HEX
Server: LiteSpeed
System: Linux php-prod-1.spaceapp.ru 5.15.0-157-generic #167-Ubuntu SMP Wed Sep 17 21:35:53 UTC 2025 x86_64
User: xnsbb3110 (1041)
PHP: 8.1.33
Disabled: NONE
$ pwd: /usr/local/CyberCP/lib64/python3.10/site-packages/asyncssh/__pycache__/
Upload Files
File: //usr/local/CyberCP/lib64/python3.10/site-packages/asyncssh/__pycache__/connection.cpython-310.pyc
o

�h�R�@s�dZddlZddlZddlZddlZddlZddlZddlZddlZddl	Z	ddl
Z
ddlZddlZddl
mZddlmZddlmZddlmZddlmZmZmZmZmZmZddlmZmZmZmZmZm Z m!Z!dd	lm"Z"m#Z#m$Z$m%Z%dd
l&m'Z'm(Z(ddl)m*Z*m+Z+dd
l,m-Z-m.Z.m/Z/m0Z0ddl,m1Z1m2Z2ddl,m3Z3m4Z4ddl,m5Z5m6Z6ddl7m8Z8m9Z9ddl:m;Z;m<Z<m=Z=ddl:m>Z>m?Z?m@Z@ddl:mAZAmBZBddlCmDZDddlEmFZFmGZGmHZHddlEmIZImJZJddlEmKZKmLZLddlMmNZNmOZOmPZPmQZQddlRmSZSmTZTddlRmUZUddlRmVZVddlRmWZWmXZXmYZYmZZZddlRm[Z[m\Z\m]Z]ddlRm^Z^m_Z_dd lRm`Z`dd!lRmaZambZbdd"lRmcZcmdZdmeZemfZfdd#lRmgZgmhZhdd$lRmiZimjZjdd%lRmkZkmlZldd&lRmmZmmnZndd'lRmoZodd(lRmpZpmqZqdd)lRmrZrdd*lsmtZtmuZudd+lsmvZvdd,lsmwZwmxZxdd-lymzZzdd.l{m|Z|m}Z}m~Z~mZdd/l�m�Z�m�Z�m�Z�dd0l�m�Z�m�Z�dd1l�m�Z�m�Z�dd2l�m�Z�m�Z�dd3l�m�Z�m�Z�dd4l�m�Z�m�Z�dd5l�m�Z�m�Z�dd6l�m�Z�m�Z�dd7l�m�Z�m�Z�dd8l�m�Z�dd9l�m�Z�m�Z�dd:l�m�Z�m�Z�dd;l�m�Z�m�Z�m�Z�m�Z�m�Z�m�Z�dd<l�m�Z�m�Z�m�Z�m�Z�m�Z�m�Z�dd=l�m�Z�m�Z�m�Z�dd>l�m�Z�m�Z�m�Z�dd?l�m�Z�m�Z�m�Z�dd@l�m�Z�m�Z�m�Z�ddAl�m�Z�m�Z�ddBl�m�Z�m�Z�ddCl�m�Z�m�Z�m�Z�ddDl�m�Z�m�Z�m�Z�m�Z�ddEl�m�Z�m�Z�m�Z�ddFl�m�Z�m�Z�m�Z�m�Z�m�Z�m�Z�ddGl�m�Z�m�Z�m�Z�ddHl�m�Z�m�Z�ddIl�m�Z�ddJl�m�Z�m�Z�m�Z�ddKl�m�Z�m�Z�ddLl�m�Z�m�Z�ddMl�m�Z�m�Z�m�Z�ddNl�m�Z�m�Z�m�Z�m�Z�ddOl�m�Z�m�Z�m�Z�m�Z�ddPl�m�Z�m�Z�ddQl�m�Z�m�Z�ddRl�m�Z�m�Z�ddSl�m�Z�m�Z�ddTl�m�Z�m�Z�ddUl�m�Z�ddVl�m�Z�ddWl�m�Z�m�Z�ddXl�m�Z�m�Z�ddYl�m�Z�ddZl�m�Z�m�Z�dd[l�m�Z�m�Z�dd\l�m�Z�dd]l��m�Z�m�Z�m�Zdd^l��m�Z�m�Z�m�Zdd_l��m�Z�m�Zdd`l��m�Z�m	�Z	dda�l
�m�Z�m�Z�m
�Z
ddb�l
�m�Zddc�l�m�Z�m�Z�m�Zddd�l�m�Z�m�Zdde�l�m�Z�m�Zddf�l�m�Z�m�Zddg�l�m�Zddh�l�m�Z�m�Zddi�l�m�Z�m�Zddj�l�m �Z �m!�Z!ddk�l�m"�Z"�m#�Z#ddl�l$�m%�Z%ddm�l&�m'�Z'ddn�l&�m(�Z(�m)�Z)ddo�l&�m*�Z*�m+�Z+e�r?ddp�l,�m-�Z-egeDf�Z.ege�f�Z/e$�e.�e/f�Z0e#dqdrds��Z1e#dtduds��Z2eeee�ee�ee�ee�ge�df�Z3Gdvdw�dwe'��Z4Gdxdy�dy�e4e'��Z5Gdzd{�d{�e4e'��Z6eedrge�df�Z7eedre�e8gdf�Z9ee�ge!e<�eff�Z:ee�gdf�Z;e�e$�e<e�e<f�Z=e��e>�Z?e�e$d�e<e�e<e8f�Z@e$e�e�f�ZAe$e�e�f�ZBe�e$e�e<ee!�e<�e<ff�ZCe!e�e;e̐e>f�ZDe!�eEe�f�ZFe�e<�eGf�ZHe$�e>e�f�ZIee$�e<e�e<f�ZJe$�e>�e<f�ZKe�e<�eEg�ef�ZLeg�ef�ZMe$d�e<�e5f�ZNe$d�e<�e6f�ZOe�e��ZPe�e<�eEge��e>f�ZQd|�ZRd}�ZSd~�ZTd�ZUd��ZVd~�ZWd��ZXd��ZYd��ZZd�Z[d��Z\d��Z]d��Z^d��Z_d~�Z`d�e�jad�dud�e�e<fd�d���Zbd�e�jad�e�e<d�eg�e1fd��e1fd�d���Zcd��eGd��e2d�e�eNd�ed�fd�d���Zdd��e2d�e�eNd�e�jad��eEd�ee	j	d�eg�e1fd��e<d��e1fd�d���Zed��e2d�e�eNd�e�jad��eEd��eEd�ee	j	d��e>d��e>d�eg�e1fd��e<d�d�fd�d���Zfd�e�e�d��egfd�d���Zhd��e<d��e<d�e�egd�e�egd��e>d�e�egfd�d���Zi	d�d��e<d��e=d��e=d�e�egd�e�egd�e�egd�e�egfd�d���Zjd��e=d��e=d�e�egd�e�egfd�d���Zkd�eOd��e=d��e=d��e=d��e=d��e=d��e>d�e!e�ege�ege�ege�ege�egffd�d���ZlGd�d��d���ZmGd�dr�dre�ej'��ZnGd�d��d��en��ZoGd�d��d��en��ZpGd�du�due�e�e2��ZqGd�d��d��eq��ZrGd�d„deq��Zse�	�	d�d�e	j	d�e�eNd�e�erdĐeGd��eof
d�dƄ��Zte�	�	d�d�e	j	d�e�eNd�e�esdĐeGd��epf
d�dȄ��Zue�d�d�d�dd�dd�ddʜd�e��eEd�e��eNd�e��eEd��eEd�e�e�d�ee	j	d�e�eNd�e�erdĐeGd��eofd�dЄ��Zve�	�d�d�d�dd�dd�ddʜd�e��eEd�e��eNd�e��eEd��eEd�e�e�d�ee	j	d�e�eNd�e�esdĐeGd��epfd�d҄��Zwe�d�d�d�e	�jxd�dd�d�ddd�dd՜d�e��eEd�e��eOd�e��eEd��eEd��eEd�ee	j	d��e>d��e>d֐e7dאe9d�e�eNd�e�esdĐeGd��emfd�dل��Zye�d�d�d�e	�jxd�dd�d�ddd�dd՜d�e��eEd�e��eOd�e��eEd��eEd��eEd�ee	j	d��e>d��e>d֐e7dאe9d�e�eNd�e�erdĐeGd��emfd�dۄ��Zz	�d�dܐe.d�e��eEdĐeGd�e!�eoeDffd�dބ�Z{e�	�d�dߐe/d�e��eEdĐeGd��emfd�d���Z|	�d�d�d�d�dd�dd�d�d�d�dd�d�e��eEd�e��eNd�e��eJd�e��eEd��eEd�e�e�d�ee	j	d�e�e�d�e=d�e=d�e�eNd�e�erd�ee�fd�d��Z}	�d�d�d�d�dd�dd�d�d�d�dd�d�e��eEd�e��e<d�e��eNd�e��eJd�e��eEd��eEd�e�e�d�ee	j	d�e�e�d�e=d�e=d�e�eNd�e�erd�e�e<fd�d��Z~dS)�zSSH connection handlers�N)�OrderedDict)�partial)�Path)�
TracebackType)�
TYPE_CHECKING�Any�AnyStr�	Awaitable�Callable�Dict)�Generic�List�Mapping�Optional�Sequence�Set�Tuple)�Type�TypeVar�Union�cast)�Protocol�Self�)�SSHAgentClient�SSHAgentListener)�Auth�
ClientAuth�KbdIntChallenge�
KbdIntPrompts)�KbdIntResponse�PasswordChangeResponse)�!get_supported_client_auth_methods�lookup_client_auth)�!get_supported_server_auth_methods�lookup_server_auth)�SSHAuthorizedKeys�read_authorized_keys)�
SSHChannel�SSHClientChannel�SSHServerChannel)�
SSHTCPChannel�SSHUNIXChannel�SSHTunTapChannel)�
SSHX11Channel�SSHAgentChannel)�	SSHClient)�
Compressor�Decompressor�get_compression_algs)�get_default_compression_algs�get_compression_params)�get_compressor�get_decompressor)�ConfigPaths�	SSHConfig�SSHClientConfig�SSHServerConfig)�DEFAULT_LANG�DEFAULT_PORT)�DISC_BY_APPLICATION)�EXTENDED_DATA_STDERR)�MSG_DISCONNECT�
MSG_IGNORE�MSG_UNIMPLEMENTED�	MSG_DEBUG)�MSG_SERVICE_REQUEST�MSG_SERVICE_ACCEPT�MSG_EXT_INFO)�MSG_CHANNEL_OPEN�MSG_CHANNEL_OPEN_CONFIRMATION)�MSG_CHANNEL_OPEN_FAILURE)�MSG_CHANNEL_FIRST�MSG_CHANNEL_LAST)�MSG_KEXINIT�MSG_NEWKEYS�
MSG_KEX_FIRST�MSG_KEX_LAST)�MSG_USERAUTH_REQUEST�MSG_USERAUTH_FAILURE)�MSG_USERAUTH_SUCCESS�MSG_USERAUTH_BANNER)�MSG_USERAUTH_FIRST�MSG_USERAUTH_LAST)�MSG_GLOBAL_REQUEST�MSG_REQUEST_SUCCESS)�MSG_REQUEST_FAILURE)� OPEN_ADMINISTRATIVELY_PROHIBITED�OPEN_CONNECT_FAILED)�OPEN_UNKNOWN_CHANNEL_TYPE)�
Encryption�get_encryption_algs)�get_default_encryption_algs)�get_encryption_params�get_encryption)�SSHForwarder)�GSSBase�	GSSClient�	GSSServer�GSSError)�Kex�get_kex_algs�get_default_kex_algs)�expand_kex_algs�get_kex)�KeySignPath�SSHKeySignKeyPair)�find_keysign�get_keysign_keys)�
KnownHostsArg�match_known_hosts)�	ListenKey�SSHListener)�SSHTCPClientListener�SSHUNIXClientListener)�TCPListenerFactory�UNIXListenerFactory)�create_tcp_forward_listener�create_unix_forward_listener)�create_socks_listener)�	SSHLogger�logger)�get_mac_algs�get_default_mac_algs)�
BytesOrStr�BytesOrStrDict�DefTuple�Env�EnvSeq�FilePath)�HostPort�	IPNetwork�
MaybeAwait�
OptExcInfo�Options�SockAddr)�ChannelListenError�ChannelOpenError�CompressionError)�DisconnectError�ConnectionLost�HostKeyNotVerifiable)�KeyExchangeFailed�IllegalUserName�MACError)�PasswordChangeRequired�PermissionDenied�
ProtocolError)�ProtocolNotSupported�ServiceNotAvailable)�TermModesArg�TermSizeArg)�async_context_manager�construct_disc_error�
encode_env)�get_symbol_names�
ip_address�
lookup_env�map_handler_name)�parse_byte_count�parse_time_interval�
split_args)�Boolean�Byte�NameList�String�UInt32�PacketDecodeError)�	SSHPacket�SSHPacketHandler�SSHPacketLogger)�WildcardPattern�WildcardPatternList)�load_pkcs11_keys)�PIPE�
ProcessSource�
ProcessTarget)�SSHServerProcessFactory�SSHCompletedProcess)�SSHClientProcess�SSHServerProcess)�CERT_TYPE_HOST�CERT_TYPE_USER�KeyImportError)�CertListArg�IdentityListArg�
KeyListArg�
SigningKey)�KeyPairListArg�X509CertPurposes�SSHKey�
SSHKeyPair)�SSHCertificate�SSHOpenSSHCertificate)�SSHX509Certificate�SSHX509CertificateChain)�decode_ssh_public_key�decode_ssh_certificate)�get_public_key_algs�get_default_public_key_algs)�get_certificate_algs�get_default_certificate_algs)�get_x509_certificate_algs)�!get_default_x509_certificate_algs)�
load_keypairs�load_default_keypairs)�load_public_keys�load_default_host_public_keys)�load_certificates)�load_identities�load_default_identities)�saslprep�
SASLPrepError)�	SSHServer)�DataType�SSHClientSession�SSHServerSession)�
SSHTCPSession�SSHUNIXSession�SSHTunTapSession)�SSHClientSessionFactory�SSHTCPSessionFactory)�SSHUNIXSessionFactory�SSHTunTapSessionFactory)�MIN_SFTP_VERSION�
SFTPClient�
SFTPServer)�start_sftp_client)�	SSHReader�	SSHWriter�SFTPServerFactory)�SSHSocketSessionFactory�SSHServerSessionFactory)�SSHClientStreamSession�SSHServerStreamSession)�SSHTCPStreamSession�SSHUNIXStreamSession)�SSHTunTapStreamSession)�SSHSubprocessTransport�SSHSubprocessProtocol)�SubprocessFactory�SSHSubprocessWritePipe)�SSH_TUN_MODE_POINTTOPOINT�SSH_TUN_MODE_ETHERNET)�SSH_TUN_UNIT_ANY�
create_tuntap)�__version__)�SSHX11ClientForwarder)�SSHX11ClientListener�SSHX11ServerListener)�create_x11_client_listener�create_x11_server_listener)�X509NamePattern�_Conn�
SSHConnection)�bound�_Options�SSHConnectionOptionsc@seZdZdZddd�ZdS)�_TunnelProtocolz0Base protocol for connections to tunnel SSH over�returnNcC�dS�zClose this tunnelN���selfrr�F/usr/local/CyberCP/lib/python3.10/site-packages/asyncssh/connection.py�close��z_TunnelProtocol.close�rN)�__name__�
__module__�__qualname__�__doc__rrrrrr�src@s>eZdZdZdeedededee	ee
effdd�ZdS)	�_TunnelConnectorProtocolz>Protocol to open a connection to tunnel an SSH connection over�session_factory�remote_host�remote_portrc���dS)z$Create an outbound tunnel connectionNr)r
rrrrrr�create_connection��z*_TunnelConnectorProtocol.create_connectionN)rrrrr��bytes�str�intrr+r�rrrrrr�s����rc@s*eZdZdZdedededefdd�ZdS)	�_TunnelListenerProtocolz:Protocol to open a listener to tunnel SSH connections overr�listen_host�listen_portrc�r)z!Create an inbound tunnel listenerNr)r
rrrrrr�
create_server�rz%_TunnelListenerProtocol.create_serverN)	rrrrrurrrrr rrrrr�s���rsssh-userauthsssh-connectionii �i@i�x�i i�i��loop�optionsrc
	�s��|j}|jr
|jst�d�dS|�d�|jkr t�d�dSzt�|�Wn	t	y0Ynwt�d�dSt�
d�|jD]k}t�
d|�|�d|��}z|j|dtj
d	�IdH}Wn
tjygYq@w|dd
}|r�||kr�t�
d||�|jD]!}tt|�\}}	|�|�r�|	�|�r�t�d|j|�|Sq~t�d
|j|�|S|js�t�d�td|�d���t�d�dS)zCanonicalize a host namezHost canonicalization disabledN�.z-Host canonicalization skipped due to max dotsz/Hostname canonicalization skipped on IP addressz#Beginning hostname canonicalizationz  Checking domain %sr)�flagsr#z4  Checking CNAME rules for hostname %s with CNAME %sz4Hostname canonicalization to CNAME applied: %s -> %sz+Hostname canonicalization applied: %s -> %sz4Hostname canonicalization failed (fallback disabled)z!Unable to canonicalize hostname "�"z6Hostname canonicalization failed, using local resolver)�host�canonicalize_hostname�canonical_domainsr{�info�count�canonicalize_max_dots�	ipaddressr��
ValueError�debug1�getaddrinfo�socket�AI_CANONNAME�gaierror�canonicalize_permitted_cnames�mapr��matches�canonicalize_fallback_local�OSError)
r$r%r)�domain�
canon_host�addrinfo�cname�patterns�host_pat�	cname_patrrr�_canonicalize_hosts`�

�


���
���

rB�command�conn_factoryc�sH�G�fdd�dtj�}|j|g|�R�IdH\}}ttt||����S)z%Open a tunnel running a proxy commandcs�eZdZdZd��fdd�Zddededefdd	�Zdefd
d�Z	de
jddfd
d�Zde
deddfdd�Zde
deeddfdd�Zdeddfdd�Zddd�Zddd�Z�ZS)z(_open_proxy.<locals>._ProxyCommandTunnelzSSH proxy command tunnelrNcs,t���d|_d|_��|_t��|_dS�N)�super�__init__�
_transport�_stdin�_conn�asyncio�Event�_close_eventr	)�	__class__rDrrrG\s

z1_open_proxy.<locals>._ProxyCommandTunnel.__init__�name�defaultcSs|jdusJ�|j�||�S)z4Return extra information associated with this tunnelN)rH�get_extra_info�r
rOrPrrrrQdsz7_open_proxy.<locals>._ProxyCommandTunnel.get_extra_infocS�|jS)z1Return the connection associated with this tunnel)rJr	rrr�get_connj�z1_open_proxy.<locals>._ProxyCommandTunnel.get_conn�	transportcSs<ttj|�|_ttj|j�d��|_|j�ttj	|��dS)z Handle startup of the subprocessrN)
rrK�SubprocessTransportrH�WriteTransport�get_pipe_transportrIrJ�connection_made�
BaseTransport)r
rVrrrrZos

�z8_open_proxy.<locals>._ProxyCommandTunnel.connection_made�fd�datacS�|j�|�dS)z%Handle data received from this tunnelN)rJ�
data_received)r
r\r]rrr�pipe_data_receivedwsz;_open_proxy.<locals>._ProxyCommandTunnel.pipe_data_received�exccSr^)z!Handle when this tunnel is closedN)rJ�connection_lost)r
r\rarrr�pipe_connection_lost~sz=_open_proxy.<locals>._ProxyCommandTunnel.pipe_connection_lostcSs|jdusJ�|j�|�dS)zWrite data to this tunnelN)rI�write�r
r]rrrrd�sz._open_proxy.<locals>._ProxyCommandTunnel.writecSs|��dS)zForcibly close this tunnelN)rr	rrr�abort��z._open_proxy.<locals>._ProxyCommandTunnel.abortcSs|jr|j��|j��dSr)rHrrM�setr	rrrr�s
z._open_proxy.<locals>._ProxyCommandTunnel.closerrE)rrrrrGrrrQr�rTrKr[rZrrr`r�	Exceptionrcrdrfr�
__classcell__r�rD�rNr�_ProxyCommandTunnelYs�
�
rmN)rK�SubprocessProtocol�subprocess_execrr�rT)r$rCrDrm�_�tunnelrrkr�_open_proxyTs�Arr�tunnels�config�SSHClientConnectionc
	�s��t|t�rTd}|�d�D]D}d|vr|�dd�\}}nd|}}d|vr2|�dd�\}}t|�}nd}|}	t||||j||d�IdH}|�|	�|jdkrQd	|_q
|SdS)
z(Parse and open connection to tunnel overN�,�@rr�:)�username�
passphraserqrt�alwaysF)	�
isinstancer�split�rsplitr�connectrz�
set_tunnelr*)
rsr%rt�connrqryr)�port_str�port�	last_connrrr�_open_tunnel�s,�


�

�r�r'�sock�msgc�sn�|��|_t||�IdH}|r|n|j}t|�}	|j��}
|	s"|
r+|j|d|	|
d�|j}|j}|j	}|j
}
|j}|j}d}t
|||�IdH}z�|rct�d|�|j||d�IdH\}}tt|�}n�|r�|j�d|||f|�z|�ttt|�||�IdH\}}Wnty�|��|��IdH�wtt|�}|�|�nR|r�t|dt�}|�d|||f�|�ttt|�||�IdH\}}tt|�}n*|r�t|||�IdH}nt�d	|||f�|j||||
||d
�IdH\}}tt|�}Wntj�y|j���w|j||d�z|jIdHd}|W|�r&|��|��IdHSS|�r6|��|��IdHww)
z,Make outbound TCP or SSH tunneled connectionNT)r)�reload�	canonical�final�%s already-connected socket)r��%s %s via %sr{�%s %s via SSH tunnel�%s %s)�familyr'�
local_addr)r)r�F) �
create_future�waiterrBr)�boolrt�has_match_final�updater�rqr�r��
proxy_commandr�r{r,rrr�r�rrir�wait_closedr��getattrrrrK�CancelledError�cancel�set_extra_inforf)r%rtr$r'r�rDr�r<r)r�r�r�rqr�r�r��	free_conn�
new_tunnelrp�sessionr��tunnel_session�
tunnel_loggerrrr�_connect�s��

��
��
�
���r��backlog�
reuse_address�
reuse_port�SSHAcceptorc

�sd�dtdtdtf�fdd�}
|j}|j}|j}
|j}t|
||�IdH}|r9t�	d|	�|j
�||||d�IdH}nt|rr|j�	d	|	||f|
�z|�
|
||�IdH}Wntye|��|�
�IdH�w|�|�ttj|�}n;|
r�t|
d
t�}|�	d|	||f�|
�
|
||�IdH}ttj|�}nt�	d|	||f�|j
�|||||||d
�IdH}t||�S)z)Make inbound TCP or SSH tunneled listener�
_orig_host�
_orig_portrcstt���S)zIgnore original host and port)rr��r�r�rkrr�tunnel_factory!rgz_listen.<locals>.tunnel_factoryNr�)r�r�r�r�r�r{r�r�)r�r'r�r�r�)rrr�r)r�rqr�r�r{r,r rirr�r�rrK�AbstractServerr�r�)r%rtr$r'r�r�r�r�rDr�r�r)r�rqr�r��server�
tunnel_serverr�rrkr�_listensL����

�
r��versioncCsx|dkr
dt�d�}|St|t�r|�d�}nt|t�sJ�t|�dkr)td��|D]}|dks5|dkr9td��q+|S)	zValidate requested SSH versionrs	AsyncSSH_�ascii�zVersion string is too long� �~z&Version string must be printable ASCII)r��encoder|rr�lenr0)r��brrr�_validate_versionSs
��r��alg_type�algs�
possible_algs�default_algs�strict_matchcs�|dd�dvr|dd�}|dd�}nd}g�|�d�D]#}t|���fdd�|D�}|s<|r<td|�d	|�d
�����|�q|dkrJ�|S|dkrR|�S|d
kr_�fdd�|D�S�S)z$Expand the set of allowed algorithmsNrz^+-�rvcs g|]}��|�d��r|�qS�r�)r8�decode��.0�alg)�patternrr�
<listcomp>zs
�z _expand_algs.<locals>.<listcomp>r(z" matches no valid z algorithms�^�+�-csg|]}|�vr|�qSrrr�)�matchedrrr��s)r}r�r0�extend)r�r�r�r�r��prefix�patr8r)r�r�r�_expand_algsis$r��config_algs�
none_valuec
Cs�|dkr	|}d}nd}|dvr|S|rKt|t�r!t|||||�}ndd�|D�}g}|D]}	|	|vr?t|	�d��d|�d	���|	|vrH|�|	�q,|S|rP|gStd
|�d���)z"Select a set of allowed algorithmsrFT)rrPcS�g|]}|�d��qSr��r�r�rrrr���z _select_algs.<locals>.<listcomp>r�z is not a valid z
 algorithmzNo z algorithms selected)r|rr�r0r��append)
r�r�r�r�r�r�r��
expanded_algs�resultr�rrr�_select_algs�s2
�
�
�r�cCs"t�t�t�}td||||�S)z+Select a set of allowed host key algorithmszhost key)r�r�r�r�)r�r�r�r�rrr�_select_host_key_algs�s
��r��kex_algs_arg�enc_algs_arg�mac_algs_arg�cmp_algs_arg�sig_algs_arg�
allow_x509c	Cs�td|tt|�dd��t�t��}td|tt|�dd��t�t��}td|tt|�dd��t�t	��}	td|tt|�
��t
�t�d	�}
|rHt�ng}|t
�}|rTt�ng}|t�}td
|tt|�dd��||�}
|||	|
|
fS)zValidate requested algorithms�key exchange�
KexAlgorithmsr�
encryption�Ciphers�MAC�MACs�compression�none�	signature�CASignatureAlgorithms)r�r�_AlgsArg�getrgrhr]r^r|r}r3r4r�r�r�r�)rtr�r�r�r�r�r��kex_algs�enc_algs�mac_algs�cmp_algs�allowed_sig_algs�default_sig_algs�sig_algsrrr�_validate_algs�s:����


��r�c@s�eZdZdZdejddfdd�Zdefdd	�Zd
e	e
ede	ede	ede
fd
d�Zdedefdd�Zdeefdd�Zdefdd�Zddd�Zddd�Zdeddfdd�ZdS)r�aJSSH acceptor

       This class in a wrapper around an :class:`asyncio.Server` listener
       which provides the ability to update the the set of SSH client or
       server connection options associated with that listener. This is
       accomplished by calling the :meth:`update` method, which takes the
       same keyword arguments as the :class:`SSHClientConnectionOptions`
       and :class:`SSHServerConnectionOptions` classes.

       In addition, this class supports all of the methods supported by
       :class:`asyncio.Server` to control accepting of new connections.

    r�r%rcCs||_||_dSrE)�_server�_options)r
r�r%rrrrG�s
zSSHAcceptor.__init__rc���|SrErr	rrr�
__aenter__�s�zSSHAcceptor.__aenter__�	_exc_type�
_exc_value�
_tracebackc�s�|��|��IdHdS�NF)rr��r
r�r�r�rrr�	__aexit__�s�zSSHAcceptor.__aexit__rOcCst|j|�SrE)r�r�)r
rOrrr�__getattr__�szSSHAcceptor.__getattr__cCs&t|jd�r|j��Sdd�|jD�S)a�Return socket addresses being listened on

           This method returns the socket addresses being listened on.
           It returns tuples of the form returned by
           :meth:`socket.getsockname`.  If the listener was created
           using a hostname, the host's resolved IPs will be returned.
           If the requested listening port was `0`, the selected
           listening ports will be returned.

           :returns: A list of socket addresses being listened on

        �
get_addressescSsg|]}|���qSr)�getsockname)r�r�rrrr��z-SSHAcceptor.get_addresses.<locals>.<listcomp>)�hasattrr�r��socketsr	rrrr�s
zSSHAcceptor.get_addressescCs@t|jd�r|j��Sdd�|��D�}t|�dkr|��SdS)a�Return the port number being listened on

           This method returns the port number being listened on.
           If it is listening on multiple sockets with different port
           numbers, this function will return `0`. In that case,
           :meth:`get_addresses` can be used to retrieve the full
           list of listening addresses and ports.

           :returns: The port number being listened on, if there's only one

        �get_portcSsh|]}|d�qS)rr)r��addrrrr�	<setcomp>%r�z'SSHAcceptor.get_port.<locals>.<setcomp>rr)r�r�rr�r��pop)r
�portsrrrrs
zSSHAcceptor.get_portNcC�|j��dS)z�Stop listening for new connections

           This method can be called to stop listening for new
           SSH connections. Existing connections will remain open.

        N)r�rr	rrrr(szSSHAcceptor.closec�s�|j��IdHdS)z�Wait for this listener to close

           This method is a coroutine which waits for this
           listener to be closed.

        N)r�r�r	rrrr�2s�zSSHAcceptor.wait_closed�kwargscK�|jjdi|��dS)a�Update options on an SSH listener

           Acceptors started by :func:`listen` support options defined
           in :class:`SSHServerConnectionOptions`. Acceptors started
           by :func:`listen_reverse` support options defined in
           :class:`SSHClientConnectionOptions`.

           Changes apply only to SSH client/server connections accepted
           after the change is made. Previously accepted connections
           will continue to use the options set when they were accepted.

