1. 17 Oct, 2013 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2013/10/16 02:31:47 · 0faf747e
      Damien Miller authored
           [readconf.c readconf.h roaming_client.c ssh.1 ssh.c ssh_config.5]
           [sshconnect.c sshconnect.h]
           Implement client-side hostname canonicalisation to allow an explicit
           search path of domain suffixes to use to convert unqualified host names
           to fully-qualified ones for host key matching.
           This is particularly useful for host certificates, which would otherwise
           need to list unqualified names alongside fully-qualified ones (and this
           causes a number of problems).
           "looks fine" markus@
  2. 01 Dec, 2010 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2010/11/29 23:45:51 · d925dcd8
      Damien Miller authored
           [auth.c hostfile.c hostfile.h ssh.c ssh_config.5 sshconnect.c]
           [sshconnect.h sshconnect2.c]
           automatically order the hostkeys requested by the client based on
           which hostkeys are already recorded in known_hosts. This avoids
           hostkey warnings when connecting to servers with new ECDSA keys
           that are preferred by default; with markus@
  3. 07 Oct, 2010 1 commit
  4. 21 Jun, 2009 1 commit
    • Darren Tucker's avatar
      - andreas@cvs.openbsd.org 2009/05/28 16:50:16 · 1cc55d7a
      Darren Tucker authored
           [sshd.c packet.c serverloop.c monitor_wrap.c clientloop.c sshconnect.c
           Keep track of number of bytes read and written. Needed for upcoming
           changes. Most code from Martin Forssen, maf at appgate dot com.
           ok markus@
  5. 17 Sep, 2007 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2007/09/04 11:15:56 · 67bd062b
      Damien Miller authored
           [ssh.c sshconnect.c sshconnect.h]
           make ssh(1)'s ConnectTimeout option apply to both the TCP connection and
           SSH banner exchange (previously it just covered the TCP connection).
           This allows callers of ssh(1) to better detect and deal with stuck servers
           that accept a TCP connection but don't progress the protocol, and also
           makes ConnectTimeout useful for connections via a ProxyCommand;
           feedback and "looks ok" markus@
  6. 05 Aug, 2006 1 commit
    • Damien Miller's avatar
      - deraadt@cvs.openbsd.org 2006/08/03 03:34:42 · d7834353
      Damien Miller authored
           [OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
           [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
           [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
           [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
           [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
           [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
           [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
           [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
           [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
           [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
           [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
           [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
           [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
           [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
           [serverloop.c session.c session.h sftp-client.c sftp-common.c]
           [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
           [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
           [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
           [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
           [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
           [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
           almost entirely get rid of the culture of ".h files that include .h files"
           ok djm, sort of ok stevesk
           makes the pain stop in one easy step
           NB. portable commit contains everything *except* removing includes.h, as
           that will take a fair bit more work as we move headers that are required
           for portability workarounds to defines.h. (also, this step wasn't "easy")
  7. 10 Jul, 2006 2 commits
    • Damien Miller's avatar
      - stevesk@cvs.openbsd.org 2006/07/08 21:47:12 · e3b60b52
      Damien Miller authored
           [authfd.c canohost.c clientloop.c dns.c dns.h includes.h]
           [monitor_fdpass.c nchan.c packet.c servconf.c sftp.c ssh-agent.c]
           [ssh-keyscan.c ssh.c sshconnect.h sshd.c sshlogin.h]
