.value
+        return f'IA5String({self.value!r})'
 
     def __eq__(self, other: object) -> bool: # pragma: no cover
         if not isinstance(other, IA5String):
@@ -569,7 +569,7 @@ class ObjectIdentifier(DERType):
         return self.value
 
     def __repr__(self) -> str:
-        return "ObjectIdentifier('%s')" % self.value
+        return f"ObjectIdentifier('{self.value}')"
 
     def __eq__(self, other: object) -> bool:
         if not isinstance(other, ObjectIdentifier): # pragma: no cover
@@ -685,7 +685,7 @@ def der_encode(value: object) -> bytes:
         identifier = cls.identifier
         content = cls.encode(value)
     else:
-        raise ASN1EncodeError('Cannot DER encode type %s' % t.__name__)
+        raise ASN1EncodeError(f'Cannot DER encode type {t.__name__}')
 
     length = len(content)
     if length < 0x80:

{asyncssh-2.17.0 → asyncssh-2.18.0}/asyncssh/auth.py

@@ -1,4 +1,4 @@
-# Copyright (c) 2013-2022 by Ron Frederick <ronf@timeheart.net> and others.
+# Copyright (c) 2013-2024 by Ron Frederick <ronf@timeheart.net> and others.
 #
 # This program and the accompanying materials are made available under
 # the terms of the Eclipse Public License v2.0 which accompanies this
@@ -27,6 +27,7 @@ from .constants import DEFAULT_LANG
 from .gss import GSSBase, GSSError
 from .logging import SSHLogger
 from .misc import ProtocolError, PasswordChangeRequired, get_symbol_names
+from .misc import run_in_executor
 from .packet import Boolean, String, UInt32, SSHPacket, SSHPacketHandler
 from .public_key import SigningKey
 from .saslprep import saslprep, SASLPrepError
@@ -158,7 +159,7 @@ class _ClientGSSKexAuth(ClientAuth):
             await self.send_request(key=self._conn.get_gss_context(),
                                     trivial=False)
         else:
-            self._conn.try_next_auth()
+            self._conn.try_next_auth(next_method=True)
 
 
 class _ClientGSSMICAuth(ClientAuth):
@@ -180,10 +181,10 @@ class _ClientGSSMICAuth(ClientAuth):
 
             self._gss = self._conn.get_gss_context()
             self._gss.reset()
-            mechs = b''.join((String(mech) for mech in self._gss.mechs))
+            mechs = b''.join(String(mech) for mech in self._gss.mechs)
             await self.send_request(UInt32(len(self._gss.mechs)), mechs)
         else:
-            self._conn.try_next_auth()
+            self._conn.try_next_auth(next_method=True)
 
     def _finish(self) -> None:
         """Finish client GSS MIC authentication"""
@@ -199,8 +200,8 @@ class _ClientGSSMICAuth(ClientAuth):
         else:
             self.send_packet(MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE)
 
-    def _process_response(self, _pkttype: int, _pktid: int,
-                          packet: SSHPacket) -> None:
+    async def _process_response(self, _pkttype: int, _pktid: int,
+                                packet: SSHPacket) -> None:
         """Process a GSS response from the server"""
 
         mech = packet.get_string()
@@ -212,7 +213,7 @@ class _ClientGSSMICAuth(ClientAuth):
             raise ProtocolError('Mechanism mismatch')
 
         try:
-            token = self._gss.step()
+            token = await run_in_executor(self._gss.step)
             assert token is not None
 
             self.send_packet(MSG_USERAUTH_GSSAPI_TOKEN, String(token))
@@ -223,10 +224,10 @@ class _ClientGSSMICAuth(ClientAuth):
             if exc.token:
                 self.send_packet(MSG_USERAUTH_GSSAPI_ERRTOK, String(exc.token))
 
-            self._conn.try_next_auth()
+            self._conn.try_next_auth(next_method=True)
 
-    def _process_token(self, _pkttype: int, _pktid: int,
-                       packet: SSHPacket) -> None:
+    async def _process_token(self, _pkttype: int, _pktid: int,
+                             packet: SSHPacket) -> None:
         """Process a GSS token from the server"""
 
         token: Optional[bytes] = packet.get_string()
@@ -235,7 +236,7 @@ class _ClientGSSMICAuth(ClientAuth):
         assert self._gss is not None
 
         try:
-            token = self._gss.step(token)
+            token = await run_in_executor(self._gss.step, token)
 
             if token:
                 self.send_packet(MSG_USERAUTH_GSSAPI_TOKEN, String(token))
@@ -246,7 +247,7 @@ class _ClientGSSMICAuth(ClientAuth):
             if exc.token:
                 self.send_packet(MSG_USERAUTH_GSSAPI_ERRTOK, String(exc.token))
 
-            self._conn.try_next_auth()
+            self._conn.try_next_auth(next_method=True)
 
     def _process_error(self, _pkttype: int, _pktid: int,
                        packet: SSHPacket) -> None:
@@ -261,8 +262,8 @@ class _ClientGSSMICAuth(ClientAuth):
         self.logger.debug1('GSS error from server: %s', msg)
         self._got_error = True
 