        Nr)r�r��r
rrrrr�<szSSHAcceptor.updater)rrrrrKr�rGrr�rr�
BaseExceptionrr�r�rrr�r
rr�rrrr��objectr�rrrrr��s&
���
�



c@s�eZdZdZee�d�ZdZede	fdd��Z
dejdd	d
e
dedeed
efdd�Zdefdd�Zdeeedeedeedefdd�Zedefdd��Zdeeddfdd�Z�d@dd�Z�d@dd �Z�d@d!d"�Z �d@d#d$�Z!�d@d%d&�Z"�d@d'd(�Z#�d@d)d*�Z$deeddfd+d,�Z%d-eed.d/ddfd0d1�Z&	�dAd2e'dd-eedd/fd3d4�Z(defd5d6�Z)defd7d8�Z*defd9d:�Z+dee,e-e.ffd;d<�Z/de0fd=d>�Z1d?ee2ddfd@dA�Z3dBe4dCedDedEee	ddf
dFdG�Z5dCedDedEe	dHe6de7f
dIdJ�Z8dCedHe9de7fdKdL�Z:dCedDedEe	dMe0de7f
dNdO�Z;dPej<ddfdQdR�Z=�dAdeeddfdSdT�Z>		�dBdUee?dVeeddfdWdX�Z@�d@dYdZ�ZA�dAd[e0d\eBddfd]d^�ZC�d@d_d`�ZD�d@dadb�ZE�d@dcdd�ZFdeeGeHde	fdfdg�ZIdhe	ddfdidj�ZJdeKfdkdl�ZL�d@dmdn�ZMdoedpeNe0dqeNe0de0fdrds�ZOdePe0fdtdu�ZQd[e0ddfdvdw�ZR�d@dxdy�ZS�d@dzd{�ZTdefd|d}�ZUdefd~d�ZVdefd�d��ZW		��dCd�e	d�e	d�eejXd�eddf
d�d��ZYdd��d�e	d�e0d�eeZddfd�d��Z[�d@d�d��Z\d�e	d�ed�eddfd�d��Z]�d@d�d��Z^�d@d�d��Z_d�e0d�e0ddfd�d��Z`d�e0ddfd�d��Zad�e0d�ebe0d�fde0fd�d��Zcd�e0d�e0de0fd�d��Zddd�d��d�e	d�e0d�eeZd�eddf
d�d��Zedd�d��d�e0d�e0d�eefd�eddf
d�d��Zgd�eddfd�d��Zh�d@d�d��Zid�e	dhe	d�e	d�e	d�e0ddfd�d��Zjd�e	d�e	d�ed�eddf
d�d��Zkd�d��d�e0d�e0d�eddfd�d��Zld�e0d�e0debe	emffd�d„Znd�e,ee0fddfd�dńZo�d@d�dDŽZp�d@d�dɄZqd�e	d�e	d�emddfd�d΄Zrd�e	d�e	d�emddfd�dЄZsd�e	d�e	d�emddfd�d҄Ztd�e	d�e	d�emddfd�dԄZud�e	d�e	d�emddfd�dքZvd�e	d�e	d�emddfd�d؄Zwd�e	d�e	d�emddfd�dڄZxd�e	d�e	d�emddfd�d܄Zyd�e	d�e	d�emddfd�dބZzd�e	d�e	d�emddfd�d�Z{d�ed�e0d�emddfd�d�Z|d�e	d�e	d�emddfd�d�Z}d�e	d�e	d�emddfd�d�Z~d�e	d�e	d�emddfd�d�Zd�e	d�e	d�emddfd�d�Z�d�e	d�e	d�emddfd�d�Z�d�e	d�e	d�emddfd�d�Z�d�e	d�e	d�emddfd�d�Z�d�e	d�e	d�emddfd�d�Z�d�emddfd�d��Z�ie�er�e�es�e�et�e�eu�e�ev�e�ew�e�ex�e�ey�e�ez�e�e{�e�e}�e�e~�e�e�e�e��e�e��e�e��e�e��e�e�e�e�i�Z��d@d�d��Z��d@d�d��Z��d@d�d��Z�e�fd�e	d�ed�eddfd�d��Z��dAd�ed�e�de�f�d�d�Z��de�ddf�d�d�Z�		�dB�de,de�ef�dee	ddf�d�d�Z�e�d�f�d	ed�e�d
eddf�d�d�Z�d�d
e�e�f�dee�de�de	�de	de�f
�d�d�Z�d�d
e�e�f�dee�de�de	�de	de�f
�d�d�Z�e�e�f�de	�de	de�f�d�d�Z�e�e�f�de	�de	de�f�d�d�Z�e�e�f�de	�de	de�f�d�d�Z��		�dDd�d
e�e��d��de�eH�de�d e	�d!e�d"e	�dee�de�de	�de	debe�eHe�eHff�d#�d$�Z�d�d
e�e��d��de�eH�d%e�dee�de�de	�de	debe�eHe�eHff�d&�d'�Z��d(e�d)e	de�f�d*�d+�Z��d,ede�f�d-�d.�Z�e�	�dA�d/e�d0e	�d(e�d)e	�d1ee�de�f�d2�d3��Z�e��d4e�d,ede�f�d5�d6��Z��d7e	�d8ee	de�f�d9�d:�Z��d;e�ddf�d<�d=�Z�deeGeHddf�d>�d?�Z�dS(Erz Parent class for SSH connections�MSG_rrcCstj}tjd7_|S)z9Return the next available connection number (for logging)r)r�	next_conn)rrrr�_get_next_connTszSSHConnection._get_next_connr$r%r�acceptor�
error_handler�waitr�cCs6||_||_|j|_||_||_||_||_|r|jnd|_	d|_
d|_d|_d|_
d|_d|_|j|_d|_i|_d|_d|_d|_d|_|j|_d|_d|_d|_d|_d|_d|_d|_ d|_!d|_"d|_#d|_$g|_%|j&|_'d|_(d|_)d|_*d|_+d|_,d|_-d|_.d|_/d|_0d|_1d|_2t3�|_4g|_5t3�|_6t3�|_7|j8|_9|j:|_;t3�|_<g|_=g|_>|j?|_@|jA|_B|jC|_D|jE|_F|jG|_H|jI|_J|jK|_L|jM|_N|jO|_P|jQ|_Rd|_Sd|_Td|_Ud|_Vd|_Wd|_Xd|_Yd|_Zd|_[d|_\d|_]|j^|__|j`|_ad|_bd|_cd|_d|je|_f|jg|_hd|_id|_jd|_kd|_ld|_md|_nd|_od|_pd|_qtr�|_sd|_tt3�|_ud|_vd|_wd|_xd|_yd|_zd|_{dg|_|d	|_}d|_~i|_d|_�g|_�g|_�i|_�d|_�t3�|_�t����|_�d|_�t�j�d
|�����d�|_�||j��r�|j��|j�|j��|_�nd|_�d|_�dS)Nr�r���Fgr�Tzconn=)�context)��_loopr��protocol_factory�_protocol_factory�	_acceptor�_error_handlerr��_waitr��_waiterrH�_local_addr�_local_port�
_peer_host�
_peer_addr�
_peer_port�
tcp_keepalive�_tcp_keepalive�_owner�_extra�_inpbuf�_packet�_pktlen�
_banner_linesr��_version�_client_version�_server_version�_client_kexinit�_server_kexinit�_session_id�	_send_seq�_send_encryption�_send_enchdrlen�_send_blocksize�_compressor�_compress_after_auth�_deferred_packets�
_recv_version�
_recv_handler�	_recv_seq�_recv_encryption�_recv_blocksize�
_recv_macsize�
_decompressor�_decompress_after_auth�_next_recv_encryption�_next_recv_blocksize�_next_recv_macsize�_next_decompressor�_next_decompress_after_authrh�_trusted_host_keys�_trusted_host_key_algs�_trusted_ca_keys�_revoked_host_keys�x509_trusted_certs�_x509_trusted_certs�x509_trusted_cert_paths�_x509_trusted_cert_paths�_x509_revoked_certs�_x509_trusted_subjects�_x509_revoked_subjects�
x509_purposes�_x509_purposesr��	_kex_algs�encryption_algs�	_enc_algsr��	_mac_algs�compression_algs�	_cmp_algs�signature_algs�	_sig_algs�host_based_auth�_host_based_auth�public_key_auth�_public_key_auth�kbdint_auth�_kbdint_auth�
password_auth�_password_auth�_kex�
_kexinit_sent�
_kex_complete�_ignore_first_kex�_strict_kex�_gss�_gss_kex�	_gss_auth�
_gss_kex_auth�
_gss_mic_auth�_preferred_auth�rekey_bytes�_rekey_bytes�
rekey_seconds�_rekey_seconds�_rekey_bytes_sent�_rekey_time�_keepalive_count�keepalive_count_max�_keepalive_count_max�keepalive_interval�_keepalive_interval�_keepalive_timer�_tunnel�_enc_alg_cs�_enc_alg_sc�_mac_alg_cs�_mac_alg_sc�_cmp_alg_cs�_cmp_alg_sc�_can_send_ext_infor�_extensions_to_send�_can_recv_ext_info�_server_sig_algs�
_next_service�_agent�_auth�_auth_in_progress�_auth_complete�_auth_final�
_auth_methods�_auth_was_trivial�	_username�	_channels�_next_recv_chan�_global_request_queue�_global_request_waiters�_local_listeners�
_x11_listener�_tasksrKrLrM�_server_host_key_algsr{�	get_childr
�_logger�
login_timeout�
call_later�_login_timer_callback�_login_timer�_disable_trivial_auth)r
r$r%rrrr�rrrrG\s���
��
zSSHConnection.__init__c�r�)z:Allow SSHConnection to be used as an async context managerrr	rrrr��s�zSSHConnection.__aenter__r�r�r�c�s&�|j��s
|��|��IdHdS)z?Wait for connection close when used as an async context managerNF)r�	is_closedrr�r�rrrr�s
�
zSSHConnection.__aexit__cCrS)z(A logger associated with this connection)r�r	rrrr{szSSHConnection.loggerraNcCsF|��t|j���D]}|�|�qt|j���D]}|��q|jr0|�t	dt
d��|js$|jr;|j��d|_|j
rJ|�
||�d|_d|_
|jrg|jrg|j��sg|r^|j�|�n|j�d�d|_|jr�z|j�|�Wnty�|jjdtjd�Ynwd|_|��|j��d|_|jr�|j��d|_dSdS)zClean up this connectionrrNz#Uncaught exception in owner ignored��exc_info) �_cancel_keepalive_timer�listr��values�process_connection_closer�rr��_process_global_responserXr�r�r�rrrr�	cancelled�
set_exception�
set_resultr#rbrir{r1�sysr��_cancel_login_timerrMrhr%rw)r
ra�chan�listenerrrr�_cleanupsL
��

��


�zSSHConnection._cleanupcC�|jr
|j��d|_dSdS)zCancel the login timerN)r�r�r	rrrr�H�

�z!SSHConnection._cancel_login_timercCsd|_|�td��dS)z;Close the connection if authentication hasn't completed yetNzLogin timeout expired)r�rbr�r	rrrr�Osz#SSHConnection._login_timer_callbackcCr�)zCancel the keepalive timerN)rvr�r	rrrr�Vr�z%SSHConnection._cancel_keepalive_timercCs"|jr|j�|j|j�|_dSdS)zSet the keepalive timerN)rurr��_keepalive_timer_callbackrvr	rrr�_set_keepalive_timer]s

��z"SSHConnection._set_keepalive_timercCs|jr
|��|��dSdS)zReset the keepalive timerN)r�r�r�r	rrr�_reset_keepalive_timerds�z$SSHConnection._reset_keepalive_timerc�s:�|j�d�|�d�IdH|jr|j�d�d|_dS)zSend keepalive requestzSending keepalive requestskeepalive@openssh.comNzGot keepalive responser)r{r1�_make_global_requestrvrqr	rrr�_make_keepalive_requestks�
z%SSHConnection._make_keepalive_requestcCsV|jd7_|j|jkr|�t|��rdndd��dS|��|�|���dS)zHandle keepalive checkr�Server�Clientz not responding to keepaliveN)rqrsrbr��	is_clientr��create_taskr�r	rrrr�ws��z'SSHConnection._keepalive_timer_callbackcCs4|jsdS|j�|jj�d|_|j�|j|�dS)z*Force this connection to close immediatelyN)rHr�	call_soonrfr��r
rarrr�_force_close�s
zSSHConnection._force_close�task_logger�taskzasyncio.Task[None]c
Cs�|j�|�z|��WdStjyYdSty9}z|�|j|j|j	�|�
|�WYd}~dSd}~wtyH|j|d�YdSw)z1Collect result of an async task, reporting errorsN)�error_logger)
r��discardr�rKr�r��_send_disconnect�code�reason�langr�ri�internal_error)r
r�r�rarrr�
_reap_task�s��zSSHConnection._reap_task�corocCs,t�|�}|�t|j|��|j�|�|S)z<Create an asynchronous task which catches and reports errors)rK�
ensure_future�add_done_callbackrr�r��add)r
r�r�r�rrrr��s
zSSHConnection.create_taskcCs|jS)z%Return if this is a client connection�r�r	rrrr���zSSHConnection.is_clientcCrS)z%Return if this is a server connectionr�r	rrr�	is_server�rUzSSHConnection.is_servercCs
|j��S)z'Return whether the connection is closed)rM�is_setr	rrrr���
zSSHConnection.is_closedcCrS)z<Return the SSHClient or SSHServer which owns this connection)r#r	rrr�	get_owner�rUzSSHConnection.get_ownercCs*d�t|j�t|j�t|j�t|j�f�S)z�Return the bytes used in calculating unique connection hashes

           This methods returns a packetized version of the client and
           server version and kexinit strings which is needed to perform
           key exchange hashes.

        r)�joinr�r*r+r,r-r	rrr�get_hash_prefix�s
	�zSSHConnection.get_hash_prefixrqcCs
||_dS)z'Set tunnel used to open this connectionN)rw)r
rqrrrr��r�zSSHConnection.set_tunnel�known_hostsr)rr�c
Cs�t||||�\}}}}}	}
}|jdusJ�|D]}|j�|�|j|jvr,|j�|j�qt|�|_t|�|_	|j
durUt|j
�|_
|j
�|�t|	�|_|
|_
||_dSdS)z7Determine the set of trusted host keys and certificatesN)rprCr��	algorithmrDr��sig_algorithmsrhrErFrHr�rKrLrM)
r
r�r)rr��trusted_host_keys�trusted_ca_keys�revoked_host_keys�trusted_x509_certs�revoked_x509_certs�trusted_x509_subjects�revoked_x509_subjects�keyrrr�_match_known_hosts�s&��




�z SSHConnection._match_known_hosts�certcCsf|jdur0|j|jvrtd��|jstd��|j|jvr*|j�||||j�s*td��|�t|�|jS)z$Validate an OpenSSH host certificateNzHost CA key is revoked�Connection closedzHost CA key is not trusted)	rE�signing_keyrFr0r#�validate_host_ca_key�validater�r�)r
r)rr�r�rrr�"_validate_openssh_host_certificate�s
��z0SSHConnection._validate_openssh_host_certificatecs�|jrt�fdd�|jD��rtd��|jr&t�fdd�|jD��s&td��|jr+d}|jdus2J��j|j|j|j|j|d��j	S)	z"Validate an X.509 host certificatec3��|]	}|��j�VqdSrE�r8�subject�r�r��r�rr�	<genexpr>���zFSSHConnection._validate_x509_host_certificate_chain.<locals>.<genexpr>zX.509 subject name is revokedc3r�rEr�r�r�rrr�
r�z!X.509 subject name is not trustedr�N)�host_principal)
rM�anyr0rLrH�validate_chainrJrKrOr�)r
r)r�rr�r�%_validate_x509_host_certificate_chains,�����z3SSHConnection._validate_x509_host_certificate_chain�key_datacCs�zt|�}Wn	tyYnw|jr|�|tt|��S|�|||tt|��Szt|�}Wnty9Ytd��w|j	dura||j
vrHtd��|jsOtd��||j	vra|j�
||||�satd��|S)z&Validate and return a trusted host keyNzHost key is revokedr�zHost key is not trustedzUnable to decode host key)r�r��
is_x509_chainr�rr�r�r�r�rCrFr0r#�validate_host_public_key)r
r)rr�r�r�r�rrr�_validate_host_key!s<�
���



��z SSHConnection._validate_host_keyrVcCs
ttj|�|_ttj|�d��}|r2|�tjtj|j	rdnd�|j
tjtjfvr2|�tj
tjd�tt|�d��}|rF|dd�\|_|_tt|�d��}|rZ|dd�\|_|_|��|_z|��|j�|�|��WdSty�|j�|jt���YdSw)z Handle a newly opened connectionr3rr�socknameN��peername)rrK�	TransportrHr3rQ�
setsockopt�
SOL_SOCKET�SO_KEEPALIVEr"r��AF_INET�AF_INET6�IPPROTO_TCP�TCP_NODELAYr�rrrr rr#�_connection_maderZ�
_send_versionrirr�r�r�r�)r
rVr�r�r�rrrrZFs,�
�zSSHConnection.connection_madecCs$|dur|jrtd�}|�|�dS)z"Handle the closing of a connectionNzConnection lost)rHr�r�r�rrrrbhszSSHConnection.connection_lostr�r�cCs<|st��}|s|j}|jd|d�|�tt|d��dS)z-Handle a fatal error in connection processingzUncaught exceptionr�rN)r�r�r{r1r�rri)r
r�r�rrrr�pszSSHConnection.internal_errorcCr)z9Handle session start when opening tunneled SSH connectionNrr	rrr�session_started}r
zSSHConnection.session_startedr]�datatypecCs|j|7_|��dS)z&Handle incoming data on the connectionN)r%�
_recv_data)r
r]r�rrrr_�szSSHConnection.data_receivedcCs|�d�dS)z0Handle an incoming end of file on the connectionN)rbr	rrr�eof_received��zSSHConnection.eof_receivedcCr)z9Handle a request from the transport to pause writing dataNrr	rrr�
pause_writing�r
zSSHConnection.pause_writingcCr)z:Handle a request from the transport to resume writing dataNrr	rrr�resume_writing�r
zSSHConnection.resume_writingr�cCs\|jsttd��|j|jvr|jdd@|_|j|jvs|j}|jdd@|_||j|<|S)z/Add a new channel, returning its channel numberzSSH connection closedr���)rHr�rZr�r�)r
r��	recv_chanrrr�add_channel�s��
zSSHConnection.add_channelrcCs|j|=dS)z4Remove the channel with the specified channel numberN)r�)r
rrrr�remove_channel�rgzSSHConnection.remove_channelcCs|jdusJ�|jS)z6Return the GSS context associated with this connectionN)rer	rrr�get_gss_context�szSSHConnection.get_gss_contextcCs|j|_dS)z&Enable GSS key exchange authenticationN)rgrhr	rrr�enable_gss_kex_auth�rgz!SSHConnection.enable_gss_kex_authr��
local_algs�remote_algsc	Csj|��r
||}}n||}}|D]
}||vr|Sqtd|�dd�|��d��dd�|��d�����)z�Choose a common algorithm from the client & server lists

           This method returns the earliest algorithm on the client's
           list which is supported by the server.

        zNo matching z algorithm found, sent �,r�z and received )r�r�r�r�)r
r�r	r
�client_algs�server_algsr�rrr�_choose_alg�s	
����zSSHConnection._choose_algcCs|��rddgSddgS)z Return the extra kex algs to add�
ext-info-c�kex-strict-c-v00@openssh.com�
ext-info-s�kex-strict-s-v00@openssh.com)r�r	rrr�_get_extra_kex_algs�sz!SSHConnection._get_extra_kex_algscCs2|jrz	|j�|�WdStyYdSwdS)zSend data to the SSH connectionN)rHrd�ConnectionErrorrerrr�_send�s��zSSHConnection._sendcCsdd|j}|j�d|�|��r||_|j|�d�d�n||_|j|�d�d�|�|d�dS)zStart the SSH handshake�SSH-2.0-zSending version %sr���client_version��server_versions
N)	r)r{r1r�r*r�r�r+r)r
r�rrrr��s
zSSHConnection._send_versionc
Cs�|��z|jr|��r	|jr|��sWdSWdSWdSWdStyA}z|�|j|j|j�|�|�WYd}~dSd}~wt	yN|�
�YdSw)zParse received dataN)r�r%r7r�r�r�r�r�r�rir�r�rrrr��s&���zSSHConnection._recv_datacCsZ|j�ddt�}|dkrt|j�tkr|�td��dS|jd|�}|�d�r.|dd�}|j|dd�|_|�d	�sF|��r�|�d
�r�t|�t	krS|�td��|�
�rd||_|j|�
d�d
�n||_|j|�
d�d�|j�d|�|��d|_|j|_dS|��r�|�d�s�|jd7_|jtkr�|�td��dSdS|�td��dS)z(Receive and parse the remote SSH version�
rzBanner line too longFN�
���rrs	SSH-1.99-zVersion too longr�rrzReceived version %sTsSSH-zToo many banner lineszUnsupported SSH version)r%�find�_MAX_BANNER_LINE_LENr�r�r��endswith�
startswithr��_MAX_VERSION_LINE_LENr�r*r�r�r+r{r1�
_send_kexinitra�_recv_pkthdrr7r(�_MAX_BANNER_LINESr�)r
�idxr�rrrr6sD

��
�
�zSSHConnection._recv_versioncCs�t|j�|jkr
dS|jd|j�|_|j|jd�|_|jr-|j�|j|jd�\|_}n|jdd�}t�|d�|_	|j
|_dS)z&Receive and parse an SSH packet headerFN��bigT)r�r%r:r&r9�decrypt_headerr8r�
from_bytesr'�_recv_packetr7)r
�pktlenrrrr$1s
�
�zSSHConnection._recv_pkthdrc
CsJd|j|j|j}t|j�|krdS|j}|jd||j�}|j||j|�}|jr@|j�||j|d|�}|s?t	d��n	|jdd�|}|j|d�|_d|_|d|d�}|j
ru|jsf|jsu|j
�
|�}|durttd��n|}t|�}|��}	|}
d	}d	}t|	kr�tkr�nn|jr�|jr�d
}d|_n�|j}
n�d}d}n�|jr�|js�t|	kr�tkr�nn	d
}d|	�d�}nlt|	kr�tkr�nn|jr�|j}
nYd}d}nT|	tkr�|js�d}d}nH|	tkr�|js�d}d}n<t|	kr�tk�r-nn/z|��}
Wnt�yd}d}Ynwz|j|
}
Wnt �y,d}d|
�d�}Ynw|
�!|	|||�|�s�z	|
�"|	||�}Wnt�yU}zt#t$|��d�d}~wwt%�&|��rudd�|_'|�(|�}|�)t*j+|j,|	|dd��dS|�s�|j�r�|j�s�d|	�d�}n|j-�.d|	�|�/t0t1|��|�r�t#|��|�,|	|�dS)z5Receive the remainder of an SSH packet and process itr'FNzMAC verification failedrrrzDecompression failedr�zignored first kexzkex not in progresszKey exchange not in progresszstrict kex violationz6Strict key exchange violation: unexpected packet type z	 receivedzauth not in progresszAuthentication not in progressz#invalid request before kex completez0Invalid request before key exchange was completez$invalid request before auth completez2Invalid request before authentication was completezincomplete channel requestz#Incomplete channel request receivedzinvalid channel numberzInvalid channel number cSrr�rrrrr�<lambda>�r
z,SSHConnection._recv_packet.<locals>.<lambda>T)�is_asynczUnknown packet type %d received)2r'r;r:r�r%r8r9�decrypt_packetr&r�r<r�r=�
decompressr�r��get_byterNrOr`rcrdrArCrTrUr�rJrK�
get_uint32r�r��KeyError�log_received_packet�process_packetr�r�inspect�isawaitabler7r�r��	functoolsr�_finish_recv_packetr{r1�send_packetrBr�)r
�rem�seq�rest�mac�packet_data�orig_payload�payload�packet�pkttype�handler�skip_reason�
exc_reasonrr�rar�rrrr+Es�����
�����


�
��zSSHConnection._recv_packetFrCr<�_taskr.cCsv|tkrd|_|jr(|jdkr|jstd��|tkr!|jr!d|_n|dd@|_|j|_	|r7|j
r9|��dSdSdS)zFinish processing a packetTr�%Sequence rollover before kex completerrN)rUr�rHr8r9r�rMrdr$r7r%r�)r
rCr<rGr.rrrr9�s
�z!SSHConnection._finish_recv_packet)rD�argsrDcGs�|jr|jr|j|jks|jrt��|jkr|��d|_	|t
tthvs(|t
kr+|jr<|tkr5|js5|jr<|tkrF|jsF|j�||f�dS|jrU|t
krU|�ttd��t|�d�|�}|jrv|jsg|jsv|j�|�}|durutd��n|}|jt|�|j}|dkr�||j7}t|�|t �!|�}t|�}t"|�}	|j#}
|jr�|j�$|
|	|�\}}n|	|}d}|�%||�|j#dkr�|js�d|_#t&d��|t'kr�|j(r�d|_#n|
d	d@|_#|jr�|j|7_|s�|}|�)||
|�dS)
zSend an SSH packetTNrzCompression failedr'rrrHr)*r�rbrorlrn�time�	monotonicrpr#rarCrDrErOrSr�rUr5r�r0r:rAr�r�r�r3r4�compressr�r1r�r2�os�urandomr�r/�encrypt_packetrr�rMrd�log_sent_packet)r
rCrDrIr@rA�padlenrBr,�hdrr<r>rrrr:�sf�����
zSSHConnection.send_packetcCs0|j}g|_|D]
\}}|j|g|�R�qdS)z1Send packets deferred due to key exchange or authN)r5r:)r
�deferred_packetsrCrIrrr�_send_deferred_packetss
�z$SSHConnection._send_deferred_packetsr�r�r�cCs0|j�d||�|�tt|�t|�t|��dS)zSend a disconnect packetzSending disconnect: %s (%d)N)r{r,r:r@r�r�)r
r�r�r�rrrr�s�zSSHConnection._send_disconnectc
Csdd|_d|_|jrt��|j|_|jr |jdusJ�|jj}ng}t	|j
|t|j��|�
�}|jp5dg}|j�d�|j�d|�|j�d|�|j�d|j�|j�d	|j�|j�d
|j�t�d�}t|�}t|�}t|j�}t|j�}t|j�}tg�}d�tt�|||||||||||td�td�f�}	|��r�|	|_n|	|_|�t|	d
d��dS)zStart a key exchangeFrNsnullzRequesting key exchange�  Key exchange algs: %s�  Host key algs: %sz  Encryption algs: %sz  MAC algs: %sz  Compression algs: %s�rr) rbrornrJrKrprfre�mechsrirPr�r�rr{r1�debug2rRrSrUrMrNr�r�r�rLr�r�r�r-r,r:)
r
�	gss_mechsr��
host_key_algs�cookier�r�r��langsrBrrrr#!sF
��




�zSSHConnection._send_kexinitcCsbtt|j��}|j�d�|j��D]\}}|t|�t|�7}|j�d||�q|�t|�dS)zSend extension informationzSending extension info�  %s: %sN)	r�r�rr{rY�itemsr�r:rF)r
rBrO�valuerrr�_send_ext_infoPszSSHConnection._send_ext_info�k�hc	Cs�|js	d}||_nd}t|j|j�\}}}}}}	t|j|j�\}
}}}
}}|dkr-|j|_|
dkr5|j|_t|j�}t|j�}|j	�
d�|j	�
d|j�|j	�
d|j�|j	�
d|j�|j	�
d�|j	�
d|j�|j	�
d|j�|j	�
d|j�|jd	us�J�|j�||d
|j|�}|j�||d|j|�}|j�||d|j|�}|j�||d
|j|
�}|j�||d|j|�}|j�||d|j|
�}d	|_t
|j|||j||	�}t
|j|||j||�}|�t�d|jd<|���r\||_|	r�dnd|_td|�|_t|j�|_||_||_td|�|_||_t|j�|_||_|j|j� d�|j� d�|j� d�|j� d�|j� d�|j� d�d�|�r[|j!dk�r[|j"�r[|j"�#��s[|j"�$d	�d	|_!d	Sn[d�%|j&�|jd<||_|�rmdnd|_td|�|_t|j�|_||_||_td|�|_||_t|j�|_||_|j|j� d�|j� d�|j� d�|j� d�|j� d�|j� d�d�|j'�r�|�(�d|_'d|_)|�r�|���r�|�*t+�nt+|_,|�-�d	S)z1Finish a key exchange and send a new keys messageTFr�  Client to server:z    Encryption alg: %sz    MAC alg: %sz    Compression alg: %s�  Server to client:N�A�B�C�D�E�Frsglobal-requests-okrrrr�)�send_cipher�send_mac�send_compression�recv_cipher�recv_mac�recv_compression�kexr�server-sig-algs).r.r_rxrzryr{r5r|r}r{rYr`�compute_keyr`r:rMrr�r0r1�maxr2r6r3r4r>r?r@r7rArBr�r�rrr�r�r�rWr~rarb�send_service_request�_USERAUTH_SERVICEr�rT)r
rbrc�	first_kex�enc_keysize_cs�
enc_ivsize_cs�enc_blocksize_cs�mac_keysize_cs�mac_hashsize_cs�etm_cs�enc_keysize_sc�
enc_ivsize_sc�enc_blocksize_sc�mac_keysize_sc�mac_hashsize_sc�etm_sc�cmp_after_auth_cs�cmp_after_auth_sc�iv_cs�iv_sc�
enc_key_cs�
enc_key_sc�
mac_key_cs�
mac_key_sc�next_enc_cs�next_enc_scrrr�send_newkeys^s���

������
�
�








���
�





�
zSSHConnection.send_newkeys�servicecCs(|j�d|�||_|�tt|��dS)zSend a service requestzRequesting service %sN)r{rYr�r:rDr�)r
r�rrrrv�sz"SSHConnection.send_service_request�method.cCs(d�tt�t|j�tt�t|�f|�S)z1Get packet data for a user authentication requestr)r�r�rPr�r��_CONNECTION_SERVICE�r
r�rIrrr�_get_userauth_request_packet�s
��z*SSHConnection._get_userauth_request_packetcGst|j�|�||�S)z4Get signature data for a user authentication request)r�r.r�r�rrr�get_userauth_request_data�s
�z'SSHConnection.get_userauth_request_dataT)rD�trivialr�cGs*|j|M_|j|g|�Rd|i�dS)z!Send a user authentication packetrDN)r�r:)r
rCrDr�rIrrr�send_userauth_packet�sz"SSHConnection.send_userauth_packet)r�r�r�c	�s��|�||�}|r>t|j�|}t|dd�}|r ||�IdH}nt|dd�r3|j�d|j|�IdH}n|�|�}|t|�7}|jt|dd�|d�dS)z"Send a user authentication request�
sign_asyncN�use_executorFr)r�)	r�r�r.r�r�run_in_executor�signr�rP)	r
r�r�r�rIrBr]r��sigrrr�send_userauth_request�s�
�

�z#SSHConnection.send_userauth_request�partial_successcCs@ttt|��}|j�d|pd�d|_|�tt|�t	|��dS)z+Send a user authentication failure response�Remaining auth methods: %s�NoneN)
r$r�SSHServerConnectionr{rYr�r:rQr�r�)r
r��methodsrrr�send_userauth_failures��z#SSHConnection.send_userauth_failurec�s��|j�d|j�|�t�d|_d|_d|_d|_|j	|jd�|�
�|��|��|j
r?|j
��}t�|�r?|IdH|jrW|�|�}t�|�rQ|�|�d|_d|_|jdkro|jro|j��so|j�d�d|_dStt|���dS)z+Send a user authentication success response�Auth for user %s succeededNFT�ry�auth)r{r,r�r:rRr�r�r�r�r�rTr�r�r#�auth_completedr6r7rr�rrrr�r�rr��send_server_host_keys�r
r�rrr�send_userauth_successs8�






�z#SSHConnection.send_userauth_success�	send_chan�recv_window�recv_pktsize�result_argscGs.|jtt|�t|�t|�t|�g|�R�dS)z Send a channel open confirmationN)r:rHr�)r
r�rr�r�r�rrr�send_channel_open_confirmationGs��z,SSHConnection.send_channel_open_confirmationcCs&|�tt|�t|�t|�t|��dS)zSend a channel open failureN)r:rIr�r�)r
r�r�r�r�rrr�send_channel_open_failurePs�z'SSHConnection.send_channel_open_failure)�
want_reply�requestr�cGs"|jtt|�t|�g|�R�dS)zSend a global requestN)r:rVr�r�)r
r�r�rIrrr�_send_global_requestWs
��z"SSHConnection._send_global_requestc�sL�|js
ttd�fS|j��}|j�|�|j|g|�Rddi�|IdHS)z/Send a global request and wait for the responserr�TN)rHrXr�rr�r�r�r�)r
r�rIr�rrrr�^s��
z"SSHConnection._make_global_requestr�cCs^|j�d�\}}}|r$|r|durdntt|�}|�t|�n|�t�|jr-|��dSdS)z>Report back the response to a previously issued global requestrTrN)r�rrrr:rWrX�_service_next_global_request)r
r�rpr��responserrr�_report_global_responsens
�z%SSHConnection._report_global_responsecCs2|jd\}}}t|�r||�dS|�d�dS)z)Process next item on global request queuerFN)r��callabler�)r
rDrBrprrrr�}sz*SSHConnection._service_next_global_requestcC�t�)�&Handle the opening of a new connection��NotImplementedErrorr	rrrr���zSSHConnection._connection_made�_pkttype�_pktidrBc
Cs�|��}|��}|��}|��z|�d�}|�d�}Wnty(td�d�w|j�d||�|tks8|j	r?t
|||�}	nd}	|�|	�dS)zProcess a disconnect message�utf-8r�zInvalid disconnect messageNzReceived disconnect: %s (%d))r2�
get_string�	check_endr��UnicodeDecodeErrorr�r{r1r>rr�r�)
r
r�r�rBr��reason_bytes�
lang_bytesr�r�rarrr�_process_disconnect�s

�z!SSHConnection._process_disconnectcCs"d|jvr|��}|��dSdS)zProcess an ignore messagesCiscoN)r+r�r��r
r�r�rBrprrr�_process_ignore�s
�zSSHConnection._process_ignorecCs|��}|��dS)z)Process an unimplemented message responseN)r2r�r�rrr�_process_unimplemented�sz$SSHConnection._process_unimplementedc	Cs�|��}|��}|��}|��z|�d�}|�d�}Wnty(td�d�w|j�d||r2dnd�|jrB|j�	|||�dSdS)zProcess a debug messager�r�zInvalid debug messageNzReceived debug message: %s%s� (always display)r�)
�get_booleanr�r�r�r�r�r{r1r#�debug_msg_received)	r
r�r�rB�always_display�	msg_bytesr�r�r�rrr�_process_debug�s 

�

��zSSHConnection._process_debugcCs�|��}|��|��rtd��|jstd��||jkr td��|j�d|�|�	t
t|��d|_|tkrBd|_
d|_|��dSdS)zProcess a service requestz#Unexpected service request receivedz,Service request received before kex completez%Unexpected service in service requestz Accepting request for service %sNTF)r�r�r�r�r9r�r�r{rYr:rEr�rwr�r�rT�r
r�r�rBr�rrr�_process_service_request�s 
�z&SSHConnection._process_service_requestcCs�|��}|��|��rtd��|jstd��||jkr td��|j�d|�d|_|t	krL|j�
d|j�d|_|j
rC|j
�|j�td|���dSdS)	z!Process a service accept responsez"Unexpected service accept receivedz+Service accept received before kex completez$Unexpected service in service acceptzRequest for service %s acceptedN�Beginning auth for user %sTru)r�r�r�r�r9r�r�r{rYrwr,r�r�r#�
begin_authr�
try_next_authr�rrr�_process_service_accept�s"
�z%SSHConnection._process_service_acceptc	Cs�|jstd��i}|j�d�|��}t|�D]}|��}|��}|||<|j�d||�q|��|��rDt	|�
dd��d��|_dSdS)zProcess extension informationzUnexpected ext_info receivedzReceived extension infor^rsrrN)
r�r�r{rYr2�ranger�r�r�rhr�r}r�)	r
r�r�rB�
extensions�num_extensionsrprOr`rrr�_process_ext_info	s��zSSHConnection._process_ext_infoc�s��|jrtd��|�d�}|��}|��}|��}|��}|��}	|��}
|��}|��}|��}|��}|��}
|��}|��|��r\|��|_	|j
s[d|vrTd|_d|vr[d|_n|��|_
|j
srd|vrkd|_d|vrrd|_|jr�|js�|jdkr�td	��|jr�d
|_n|��|jr�|j��|jr�|jdus�J�|jj}ng}t|j|t|j��}|j�d�|j�d
|�|j�d|�|j�d�|j�d|�|j�d|	�|j�d|�|j�d�|j�d|�|j�d|
�|j�d|�|�d||�}t||�|_|
�o|jj|dk|_ |���r*t!t"|��#|��s*|�$d��s*t%d��|�d|j&|�|_'|�d|j&|�|_(|�d|j)|	�|_*|�d|j)|
�|_+|�d|j,|�|_-|�d|j,|�|_.|j�d�|j�d|jj�|j�/�IdHdS)zProcess a key exchange requestz Key exchange already in progressrWrTrrrrz?Strict key exchange violation: KEXINIT was not the first packetFNzReceived key exchange requestrUrVrdz    Encryption algs: %sz    MAC algs: %sz    Compression algs: %srer�sgss-z)Unable to find compatible server host keyr�r�r�zBeginning key exchangez  Key exchange alg: %s)0r`r��	get_bytes�get_namelistr�r2r�r��get_consumed_payloadr,r.r~rdr-r9r8rar#re�resetrfrXrirPr�r�r{r1rYrrjr�rcrr��choose_server_host_keyr!r�rRrxryrSrzr{rUr|r}�start)r
r�r�rBrp�
peer_kex_algs�peer_host_key_algs�enc_algs_cs�enc_algs_sc�mac_algs_cs�mac_algs_sc�cmp_algs_cs�cmp_algs_sc�first_kex_followsrZr��kex_algrrr�_process_kexinit	s��

�



��

��
�
�
�
�zSSHConnection._process_kexinitcCs\|��|jr"|j|_|j|_|j|_|j|_|j	|_
d|_d|_ntd��|j
�d�dS)z4Process a new keys message, finishing a key exchangeNTzNew keys not negotiatedzCompleted key exchange)r�r>r9r?r:r@r;rAr<rBr=r�r�r{r1)r
r�r�rBrrr�_process_newkeys�	szSSHConnection._process_newkeysc

Cs�|��}|��}|��}t|�tkrtd��|tkrtd��z	t|�d��}Wntt	fy<}ztt
|��d�d}~ww|��rEtd��|j
rQ|jrOtd��dS||jkrc|j�d|�||_d}	nd}	|�|�|	||��dS)	z%Process a user authentication requestzUsername too longz"Unexpected service in auth requestr�NzUnexpected userauth requestr�TF)r�r��_MAX_USERNAME_LENr�r�r�r�r�r�r�rr�r�r�r�r�r{r,r��_finish_userauth)
r
r�r�rB�username_bytesr�r�ryrar�rrr�_process_userauth_request�	s2���
z'SSHConnection._process_userauth_requestr�c�s��|jsdS|r6tt|���IdHtt|j��|j�}t�|�r+tt	t
|�IdH}|s6|��IdHdS|js;dS|jrC|j�
�ttt|�|j||�|_dS)z/Finish processing a user authentication requestN)r#rr��
reload_configr�r�r�r6r7r	r�r�r�r�r%)r
r�r�rBr�rrrr��	s$�



