PyPI - asyncssh - Versions diffs - 2.21.0__tar.gz → 2.21.1__tar.gz - Mend

asyncssh 2.21.0tar.gz → 2.21.1tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (177) hide show

{asyncssh-2.21.0 → asyncssh-2.21.1}/.github/workflows/run_tests.yml RENAMED Viewed

@@ -1,13 +1,19 @@
 name: Run tests
 on: [push, pull_request]
+permissions:
+  contents: read
 jobs:
   run-tests:
     name: Run tests
+    permissions:
+      contents: read
+      actions: write
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, macos-latest, windows-latest]
+        os: [ubuntu-latest, macos-latest, windows-2022]
         python-version: ["3.8", "3.9", "3.10", "3.11", "3.12", "3.13"]
         include:
           - os: macos-latest
@@ -124,6 +130,8 @@ jobs:
     runs-on: ubuntu-latest
     needs: run-tests
     if: ${{ always() }}
+    permissions:
+      actions: write
     steps:
       - name: Merge coverage
         uses: actions/upload-artifact/merge@v4
@@ -137,6 +145,9 @@ jobs:
     runs-on: ubuntu-latest
     needs: merge-coverage
     if: ${{ always() }}
+    permissions:
+      contents: read
+      actions: read
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-python@v5

{asyncssh-2.21.0/asyncssh.egg-info → asyncssh-2.21.1}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: asyncssh
-Version: 2.21.0
+Version: 2.21.1
 Summary: AsyncSSH: Asynchronous SSHv2 client and server library
 Author-email: Ron Frederick <ronf@timeheart.net>
 License: EPL-2.0 OR GPL-2.0-or-later
@@ -32,7 +32,7 @@ Requires-Dist: typing_extensions>=4.0.0
 Provides-Extra: bcrypt
 Requires-Dist: bcrypt>=3.1.3; extra == "bcrypt"
 Provides-Extra: fido2
-Requires-Dist: fido2>=0.9.2; extra == "fido2"
+Requires-Dist: fido2<2,>=0.9.2; extra == "fido2"
 Provides-Extra: gssapi
 Requires-Dist: gssapi>=1.2.0; extra == "gssapi"
 Provides-Extra: libnacl

{asyncssh-2.21.0 → asyncssh-2.21.1}/asyncssh/connection.py RENAMED Viewed

@@ -4169,7 +4169,7 @@ class SSHClientConnection(SSHConnection):
     async def create_session(self, session_factory: SSHClientSessionFactory,
                              command: DefTuple[Optional[str]] = (), *,
                              subsystem: DefTuple[Optional[str]]= (),
-                             env: DefTuple[Env] = (),
+                             env: DefTuple[Optional[Env]] = (),
                              send_env: DefTuple[Optional[EnvSeq]] = (),
                              request_pty: DefTuple[Union[bool, str]] = (),
                              term_type: DefTuple[Optional[str]] = (),
@@ -5687,7 +5687,7 @@ class SSHClientConnection(SSHConnection):
         return cast(SSHForwarder, peer)
     @async_context_manager
-    async def start_sftp_client(self, env: DefTuple[Env] = (),
+    async def start_sftp_client(self, env: DefTuple[Optional[Env]] = (),
                                 send_env: DefTuple[Optional[EnvSeq]] = (),
                                 path_encoding: Optional[str] = 'utf-8',
                                 path_errors = 'strict',
@@ -8042,7 +8042,7 @@ class SSHClientConnectionOptions(SSHConnectionOptions):
     pkcs11_pin: Optional[str]
     command: Optional[str]
     subsystem: Optional[str]
-    env: Env
+    env: Optional[Env]
     send_env: Optional[EnvSeq]
     request_pty: _RequestPTY
     term_type: Optional[str]
@@ -8115,7 +8115,8 @@ class SSHClientConnectionOptions(SSHConnectionOptions):
                 pkcs11_provider: DefTuple[Optional[str]] = (),
                 pkcs11_pin: Optional[str] = None,
                 command: DefTuple[Optional[str]] = (),
-                subsystem: Optional[str] = None, env: DefTuple[Env] = (),
+                subsystem: Optional[str] = None,
+                env: DefTuple[Optional[Env]] = (),
                 send_env: DefTuple[Optional[EnvSeq]] = (),
                 request_pty: DefTuple[_RequestPTY] = (),
                 term_type: Optional[str] = None,
@@ -8354,7 +8355,8 @@ class SSHClientConnectionOptions(SSHConnectionOptions):
         self.subsystem = subsystem
-        self.env = cast(Env, env if env != () else config.get('SetEnv'))
+        self.env = cast(Optional[Env], env if env != () else
+            config.get('SetEnv'))
         self.send_env = cast(Optional[EnvSeq], send_env if send_env != () else
             config.get('SendEnv'))

