make ReverseMappingCheck optional in sshd_config; ok djm@,dugsong@

point at sshd(8) and ssh(1)

$OpenBSD$

oops

support supplementary group in {Allow,Deny}Groups
from stevesk@pobox.com

implement option 'Banner /etc/issue.net' for ssh2, move version to
2.3.1 (needed for bugcompat detection, 2.3.0 would fail if Banner
is enabled).

add entry for HostKey /etc/ssh_host_dsa_key, and comment for ssh-2 rsa keys

add support for RSA to SSH2. please test.

there are now 3 types of keys: RSA1 is used by ssh-1 only,
RSA and DSA are used by SSH2.

you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA

add support for RSA to SSH2. please test.

there are now 3 types of keys: RSA1 is used by ssh-1 only,
RSA and DSA are used by SSH2.

you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA
keys for SSH2 and use the RSA keys for hostkeys or for user keys.

SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before.

IdentityFile2, HostDsaKey and DSAAuthentication are obsolete.
you can use multiple IdentityFile and HostKey for all types of keys.

the option DSAAuthentication is replaced by PubkeyAuthetication.

show more ...

add support for s/key (kbd-interactive) to ssh2, based on work by mkiernan@avantgo.com and me

implement a SFTP server. interops with sftp2, scp2 and the windows
client from ssh.com

MaxStartups

random early drop; ok theo, niels

add support for ssh v2 subsystems. ok markus@.

show 'Protocol' as an example, ok markus@

ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features:
sshd allows multiple ListenAddress and Port options. note that libwrap is
not IPv6-ready. (based on patches from fujiwara@r

ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features:
sshd allows multiple ListenAddress and Port options. note that libwrap is
not IPv6-ready. (based on patches from fujiwara@rcac.tdi.co.jp)

show more ...

IgnoreUserKnownHosts(default=no), used for RhostRSAAuth, ok deraadt,millert

add LogLevel {QUIET, FATAL, ERROR, INFO, CHAT, DEBUG} to ssh/sshd,
obsoletes QuietMode and FascistLogging in sshd.

remove AllowHosts, DenyHosts, SilentDeny server access control cruft - replace with LIBWRAP moved to child. ok markus@ deraat@

UseLogin, default=no, from kpa@gmx.net, ok deraadt@

You have Mail. Email fuer Dich. Karsten Patzwaldt <kpa@gmx.net> default=no

add skey to sshd:

1) pass *pw to auth_password() not user_name, do_authentication already
keeps private copy of struct passwd for current user.
2) limit authentication attemps to 5, otherwise

add skey to sshd:

1) pass *pw to auth_password() not user_name, do_authentication already
keeps private copy of struct passwd for current user.
2) limit authentication attemps to 5, otherwise
ssh -o 'NumberOfPasswordPrompts 100000' host
lets you enter 100000 passwds
3) make s/key a run-time option in /etc/sshd_config
4) generate fake skeys,
for s/key for nonexisting users, too
limit auth-tries for nonexisting users, too.
Note that
% ssh -l nonexisting-user -o 'NumberOfPasswordPrompts 100000' host
has NO limits in ssh-1.2.27

show more ...

nicer default

randomseed is really gone now

show other krb options

PasswordAuthentication on by default