�zSSHConnection._finish_userauthcs�|���|��}|��|j�d�pd�|jdkr2|jr2|j��s2|j�d�t	��|_
d|_dS|jrI|j�d|jp=d��fdd�|jD��t	��|_
|��ro|j
rott|j
�}|rb|��n|��tt|���dStd��)	z.Process a user authentication failure responser�r��auth_methodsNzPreferred auth methods: %scsg|]}|�vr|�qSrr�r�r��r�rrr��	s�z;SSHConnection._process_userauth_failure.<locals>.<listcomp>z$Unexpected userauth failure response)r�r�r�r{rYrrr�r�r�r�rjr�r�rr�auth_succeeded�auth_failedrur�r�)r
r�r�rBr�r�rr�r�_process_userauth_failure�	s4��
�

z'SSHConnection._process_userauth_failurecCs`|��|��r�|jr�tt|j�}|jr|jrtd��|j�	d|j
�|jdkr?|jr?|j�
�s?|j�d�dg|_d|_dS|��|��d|_d|_d|_d|_|jr[|j��|j|j
d�|��|��|��|jrv|j��|jr�|�|�}t�|�r�|� |�d|_d|_!|jd	kr�|jr�|j�
�s�|j�d�d|_dSdSdSdSt"d
��)z.Process a user authentication success responsezTrivial auth disabledr�r�Nr�FTr�r�z$Unexpected userauth success response)#r�r�r�rrr�r�r�r{r,r�rrr�r�r�r�r�r�r�r�r�rr�r�rTr�r#r�rr6r7r�rr�)r
r�r�rBr�r�rrr�_process_userauth_success
sP�




�
�z'SSHConnection._process_userauth_successcCs�|��}|��}d|jvr|��dkr|��|��z|�d�}|�d�}Wnty3td�d�w|j�	d�|�
�rJtt|j
��||�dStd��)	z,Process a user authentication banner messagescryptlib�r�r�zInvalid userauth bannerNzReceived authentication bannerzUnexpected userauth banner)r�r+�get_remaining_payloadr1r�r�r�r�r{r1r�rr0r#�auth_banner_received)r
r�r�rBr�r�r�r�rrr�_process_userauth_bannerB
s 


�z&SSHConnection._process_userauth_bannerc	Cs�|��}|��}z|�d�}Wntytd�d�wdt|�d}tttt	||d��}|s8|j
�d|�|j�
|||f�t|j�dkrN|��dSdS)zProcess a global requestr�zInvalid global requestN�	_process_�_global_requestz#Received unknown global request: %sr)r�r�r�r�r�r�rr�_PacketHandlerr�r{r1r�r�r�r�)	r
r�r�rB�
request_bytesr�r�rOrDrrr�_process_global_request^
s
��z%SSHConnection._process_global_requestcCs8|jr|j�d�}|��s|�||f�dSdStd��)zProcess a global responserzUnexpected global responseN)r�rr�r�r�)r
rCr�rBr�rrrr�t
s�z&SSHConnection._process_global_responsec
Cs
|��}|��}|��}|��}d|jvr|jr|d8}z|�d�}Wnty/td�d�wz-dt|�d}	tt	t
t||	d��}
t|
�rY|
|�\}}|�
||||�WdSttd��ty�}
z|j�d	||
j�|�||
j|
j|
j�WYd}
~
dSd}
~
ww)
zProcess a channel open request�dropbearrr�zInvalid channel open requestNr��_openzUnknown channel typez#Open failed for channel type %s: %s)r�r2r*r3r�r�r�r�rr�_OpenHandlerr�r��process_openr�r[r{r1r�r�r�r�)r
r�r�rB�chantype_bytesr��send_window�send_pktsize�chantyperOrDr�r�rarrr�_process_channel_open
s>
�
���
���z#SSHConnection._process_channel_openc	Csr|��}|��}|��}|��}d|jvr|jr|d8}|j�|�}|r.|�||||�dS|j�d|�td��)z,Process a channel open confirmation responserrz1Received open confirmation for unknown channel %d�Invalid channel numberN)	r2r+r3r�r��process_open_confirmationr{r1r�)	r
r�r�rBrr�rrr�rrr�"_process_channel_open_confirmation�
s��z0SSHConnection._process_channel_open_confirmationcCs�|��}|��}|��}|��}|��z|�d�}|�d�}	Wnty,td�d�w|j�|�}
|
r>|
�|||	�dS|j	�
d|�td��)z'Process a channel open failure responser�r�zInvalid channel open failureNz,Received open failure for unknown channel %dr	)r2r�r�r�r�r�r�r��process_open_failurer{r1)r
r�r�rBrr�r�r�r�r�r�rrr�_process_channel_open_failure�
s$

��z+SSHConnection._process_channel_open_failurecCs"|��|j�d�|�d�dS)z-Process an incoming OpenSSH keepalive requestz"Received OpenSSH keepalive requestTN)r�r{rYr��r
rBrrr�4_process_keepalive_at_openssh_dot_com_global_request�
szBSSHConnection._process_keepalive_at_openssh_dot_com_global_requestcCs|j�d�|�d�dS)aForcibly close the SSH connection

           This method closes the SSH connection immediately, without
           waiting for pending operations to complete and without sending
           an explicit SSH disconnect message. Buffered data waiting to be
           sent will be lost and no more data will be received. When the
           the connection is closed, :meth:`connection_lost()
           <SSHClient.connection_lost>` on the associated :class:`SSHClient`
           object will be called with the value `None`.

        zAborting connectionN)r{r,r�r	rrrrf�
s
zSSHConnection.abortcCs|j�d�|�td�dS)z�Cleanly close the SSH connection

           This method calls :meth:`disconnect` with the reason set to
           indicate that the connection was closed explicitly by the
           application.

        zClosing connectionzDisconnected by applicationN)r{r,�
disconnectr>r	rrrr	s	zSSHConnection.closec�s,�|jr|j��IdH|j��IdHdS)z�Wait for this connection to close

           This method is a coroutine which can be called to block until
           this connection has finished closing.

        N)r�r�rMrr	rrrr�s�zSSHConnection.wait_closedcCs8t|j���D]}|��q|�|||�|�d�dS)aJDisconnect the SSH connection

           This method sends a disconnect message and closes the SSH
           connection after buffered data waiting to be written has been
           sent. No more data will be received. When the connection is
           fully closed, :meth:`connection_lost() <SSHClient.connection_lost>`
           on the associated :class:`SSHClient` or :class:`SSHServer` object
           will be called with the value `None`.

           :param code:
               The reason for the disconnect, from
               :ref:`disconnect reason codes <DisconnectReasons>`
           :param reason:
               A human readable reason for the disconnect
           :param lang:
               The language the reason is in
           :type code: `int`
           :type reason: `str`
           :type lang: `str`

        N)r�r�r�rr�r�)r
r�r�r�r�rrrr#s
zSSHConnection.disconnectrOrPcCs$|j�||jr|j�||��S|�S)a2Get additional information about the connection

           This method returns extra information about the connection once
           it is established. Supported values include everything supported
           by a socket transport plus:

             | host
             | port
             | username
             | client_version
             | server_version
             | send_cipher
             | send_mac
             | send_compression
             | recv_cipher
             | recv_mac
             | recv_compression

           See :meth:`get_extra_info() <asyncio.BaseTransport.get_extra_info>`
           in :class:`asyncio.BaseTransport` for more information.

           Additional information stored on the connection by calling
           :meth:`set_extra_info` can also be returned here.

        )r$r�rHrQrRrrrrQAs���zSSHConnection.get_extra_inforcKr)ayStore additional information associated with the connection

           This method allows extra information to be associated with the
           connection. The information to store should be passed in as
           keyword parameters and can later be returned by calling
           :meth:`get_extra_info` with one of the keywords as the name
           to retrieve.

        Nr)r$r�rrrrr�`szSSHConnection.set_extra_info�interval�	count_maxcCsZ|durt|t�r
t|�}|dkrtd��||_|dur'|dkr$td��||_|��dS)a�Set keep-alive timer on this connection

           This method sets the parameters of the keepalive timer on the
           connection. If *interval* is set to a non-zero value,
           keep-alive requests will be sent whenever the connection is
           idle, and if a response is not received after *count_max*
           attempts, the connection is closed.

           :param interval: (optional)
               The time in seconds to wait before sending a keep-alive message
               if no data has been received. This defaults to 0, which
               disables sending these messages.
           :param count_max: (optional)
               The maximum number of keepalive messages which will be sent
               without getting a response before closing the connection.
               This defaults to 3, but only applies when *interval* is
               non-zero.
           :type interval: `int`, `float`, or `str`
           :type count_max: `int`

        Nr�%Keepalive interval cannot be negativez&Keepalive count max cannot be negative)r|rr�r0rursr�)r
rrrrr�
set_keepalivems
zSSHConnection.set_keepaliver�r�cCs8|j�d||r	dnd�|�tt|�t|�t|��dS)a�Send a debug message on this connection

           This method can be called to send a debug message to the
           other end of the connection.

           :param msg:
               The debug message to send
           :param lang:
               The language the message is in
           :param always_display:
               Whether or not to display the message
           :type msg: `str`
           :type lang: `str`
           :type always_display: `bool`

        zSending debug message: %s%sr�r�N)r{r1r:rCr�r�)r
r�r�r�rrr�
send_debug�s

��zSSHConnection.send_debug�strict�encoding�errors�window�max_pktsizecC�t||j||||�S)aQCreate an SSH TCP channel for a new direct TCP connection

           This method can be called by :meth:`connection_requested()
           <SSHServer.connection_requested>` to create an
           :class:`SSHTCPChannel` with the desired encoding, Unicode
           error handling strategy, window, and max packet size for
           a newly created SSH direct connection.

           :param encoding: (optional)
               The Unicode encoding to use for data exchanged on the
               connection. This defaults to `None`, allowing the
               application to send and receive raw bytes.
           :param errors: (optional)
               The error handling strategy to apply on encode/decode errors
           :param window: (optional)
               The receive window size for this session
           :param max_pktsize: (optional)
               The maximum packet size for this session
           :type encoding: `str` or `None`
           :type errors: `str`
           :type window: `int`
           :type max_pktsize: `int`

           :returns: :class:`SSHTCPChannel`

        )r+r�r
rrrrrrr�create_tcp_channel��
 �z SSHConnection.create_tcp_channelcCr)ayCreate an SSH UNIX channel for a new direct UNIX domain connection

           This method can be called by :meth:`unix_connection_requested()
           <SSHServer.unix_connection_requested>` to create an
           :class:`SSHUNIXChannel` with the desired encoding, Unicode
           error handling strategy, window, and max packet size for
           a newly created SSH direct UNIX domain socket connection.

           :param encoding: (optional)
               The Unicode encoding to use for data exchanged on the
               connection. This defaults to `None`, allowing the
               application to send and receive raw bytes.
           :param errors: (optional)
               The error handling strategy to apply on encode/decode errors
           :param window: (optional)
               The receive window size for this session
           :param max_pktsize: (optional)
               The maximum packet size for this session
           :type encoding: `str` or `None`
           :type errors: `str`
           :type window: `int`
           :type max_pktsize: `int`

           :returns: :class:`SSHUNIXChannel`

        )r,rrrrr�create_unix_channel�rz!SSHConnection.create_unix_channelcC�t||jdd||�S)a�Create a channel to use for TUN/TAP forwarding

           This method can be called by :meth:`tun_requested()
           <SSHServer.tun_requested>` or :meth:`tap_requested()
           <SSHServer.tap_requested>` to create an :class:`SSHTunTapChannel`
           with the desired window and max packet size for a newly created
           TUN/TAP tunnel.

           :param window: (optional)
               The receive window size for this session
           :param max_pktsize: (optional)
               The maximum packet size for this session
           :type window: `int`
           :type max_pktsize: `int`

           :returns: :class:`SSHTunTapChannel`

        Nr)r-r�r
rrrrr�create_tuntap_channel�s�z#SSHConnection.create_tuntap_channelcCr )z2Create an SSH X11 channel to use in X11 forwardingNr)r.rr!rrr�create_x11_channel��z SSHConnection.create_x11_channelcCr )z6Create an SSH agent channel to use in agent forwardingNr)r/rr!rrr�create_agent_channelr$z"SSHConnection.create_agent_channelr��rrrrrrr�	orig_host�	orig_portc
���t�)z0Create an SSH direct or forwarded TCP connectionr�)
r
rrrr'r(rrrrrrrr��	zSSHConnection.create_connection�remote_pathc�r))z?Create an SSH direct or forwarded UNIX domain socket connectionr�)r
rr+rrrrrrr�create_unix_connection)r*z$SSHConnection.create_unix_connection�	dest_host�	dest_portc
�sj�z|j�t||�IdH\}}|j�d||f�Wnty-}zttt|��d�d}~wwtt	t|��S)a)Forward a tunneled TCP connection

           This method is a coroutine which can be returned by a
           `session_factory` to forward connections tunneled over
           SSH to the specified destination host and port.

           :param dest_host:
               The hostname or address to forward the connections to
           :param dest_port:
               The port number to forward the connections to
           :type dest_host: `str` or `None`
           :type dest_port: `int`

           :returns: :class:`asyncio.BaseProtocol`

        Nz!  Forwarding TCP connection to %s)
rrrar{r,r:r�rZrr)r
r-r.rp�peerrarrr�forward_connection4s�����z SSHConnection.forward_connection�	dest_pathc
�sd�z|j�t|�IdH\}}|j�d|�Wnty*}zttt|��d�d}~wwtt	t|��S)a�Forward a tunneled UNIX domain socket connection

           This method is a coroutine which can be returned by a
           `session_factory` to forward connections tunneled over
           SSH to the specified destination path.

           :param dest_path:
               The path to forward the connection to
           :type dest_path: `str`

           :returns: :class:`asyncio.BaseProtocol`

        Nz"  Forwarding UNIX connection to %s)
rr,rar{r,r:r�rZrr)r
r1rpr/rarrr�forward_unix_connectionRs����z%SSHConnection.forward_unix_connectionrr�accept_handlerc	�s��dttdtdtdtttttff����fdd�}||f��fkr/�j�d||f�n�j�d||f��f�zt	��j
|||�Id	H}Wnty]}z�j�d
|��d	}~ww|dkrf|�
�}�dkrl|�|�j||f<|S)a�Set up local port forwarding

           This method is a coroutine which attempts to set up port
           forwarding from a local listening port to a remote host and port
           via the SSH connection. If the request is successful, the
           return value is an :class:`SSHListener` object which can be used
           later to shut down the port forwarding.

           :param listen_host:
               The hostname or address on the local host to listen on
           :param listen_port:
               The port number on the local host to listen on
           :param dest_host:
               The hostname or address to forward the connections to
           :param dest_port:
               The port number to forward the connections to
           :param accept_handler:
               A `callable` or coroutine which takes arguments of the
               original host and port of the client and decides whether
               or not to allow connection forwarding, returning `True` to
               accept the connection and begin forwarding or `False` to
               reject and close it.
           :type listen_host: `str`
           :type listen_port: `int`
           :type dest_host: `str`
           :type dest_port: `int`
           :type accept_handler: `callable` or coroutine

           :returns: :class:`SSHListener`

           :raises: :exc:`OSError` if the listener can't be opened

        rr'r(rc�sl��r*�||�}t�|�rttt|�IdH}|s*�j�d||f��f�ttd����	|��||�IdHS��#Forward a local connection over SSHNz>Request for TCP forwarding from %s to %s denied by applicationzConnection forwarding denied)
r6r7rr	r�r{r,r�rYr�rr'r(r��r3r-r.r
rr�tunnel_connection�s �

��
�z;SSHConnection.forward_local_port.<locals>.tunnel_connectionz"Creating local TCP forwarder on %s�*Creating local TCP forwarder from %s to %sN�'Failed to create local TCP listener: %sr)r�rrrrr+r�r{r,rwrr:r1rr�)	r
rrr-r.r3r8r�rarr7r�forward_local_portksF�'���������z SSHConnection.forward_local_port�listen_pathc
�s��dttdtttttff��fdd�}�j�d|��z
t��j||�IdH}Wnt	y@}z�j�
d|��d}~ww|�j|<|S)aSet up local UNIX domain socket forwarding

           This method is a coroutine which attempts to set up UNIX domain
           socket forwarding from a local listening path to a remote path
           via the SSH connection. If the request is successful, the
           return value is an :class:`SSHListener` object which can be used
           later to shut down the UNIX domain socket forwarding.

           :param listen_path:
               The path on the local host to listen on
           :param dest_path:
               The path on the remote host to forward the connections to
           :type listen_path: `str`
           :type dest_path: `str`

           :returns: :class:`SSHListener`

           :raises: :exc:`OSError` if the listener can't be opened

        rrc�s���|��IdHS)r5N)r,�r�r1r
rrr8�s�
�z;SSHConnection.forward_local_path.<locals>.tunnel_connection�+Creating local UNIX forwarder from %s to %sN�(Failed to create local UNIX listener: %s)r�rrr,r�r{r,rxrr:r1r�)r
r<r1r8r�rarr>r�forward_local_path�s*�������
z SSHConnection.forward_local_path�mode�unitc
Cszztt||�\}}|�d�}|j�d|tkrdnd|�Wnty1}zttt	|��d�d}~wwtt
t|�d|id�S)zSet up TUN/TAP forwarding�	interfacez#  Forwarding layer %d traffic to %sr#r�N)�extra)r�rarQr{r,r�r:r�rZrr)r
rBrCrVr/rDrarrr�forward_tuntap�s
���
�zSSHConnection.forward_tuntap�
listen_keycCs|j�|d�dS)z*Mark a local forwarding listener as closedN)r�r)r
rGrrr�close_forward_listener
sz$SSHConnection.close_forward_listenercCr�)�*Detach a session from a local X11 listenerr��r
r�rrr�detach_x11_listener	
r�z!SSHConnection.detach_x11_listenerrrE�NNr��r�r)�rrrrr��globals�_handler_namesr�staticmethodrr
rK�AbstractEventLoop�_AcceptHandler�
_ErrorHandlerrrr�rGrr�rr	rr��propertyrzr{rir�r�r�r�r�r�r�r�r�r�r	r�r�r�r�rr0r�r�rr�rr�ror�r�r�r�r�r�r�r[rZrbr�r�r�r�r_r�rrr(rrrrbrrrrr
rrr�r�r6r$r+�Taskr9r�r:rTr�r#rar�rvrr�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�rrr
rr@rArBrCrDrErFrLrMrPrQrRrSrVrWrXrGrHrI�_packet_handlersrfrr�r<rrrQr��floatrr�_DEFAULT_WINDOW�_DEFAULT_MAX_PKTSIZEr+rr,rr-r"r.r#r/r%r�r�rr�r�r,rar0r2r��SSHAcceptHandlerrrr;rArFrqrHrKrrrrrMs�����
�$��
�3
�
���
�
��
�����
���
��
�%"��
�

�
�	0q���
���
�E	/}
�
����
�	���
�
)���
�
	��
���
��

�	
�
�
�
�

�
�
	�
�
�
�
�
�
 �
�
�
�
k�
�
�
�
%�
�
�
�
*�
�
7�
�
�
�
�
�
�
�
%�
�
�
��
�	�������	�
��
��������
��
�
���)��������#�����#�������	����
�
�����������

������������������Y
��".c(sv	eZdZUdZded<eed<eeed<			d�dej	ddd	e
d
edeef
�fdd
�
Z
d�dd�Zdeeddf�fdd�Zdedefdd�Zdedefdd�Zdeefdd�Zdeefdd�Zdd�d eddfd!d"�Zdefd#d$�Zdefd%d&�Zdeeeeeffd'd(�Zdeefd)d*�Z deefd+d,�Z!d-ed.edeeeffd/d0�Z"d�d1d2�Z#d�d3d4�Z$deefd5d6�Z%d7ed8ed.ed9e&dee'f
d:d;�Z(d<e)dee*e+ffd=d>�Z,d<e)dee-ee.effd?d@�Z/dAe)dee-e0e.ffdBdC�Z1dDedEe2ddfdFdG�Z3d<e)dee4e5ffdHdI�Z6d<e)dee7e8ffdJdK�Z9dAe)dee4e0e5ffdLdM�Z:dNeddfdOdP�Z;dAe)dee<e=e>ffdQdR�Z?dAe)dee4e=e@ffdSdT�ZAdAe)ddfdUdV�ZBdAe)ddfdWdX�ZCdYeDeEdZeed[eed\edeeee2ff
d]d^�ZFdYeGeEddfd_d`�ZH	ad�dadadadadadadadadadadadadadadadb�dceIddeJeedeeJeedfeJeKdgeJeeLdheJeMeefdieJeedjeJeNdkeJeOdleJeMe2efdmeJeedneJeedoeJedpeJeedqeJedreJe2dseJe2deeDePff$dtdu�ZQdveRdweRdeeSeTeTffdxdy�ZUeVdeWeWeWeXjYdzdzd{�dveRd|eeEd}eZd~e[de[d�e2d�ed�edweRde\eEfd�d���Z]daeXjYdeWeWeWdfd�e^ddeJeed�e2d|eeEd}eZd~e[de[dpeedweRdee_e`ffd�d��Zaddd��dveRd�ed�eebdweRdecf
d�d��Zd	�	�d�dd�eeefd��dcegeEd�ed�e2d�ed�e2dpeedqedre2dse2dee-eEe.eEffd�d��ZhdveRdweRdeeTeSffd�d��ZieVdd�eeefd��dcejeEdDedEe2dpeedqedre2dse2dekfd�d���ZleVd�emdveRdweRdekfd�d���Zndd�eeefd��dceoeEd�edpeedqedre2dse2dee4eEe5eEffd�d��ZpdveRdweRdeeTeSffd�d��ZqeVdd�eeefd��dcereEdNedpeedqedre2dse2dekfd�d���ZseVd�etdveRdweRdekfd�d���Zu	ad�d�evd�ed�eJe2dweRdedeff
d�d��ZweVd�d�ed�eJe2dweRddfd�d���ZxeVd�d�ed�eJe2dweRdd�fd�d���ZyeVd�d�ed�eJe2dweRdezfd�d���Z{eV	�	ad�d�ed�eJe2dweRdezfd�d���Z|	d�eeefd��dce}d�ee2dre2dse2dee7e8ff
d�d��Z~	d�eeefd��dce}d�ee2dre2dse2dee7e8ff
d�d��ZdveRdweRdeeTeSffd�d��Z�dveRdweRdeeTeSffd�d��Z�eV	d�dDedEe2d�ed�ee�dekf
d�d„�Z�eVdNed�ed�e2dekfd�dƄ�Z�eVdDedEe2d�ed�e2dekf
d�dȄ�Z�eVdNed�edekfd�dʄ�Z�eVdDedEe2d�edekfd�d̄�Z�eVdNed�ed�e2dekfd�d΄�Z�eVdDedEe2dekfd�dЄ�Z�eV		d�d�ee2d�ee2de@fd�dӄ�Z�eV		d�d�ee2d�ee2de@fd�dՄ�Z�eVdadad�d�e�fdfeJeKdgeJeeLd�eede�fd�dل�Z��Z�S)�rua�SSH client connection

       This class represents an SSH client connection.

       Once authentication is successful on a connection, new client
       sessions can be opened by calling :meth:`create_session`.

       Direct TCP connections can be opened by calling
       :meth:`create_connection`.

       Remote listeners for forwarded TCP connections can be opened by
       calling :meth:`create_server`.

       Direct UNIX domain socket connections can be opened by calling
       :meth:`create_unix_connection`.

       Remote listeners for forwarded UNIX domain socket connections
       can be opened by calling :meth:`create_unix_server`.

       TCP port forwarding can be set up by calling :meth:`forward_local_port`
       or :meth:`forward_remote_port`.

       UNIX domain socket forwarding can be set up by calling
       :meth:`forward_local_path` or :meth:`forward_remote_path`.

       Mixed forwarding from a TCP port to a UNIX domain socket or
       vice-versa can be set up by calling :meth:`forward_local_port_to_path`,
       :meth:`forward_local_path_to_port`,
       :meth:`forward_remote_port_to_path`, or
       :meth:`forward_remote_path_to_port`.

    �SSHClientConnectionOptionsr�r#r�Nr$r%rrrcslt�j|||||dd�|j|_|j|_|j|_|j|_	d|_
d|_|j|_
|j|_|j|_g|_|jr9t|j�ng|_d|_|jdkrNdd�|jD�|_nt�|_|j|_|jdurat|j�|_|j|_ |j!|_"t#|j�|_$|j%|_&|j'|_(t#|j&�|_)|j*dkr�|j*n|j}|r�zt+||j,|j-�|_.|j/|_0|j1|_2|j2|_3Wn	t4y�Ynwd|_5i|_6i|_7dS)NF�r�rcSr�r�r�r�rrrr�R
r�z0SSHClientConnection.__init__.<locals>.<listcomp>)8rFrGr)�_hostr��_portr��_known_hosts�host_key_alias�_host_key_aliasr��_server_host_key�server_host_keys_handler�_server_host_keys_handlerryr��password�	_password�_client_host_keys�client_keysr��_client_keys�_saved_rsa_key�preferred_authrjr"�disable_trivial_authr��
agent_pathrr��agent_identities�_agent_identities�agent_forward_path�_agent_forward_pathr��_get_agent_keys�pkcs11_provider�_pkcs11_provider�
pkcs11_pin�_pkcs11_pin�_get_pkcs11_keys�gss_hostrc�	gss_store�gss_delegate_credsre�gss_kexrf�gss_authrgrire�_kbdint_password_auth�_remote_listeners�_dynamic_remote_listeners)r
r$r%rrrrxrlrrrG5
s\��

�
���
zSSHClientConnection.__init__rcCs*|jdusJ�|js$|jr|j|_|j|_n|�d�}tt|�\|_|_|jj	rBtt
j
|j�d��}tt|jj	|�
�|jj��|_n|jjrNt|jj�|_ng|_|jdur]d|_d|_n:|js|tddd���}|��ryt�|tj�ryt|�|_nd|_|jtkr�|jnd}|�tt|j�|jp�|j|j|�g}|jjdkr�|j r�|j }|jr�t!�|}|s�t!�t"�}|j#dur�|j#s�|j$r�t%�|}t&|jjtt't|jj(�)d	d
��|�|_*|j+�,d|j|jf�|jj-r�d�.d
d�|jj-D��}|j+�,d|�dS|j+�,d|j/|j0f�|j+�,d|j|jf�dS)r�N�remote_peernamer3�~�.sshr�rrP�HostKeyAlgorithmsrzConnected to SSH server at %s� cs��|]}t�|�VqdSrE��shlex�quote�r��argrrrr��
��z7SSHClientConnection._connection_made.<locals>.<genexpr>�  Proxy command: %s�  Local address: %s�  Peer address: %s)1rHr]rr r^rQrr�r��client_host_keysignr3r�rn�fileno�client_host_pubkeysrg�client_host_keypairsr_rCrEr�
expanduser�is_filerM�access�R_OKrr=r�rora�server_host_key_algsrDr�r�rHrJr�r�r�rtr�r�r{r,r�r�rr)r
�remote_peerr��default_known_hostsr��default_host_key_algsr�rrrr�x
s�


�
�
���
��
�
���
�
�
�
�z$SSHClientConnection._connection_maderacs�|jr|j��|jrt|j���D]}|��qi|_i|_|dur*|j�d�nt|t	�r8|j�t
|��n
|j�dt
|��t��|�dS)zClean up this client connectionNr�zConnection failure: )
r�rr~r�r�rr{r,r|r�rrFr�)r
ra�tcp_listenerrlrrr��
s


zSSHClientConnection._cleanup�keypaircCsX|jr$|jD]}|jr|�d�sq||jvr#||jvr#|�|�dSq|jd|jvS)z>Choose signature algorithm to use for key-based authentications	webauthn-Tr)r�r��use_webauthnr!rW�set_sig_algorithm)r
r�r�rrr�_choose_signature_alg�
s

�z)SSHClientConnection._choose_signature_algr�c
Cstz|�|jp|j|j|j|�}Wn$ty4}z|j}|jr&|d|j��7}t|�d|���d�d}~ww||_|S)z)Validate and return the server's host keyz with alias z
 for host N)r�rar]rr^r0r�rb)r
r��host_keyrar)rrr�validate_server_host_key�
s

���z,SSHClientConnection.validate_server_host_keycCrS)a*Return the server host key used in the key exchange

           This method returns the server host key used to complete the
           key exchange with the server.

           If GSS key exchange is used, `None` is returned.

           :returns: An :class:`SSHKey` public key or `None`

        �rbr	rrr�get_server_host_keysz'SSHClientConnection.get_server_host_keycCsdd�|jD�S)z�Return the server host key used in the key exchange

           This method returns the auth methods available to authenticate
           to the server.

           :returns: `list` of `str`

        cSr�r�)r�r�rrrr�r�z?SSHClientConnection.get_server_auth_methods.<locals>.<listcomp>)r�r	rrr�get_server_auth_methodss
z+SSHClientConnection.get_server_auth_methodsF)�next_methodr�cCs�|jr|j��d|_|r|j�d�|jr-t||jd�|_|jr$dS|j�d�|js|j�d|j�|�t	d|j�d|j
����dS)z>Attempt client authentication using the next compatible methodNrzAuth failed for user %szPermission denied for user z	 on host )r�r�r�rr#r{r,r�r�r�r])r
r�rrrr�s"
���z!SSHClientConnection.try_next_authcC�|jrd|_dSdS)z>Return whether to allow GSS key exchange authentication or notFT)rhr	rrr�gss_kex_auth_requested5�z*SSHClientConnection.gss_kex_auth_requestedcCr�)z5Return whether to allow GSS MIC authentication or notFT�rir	rrr�gss_mic_auth_requested>r�z*SSHClientConnection.gss_mic_auth_requestedc�s�|jsdS	|jr|j}|jd|_d|_nz|j�d�}Wnty*d}Ynw|dus1J�|�|�rD|jdkrC|jdkrC||_nq|jj	}|durwt
t|�d��}|ruz|j
�|tj�IdH\}}Wntjyt|d}Ynwd	}|jjr�|d
d�dkr�|d7}|||jjfS)z6Return a host key, host, and user to authenticate with)Nr�r�T�-cert-v01@openssh.comNr�ssh-rsa-cert-v01@openssh.com�ssh-rsar�r�rr&)rYrj�
sig_algorithmr�rgr�
IndexErrorr�r��client_hostrr�rQr�getnameinfor3�NI_NUMERICSERVr5r��client_username)r
r�r�r�rprrr�host_based_auth_requestedGsH��


���z-SSHClientConnection.host_based_auth_requestedc�sH�|jsdS|jr2|jdusJ�z|j�|j�IdH}t|�|jdd�<Wn	ty.Ynwd|_|jrV|j	dus<J�|j
�dt|j	|j
�IdH}t|�|jdd�<d|_	|jsy|j��}t�|�rnttt|�IdH}|srdStt|��|_|jr�|j}|jd|_d|_n|j�d�}|�|�r�|jdkr�|jdkr�||_|SqW)z-Return a client key pair to authenticate withNrFTr�r�r�)r[rrr��get_keysror�rir0rwrtrr�r�rvr#�public_key_auth_requestedr6r7rr	r�r�rjr�r�rr�)r
�
agent_keys�pkcs11_keysr�r�rrrr�zsL��
�




�z-SSHClientConnection.public_key_auth_requestedc�s��|js	|js	dS|jdur?|j}t|�r!ttgttf|��}t�	|�r3tt
tt|�IdH}nttt|�}d|_|S|j��}t�	|�rWtt
tt|�IdH}|Sttt|�}|S)z&Return a password to authenticate withN)
r_r}rfr�rr
rrr6r7r	r#�password_auth_requested)r
rer�rrrr��s$�

	
�
�z+SSHClientConnection.password_auth_requested�promptr�c��8�|j�||�}t�|�rttt|�IdH}tt|�S)z?Return a password to authenticate with and what to change it toN)r#�password_change_requestedr6r7rr	r!)r
r�r�r�rrrr��s
�

z-SSHClientConnection.password_change_requestedcCr)z#Report a successful password changeN)r#�password_changedr	rrrr��rz$SSHClientConnection.password_changedcCr)zReport a failed password changeN)r#�password_change_failedr	rrrr��rz*SSHClientConnection.password_change_failedc�sn�|jsdS|j��}t�|�rtttt|�IdH}|t	ur0|j
dur.|js.d|_d}nd}ttt|�S)a&Return the list of supported keyboard-interactive auth methods

           If keyboard-interactive auth is not supported in the client but
           a password was provided when the connection was opened, this
           will allow sending the password via keyboard-interactive auth.