{asyncssh-2.21.0 → asyncssh-2.21.1}/asyncssh/forward.py RENAMED Viewed

@@ -91,7 +91,8 @@ class SSHForwarder(asyncio.BaseProtocol):
     def write_eof(self) -> None:
         """Write end of file to the transport"""
-        assert self._transport is not None
+        if not self._transport:
+            return # pragma: no cover
         try:
             self._transport.write_eof()

{asyncssh-2.21.0 → asyncssh-2.21.1}/asyncssh/misc.py RENAMED Viewed

@@ -125,7 +125,7 @@ SockAddr = Union[Tuple[str, int], Tuple[str, int, int, int]]
 EnvMap = Mapping[BytesOrStr, BytesOrStr]
 EnvItems = Sequence[Tuple[BytesOrStr, BytesOrStr]]
 EnvSeq = Sequence[BytesOrStr]
-Env = Optional[Union[EnvMap, EnvItems, EnvSeq]]
+Env = Union[EnvMap, EnvItems, EnvSeq]
 # Define a version of randrange which is based on SystemRandom(), so that
 # we get back numbers suitable for cryptographic use.
@@ -141,8 +141,8 @@ _time_units = {'': 1, 's': 1, 'm': 60, 'h': 60*60,
 def encode_env(env: Env) -> Iterator[Tuple[bytes, bytes]]:
     """Convert environemnt dict or list to bytes-based dictionary"""
-    env = cast(Sequence[Tuple[BytesOrStr, BytesOrStr]],
-               env.items() if isinstance(env, dict) else env)
+    if hasattr(env, 'items'):
+        env = cast(Env, env.items())
     try:
         for item in env:

