2002-04-23  Sami J. Lehtinen  <sjl@ssh.com>

	* ssh-3.1.2.

	* sshd2: Fixed a security bug, that allowed a malicious client to
	  bypass "AllowedAuthentications" access
	  restrictions. RequiredAuthentications did the trick, though.

2001-11-12  Sami J. Lehtinen  <sjl@ssh.com>

	* ssh-3.1.0.

2001-11-06  Sami J. Lehtinen  <sjl@ssh.com>

	* ssh2 (ssh1 internal emulation): Added checking for hostkeys also
	  from the global hostkeys directory (typically /etc/ssh2/hostkeys).

	* Fixed compilation with ``--with-libwrap'' configuration
	  option. Now libwrap is only linked against ssh2 and sshd2, as only
	  they need it.

2001-11-01  Tomi Salo  <ttsalo@vintti.hel.fi.ssh.com>

	* sshd2: Implemented a new rule for certificate authorization,
	  SubjectRegex and fixed some older bugs.

2001-11-01  Sami J. Lehtinen  <sjl@ssh.com>

	* ssh-agent2: Fixed a couple of crashes when deleting ssh1 keys
	  from the agent.

	* You can now use subnet masks with {Allow,Deny}Hosts and
	  friends. You can specify a subnet mask by prefixing a pattern with
	  "\m", e.g. "\m192.168.0.0/16" etc. Remember, if you're not certain
	  of the correctness of your setup, use sshd-check-conf to verify
	  it. This affects numerous features, like public key options, as
	  well.

	* ssh2: Fixed a bug in public key authentication and
	  authentication layer, which caused a passphrase prompt to appear
	  even if agent was used (or two passphrases, whatever) when server
	  was using RequiredAuthentications.

	* sshd2: Changed RequiredAuthentications so that if it is defined,
	  AllowedAuthentications is not used at all. This will make it
	  easier to use RequiredAuthentications.

2001-10-29  Sami J. Lehtinen  <sjl@ssh.com>

	* Added creation of system-wide $(etcdir)/knowhosts and
	  $(etcdir)/hostkeys directories, so that admins don't have dig the
	  names from the man pages.

	* Added checks for existence of used defines
	  IP_{ADD,DROP}_MEMBERSHIP in sshunixudp.c, which are not present in
	  e.g. Ultrix, breaking compilation.

2001-10-27  Tomi Salo  <ttsalo@ssh.com>

	* PEM (base64) format now supported when reading certificates.

	* Certificates with no alternative names will now work with
	  certificate authentication.

2001-10-25  Sami J. Lehtinen  <sjl@ssh.com>

	* Previous: readline now also knows how to use terminfo (and
	  cursor keys seem to also work). sftp2 is now way better on Debian.

2001-10-24  Sami J. Lehtinen  <sjl@ssh.com>

	* sftp2: return something other than '0' (zero) when encountering
	  errors in batchmode.

2001-10-23  Sami J. Lehtinen  <sjl@ssh.com>

	* sshd2: Implemented SettableEnvironmentVars configuration option,
	  with which you can allow setting of environment variables by the
	  client (see SetRemoteEnv (ssh2_config(5))), public key options, or
	  the $HOME/.ssh2/environment file. This was done for security
	  reasons, as some systems have had local root exploits with these
	  (don't know of any currently, but better be safe than sorry). As
	  default, only few variables can be set (see the default
	  sshd2_config file), and if this list is empty, no variables can be
	  set by the means mentioned above.

2001-10-22  Tomi Salo  <ttsalo@ssh.com>

	* Tab-completion in sftp2 is now context-sensitive (works on the right
	  set of files, depending on command).

	* Fetching certificates and CRLs works now also via HTTP.

2001-10-18  Sami J. Lehtinen  <sjl@ssh.com>

	* Bug fix in sftp-server2 (first "ls -l" before cd had malformed
	  output).

2001-10-16  Tomi Mickelsson <tomi@ssh.com>

	* Bug fix: Server was not using SOCKS for LDAP CRL queries because
	  it didn't read SocksServer keyword from config file.

2001-10-04  Sami J. Lehtinen  <sjl@ssh.com>

	* ssh2: Implemented Ssh1MaskPasswordLength, which you can use if
	  you must absolutely be able to log in to servers, which have
	  non-RFC compliant sshd1s. Defaults to "yes". If you encounter
	  problems connecting to an ssh1 host, ie. "Junk data left to
	  incoming packet...", then you may want to set this to "no". Note
	  that this will disable the password length masking, e.g. the
	  length of your password can be quite easily deduced. So you better
	  know what you're doing when using this option.

2001-10-03  Sami J. Lehtinen  <sjl@ssh.com>

	* Previous (by tri and myself): ssh2, scp2, sftp2: "-4" and "-6"
	  options added (for specifying whether to use IPv4 or IPv6 when
	  connecting).

	* Added DebugLogFile configuration option. With this, you can
	  direct debug messages to specified file (syslog is _not_ used).

	* sftp2: Implemented command-line options "-4", "-6" (for IPv4
	  vs. IPv6 choosing, respectively) and "-o" to give configuration
	  options for ssh2 on the command line.

2001-09-25  Sami J. Lehtinen  <sjl@ssh.com>

	* sftp-server2: Implemented logging for the fileserver. As
	  default, sftp-server2 doesn't log anything, but by specifying
	  "SftpSyslogFacility" to a valid value it starts logging to syslog.

2001-09-24  Sami J. Lehtinen  <sjl@ssh.com>

	* ssh2: you can now connect without a home directory. Sensible
	  thing would be to set UserConfigDirectory to something, but you
	  don't have to (if you set StrictHostKeyChecking to "no"). Even
	  without a configuration directory, you should have some place to
	  store the random seed (check RandomSeedFile in ssh2_config(5)).