        NTr�)r]r#�kbdint_auth_requestedr6r7rr	rr�NotImplementedrfr}r�rrrr��s�	

z)SSHClientConnection.kbdint_auth_requestedrO�instructions�promptsc	�s��|jr:|s
g}|St|�dkr6|dd��}d|vs d|vr2|��IdH}|dur.|gnd}|Sd}|Sd}|S|j�||||�}t�|�rTtt	t
|�IdH}|Stt
|�}|S)z9Return responses to a keyboard-interactive auth challengerrre�passcodeN)r}r��lowerr�r#�kbdint_challenge_receivedr6r7rr	r )	r
rOr�r�r�r�r�rer�rrrr�	s.����

��

�z-SSHClientConnection.kbdint_challenge_receivedr&cC�
ttd��)zmProcess an inbound session open request

           These requests are disallowed on an SSH client.

        z Session open forbidden on client�r�rY�r
r&rrr�_process_session_open(�
�z)SSHClientConnection._process_session_opencCr�)z{Process an inbound direct TCP/IP channel open request

           These requests are disallowed on an SSH client.

        z&Direct TCP/IP open forbidden on clientr�r�rrr�_process_direct_tcpip_open5r�z.SSHClientConnection._process_direct_tcpip_openrBcCs�|��}|��}|��}|��}|��z|�d�}|�d�}Wnty,td�d�wttt|j	�
||f�p>|j�
|��}|r`|�||�\}	}
|j
�d||f�|j
�d||f�|	|
fSttd��)z8Process an inbound forwarded TCP/IP channel open requestr�z-Invalid forwarded TCP/IP channel open requestNz'Accepted forwarded TCP connection on %s�  Client address: %s�No such listener)r�r2r�r�r�r�rrsrr~r�r�process_connectionr{r,r�rZ)r
rB�dest_host_bytesr.�orig_host_bytesr(r-r'r�r�r�rrr�_process_forwarded_tcpip_openBs2
��
��
z1SSHClientConnection._process_forwarded_tcpip_openrrc�sp�|�dt|�t|��IdH|j�d||f�|j�||f�}|r6|j�|�|kr.|j|=|j||f=dSdS)zClose a remote TCP/IP listenerscancel-tcpip-forwardNz Closed remote TCP listener on %s)r�r�r�r{r,r~r�r)r
rrr�rrr�close_client_tcp_listeneres�
���z-SSHClientConnection.close_client_tcp_listenercCr�)z�Process an inbound direct UNIX domain channel open request

           These requests are disallowed on an SSH client.

        z2Direct UNIX domain socket open forbidden on clientr�r�rrr�3_process_direct_streamlocal_at_openssh_dot_com_openw��zGSSHClientConnection._process_direct_streamlocal_at_openssh_dot_com_opencCr�)zmProcess an inbound TUN/TAP open request

           These requests are disallowed on an SSH client.

        z#TUN/TAP request forbidden on clientr�r�rrr�$_process_tun_at_openssh_dot_com_open�r�z8SSHClientConnection._process_tun_at_openssh_dot_com_opencCs�|��}|��}|��z|�d�}Wntytd�d�wttt|j�	|��}|r>|�
�\}}|j�d|�||fSt
td��)z=Process an inbound forwarded UNIX domain channel open requestr�z2Invalid forwarded UNIX domain channel open requestNz%Accepted remote UNIX connection on %sr�)r�r�r�r�r�rrtrr~r�r�r{r,r�rZ)r
rB�dest_path_bytesrpr1r�r�r�rrr�6_process_forwarded_streamlocal_at_openssh_dot_com_open�s$��
�
zJSSHClientConnection._process_forwarded_streamlocal_at_openssh_dot_com_openr<c�s@�|�dt|��IdH|j�d|�||jvr|j|=dSdS)z*Close a remote UNIX domain socket listeners&cancel-streamlocal-forward@openssh.comN�Closed UNIX listener on %s)r�r�r{r,r~)r
r<rrr�close_client_unix_listener�s�
�
�z.SSHClientConnection.close_client_unix_listenercCs�|��}|��}|��z|�d�}Wntytd�d�w|jrC|j�d�|j�d||f�|�	�}|�
||�||j��fStt
d��)z+Process an inbound X11 channel open requestr�z*Invalid forwarded X11 channel open requestNzAccepted X11 connectionr�zX11 forwarding disabled)r�r2r�r�r�r�r�r{r,r#�set_inbound_peer_namesr0r�rZ)r
rBr�r(r'r�rrr�_process_x11_open�s&���z%SSHClientConnection._process_x11_opencCs8|��|jr|j�d�|��|�|j�fSttd��)z2Process an inbound auth agent channel open requestzAccepted SSH agent connectionzAuth agent forwarding disabled)r�rqr{r,rr2r�rZrrrr�+_process_auth_agent_at_openssh_dot_com_open�s
��z?SSHClientConnection._process_auth_agent_at_openssh_dot_com_opencCs|�|�|��dS)z+Process a list of accepted server host keysN)r��_finish_hostkeysrrrr�6_process_hostkeys_00_at_openssh_dot_com_global_request�szJSSHClientConnection._process_hostkeys_00_at_openssh_dot_com_global_requestc�s��|js|j�d�|�d�dS|jdur#|j�d�|�d�dSg}t|j�}g}g}g}|rlz.|��}t|�}||j	vrF|�
|�n||jvrV|�
|�|�|�n	|�
|t|�f�Wn	t
yiYnw|s2|r�|�dd�dd�|D���IdH\}	}|	tkr�td	�t|j�}
|D]\}}|��}|�|
||�r�|�
|�q�|j�d
�q�n|j�d�|��|j�dt|��d
t|��dt|��dt|��d�	�|�||||�}
t�|
�r�|
IdH|�d�dS)z)Finish processing hostkeys global requestz,Ignoring server host key message: no handlerFNz.Server host key not verified: handler disabledshostkeys-prove-00@openssh.comrcss�|]\}}|VqdSrEr)r�rp�key_strrrrr���z7SSHClientConnection._finish_hostkeys.<locals>.<genexpr>�hostkeys-prove-00@openssh.comz!Server host key validation failedz$Server host key prove request failedzServer host key report: z added, z
 removed, z retained, z revokedT)rdr{r1r�rCr,r�r�r�rFr��remover�r�r�r�rWr.�verifyr�r�r6r7)r
rB�added�removed�retained�revoked�prover�r�rCr�r�r�r�rrrr��sv�






��������
��

z$SSHClientConnection._finish_hostkeysr��display�	auth_path�single_connectionc�sJ�|s	tj�d�}|std��|jst|j||�IdH|_|j�|||�S)z'Attach a channel to a local X11 display�DISPLAYzX11 display not setN)rM�environr�r0r�r�r�attach)r
r�r�r�r�rrr�attach_x11_listener/s��z'SSHClientConnection.attach_x11_listenercC�$|jr|j�|�rd|_dSdSdS)rIN�r��detachrJrrrrKB�

�z'SSHClientConnection.detach_x11_listenerr)�	subsystem�env�send_env�request_pty�	term_type�	term_size�
term_modes�x11_forwarding�x11_display�
x11_auth_path�x11_single_connectionrrrrrrCr�r�r�r�r�r�r�r�r�r�r�rrrrc�s��|dkr	|jj}|dkr|jj}|dkr|jj}|dkr!|jj}|dkr)|jj}|dkr1|jj}|dkr9|jj}|	dkrA|jj}	|
dkrI|jj	}
|dkrQ|jj
}|dkrY|jj}|
dkra|jj}
|dkri|jj
}|dkrq|jj}|dkry|jj}|dkr�|jj}i}|r�|�t|��|r�|�t|��|dkr�d}n|dkr�t|o�|p�|�}n|r�t|�}t||j||||�}|�||||||||	p�i|
|||
t|j��
IdH}||fS)a�Create an SSH client session

           This method is a coroutine which can be called to create an SSH
           client session used to execute a command, start a subsystem
           such as sftp, or if no command or subsystem is specified run an
           interactive shell. Optional arguments allow terminal and
           environment information to be provided.

           By default, this class expects string data in its send and
           receive functions, which it encodes on the SSH connection in
           UTF-8 (ISO 10646) format. An optional encoding argument can
           be passed in to select a different encoding, or `None` can
           be passed in if the application wishes to send and receive
           raw bytes. When an encoding is set, an optional errors
           argument can be passed in to select what Unicode error
           handling strategy to use.

           Other optional arguments include the SSH receive window size and
           max packet size which default to 2 MB and 32 KB, respectively.

           :param session_factory:
               A `callable` which returns an :class:`SSHClientSession` object
               that will be created to handle activity on this session
           :param command: (optional)
               The remote command to execute. By default, an interactive
               shell is started if no command or subsystem is provided.
           :param subsystem: (optional)
               The name of a remote subsystem to start up.
           :param env: (optional)
               The  environment variables to set for this session. Keys and
               values passed in here will be converted to Unicode strings
               encoded as UTF-8 (ISO 10646) for transmission.

                   .. note:: Many SSH servers restrict which environment
                             variables a client is allowed to set. The
                             server's configuration may need to be edited
                             before environment variables can be
                             successfully set in the remote environment.
           :param send_env: (optional)
               A list of environment variable names to pull from
               `os.environ` and set for this session. Wildcards patterns
               using `'*'` and `'?'` are allowed, and all variables with
               matching names will be sent with whatever value is set
               in the local environment. If a variable is present in both
               env and send_env, the value from env will be used.
           :param request_pty: (optional)
               Whether or not to request a pseudo-terminal (PTY) for this
               session. This defaults to `True`, which means to request a
               PTY whenever the `term_type` is set. Other possible values
               include `False` to never request a PTY, `'force'` to always
               request a PTY even without `term_type` being set, or `'auto'`
               to request a TTY when `term_type` is set but only when
               starting an interactive shell.
           :param term_type: (optional)
               The terminal type to set for this session.
           :param term_size: (optional)
               The terminal width and height in characters and optionally
               the width and height in pixels.
           :param term_modes: (optional)
               POSIX terminal modes to set for this session, where keys are
               taken from :ref:`POSIX terminal modes <PTYModes>` with values
               defined in section 8 of :rfc:`RFC 4254 <4254#section-8>`.
           :param x11_forwarding: (optional)
               Whether or not to request X11 forwarding for this session,
               defaulting to `False`. If set to `True`, X11 forwarding will
               be requested and a failure will raise :exc:`ChannelOpenError`.
               It can also be set to `'ignore_failure'` to attempt X11
               forwarding but ignore failures.
           :param x11_display: (optional)
               The display that X11 connections should be forwarded to,
               defaulting to the value in the environment variable `DISPLAY`.
           :param x11_auth_path: (optional)
               The path to the Xauthority file to read X11 authentication
               data from, defaulting to the value in the environment variable
               `XAUTHORITY` or the file :file:`.Xauthority` in the user's
               home directory if that's not set.
           :param x11_single_connection: (optional)
               Whether or not to limit X11 forwarding to a single connection,
               defaulting to `False`.
           :param encoding: (optional)
               The Unicode encoding to use for data exchanged on this session.
           :param errors: (optional)
               The error handling strategy to apply on Unicode encode/decode
               errors.
           :param window: (optional)
               The receive window size for this session.
           :param max_pktsize: (optional)
               The maximum packet size for this session.
           :type session_factory: `callable`
           :type command: `str`
           :type subsystem: `str`
           :type env: `dict` with `bytes` or `str` keys and values
           :type send_env: `list` of `bytes` or `str`
           :type request_pty: `bool`, `'force'`, or `'auto'`
           :type term_type: `str`
           :type term_size: `tuple` of 2 or 4 `int` values
           :type term_modes: `dict` with `int` keys and values
           :type x11_forwarding: `bool` or `'ignore_failure'`
           :type x11_display: `str`
           :type x11_auth_path: `str`
           :type x11_single_connection: `bool`
           :type encoding: `str` or `None`
           :type errors: `str`
           :type window: `int`
           :type max_pktsize: `int`

           :returns: an :class:`SSHClientChannel` and :class:`SSHClientSession`

           :raises: :exc:`ChannelOpenError` if the session can't be opened

        r�forceT�autoN)r�rCr�r�r�r�r�r�r�r�r�r�r�rrrrr�r�r�r�r)r�createrq)r
rrCr�r�r�r�r�r�r�r�r�r�r�rrrr�new_envr�r�rrr�create_sessionIsp��

�z"SSHClientConnection.create_sessionrIrc�sB�|jtg|�Ri|��IdH\}}t||�t||�t||t�fS)a�Open an SSH client session

           This method is a coroutine wrapper around :meth:`create_session`
           designed to provide a "high-level" stream interface for creating
           an SSH client session. Instead of taking a `session_factory`
           argument for constructing an object which will handle activity
           on the session via callbacks, it returns an :class:`SSHWriter`
           and two :class:`SSHReader` objects representing stdin, stdout,
           and stderr which can be used to perform I/O on the session. With
           the exception of `session_factory`, all of the arguments to
           :meth:`create_session` are supported and have the same meaning.

        N)rr�r�r�r?�r
rIrr�r�rrr�open_session%s����
�z SSHClientConnection.open_sessionT)�input�stdin�stdout�stderr�bufsize�send_eof�recv_eofrrrr	r
rrc
�s`�|jtg|�Ri|	��IdH\}
}|}|r!|
�|�|
��d}|�||||||�IdH|S)a
Create a process on the remote system

           This method is a coroutine wrapper around :meth:`create_session`
           which can be used to execute a command, start a subsystem,
           or start an interactive shell, optionally redirecting stdin,
           stdout, and stderr to and from files or pipes attached to
           other local and remote processes.

           By default, the stdin, stdout, and stderr arguments default
           to the special value `PIPE` which means that they can be
           read and written interactively via stream objects which are
           members of the :class:`SSHClientProcess` object this method
           returns. If other file-like objects are provided as arguments,
           input or output will automatically be redirected to them. The
           special value `DEVNULL` can be used to provide no input or
           discard all output, and the special value `STDOUT` can be
           provided as `stderr` to send its output to the same stream
           as `stdout`.

           In addition to the arguments below, all arguments to
           :meth:`create_session` except for `session_factory` are
           supported and have the same meaning.

           :param input: (optional)
               Input data to feed to standard input of the remote process.
               If specified, this argument takes precedence over stdin.
               Data should be a `str` if encoding is set, or `bytes` if not.
           :param stdin: (optional)
               A filename, file-like object, file descriptor, socket, or
               :class:`SSHReader` to feed to standard input of the remote
               process, or `DEVNULL` to provide no input.
           :param stdout: (optional)
               A filename, file-like object, file descriptor, socket, or
               :class:`SSHWriter` to feed standard output of the remote
               process to, or `DEVNULL` to discard this output.
           :param stderr: (optional)
               A filename, file-like object, file descriptor, socket, or
               :class:`SSHWriter` to feed standard error of the remote
               process to, `DEVNULL` to discard this output, or `STDOUT`
               to feed standard error to the same place as stdout.
           :param bufsize: (optional)
               Buffer size to use when feeding data from a file to stdin
           :param send_eof:
               Whether or not to send EOF to the channel when EOF is
               received from stdin, defaulting to `True`. If set to `False`,
               the channel will remain open after EOF is received on stdin,
               and multiple sources can be redirected to the channel.
           :param recv_eof:
               Whether or not to send EOF to stdout and stderr when EOF is
               received from the channel, defaulting to `True`. If set to
               `False`, the redirect targets of stdout and stderr will remain
               open after EOF is received on the channel and can be used for
               multiple redirects.
           :type input: `str` or `bytes`
           :type bufsize: `int`
           :type send_eof: `bool`
           :type recv_eof: `bool`

           :returns: :class:`SSHClientProcess`

           :raises: :exc:`ChannelOpenError` if the channel can't be opened

        N)rr�rd�	write_eof�redirect)
r
rrrr	r
rrrIrr��process�	new_stdinrrr�create_process>s"�I���


�z"SSHClientConnection.create_processrc	�s��dtf�fdd�}
|j|
|fd|i|	��IdH\}}|}
|r2tt|�d��}|�|�|��d}
|�|
|||�IdH||��fS)a�Create a subprocess on the remote system

           This method is a coroutine wrapper around :meth:`create_session`
           which can be used to execute a command, start a subsystem,
           or start an interactive shell, optionally redirecting stdin,
           stdout, and stderr to and from files or pipes attached to
           other local and remote processes similar to :meth:`create_process`.
           However, instead of performing interactive I/O using
           :class:`SSHReader` and :class:`SSHWriter` objects, the caller
           provides a function which returns an object which conforms
           to the :class:`asyncio.SubprocessProtocol` and this call
           returns that and an :class:`SSHSubprocessTransport` object which
           conforms to :class:`asyncio.SubprocessTransport`.

           With the exception of the addition of `protocol_factory`, all
           of the arguments are the same as :meth:`create_process`.

           :param protocol_factory:
               A `callable` which returns an :class:`SSHSubprocessProtocol`
               object that will be created to handle activity on this
               session.
           :type protocol_factory: `callable`

           :returns: an :class:`SSHSubprocessTransport` and
                     :class:`SSHSubprocessProtocol`

           :raises: :exc:`ChannelOpenError` if the channel can't be opened

        rcst��S)zReturn a subprocess transport)r�r�rrr�transport_factory�r�z@SSHClientConnection.create_subprocess.<locals>.transport_factoryrNr)	r�rrr�rYrdr
r�get_protocol)r
rrCr
rrrr	rrrrprVr�
stdin_piperrr�create_subprocess�s"�(���
z%SSHClientConnection.create_subprocess)�check�timeoutrrc�s*�|j|i|��IdH}|�||�IdHS)aRun a command on the remote system and collect its output

           This method is a coroutine wrapper around :meth:`create_process`
           which can be used to run a process to completion when no
           interactivity is needed. All of the arguments to
           :meth:`create_process` can be passed in to provide input or
           redirect stdin, stdout, and stderr, but this method waits until
           the process exits and returns an :class:`SSHCompletedProcess`
           object with the exit status or signal information and the
           output to stdout and stderr (if not redirected).

           If the check argument is set to `True`, a non-zero exit status
           from the remote process will trigger the :exc:`ProcessError`
           exception to be raised.

           In addition to the argument below, all arguments to
           :meth:`create_process` are supported and have the same meaning.

           If a timeout is specified and it expires before the process
           exits, the :exc:`TimeoutError` exception will be raised. By
           default, no timeout is set and this call will wait indefinitely.

           :param check: (optional)
               Whether or not to raise :exc:`ProcessError` when a non-zero
               exit status is returned
           :param timeout:
               Amount of time in seconds to wait for process to exit or
               `None` to wait indefinitely
           :type check: `bool`
           :type timeout: `int`, `float`, or `None`

           :returns: :class:`SSHCompletedProcess`

           :raises: | :exc:`ChannelOpenError` if the session can't be opened
                    | :exc:`ProcessError` if checking non-zero exit status
                    | :exc:`TimeoutError` if the timeout expires before exit

        N)rr)r
rrrIrrrrr�run�s�*zSSHClientConnection.runr�rrr&rrr'r(c��V�|j�d||f�|j�d||f�|�||||	�}
|
�|||||�IdH}|
|fS)a6
Create an SSH TCP direct connection

           This method is a coroutine which can be called to request that
           the server open a new outbound TCP connection to the specified
           destination host and port. If the connection is successfully
           opened, a new SSH channel will be opened with data being handled
           by a :class:`SSHTCPSession` object created by `session_factory`.

           Optional arguments include the host and port of the original
           client opening the connection when performing TCP port forwarding.

           By default, this class expects data to be sent and received as
           raw bytes. However, an optional encoding argument can be passed
           in to select the encoding to use, allowing the application send
           and receive string data. When encoding is set, an optional errors
           argument can be passed in to select what Unicode error handling
           strategy to use.

           Other optional arguments include the SSH receive window size and
           max packet size which default to 2 MB and 32 KB, respectively.

           :param session_factory:
               A `callable` which returns an :class:`SSHTCPSession` object
               that will be created to handle activity on this session
           :param remote_host:
               The remote hostname or address to connect to
           :param remote_port:
               The remote port number to connect to
           :param orig_host: (optional)
               The hostname or address of the client requesting the connection
           :param orig_port: (optional)
               The port number of the client requesting the connection
           :param encoding: (optional)
               The Unicode encoding to use for data exchanged on the connection
           :param errors: (optional)
               The error handling strategy to apply on encode/decode errors
           :param window: (optional)
               The receive window size for this session
           :param max_pktsize: (optional)
               The maximum packet size for this session
           :type session_factory: `callable`
           :type remote_host: `str`
           :type remote_port: `int`
           :type orig_host: `str`
           :type orig_port: `int`
           :type encoding: `str` or `None`
           :type errors: `str`
           :type window: `int`
           :type max_pktsize: `int`

           :returns: an :class:`SSHTCPChannel` and :class:`SSHTCPSession`

           :raises: :exc:`ChannelOpenError` if the connection can't be opened

        z#Opening direct TCP connection to %sr�N)r{r,rr�r
rrrr'r(rrrrr�r�rrrrs�?�

�z%SSHClientConnection.create_connectionc��8�|jtg|�Ri|��IdH\}}t||�t||�fS)aMOpen an SSH TCP direct connection

           This method is a coroutine wrapper around :meth:`create_connection`
           designed to provide a "high-level" stream interface for creating
           an SSH TCP direct connection. Instead of taking a
           `session_factory` argument for constructing an object which will
           handle activity on the session via callbacks, it returns
           :class:`SSHReader` and :class:`SSHWriter` objects which can be
           used to perform I/O on the connection.

           With the exception of `session_factory`, all of the arguments
           to :meth:`create_connection` are supported and have the same
           meaning here.

           :returns: an :class:`SSHReader` and :class:`SSHWriter`

           :raises: :exc:`ChannelOpenError` if the connection can't be opened

        N�rr�r�r�rrrr�open_connectionOs����z#SSHClientConnection.open_connectionc	�s��|��}|j�d||f�|�dt|�t|��IdH\}}	|tkrc|dkr-|	��}d}
nt|	�	��dkr9|	��d}
|	�
�tt||||||||�}|
rZ|j�
d|�||j|<||j||f<|S|	�
�|j�
d	�td	��)
aoCreate a remote SSH TCP listener

           This method is a coroutine which can be called to request that
           the server listen on the specified remote address and port for
           incoming TCP connections. If the request is successful, the
           return value is an :class:`SSHListener` object which can be
           used later to shut down the listener. If the request fails,
           `None` is returned.

           :param session_factory:
               A `callable` or coroutine which takes arguments of the
               original host and port of the client and decides whether
               to accept the connection or not, either returning an
               :class:`SSHTCPSession` object used to handle activity
               on that connection or raising :exc:`ChannelOpenError`
               to indicate that the connection should not be accepted
           :param listen_host:
               The hostname or address on the remote host to listen on
           :param listen_port:
               The port number on the remote host to listen on
           :param encoding: (optional)
               The Unicode encoding to use for data exchanged on the connection
           :param errors: (optional)
               The error handling strategy to apply on encode/decode errors
           :param window: (optional)
               The receive window size for this session
           :param max_pktsize: (optional)
               The maximum packet size for this session
           :type session_factory: `callable` or coroutine
           :type listen_host: `str`
           :type listen_port: `int`
           :type encoding: `str` or `None`
           :type errors: `str`
           :type window: `int`
           :type max_pktsize: `int`

           :returns: :class:`SSHListener`

           :raises: :class:`ChannelListenError` if the listener can't be opened

        z"Creating remote TCP listener on %ss
tcpip-forwardNrTr'FzAssigning dynamic port %dz$Failed to create remote TCP listener)r�r{r,r�r�r�rWr2r�r�r�rsrr1rr~r�)r
rrrrrrrrCrB�dynamicr�rrrr ls:�1��
�
z!SSHClientConnection.create_server�handler_factoryc�s:�dtdtdtf�fdd�}|j|g|�Ri|��IdHS)a=Start a remote SSH TCP listener

           This method is a coroutine wrapper around :meth:`create_server`
           designed to provide a "high-level" stream interface for creating
           remote SSH TCP listeners. Instead of taking a `session_factory`
           argument for constructing an object which will handle activity on
           the session via callbacks, it takes a `handler_factory` which
           returns a `callable` or coroutine that will be passed
           :class:`SSHReader` and :class:`SSHWriter` objects which can be
           used to perform I/O on each new connection which arrives. Like
           :meth:`create_server`, `handler_factory` can also raise
           :exc:`ChannelOpenError` if the connection should not be accepted.

           With the exception of `handler_factory` replacing
           `session_factory`, all of the arguments to :meth:`create_server`
           are supported and have the same meaning here.

           :param handler_factory:
               A `callable` or coroutine which takes arguments of the
               original host and port of the client and decides whether to
               accept the connection or not, either returning a callback
               or coroutine used to handle activity on that connection
               or raising :exc:`ChannelOpenError` to indicate that the
               connection should not be accepted
           :type handler_factory: `callable` or coroutine

           :returns: :class:`SSHListener`

           :raises: :class:`ChannelListenError` if the listener can't be opened

        r'r(rcst�||��S)z#Return a TCP stream session handler)r�)r'r(�r rrr�rz9SSHClientConnection.start_server.<locals>.session_factoryN)rrr�r �r
r rIrrrr!r�start_server�s�#��z SSHClientConnection.start_serverr+c	��:�|j�d|�|�||||�}|�||�IdH}||fS)aCreate an SSH UNIX domain socket direct connection

           This method is a coroutine which can be called to request that
           the server open a new outbound UNIX domain socket connection to
           the specified destination path. If the connection is successfully
           opened, a new SSH channel will be opened with data being handled
           by a :class:`SSHUNIXSession` object created by `session_factory`.

           By default, this class expects data to be sent and received as
           raw bytes. However, an optional encoding argument can be passed
           in to select the encoding to use, allowing the application to
           send and receive string data. When encoding is set, an optional
           errors argument can be passed in to select what Unicode error
           handling strategy to use.

           Other optional arguments include the SSH receive window size and
           max packet size which default to 2 MB and 32 KB, respectively.

           :param session_factory:
               A `callable` which returns an :class:`SSHUNIXSession` object
               that will be created to handle activity on this session
           :param remote_path:
               The remote path to connect to
           :param encoding: (optional)
               The Unicode encoding to use for data exchanged on the connection
           :param errors: (optional)
               The error handling strategy to apply on encode/decode errors
           :param window: (optional)
               The receive window size for this session
           :param max_pktsize: (optional)
               The maximum packet size for this session
           :type session_factory: `callable`
           :type remote_path: `str`
           :type encoding: `str` or `None`
           :type errors: `str`
           :type window: `int`
           :type max_pktsize: `int`

           :returns: an :class:`SSHUNIXChannel` and :class:`SSHUNIXSession`

           :raises: :exc:`ChannelOpenError` if the connection can't be opened

        z$Opening direct UNIX connection to %sN)r{r,rr�	r
rr+rrrrr�r�rrrr,�s
�2z*SSHClientConnection.create_unix_connectionc�r)auOpen an SSH UNIX domain socket direct connection

           This method is a coroutine wrapper around
           :meth:`create_unix_connection` designed to provide a "high-level"
           stream interface for creating an SSH UNIX domain socket direct
           connection. Instead of taking a `session_factory` argument for
           constructing an object which will handle activity on the session
           via callbacks, it returns :class:`SSHReader` and :class:`SSHWriter`
           objects which can be used to perform I/O on the connection.

           With the exception of `session_factory`, all of the arguments
           to :meth:`create_unix_connection` are supported and have the same
           meaning here.

           :returns: an :class:`SSHReader` and :class:`SSHWriter`

           :raises: :exc:`ChannelOpenError` if the connection can't be opened

        N�r,r�r�r�rrrr�open_unix_connection+s��
��z(SSHClientConnection.open_unix_connectionc
�st�|j�d|�|�dt|��IdH\}}|��|tkr0tt|||||||�}	|	|j|<|	S|j�	d�t
d��)a�Create a remote SSH UNIX domain socket listener

           This method is a coroutine which can be called to request that
           the server listen on the specified remote path for incoming UNIX
           domain socket connections. If the request is successful, the
           return value is an :class:`SSHListener` object which can be
           used later to shut down the listener. If the request fails,
           `None` is returned.

           :param session_factory:
               A `callable` or coroutine which decides whether to accept
               the connection or not, either returning an
               :class:`SSHUNIXSession` object used to handle activity
               on that connection or raising :exc:`ChannelOpenError`
               to indicate that the connection should not be accepted
           :param listen_path:
               The path on the remote host to listen on
           :param encoding: (optional)
               The Unicode encoding to use for data exchanged on the connection
           :param errors: (optional)
               The error handling strategy to apply on encode/decode errors
           :param window: (optional)
               The receive window size for this session
           :param max_pktsize: (optional)
               The maximum packet size for this session
           :type session_factory: `callable`
           :type listen_path: `str`
           :type encoding: `str` or `None`
           :type errors: `str`
           :type window: `int`
           :type max_pktsize: `int`

           :returns: :class:`SSHListener`

           :raises: :class:`ChannelListenError` if the listener can't be opened

        z#Creating remote UNIX listener on %ssstreamlocal-forward@openssh.comNz%Failed to create remote UNIX listener)r{r,r�r�r�rWrtrr~r1r�)
r
rr<rrrrrCrBr�rrr�create_unix_serverIs �,�
�
z&SSHClientConnection.create_unix_serverc�s2�dtf�fdd�}|j|g|�Ri|��IdHS)aDStart a remote SSH UNIX domain socket listener

           This method is a coroutine wrapper around :meth:`create_unix_server`
           designed to provide a "high-level" stream interface for creating
           remote SSH UNIX domain socket listeners. Instead of taking a
           `session_factory` argument for constructing an object which
           will handle activity on the session via callbacks, it takes a
           `handler_factory` which returns a `callable` or coroutine that
           will be passed :class:`SSHReader` and :class:`SSHWriter` objects
           which can be used to perform I/O on each new connection which
           arrives. Like :meth:`create_unix_server`, `handler_factory`
           can also raise :exc:`ChannelOpenError` if the connection should
           not be accepted.

           With the exception of `handler_factory` replacing
           `session_factory`, all of the arguments to
           :meth:`create_unix_server` are supported and have the same
           meaning here.

           :param handler_factory:
               A `callable` or coroutine which decides whether to accept
               the UNIX domain socket connection or not, either returning
               a callback or coroutine used to handle activity on that
               connection or raising :exc:`ChannelOpenError` to indicate
               that the connection should not be accepted
           :type handler_factory: `callable` or coroutine

           :returns: :class:`SSHListener`

           :raises: :class:`ChannelListenError` if the listener can't be opened

        rcs
t���S)z2Return a UNIX domain socket stream session handler)r�rr!rrr�r�z>SSHClientConnection.start_unix_server.<locals>.session_factoryN)r�r(r"rr!r�start_unix_server�s�%��z%SSHClientConnection.start_unix_server�client_factoryr)r�c�s �t|||fd|i|��IdHS)a�Create a tunneled SSH client connection

           This method is a coroutine which can be called to open an
           SSH client connection to the requested host and port tunneled
           inside this already established connection. It takes all the
           same arguments as :func:`create_connection` but requests
           that the upstream SSH server open the connection rather than
           connecting directly.

        rqN�r)r
r*r)r�rrrr�create_ssh_connection�s���z)SSHClientConnection.create_ssh_connectionc���t||fd|i|��IdHS)a�Make a tunneled SSH client connection

           This method is a coroutine which can be called to open an
           SSH client connection to the requested host and port tunneled
           inside this already established connection. It takes all the
           same arguments as :func:`connect` but requests that the upstream
           SSH server open the connection rather than connecting directly.

        rqN)r�r
r)r�rrrr�connect_ssh���
zSSHClientConnection.connect_sshr�c�r-)a�Make a tunneled reverse direction SSH connection

           This method is a coroutine which can be called to open an
           SSH client connection to the requested host and port tunneled
           inside this already established connection. It takes all the
           same arguments as :func:`connect` but requests that the upstream
           SSH server open the connection rather than connecting directly.

        rqN)�connect_reverser.rrr�connect_reverse_ssh�s�
�z'SSHClientConnection.connect_reverse_sshc�r-)a�Create a tunneled SSH listener

           This method is a coroutine which can be called to open a remote
           SSH listener on the requested host and port tunneled inside this
           already established connection. It takes all the same arguments as
           :func:`listen` but requests that the upstream SSH server open the
           listener rather than listening directly via TCP/IP.

        rqN��listenr.rrr�
listen_ssh�r0zSSHClientConnection.listen_sshc�r-)a�Create a tunneled reverse direction SSH listener

           This method is a coroutine which can be called to open a remote
           SSH listener on the requested host and port tunneled inside this
           already established connection. It takes all the same arguments as
           :func:`listen_reverse` but requests that the upstream SSH server
           open the listener rather than listening directly via TCP/IP.

        rqN)�listen_reverser.rrr�listen_reverse_ssh�s��z&SSHClientConnection.listen_reverse_ssh�rr�remote_unitc��H�|j�d|durdnt|��|�||�}|�|t|�IdH}||fS)a)Create an SSH layer 3 tunnel

           This method is a coroutine which can be called to request that
           the server open a new outbound layer 3 tunnel to the specified
           remote TUN device. If the tunnel is successfully opened, a new
           SSH channel will be opened with data being handled by a
           :class:`SSHTunTapSession` object created by `session_factory`.

           Optional arguments include the SSH receive window size and max
           packet size which default to 2 MB and 32 KB, respectively.

           :param session_factory:
               A `callable` which returns an :class:`SSHUNIXSession` object
               that will be created to handle activity on this session
           :param remote_unit:
               The remote TUN device to connect to
           :param window: (optional)
               The receive window size for this session
           :param max_pktsize: (optional)
               The maximum packet size for this session
           :type session_factory: `callable`
           :type remote_unit: `int` or `None`
           :type window: `int`
           :type max_pktsize: `int`

           :returns: an :class:`SSHTunTapChannel` and :class:`SSHTunTapSession`

           :raises: :exc:`ChannelOpenError` if the connection can't be opened

        z(Opening layer 3 tunnel to remote unit %sNr�)r{r,rr"�openr��r
rr9rrr�r�rrr�
create_tun��$�
�zSSHClientConnection.create_tunc�r:)a)Create an SSH layer 2 tunnel

           This method is a coroutine which can be called to request that
           the server open a new outbound layer 2 tunnel to the specified
           remote TAP device. If the tunnel is successfully opened, a new
           SSH channel will be opened with data being handled by a
           :class:`SSHTunTapSession` object created by `session_factory`.

           Optional arguments include the SSH receive window size and max
           packet size which default to 2 MB and 32 KB, respectively.

           :param session_factory:
               A `callable` which returns an :class:`SSHUNIXSession` object
               that will be created to handle activity on this session
           :param remote_unit:
               The remote TAP device to connect to
           :param window: (optional)
               The receive window size for this session
           :param max_pktsize: (optional)
               The maximum packet size for this session
           :type session_factory: `callable`
           :type remote_unit: `int` or `None`
           :type window: `int`
           :type max_pktsize: `int`

           :returns: an :class:`SSHTunTapChannel` and :class:`SSHTunTapSession`

           :raises: :exc:`ChannelOpenError` if the connection can't be opened

        z(Opening layer 2 tunnel to remote unit %sNr�)r{r,rr"r;r�r<rrr�
create_tap4r>zSSHClientConnection.create_tapc�r)a"Open an SSH layer 3 tunnel

           This method is a coroutine wrapper around :meth:`create_tun`
           designed to provide a "high-level" stream interface for creating
           an SSH layer 3 tunnel. Instead of taking a `session_factory`
           argument for constructing an object which will handle activity
           on the session via callbacks, it returns :class:`SSHReader` and
           :class:`SSHWriter` objects which can be used to perform I/O on
           the tunnel.