{asyncssh-2.21.0 → asyncssh-2.21.1}/asyncssh/public_key.py RENAMED Viewed

@@ -1,4 +1,4 @@
-# Copyright (c) 2013-2024 by Ron Frederick <ronf@timeheart.net> and others.
+# Copyright (c) 2013-2025 by Ron Frederick <ronf@timeheart.net> and others.
 #
 # This program and the accompanying materials are made available under
 # the terms of the Eclipse Public License v2.0 which accompanies this
@@ -97,6 +97,8 @@ CertListArg = Union[_CertArg, Sequence[_CertArg]]
 _KeyPairArg = Union['SSHKeyPair', _KeyArg, Tuple[_KeyArg, _CertArg]]
 KeyPairListArg = Union[_KeyPairArg, Sequence[_KeyPairArg]]
+_PassphraseCallable = Callable[[str], BytesOrStr]
+_PassphraseArg = Optional[Union[_PassphraseCallable, BytesOrStr]]
 # Default file names in .ssh directory to read private keys from
 _DEFAULT_KEY_FILES = (
@@ -192,6 +194,51 @@ def _wrap_base64(data: bytes, wrap: int = 64) -> bytes:
                       for i in range(0, len(data), wrap)) + b'\n'
+def _resolve_passphrase(
+        passphrase: _PassphraseArg, filename: str,
+        loop: Optional[asyncio.AbstractEventLoop]) -> Optional[BytesOrStr]:
+    """Resolve a passphrase used to encrypt/decrypt SSH private keys"""
+    resolved_passphrase: Optional[BytesOrStr]
+    if callable(passphrase):
+        resolved_passphrase = passphrase(filename)
+    else:
+        resolved_passphrase = passphrase
+    if loop and inspect.isawaitable(resolved_passphrase):
+        resolved_passphrase = asyncio.run_coroutine_threadsafe(
+            resolved_passphrase, loop).result()
+    return resolved_passphrase
+class _EncryptedKey:
+    """Encrypted SSH private key, decrypted just prior to use"""
+    def __init__(self, key_data: bytes, filename: str,
+                 passphrase: _PassphraseArg,
+                 loop: Optional[asyncio.AbstractEventLoop],
+                 unsafe_skip_rsa_key_validation: bool):
+        self._key_data = key_data
+        self._filename = filename
+        self._passphrase = passphrase
+        self._loop = loop
+        self._unsafe_skip_rsa_key_validation = unsafe_skip_rsa_key_validation
+    def decrypt(self) -> 'SSHKey':
+        """Decrypt this encrypted key data and return an SSH private key"""
+        resolved_passphrase = _resolve_passphrase(self._passphrase,
+                                                  self._filename, self._loop)
+        key = import_private_key(self._key_data, resolved_passphrase,
+                                 self._unsafe_skip_rsa_key_validation)
+        key.set_filename(self._filename)
+        return key
 class KeyGenerationError(ValueError):
     """Key generation error
@@ -2238,8 +2285,9 @@ class SSHLocalKeyPair(SSHKeyPair):
     _key_type = 'local'
-    def __init__(self, key: SSHKey, pubkey: Optional[SSHKey] = None,
-                 cert: Optional[SSHCertificate] = None):
+    def __init__(self, key: SSHKey, pubkey: Optional[SSHKey],
+                 cert: Optional[SSHCertificate],
+                 enc_key: Optional[_EncryptedKey]):
         if pubkey and pubkey.public_data != key.public_data:
             raise ValueError('Public key mismatch')
@@ -2254,10 +2302,11 @@ class SSHLocalKeyPair(SSHKeyPair):
         super().__init__(key.algorithm, key.algorithm, key.sig_algorithms,
                          key.sig_algorithms, key.public_data, comment,
-                         cert, key.get_filename(), key.use_executor,
-                         key.use_webauthn)
+                         cert, key.get_filename(), key.use_executor or
+                         bool(enc_key), key.use_webauthn)
         self._key = key
+        self._enc_key = enc_key
     def get_agent_private_key(self) -> bytes:
         """Return binary encoding of keypair for upload to SSH agent"""
@@ -2273,6 +2322,12 @@ class SSHLocalKeyPair(SSHKeyPair):
     def sign(self, data: bytes) -> bytes:
         """Sign a block of data with this private key"""
+        if self._enc_key:
+            self._key = self._enc_key.decrypt()
+            self._enc_key = None
+            self.use_executor = self._key.use_executor
         return self._key.sign(data, self.sig_algorithm)
@@ -2368,7 +2423,7 @@ def _match_block(data: bytes, start: int, header: bytes,
     """Match a block of data wrapped in a header/footer"""
     match = re.compile(b'^' + header[:5] + b'END' + header[10:] +
-                       rb'[ \t\r\f\v]*$', re.M).search(data, start)
+                       rb'[ \t\n\r\f\v]*$', re.M).search(data, start)
     if not match:
         raise KeyImportError(f'Missing {fmt} footer')
@@ -3203,21 +3258,6 @@ def import_private_key(
         raise KeyImportError('Invalid private key')
-def import_private_key_and_certs(
-        data: bytes, passphrase: Optional[BytesOrStr] = None,