2001-09-19  Sami J. Lehtinen  <sjl@ssh.com>

	* sshd2: Removed handling of "AllowCshrcSourcingWithSubsystems"
	  all together, as it was hurting my eyes. (didn't do anything
	  expect print a warning message, anyway)

2001-09-16  Sami J. Lehtinen  <sjl@ssh.com>

	* ssh2: SIGPIPE is now detected correctly, so

	    % ssh2 foobar.org | true

	  will now exit (on SIGPIPE) instead of hanging indefinitely.

	* ssh2: Changed ssh2 to query a passphrase for a public key
	  multiple times, if reading the key fails because of an invalid
	  passphrase. Retained the property which makes sure that if all
	  keys are rejected by the server, the public key authentication is
	  disabled, and authentication will be continued with another
	  method.

	* sshd2: "AuthorizationFile" configuration parameter can now have
	  an absolute path (but then _all_ users have to use the same
	  authorization file). Public keys (or pgp-keys, or certificates)
	  specified in the authorization file can now be specified with
	  absolute paths, too.

	* sshd2: Fixed a bug, which caused approximately 30% slowdown on
	  10MB Ethernet in file transfer.
	
2001-09-13  Sami J. Lehtinen  <sjl@ssh.com>

	* sshd2: Added `-D <debug-string>' parameter, with which you can
	  debug sshd2 and it's children (makes sshd2 fork() when a new
	  connection comes, but it will still dump debug data). Debug
	  messages can be separated by the PID in the message.

2001-08-23  Graeme Ahokas  <gahokas@ssh.com>

        * File transfers with files greater than 2 gigabytes
          work on platforms supporting the 64 bit off_t data type.

2001-08-23  Sami J. Lehtinen  <sjl@ssh.com>

	* ssh2: Implemented "line mode" of sorts; pressing <escape-char>l
	  will put the filter accumulating input text, and entering a
	  newline will make ssh2 output it all at once, so no stroke
	  intervals can be measured, making traffic analysis a bit harder.

2001-08-08  Sami J. Lehtinen  <sjl@ssh.com>

	* ssh2,sshd2: '=' can also be used to separate configuration
	  parameters from values.

	* Previous (by graeme, ttsalo and kivinen): Security fix for
	  password auth (problems with passwords less than 2 characters).

2001-05-28  Sami J. Lehtinen  <sjl@ssh.com>

	* ssh-3.0.0.

2001-05-28  Tomi Salo  <ttsalo@ssh.com>

	* Support for multiple hostkeys added.

	* Support for X.509 certificates added in user authentication 
	  and hostkeys. (Note: certificate support only in commercial
	  version.)

	* HP-UX trusted mode support works much better now (no more
	  recompilation needed when switching from non-trusted
	  to trusted or vice versa)

2001-05-28  Sami J. Lehtinen  <sjl@ssh.com>

	* Added ./configure parameter --with-piddir.

	* Added sshd-check-conf.

2001-05-26  Sami J. Lehtinen  <sjl@ssh.com>

	* ssh2: hostkeys with IPv6 addresses ("::1") are now saved to disk
	  with the colons included (and not escaped in octal).

	* scp2: Host name can now be enclosed in square brackets to allow
	  colons in host address (IPv6 addresses).

	* ssh2 (by tri): forward parameter parsing changes to accommondate
	  IPv6 addresses. Read ssh2(1) for more information.

2001-05-25  Sami J. Lehtinen  <sjl@ssh.com>

	* Added configure summary.

2001-05-23  Sami J. Lehtinen  <sjl@ssh.com>

	* ssh2 (ssh1 internal emulation)(by tri): Password length masking
	  with ignore packets.

	* Previous: RSA is now included.

	* Added support for IPv6. If this breaks something, it can be
	  disabled with --without-ipv6 at ./configure .

	* Changed "hostbased" authentication to work with certicates,
	  too. (Note: certificate support only in commercial version.)

2001-05-18  Sami J. Lehtinen  <sjl@ssh.com>

	* Added "metaconfiguration" to configuration files. Only allowed
	  pattern is currently "REGEX-SYNTAX" with values of "ssh", "egrep"
	  and "zsh_fileglob". Also "traditional" is recognized and is
	  synonymous to "zsh_fileglob". This metaconfiguration variable is
	  parsed if config file version is "1.1" or higher.

	    Example ssh(d)2_config header:
	    
	      ## SSH CONFIG FILE VERSION 1.1
	      ## REGEX-SYNTAX egrep
	      ## end of metaconfig
	
	* Added possibility to match only IP-addresses by prepending "\i"
	  to a host pattern. For example, "\i192.*\.3" would only match
	  IP-addresses like 192.0.0.3. Same applies to "user@host". For
	  example, "sjl@\i192.*\.3". This change applies to all .*Hosts and
	  .*Users configuration variables.

	* sshd2: Added forced password changing.

	* Added padding of authentication packets with SSH_MSG_IGNOREs
	  before sending them through the wire. It is now "harder"
	  to perform traffic analysis of the authentication with ssh.

2001-05-14  Sami J. Lehtinen  <sjl@ssh.com>

	* Removed handling of RhostsAuthentication and
	  RhostsPubkeyAuthentication (they weren't implemented, and won't
	  be).

2001-05-11  Graeme Ahokas     <gahokas@ssh.com>

        * sftp2: Added some command line options. -B is now the
          command line option for specifying a batch file.
          The -b and -N options have been added and are used as in scp2
          for fine tuning file copy performance.
          Finally, the -P, -c, and -m options have been added allowing
          users to specify a port, cipher, and mac, respectively.