           With the exception of `session_factory`, all of the arguments
           to :meth:`create_tun` are supported and have the same meaning here.

           :returns: an :class:`SSHReader` and :class:`SSHWriter`

           :raises: :exc:`ChannelOpenError` if the connection can't be opened

        N)r=r�r�r�rrrr�open_tunb����zSSHClientConnection.open_tunc�r)a"Open an SSH layer 2 tunnel

           This method is a coroutine wrapper around :meth:`create_tap`
           designed to provide a "high-level" stream interface for creating
           an SSH layer 2 tunnel. Instead of taking a `session_factory`
           argument for constructing an object which will handle activity
           on the session via callbacks, it returns :class:`SSHReader` and
           :class:`SSHWriter` objects which can be used to perform I/O on
           the tunnel.

           With the exception of `session_factory`, all of the arguments
           to :meth:`create_tap` are supported and have the same meaning here.

           :returns: an :class:`SSHReader` and :class:`SSHWriter`

           :raises: :exc:`ChannelOpenError` if the connection can't be opened

        N)r?r�r�r�rrrr�open_tap~rAzSSHClientConnection.open_tapr1r3c�s��dttdtdtdtttttff���fdd�}�j�d||f��zt	��j
|||�IdH}WntyH}z�j�d	|��d}~ww|d
krQ|�
�}|�j||f<|S)aFSet up local TCP port forwarding to a remote UNIX domain socket

           This method is a coroutine which attempts to set up port
           forwarding from a local TCP listening port to a remote UNIX
           domain path via the SSH connection. If the request is successful,
           the return value is an :class:`SSHListener` object which can be
           used later to shut down the port forwarding.

           :param listen_host:
               The hostname or address on the local host to listen on
           :param listen_port:
               The port number on the local host to listen on
           :param dest_path:
               The path on the remote host to forward the connections to
           :param accept_handler:
               A `callable` or coroutine which takes arguments of the
               original host and port of the client and decides whether
               or not to allow connection forwarding, returning `True` to
               accept the connection and begin forwarding or `False` to
               reject and close it.
           :type listen_host: `str`
           :type listen_port: `int`
           :type dest_path: `str`
           :type accept_handler: `callable` or coroutine

           :returns: :class:`SSHListener`

           :raises: :exc:`OSError` if the listener can't be opened

        rr'r(rc�sb��r(�||�}t�|�rttt|�IdH}|s(�j�d||f��ttd����	|��IdHSr4)
r6r7rr	r�r{r,r�rYr,r6�r3r1r
rrr8�s�

��zISSHClientConnection.forward_local_port_to_path.<locals>.tunnel_connectionr9Nr:r)r�rrrrr,r�r{r,rwrr:r1rr�)r
rrr1r3r8r�rarrCr�forward_local_port_to_path�s8�#��������z.SSHClientConnection.forward_local_port_to_pathr-r.c
�s��dttdtttttff���fdd�}�j�d|��f�z
t��j||�IdH}Wnt	yC}z�j�
d|��d}~ww|�j|<|S)a�Set up local UNIX domain socket forwarding to a remote TCP port

           This method is a coroutine which attempts to set up UNIX domain
           socket forwarding from a local listening path to a remote host
           and port via the SSH connection. If the request is successful,
           the return value is an :class:`SSHListener` object which can
           be used later to shut down the UNIX domain socket forwarding.

           :param listen_path:
               The path on the local host to listen on
           :param dest_host:
               The hostname or address to forward the connections to
           :param dest_port:
               The port number to forward the connections to
           :type listen_path: `str`
           :type dest_host: `str`
           :type dest_port: `int`

           :returns: :class:`SSHListener`

           :raises: :exc:`OSError` if the listener can't be opened

        rrc�s���|��dd�IdHS)r5r�rNr+r=�r-r.r
rrr8s�
�zISSHClientConnection.forward_local_path_to_port.<locals>.tunnel_connectionr?Nr@)r�rrr+r�r{r,rxrr:r1r�)r
r<r-r.r8r�rarrEr�forward_local_path_to_port�s*�������
z.SSHClientConnection.forward_local_path_to_portc�sP�dtdtdttf���fdd�}�j�d||f��f���|||�IdHS)a2Set up remote port forwarding

           This method is a coroutine which attempts to set up port
           forwarding from a remote listening port to a local host and port
           via the SSH connection. If the request is successful, the
           return value is an :class:`SSHListener` object which can be
           used later to shut down the port forwarding. If the request
           fails, `None` is returned.

           :param listen_host:
               The hostname or address on the remote host to listen on
           :param listen_port:
               The port number on the remote host to listen on
           :param dest_host:
               The hostname or address to forward connections to
           :param dest_port:
               The port number to forward connections to
           :type listen_host: `str`
           :type listen_port: `int`
           :type dest_host: `str`
           :type dest_port: `int`

           :returns: :class:`SSHListener`

           :raises: :class:`ChannelListenError` if the listener can't be opened

        r�r�rcsttt������S�z9Return an SSHTCPSession used to do remote port forwarding)rr	r�r0r�rErrr9s
�z@SSHClientConnection.forward_remote_port.<locals>.session_factory�+Creating remote TCP forwarder from %s to %sN)rrr	r�r{r,r )r
rrr-r.rrrEr�forward_remote_ports� ���
�z'SSHClientConnection.forward_remote_portc�s@�dtttf��fdd�}�j�d|����||�IdHS)a?Set up remote UNIX domain socket forwarding

           This method is a coroutine which attempts to set up UNIX domain
           socket forwarding from a remote listening path to a local path
           via the SSH connection. If the request is successful, the
           return value is an :class:`SSHListener` object which can be
           used later to shut down the port forwarding. If the request
           fails, `None` is returned.

           :param listen_path:
               The path on the remote host to listen on
           :param dest_path:
               The path on the local host to forward connections to
           :type listen_path: `str`
           :type dest_path: `str`

           :returns: :class:`SSHListener`

           :raises: :class:`ChannelListenError` if the listener can't be opened

        rcstttt�����S�z:Return an SSHUNIXSession used to do remote path forwarding)rr	r�rr2rr>rrr_s�z@SSHClientConnection.forward_remote_path.<locals>.session_factory�,Creating remote UNIX forwarder from %s to %sN)r	r�rr{r,r()r
r<r1rrr>r�forward_remote_pathFs��z'SSHClientConnection.forward_remote_pathc�sJ�dtdtdttf��fdd�}�j�d||f����|||�IdHS)a�Set up remote TCP port forwarding to a local UNIX domain socket

           This method is a coroutine which attempts to set up port
           forwarding from a remote TCP listening port to a local UNIX
           domain socket path via the SSH connection. If the request is
           successful, the return value is an :class:`SSHListener` object
           which can be used later to shut down the port forwarding. If
           the request fails, `None` is returned.

           :param listen_host:
               The hostname or address on the remote host to listen on
           :param listen_port:
               The port number on the remote host to listen on
           :param dest_path:
               The path on the local host to forward connections to
           :type listen_host: `str`
           :type listen_port: `int`
           :type dest_path: `str`

           :returns: :class:`SSHListener`

           :raises: :class:`ChannelListenError` if the listener can't be opened

        r�r�rcsttt�����SrG)rr	r�r2r�r>rrr�s�zHSSHClientConnection.forward_remote_port_to_path.<locals>.session_factoryrHN)rrr	r�r{r,r )r
rrr1rrr>r�forward_remote_port_to_pathjs����
�z/SSHClientConnection.forward_remote_port_to_pathc�sF�dtttf���fdd�}�j�d|��f���||�IdHS)a�Set up remote UNIX domain socket forwarding to a local TCP port

           This method is a coroutine which attempts to set up UNIX domain
           socket forwarding from a remote listening path to a local TCP
           host and port via the SSH connection. If the request is
           successful, the return value is an :class:`SSHListener` object
           which can be used later to shut down the port forwarding. If
           the request fails, `None` is returned.

           :param listen_path:
               The path on the remote host to listen on
           :param dest_host:
               The hostname or address to forward connections to
           :param dest_port:
               The port number to forward connections to
           :type listen_path: `str`
           :type dest_host: `str`
           :type dest_port: `int`

           :returns: :class:`SSHListener`

           :raises: :class:`ChannelListenError` if the listener can't be opened

        rcstttt������SrJ)rr	r�rr0rrErrr�s
�zHSSHClientConnection.forward_remote_path_to_port.<locals>.session_factoryrKN)r	r�rr{r,r()r
r<r-r.rrrEr�forward_remote_path_to_port�s��z/SSHClientConnection.forward_remote_path_to_portc�s��dttdtdtdtdtdtttttff�fdd�}�j�d	||f�zt	��j
|||�Id
H}WntyI}z�j�d|��d
}~ww|dkrR|�
�}|�j||f<|S)
a�Set up local port forwarding via SOCKS

           This method is a coroutine which attempts to set up dynamic
           port forwarding via SOCKS on the specified local host and
           port. Each SOCKS request contains the destination host and
           port to connect to and triggers a request to tunnel traffic
           to the requested host and port via the SSH connection.

           If the request is successful, the return value is an
           :class:`SSHListener` object which can be used later to shut
           down the port forwarding.

           :param listen_host:
               The hostname or address on the local host to listen on
           :param listen_port:
               The port number on the local host to listen on
           :type listen_host: `str`
           :type listen_port: `int`

           :returns: :class:`SSHListener`

           :raises: :exc:`OSError` if the listener can't be opened

        rr-r.r'r(rc�s���|||||�IdHS)z)Forward a local SOCKS connection over SSHNr+)rr-r.r'r(r	rr�tunnel_socks�s
�
�z7SSHClientConnection.forward_socks.<locals>.tunnel_socksz$Creating local SOCKS forwarder on %sNz)Failed to create local SOCKS listener: %sr)r�rrrrr+r�r{r,ryrr:r1rr�)r
rrrOr�rarr	r�
forward_socks�s:�
�����
����z!SSHClientConnection.forward_socks�
local_unitc��6�dtf��fdd�}��||�IdH\}}tt|�S)a,Set up layer 3 forwarding

           This method is a coroutine which attempts to set up layer 3
           packet forwarding between local and remote TUN devices. If the
           request is successful, the return value is an :class:`SSHForwarder`
           object which can be used later to shut down the forwarding.

           :param local_unit:
               The unit number of the local TUN device to use
           :param remote_unit:
               The unit number of the remote TUN device to use
           :type local_unit: `int` or `None`
           :type remote_unit: `int` or `None`

           :returns: :class:`SSHForwarder`

           :raises: | :exc:`OSError` if the local TUN device can't be opened
                    | :exc:`ChannelOpenError` if the SSH channel can't be opened

        rc�tt��t���S)z8Return an SSHTunTapSession used to do layer 3 forwarding)rr�rFr�r�rQr
rrrs
��z8SSHClientConnection.forward_tun.<locals>.session_factoryN)r�r=rra�r
rQr9rrpr/rrTr�forward_tun�s�
zSSHClientConnection.forward_tunc�rR)a,Set up layer 2 forwarding

           This method is a coroutine which attempts to set up layer 2
           packet forwarding between local and remote TAP devices. If the
           request is successful, the return value is an :class:`SSHForwarder`
           object which can be used later to shut down the forwarding.

           :param local_unit:
               The unit number of the local TAP device to use
           :param remote_unit:
               The unit number of the remote TAP device to use
           :type local_unit: `int` or `None`
           :type remote_unit: `int` or `None`

           :returns: :class:`SSHForwarder`

           :raises: | :exc:`OSError` if the local TUN device can't be opened
                    | :exc:`ChannelOpenError` if the SSH channel can't be opened

        rcrS)z8Return an SSHTunTapSession used to do layer 2 forwarding)rr�rFr�rrTrrr/s
�z8SSHClientConnection.forward_tap.<locals>.session_factoryN)r�r?rrarUrrTr�forward_taps�
zSSHClientConnection.forward_tapr��
path_encodingc	�s<�|jd||dd�IdH\}}}t||j|||||�IdHS)a_	Start an SFTP client

           This method is a coroutine which attempts to start a secure
           file transfer session. If it succeeds, it returns an
           :class:`SFTPClient` object which can be used to copy and
           access files on the remote host.

           An optional Unicode encoding can be specified for sending and
           receiving pathnames, defaulting to UTF-8 with strict error
           checking. If an encoding of `None` is specified, pathnames
           will be left as bytes rather than being converted to & from
           strings.

           :param env: (optional)
               The environment variables to set for this SFTP session. Keys
               and values passed in here will be converted to Unicode
               strings encoded as UTF-8 (ISO 10646) for transmission.

                   .. note:: Many SSH servers restrict which environment
                             variables a client is allowed to set. The
                             server's configuration may need to be edited
                             before environment variables can be
                             successfully set in the remote environment.
           :param send_env: (optional)
               A list of environment variable names to pull from
               `os.environ` and set for this SFTP session. Wildcards
               patterns using `'*'` and `'?'` are allowed, and all variables
               with matching names will be sent with whatever value is set
               in the local environment. If a variable is present in both
               env and send_env, the value from env will be used.
           :param path_encoding:
               The Unicode encoding to apply when sending and receiving
               remote pathnames
           :param path_errors:
               The error handling strategy to apply on encode/decode errors
           :param sftp_version: (optional)
               The maximum version of the SFTP protocol to support, currently
               either 3 or 4, defaulting to 3.
           :type env: `dict` with `str` keys and values
           :type send_env: `list` of `str`
           :type path_encoding: `str` or `None`
           :type path_errors: `str`
           :type sftp_version: `int`

           :returns: :class:`SFTPClient`

           :raises: :exc:`SFTPError` if the session can't be opened

        �sftpN)r�r�r�r)rr�r)	r
r�r�rX�path_errors�sftp_version�writer�readerrprrrr�9s�8�
�z%SSHClientConnection.start_sftp_client�NNNr)rrM�r�rrErL)�rrrr�__annotations__r0rr�rKrQrRrSrrGr�rir��_ClientHostKeyr�r�rr�r�r�rr�r�r�r�rr�r�r�r�r�r�r�r�rr r�r�r*r�r�r+r�r�r�r�rr�r,r�r�r-r�r�r�r�r.r	r�r�rar�r�r�r)rr�r(rKr�r�r�r�rr�r�r�rr
r�r�rr�r��io�DEFAULT_BUFFER_SIZEr�r�r�rr�r�r�rrWr�rrXrYr�rrrurrr �_TCPServerHandlerFactoryr#r�r,r'rvr(�_UNIXServerHandlerFactoryr)�_ClientFactoryr,r/r2r�r5r7r�r=r?r@rBrZrDrFrIrLrMrNrPrVrWr�r�r�rjrrrlrru
s�
!
�����
CT		
�3D�

�

����
�

�

�

�#�
��

��

��
�
��
��
�
C���
��
�
�
��
��
���	�

�
��

����

�
]
�
����������Y�
��������
	
�@���
�0�����������
�
J

����������Y���,�������
�
:

���������>����-����

�����������������

�0������

�
.

�


�������K���2����,��#���)���'��7���"���!�
���cseZdZUdZded<eed<eeed<			d�dej	ddd	e
d
edeef
�fdd
�
Z
deeddf�fdd�Zd�dd�Zd�dd�Zdeedefdd�Zdeefdd�Zd�dd�Zdefdd�Zdefdd �Zd!ed"ed#edefd$d%�Zdefd&d'�Zd!ed(ed)ed*ed+ed,edefd-d.�Zd!ed/edeefd0d1�Z d!ed/e!deefd2d3�Z"d!ed(edeefd4d5�Z#d!ed(edeefd6d7�Z$defd8d9�Z%d!ed(ed+ed,edef
d:d;�Z&defd<d=�Z'd!ed>edefd?d@�Z(d!edAedBedefdCdD�Z)defdEdF�Z*d!edGedHede+fdIdJ�Z,d!edKe-de+fdLdM�Z.dNe/de0e1e2ffdOdP�Z3dNe/de0e4ee5effdQdR�Z6dNe/ddfdSdT�Z7dUedVe8ddfdWdX�Z9dNe/ddfdYdZ�Z:dNe/de0e;ee<effd[d\�Z=dNe/ddfd]d^�Z>d_eddfd`da�Z?dNe/ddfdbdc�Z@dNe/de0eAeBffddde�ZCdNe/ddfdfdg�ZDdhe1eEdiedjedke8deef
dldm�ZFdheGeEddfdndo�ZHdefdpdq�ZIdeefdrds�ZJeKfd+edGeddfdtdu�ZLdveMddfdwdx�ZNd�dyedzeOdeOfd{d|�ZPd}edefd~d�ZQ	d�dyedzeOdeOfd�d��ZRd}edefd�d��ZS	�	�	�d�d�eed�ed�e8d�e8de1f
d�d��ZT	�	�d�dd�eUeVd��d�eWeEd�ed�e8d�ed�e8d�eed�ed�e8d�e8de0e4eEe5eEffd�d��ZXd�eOd�eOde0eYeZffd�d��Z[dd�eUeVd��d�e\eEd�ed�eed�ed�e8d�e8de0e;eEe<eEffd�d��Z]d�eOd�eOde0eYeZffd�d��Z^	�d�eUeVd��d�eWed�ed�e8d�e8d�e8de0e_e5effd�d��Z`eUeVd��d�e\ed�e8d�e8de0eae<effd�d��Zbde0eYeeZeffd�d��Zcd�eddeefd�d��Zfd�edd�ed�e8degfd�d��Zhd�edd�edegfd�d��Zid�edd�e8d�ee8degfd�d��Zj�ZkS)�r�aFSSH server connection

       This class represents an SSH server connection.

       During authentication, :meth:`send_auth_banner` can be called to
       send an authentication banner to the client.

       Once authenticated, :class:`SSHServer` objects wishing to create
       session objects with non-default channel properties can call
       :meth:`create_server_channel` from their :meth:`session_requested()
       <SSHServer.session_requested>` method and return a tuple of
       the :class:`SSHServerChannel` object returned from that and either
       an :class:`SSHServerSession` object or a coroutine which returns
       an :class:`SSHServerSession`.

       Similarly, :class:`SSHServer` objects wishing to create TCP
       connection objects with non-default channel properties can call
       :meth:`create_tcp_channel` from their :meth:`connection_requested()
       <SSHServer.connection_requested>` method and return a tuple of
       the :class:`SSHTCPChannel` object returned from that and either
       an :class:`SSHTCPSession` object or a coroutine which returns an
       :class:`SSHTCPSession`.

       :class:`SSHServer` objects wishing to create UNIX domain socket
       connection objects with non-default channel properties can call
       :meth:`create_unix_channel` from the :meth:`unix_connection_requested()
       <SSHServer.unix_connection_requested>` method and return a tuple of
       the :class:`SSHUNIXChannel` object returned from that and either
       an :class:`SSHUNIXSession` object or a coroutine which returns an
       :class:`SSHUNIXSession`.

    �SSHServerConnectionOptionsr�r#r�Nr$r%rrrcsNt�j|||||dd�||_|j|_|j|_t|j���|_	|j
|_|j|_
|j|_|j|_|j|_|j|_|j|_|j|_|j|_|j|_|j|_|j |_!|j"|_#|j$|_%|j&|_'|j(|_)|j*|_+|j,|_-|j.|_/|j0|_1|j2|_3|j4r�zt5|j4|j6�|_7|j8|_9|j:|_;|j;|_<Wn	t=y�Ynwd|_>i|_?d|_@d|_Ad|_BdS)NTr\F)CrFrGr��server_host_keys�_server_host_keys�all_server_host_keys�_all_server_host_keysr��keysr��known_client_hosts�_known_client_hosts�trust_client_host�_trust_client_host�authorized_client_keys�_authorized_client_keys�	allow_pty�
_allow_pty�line_editor�_line_editor�	line_echo�
_line_echo�line_history�
_line_history�max_line_length�_max_line_length�rdns_lookup�_rdns_lookupr��_x11_forwardingr��_x11_auth_path�agent_forwarding�_agent_forwarding�process_factory�_process_factoryr�_session_factoryr�	_encodingr�_errors�sftp_factory�
_sftp_factoryr[�
_sftp_version�	allow_scp�
_allow_scpr�_windowr�_max_pktsizerxrdryrer{rfr|rgrirerb�_key_options�
_cert_optionsr}�_agent_listener)r
r$r%rrrrlrrrG�sT��
zSSHServerConnection.__init__rarcs&|jr|j��d|_t��|�dS)zClean up this server connectionN)r�rrFr�r�rlrrr��s
zSSHServerConnection._cleanupcCsn|j�d�|jjrd�dd�|jjD��}|j�d|�dS|j�d|j|jf�|j�d|j|jf�dS)	r�zAccepted SSH client connectionr�csr�rEr�r�rrrr��r�z7SSHServerConnection._connection_made.<locals>.<genexpr>r�r�r�N)	r{r,r�r�r�rrrr )r
r�rrrr��s
�
�
�z$SSHServerConnection._connection_madec	�s��|jr|j�|j|jftj�IdH\|_}tj	|j
d|j|j|j
|j|jd�IdH}||_
|j|_|j|_|j|_|j|_|j|_|j|_|j|_|j|_|j|_|j |_!|j"|_#|j$|_%dS)z-Re-evaluate config with updated match optionsNT)r%r��accept_addr�accept_portryr��client_addr)&r~rr�rr r3r�rrg�	constructr�rrr�rXrYrZr[r\r]r^r_rqrrrsrtr�rr�r�rkrlrmrnrrrsrtru)r
rpr%rrrr��s.��
�z!SSHServerConnection.reload_configr�cCs>|D]}|j�|�}|r||jkr|�|�||_dSqdS)z�Choose the server host key to use

           Given a list of host key algorithms supported by the client,
           select the first compatible server host key we have and return
           whether or not we were able to find a match.

        TF)rir�r�r�rb)r
r�r�r�rrrr�	s


�z*SSHServerConnection.choose_server_host_keycCrS)z�Return the chosen server host key

           This method returns a keypair object containing the
           chosen server host key and a corresponding public key
           or certificate.

        r�r	rrrr�s	z'SSHServerConnection.get_server_host_keycCsL|jr|j�d�dd�|j��D�}|jdg|�R�dS|j�d�dS)z'Send list of available server host keyszSending server host keyscSsg|]}t|��qSr)r�)r�r�rrrr�/r�z=SSHServerConnection.send_server_host_keys.<locals>.<listcomp>shostkeys-00@openssh.comz!Sending server host keys disabledN)rkr{r,rlr�)r
rlrrrr�)s
z)SSHServerConnection.send_server_host_keyscCs |jr|jdus
J�|jjSdS)z;Return whether GSS key exchange authentication is supportedNF)rhre�completer	rrr�gss_kex_auth_supported4sz*SSHServerConnection.gss_kex_auth_supportedcCrS)z2Return whether GSS MIC authentication is supportedr�r	rrr�gss_mic_auth_supported=rUz*SSHServerConnection.gss_mic_auth_supportedry�user_principalr�c��:�|j�|||�}t�|�rttt|�IdH}tt|�S)z�Validate the GSS principal name for the specified user

           Return whether the user principal acquired during GSS
           authentication is valid for the specified user.

        N)r#�validate_gss_principalr6r7rr	r�)r
ryr�r�r�rrrr�Bs�
	�

z*SSHServerConnection.validate_gss_principalcC�|jot|j�p|j��S)z<Return whether or not host based authentication is supported)rYr�rnr#�host_based_auth_supportedr	rrrr�S�
�z-SSHServerConnection.host_based_auth_supportedr�r�r�r�r�c

�sT�|dd�dkr|dd�}|jr|}n2tt|�d��}z|j�|tj�IdH\}}	Wntjy:|d}Ynw||krG|j	�
d||�|jrT|�|j||j
d�z|�||j
|j|�}
Wntyz}z|j	�d|�WYd}~dSd}~ww|
�t|j�||�s�|j	�d	�dS|j�|||�}t�|�r�ttt|�IdH}tt|�S)
zBValidate host based authentication for the specified host and userrNr&r�rz.Client host mismatch: received %s, resolved %szInvalid host key: %sFz!Invalid host-based auth signature)rprr�rQrr�r3r�r5r{r,rnr�rr�r r0r1r�r�r.r#�validate_host_based_userr6r7r	r�)
r
ryr�r�r�r�r��
resolved_hostr�rpr�rar�rrr�validate_host_based_authZsN����
�
���
�

z,SSHServerConnection.validate_host_based_authr�c�s�d}|jr|jj|j|j|j|jdd�}|dur6|j�||j�}t�	|�r0t
tt|�IdH}|s4dSi}||_
|�d�r@dn|}z|�t|�Wn
tyTYdSwt
tt|j�d��}|rtt|j��t�fdd�|D��stdS|j|_|j�|�dd	�o�|�dd	��|jS)
z=Validate an OpenSSH client certificate for the specified userNT)�ca�
principalszsource-addressc3s�|]}�|vVqdSrEr)r��network��iprrr��r�zDSSHServerConnection._validate_openssh_certificate.<locals>.<genexpr>�no-touch-requiredF)rrr�r�rrr�r#�validate_ca_keyr6r7rr	r�r��get_key_optionr�r0rr�r%r�r�r�r�r��set_touch_required�get_certificate_option)r
ryr�r%r��	cert_user�allowed_addressesrr�r�_validate_openssh_certificate�sF�
�
�
�

��z1SSHServerConnection._validate_openssh_certificatec�s��|jsdS|j�||j|j�\}}|durdS||_|�d�r"d}|jdus)J�t|j�}|r5||g7}z|j||j	t
�|j|d�W|j
StyPYdSw)z;Validate an X.509 client certificate for the specified userNr�r�)r�)rr�
validate_x509rrr�r�rHr�r�rJrhrOr0r�)r
ryr�r%�trusted_cert�
trusted_certsrrr� _validate_x509_certificate_chain�s2�
��



���z4SSHServerConnection._validate_x509_certificate_chainc�sZ�zt|�}Wn
tyYdSw|jr!|�|tt|��IdHS|�|tt|��IdHS)z4Validate a client certificate for the specified userN)r�r�r�r�rr�r�r�)r
ryr�r�rrr�_validate_client_certificate�s��

�

�z0SSHServerConnection._validate_client_certificatec�s��zt|�}Wn
tyYdSwd}|jr!|j�||j|j�}|durA|j�||�}t�	|�r;t
tt|�IdH}|s?dSi}||_
|�|�dd��|S)z3Validate a client public key for the specified userNr�F)r�r�rrr�rrr#�validate_public_keyr6r7rr	r�r�r�r�)r
ryr�r�r%r�rrr�_validate_client_public_key�s.��
�
�z/SSHServerConnection._validate_client_public_keycCr�)z<Return whether or not public key authentication is supported)r[r�rrr#�public_key_auth_supportedr	rrrr�r�z-SSHServerConnection.public_key_auth_supportedc�sP�|�||�IdHp|�||�IdH}|durdS|r&|�t|j�||�SdS)a�Validate the public key or certificate for the specified user

           This method validates that the public key or certificate provided
           is allowed for the specified user. If msg and signature are
           provided, the key is used to also validate the message signature.
           It returns `True` when the key is allowed and the signature (if
           present) is valid. Otherwise, it returns `False`.

        NFT)r�r�r�r�r.)r
ryr�r�r�r�rrrr�s��z'SSHServerConnection.validate_public_keycCs|jo|j��S)z:Return whether or not password authentication is supported)r_r#�password_auth_supportedr	rrrr�)sz+SSHServerConnection.password_auth_supportedrec�r�)z.Return whether password is valid for this userN)r#�validate_passwordr6r7rr	r�)r
ryrer�rrrr�.s
�

z%SSHServerConnection.validate_password�old_password�new_passwordc�r�)z+Handle a password change request for a userN)r#�change_passwordr6r7rr	r�)r
ryr�r�r�rrrr�8s�
�

z#SSHServerConnection.change_passwordcCs<|jo|j��}|durdS|tur|j��rd|_dSdS)zQReturn whether or not keyboard-interactive authentication
           is supportedTF)r]r#�kbdint_auth_supportedr�r�r}r�rrrr�Ds�z)SSHServerConnection.kbdint_auth_supportedr��
submethodsc�sX�|jrddtdf}|S|j�|||�}t�|�r%ttt|�IdH}|Stt|�}|S)z,Return a keyboard-interactive auth challenger�))z	Password:FN)	r}r<r#�get_kbdint_challenger6r7rr	r)r
ryr�r��	challenger�rrrr�Ss��
��

�z(SSHServerConnection.get_kbdint_challenge�	responsesc�s��|jr=t|�dkrdSz$|j�||d�}t�|�r&ttt|�IdH}ntt|�}W|SW|St	y<d}Y|Sw|j�
||�}t�|�rUttt|�IdH}|Stt|�}|S)zRReturn whether the keyboard-interactive response is valid
           for this userrFrN)r}r�r#r�r6r7rr	r�r��validate_kbdint_responser)r
ryr��	pw_result�next_challenger�rrrr�es0��

��	�

�z,SSHServerConnection.validate_kbdint_responserBcCs�|��|js
|js
|jr:|�|j|j|j|j�}|jr+t	|j|j|j
|j�}||fSt|j|j|j
|j�}||fS|j
��}|sFttd��t|t�rP|�|�}t|t�rZ|\}}n|�|j|j|j|j�}t|�rrt|�}||fStt|�}||fS)z(Process an incoming session open requestzSession refused)r�r�r�r��create_server_channelr�r�r�r�r�r�r�r�r#�session_requestedr�rZr|ru�forward_tunneled_session�tupler�rr�)r
rBr�r�r�rrrr��sD����
�




�
�z)SSHServerConnection._process_session_opencCs�|��}|��}|��}|��}|��z|�d�}|�d�}Wnty,td�d�w|�d�r7|�d�s<tt	d��t
ttt
tf|�d��}|rc||f|vrc|df|vrctt	d|�d|����|j�||||�}	|	ssttd	��|	d
ur�t
tt|�||��}	nt|	t�r�t
ttt|�|	||��}	t|	t�r�|	\}
}	n|��}
t|	�r�tt|	�}nt
tt|	�}|j�d||f�|j�d||f�|
� ||||�|
|fS)
z.Process an incoming direct TCP/IP open requestr�z*Invalid direct TCP/IP channel open requestN�port-forwarding�Port forwarding not permitted�
permitopenz!Port forwarding not permitted to z port �Connection refusedTz,Accepted direct TCP connection request to %sr�)!r�r2r�r�r�r��check_key_permission�check_certificate_permissionr�rYrrrrrr�r#�connection_requestedrZr�rr0r|rur	�forward_tunneled_connectionr�rr�r�r{r,r�)r
rBr�r.r�r(r-r'�permitted_opensr�r�r�rrrr��sv
��
������
�

�
��

�z.SSHServerConnection._process_direct_tcpip_opencCs�|��}|��}|��z	|�d���}Wnty!td�d�w|�d�r,|�d�s<|j	�
d||f�|�d�dS|�|�
||��dS)z2Process an incoming TCP/IP port forwarding requestr�zInvalid TCP/IP forward requestNr�zDRequest for TCP listener on %s denied: port forwarding not permittedF)r�r2r�r�r�r�r�r�r�r{r,r�r��_finish_port_forward)r
rB�listen_host_bytesrrrrr�%_process_tcpip_forward_global_request�s"
�
��
z9SSHServerConnection._process_tcpip_forward_global_requestrrc�s�|j�||�}z1t�|�rttt|�IdH}|dur(|�||||�IdH}nt|�r8|�|||||�IdH}Wnt	yN|j
�d�|�d�YdSw|sa|j
�
d||f�|�d�dS|dkrn|��}t|�}nd}|j
�
d||f�||j||f<|�|�dS)z2Finish processing a TCP/IP port forwarding requestNTzFailed to create TCP listenerFz4Request for TCP listener on %s denied by applicationrzCreated TCP listener on %s)r#�server_requestedr6r7rr	�_ListenerArgr;r�r:r{r1r�r,rr�r�)r
rrr�r�rrrr�sF�
�
��
��

�z(SSHServerConnection._finish_port_forwardcCs�|��}|��}|��z	|�d���}Wnty!td�d�wz
|j�||f�}Wnt	y8td�d�w|j
�d||f�|��|�
d�dS)z2Process a request to cancel TCP/IP port forwardingr�z%Invalid TCP/IP cancel forward requestNzTCP/IP listener not foundzClosed TCP listener on %sT)r�r2r�r�r�r�r�r�rr3r{r,rr�)r
rBr�rrr�rrr�,_process_cancel_tcpip_forward_global_request:s(��
��z@SSHServerConnection._process_cancel_tcpip_forward_global_requestcCs"|��}|��}|��}|��z|�d�}Wnty#td�d�w|�d�r.|�d�s3tt	d��|j
�|�}|s@ttd��|durOt
tt|�|��}nt|t�rat
ttt|�||��}t|t�rk|\}}n|��}t|�rztt|�}nt
tt|�}|j�d|�|�|�||fS)	z:Process an incoming direct UNIX domain socket open requestr�z/Invalid direct UNIX domain channel open requestNr�r�r�Tz%Accepted direct UNIX connection on %s)r�r2r�r�r�r�r�r�r�rYr#�unix_connection_requestedrZrr�rr2r|rur	� forward_tunneled_unix_connectionr�rr�r�r{r,r�)r
rBr�rpr1r�r�r�rrrr�TsN��
��
�
��


zGSSHServerConnection._process_direct_streamlocal_at_openssh_dot_com_opencCs||��}|��z|�d�}Wntytd�d�w|�d�r&|�d�s4|j�d|�|�	d�dS|�
|�|��dS)z9Process an incoming UNIX domain socket forwarding requestr�z*Invalid UNIX domain socket forward requestNr�zERequest for UNIX listener on %s denied: port forwarding not permittedF)r�r�r�r�r�r�r�r{r,r�r��_finish_path_forward)r
rB�listen_path_bytesr<rrr�>_process_streamlocal_forward_at_openssh_dot_com_global_request�s$��
��
zRSSHServerConnection._process_streamlocal_forward_at_openssh_dot_com_global_requestr<c�s��|j�|�}zt�|�rttt|�IdH}|dur$|�||�IdH}Wnty:|j	�
d�|�d�YdSw|sK|j	�d|�|�d�dS|j	�d|�tt
|�|j|<|�d�dS)z9Finish processing a UNIX domain socket forwarding requestNTzFailed to create UNIX listenerFz5Request for UNIX listener on %s denied by applicationzCreated UNIX listener on %s)r#�unix_server_requestedr6r7rr	r�rAr:r{r1r�r,rrr�)r
r<r�rrrr��s0�

��
��
z(SSHServerConnection._finish_path_forwardcCs�|��}|��z|�d�}Wntytd�d�wz|j�|�}Wnty0td�d�w|j�	d|�|�
�|�d�dS)z9Process a request to cancel UNIX domain socket forwardingr�z*Invalid UNIX domain cancel forward requestNzUNIX domain listener not foundr�T)r�r�r�r�r�r�rr3r{r,rr�)r
rBr�r<r�rrr�E_process_cancel_streamlocal_forward_at_openssh_dot_com_global_request�s"��
�zYSSHServerConnection._process_cancel_streamlocal_forward_at_openssh_dot_com_global_requestcCs|��}|��}|��|tkrd}|tkr|j�|�}n
|tkr(|j�|�}nd}|s1tt	d��|dur?t
t|�||��}nt
|t�rPt
tt|�|||��}t
|t�rZ|\}}n|��}t|�rgt|�}nt
t|�}|j�d|tkrvdnd|tkr}dnt|��|�|�||fS)	z(Process an incoming TUN/TAP open requestNFzTUN/TAP request refusedTz+Accepted layer %d tunnel request to unit %sr#r�r�)r2r�r�r�r#�
tun_requestedr��
tap_requestedr�rZrr�rFr|rur	�forward_tunneled_tuntapr�r"r�r�r{r,r�set_mode)r
rBrBrCr�r�r�rrrr��s@�
�



�
z8SSHServerConnection._process_tun_at_openssh_dot_com_openc	Cs�td�t|j�}g}|r:z|��}|j|}|�t|�|t|����Wnttfy7|�d�YdSw|s
|�d�	|��dS)z=Prove the server has private keys for all requested host keysr�FNr)
r�r.r�rkr�r�r3r�r�r�)r
rBr��
signaturesr�r�rrr�<_process_hostkeys_prove_00_at_openssh_dot_com_global_requests�
 
��	zPSSHServerConnection._process_hostkeys_prove_00_at_openssh_dot_com_global_requestr��
auth_proto�	auth_data�screenc�sf�|jr|�d�r|�d�s|j�d�dS|js't||j|j||�IdH|_|jr1|j�	||�SdS)z(Attach a channel to a remote X11 displayzX11-forwardingz;X11 forwarding request denied: X11 forwarding not permittedN)
rr�r�r{r,r�r�rr�r�)r
r�r�r�r�rrrr�s����z'SSHServerConnection.attach_x11_listenercCr�)z+Detach a session from a remote X11 listenerNr�rJrrrrK2r�z'SSHServerConnection.detach_x11_listenerc�s��|jr|�d�r|�d�s|j�d�dS|jrdSz$tjdd�}tt	|j
d��}t||j|j
|�IdH}t|||�|_WdStyIYdSw)	z6Create a listener for forwarding ssh-agent connectionszagent-forwardingz?Agent forwarding request denied: Agent forwarding not permittedFTz	asyncssh-)r��agentN)r�r�r�r{r,r��tempfile�TemporaryDirectoryrrrOrxr�create_agent_connectionrr:)r
�tempdir�path�
unix_listenerrrr�create_agent_listener9s.���
���z)SSHServerConnection.create_agent_listenercCs|jr|j��SdS)z8Return the path of the ssh-agent listener, if one existsN)r��get_pathr	rrr�get_agent_pathTs
z"SSHServerConnection.get_agent_pathcCs4|jrtd��|j�d�|�tt|�t|��dS)a9Send an authentication banner to the client

           This method can be called to send an authentication banner to
           the client, displaying information while authentication is
           in progress. It is an error to call this method after the
           authentication is complete.