           move #include <sys/socket.h> out of includes.h
    • Damien Miller's avatar
      - stevesk@cvs.openbsd.org 2006/07/06 16:03:53 · 9f2abc47
      Damien Miller authored
           [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c]
           [auth-rhosts.c auth-rsa.c auth.c auth.h auth2-hostbased.c]
           [auth2-pubkey.c auth2.c includes.h misc.c misc.h monitor.c]
           [monitor_wrap.c monitor_wrap.h scp.c serverloop.c session.c]
           [session.h sftp-common.c ssh-add.c ssh-keygen.c ssh-keysign.c]
           [ssh.c sshconnect.c sshconnect.h sshd.c sshpty.c sshpty.h uidswap.c]
           move #include <pwd.h> out of includes.h; ok markus@
  8. 13 Jun, 2006 1 commit
    • Damien Miller's avatar
      - markus@cvs.openbsd.org 2006/06/06 10:20:20 · 6b4069ad
      Damien Miller authored
           [readpass.c sshconnect.c sshconnect.h sshconnect2.c uidswap.c]
           replace remaining setuid() calls with permanently_set_uid() and
           check seteuid() return values; report Marcus Meissner; ok dtucker djm
  9. 26 Mar, 2006 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2006/03/25 22:22:43 · 51096383
      Damien Miller authored
           [atomicio.h auth-options.h auth.h auth2-gss.c authfd.h authfile.h]
           [bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h]
           [compat.h compress.h crc32.c crc32.h deattack.h dh.h dispatch.h]
           [dns.c dns.h getput.h groupaccess.h gss-genr.c gss-serv-krb5.c]
           [gss-serv.c hostfile.h includes.h kex.h key.h log.h mac.h match.h]
           [misc.h monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h msg.h]
           [myproposal.h packet.h pathnames.h progressmeter.h readconf.h rsa.h]
           [scard.h servconf.h serverloop.h session.h sftp-common.h sftp.h]
           [ssh-gss.h ssh.h ssh1.h ssh2.h sshconnect.h sshlogin.h sshpty.h]
           [ttymodes.h uidswap.h uuencode.h xmalloc.h]
           standardise spacing in $OpenBSD$ tags; requested by deraadt@
  10. 13 Dec, 2005 1 commit
    • Damien Miller's avatar
      - reyk@cvs.openbsd.org 2005/12/06 22:38:28 · d27b9471
      Damien Miller authored
           [auth-options.c auth-options.h channels.c channels.h clientloop.c]
           [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h]
           [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c]
           [sshconnect.h sshd.8 sshd_config sshd_config.5]
           Add support for tun(4) forwarding over OpenSSH, based on an idea and
           initial channel code bits by markus@. This is a simple and easy way to
           use OpenSSH for ad hoc virtual private network connections, e.g.
           administrative tunnels or secure wireless access. It's based on a new
           ssh channel and works similar to the existing TCP forwarding support,
           except that it depends on the tun(4) network interface on both ends of
           the connection for layer 2 or layer 3 tunneling. This diff also adds
           support for LocalCommand in the ssh(1) client.
           ok djm@, markus@, jmc@ (manpages), tested and discussed with others
  11. 21 Jun, 2002 1 commit
    • Ben Lindstrom's avatar
      - deraadt@cvs.openbsd.org 2002/06/19 00:27:55 · cb72e4f6
      Ben Lindstrom authored
           [auth-bsdauth.c auth-skey.c auth1.c auth2-chall.c auth2-none.c authfd.c
            authfd.h monitor_wrap.c msg.c nchan.c radix.c readconf.c scp.c sftp.1
            ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c
            ssh-keysign.c ssh.1 sshconnect.c sshconnect.h sshconnect2.c ttymodes.c
           KNF done automatically while reading....
  12. 11 Jun, 2002 1 commit
    • Ben Lindstrom's avatar
      - markus@cvs.openbsd.org 2002/06/11 04:14:26 · f9c4884c
      Ben Lindstrom authored
           [ssh.c sshconnect.c sshconnect.h]
           no longer use uidswap.[ch] from the ssh client
           run less code with euid==0 if ssh is installed setuid root
           just switch the euid, don't switch the complete set of groups
           (this is only needed by sshd). ok provos@
  13. 09 Jun, 2002 2 commits
  14. 06 Jun, 2002 1 commit
    • Ben Lindstrom's avatar
      - markus@cvs.openbsd.org 2002/05/23 19:24:30 · 1bad2568
      Ben Lindstrom authored
           [authfile.c authfile.h pathnames.h ssh.c sshconnect.c sshconnect.h
            sshconnect1.c sshconnect2.c ssh-keysign.8 ssh-keysign.c Makefile.in]
           add /usr/libexec/ssh-keysign: a setuid helper program for hostbased
           authentication in protocol v2 (needs to access the hostkeys).
      Note: Makefile.in untested.  Will test after merge is finished.
