From owner-freebsd-current  Sun May 14 22:52:13 2000
Delivered-To: freebsd-current@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP id 4CF8737B506
	for <current@freebsd.org>; Sun, 14 May 2000 22:52:11 -0700 (PDT)
	(envelope-from kris@FreeBSD.org)
Received: from localhost (kris@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id WAA42502
	for <current@freebsd.org>; Sun, 14 May 2000 22:52:11 -0700 (PDT)
	(envelope-from kris@FreeBSD.org)
X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs
Date: Sun, 14 May 2000 22:52:11 -0700 (PDT)
From: Kris Kennaway <kris@FreeBSD.org>
To: current@freebsd.org
Subject: OpenSSH 2.1
Message-ID: <Pine.BSF.4.21.0005142244050.39858-100000@freefall.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Okay, I've just committed OpenSSH 2.1 to -current. It was a difficult
merge because the OpenSSH guys basically ripped apart the source code when
they were rearranging it for SSH2 support, so I hope I put all of our
local changes back in the right places. I've tested this as much as I
could locally, but not all of the possibilities.

New in this version:

* SSH2 support. See www.openssh.com for interoperability details with
other SSH2 clients (I tested it with the ssh2 port and it seemed to work
well). See /usr/src/crypto/openssh/README.openssh2 for some brief
installation/operation notes, as well as the manpages. Note that if you
don't create a DSA key manually then one will be created for you on next
boot if you have sshd_enable=yes in your rc.conf

* OPIE support. This only works with the SSH1 protocol, unfortunately. I
still need to improve the way the sshd generates fake challenges for
nonexistent users, but it makes some attempt at present.

* Kerberos support is also limited to SSH1.

* No longer a dependency on RSA (and therefore rsaref for US folks): SSH2
can handle DSA keys which have no patent or usage restrictions. This means
we could now enable SSH2 out of the box in a crypto installation, with no
post-installation configuration requirements. We now have a truly free SSH
client/server!

Please let me know of any problems you find in the new code.

Kris

----
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe@alum.mit.edu>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message