           :param msg:
               The message to display
           :param lang:
               The language the message is in
           :type msg: `str`
           :type lang: `str`

           :raises: :exc:`OSError` if authentication is already completed

        z Authentication already completedzSending authentication bannerN)r�r:r{r1r:rSr�)r
r�r�rrr�send_auth_banner\sz$SSHServerConnection.send_auth_banner�authorized_keyscCs t|ttf�rt|�}||_dS)aOSet the keys trusted for client public key authentication

           This method can be called to set the trusted user and
           CA keys for client public key authentication. It should
           generally be called from the :meth:`begin_auth
           <SSHServer.begin_auth>` method of :class:`SSHServer` to
           set the appropriate keys for the user attempting to
           authenticate.

           :param authorized_keys:
               The keys to trust for client public key authentication
           :type authorized_keys: *see* :ref:`SpecifyingAuthorizedKeys`

        N)r|rr�r'rr)r
r�rrr�set_authorized_keysvs
z'SSHServerConnection.set_authorized_keys�optionrPcCs|j�||�S)a
Return option from authorized_keys

           If a client key or certificate was presented during authentication,
           this method returns the value of the requested option in the
           corresponding authorized_keys entry if it was set. Otherwise, it
           returns the default value provided.

           The following standard options are supported:

               | command (string)
               | environment (dictionary of name/value pairs)
               | from (list of host patterns)
               | no-touch-required (boolean)
               | permitopen (list of host/port tuples)
               | principals (list of usernames)

           Non-standard options are also supported and will return the
           value `True` if the option is present without a value or
           return a list of strings containing the values associated
           with each occurrence of that option name. If the option is
           not present, the specified default value is returned.

           :param option:
               The name of the option to look up.
           :param default:
               The default value to return if the option is not present.
           :type option: `str`

           :returns: The value of the option in authorized_keys, if set

        �r�r��r
r�rPrrrr��s!z"SSHServerConnection.get_key_option�
permissioncCs|j�d|d�S)a�Check permissions in authorized_keys

           If a client key or certificate was presented during
           authentication, this method returns whether the specified
           permission is allowed by the corresponding authorized_keys
           entry. By default, all permissions are granted, but they
           can be revoked by specifying an option starting with
           'no-' without a value.

           The following standard options are supported:

               | X11-forwarding
               | agent-forwarding
               | port-forwarding
               | pty
               | user-rc

           AsyncSSH internally enforces X11-forwarding, agent-forwarding,
           port-forwarding and pty permissions but ignores user-rc since
           it does not implement that feature.

           Non-standard permissions can also be checked, as long as the
           option follows the convention of starting with 'no-'.

           :param permission:
               The name of the permission to check (without the 'no-').
           :type permission: `str`

           :returns: A `bool` indicating if the permission is granted.

        zno-Fr��r
r�rrrr��s!z(SSHServerConnection.check_key_permissioncCs|jdur|j�||�S|S)aReturn option from user certificate

           If a user certificate was presented during authentication,
           this method returns the value of the requested option in
           the certificate if it was set. Otherwise, it returns the
           default value provided.

           The following options are supported:

               | force-command (string)
               | no-touch-required (boolean)
               | source-address (list of CIDR-style IP network addresses)

           :param option:
               The name of the option to look up.
           :param default:
               The default value to return if the option is not present.
           :type option: `str`

           :returns: The value of the option in the user certificate, if set

        N)r�r�r�rrrr��s
z*SSHServerConnection.get_certificate_optioncCs&|jdurtt|j�d|d��SdS)a�Check permissions in user certificate

           If a user certificate was presented during authentication,
           this method returns whether the specified permission was
           granted in the certificate. Otherwise, it acts as if all
           permissions are granted and returns `True`.

           The following permissions are supported:

               | X11-forwarding
               | agent-forwarding
               | port-forwarding
               | pty
               | user-rc

           AsyncSSH internally enforces agent-forwarding, port-forwarding
           and pty permissions but ignores the other values since it does
           not implement those features.

           :param permission:
               The name of the permission to check (without the 'permit-').
           :type permission: `str`

           :returns: A `bool` indicating if the permission is granted.

        Nzpermit-FT)r�rr�r�r�rrrr��s

�z0SSHServerConnection.check_certificate_permissionr�rrrrrcCsPt||j|j|j|j|j|j|dkr|jn||dkr|jn||p"|j	|p&|j
�S)arCreate an SSH server channel for a new SSH session

           This method can be called by :meth:`session_requested()
           <SSHServer.session_requested>` to create an
           :class:`SSHServerChannel` with the desired encoding, Unicode
           error handling strategy, window, and max packet size for a
           newly created SSH server session.

           :param encoding: (optional)
               The Unicode encoding to use for data exchanged on the
               session, defaulting to UTF-8 (ISO 10646) format. If `None`
               is passed in, the application can send and receive raw
               bytes.
           :param errors: (optional)
               The error handling strategy to apply on encode/decode errors
           :param window: (optional)
               The receive window size for this session
           :param max_pktsize: (optional)
               The maximum packet size for this session
           :type encoding: `str` or `None`
           :type errors: `str`
           :type window: `int`
           :type max_pktsize: `int`

           :returns: :class:`SSHServerChannel`

        r�)r*rrtrvrxrzr|r�r�r�r�rrrrr�s�z)SSHServerConnection.create_server_channelrr&rrrr'r(c�r)a�	Create an SSH TCP forwarded connection

           This method is a coroutine which can be called to notify the
           client about a new inbound TCP connection arriving on the
           specified remote host and port. If the connection is successfully
           opened, a new SSH channel will be opened with data being handled
           by a :class:`SSHTCPSession` object created by `session_factory`.

           Optional arguments include the host and port of the original
           client opening the connection when performing TCP port forwarding.

           By default, this class expects data to be sent and received as
           raw bytes. However, an optional encoding argument can be
           passed in to select the encoding to use, allowing the
           application to send and receive string data. When encoding is
           set, an optional errors argument can be passed in to select
           what Unicode error handling strategy to use.

           Other optional arguments include the SSH receive window size and
           max packet size which default to 2 MB and 32 KB, respectively.

           :param session_factory:
               A `callable` which returns an :class:`SSHTCPSession` object
               that will be created to handle activity on this session
           :param remote_host:
               The hostname or address the connection was received on
           :param remote_port:
               The port number the connection was received on
           :param orig_host: (optional)
               The hostname or address of the client requesting the connection
           :param orig_port: (optional)
               The port number of the client requesting the connection
           :param encoding: (optional)
               The Unicode encoding to use for data exchanged on the connection
           :param errors: (optional)
               The error handling strategy to apply on encode/decode errors
           :param window: (optional)
               The receive window size for this session
           :param max_pktsize: (optional)
               The maximum packet size for this session
           :type session_factory: `callable`
           :type remote_host: `str`
           :type remote_port: `int`
           :type orig_host: `str`
           :type orig_port: `int`
           :type encoding: `str` or `None`
           :type errors: `str`
           :type window: `int`
           :type max_pktsize: `int`

           :returns: an :class:`SSHTCPChannel` and :class:`SSHTCPSession`

        z&Opening forwarded TCP connection to %sr�N)r{r,r�acceptrrrrr8s�=�
�z%SSHServerConnection.create_connectionrIrc�r)aOpen an SSH TCP forwarded connection

           This method is a coroutine wrapper around :meth:`create_connection`
           designed to provide a "high-level" stream interface for creating
           an SSH TCP forwarded connection. Instead of taking a
           `session_factory` argument for constructing an object which will
           handle activity on the session via callbacks, it returns
           :class:`SSHReader` and :class:`SSHWriter` objects which can be
           used to perform I/O on the connection.

           With the exception of `session_factory`, all of the arguments
           to :meth:`create_connection` are supported and have the same
           meaning here.

           :returns: an :class:`SSHReader` and :class:`SSHWriter`

        Nrrrrrr�s����z#SSHServerConnection.open_connectionr+c	�r$)a�Create an SSH UNIX domain socket forwarded connection

           This method is a coroutine which can be called to notify the
           client about a new inbound UNIX domain socket connection arriving
           on the specified remote path. If the connection is successfully
           opened, a new SSH channel will be opened with data being handled
           by a :class:`SSHUNIXSession` object created by `session_factory`.

           By default, this class expects data to be sent and received as
           raw bytes. However, an optional encoding argument can be
           passed in to select the encoding to use, allowing the
           application to send and receive string data. When encoding is
           set, an optional errors argument can be passed in to select
           what Unicode error handling strategy to use.

           Other optional arguments include the SSH receive window size and
           max packet size which default to 2 MB and 32 KB, respectively.

           :param session_factory:
               A `callable` which returns an :class:`SSHUNIXSession` object
               that will be created to handle activity on this session
           :param remote_path:
               The path the connection was received on
           :param encoding: (optional)
               The Unicode encoding to use for data exchanged on the connection
           :param errors: (optional)
               The error handling strategy to apply on encode/decode errors
           :param window: (optional)
               The receive window size for this session
           :param max_pktsize: (optional)
               The maximum packet size for this session
           :type session_factory: `callable`
           :type remote_path: `str`
           :type encoding: `str` or `None`
           :type errors: `str`
           :type window: `int`
           :type max_pktsize: `int`

           :returns: an :class:`SSHTCPChannel` and :class:`SSHUNIXSession`

        z'Opening forwarded UNIX connection to %sN)r{r,rr�r%rrrr,�s
�0z*SSHServerConnection.create_unix_connectionc�r)a,Open an SSH UNIX domain socket forwarded connection

           This method is a coroutine wrapper around
           :meth:`create_unix_connection` designed to provide a "high-level"
           stream interface for creating an SSH UNIX domain socket forwarded
           connection. Instead of taking a `session_factory` argument for
           constructing an object which will handle activity on the session
           via callbacks, it returns :class:`SSHReader` and :class:`SSHWriter`
           objects which can be used to perform I/O on the connection.

           With the exception of `session_factory`, all of the arguments
           to :meth:`create_unix_connection` are supported and have the same
           meaning here.

           :returns: an :class:`SSHReader` and :class:`SSHWriter`

        Nr&rrrrr'�s���
��z(SSHServerConnection.open_unix_connectionr8c�s6�|j�d�|�||�}|�|||�IdH}||fS)z&Create an SSH X11 forwarded connectionz Opening forwarded X11 connectionN)r{r,r#r;)r
rr'r(rrr�r�rrr�create_x11_connection�s
�z)SSHServerConnection.create_x11_connectionc�sB�|js	ttd��|j�d�|�||�}|�|�IdH}||fS)z:Create a forwarded ssh-agent connection back to the clientzAgent forwarding not permittedz"Opening forwarded agent connectionN)r�r�rYr{r,r%r;)r
rrrr�r�rrrr��s��z+SSHServerConnection.create_agent_connectionc�s2�|�t�IdH\}}tt||�tt||�fS)z8Open a forwarded ssh-agent connection back to the clientN)r�r�r�rr�)r
r�r�rrr�open_agent_connections��z)SSHServerConnection.open_agent_connectionr�c�s2�dtddf�fdd�}|j�d�t|dtd�S)z2Forward a tunneled session between SSH connectionsrrNc
�sZ�|j��\}}�j|j|j|j|j|j|j|||j	|j
|jd�IdH}|��IdHdS)z6Return an upstream process used to forward the session)rCr�r�r�r�r�rrrrr	N)
�channel�get_encodingrrCr�r�r�r�r�rrr	r�)rrr�upstream_process�r�rrr�!s��zESSHServerConnection.forward_tunneled_session.<locals>.process_factoryz#  Forwarding session via SSH tunnelF)r�r{r,r�)r
r�r�rr�rr�s�z,SSHServerConnection.forward_tunneled_sessionr-r.c�sD�|�tttt�||�IdH\}}|j�d||f�ttt|��S)z9Forward a tunneled TCP connection between SSH connectionsNz0  Forwarding TCP connection to %s via SSH tunnel)rrr�rrar{r,)r
r�r-r.rpr/rrrr�3s���z/SSHServerConnection.forward_tunneled_connectionr1c�s>�|�tttt�|�IdH\}}|j�d|�ttt|��S)z:Forward a tunneled UNIX connection between SSH connectionsNz1  Forwarding UNIX connection to %s via SSH tunnel)r,rr�rrar{r,)r
r�r1rpr/rrrr�As���z4SSHServerConnection.forward_tunneled_unix_connectionrBrCc	�sb�|tkr|j}d}n|j}d}|ttt�|�IdH\}}|�d�}|j�d||�ttt|��S)z4Forward a TUN/TAP connection between SSH connectionsr#r�NrDz2  Forwarding layer %d traffic to %s via SSH tunnel)	r�r=r?rr�rarQr{r,)	r
r�rBrC�create_func�layerrVr/rDrrrr�Ns�
�
�z+SSHServerConnection.forward_tunneled_tuntapr^rrE)r�r�rrrM)lrrrrr`r�rr�rKrQrRrSrrGrir�r�r�rrr�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�rr�r r�r�rr*r�r�r+r�r�r�rr�r�r,r�r�r�r�r�r-r�r�r�rr�r(rKr�r�r<r��_AuthKeysArgr�r
r�r�r�r�r�rXrYr�rr�r�rr�r,r'r.r�r/r�r�rur�r�rar�r�r�rjrrrlrr�zs@
!
�����3
	
�
�
	
�
�
����
�/��
�/��
�#��
��
�!
��
�

�
�
�
��
�"

�.
�B�
�,�
��
�7�
��
��

�1�
�
���
�#$��
�"����
�)�����������
�
H

��������
�
8

��������
�����
�
��
����
���
�
����r�cFs�eZdZUdZeed<eejed<e	ed<e
ed<eed<eed<e
ed<eeeed	<eed
<eed<eed<eeefed
<eeed<eed<eed<eeeefed<ee
ed<ee
ed<ee
ed<ee
ed<ee
ed<eed<eed<eed<eed<eeeed<eeed<edeeefed<eed<eed <eeed!<eed"<eed#<eed$<d0d%eed&e
f�fd'd(�
Zed0d%eed&e
d)efd*d+��Zdede	dededeede
d,eed	eed
eedeedeed
eeeefdeeedeedeededededededede de de de de!deede"deeeefd eeeefd!eeeefd"eeefd-eeefd$ed)dfFd.d/�Z#�Z$S)1rzSSH connection optionsrtr�rr�r)r�rqr�r�r�r!r*r+r9r.r6r�rQr�rTrVrXrZr\r^rGrINrNrkrm�connect_timeoutr��keepalive_internalrrr%rcs*|r|jnd}t�jd||d�|��dS)N)r%�last_configr)rtrFrG)r
r%rrrlrrrG�szSSHConnectionOptions.__init__rc	�s6�t��}tt|�dtj||fd|i|���IdH�S)z8Construct a new options object from within an async taskNr$)rK�get_event_looprrr�r8r)�clsr%rr$rrrr��s
��zSSHConnectionOptions.constructrzrtc#*	s�dtttttffdtttffdd��||_||_t|�|_tt|�d|��|_	tt
|dkr2|n|�dt��|_|dkr@|n|�d�|_
||_|dkrWttt|�d	��}t|t�r`t|�}||_tt
|	dkrk|	n|�d
tj��|_|�d�}#tt|
dkr�|
n|#r�|#dfnd
�|_tt|dkr�|n|�dd��|_ttttf|dkr�|n|�dd��|_ttt|
dkr�|
n|�dd��|_tt|dkr�|n|�dd��|_tt
|dkr�|n|�dd��|_ttt|dkr�|n|�dd��}$�fdd�|$D�|_t |||||||d
u�\|_!|_"|_#|_$|_%tt|dk�r|n|�dd��|_&tt|dk�r,|n|�dd��|_'tt|dk�r=|n	|�d|�dd���|_(tt|dk�rR|n|�dd��|_)|d
u�rxt*|�}%|%D]}&|&j+�sot,d���qettt-|%�}|�r�|D]}'t.|'��/��s�t,d|'�����q}||_0||_1||_2ttt3t
t3t
f|�d d!��\}(})|dk�r�|(}|dk�r�t4}n
t|t��r�t5|�}tt
|�dk�r�t,d"��|dk�r�|)}|dk�r�t6}n
t|t��r�t7|�}|�r�tt8|�dk�r�t,d#��t|t��rt7|�}|�r|dk�rt,d$��t| t��rt7| �} | �r$| dk�r$t,d%��t|!t��r.t7|!�}!|!�r:|!dk�r:t,d&��|"dk�rCt,d'��tt
|�|_9tt8|�|_:|�pSd
|_;| |_<|!|_=|"|_>d
S)(z/Prepare common connection configuration optionsr?rcSsFt|t�r!|�d�}t|�dkrttttft|��}|Std��|S)zSplit CNAME patternsrxr�z%CNAME rules must contain two patterns)r|rr}r�rrr�r0)r?�domainsrrr�_split_cname_patterns�s

�z;SSHConnectionOptions.prepare.<locals>._split_cname_patterns�Hostnamer�Port�	ProxyJump�ProxyCommand�
AddressFamily�BindAddressrN�TCPKeepAliveT�CanonicalizeHostnameF�CanonicalDomains�CanonicalizeFallbackLocal�CanonicalizeMaxDotsr�CanonicalizePermittedCNAMEscsg|]}�|��qSrr)r�r?�r	rrr��r�z0SSHConnectionOptions.prepare.<locals>.<listcomp>�HostbasedAuthentication�PubkeyAuthentication�KbdInteractiveAuthentication�ChallengeResponseAuthentication�PasswordAuthenticationz7OpenSSH certificates not allowed in X.509 trusted certsz0X.509 trusted certificate path not a directory: �
RekeyLimit)rrz&Rekey bytes cannot be negative or zeroz(Rekey seconds cannot be negative or zeroz"Connect timeout cannot be negativez Login timeout cannot be negativerz.Keepalive count max cannot be negative or zero)?rrrrtrr�r�rr�r)rr=r�rqrzrr|r�r�r3�	AF_UNSPECr�r�r�r�r!r*rr+r9r.r6r�r�rQr�rTrVrXrZr\r^r��is_x509r0r�r�is_dirrGrIrNr��_DEFAULT_REKEY_BYTESr��_DEFAULT_REKEY_SECONDSr�rWrkrmrr�rtrr)*r
rtrr�r)r�rqrzr�r�r�r!r*r+r9r.r6r�rQr�rTrVrXrZr\r^rGrIrNrkrmrr�rtrr�	bind_addr�permitted_cnames�certsr�r��config_rekey_bytes�config_rekey_secondsrrr�prepare�s�

�

�
�
�
��
��
���
��
���
���
��
��
��
���
��
���
��





zSSHConnectionOptions.preparerE)%rrrrr9r`rrK�Future�_ProtocolFactoryrrrr
rr�r�rrr�r�rWrrG�classmethodr��_VersionArgr�r~�
_ProxyCommand�	_CNAMEArgr��_AuthArgr�r�r'rjrrrlrrds�
��
�����������
��	�
�����
�
����������
�
���c�sReZdZUdZeed<eed<eed<eed<e	e
ed<ee
ee
fed<e
ed<e
ed	<e	e
ed
<e	e
ed<eeed<eeeefed
<e	e
ed<e
ed<e	eeed<eeed<eed<ee	e
ed<e	eeefed<eed<eed<eed<ee
ed<eed<e	e
ed<e	eeed<e	e
ed<e	e
ed<e	e
ed<e	e
ed<e	e
ed <eed!<e	eed"<eed#<e	e
ed$<eed%<eed&<eee
fed'<e	e
ed(<e	e
ed)<eed*<e	e
ed+<e
ed,<eed-<eed.<d/d/d/d0d0d0d/d1d2d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d3d1d1d1ed1d1d1d1d1d/d1d/d1d/d1d/d1d1d1d/d1d1d/d1d1d1d1d0d1d1d1d1d/d1d/d1d1d1d/d/d/d1d/d/d0d4d5eefQd6e	ej d7e	e!dee"d8ed9ed:ede	ede#d;e
d<eed=e$d>ee%d?eed@ee&dAeedBeeee
fdCeee
dDeedEeedFeee
dGe'dHe'dIe'dJe'dKe'dLe(dMe(dNe(dOe(dPe)dQeedRe*dSeeee
fdTeee+e
fdUee	ee+e
fdVee+e
fdWeee+e
fdXeededee	e
de'de
d	ee
d
e	e
dee,dYe	e-dZeede	e
dee
de-deed[e	edeedee	e
de	eee.fdeedeedeedeee
ee
fdedee	e
dee	e/d\eeee
fdee	e
de	e
dee	e
d e	e
d!eed"ee	ed#eed$e	e
d%ed&ed'eeee
fd(e	e
d)e	e
d*ed+e	e
d,e
d-ed.ed]d/f��fd^d_�
Z0�Z1S)`r[a�pSSH client connection options

       The following options are available to control the establishment
       of SSH client connections:

       :param client_factory: (optional)
           A `callable` which returns an :class:`SSHClient` object that will
           be created for each new connection.
       :param proxy_command: (optional)
           A string or list of strings specifying a command and arguments
           to run to make a connection to the SSH server. Data will be
           forwarded to this process over stdin/stdout instead of opening a
           TCP connection. If specified as a string, standard shell quoting
           will be applied when splitting the command and its arguments.
       :param known_hosts: (optional)
           The list of keys which will be used to validate the server host
           key presented during the SSH handshake. If this is not specified,
           the keys will be looked up in the file :file:`.ssh/known_hosts`.
           If this is explicitly set to `None`, server host key validation
           will be disabled.
       :param host_key_alias: (optional)
           An alias to use instead of the real host name when looking up a host
           key in known_hosts and when validating host certificates.
       :param server_host_key_algs: (optional)
           A list of server host key algorithms to use instead of the
           default of those present in known_hosts when performing the SSH
           handshake, taken from :ref:`server host key algorithms
           <PublicKeyAlgs>`. This is useful when using the
           validate_host_public_key callback to validate server host keys,
           since AsyncSSH can not determine which server host key algorithms
           are preferred. This argument can also be set to 'default' to
           specify that the client should always send its default list of
           supported algorithms to avoid leaking information about what
           algorithms are present for the server in known_hosts.

               .. note:: The 'default' keyword should be used with
                         caution, as it can result in a host key mismatch
                         if the client trusts only a subset of the host
                         keys the server might return.
       :param server_host_keys_handler: (optional)
          A `callable` or coroutine handler function which if set will be
          called when a global request from the server is received which
          provides an updated list of server host keys. The handler takes
          four arguments (added, removed, retained, and revoked), each of
          which is a list of SSHKey public keys, reflecting differences
          between what the server reported and what is currently matching
          in known_hosts.

               .. note:: This handler will only be called when known
                         host checking is enabled and the check succeeded.
       :param x509_trusted_certs: (optional)
           A list of certificates which should be trusted for X.509 server
           certificate authentication. If no trusted certificates are
           specified, an attempt will be made to load them from the file
           :file:`.ssh/ca-bundle.crt`. If this argument is explicitly set
           to `None`, X.509 server certificate authentication will not
           be performed.

               .. note:: X.509 certificates to trust can also be provided
                         through a :ref:`known_hosts <KnownHosts>` file
                         if they are converted into OpenSSH format.
                         This allows their trust to be limited to only
                         specific host names.
       :param x509_trusted_cert_paths: (optional)
           A list of path names to "hash directories" containing certificates
           which should be trusted for X.509 server certificate authentication.
           Each certificate should be in a separate file with a name of the
           form *hash.number*, where *hash* is the OpenSSL hash value of the
           certificate subject name and *number* is an integer counting up
           from zero if multiple certificates have the same hash. If no
           paths are specified, an attempt with be made to use the directory
           :file:`.ssh/crt` as a certificate hash directory.
       :param x509_purposes: (optional)
           A list of purposes allowed in the ExtendedKeyUsage of a
           certificate used for X.509 server certificate authentication,
           defulting to 'secureShellServer'. If this argument is explicitly
           set to `None`, the server certificate's ExtendedKeyUsage will
           not be checked.
       :param username: (optional)
           Username to authenticate as on the server. If not specified,
           the currently logged in user on the local machine will be used.
       :param password: (optional)
           The password to use for client password authentication or
           keyboard-interactive authentication which prompts for a password,
           or a `callable` or coroutine which returns the password to use.
           If this is not specified or set to `None`, client password
           authentication will not be performed.
       :param client_host_keysign: (optional)
           Whether or not to use `ssh-keysign` to sign host-based
           authentication requests. If set to `True`, an attempt will be
           made to find `ssh-keysign` in its typical locations. If set to
           a string, that will be used as the `ssh-keysign` path. When set,
           client_host_keys should be a list of public keys. Otherwise,
           client_host_keys should be a list of private keys with optional
           paired certificates.
       :param client_host_keys: (optional)
           A list of keys to use to authenticate this client via host-based
           authentication. If `client_host_keysign` is set and no host keys
           or certificates are specified, an attempt will be made to find
           them in their typical locations. If `client_host_keysign` is
           not set, host private keys must be specified explicitly or
           host-based authentication will not be performed.
       :param client_host_certs: (optional)
           A list of optional certificates which can be paired with the
           provided client host keys.
       :param client_host: (optional)
           The local hostname to use when performing host-based
           authentication. If not specified, the hostname associated with
           the local IP address of the SSH connection will be used.
       :param client_username: (optional)
           The local username to use when performing host-based
           authentication. If not specified, the username of the currently
           logged in user will be used.
       :param client_keys: (optional)
           A list of keys which will be used to authenticate this client
           via public key authentication. These keys will be used after
           trying keys from a PKCS11 provider or an ssh-agent, if either
           of those are configured. If no client keys are specified,
           an attempt will be made to load them from the files
           :file:`.ssh/id_ed25519_sk`, :file:`.ssh/id_ecdsa_sk`,
           :file:`.ssh/id_ed448`, :file:`.ssh/id_ed25519`,
           :file:`.ssh/id_ecdsa`, :file:`.ssh/id_rsa`, and
           :file:`.ssh/id_dsa` in the user's home directory, with
           optional certificates loaded from the files
           :file:`.ssh/id_ed25519_sk-cert.pub`,
           :file:`.ssh/id_ecdsa_sk-cert.pub`, :file:`.ssh/id_ed448-cert.pub`,
           :file:`.ssh/id_ed25519-cert.pub`, :file:`.ssh/id_ecdsa-cert.pub`,
           :file:`.ssh/id_rsa-cert.pub`, and :file:`.ssh/id_dsa-cert.pub`.
           If this argument is explicitly set to `None`, client public key
           authentication will not be performed.
       :param client_certs: (optional)
           A list of optional certificates which can be paired with the
           provided client keys.
       :param passphrase: (optional)
           The passphrase to use to decrypt client keys if they are
           encrypted, or a `callable` or coroutine which takes a filename
           as a parameter and returns the passphrase to use to decrypt
           that file. If not specified, only unencrypted client keys can
           be loaded. If the keys passed into client_keys are already
           loaded, this argument is ignored.

               .. note:: A callable or coroutine passed in as a passphrase
                         will be called on all filenames configured as
                         client keys or client host keys each time an
                         SSHClientConnectionOptions object is instantiated,
                         even if the keys aren't encrypted or aren't ever
                         used for authentication.

       :param ignore_encrypted: (optional)
           Whether or not to ignore encrypted keys when no passphrase is
           specified. This defaults to `True` when keys are specified via
           the IdentityFile config option, causing encrypted keys in the
           config to be ignored when no passphrase is specified. Note
           that encrypted keys loaded into an SSH agent can still be used
           when this option is set.
       :param host_based_auth: (optional)
           Whether or not to allow host-based authentication. By default,
           host-based authentication is enabled if client host keys are
           made available.
       :param public_key_auth: (optional)
           Whether or not to allow public key authentication. By default,
           public key authentication is enabled if client keys are made
           available.
       :param kbdint_auth: (optional)
           Whether or not to allow keyboard-interactive authentication. By
           default, keyboard-interactive authentication is enabled if a
           password is specified or if callbacks to respond to challenges
           are made available.
       :param password_auth: (optional)
           Whether or not to allow password authentication. By default,
           password authentication is enabled if a password is specified
           or if callbacks to provide a password are made available.
       :param gss_host: (optional)
           The principal name to use for the host in GSS key exchange and
           authentication. If not specified, this value will be the same
           as the `host` argument. If this argument is explicitly set to
           `None`, GSS key exchange and authentication will not be performed.
       :param gss_store: (optional)
           The GSS credential store from which to acquire credentials.
       :param gss_kex: (optional)
           Whether or not to allow GSS key exchange. By default, GSS
           key exchange is enabled.
       :param gss_auth: (optional)
           Whether or not to allow GSS authentication. By default, GSS
           authentication is enabled.
       :param gss_delegate_creds: (optional)
           Whether or not to forward GSS credentials to the server being
           accessed. By default, GSS credential delegation is disabled.
       :param preferred_auth:
           A list of authentication methods the client should attempt to
           use in order of preference. By default, the preferred list is
           gssapi-keyex, gssapi-with-mic, hostbased, publickey,
           keyboard-interactive, and then password. This list may be
           limited by which auth methods are implemented by the client
           and which methods the server accepts.
       :param disable_trivial_auth: (optional)
           Whether or not to allow "trivial" forms of auth where the
           client is not actually challenged for credentials. Setting
           this will cause the connection to fail if a server does not
           perform some non-trivial form of auth during the initial
           SSH handshake. If not specified, all forms of auth supported
           by the server are allowed, including none.
       :param agent_path: (optional)
           The path of a UNIX domain socket to use to contact an ssh-agent
           process which will perform the operations needed for client
           public key authentication, or the :class:`SSHServerConnection`
           to use to forward ssh-agent requests over. If this is not
           specified and the environment variable `SSH_AUTH_SOCK` is
           set, its value will be used as the path. If this argument is
           explicitly set to `None`, an ssh-agent will not be used.
       :param agent_identities: (optional)
           A list of identities used to restrict which SSH agent keys may
           be used. These may be specified as byte strings in binary SSH
           format or as public keys or certificates (*see*
           :ref:`SpecifyingPublicKeys` and :ref:`SpecifyingCertificates`).
           If set to `None`, all keys loaded into the SSH agent will be
           made available for use. This is the default.
       :param agent_forwarding: (optional)
           Whether or not to allow forwarding of ssh-agent requests from
           processes running on the server. This argument can also be set
           to the path of a UNIX domain socket in cases where forwarded
           agent requests should be sent to a different path than client
           agent requests. By default, forwarding ssh-agent requests from
           the server is not allowed.
       :param pkcs11_provider: (optional)
           The path of a shared library which should be used as a PKCS#11
           provider for accessing keys on PIV security tokens. By default,
           no local security tokens will be accessed.
       :param pkcs11_pin: (optional)
           The PIN to use when accessing security tokens via PKCS#11.