  15. 10 Oct, 2001 1 commit
  16. 04 Jul, 2001 2 commits
    • Ben Lindstrom's avatar
      - markus@cvs.openbsd.org 2001/06/26 17:27:25 · 4cc240da
      Ben Lindstrom authored
           [authfd.h authfile.h auth.h auth-options.h bufaux.h buffer.h
            canohost.h channels.h cipher.h clientloop.h compat.h compress.h
            crc32.h deattack.h dh.h dispatch.h groupaccess.c groupaccess.h
            hostfile.h kex.h key.h log.c log.h mac.h misc.c misc.h mpaux.h
            packet.h radix.h readconf.h readpass.h rsa.h servconf.h serverloop.h
            session.h sftp-common.c sftp-common.h sftp-glob.h sftp-int.h
            sshconnect.h ssh-dss.h sshlogin.h sshpty.h ssh-rsa.h sshtty.h
            tildexpand.h uidswap.h uuencode.h xmalloc.h]
           remove comments from .h, since they are cut&paste from the .c files
           and out of sync
    • Ben Lindstrom's avatar
      - itojun@cvs.openbsd.org 2001/06/26 06:33:07 · b4c774cf
      Ben Lindstrom authored
           [servconf.h serverloop.h session.h sftp-client.h sftp-common.h
            sftp-glob.h sftp-int.h sshconnect.h ssh-dss.h sshlogin.h sshpty.h
            ssh-rsa.h tildexpand.h uidswap.h uuencode.h xmalloc.h]
           prototype pedant.  not very creative...
           - () -> (void)
           - no variable names
  17. 25 Jun, 2001 1 commit
    • Ben Lindstrom's avatar
      - markus@cvs.openbsd.org 2001/06/23 02:34:33 · d6481ea4
      Ben Lindstrom authored
           [kexdh.c kexgex.c kex.h pathnames.h readconf.c servconf.h ssh.1
            sshconnect1.c sshconnect2.c sshconnect.c sshconnect.h sshd.8]
           get rid of known_hosts2, use it for hostkey lookup, but do not
  18. 12 Apr, 2001 1 commit
    • Ben Lindstrom's avatar
      - markus@cvs.openbsd.org 2001/04/12 19:15:26 · 5eabda30
      Ben Lindstrom authored
           [auth-rhosts.c auth.h auth2.c buffer.c canohost.c canohost.h
            compat.c compat.h hostfile.c pathnames.h readconf.c readconf.h
            servconf.c servconf.h ssh.c sshconnect.c sshconnect.h sshconnect1.c
            sshconnect2.c sshd_config]
           implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2)
           similar to RhostRSAAuthentication unless you enable (the experimental)
           HostbasedUsesNameFromPacketOnly option.  please test. :)
  19. 08 Apr, 2001 1 commit
    • Ben Lindstrom's avatar
      - markus@cvs.openbsd.org 2001/04/06 21:00:17 · 3fcf1a22
      Ben Lindstrom authored
           [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth2.c channels.c session.c
            ssh.c sshconnect.c sshconnect.h uidswap.c uidswap.h]
           do gid/groups-swap in addition to uid-swap, should help if /home/group
           is chmod 750 + chgrp grp /home/group/, work be deraadt and me, thanks
           to olar@openwall.com is comments.  we had many requests for this.
  20. 26 Mar, 2001 1 commit
  21. 16 Feb, 2001 1 commit
    • Damien Miller's avatar
      - (djm) OpenBSD CVS: · 79438cc0
      Damien Miller authored
         - markus@cvs.openbsd.org  2001/02/15 16:19:59
           [channels.c channels.h serverloop.c sshconnect.c sshconnect.h]
           [sshconnect1.c sshconnect2.c]
           genericize password padding function for SSH1 and SSH2.
           add stylized echo to 2, too.