        * ssh2, sftp2, scp2: The #port option specified after the hostname
          will now override all other ports specified through command 
          line parameters or configuration files. Options are still processed
          in a left to right fashion.

2001-05-08  Graeme Ahokas     <gahokas@ssh.com>

        * ssh-certenroll2: ssh-certenroll2 is now in commercial distributions
          with certificate support. Allows users to connect to a CA and
          enroll their own certificates using the CMP2 enrollment protocol.

2001-04-27  Graeme Ahokas     <gahokas@ssh.com>

        * sshd2: Fixed the lastlog corruption problem in AIX. Will also
          now correctly log unsuccessful password authentication attempts
          to the lastlog file, and deny access if unsuccessfull_login_attempts
          is greater than or equal to the number of failed logins allowed.

2001-04-23  Sami J. Lehtinen  <sjl@ssh.com>

	* ssh2: Re-enable disabled forwardings, if user wants to change
	  key on disk during key exchange.

2001-04-14  Sami J. Lehtinen  <sjl@ssh.com>

	* sshd2: Implemented full support for public key options. The
	  "Command" keyword still works, but is deprecated. Use the new
	  "Options" keyword instead. Documentation is in ``man ssh2''.

2001-04-12  Sami J. Lehtinen  <sjl@ssh.com>

	* Changed to use absolute paths when executing auxiliary programs
	  (ssh-signer2 with ssh2, ssh-pam-client with sshd2, ssh2 with scp2
	  and sftp2). Only place where this was not done was sftp-server
	  when executed by sshd2, but that needs to be configured separately
	  anyway (the "subsystem-sftp" parameter in sshd2_config).

2001-03-27  Sami J. Lehtinen  <sjl@ssh.com>

	* sshd2: Implemented Sshd1ConfigFile parameter. With this, when
	  you use "sshd2 -f other_config_file", the config file can contain
	  the Sshd1ConfigFile parameter, which will be given with the "-f"
	  parameter to sshd1 when executing it in compatibility mode (if
	  enabled).

2001-03-26  Sami J. Lehtinen  <sjl@ssh.com>

	* Added aes{256,192,128} and twofish{256,192,128}.

2001-03-18  Sami J. Lehtinen  <sjl@ssh.com>

	* sshd2: Added HostbasedAuthForceClientHostnameDNSMatch configuration
	  option (default to "no").

2001-03-16  Sami J. Lehtinen  <sjl@ssh.com>

	* sshd2: Hopefully fixed a bug with NFS-mounted,
	  not-readable-by-root home directories.

2001-03-05  Sami J. Lehtinen  <sjl@ssh.com>

	* In ssh2_config labels now use egrep-style regexs.

	* {Allow,Deny}.*Hosts parameters now use egrep-style regexs. Most
	  notably this means that '*' no longer matches any string. From now
	  on '*' is a Kleene star, which matches previous expression 0 or
	  more times. See more detailed documentation in the file
	  REGEX-SYNTAX.

	* Fixed AllowShosts and DenyShosts. Now these should actually
	  work.

2001-02-27  Sami J. Lehtinen  <sjl@ssh.com>

	* sshd2: Fixed "hostbased" in the case that user's .ssh2 directory
	  doesn't previously exist. Now the directory will be created with
	  the user's privileges, not the servers, and "hostbased" won't
	  crash.

	* ssh2,sshd2: headings (labels) will only be recognized as such,
	  if the heading separator ':' is the last non-whitespace character
	  of the line.
	
	* sshd2: Implemented IdleTimeout in the unix side, and made the
	  configuration similar with sshd1.

	* sshd2: AllowCshrcSourcingWithSubsystems is now deprecated. The
	  server removes any `crud' from the shell output, that might come
	  before the transfer.

	* ssh2,sshd2: AllowedAuthentications doesn't anymore accept
	  authentication methods that haven't been compiled in.
	
2001-02-13  Anne Carasik <anne@ssh.com>

	* Fixed a bug in the ssh-pubkeymgr where the hostname was being set
	  to -s. Also cleaned up ssh-pubkeymgr to where it makes more sense 
          to the end user.

2001-02-05  Sami J. Lehtinen  <sjl@ssh.com>

	* scp2,sftp2: Rewrote SshFileCopy file transfer loop to send many
	  concurrent requests.

2001-01-31  Sami J. Lehtinen  <sjl@ssh.com>

	* Applied Glenn Machin's patches, and upped the kerberos-tgt and
	  kerberos authentication method versions' by one. As a result,
	  you should use "kerberos-2@ssh.com" and "kerberos-tgt-2@ssh.com"
	  from now on.

2001-01-17  Sami J. Lehtinen  <sjl@ssh.com>

	* ssh2: Fixed rekey-problems (homedir missing, changed creds,
	  etc). The server key from the first key exchange (which has to be
	  accepted for the session to start) is used in all subsequent key
	  exchanges, so that as long as the current server process doesn't
	  change it's hostkey (atleast our server doesn't), we should be
	  home free in any case. So, no disk activity is caused by rekeys.

2001-01-10  Sami J. Lehtinen  <sjl@ssh.com>

	* sshd2: Fixed a bug where sshd2 could terminate with SIGBUS if a
	  user had more than 10 supplementary groups.

2000-12-04  Sami J. Lehtinen  <sjl@ssh.com>

	* ssh-2.4.0.

2000-12-01  Sami J. Lehtinen  <sjl@ssh.com>

	* Added "cast128-cbc" (or "cast") to ciphers.

	* sshd2,ssh2: Fixed hostbased authentication to treat hostnames as
	  case-insensitive.

2000-11-29  Sami J. Lehtinen  <sjl@ssh.com>

	* sftp2: Fixed a bug which caused a hang if extra spaces were
	  added to the end of the command line.

	* sshd2: Fixed a bug with "-g" (LoginGraceTime) (didn't accept 0,
	  which disables it).