-        unsafe_skip_rsa_key_validation: Optional[bool] = None) -> \
-            Tuple[SSHKey, Optional[SSHX509CertificateChain]]:
-    """Import a private key and optional certificate chain"""
-    key, end = _decode_private(data, passphrase,
-                               unsafe_skip_rsa_key_validation)
-    if key:
-        return key, import_certificate_chain(data[end:])
-    else:
-        raise KeyImportError('Invalid private key')
 def import_public_key(data: BytesOrStr) -> SSHKey:
     """Import a public key
@@ -3339,20 +3379,6 @@ def read_private_key(
     return key
-def read_private_key_and_certs(
-        filename: FilePath, passphrase: Optional[BytesOrStr] = None,
-        unsafe_skip_rsa_key_validation: Optional[bool] = None) -> \
-            Tuple[SSHKey, Optional[SSHX509CertificateChain]]:
-    """Read a private key and optional certificate chain from a file"""
-    key, cert = import_private_key_and_certs(read_file(filename), passphrase,
-                                             unsafe_skip_rsa_key_validation)
-    key.set_filename(filename)
-    return key, cert
 def read_public_key(filename: FilePath) -> SSHKey:
     """Read a public key from a file
@@ -3512,31 +3538,37 @@ def load_keypairs(
     """
     keys_to_load: Sequence[_KeyPairArg]
+    key_data: Optional[bytes]
+    key: Union['SSHKey', 'SSHKeyPair']
     result: List[SSHKeyPair] = []
     certlist = load_certificates(certlist)
     certdict = {cert.key.public_data: cert for cert in certlist}
     if isinstance(keylist, (PurePath, str)):
-        try:
-            if callable(passphrase):
-                resolved_passphrase = passphrase(str(keylist))
-            else:
-                resolved_passphrase = passphrase
+        data = read_file(keylist)
+        key_data_list: List[bytes] = []
-            if loop and inspect.isawaitable(resolved_passphrase):
-                resolved_passphrase = asyncio.run_coroutine_threadsafe(
-                    resolved_passphrase, loop).result()
+        while data:
+            fmt, _, end = _match_next(data, b'PRIVATE KEY')
+            if fmt:
+                key_data_list.append(data[:end])
-            priv_keys = read_private_key_list(keylist, resolved_passphrase,
-                                              unsafe_skip_rsa_key_validation)
+            data = data[end:]
-            if len(priv_keys) <= 1:
-                keys_to_load = [keylist]
-                passphrase = resolved_passphrase
-            else:
-                keys_to_load = priv_keys
-        except KeyImportError:
+        if len(key_data_list) > 1:
+            resolved_passphrase = _resolve_passphrase(passphrase,
+                                                      str(keylist), loop)
+            keys_to_load = []
+            for key_data in key_data_list:
+                key = import_private_key(key_data, resolved_passphrase,
+                                         unsafe_skip_rsa_key_validation)
+                key.set_filename(keylist)
+                keys_to_load.append(key)
+        else:
             keys_to_load = [keylist]
     elif isinstance(keylist, (tuple, bytes, SSHKey, SSHKeyPair)):
         keys_to_load = [cast(_KeyPairArg, keylist)]
@@ -3545,61 +3577,37 @@ def load_keypairs(
     for key_to_load in keys_to_load:
         allow_certs = False
-        key_prefix = None
-        saved_exc = None
+        key_data = None
+        key_prefix = ''
         pubkey_or_certs = None
-        pubkey_to_load: Optional[_KeyArg] = None
         certs_to_load: Optional[_CertArg] = None
-        key: Union['SSHKey', 'SSHKeyPair']
+        pubkey_to_load: Optional[_KeyArg] = None
+        saved_exc = None
+        enc_key: Optional[_EncryptedKey] = None
         if isinstance(key_to_load, (PurePath, str, bytes)):
             allow_certs = True
         elif isinstance(key_to_load, tuple):
             key_to_load, pubkey_or_certs = key_to_load
-        try:
-            if isinstance(key_to_load, (PurePath, str)):
-                key_prefix = str(key_to_load)
+        if isinstance(key_to_load, (PurePath, str)):
+            key_prefix = str(key_to_load)
+            key_data = read_file(key_to_load)
+        elif isinstance(key_to_load, bytes):
+            key_data = key_to_load
-                if callable(passphrase):
-                    resolved_passphrase = passphrase(key_prefix)
-                else:
-                    resolved_passphrase = passphrase
+        certs: Optional[Sequence[SSHCertificate]]
-                if loop and inspect.isawaitable(resolved_passphrase):
-                    resolved_passphrase = asyncio.run_coroutine_threadsafe(
-                        resolved_passphrase, loop).result()