       - (djm) Add roundup() macro to defines.h
  22. 29 Jan, 2001 1 commit
    • Ben Lindstrom's avatar
      - niklas@cvs.openbsd.org 2001/01/2001 · 36579d3d
      Ben Lindstrom authored
           [atomicio.h canohost.h clientloop.h deattack.h dh.h dispatch.h
            groupaccess.c groupaccess.h hmac.h hostfile.h includes.h kex.h
            key.h log.h login.h match.h misc.h myproposal.h nchan.ms pathnames.h
            radix.h readpass.h rijndael.h serverloop.h session.h sftp.h ssh-add.1
            ssh-dss.h ssh-keygen.1 ssh-keyscan.1 ssh-rsa.h ssh1.h ssh_config
            sshconnect.h sshd_config tildexpand.h uidswap.h uuencode.h]
  23. 22 Jan, 2001 1 commit
    • Ben Lindstrom's avatar
      Hopefully things did not get mixed around too much. It compiles under · 226cfa03
      Ben Lindstrom authored
      Linux and works.  So that is at least a good sign. =)
       - (bal) OpenBSD Resync
         - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
           [servconf.c ssh.h sshd.c]
           only auth-chall.c needs #ifdef SKEY
         - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
           [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
            auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
            packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
            session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
            ssh1.h sshconnect1.c sshd.c ttymodes.c]
           move ssh1 definitions to ssh1.h, pathnames to pathnames.h
         - markus@cvs.openbsd.org 2001/01/19 16:48:14
           fix typo; from stevesk@
         - markus@cvs.openbsd.org 2001/01/19 16:50:58
           clear and free digest, make consistent with other code (use dlen); from
         - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
           [auth-options.c auth-options.h auth-rsa.c auth2.c]
           pass the filename to auth_parse_options()
         - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
           fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
         - stevesk@cvs.openbsd.org 2001/01/20 18:20:29
           dh_new_group() does not return NULL.  ok markus@
         - markus@cvs.openbsd.org 2001/01/20 21:33:42
           do not loop forever if askpass does not exist; from
         - djm@cvs.openbsd.org 2001/01/20 23:00:56
           Check for NULL return from strdelim; ok markus
         - djm@cvs.openbsd.org 2001/01/20 23:02:07
           KNF; ok markus
         - jakob@cvs.openbsd.org 2001/01/21 9:00:33
           remove -R flag; ok markus@
         - markus@cvs.openbsd.org 2001/01/21 19:05:40
           [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
            auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
            auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
            bufaux.c  bufaux.h buffer.c canahost.c canahost.h channels.c
            cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
            deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
            key.c key.h log-client.c log-server.c log.c log.h login.c login.h
            match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
            readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
            session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
            ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
            sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
            ttysmodes.c uidswap.c xmalloc.c]
           split ssh.h and try to cleanup the #include mess. remove unnecessary
           #includes.  rename util.[ch] -> misc.[ch]
       - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
       - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
         conflict when compiling for non-kerb install
       - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
         on 1/19.
  24. 18 Jan, 2001 1 commit
    • Ben Lindstrom's avatar
      NOTE: This update changes the RSA key generation. *NEW RSA KEYS · bf555ba6
      Ben Lindstrom authored
            NEED TO BE GENERATED*  =)  Refer to to entry "2001/01/16 19:20:06"
            for more details.
       - (bal) Super Sized OpenBSD Resync
         - markus@cvs.openbsd.org 2001/01/11 22:14:20 GMT 2001 by markus
         - markus@cvs.openbsd.org 2001/01/13 17:59:18
           small ssh-keygen manpage cleanup; stevesk@pobox.com
         - markus@cvs.openbsd.org 2001/01/13 18:03:07
           [scp.c ssh-keygen.c sshd.c]
           getopt() returns -1 not EOF; stevesk@pobox.com
         - markus@cvs.openbsd.org 2001/01/13 18:06:54
           use SSH_DEFAULT_PORT; from stevesk@pobox.com
         - markus@cvs.openbsd.org 2001/01/13 18:12:47
           free() -> xfree(); fix memory leak; from stevesk@pobox.com
         - markus@cvs.openbsd.org 2001/01/13 18:14:13
           typo, from stevesk@sweden.hp.com
         - markus@cvs.openbsd.org 2001/01/13 18:32:50
           [packet.c session.c ssh.c sshconnect.c sshd.c]
           split out keepalive from packet_interactive (from dale@accentre.com)
         - markus@cvs.openbsd.org 2001/01/13 18:36:45
           [packet.c packet.h]
           reorder, typo
         - markus@cvs.openbsd.org 2001/01/13 18:38:00
           fix comment
         - markus@cvs.openbsd.org 2001/01/13 18:43:31
         - markus@cvs.openbsd.org 2001/01/13 19:14:08
           [clientloop.h clientloop.c ssh.c]
           move callback to headerfile
         - markus@cvs.openbsd.org 2001/01/15 21:40:10
           use log() instead of stderr
         - markus@cvs.openbsd.org 2001/01/15 21:43:51
           use error() not stderr!
         - markus@cvs.openbsd.org 2001/01/15 21:45:29
           rename must fail if newpath exists, debug off by default
         - markus@cvs.openbsd.org 2001/01/15 21:46:38
           readable long listing for sftp-server, ok deraadt@
         - markus@cvs.openbsd.org 2001/01/16 19:20:06
           [key.c ssh-rsa.c]
           make "ssh-rsa" key format for ssh2 confirm to the ietf-drafts; from
           galb@vandyke.com.  note that you have to delete older ssh2-rsa keys,
           since they are in the wrong format, too. they must be removed from
           .ssh/authorized_keys2 and .ssh/known_hosts2, etc.