2000-11-27  Tomi Salo  <ttsalo@ssh.com>

	* Improved account validity checking on HP-UX TCB systems
	  (Everything mentioned in getprpwent(3) is now checked)

	* Implemented FTP forwarding (secure tunnels are dynamically
	  created for data connections and port numbers are spoofed in
	  the command channel).

2000-11-27  Sami J. Lehtinen  <sjl@ssh.com>

	* Previous: admins can now use supplementary as well as primary
	  groups in the configuration (ie. ChrootGroups, AllowGroups, etc).

	* Added SecSH core drafts to the distribution.

	* Fixed SHA-1 key length. Now we are compatible with OpenSSH and
	  the new drafts.

2000-11-26  Graeme Ahokas     <gahokas@ssh.com>

        * Implemented RSA SecurID authentication.

2000-11-14  Sami J. Lehtinen  <sjl@ssh.com>

	* Implemented PAM authentication (currently under the name
	  "pam-1@ssh.com").

2000-11-01  Graeme Ahokas     <gahokas@ssh.com>

        * Added SSH1 to SSH2 RSA key conversion to ssh-keygen2.

        * Server now prints public key used for public key authentication
          to the server log file.

2000-10-10  Graeme Ahokas     <gahokas@ssh.com>

        * Implemented forwarded connections listing in client using ~#.

        * Added NumberOfPasswordPrompts option to ssh2_config file.

        * Added ClearAllForwardings option to ssh2_config file.

2000-08-24  Sami J. Lehtinen  <sjl@ssh.com>

	* ssh-2.3.0.

	* Fixed a bug in genpkcs.c, which caused ssh-keygen2 compiled in
	  HP-UX with gcc to not write public keys at all.

2000-08-23  Sami J. Lehtinen  <sjl@ssh.com>

	* Changed to enable optimizations by default (while still
	  hopefully retaining the debugging symbols).

2000-08-21  Sami J. Lehtinen  <sjl@ssh.com>

	* Previous: Included SIA-support, which was taken out for "a
	  while" because of legal reasons. Try it out.

	* scp2: Added "-i" option for specifying an identity file. Thanks
	  Anne!

	* Applied Tatu's Kerberos5-patch. This kerberos support is at this
	  time still EXPERIMENTAL.

	* Took out uid and gid changing in the remote host from scp2 and
	  sftp2. According to sources, it causes problems with certain
	  Solaris installs, at least.

2000-08-19  Sami J. Lehtinen  <sjl@ssh.com>
	
 	* Changed server side authentication methods to be
 	  asynchronous. Now we can implement more complex authentication
 	  methods on the server side.

2000-08-18  Sami J. Lehtinen  <sjl@ssh.com>

	* Implemented configurable rekeys. Most of the code was in the
	  transport layer, but I fixed a few bugs, and took the whole a bit
	  further. Now you can configure a RekeyIntervalSeconds, set to 3600
	  by default (1 hour). (RekeyIntervalBytes will be in next version)
	  With <escape-char>r, you can request a rekey immediately during a
	  terminal session. If you have problems with rekeying, you can
	  disable timed rekeys by setting the value of the keyword to 0.

	* scp2: Implemented "-o" option, with which you can pass
	  additional options to the underlying ssh2.

2000-08-15  Sami J. Lehtinen  <sjl@ssh.com>

	* Fixed loads of warnings about type mismatchs, missing prototypes
	  etc.

	* Added check to configure for "-msg_disable longdoublenyi", as
	  reportedly older cc's don't know how to handle it.

	* Changed --enable-debug to be default to help support.

2000-08-14  Sami J. Lehtinen  <sjl@ssh.com>

	* scp2: Implemented "-c" functionality. Apparently it was missed
	  during the rewrite. Changed execution of ssh2 to check whether
	  "-D" was specified and if so, use "-d" with ssh2 instead of plain
	  "-v".

2000-06-26  Sami J. Lehtinen  <sjl@ssh.com>

	* Fixed a compilation problem in AIX in
	  lib/sshsession/sshunixuser.c.

2000-06-12  Sami J. Lehtinen  <sjl@ssh.com>

	* ssh-2.2.0.

	* Fixed a DoS attack in sshd2.c, when using MaxBroadcastsPerSecond
	  > 0. Problem was in the destruction of the listener in the child,
	  which caused the parent to eventually block in ssh_udp_read(), if
	  the udp listener was created. Also the default for the value was
	  changed to 0 in the example config file. Sorry about this folks,
	  it was experimental code, and information didn't flow too well.
	  Have to keep our VP of Engineering better in check...

	* Fixed a problem with utmpx, that caused erraneous entries to
	  appear in wtmp with (at least) Irix and Solaris.

2000-06-09  Sami J. Lehtinen  <sjl@ssh.com>

	* Added ssh-chrootmgr, a simple script to help in setting up
	  chrooted environments for users.

2000-06-07  Sami J. Lehtinen  <sjl@ssh.com>

	* Added preliminary support for building static binaries for
	  ssh-dummy-shell and sftp-server2 for use with
	  ChRoot{Users,Groups}. Currently only works (that I know of) in GCC
	  and Tru64 cc.

	* ssh2: Fixed a bug with "User" parameter in the ssh2_config file.

2000-05-24  Sami J. Lehtinen  <sjl@ssh.com>

	* sshd2: Implemented {Allow,Deny}TcpForwardingFor{Users,Groups}.
	  As usual, if you don't deny the user shell access at the same
	  time, this doesn't have any real significance for security.

	  This one was made specifically for Janne Snabb. Hi, Janne!
	
	* ssh-keygen2: Implemented "-F" command line option, with which
	  you can dump the fingerprint of a public key. Format of the
	  fingerprint is the same as below (Bubble Babble).