+        if allow_certs:
+            assert key_data is not None
-                if allow_certs:
-                    key, certs_to_load = read_private_key_and_certs(
-                        key_to_load, resolved_passphrase,
-                        unsafe_skip_rsa_key_validation)
+            _, _, end = _match_next(key_data, b'PRIVATE KEY')
-                    if not certs_to_load:
-                        certs_to_load = key_prefix + '-cert.pub'
-                else:
-                    key = read_private_key(key_to_load, resolved_passphrase,
-                                           unsafe_skip_rsa_key_validation)
-                pubkey_to_load = key_prefix + '.pub'
-            elif isinstance(key_to_load, bytes):
-                if allow_certs:
-                    key, certs_to_load = import_private_key_and_certs(
-                        key_to_load, passphrase,
-                        unsafe_skip_rsa_key_validation)
-                else:
-                    key = import_private_key(key_to_load, passphrase,
-                                             unsafe_skip_rsa_key_validation)
-            else:
-                key = key_to_load
-        except KeyImportError as exc:
-            if skip_public or \
-                    (ignore_encrypted and str(exc).startswith('Passphrase')):
-                continue
-            raise
+            certs_to_load = import_certificate_chain(key_data[end:])
+            key_data = key_data[:end]
-        certs: Optional[Sequence[SSHCertificate]]
+            if not certs_to_load:
+                certs_to_load = key_prefix + '-cert.pub'
         if pubkey_or_certs:
             try:
@@ -3613,7 +3621,7 @@ def load_keypairs(
         elif certs_to_load:
             try:
                 certs = load_certificates(certs_to_load)
-            except (OSError, KeyImportError):
+            except (OSError, KeyImportError) as exc:
                 certs = None
         else:
             certs = None
@@ -3628,16 +3636,58 @@ def load_keypairs(
                     pubkey = import_public_key(pubkey_to_load)
                 else:
                     pubkey = pubkey_to_load
+                saved_exc = None
             except (OSError, KeyImportError):
                 pubkey = None
-            else:
+        elif key_prefix:
+            try:
+                pubkey = read_public_key(key_prefix + '.pub')
                 saved_exc = None
+            except (OSError, KeyImportError):
+                try:
+                    pubkey = read_public_key(key_prefix)
+                    saved_exc = None
+                except (OSError, KeyImportError):
+                    pubkey = None
         else:
             pubkey = None
         if saved_exc:
             raise saved_exc # pylint: disable=raising-bad-type
+        if key_data is not None:
+            try:
+                unencrypted_key = import_private_key(
+                    key_data, None, unsafe_skip_rsa_key_validation)
+                unencrypted_key.set_filename(key_prefix)
+            except KeyImportError:
+                unencrypted_key = None
+            if unencrypted_key:
+                key = unencrypted_key
+            elif callable(passphrase) and key_prefix and (certs or pubkey):
+                enc_key = _EncryptedKey(key_data, key_prefix, passphrase, loop,
+                                        unsafe_skip_rsa_key_validation)
+                key = certs[0].key if certs else pubkey
+            else:
+                try:
+                    resolved_passphrase = _resolve_passphrase(passphrase,
+                                                              key_prefix, loop)
+                    key = import_private_key(key_data, passphrase,
+                                             unsafe_skip_rsa_key_validation)
+                    key.set_filename(key_prefix)
+                except KeyImportError as exc:
+                    if skip_public or (ignore_encrypted and
+                                       str(exc).startswith('Passphrase')):
+                        continue
+                    raise
+        else:
+            key = cast(Union[SSHKey, SSHKeyPair], key_to_load)
         if not certs:
             if isinstance(key, SSHKeyPair):
                 pubdata = key.key_public_data
@@ -3660,9 +3710,9 @@ def load_keypairs(
             result.append(key)
         else:
             if cert:
-                result.append(SSHLocalKeyPair(key, pubkey, cert))
+                result.append(SSHLocalKeyPair(key, pubkey, cert, enc_key))
-            result.append(SSHLocalKeyPair(key, pubkey))
+            result.append(SSHLocalKeyPair(key, pubkey, None, enc_key))
     return result