               .. note:: If your application opens multiple SSH connections
                         using PKCS#11 keys, you should consider calling
                         :func:`load_pkcs11_keys` explicitly instead of
                         using these arguments. This allows you to pay
                         the cost of loading the key information from the
                         security tokens only once. You can then pass the
                         returned keys via the `client_keys` argument to
                         any calls that need them.

                         Calling :func:`load_pkcs11_keys` explicitly also
                         gives you the ability to load keys from multiple
                         tokens with different PINs and to select which
                         tokens to load keys from and which keys on those
                         tokens to load.

       :param client_version: (optional)
           An ASCII string to advertise to the SSH server as the version of
           this client, defaulting to `'AsyncSSH'` and its version number.
       :param kex_algs: (optional)
           A list of allowed key exchange algorithms in the SSH handshake,
           taken from :ref:`key exchange algorithms <KexAlgs>`.
       :param encryption_algs: (optional)
           A list of encryption algorithms to use during the SSH handshake,
           taken from :ref:`encryption algorithms <EncryptionAlgs>`.
       :param mac_algs: (optional)
           A list of MAC algorithms to use during the SSH handshake, taken
           from :ref:`MAC algorithms <MACAlgs>`.
       :param compression_algs: (optional)
           A list of compression algorithms to use during the SSH handshake,
           taken from :ref:`compression algorithms <CompressionAlgs>`, or
           `None` to disable compression. The client prefers to disable
           compression, but will enable it if the server requires it.
       :param signature_algs: (optional)
           A list of public key signature algorithms to use during the SSH
           handshake, taken from :ref:`signature algorithms <SignatureAlgs>`.
       :param rekey_bytes: (optional)
           The number of bytes which can be sent before the SSH session
           key is renegotiated, defaulting to 1 GB.
       :param rekey_seconds: (optional)
           The maximum time in seconds before the SSH session key is
           renegotiated, defaulting to 1 hour.
       :param connect_timeout: (optional)
           The maximum time in seconds allowed to complete an outbound
           SSH connection. This includes the time to establish the TCP
           connection and the time to perform the initial SSH protocol
           handshake, key exchange, and authentication. This is disabled
           by default, relying on the system's default TCP connect timeout
           and AsyncSSH's login timeout.
       :param login_timeout: (optional)
           The maximum time in seconds allowed for authentication to
           complete, defaulting to 2 minutes. Setting this to 0 will
           disable the login timeout.

               .. note:: This timeout only applies after the SSH TCP
                         connection is established. To set a timeout
                         which includes establishing the TCP connection,
                         use the `connect_timeout` argument above.
       :param keepalive_interval: (optional)
           The time in seconds to wait before sending a keepalive message
           if no data has been received from the server. This defaults to
           0, which disables sending these messages.
       :param keepalive_count_max: (optional)
           The maximum number of keepalive messages which will be sent
           without getting a response before disconnecting from the
           server. This defaults to 3, but only applies when
           keepalive_interval is non-zero.
       :param tcp_keepalive: (optional)
           Whether or not to enable keepalive probes at the TCP level to
           detect broken connections, defaulting to `True`.
       :param canonicalize_hostname: (optional)
           Whether or not to enable hostname canonicalization, defaulting
           to `False`, in which case hostnames are passed as-is to the
           system resolver. If set to `True`, requests that don't involve
           a proxy tunnel or command will attempt to canonicalize the hostname
           using canonical_domains and rules in canonicalize_permitted_cnames.
           If set to `'always'`, hostname canonicalization is also applied
           to proxied requests.
       :param canonical_domains: (optional)
           When canonicalize_hostname is set, this specifies list of domain
           suffixes in which to search for the hostname.
       :param canonicalize_fallback_local: (optional)
           Whether or not to fall back to looking up the hostname against
           the system resolver's search domains when no matches are found
           in canonical_domains, defaulting to `True`.
       :param canonicalize_max_dots: (optional)
           Tha maximum number of dots which can appear in a hostname
           before hostname canonicalization is disabled, defaulting
           to 1. Hostnames with more than this number of dots are
           treated as already being fully qualified and passed as-is
           to the system resolver.
       :param canonicalize_permitted_cnames: (optional)
           Patterns to match against to decide whether hostname
           canonicalization should return a CNAME. This argument
           contains a list of pairs of wildcard pattern lists. The
           first pattern is matched against the hostname found after
           adding one of the search domains from canonical_domains and
           the second pattern is matched against the associated CNAME.
           If a match can be found in the list for both patterns, the
           CNAME is returned as the canonical hostname. The default
           is an empty list, preventing CNAMEs from being returned.
       :param command: (optional)
           The default remote command to execute on client sessions.
           An interactive shell is started if no command or subsystem is
           specified.
       :param subsystem: (optional)
           The default remote subsystem to start on client sessions.
       :param env: (optional)
           The  default environment variables to set for client sessions.
           Keys and values passed in here will be converted to Unicode
           strings encoded as UTF-8 (ISO 10646) for transmission.

               .. note:: Many SSH servers restrict which environment
                         variables a client is allowed to set. The
                         server's configuration may need to be edited
                         before environment variables can be
                         successfully set in the remote environment.
       :param send_env: (optional)
           A list of environment variable names to pull from
           `os.environ` and set by default for client sessions. Wildcards
           patterns using `'*'` and `'?'` are allowed, and all variables
           with matching names will be sent with whatever value is set in
           the local environment. If a variable is present in both env
           and send_env, the value from env will be used.
       :param request_pty: (optional)
           Whether or not to request a pseudo-terminal (PTY) by default for
           client sessions. This defaults to `True`, which means to request
           a PTY whenever the `term_type` is set. Other possible values
           include `False` to never request a PTY, `'force'` to always
           request a PTY even without `term_type` being set, or `'auto'`
           to request a TTY when `term_type` is set but only when starting
           an interactive shell.
       :param term_type: (optional)
           The default terminal type to set for client sessions.
       :param term_size: (optional)
           The terminal width and height in characters and optionally
           the width and height in pixels to set for client sessions.
       :param term_modes: (optional)
           POSIX terminal modes to set for client sessions, where keys are
           taken from :ref:`POSIX terminal modes <PTYModes>` with values
           defined in section 8 of :rfc:`RFC 4254 <4254#section-8>`.
       :param x11_forwarding: (optional)
           Whether or not to request X11 forwarding for client sessions,
           defaulting to `False`. If set to `True`, X11 forwarding will be
           requested and a failure will raise :exc:`ChannelOpenError`. It
           can also be set to `'ignore_failure'` to attempt X11 forwarding
           but ignore failures.
       :param x11_display: (optional)
           The display that X11 connections should be forwarded to,
           defaulting to the value in the environment variable `DISPLAY`.
       :param x11_auth_path: (optional)
           The path to the Xauthority file to read X11 authentication
           data from, defaulting to the value in the environment variable
           `XAUTHORITY` or the file :file:`.Xauthority` in the user's
           home directory if that's not set.
       :param x11_single_connection: (optional)
           Whether or not to limit X11 forwarding to a single connection,
           defaulting to `False`.
       :param encoding: (optional)
           The default Unicode encoding to use for data exchanged on client
           sessions.
       :param errors: (optional)
           The default error handling strategy to apply on Unicode
           encode/decode errors.
       :param window: (optional)
           The default receive window size to set for client sessions.
       :param max_pktsize: (optional)
           The default maximum packet size to set for client sessions.
       :param config: (optional)
           Paths to OpenSSH client configuration files to load. This
           configuration will be used as a fallback to override the
           defaults for settings which are not explicitly specified using
           AsyncSSH's configuration options.

               .. note:: Specifying configuration files when creating an
                         :class:`SSHClientConnectionOptions` object will
                         cause the config file to be read and parsed at
                         the time of creation of the object, including
                         evaluation of any conditional blocks. If you want
                         the config to be parsed for every new connection,
                         this argument should be added to the connect or
                         listen calls instead. However, if you want to
                         save the parsing overhead and your configuration
                         doesn't depend on conditions that would change
                         between calls, this argument may be an option.
       :param options: (optional)
           A previous set of options to use as the base to incrementally
           build up a configuration. When an option is not explicitly
           specified, its value will be pulled from this options object
           (if present) before falling back to the default value.
       :type client_factory: `callable` returning :class:`SSHClient`
       :type proxy_command: `str` or `list` of `str`
       :type known_hosts: *see* :ref:`SpecifyingKnownHosts`
       :type host_key_alias: `str`
       :type server_host_key_algs: `str` or `list` of `str`
       :type server_host_keys_handler: `callable` or coroutine
       :type x509_trusted_certs: *see* :ref:`SpecifyingCertificates`
       :type x509_trusted_cert_paths: `list` of `str`
       :type x509_purposes: *see* :ref:`SpecifyingX509Purposes`
       :type username: `str`
       :type password: `str`
       :type client_host_keysign: `bool` or `str`
       :type client_host_keys:
           *see* :ref:`SpecifyingPrivateKeys` or :ref:`SpecifyingPublicKeys`
       :type client_host_certs: *see* :ref:`SpecifyingCertificates`
       :type client_host: `str`
       :type client_username: `str`
       :type client_keys: *see* :ref:`SpecifyingPrivateKeys`
       :type client_certs: *see* :ref:`SpecifyingCertificates`
       :type passphrase: `str` or `bytes`
       :type ignore_encrypted: `bool`
       :type host_based_auth: `bool`
       :type public_key_auth: `bool`
       :type kbdint_auth: `bool`
       :type password_auth: `bool`
       :type gss_host: `str`
       :type gss_store:
           `str`, `bytes`, or a `dict` with `str` or `bytes` keys and values
       :type gss_kex: `bool`
       :type gss_auth: `bool`
       :type gss_delegate_creds: `bool`
       :type preferred_auth: `str` or `list` of `str`
       :type disable_trivial_auth: `bool`
       :type agent_path: `str`
       :type agent_identities:
           *see* :ref:`SpecifyingPublicKeys` and :ref:`SpecifyingCertificates`
       :type agent_forwarding: `bool` or `str`
       :type pkcs11_provider: `str` or `None`
       :type pkcs11_pin: `str`
       :type client_version: `str`
       :type kex_algs: `str` or `list` of `str`
       :type encryption_algs: `str` or `list` of `str`
       :type mac_algs: `str` or `list` of `str`
       :type compression_algs: `str` or `list` of `str`
       :type signature_algs: `str` or `list` of `str`
       :type rekey_bytes: *see* :ref:`SpecifyingByteCounts`
       :type rekey_seconds: *see* :ref:`SpecifyingTimeIntervals`
       :type connect_timeout: *see* :ref:`SpecifyingTimeIntervals`
       :type login_timeout: *see* :ref:`SpecifyingTimeIntervals`
       :type keepalive_interval: *see* :ref:`SpecifyingTimeIntervals`
       :type keepalive_count_max: `int`
       :type tcp_keepalive: `bool`
       :type canonicalize_hostname: `bool` or `'always'`
       :type canonical_domains: `list` of `str`
       :type canonicalize_fallback_local: `bool`
       :type canonicalize_max_dots: `int`
       :type canonicalize_permitted_cnames: `list` of `tuple` of 2 `str` values
       :type command: `str`
       :type subsystem: `str`
       :type env: `dict` with `str` keys and values
       :type send_env: `list` of `str`
       :type request_pty: `bool`, `'force'`, or `'auto'`
       :type term_type: `str`
       :type term_size: `tuple` of 2 or 4 `int` values
       :type term_modes: `dict` with `int` keys and values
       :type x11_forwarding: `bool` or `'ignore_failure'`
       :type x11_display: `str`
       :type x11_auth_path: `str`
       :type x11_single_connection: `bool`
       :type encoding: `str` or `None`
       :type errors: `str`
       :type window: `int`
       :type max_pktsize: `int`
       :type config: `list` of `str`
       :type options: :class:`SSHClientConnectionOptions`

    rtr*rr�r`r�rcryrer�r�r�r�r�rh�client_certs�ignore_encryptedrxryr{r|rzrkrlrmrnrprsrurCr�r�r�r�r�r�r�r�r�r�r�rrrrNFrr��secureShellServerr�rr$rr�r�r�r)r�rqr�r�r�r!r*r+r9r.r6r�rQr�rTrVrXrZr\r^rGrIrNrkrmrr�rtrr�client_host_keys�client_host_certsrzr�rcRXs�zt��}RWntytd�d�w|dkr0|r|js0tddd���}St�|Stj	�r.|Sgng}t
�||||||R|+|	|
�	}|dkrTtddd���}Tt�|Ttj	�rTt|T�}|dkritddd���}U|U�
�rit|U�g}|#dkr|tttttf|�d	d��}#|%dkr�ttttf|�d
t��}%|&dkr�tt|�dt��}&t�jg|�|p�t�|�|	�|
�|�|4�|�|
�|�|�|�|�|�|�|�|�|�|�|�|�|�|�|�|�|�|�| �|!�|"�|#�|$�|%�|&�R�|'dkr�|'|_n$ttt|�dd��}V|Vgk�rd|_nt|V�ttt|�d
g��|_ttt|(dk�r|(n|�d��|_|)|_t|)ttt|�dd��g�|*|_ t!tt|+dk�rD|+n|�d|R���|_"|,|_#|-dk�r^tt$|�dd��}-|-�rvt%|-�}-|.�rqt&tt'|.��|_(nt)�|_(nd}-t*tt+|.�|4|/|d�|_,|-|_-|0|_.t!tt|1dk�r�|1n|R��|_/|6|_0t1|7t2tf��r�d|7i|_3n|7|_3tt$|8dk�r�|8n|�dd��|_4tt$|9dk�r�|9n|�dd��|_5tt$|:dk�r�|:n|�dd��|_6|;dk�r�tt|�dd��};t1|;t��r�|;�7d�};|;|_8|<|_9|=dk�rttt|�dd��}=|=dk�rtj:�dd�}=|=�r&tt|=����nd}=|@dk�r7ttt|�d��}@|5dk�r@|2dk}5|2dk�rNtt;|�dd��}2|3dk�r^tt<t=|�d d��}3tt$|�d!��}W|>dk�rv|W�rttt'|2�}>nd}>|>�r�t>|>|W�|_?n
|>dk�r�t@�|_?nd|_?|2�r�t*tt+|2�|4|3|W|5|d�|_An|2du�r�tB|4|3�|_And|_A|jAdu�r�|=|_C|@|_D|A|_En	d|_Cd|_Dd|_E|?dk�r�ttt$tf|�d"d��}?|?�s�d|_Fn|?du�r�|=|_Fn|?|_Fttt|Bdk�r�|Bn|�d#��|_G|C|_HttI|Ddk�r
|Dn|�d$��|_JtttK|Edk�r|En|�d%��|_LttM|Fdk�r,|Fn|�d&d��|_N|G|_O|H|_P|I|_Qttt$tf|Jdk�rJ|Jn|�d'��oQd(�|_R|K|_S|L|_T|M|_U|N|_V|O|_W|P|_X|Q|_YdS))z/Prepare client connection configuration optionszWUnknown local username: set one of LOGNAME, USER, LNAME, or USERNAME in the environmentNrr�r�rtz
ca-bundle.crt�crt�ConnectTimeout�ServerAliveInterval�ServerAliveCountMax�UserKnownHostsFile�GlobalKnownHostsFile�HostKeyAliasr��User�EnableSSHKeySignF�r$�ccache�GSSAPIKeyExchangeT�GSSAPIAuthentication�GSSAPIDelegateCredentials�PreferredAuthenticationsrv�
IdentityAgent�
SSH_AUTH_SOCKr��PKCS11Provider�IdentityFile�CertificateFile�IdentitiesOnly�ForwardAgent�
RemoteCommand�SetEnv�SendEnv�
RequestTTY�ForwardX11Trusted�ignore_failure)Z�getpass�getuserr3r0�loadedrr�rMr�r�r:�loadrrrrrrWr��_DEFAULT_KEEPALIVE_INTERVALr�_DEFAULT_KEEPALIVE_COUNT_MAXrFr'r0r�r
r�r`r�r�r�rcr�ryrer�rmr�r�r�r�r�r�r�r�r�r�rxr|rryr{r|rzr}rkrlr��_ClientKeysArgrr�r�rnr�rhr�rmrsrurprCr�r�r�r�r��_RequestPTYr�r�r�r�r�r�r�r�rrrr)Xr
r$rrtr�r�r�r*rr)r�rqr�r�r�r!r*r+r9r.r6r�rQr�rTrVrXrZr\r^rGrIrNrkrmrr�rtrrr�r`r�rcryrer�r2r3r�r�rhr/rzr0rxryr{r|rzrkrlrmrnr�rsrurCr�r�r�r�r�r�r�r�r�r�r�rrrr�local_username�default_config�default_x509_certs�default_x509_cert_path�user_known_hosts�identities_onlyrlrrr'}s�H��
���

���
����������������������������	�	�	�
�
��
����
�
��

��
��
�
�
�
�



�


�
�

��


�
� �
��
z"SSHClientConnectionOptions.prepare)2rrrrr:r`rfrrorrrr�_ServerHostKeysHandlerr�r�r�r�r�r�rr~r�r�rWr�r�r�_DEFAULT_LOGIN_TIMEOUTrXrYrKrQr9r8r+r
r,r�r�r.r�r�rWrkrVrr�r'rjrrrlrr[[s8
u�������������	�
���

���
����������������
����
 �!�"�#�#�$�%�&�'�(�)�*�+�,�
-�.�/�/�0�1�2�
3�
4�5�
6�7�
8�9�9�
:�;�<�=�>�?�@�A�B�C�C�D�E�E�r[c�s�eZdZUdZeed<eed<eed<ded<ded<eed<e	ed	<eed
<e
eeed<ee
ed<eeeefed
<eed<eed<eed<eed<eed<eed<eed<eed<eed<ee
ed<eed<eeed<eeed<ee
ed<e
ed<eeed<eed<eed<eed <eed!<d"d"d"d#d#d#d$d%d$d$d$d"d&d$d&d&d&d&d&d&d&d&d&d&d&d&d&d&d&d&d&d&d&d&d&d&d'd&d&d"d&d&d&d&d&d#d"d"d#d&d&d"d&d&d&d(d(eed&d#d"d&d"d"d)d*d"ed#eefHd+eejd,eede
ed-ed.ed/ed0e
d1ed2e
d3e
d4e
deeded5e
d6e
ed7ed8e
ed9e
ed:e
e d;e
ed<e
e!ee
fd=e
e"e
d>e
ed?e
ed@e
e"e
dAe#dBe#dCe#dDe#dEe#dFe$dGe$dHe$dIe$dJe%dKe"e&dLe'dMe
e!ee
fdNe
e!e(e
fdOee!e(e
fdPe
e!e(e
fdQe
e!e(e
fdRe
ede)dSe%dedTeed	e	d
ede*de
ee
d
ee!ee+fde
ede
ede
ededededede
ededee
de
edeedeedee
de
deededed ed!edUd"f��fdVdW�
Z,�Z-S)XrgawPSSH server connection options

       The following options are available to control the acceptance
       of SSH server connections:

       :param server_factory:
           A `callable` which returns an :class:`SSHServer` object that will
           be created for each new connection.
       :param proxy_command: (optional)
           A string or list of strings specifying a command and arguments
           to run when using :func:`connect_reverse` to make a reverse
           direction connection to an SSH client. Data will be forwarded
           to this process over stdin/stdout instead of opening a TCP
           connection. If specified as a string, standard shell quoting
           will be applied when splitting the command and its arguments.
       :param server_host_keys: (optional)
           A list of private keys and optional certificates which can be
           used by the server as a host key. Either this argument or
           `gss_host` must be specified. If this is not specified,
           only GSS-based key exchange will be supported.
       :param server_host_certs: (optional)
           A list of optional certificates which can be paired with the
           provided server host keys.
       :param send_server_host_keys: (optional)
           Whether or not to send a list of the allowed server host keys
           for clients to use to update their known hosts like for the
           server.

               .. note:: Enabling this option will allow multiple server
                         host keys of the same type to be configured. Only
                         the first key of each type will be actively used
                         during key exchange, but the others will be
                         reported as reserved keys that clients should
                         begin to trust, to allow for future key rotation.
                         If this option is disabled, specifying multiple
                         server host keys of the same type is treated as
                         a configuration error.
       :param passphrase: (optional)
           The passphrase to use to decrypt server host keys if they are
           encrypted, or a `callable` or coroutine which takes a filename
           as a parameter and returns the passphrase to use to decrypt
           that file. If not specified, only unencrypted server host keys
           can be loaded. If the keys passed into server_host_keys are
           already loaded, this argument is ignored.

               .. note:: A callable or coroutine passed in as a passphrase
                         will be called on all filenames configured as
                         server host keys each time an
                         SSHServerConnectionOptions object is instantiated,
                         even if the keys aren't encrypted or aren't ever
                         used for server validation.

       :param known_client_hosts: (optional)
           A list of client hosts which should be trusted to perform
           host-based client authentication. If this is not specified,
           host-based client authentication will be not be performed.
       :param trust_client_host: (optional)
           Whether or not to use the hostname provided by the client
           when performing host-based authentication. By default, the
           client-provided hostname is not trusted and is instead
           determined by doing a reverse lookup of the IP address the
           client connected from.
       :param authorized_client_keys: (optional)
           A list of authorized user and CA public keys which should be
           trusted for certificate-based client public key authentication.
       :param x509_trusted_certs: (optional)
           A list of certificates which should be trusted for X.509 client
           certificate authentication. If this argument is explicitly set
           to `None`, X.509 client certificate authentication will not
           be performed.

               .. note:: X.509 certificates to trust can also be provided
                         through an :ref:`authorized_keys <AuthorizedKeys>`
                         file if they are converted into OpenSSH format.
                         This allows their trust to be limited to only
                         specific client IPs or user names and allows
                         SSH functions to be restricted when these
                         certificates are used.
       :param x509_trusted_cert_paths: (optional)
           A list of path names to "hash directories" containing certificates
           which should be trusted for X.509 client certificate authentication.
           Each certificate should be in a separate file with a name of the
           form *hash.number*, where *hash* is the OpenSSL hash value of the
           certificate subject name and *number* is an integer counting up
           from zero if multiple certificates have the same hash.
       :param x509_purposes: (optional)
           A list of purposes allowed in the ExtendedKeyUsage of a
           certificate used for X.509 client certificate authentication,
           defulting to 'secureShellClient'. If this argument is explicitly
           set to `None`, the client certificate's ExtendedKeyUsage will
           not be checked.
       :param host_based_auth: (optional)
           Whether or not to allow host-based authentication. By default,
           host-based authentication is enabled if known client host keys
           are specified or if callbacks to validate client host keys
           are made available.
       :param public_key_auth: (optional)
           Whether or not to allow public key authentication. By default,
           public key authentication is enabled if authorized client keys
           are specified or if callbacks to validate client keys are made
           available.
       :param kbdint_auth: (optional)
           Whether or not to allow keyboard-interactive authentication. By
           default, keyboard-interactive authentication is enabled if the
           callbacks to generate challenges are made available.
       :param password_auth: (optional)
           Whether or not to allow password authentication. By default,
           password authentication is enabled if callbacks to validate a
           password are made available.
       :param gss_host: (optional)
           The principal name to use for the host in GSS key exchange and
           authentication. If not specified, the value returned by
           :func:`socket.gethostname` will be used if it is a fully qualified
           name. Otherwise, the value used by :func:`socket.getfqdn` will be
           used. If this argument is explicitly set to `None`, GSS
           key exchange and authentication will not be performed.
       :param gss_store: (optional)
           The GSS credential store from which to acquire credentials.
       :param gss_kex: (optional)
           Whether or not to allow GSS key exchange. By default, GSS
           key exchange is enabled.
       :param gss_auth: (optional)
           Whether or not to allow GSS authentication. By default, GSS
           authentication is enabled.
       :param allow_pty: (optional)
           Whether or not to allow allocation of a pseudo-tty in sessions,
           defaulting to `True`
       :param line_editor: (optional)
           Whether or not to enable input line editing on sessions which
           have a pseudo-tty allocated, defaulting to `True`
       :param line_echo: (bool)
           Whether or not to echo completed input lines when they are
           entered, rather than waiting for the application to read and
           echo them, defaulting to `True`. Setting this to `False`
           and performing the echo in the application can better synchronize
           input and output, especially when there are input prompts.
       :param line_history: (int)
           The number of lines of input line history to store in the
           line editor when it is enabled, defaulting to 1000
       :param max_line_length: (int)
           The maximum number of characters allowed in an input line when
           the line editor is enabled, defaulting to 1024
       :param rdns_lookup: (optional)
           Whether or not to perform reverse DNS lookups on the client's
           IP address to enable hostname-based matches in authorized key
           file "from" options and "Match Host" config options, defaulting
           to `False`.
       :param x11_forwarding: (optional)
           Whether or not to allow forwarding of X11 connections back
           to the client when the client supports it, defaulting to `False`
       :param x11_auth_path: (optional)
           The path to the Xauthority file to write X11 authentication
           data to, defaulting to the value in the environment variable
           `XAUTHORITY` or the file :file:`.Xauthority` in the user's
           home directory if that's not set
       :param agent_forwarding: (optional)
           Whether or not to allow forwarding of ssh-agent requests back
           to the client when the client supports it, defaulting to `True`
       :param process_factory: (optional)
           A `callable` or coroutine handler function which takes an AsyncSSH
           :class:`SSHServerProcess` argument that will be called each time a
           new shell, exec, or subsystem other than SFTP is requested by the
           client. If set, this takes precedence over the `session_factory`
           argument.
       :param session_factory: (optional)
           A `callable` or coroutine handler function which takes AsyncSSH
           stream objects for stdin, stdout, and stderr that will be called
           each time a new shell, exec, or subsystem other than SFTP is
           requested by the client. If not specified, sessions are rejected
           by default unless the :meth:`session_requested()
           <SSHServer.session_requested>` method is overridden on the
           :class:`SSHServer` object returned by `server_factory` to make
           this decision.
       :param encoding: (optional)
           The Unicode encoding to use for data exchanged on sessions on
           this server, defaulting to UTF-8 (ISO 10646) format. If `None`
           is passed in, the application can send and receive raw bytes.
       :param errors: (optional)
           The error handling strategy to apply on Unicode encode/decode
           errors of data exchanged on sessions on this server, defaulting
           to 'strict'.
       :param sftp_factory: (optional)
           A `callable` or coroutine which returns an :class:`SFTPServer`
           object that will be created each time an SFTP session is
           requested by the client, or `True` to use the base
           :class:`SFTPServer` class to handle SFTP requests. If not
           specified, SFTP sessions are rejected by default.
       :param sftp_version: (optional)
           The maximum version of the SFTP protocol to support, currently
           either 3 or 4, defaulting to 3.
       :param allow_scp: (optional)
           Whether or not to allow incoming scp requests to be accepted.
           This option can only be used in conjunction with `sftp_factory`.
           If not specified, scp requests will be passed as regular
           commands to the `process_factory` or `session_factory`.
           to the client when the client supports it, defaulting to `True`
       :param window: (optional)
           The receive window size for sessions on this server
       :param max_pktsize: (optional)
           The maximum packet size for sessions on this server
       :param server_version: (optional)
           An ASCII string to advertise to SSH clients as the version of
           this server, defaulting to `'AsyncSSH'` and its version number.
       :param kex_algs: (optional)
           A list of allowed key exchange algorithms in the SSH handshake,
           taken from :ref:`key exchange algorithms <KexAlgs>`,
       :param encryption_algs: (optional)
           A list of encryption algorithms to use during the SSH handshake,
           taken from :ref:`encryption algorithms <EncryptionAlgs>`.
       :param mac_algs: (optional)
           A list of MAC algorithms to use during the SSH handshake, taken
           from :ref:`MAC algorithms <MACAlgs>`.
       :param compression_algs: (optional)
           A list of compression algorithms to use during the SSH handshake,
           taken from :ref:`compression algorithms <CompressionAlgs>`, or
           `None` to disable compression. The server defaults to allowing
           either no compression or compression after auth, depending on
           what the client requests.
       :param signature_algs: (optional)
           A list of public key signature algorithms to use during the SSH
           handshake, taken from :ref:`signature algorithms <SignatureAlgs>`.
       :param rekey_bytes: (optional)
           The number of bytes which can be sent before the SSH session
           key is renegotiated, defaulting to 1 GB.
       :param rekey_seconds: (optional)
           The maximum time in seconds before the SSH session key is
           renegotiated, defaulting to 1 hour.
       :param connect_timeout: (optional)
           The maximum time in seconds allowed to complete an outbound
           SSH connection. This includes the time to establish the TCP
           connection and the time to perform the initial SSH protocol
           handshake, key exchange, and authentication. This is disabled
           by default, relying on the system's default TCP connect timeout
           and AsyncSSH's login timeout.
       :param login_timeout: (optional)
           The maximum time in seconds allowed for authentication to
           complete, defaulting to 2 minutes. Setting this to 0 will
           disable the login timeout.

               .. note:: This timeout only applies after the SSH TCP
                         connection is established. To set a timeout
                         which includes establishing the TCP connection,
                         use the `connect_timeout` argument above.
       :param keepalive_interval: (optional)
           The time in seconds to wait before sending a keepalive message
           if no data has been received from the client. This defaults to
           0, which disables sending these messages.
       :param keepalive_count_max: (optional)
           The maximum number of keepalive messages which will be sent
           without getting a response before disconnecting a client.
           This defaults to 3, but only applies when keepalive_interval is
           non-zero.
       :param tcp_keepalive: (optional)
           Whether or not to enable keepalive probes at the TCP level to
           detect broken connections, defaulting to `True`.
       :param canonicalize_hostname: (optional)
           Whether or not to enable hostname canonicalization, defaulting
           to `False`, in which case hostnames are passed as-is to the
           system resolver. If set to `True`, requests that don't involve
           a proxy tunnel or command will attempt to canonicalize the hostname
           using canonical_domains and rules in canonicalize_permitted_cnames.
           If set to `'always'`, hostname canonicalization is also applied
           to proxied requests.
       :param canonical_domains: (optional)
           When canonicalize_hostname is set, this specifies list of domain
           suffixes in which to search for the hostname.
       :param canonicalize_fallback_local: (optional)
           Whether or not to fall back to looking up the hostname against
           the system resolver's search domains when no matches are found
           in canonical_domains, defaulting to `True`.
       :param canonicalize_max_dots: (optional)
           Tha maximum number of dots which can appear in a hostname
           before hostname canonicalization is disabled, defaulting
           to 1. Hostnames with more than this number of dots are
           treated as already being fully qualified and passed as-is
           to the system resolver.
       :param config: (optional)
           Paths to OpenSSH server configuration files to load. This
           configuration will be used as a fallback to override the
           defaults for settings which are not explicitly specified using
           AsyncSSH's configuration options.