2000-05-23  Sami J. Lehtinen  <sjl@ssh.com>

	* Implemented dumping of fingerprints, when hostkey is not yet
	  known, or it has changed. The fingerprint is given in the
	  ingenious Bubble Babble format, which makes the fingerprint look
	  like a string of "real" words (more easy to remember).

	* Moved configuration file format and configuration parameters
	  from ssh2.1 and sshd2.8 to ssh2_config.5 and sshd2_config.5,
	  respectively.

2000-05-22  Sami J. Lehtinen  <sjl@ssh.com>

	* Added `-m', which is to `MACs' as `-c' is to `Ciphers'.

	* Implemented `AllowX11Forwarding', `AllowTcpForwarding',
	  `AllowAgentForwarding' and `MACs'. `MACs' allows you to change the
	  MAC-algorithm, functionality is the same as with `Ciphers'.

	* Changed default MAC algorithm list to be draft-compliant.

	* Changed to use new disconnect codes.

2000-05-16  Sami J. Lehtinen  <sjl@ssh.com>

	* Previous: Fixed YASH (Yet Another Solaris Hang), caused by
	  wait() returning prematurily because of signal (SIGCHLD; ironic,
	  isn't it?). Added logic to check the return value of wait(|pid) to
	  check for EINTR, i.e. interrupted system call.

	* Fixed numerous draft incompatibilities; fixed the "ssh-dss"
	  signature encoding, which was against the draft, fixed "hostbased"
	  authentication requested service name (used in the signing of a
	  throw-away packet) and fixed the session_id encoding
	  (when doing signing) in "publickey" authentication (the draft was
	  changed to specify the encoding). Because of these I had to
	  rewrite ssh-signer2.c and a good chunk of authc-hostbased.c, but
	  the code is now more easy to understand.

2000-05-10  Sami J. Lehtinen  <sjl@ssh.com>

	* Fixed a bug in ChRootGroups, which basically rendered it useless
	  (user name was compared to pattern instead of group).

	* Fixed couple of hangs on Solaris (the cause for those "FATAL
	  ERROR: ssh_pty_get_exit_status called before the child has
	  exited." messages in syslog, and the client hanging, waiting for
	  input, and only then exiting).

	* Implemented AllowCshrcSourcingWithSubsystems, defaults to
	  "no". This hopefully reduces those "packet too long" messages with
	  *csh-users (who have commands outputting something in .cshrc).

	* Implemented {Allow,Deny}{Users,Groups}. Changed
	  {Allow,Deny}Hosts to use the vastly more powerful regexps
	  (Huima's SshRegex library).

2000-05-03  Sami J. Lehtinen  <sjl@ssh.com>

	* ssh2: Implemented AuthenticationSuccessMsg configuration
	  parameter at kivinen's request. Now we display whether
	  authentication was successful by default, so that the user knows
	  if the server tries to fool the user into typing their passwords
	  or passphrases to a prompt given by _the_server_. Defaults to
	  "yes".

2000-04-28  Sami J. Lehtinen  <sjl@ssh.com>

	* sshd2: Changed X11-forwardings so that the socket is set to
	  NODELAY mode if configuration suggests it (``NoDelay'' is set to
	  ``yes'').

	* Implemented GatewayPorts configuration option (for local tcp
	  forwards). *cough* This should've been done *a year* ago...

	* ssh2: Implemented SocksServer configuration option, so you don't
	  have to use the SSH_SOCKS_SERVER environment variable or specify
	  it at configuration time anymore, if you don't want to.

	* Implemented AllowedAuthentications to client, mainly to ease
	  debugging of authentication methods. Also, the authentication
	  methods are now tried in the order which they are specified, so
	  "password, publickey, hostbased" now really tries
	  password-authentication first.

	* Changed ssh-keygen2 to only accept keysizes above 512.

2000-04-26  Sami J. Lehtinen  <sjl@ssh.com>

	* Incorporated toka's fixes for ssh-keygen2's '-r'
	  parameter (basically, it was totally broken before).

	* Fixed a "brown paper bag" bug when PermitRootLogin was set to
	  "no" or "nopwd". If PasswordGuesses was set to "1" or lower, the
	  code that checked the value of permit_root_login in auths-passwd.c
	  was never executed. D'oh! Also fixed the method to fail
	  correctly (without leaking information) when PermitRootLogin is
	  set to "no" or "nopwd".

	* The lockups with (remote) cvs and when transfering larger files
	  should now be fixed. Special thanks to Per Allansson.

	* Hopefully fixed problems when configuring with newer
	  alpha-processors (config.sub didn't approve
	  'alphaev6-dec-osf4.0f', among others).

2000-04-25  Sami J. Lehtinen  <sjl@ssh.com>

	* Previous by tri: implemented ChRootGroups and ChRootUsers
	  configuration parameters.

2000-03-30  Sami Lehtinen  <sjl@ssh.com>

	* ssh-2.1.0.

2000-03-10  Sami J. Lehtinen  <sjl@ssh.com>

	* Fixed calling of ranlib in Makefiles; now we use $(RANLIB), as
	  it should be done.

	* Added '!' to complement a charset with fileglobbing.

2000-03-09  Tomi Salo  <ttsalo@ssh.com>

	* Following features have now been implemented in the rewritten
 	  sftp2: commands ls, cd, pwd, mkdir, rm, rmdir, get, put, open,
 	  close, quit, help and local versions of some of them, scp-like
 	  progress output in file transfer, paging in ls, special meaning
	  of " and \ on the command line and batchmode. 

2000-03-01  Sami Lehtinen  <sjl@ssh.com>

	* ssh-2.1.0.public.beta.1.