{asyncssh-2.21.0 → asyncssh-2.21.1}/asyncssh/scp.py RENAMED Viewed

@@ -579,8 +579,9 @@ class _SCPSource(_SCPHandler):
             for name in await SFTPGlob(self._fs).match(srcpath):
                 await self._send_files(cast(bytes, name.filename),
                                             b'', name.attrs)
-        except asyncio.CancelledError:
+        except (KeyboardInterrupt, asyncio.CancelledError):
             cancelled = True
+            raise
         except (OSError, SFTPError) as exc:
             self.handle_error(exc)
         finally:
@@ -745,8 +746,9 @@ class _SCPSink(_SCPHandler):
                                              dstpath))
             else:
                 await self._recv_files(b'', dstpath)
-        except asyncio.CancelledError:
+        except (KeyboardInterrupt, asyncio.CancelledError):
             cancelled = True
+            raise
         except (OSError, SFTPError, ValueError) as exc:
             self.handle_error(exc)
         finally:
@@ -911,8 +913,9 @@ class _SCPCopier:
         try:
             await self._copy_files()
-        except asyncio.CancelledError:
+        except (KeyboardInterrupt, asyncio.CancelledError):
             cancelled = True
+            raise
         except (OSError, SFTPError) as exc:
             self._handle_error(exc)
         finally:
@@ -1095,6 +1098,8 @@ async def _scp_handler(sftp_server: MaybeAwait[SFTPServer],
     if inspect.isawaitable(sftp_server):
         sftp_server = await sftp_server
+    sftp_server: SFTPServer
     fs = SFTPServerFS(sftp_server)
     handler: Union[_SCPSource, _SCPSink]

{asyncssh-2.21.0 → asyncssh-2.21.1}/asyncssh/sftp.py RENAMED Viewed

@@ -4656,7 +4656,8 @@ class SFTPClient:
         parts = path.split(b'/')
         last = len(parts) - 1
-        exc: Type[SFTPError]
+        exc: Union[Type[SFTPNotADirectory], Type[SFTPFailure],
+                   Type[SFTPFileAlreadyExists]]
         for i, part in enumerate(parts):
             curpath = posixpath.join(curpath, part)
@@ -6775,7 +6776,9 @@ class SFTPServerHandler(SFTPHandler):
                 data = self._server.read(src, read_from_offset, size)
                 if inspect.isawaitable(data):
-                    data = await cast(Awaitable[bytes], data)
+                    data = await data
+                data: bytes
                 result = self._server.write(dst, write_to_offset, data)
@@ -8234,6 +8237,8 @@ async def _sftp_handler(sftp_server: MaybeAwait[SFTPServer],
     if inspect.isawaitable(sftp_server):
         sftp_server = await sftp_server
+    sftp_server: SFTPServer
     handler = SFTPServerHandler(sftp_server, reader, writer, sftp_version)
     await handler.run()

{asyncssh-2.21.0 → asyncssh-2.21.1}/asyncssh/version.py RENAMED Viewed

@@ -26,4 +26,4 @@ __author_email__ = 'ronf@timeheart.net'
 __url__ = 'http://asyncssh.timeheart.net'
-__version__ = '2.21.0'
+__version__ = '2.21.1'