           (cd; grep -v ssh-rsa .ssh/authorized_keys2 > TMP && mv TMP
           .ssh/authorized_keys2) additionally, we now check that
           BN_num_bits(rsa->n) >= 768.
         - markus@cvs.openbsd.org 2001/01/16 20:54:27
           remove some statics. simpler handles; idea from nisse@lysator.liu.se
         - deraadt@cvs.openbsd.org 2001/01/16 23:58:08
           [bufaux.c radix.c sshconnect.h sshconnect1.c]
       - (bal) Added bsd-strmode.[ch] since some non-OpenBSD platforms may
         be missing such feature.
  25. 16 Sep, 2000 1 commit
    • Damien Miller's avatar
      - (djm) Merge OpenBSD changes: · e4340be5
      Damien Miller authored
         - markus@cvs.openbsd.org  2000/09/05 02:59:57
           print hostname (not hushlogin)
         - markus@cvs.openbsd.org  2000/09/05 13:18:48
           [authfile.c ssh-add.c]
           enable ssh-add -d for DSA keys
         - markus@cvs.openbsd.org  2000/09/05 13:20:49
         - markus@cvs.openbsd.org  2000/09/06 03:46:41
         - deraadt@cvs.openbsd.org 2000/09/07 14:27:56
           cleanup copyright notices on all files.  I have attempted to be
           accurate with the details.  everything is now under Tatu's licence
           (which I copied from his readme), and/or the core-sdi bsd-ish thing
           for deattack, or various openbsd developers under a 2-term bsd
           licence.  We're not changing any rules, just being accurate.
         - markus@cvs.openbsd.org  2000/09/07 14:40:30
           [channels.c channels.h clientloop.c serverloop.c ssh.c]
           cleanup window and packet sizes for ssh2 flow control; ok niels
         - markus@cvs.openbsd.org  2000/09/07 14:53:00
         - markus@cvs.openbsd.org  2000/09/07 15:13:37
           [auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c]
           [authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h]
           [pty.c readconf.c]
           some more Copyright fixes
         - markus@cvs.openbsd.org  2000/09/08 03:02:51
           bye bye
         - deraadt@cvs.openbsd.org 2000/09/11 18:38:33
           [LICENCE cipher.c]
           a few more comments about it being ARC4 not RC4
         - markus@cvs.openbsd.org  2000/09/12 14:53:11
           [log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c]
           multiple debug levels
         - markus@cvs.openbsd.org  2000/09/14 14:25:15
         - deraadt@cvs.openbsd.org 2000/09/15 01:13:51
           check return value for setenv(3) for failure, and deal appropriately
  26. 29 Apr, 2000 1 commit
    • Damien Miller's avatar
      - Merge big update to OpenSSH-2.0 from OpenBSD CVS · eba71bab
      Damien Miller authored
         - interop w/ F-secure windows client
         - sync documentation
         - ssh_host_dsa_key not ssh_dsa_key
         - missing fclose
         [auth.c authfile.c compat.c dsa.c dsa.h hostfile.c key.c key.h radix.c]
         [readconf.c readconf.h ssh-add.c ssh-keygen.c ssh.c ssh.h sshconnect.c]
         [sshd.c uuencode.c uuencode.h authfile.h]
         - add DSA pubkey auth and other SSH2 fixes.  use ssh-keygen -[xX]
           for trading keys with the real and the original SSH, directly from the
           people who invented the SSH protocol.
         [auth.c auth.h authfile.c sshconnect.c auth1.c auth2.c sshconnect.h]
         [sshconnect1.c sshconnect2.c]
         - split auth/sshconnect in one file per protocol version
         - remove debug
         - add trailing =
         - OpenSSH-2.0
         [ssh-keygen.1 ssh-keygen.c]
         - add -R flag: exit code indicates if RSA is alive
         - remove unused
           silent if -Q is specified
         - host key becomes /etc/ssh_host_dsa_key
         [readconf.c servconf.c ]
         - ssh/sshd default to proto 1 and 2
         - remove debug
         [auth2.c ssh-keygen.c sshconnect2.c sshd.c]
         - xfree DSA blobs
         [auth2.c serverloop.c session.c]
         - cleanup logging for sshd/2, respect PasswordAuth no
         - less debug, respect .ssh/config
         [README.openssh2 channels.c channels.h]
         - clientloop.c session.c ssh.c
         - support for x11-fwding, client+server