	* Added documentation for scp2 and sftp2 glob patterns. It can be
	  read by saying ``man sshregex''.

2000-02-21  Sami Lehtinen  <sjl@ssh.com>

	* Implemented escape char "~s", with which you can dump statistics 
	  and other information about the connection during the
	  session.

	* Fixed authentication methods to return same kind of errors when
	  the user doesn't exist or host is not allowed to connect as when
	  failing an authentication method.

	* Changed scp2 globbing to be more intelligent, by using Huima's
	  sshregex-library.

	* Changed default value of RequireReverseMapping to ``no'' in the
	  example configuration file (which is also installed as the default
	  configuration file on new installs). This was apparently giving
	  headaches for many people, as the server would only respond ``No
	  more authentication methods available.''.

2000-02-20  Sami Lehtinen  <sjl@ssh.com>

	* Implemented BatchMode configuration option for ssh2. Also added
	  it to scp2 as ``-B''.

2000-02-17  Sami Lehtinen  <sjl@ssh.com>

	* Re-wrote globbing for scp2 and sftp2. Seems to work _much_
 	  better than before, and because it uses common code with recurse,
 	  code maintainability also soared. (the old globbing was very very
 	  ugly)

2000-02-15  Sami Lehtinen  <sjl@ssh.com>

	* Fixed a bug in sshchsession, which caused a protocol error, if,
 	  for example, an xterm was resized before the server had accepted
 	  the request for shell.

2000-02-14  Sami Lehtinen  <sjl@ssh.com>

	* sftp2 is now rewritten to use SshFileCopy (by ttsalo). scp2 is
 	  also quite stable. SshFileCopy itself still needs a couple of
 	  modifications, but considering what has already been done, the
 	  changes will be quite small (just a re-write of the ssh_glob_*
 	  interface...).

2000-02-04  Sami Lehtinen  <sjl@ssh.com>

	* Fixed problems in {Allowed,Required}Authentications. Don't know
	  how I could've missed those.

2000-01-18  Sami Lehtinen  <sjl@ssh.com>

	* Updated config.guess and config.sub. Should take away a few
	  problems.

1999-12-23  Sami Lehtinen  <sjl@ssh.com>

	* (ssh2) Fixed to accept absolute pathnames with IdentityFile
	  option (also applies to '-i' command-line option), instead of
	  always prepending them with the user's .ssh2-directory. Did the
	  same for IdentityFile internals, ie. you can specify 'IdKey
	  /etc/puppa' from your identification-file.

1999-12-18  Sami Lehtinen  <sjl@ssh.com>

	* Fixed a draft incompatibility with
	  SSH_MSG_DISCONNECT. Previously SSH_DISCONNECT_AUTHENTICATION_ERROR
	  was often sent as reason code, which was not specified in the
	  draft. This was used as a cathc-all authentication error in the
	  implementation. Still should fix sshauth[sc].c to use more
	  approriate reason codes, depending on the situation.

1999-12-16  Sami Lehtinen  <sjl@ssh.com>

	* Fixed SSH_MSG_USERAUTH_PK_OK draft incompatibility
	  bug. Previously, field "public key algorithm from the request" was
	  omitted. Added compatibility code to server for older versions
	  (client doesn't care about the rest of the fields; it only uses
	  the packet type).

	* Fixed a draft incompatibility in handling
	  SSH_MSG_CHANNEL_OPEN_FAILURE messages. Previously, reason string
	  and language tag were not sent. Added compatibility code for older
	  versions.

1999-12-13  Sami Lehtinen  <sjl@ssh.com>

	* Fixed a draft incompatibility bug in sshchx11.c. The
	  SSH_MSG_CHANNEL_OPEN message for "x11" was constructed
	  wrong. Added compatibility code for older versions.

1999-11-13  Sami Lehtinen  <sjl@ssh.com>

	* Implemented StrictHostKeyChecking. Totally re-wrote the
	  keychecking functions. Should now look very similar to ssh1.

1999-11-12  Sami Lehtinen  <sjl@ssh.com>

	* Changed behaviour of '-f' parameter in ssh2. Now, if specified,
 	  implies '-S' (client doesn't request session channel, ie. tty from
 	  server), and client doesn't die if a locally forwarded channel is
 	  closed. The listener stays there, waiting for
 	  connections. Persistent forwarding works only with ssh-2.1.0 and
 	  newer servers (older servers incorrectly close the
 	  command-channel). With optional 'o' argument (specified '-fo' on
 	  the command-line), goes to one-shot mode, which is the same
 	  behaviour as before (ie. as soon as forwardings close, client
 	  exits).
	
	* Fixed authentication code bugs. Should now work. Even with
	  hostbased. And with the order "hostbased,publickey,password".

1999-11-04  Sami Lehtinen  <sjl@ssh.com>

	* Implemented what Tatu asked; "file/.." style constructs are
	  pruned from filenames to avoid situations where a user asks to
	  transfer files like 'scp2 -r "*/../*/../*/../*/../*"' after
	  which there would very much load in the server end.

1999-10-22  Sami Lehtinen  <sjl@ssh.com>

	* Fixed issues sshreadline and termcap/ncurses/xcurses & tgetent
 	  detection. Now, if configure doesn't find any of the above
 	  libraries (or they don't contain tgetent), sshreadline default to
 	  builtin vt100 functionality.

	* Re-wrote scp2. The code is now cleaner, and does things more
 	  efficiently. The 'real' transfer part should still be written
 	  again to gain speed.

1999-09-15  Sami Lehtinen  <sjl@ssh.com>

	* Fixed EscapeChar ('-e' on ssh2's commandline) to handle 'none'
 	  correctly.

	* Fixed a bug in ssh-signer2, which was reportedly causing
	  ssh-signer2 to deadlock.