               .. note:: Specifying configuration files when creating an
                         :class:`SSHServerConnectionOptions` object will
                         cause the config file to be read and parsed at
                         the time of creation of the object, including
                         evaluation of any conditional blocks. If you want
                         the config to be parsed for every new connection,
                         this argument should be added to the connect or
                         listen calls instead. However, if you want to
                         save the parsing overhead and your configuration
                         doesn't depend on conditions that would change
                         between calls, this argument may be an option.
       :param options: (optional)
           A previous set of options to use as the base to incrementally
           build up a configuration. When an option is not explicitly
           specified, its value will be pulled from this options object
           (if present) before falling back to the default value.
       :type server_factory: `callable` returning :class:`SSHServer`
       :type proxy_command: `str` or `list` of `str`
       :type family: `socket.AF_UNSPEC`, `socket.AF_INET`, or `socket.AF_INET6`
       :type server_host_keys: *see* :ref:`SpecifyingPrivateKeys`
       :type server_host_certs: *see* :ref:`SpecifyingCertificates`
       :type send_server_host_keys: `bool`
       :type passphrase: `str` or `bytes`
       :type known_client_hosts: *see* :ref:`SpecifyingKnownHosts`
       :type trust_client_host: `bool`
       :type authorized_client_keys: *see* :ref:`SpecifyingAuthorizedKeys`
       :type x509_trusted_certs: *see* :ref:`SpecifyingCertificates`
       :type x509_trusted_cert_paths: `list` of `str`
       :type x509_purposes: *see* :ref:`SpecifyingX509Purposes`
       :type host_based_auth: `bool`
       :type public_key_auth: `bool`
       :type kbdint_auth: `bool`
       :type password_auth: `bool`
       :type gss_host: `str`
       :type gss_store:
           `str`, `bytes`, or a `dict` with `str` or `bytes` keys and values
       :type gss_kex: `bool`
       :type gss_auth: `bool`
       :type allow_pty: `bool`
       :type line_editor: `bool`
       :type line_echo: `bool`
       :type line_history: `int`
       :type max_line_length: `int`
       :type rdns_lookup: `bool`
       :type x11_forwarding: `bool`
       :type x11_auth_path: `str`
       :type agent_forwarding: `bool`
       :type process_factory: `callable` or coroutine
       :type session_factory: `callable` or coroutine
       :type encoding: `str` or `None`
       :type errors: `str`
       :type sftp_factory: `callable` or coroutine
       :type sftp_version: `int`
       :type allow_scp: `bool`
       :type window: `int`
       :type max_pktsize: `int`
       :type server_version: `str`
       :type kex_algs: `str` or `list` of `str`
       :type encryption_algs: `str` or `list` of `str`
       :type mac_algs: `str` or `list` of `str`
       :type compression_algs: `str` or `list` of `str`
       :type signature_algs: `str` or `list` of `str`
       :type rekey_bytes: *see* :ref:`SpecifyingByteCounts`
       :type rekey_seconds: *see* :ref:`SpecifyingTimeIntervals`
       :type connect_timeout: *see* :ref:`SpecifyingTimeIntervals`
       :type login_timeout: *see* :ref:`SpecifyingTimeIntervals`
       :type keepalive_interval: *see* :ref:`SpecifyingTimeIntervals`
       :type keepalive_count_max: `int`
       :type tcp_keepalive: `bool`
       :type canonicalize_hostname: `bool` or `'always'`
       :type canonical_domains: `list` of `str`
       :type canonicalize_fallback_local: `bool`
       :type canonicalize_max_dots: `int`
       :type canonicalize_permitted_cnames: `list` of `tuple` of 2 `str` values
       :type config: `list` of `str`
       :type options: :class:`SSHServerConnectionOptions`

    rt�server_factoryrzOrderedDict[bytes, SSHKeyPair]rhrjr�rmrorqrxryr{r|rsrurwryr{r}r�r�r�r�rrrr�r[r�rrNFr�rr�secureShellClientTr�rr$rr�r�r�r�r�ryr�r�r)r�rqr�r�r�r!r*r+r9r.r6r�rQr�rTrVrXrZr\r^rGrIrNrkrmrr�rtrr�server_host_certsrzrcILs�t�||||||||	|
|�
}|)dkrttttf|�dt��})|*dkr0ttttf|�dt��}*|+dkr=tt	|�dt
��}+t�jg|�|pFt
�|
�|�|�|�|/�|�|�|�|�|�|�|�|�|�|�|�|�|�|�|�| �|!�|"�|#�|$�|%�|&�|'�|(�|)�|*�|+�R�|,dkr�ttt|�d��},|-dkr�ttt|�dd��}-t|,|/|-|d�}It�|_t�|_|ID],}J|JjD]&}K|K|jvr�|.s�td|K�d	��d
���|K|jvr�|J|j|K<|.r�|J|j|Jj<q�q�|0|_|1|_|2dkr�|r�ttt|�d��}2t|2ttf��r
t|2�|_n|2|_|3dk�rt��}3d|3v�rt� �}3|3|_!t|4t"tf��r0d
|4i|_#n|4|_#tt$|5dk�r<|5n|�dd��|_%tt$|6dk�rM|6n|�dd��|_&|I�s_|3�s_td��tt$|7dk�rh|7n|�dd��|_'|8|_(|9|_)|:|_*|;|_+tt$|<dk�r�|<n|�dd��|_,|=|_-|>|_.tt$|?dk�r�|?n|�dd��|_/|@|_0|A|_1|B|_2|C|_3|Ddu�r�t4n|D|_5|E|_6|F|_7|G|_8|H|_9dS)z/Prepare server connection configuration optionsr�LoginGraceTime�ClientAliveInterval�ClientAliveCountMax�HostKey�HostCertificater=zMultiple keys of type r�zL found: Enable send_server_host_keys to allow reserved keys to be configured�AuthorizedKeysFiler&r>r?Tr@zNo server host keys provided�	PermitTTY�UseDNSF�AllowAgentForwardingN):r;rSrrrWrr�r_rTrrUrFr'r�rr�rrhrj�host_key_algorithmsr0r��public_datarmror
r|r�r'rqr3�gethostname�getfqdnrxrryr�r{r|rsrurwryr{r}r�r�r�r�rrrr�r�r[r�rr)Lr
r$rrtr�r�r�r�r�ryr�r�r`rr)r�rqr�r�r�r!r*r+r9r.r6r�rQr�rTrVrXrZr\r^rGrIrNrkrmrr�rtrrrhrbr�rzrmrorqrxryr{r|rsrurwryr{r}r�r�r�r�rrrr�r[r�rr�server_keysr�r�rlrrr'I"s6?�����
���������������������������	�	�	�
�
�
�
��

�

��
��


�
�
�
�
�
z"SSHServerConnectionOptions.prepare).rrrrr;r`�_ServerFactoryrr�ror�rr&rrr~rr�r�r��_DEFAULT_LINE_HISTORY�_DEFAULT_MAX_LINE_LENGTHr�rXrYrKrQr9r8r+r
r,r�rrr�r.r�r�r�rWr�rrr'rjrrrlrrg� s�
k�������������	�	�
�
���
���
���
����������������� �!�"�#�$�%�&�'�(�
)�*�+�,�-�.�/�0�1�2�3�4�5�6�7�8�8�9�:�;�;�<�<�rgrrc	��`�dtf��fdd�}t���tj|fd|i|��IdH�tjt�|�d||d��jd�IdHS)	a�Start an SSH client connection on an already-connected socket

       This function is a coroutine which starts an SSH client on an
       existing already-connected socket. It can be used instead of
       :func:`connect` when a socket is connected outside of asyncio.

       :param sock:
           An existing already-connected socket to run an SSH client on,
           instead of opening up a new connection.
       :param config: (optional)
           Paths to OpenSSH client configuration files to load. This
           configuration will be used as a fallback to override the
           defaults for settings which are not explicitly specified using
           AsyncSSH's configuration options. If no paths are specified and
           no config paths were set when constructing the `options`
           argument (if any), an attempt will be made to load the
           configuration from the file :file:`.ssh/config`. If this
           argument is explicitly set to `None`, no new configuration
           files will be loaded, but any configuration loaded when
           constructing the `options` argument will still apply. See
           :ref:`SupportedClientConfigOptions` for details on what
           configuration options are currently supported.
       :param options: (optional)
           Options to use when establishing the SSH client connection. These
           options can be specified either through this parameter or as direct
           keyword arguments to this function.
       :type sock: :class:`socket.socket`
       :type config: `list` of `str`
       :type options: :class:`SSHClientConnectionOptions`

       :returns: :class:`SSHClientConnection`

    rc�t��dd�S��'Return an SSH client connection factoryr��r�rur�r$�new_optionsrrrD0#rz run_client.<locals>.conn_factoryrtNrzStarting SSH client on�r�rurKrr[r��wait_forr�r�r�rtr%rrDrrzr�
run_client
#s �&�����r�c	�rt)	a2Start an SSH server connection on an already-connected socket

       This function is a coroutine which starts an SSH server on an
       existing already-connected TCP socket. It can be used instead of
       :func:`listen` when connections are accepted outside of asyncio.

       :param sock:
           An existing already-connected socket to run SSH over, instead of
           opening up a new connection.
       :param config: (optional)
           Paths to OpenSSH server configuration files to load. This
           configuration will be used as a fallback to override the
           defaults for settings which are not explicitly specified using
           AsyncSSH's configuration options. By default, no OpenSSH
           configuration files will be loaded. See
           :ref:`SupportedServerConfigOptions` for details on what
           configuration options are currently supported.
       :param options: (optional)
           Options to use when starting the reverse-direction SSH server.
           These options can be specified either through this parameter
           or as direct keyword arguments to this function.
       :type sock: :class:`socket.socket`
       :type config: `list` of `str`
       :type options: :class:`SSHServerConnectionOptions`

       :returns: :class:`SSHServerConnection`

    rcru��'Return an SSH server connection factoryr�rx�r�rrzrrrDa#rz run_server.<locals>.conn_factoryrtNrzStarting SSH server onr|�r�rKrrgr�r~r�rrrrzr�
run_server@#s �!�����r�r�)rqr�r'r�r�rtr%r�rqr�r�c	��j�dtf��fdd�}
t���tj|f||||||d�|	��IdH�tjt�|�|||
d��jd�IdHS)a�Make an SSH client connection

       This function is a coroutine which can be run to create an outbound SSH
       client connection to the specified host and port.

       When successful, the following steps occur:

           1. The connection is established and an instance of
              :class:`SSHClientConnection` is created to represent it.
           2. The `client_factory` is called without arguments and should
              return an instance of :class:`SSHClient` or a subclass.
           3. The client object is tied to the connection and its
              :meth:`connection_made() <SSHClient.connection_made>` method
              is called.
           4. The SSH handshake and authentication process is initiated,
              calling methods on the client object if needed.
           5. When authentication completes successfully, the client's
              :meth:`auth_completed() <SSHClient.auth_completed>` method is
              called.
           6. The coroutine returns the :class:`SSHClientConnection`. At
              this point, the connection is ready for sessions to be opened
              or port forwarding to be set up.

       If an error occurs, it will be raised as an exception and the partially
       open connection and client objects will be cleaned up.

       :param host: (optional)
           The hostname or address to connect to.
       :param port: (optional)
           The port number to connect to. If not specified, the default
           SSH port is used.
       :param tunnel: (optional)
           An existing SSH client connection that this new connection should
           be tunneled over. If set, a direct TCP/IP tunnel will be opened
           over this connection to the requested host and port rather than
           connecting directly via TCP. A string of the form
           [user@]host[:port] may also be specified, in which case a
           connection will be made to that host and then used as a tunnel.
           A comma-separated list may also be specified to establish a
           tunnel through multiple hosts.

               .. note:: When specifying tunnel as a string, any config
                         options in the call will apply only when opening
                         a connection to the final destination host and
                         port. However, settings to use when opening
                         tunnels may be specified via a configuration file.
                         To get more control of config options used to
                         open the tunnel, :func:`connect` can be called
                         explicitly, and the resulting client connection
                         can be passed as the tunnel argument.

       :param family: (optional)
           The address family to use when creating the socket. By default,
           the address family is automatically selected based on the host.
       :param flags: (optional)
           The flags to pass to getaddrinfo() when looking up the host address
       :param local_addr: (optional)
           The host and port to bind the socket to before connecting
       :param sock: (optional)
           An existing already-connected socket to run SSH over, instead of
           opening up a new connection. When this is specified, none of
           host, port family, flags, or local_addr should be specified.
       :param config: (optional)
           Paths to OpenSSH client configuration files to load. This
           configuration will be used as a fallback to override the
           defaults for settings which are not explicitly specified using
           AsyncSSH's configuration options. If no paths are specified and
           no config paths were set when constructing the `options`
           argument (if any), an attempt will be made to load the
           configuration from the file :file:`.ssh/config`. If this
           argument is explicitly set to `None`, no new configuration
           files will be loaded, but any configuration loaded when
           constructing the `options` argument will still apply. See
           :ref:`SupportedClientConfigOptions` for details on what
           configuration options are currently supported.
       :param options: (optional)
           Options to use when establishing the SSH client connection. These
           options can be specified either through this parameter or as direct
           keyword arguments to this function.
       :type host: `str`
       :type port: `int`
       :type tunnel: :class:`SSHClientConnection` or `str`
       :type family: `socket.AF_UNSPEC`, `socket.AF_INET`, or `socket.AF_INET6`
       :type flags: flags to pass to :meth:`getaddrinfo() <socket.getaddrinfo>`
       :type local_addr: tuple of `str` and `int`
       :type sock: :class:`socket.socket` or `None`
       :type config: `list` of `str`
       :type options: :class:`SSHClientConnectionOptions`

       :returns: :class:`SSHClientConnection`

    rcrurvryrrzrrrD�#rzconnect.<locals>.conn_factory�rtr)r�rqr�r�NzOpening SSH connection tor|r}�r)r�rqr�r'r�r�rtr%rrDrrzrrq#s"�f�����rc	�r�)aaCreate a reverse direction SSH connection

       This function is a coroutine which behaves similar to :func:`connect`,
       making an outbound TCP connection to a remote server. However, instead
       of starting up an SSH client which runs on that outbound connection,
       this function starts up an SSH server, expecting the remote system to
       start up a reverse-direction SSH client.

       Arguments to this function are the same as :func:`connect`, except
       that the `options` are of type :class:`SSHServerConnectionOptions`
       instead of :class:`SSHClientConnectionOptions`.

       :param host: (optional)
           The hostname or address to connect to.
       :param port: (optional)
           The port number to connect to. If not specified, the default
           SSH port is used.
       :param tunnel: (optional)
           An existing SSH client connection that this new connection should
           be tunneled over. If set, a direct TCP/IP tunnel will be opened
           over this connection to the requested host and port rather than
           connecting directly via TCP. A string of the form
           [user@]host[:port] may also be specified, in which case a
           connection will be made to that host and then used as a tunnel.
           A comma-separated list may also be specified to establish a
           tunnel through multiple hosts.

               .. note:: When specifying tunnel as a string, any config
                         options in the call will apply only when opening
                         a connection to the final destination host and
                         port. However, settings to use when opening
                         tunnels may be specified via a configuration file.
                         To get more control of config options used to
                         open the tunnel, :func:`connect` can be called
                         explicitly, and the resulting client connection
                         can be passed as the tunnel argument.

       :param family: (optional)
           The address family to use when creating the socket. By default,
           the address family is automatically selected based on the host.
       :param flags: (optional)
           The flags to pass to getaddrinfo() when looking up the host address
       :param local_addr: (optional)
           The host and port to bind the socket to before connecting
       :param sock: (optional)
           An existing already-connected socket to run SSH over, instead of
           opening up a new connection. When this is specified, none of
           host, port family, flags, or local_addr should be specified.
       :param config: (optional)
           Paths to OpenSSH server configuration files to load. This
           configuration will be used as a fallback to override the
           defaults for settings which are not explicitly specified using
           AsyncSSH's configuration options. By default, no OpenSSH
           configuration files will be loaded. See
           :ref:`SupportedServerConfigOptions` for details on what
           configuration options are currently supported.
       :param options: (optional)
           Options to use when starting the reverse-direction SSH server.
           These options can be specified either through this parameter
           or as direct keyword arguments to this function.
       :type host: `str`
       :type port: `int`
       :type tunnel: :class:`SSHClientConnection` or `str`
       :type family: `socket.AF_UNSPEC`, `socket.AF_INET`, or `socket.AF_INET6`
       :type flags: flags to pass to :meth:`getaddrinfo() <socket.getaddrinfo>`
       :type local_addr: tuple of `str` and `int`
       :type sock: :class:`socket.socket` or `None`
       :type config: `list` of `str`
       :type options: :class:`SSHServerConnectionOptions`

       :returns: :class:`SSHServerConnection`

    rcrur�r�rrzrrrD<$rz%connect_reverse.<locals>.conn_factoryr�Nz!Opening reverse SSH connection tor|r�r�rrzrr1�#s"�T�����r1�dF)rqr�r'r�r�r�r�rrrtr%rrc��x�dtf����fdd�}t���tj|f|||||d�|
��IdH�d�_tjt�|�||||||d�
�jd�IdHS)a[Start an SSH server

       This function is a coroutine which can be run to create an SSH server
       listening on the specified host and port. The return value is an
       :class:`SSHAcceptor` which can be used to shut down the listener.

       :param host: (optional)
           The hostname or address to listen on. If not specified, listeners
           are created for all addresses.
       :param port: (optional)
           The port number to listen on. If not specified, the default
           SSH port is used.
       :param tunnel: (optional)
           An existing SSH client connection that this new connection should
           be tunneled over. If set, a direct TCP/IP tunnel will be opened
           over this connection to the requested host and port rather than
           connecting directly via TCP. A string of the form
           [user@]host[:port] may also be specified, in which case a
           connection will be made to that host and then used as a tunnel.
           A comma-separated list may also be specified to establish a
           tunnel through multiple hosts.

               .. note:: When specifying tunnel as a string, any config
                         options in the call will apply only when opening
                         a connection to the final destination host and
                         port. However, settings to use when opening
                         tunnels may be specified via a configuration file.
                         To get more control of config options used to
                         open the tunnel, :func:`connect` can be called
                         explicitly, and the resulting client connection
                         can be passed as the tunnel argument.

       :param family: (optional)
           The address family to use when creating the server. By default,
           the address families are automatically selected based on the host.
       :param flags: (optional)
           The flags to pass to getaddrinfo() when looking up the host
       :param backlog: (optional)
           The maximum number of queued connections allowed on listeners
       :param sock: (optional)
           A pre-existing socket to use instead of creating and binding
           a new socket. When this is specified, host and port should not
           be specified.
       :param reuse_address: (optional)
           Whether or not to reuse a local socket in the TIME_WAIT state
           without waiting for its natural timeout to expire. If not
           specified, this will be automatically set to `True` on UNIX.
       :param reuse_port: (optional)
           Whether or not to allow this socket to be bound to the same
           port other existing sockets are bound to, so long as they all
           set this flag when being created. If not specified, the
           default is to not allow this. This option is not supported
           on Windows or Python versions prior to 3.4.4.
       :param acceptor: (optional)
           A `callable` or coroutine which will be called when the
           SSH handshake completes on an accepted connection, taking
           the :class:`SSHServerConnection` as an argument.
       :param error_handler: (optional)
           A `callable` which will be called whenever the SSH handshake
           fails on an accepted connection. It is called with the failed
           :class:`SSHServerConnection` and an exception object describing
           the failure. If not specified, failed handshakes result in the
           connection object being silently cleaned up.
       :param config: (optional)
           Paths to OpenSSH server configuration files to load. This
           configuration will be used as a fallback to override the
           defaults for settings which are not explicitly specified using
           AsyncSSH's configuration options. By default, no OpenSSH
           configuration files will be loaded. See
           :ref:`SupportedServerConfigOptions` for details on what
           configuration options are currently supported.
       :param options: (optional)
           Options to use when accepting SSH server connections. These
           options can be specified either through this parameter or
           as direct keyword arguments to this function.
       :type host: `str`
       :type port: `int`
       :type tunnel: :class:`SSHClientConnection` or `str`
       :type family: `socket.AF_UNSPEC`, `socket.AF_INET`, or `socket.AF_INET6`
       :type flags: flags to pass to :meth:`getaddrinfo() <socket.getaddrinfo>`
       :type backlog: `int`
       :type sock: :class:`socket.socket` or `None`
       :type reuse_address: `bool`
       :type reuse_port: `bool`
       :type acceptor: `callable` or coroutine
       :type error_handler: `callable`
       :type config: `list` of `str`
       :type options: :class:`SSHServerConnectionOptions`

       :returns: :class:`SSHAcceptor`

    rc�t�����S)r�r�r�rrr$r{rrrD�$rzlisten.<locals>.conn_factory�rtr)r�rqr�NzCreating SSH listener onr|)	r�rKrrgr�r�r~r�r�r)r�rqr�r'r�r�r�r�rrrtr%rrDrr�rr4M$s$�h�����r4c�r�)a�Create a reverse-direction SSH listener

       This function is a coroutine which behaves similar to :func:`listen`,
       creating a listener which accepts inbound connections on the specified
       host and port. However, instead of starting up an SSH server on each
       inbound connection, it starts up a reverse-direction SSH client,
       expecting the remote system making the connection to start up a
       reverse-direction SSH server.

       Arguments to this function are the same as :func:`listen`, except
       that the `options` are of type :class:`SSHClientConnectionOptions`
       instead of :class:`SSHServerConnectionOptions`.

       The return value is an :class:`SSHAcceptor` which can be used to
       shut down the reverse listener.

       :param host: (optional)
           The hostname or address to listen on. If not specified, listeners
           are created for all addresses.
       :param port: (optional)
           The port number to listen on. If not specified, the default
           SSH port is used.
       :param tunnel: (optional)
           An existing SSH client connection that this new connection should
           be tunneled over. If set, a direct TCP/IP tunnel will be opened
           over this connection to the requested host and port rather than
           connecting directly via TCP. A string of the form
           [user@]host[:port] may also be specified, in which case a
           connection will be made to that host and then used as a tunnel.
           A comma-separated list may also be specified to establish a
           tunnel through multiple hosts.

               .. note:: When specifying tunnel as a string, any config
                         options in the call will apply only when opening
                         a connection to the final destination host and
                         port. However, settings to use when opening
                         tunnels may be specified via a configuration file.
                         To get more control of config options used to
                         open the tunnel, :func:`connect` can be called
                         explicitly, and the resulting client connection
                         can be passed as the tunnel argument.

       :param family: (optional)
           The address family to use when creating the server. By default,
           the address families are automatically selected based on the host.
       :param flags: (optional)
           The flags to pass to getaddrinfo() when looking up the host
       :param backlog: (optional)
           The maximum number of queued connections allowed on listeners
       :param sock: (optional)
           A pre-existing socket to use instead of creating and binding
           a new socket. When this is specified, host and port should not
       :param reuse_address: (optional)
           Whether or not to reuse a local socket in the TIME_WAIT state
           without waiting for its natural timeout to expire. If not
           specified, this will be automatically set to `True` on UNIX.
       :param reuse_port: (optional)
           Whether or not to allow this socket to be bound to the same
           port other existing sockets are bound to, so long as they all
           set this flag when being created. If not specified, the
           default is to not allow this. This option is not supported
           on Windows or Python versions prior to 3.4.4.
       :param acceptor: (optional)
           A `callable` or coroutine which will be called when the
           SSH handshake completes on an accepted connection, taking
           the :class:`SSHClientConnection` as an argument.
       :param error_handler: (optional)
           A `callable` which will be called whenever the SSH handshake
           fails on an accepted connection. It is called with the failed
           :class:`SSHClientConnection` and an exception object describing
           the failure. If not specified, failed handshakes result in the
           connection object being silently cleaned up.
       :param config: (optional)
           Paths to OpenSSH client configuration files to load. This
           configuration will be used as a fallback to override the
           defaults for settings which are not explicitly specified using
           AsyncSSH's configuration options. If no paths are specified and
           no config paths were set when constructing the `options`
           argument (if any), an attempt will be made to load the
           configuration from the file :file:`.ssh/config`. If this
           argument is explicitly set to `None`, no new configuration
           files will be loaded, but any configuration loaded when
           constructing the `options` argument will still apply. See
           :ref:`SupportedClientConfigOptions` for details on what
           configuration options are currently supported.
       :param options: (optional)
           Options to use when starting reverse-direction SSH clients.
           These options can be specified either through this parameter
           or as direct keyword arguments to this function.
       :type host: `str`
       :type port: `int`
       :type tunnel: :class:`SSHClientConnection` or `str`
       :type family: `socket.AF_UNSPEC`, `socket.AF_INET`, or `socket.AF_INET6`
       :type flags: flags to pass to :meth:`getaddrinfo() <socket.getaddrinfo>`
       :type backlog: `int`
       :type sock: :class:`socket.socket` or `None`
       :type reuse_address: `bool`
       :type reuse_port: `bool`
       :type acceptor: `callable` or coroutine
       :type error_handler: `callable`
       :type config: `list` of `str`
       :type options: :class:`SSHClientConnectionOptions`

       :returns: :class:`SSHAcceptor`

    rcr�)rwryrr�rrrD@%rz$listen_reverse.<locals>.conn_factoryr�Nz*Creating reverse direction SSH listener onr|)	rurKrr[r�r�r~r�rr�rr�rr6�$s&�w�����r6r*c�s0�t||fd|i|��IdH}|tt|���fS)a�Create an SSH client connection

       This is a coroutine which wraps around :func:`connect`, providing
       backward compatibility with older AsyncSSH releases. The only
       differences are that the `client_factory` argument is the first
       positional argument in this call rather than being a keyword argument
       or specified via an :class:`SSHClientConnectionOptions` object and
       the return value is a tuple of an :class:`SSHClientConnection` and
       :class:`SSHClient` rather than just the connection, mirroring
       :meth:`asyncio.AbstractEventLoop.create_connection`.

       :returns: An :class:`SSHClientConnection` and :class:`SSHClient`

    r*N)rrr0r�)r*r)r�rr�rrrrU%s
��rr`c�r-)a�Create an SSH server

       This is a coroutine which wraps around :func:`listen`, providing
       backward compatibility with older AsyncSSH releases. The only
       difference is that the `server_factory` argument is the first
       positional argument in this call rather than being a keyword argument
       or specified via an :class:`SSHServerConnectionOptions` object,
       mirroring :meth:`asyncio.AbstractEventLoop.create_server`.

    r`Nr3)r`r)r�rrrrr n%s��r )rqr�r�r'r�r�rr�r�rtr%r�rr�r�c�s��dtf��fdd�}
t���tj|f|||||||d|
dddd|	|d��IdH�tjt�|�|||
d��jd�IdH}|��}|�	�|�
�IdH|S)	a,Retrieve an SSH server's host key

       This is a coroutine which can be run to connect to an SSH server and
       return the server host key presented during the SSH handshake.

       A list of server host key algorithms can be provided to specify
       which host key types the server is allowed to choose from. If the
       key exchange is successful, the server host key sent during the
       handshake is returned.

           .. note:: Not all key exchange methods involve the server
                     presenting a host key. If something like GSS key
                     exchange is used without a server host key, this
                     method may return `None` even when the handshake
                     completes.

       :param host: (optional)
           The hostname or address to connect to
       :param port: (optional)
           The port number to connect to. If not specified, the default
           SSH port is used.
       :param tunnel: (optional)
           An existing SSH client connection that this new connection should
           be tunneled over. If set, a direct TCP/IP tunnel will be opened
           over this connection to the requested host and port rather than
           connecting directly via TCP. A string of the form
           [user@]host[:port] may also be specified, in which case a
           connection will be made to that host and then used as a tunnel.
           A comma-separated list may also be specified to establish a
           tunnel through multiple hosts.

               .. note:: When specifying tunnel as a string, any config
                         options in the call will apply only when opening
                         a connection to the final destination host and
                         port. However, settings to use when opening
                         tunnels may be specified via a configuration file.
                         To get more control of config options used to
                         open the tunnel, :func:`connect` can be called
                         explicitly, and the resulting client connection
                         can be passed as the tunnel argument.

       :param proxy_command: (optional)
           A string or list of strings specifying a command and arguments
           to run to make a connection to the SSH server. Data will be
           forwarded to this process over stdin/stdout instead of opening a
           TCP connection. If specified as a string, standard shell quoting
           will be applied when splitting the command and its arguments.
       :param family: (optional)
           The address family to use when creating the socket. By default,
           the address family is automatically selected based on the host.
       :param flags: (optional)
           The flags to pass to getaddrinfo() when looking up the host address
       :param local_addr: (optional)
           The host and port to bind the socket to before connecting
       :param sock: (optional)
           An existing already-connected socket to run SSH over, instead of
           opening up a new connection. When this is specified, none of
           host, port family, flags, or local_addr should be specified.
       :param client_version: (optional)
           An ASCII string to advertise to the SSH server as the version of
           this client, defaulting to `'AsyncSSH'` and its version number.
       :param kex_algs: (optional)
           A list of allowed key exchange algorithms in the SSH handshake,
           taken from :ref:`key exchange algorithms <KexAlgs>`
       :param server_host_key_algs: (optional)
           A list of server host key algorithms to allow during the SSH
           handshake, taken from :ref:`server host key algorithms
           <PublicKeyAlgs>`.
       :param config: (optional)
           Paths to OpenSSH client configuration files to load. This
           configuration will be used as a fallback to override the
           defaults for settings which are not explicitly specified using
           AsyncSSH's configuration options. If no paths are specified and
           no config paths were set when constructing the `options`
           argument (if any), an attempt will be made to load the
           configuration from the file :file:`.ssh/config`. If this
           argument is explicitly set to `None`, no new configuration
           files will be loaded, but any configuration loaded when
           constructing the `options` argument will still apply. See
           :ref:`SupportedClientConfigOptions` for details on what
           configuration options are currently supported.
       :param options: (optional)
           Options to use when establishing the SSH client connection used
           to retrieve the server host key. These options can be specified
           either through this parameter or as direct keyword arguments to
           this function.
       :type host: `str`
       :type port: `int`
       :type tunnel: :class:`SSHClientConnection` or `str`
       :type proxy_command: `str` or `list` of `str`
       :type family: `socket.AF_UNSPEC`, `socket.AF_INET`, or `socket.AF_INET6`
       :type flags: flags to pass to :meth:`getaddrinfo() <socket.getaddrinfo>`
       :type local_addr: tuple of `str` and `int`
       :type sock: :class:`socket.socket` or `None`
       :type client_version: `str`
       :type kex_algs: `str` or `list` of `str`
       :type server_host_key_algs: `str` or `list` of `str`
       :type config: `list` of `str`
       :type options: :class:`SSHClientConnectionOptions`

       :returns: An :class:`SSHKey` public key or `None`

    rcru)rwrrrxryrrzrrrD�%rz)get_server_host_key.<locals>.conn_factoryNr�)rtr)r�rqr�r�r�r�r�rGrIrNrxr�rzFetching server host key fromr|)rurKrr[r�r~r�rr�rfr�)r)r�rqr�r�r'r�r�rr�r�rtr%rDr��server_host_keyrrzrr��%s.�s����r�ryc	�s��dtf��fdd�}t���tj|
fid|�d|�d|�d|�d|�d	|�d
|�d|�dd
�d|�dd
�dd
�dd�dd
�d|
�d|	��Id
H�tjt�|�|||d��jd�Id
H}|��}|�	�|�
�Id
H|S)arRetrieve an SSH server's allowed auth methods

       This is a coroutine which can be run to connect to an SSH server and
       return the auth methods available to authenticate to it.

           .. note:: The key exchange with the server must complete
                     successfully before the list of available auth
                     methods can be returned, so be sure to specify any
                     arguments needed to complete the key exchange.
                     Also, auth methods may vary by user, so you may
                     want to specify the specific user you would like
                     to get auth methods for.

       :param host: (optional)
           The hostname or address to connect to
       :param port: (optional)
           The port number to connect to. If not specified, the default
           SSH port is used.
       :param username: (optional)
           Username to authenticate as on the server. If not specified,
           the currently logged in user on the local machine will be used.
       :param tunnel: (optional)
           An existing SSH client connection that this new connection should
           be tunneled over. If set, a direct TCP/IP tunnel will be opened
           over this connection to the requested host and port rather than
           connecting directly via TCP. A string of the form
           [user@]host[:port] may also be specified, in which case a
           connection will be made to that host and then used as a tunnel.
           A comma-separated list may also be specified to establish a
           tunnel through multiple hosts.

               .. note:: When specifying tunnel as a string, any config
                         options in the call will apply only when opening
                         a connection to the final destination host and
                         port. However, settings to use when opening
                         tunnels may be specified via a configuration file.
                         To get more control of config options used to
                         open the tunnel, :func:`connect` can be called
                         explicitly, and the resulting client connection
                         can be passed as the tunnel argument.

       :param proxy_command: (optional)
           A string or list of strings specifying a command and arguments
           to run to make a connection to the SSH server. Data will be
           forwarded to this process over stdin/stdout instead of opening a
           TCP connection. If specified as a string, standard shell quoting
           will be applied when splitting the command and its arguments.
       :param family: (optional)
           The address family to use when creating the socket. By default,
           the address family is automatically selected based on the host.
       :param flags: (optional)
           The flags to pass to getaddrinfo() when looking up the host address
       :param local_addr: (optional)
           The host and port to bind the socket to before connecting
       :param sock: (optional)
           An existing already-connected socket to run SSH over, instead of
           opening up a new connection. When this is specified, none of
           host, port family, flags, or local_addr should be specified.
       :param client_version: (optional)
           An ASCII string to advertise to the SSH server as the version of
           this client, defaulting to `'AsyncSSH'` and its version number.
       :param kex_algs: (optional)
           A list of allowed key exchange algorithms in the SSH handshake,
           taken from :ref:`key exchange algorithms <KexAlgs>`
       :param server_host_key_algs: (optional)
           A list of server host key algorithms to allow during the SSH
           handshake, taken from :ref:`server host key algorithms
           <PublicKeyAlgs>`.
       :param config: (optional)
           Paths to OpenSSH client configuration files to load. This
           configuration will be used as a fallback to override the
           defaults for settings which are not explicitly specified using
           AsyncSSH's configuration options. If no paths are specified and
           no config paths were set when constructing the `options`
           argument (if any), an attempt will be made to load the
           configuration from the file :file:`.ssh/config`. If this
           argument is explicitly set to `None`, no new configuration
           files will be loaded, but any configuration loaded when
           constructing the `options` argument will still apply. See
           :ref:`SupportedClientConfigOptions` for details on what
           configuration options are currently supported.
       :param options: (optional)
           Options to use when establishing the SSH client connection used
           to retrieve the server host key. These options can be specified
           either through this parameter or as direct keyword arguments to
           this function.
       :type host: `str`
       :type port: `int`
       :type tunnel: :class:`SSHClientConnection` or `str`
       :type proxy_command: `str` or `list` of `str`
       :type family: `socket.AF_UNSPEC`, `socket.AF_INET`, or `socket.AF_INET6`
       :type flags: flags to pass to :meth:`getaddrinfo() <socket.getaddrinfo>`
       :type local_addr: tuple of `str` and `int`
       :type sock: :class:`socket.socket` or `None`
       :type client_version: `str`
       :type kex_algs: `str` or `list` of `str`
       :type server_host_key_algs: `str` or `list` of `str`
       :type config: `list` of `str`
       :type options: :class:`SSHClientConnectionOptions`

       :returns: a `list` of `str`

    rcru)rwr�rxryrrzrrrD�&rz-get_server_auth_methods.<locals>.conn_factoryrtr)r�ryrqr�r�r�r�Nr�rGrIrNr�rxr�rz!Fetching server auth methods fromr|)rurKrr[r�r~r�rr�rfr�)r)r�ryrqr�r�r'r�r�rr�r�rtr%rDr��server_auth_methodsrrzrr�&s`�r����������������
�	��r�rE)rNr_)r�rr(rrKr8rPr6rbr/rMr�r3r�r�rJ�collectionsrr�pathlibr�typesr�typingrrrr	r
rrr
rrrrrrrrr�typing_extensionsrrr�rrr�rrrrr r!r"r#r$r%�	auth_keysr&r'r�r(r)r*r+r,r-r.r/�clientr0r�r1r2r3r4r5r6r7rtr8r9r:r;�	constantsr<r=r>r?r@rArBrCrDrErFrGrHrIrJrKrLrMrNrOrPrQrRrSrTrUrVrWrXrYrZr[r�r\r]r^r_r`�forwardra�gssrbrcrdrerrrfrgrhrirj�keysignrkrlrmrnr�rorpr�rqrrrsrtrurvrwrxry�loggingrzr{r>r|r}�miscr~rr�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�rBr�r�r�r�r�r�r�r�r�r�r�r��pkcs11r�rr�r�r�r�r�r�r��
public_keyr�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�rYr�r�r�r��streamr�r�r�r�r�r�r�r�r�r��
subprocessr�r�r�r��tuntapr�r�r�r�r�r��x11r�r�r�r�r��cryptor�rfrqr)r�rr^rrrrRrirSrr�rr�r�r.rrarVr-�_GlobalRequestr�_GlobalRequestResultr
�_KeyOrCertOptionsr�r,rWrdre�_TunnelConnector�_TunnelListenerr+rZrwr�r%rr"r�r r!r_rTrUrXrYrrrsrQrBrrr�r�r�rr�r�r�r�r�r�rrur�rr[rgr�r�rr1�
AI_PASSIVEr4r6rr r�r�rrrr�<module>s� $     ""�
�	�
�(

��>����K��%������U���������:����%�����%���������%lU}uxiP����5����0����������v������������d������������	�	�{�����������	�
�
�
����
�����������������	�
���������������	�	�
@ Telegram