{asyncssh-2.21.0 → asyncssh-2.21.1/asyncssh.egg-info}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: asyncssh
-Version: 2.21.0
+Version: 2.21.1
 Summary: AsyncSSH: Asynchronous SSHv2 client and server library
 Author-email: Ron Frederick <ronf@timeheart.net>
 License: EPL-2.0 OR GPL-2.0-or-later
@@ -32,7 +32,7 @@ Requires-Dist: typing_extensions>=4.0.0
 Provides-Extra: bcrypt
 Requires-Dist: bcrypt>=3.1.3; extra == "bcrypt"
 Provides-Extra: fido2
-Requires-Dist: fido2>=0.9.2; extra == "fido2"
+Requires-Dist: fido2<2,>=0.9.2; extra == "fido2"
 Provides-Extra: gssapi
 Requires-Dist: gssapi>=1.2.0; extra == "gssapi"
 Provides-Extra: libnacl

{asyncssh-2.21.0 → asyncssh-2.21.1}/asyncssh.egg-info/requires.txt RENAMED Viewed

@@ -5,7 +5,7 @@ typing_extensions>=4.0.0
 bcrypt>=3.1.3
 [fido2]
-fido2>=0.9.2
+fido2<2,>=0.9.2
 [gssapi]
 gssapi>=1.2.0

{asyncssh-2.21.0 → asyncssh-2.21.1}/docs/changes.rst RENAMED Viewed

@@ -3,6 +3,27 @@
 Change Log
 ==========
+Release 2.21.1 (28 Sep 2025)
+----------------------------
+* Added the capability to defer invoking passphrase callback until
+  an encrypted private key is actually used in a signing operation,
+  rather than triggering the callback when keys are loaded. This
+  will only work when a public key is provided with an encrypted
+  private key either explicitly or as part of the key format (such
+  as in OpenSSH's private key format).
+* Improved handling of KeyboardInterrupt and task cancellation in
+  SCP. Thanks go to Viktor Kertesz for reporting this issue and
+  helping to understand the behavior in various versions of Python.
+* Fixed the env option to support mappings other than dict. Thanks
+  go to Boris Pavlovic for reporting this issue.
+* Fixed a potential race condition in SSHForwarder cleanup. Thanks
+  go to GitHub user misa-hase for reporting this issue and helping
+  to test the fix.
 Release 2.21.0 (2 May 2025)
 ---------------------------

{asyncssh-2.21.0 → asyncssh-2.21.1}/pyproject.toml RENAMED Viewed

@@ -35,7 +35,7 @@ dynamic = ['version']
 [project.optional-dependencies]
 bcrypt    = ['bcrypt >= 3.1.3']
-fido2     = ['fido2 >= 0.9.2']
+fido2     = ['fido2 >= 0.9.2, < 2']
 gssapi    = ['gssapi >= 1.2.0']
 libnacl   = ['libnacl >= 1.4.2']
 pkcs11    = ['python-pkcs11 >= 0.7.0']

{asyncssh-2.21.0 → asyncssh-2.21.1}/tests/test_agent.py RENAMED Viewed

@@ -1,4 +1,4 @@
-# Copyright (c) 2016-2024 by Ron Frederick <ronf@timeheart.net> and others.
+# Copyright (c) 2016-2025 by Ron Frederick <ronf@timeheart.net> and others.
 #
 # This program and the accompanying materials are made available under
 # the terms of the Eclipse Public License v2.0 which accompanies this
@@ -321,9 +321,8 @@ class _TestAgent(AsyncTestCase):
                 async with agent:
                     self.assertIsNone(await agent.add_keys([keypair]))
-            async with agent:
-                with self.assertRaises(asyncssh.KeyExportError):
-                    await agent.add_keys([key.convert_to_public()])
+            with self.assertRaises(asyncssh.KeyExportError):
+                await agent.add_keys([key.convert_to_public()])
         await mock_agent.stop()

asyncssh 2.21.0__tar.gz → 2.21.1__tar.gz

asyncssh 2.21.0tar.gz → 2.21.1tar.gz