	* Fixed ssh-add2 to use the guessed filename (if no filename or
 	  PGP-key are specified) even when command-line arguments are
	  given.

	* Fixed a draft incompatibility in publickey authentication. We
 	  used the wrong service name, when constructing the throw-away
 	  package for signing. Thanks to the lsh-people for pointing this
 	  one out.

1999-08-16  Sami Lehtinen  <sjl@ssh.com>

	* Fixed a bug in agentpath.c, which caused that existing
	  agent-sockets weren't properly removed in most cases.

1999-08-12  Sami Lehtinen  <sjl@ssh.com>

	* Fixed a draft inconsistency with SSH_MSG_SERVICE_ACCEPT (now
 	  service name is also sent). Added compatibility code, so that we
 	  can work with older versions of ssh2 too.

	* Fixed a bug in chown()in the new allocated tty. This caused a
 	  situation where a user might have a terminal belonging to some
 	  other user. This bug manifested itself in 4.4 BSD variants, where
 	  chown() by the super-user could fail if a user had set some
 	  file-flags with chflags. (for example, 'chflags uappnd `tty`',
 	  done by a normal user, caused the chown to fail)

	* Fixed a bug, which caused a SIGSEGV if tty-allocation didn't
	  succeed for some reason.

	* "hostbased" authentication to be tried first in the
 	  server. However, because of some unimplemeted parts in the
 	  sshproto-library, trying "hostbased" first in the client doesn't
 	  work yet. I'll fix it.

1999-06-15  Sami Lehtinen  <sjl@ssh.com>

	* Previous: Fixed couple of bugs in trcommon.c and trkex.c. The
	  code couldn't of worked correctly if more than one
	  hostkey-algorithm or kex-algorithm were given.

	* Added '--with-pty' option for configure to let advanced users
	  override configure's pty-selection, if so needed.

1999-06-01  Sami Lehtinen  <sjl@ssh.com>

	* ssh-keygen2: removed '-o' option (isn't needed, you can specify
 	  the file names on the command-line as the last arguments anyway)
 	  and renamed '-v' option to '-V' for consistency.

1999-05-20  Sami Lehtinen  <sjl@ssh.com>

	* Previous by tri: added SO_LINGER socket option.

	* Fixed a bug in sftp2 ( sshfilexferc.c ), which caused a SIGSEGV
 	  if cd:ing to a directory, that user didn't have execute
 	  permissions.

	* Fixed AIX compilation problems (by tri), possibly fixed Solaris
	  hanging problems, when compiled with libwrap, and should now
	  compile and work on Ultrix.

1999-05-12  Sami Lehtinen  <sjl@ssh.com>

	* ssh-2.0.13.

	* Fixes for pty-handling and wtmp-handling for linux 2.2.x with
       	  glibc-2.1.x.

1999-04-29  Sami Lehtinen  <sjl@ssh.com>

	* Previous by tri: Added NoDelay config parameter. Used to toggle
	  TCP_NODELAY socket option.

	* Added configuration parameter KeepAlive and LoginGraceTime.

1999-04-26  Sami Lehtinen  <sjl@ssh.com>

	* Added configure-parameters --disable-tcp-port-forwarding and
	  --disable-X11-forwarding.

1999-04-23  Sami Lehtinen  <sjl@ssh.com>

	* ssh-2.0.13.pre1 (ie. pre-release 1).

1999-04-20  Sami Lehtinen  <sjl@ssh.com>

	* Fixed passing of arguments when executing ssh1 in compatibility
	  mode. Now uses ssh_getopt.

	* Fixed code in wtmp.c, which caused the compilation to fail on
	  newer Linux/Glibc 2.x systems. 

1999-04-16  Sami Lehtinen  <sjl@ssh.com>

	* Fixed a draft incompatibility in public key
	  authentication. Works with older versions too, because of a
	  compatibility work-around.

	* "hostbased"-authentication is now working. Uses /etc/hosts.equiv
	  and /etc/shosts.equiv, plus the user's .rhosts and .shosts
	  files. Note that you don't have to run ssh2 as suid for this, as
	  the challenge is signed by ssh-signer2, a small program which is
	  considered bug-free :), which does run as suid.

	  Read 'man sshd2' for additional configuration parameters etc.

1999-04-09  Sami Lehtinen  <sjl@ssh.com>

	* Added "CheckMail" configuration parameter.

	* "hostbased"-authentication method is almost done. Needs to be
 	  polished a bit still, though.

1999-04-07  Timo J. Rinne  <tri@ssh.com>

	* Integrated sshpgp library into ssh2.  Now ssh2 is able
	  to use pgp keys.

1999-02-16  Sami Lehtinen  <sjl@ssh.com>

	* Added configuration parameter AllowedAuthentications, which
	  obsoletes {Password,Pubkey}Authentication config-parameters,
	  and RequiredAuthentications, which is a list of authentication
	  methods required from users before they are allowed access.

	* Added code to send and parse tty-modes.

	* Fixed a bug in wildcard expansion. It didn't correctly expand
 	  paths which started from the root directory. Also fixed a
	  misfeature, which re-opened the connection, and started the
	  authentication again after wildcard-expansion. Very annoying.

1999-01-29  Sami Lehtinen  <sjl@ssh.com>

	* ssh-2.0.12.

	* Fixed a deficiency in the configure script. Because of it the
 	  sp_expire and sp_inact fields of shadow-password-struct were
 	  overlooked.

1999-01-27  Sami Lehtinen  <sjl@ssh.com>

	* Added code to trcommon.c/ssh_tr_input_kex2 to check for return
	  value of tr->kex->{server,client}_input_kex2, and to send
	  disconnect if return value was FALSE. Should make error messages
	  in certain situations more clear.