-    def _process_error_token(self, _pkttype: int, _pktid: int,
-                             packet: SSHPacket) -> None:
+    async def _process_error_token(self, _pkttype: int, _pktid: int,
+                                   packet: SSHPacket) -> None:
         """Process a GSS error token from the server"""
 
         token = packet.get_string()
@@ -271,7 +272,7 @@ class _ClientGSSMICAuth(ClientAuth):
         assert self._gss is not None
 
         try:
-            self._gss.step(token)
+            await run_in_executor(self._gss.step, token)
         except GSSError as exc:
             if not self._got_error: # pragma: no cover
                 self.logger.debug1('GSS error from server: %s', str(exc))
@@ -294,7 +295,7 @@ class _ClientHostBasedAuth(ClientAuth):
             await self._conn.host_based_auth_requested()
 
         if keypair is None:
-            self._conn.try_next_auth()
+            self._conn.try_next_auth(next_method=True)
             return
 
         self.logger.debug1('Trying host based auth of user %s on host %s '
@@ -322,7 +323,7 @@ class _ClientPublicKeyAuth(ClientAuth):
         self._keypair = await self._conn.public_key_auth_requested()
 
         if self._keypair is None:
-            self._conn.try_next_auth()
+            self._conn.try_next_auth(next_method=True)
             return
 
         self.logger.debug1('Trying public key auth with %s key',
@@ -340,10 +341,14 @@ class _ClientPublicKeyAuth(ClientAuth):
         self.logger.debug1('Signing request with %s key',
                            self._keypair.algorithm)
 
-        await self.send_request(Boolean(True),
-                                String(self._keypair.algorithm),
-                                String(self._keypair.public_data),
-                                key=self._keypair, trivial=False)
+        try:
+            await self.send_request(Boolean(True),
+                                    String(self._keypair.algorithm),
+                                    String(self._keypair.public_data),
+                                    key=self._keypair, trivial=False)
+        except ValueError as exc:
+            self.logger.debug1('Public key auth failed: %s', str(exc))
+            self._conn.try_next_auth()
 
     def _process_public_key_ok(self, _pkttype: int, _pktid: int,
                                packet: SSHPacket) -> None:
@@ -377,7 +382,7 @@ class _ClientKbdIntAuth(ClientAuth):
         submethods = await self._conn.kbdint_auth_requested()
 
         if submethods is None:
-            self._conn.try_next_auth()
+            self._conn.try_next_auth(next_method=True)
             return
 
         self.logger.debug1('Trying keyboard-interactive auth')
@@ -393,7 +398,7 @@ class _ClientKbdIntAuth(ClientAuth):
                                                        lang, prompts)
 
         if responses is None:
-            self._conn.try_next_auth()
+            self._conn.try_next_auth(next_method=True)
             return
 
         self.send_packet(MSG_USERAUTH_INFO_RESPONSE, UInt32(len(responses)),
@@ -454,7 +459,7 @@ class _ClientPasswordAuth(ClientAuth):
         password = await self._conn.password_auth_requested()
 
         if password is None:
-            self._conn.try_next_auth()
+            self._conn.try_next_auth(next_method=True)
             return
 
         self.logger.debug1('Trying password auth')
@@ -469,7 +474,7 @@ class _ClientPasswordAuth(ClientAuth):
 
         if result == NotImplemented:
             # Password change not supported - move on to the next auth method
-            self._conn.try_next_auth()
+            self._conn.try_next_auth(next_method=True)
             return
 
         self.logger.debug1('Trying to chsnge password')
@@ -649,15 +654,15 @@ class _ServerGSSMICAuth(ServerAuth):
         else:
             self.send_failure()
 
-    def _process_token(self, _pkttype: int, _pktid: int,
-                       packet: SSHPacket) -> None:
+    async def _process_token(self, _pkttype: int, _pktid: int,
+                             packet: SSHPacket) -> None:
         """Process a GSS token from the client"""
 
         token: Optional[bytes] = packet.get_string()
         packet.check_end()
 
         try:
-            token = self._gss.step(token)
+            token = await run_in_executor(self._gss.step, token)
 
             if token:
                 self.send_packet(MSG_USERAUTH_GSSAPI_TOKEN, String(token))
@@ -682,15 +687,15 @@ class _ServerGSSMICAuth(ServerAuth):
         else:
             self.send_failure()
 
-    def _process_error_token(self, _pkttype: int, _pktid: int,
-                             packet: SSHPacket) -> None:
+    async def _process_error_token(self, _pkttype: int, _pktid: int,
+                                   packet: SSHPacket) -> None:
         """Process a GSS error token from the client"""
 
         token = packet.get_string()
         packet.check_end()
 
         try:
-            self._gss.step(token)
+            await run_in_executor(self._gss.step, token)
         except GSSError as exc:
             self.logger.debug1('GSS error from client: %s', str(exc))
 

{asyncssh-2.17.0 → asyncssh-2.18.0}/asyncssh/auth_keys.py

@@ -1,4 +1,4 @@
-# Copyright (c) 2015-2021 by Ron Frederick <ronf@timeheart.net> and others.
+# Copyright (c) 2015-2024 by Ron Frederick <ronf@timeheart.net> and others.
 #
 # This program and the accompanying materials are made available under
 # the terms of the Eclipse Public License v2.0 which accompanies this
@@ -120,8 +120,8 @@ class _SSHAuthorizedKeyEntry:
                 host = host[1:-1]
 
             port = None if port_str == '*' else int(port_str)
-        except:
-            raise ValueError('Illegal permitopen value: %s' % value) from None
+        except ValueError:
+            raise ValueError(f'Illegal permitopen value: {value}') from None
 
         permitted_opens = cast(Set[Tuple[str, Optional[int]]],
                                self.options.setdefault(option, set()))