	* Added code to sshconn.c to check if we receive EOF from the main
	  stream. Didn't seem to brake anything, and should fix some hanging
	  problems.

	* Fixed a bug in lib/sshutil/sshtcp.c. Previously, it ignored
	  definition for port with SSH_SOCKS_SERVER.

	* Fixed check for broken inet_ntoa, and it now seems to work (it
	  compiled and worked ok on mips-sgi-irix6.2 with gcc 2.8.1, where
	  it didn't before).

1999-01-18  Sami Lehtinen  <sjl@ssh.com>

	* ssh-2.0.12.pre1 (ie. pre-release 1).

	* Changed ssh2 so that if we are root, it won't fetch keys and
	  config from /etc/ssh2, but from $HOME/.ssh2. 

	* Added code to configure to better check for minor (is a macro in
	  atleast Solaris) and S_IFSOCK (isn't defined in SCO). Also added
	  code to check for broken inet_ntoa, but it doesn't seem to work
	  as expected. Studies continue.

	* Fixed a bug in ssh_user_dir() and ssh2.c , which caused ssh2 to
 	  crash when run on the first time in some systems.

	* Added FAQ. Send me good questions, and (more importantly) good
	  answers, and I will put them to the FAQ.

	* Added signal handlers for various fatal signals in sftp2 and in
 	  scp2. If we receive a fatal signal, we will also kill the
 	  ssh2-child. Fixed a bug in filecontrol (or rather added a
 	  kludge). We set stdio and stdout to blocking mode now in main(),
 	  as they are somewhere (eventloop_initialize ?) put to non-blocking
 	  mode. This broke output in, for example, the "ls" command. Also
 	  rewrote bits of code, sftp_page_prompt_return for example.

1999-01-17  Timo J. Rinne  <tri@ssh.com>

	* Added configuration option --with(out)-ssh-agent1-compat
	  to make ssh-agent1 support (RSA-decryption) optional
	  in ssh-agent2.  Default is on.

1999-01-12  Timo J. Rinne  <tri@ssh.com>

	* Added ssh1 challenge-response mechanism into ssh-agent2.

1998-12-29  Sami Lehtinen  <sjl@ssh.com>

	* Added configuration parameter SyslogFacility. Now you can define
	  exactly where you want to log things. Sorry it took so long.

	* Fixed a security bug which allowed  any eligible user to request
	  remote forwarding from privileged ports without being root. 

	* Previous: Modified the configuration script so that it should
	  compile on HP-UX 9.x now.

1998-12-10  Sami Lehtinen  <sjl@ssh.com>

	* Added {Allow,Deny}Hosts configuration parameters to
	  sshd2. Accepts wildcards (*, ?). Will accept in the future:
	  address ranges, subnets. Also a access-control-file is planned,
	  which would make this obsolete, as the new format would be much
	  more powerful and intuitive.

1998-12-08  Sami Lehtinen  <sjl@ssh.com>

	* Added SIGHUP handling to sshd2. (now restarts on SIGHUP)

1998-11-26  Sami Lehtinen  <sjl@ssh.com>

	* Tweaked logging in sshd2.c.

	* Added reverse-mapping for the remote host's hostname in the
 	  server.

	* Fixed a bug in auths-{passwd,pubkey}.c, which caused a SIGSEGV
 	  if user didn't exist. Tweaked logging in same file.

1998-11-16  Sami Lehtinen  <sjl@ssh.com>

	* Released  ssh-2.0.11.
	
	* Previous: Fixed a draft inconsistency in the client's version
 	  string handling. Should reduce those "Protocol error"'s.

	* Hopefully fixed the busyloop-timeout problem in scp2. Now it
	  kills the background ssh2 process before exiting itself.

1998-11-12  Timo J. Rinne  <tri@ssh.com>

	* Added twofish encryption.

1998-11-12  Sami Lehtinen  <sjl@ssh.com>

	* Previous: the #include bug in sshreadline.c, which manifested
	  itself in solaris 2.[456].x, should now be fixed. (atleast in our
	  server compiles ok).

	* Added --disable-asm flag to configure. If asm-optimizations
	  don't work, use this.

	* Added code to configure to properly add libipc for
	  bsdi2.1. In AIX 4.* utmpx is now disabled (utmpx.h is reportedly
	  broken). With HPUX _HPUX_SOURCE is now properly defined.

	* Changed handling of setsid-errors in ssh2 and sshd2. Previously
	  if setsid() call failed, ssh{2,d2} called ssh_fatal. Now, it gives
	  warning in ssh2 and logs the event in sshd2. This is the same
	  behavior as in ssh1.

	* Implemented '-r'-flag (copy directories recursively) in
	  scp2. Also cleaned up code in scp2.

1998-11-05  Sami Lehtinen  <sjl@ssh.com>

	* Added '-1' flag, which enables scp1 compatibility. Use it as the
 	  first argument to scp2. Implemented wildcard-expansion
 	  (globbing). Currently supported wildcards are '?' and '*'.

1998-10-29  Sami Lehtinen  <sjl@ssh.com>

	* Made progress-indicator default in scp2. Added some code to
	  display transfer-times and transfer-speed.

1998-10-29  Timo J. Rinne  <tri@ssh.com>

	* Ssh-agent2 now more or less fully supports also requests
	  sent by ssh1 and ssh-add1. To enable ssh1 compatibility
	  in ssh-agent2 you have to start it with option -1.
	  CAUTION: ssh-agent2 works properly only with versions
	  ssh-2.0.11 and above, if run with -1 option.  Without
	  -1 option it's compatible with earlier ssh-2.0.* versions
	  too.

1998-10-21  Timo J. Rinne  <tri@ssh.com>

	* Moved utmp update to the child.  It now seems to work
	  at least in BSD.

1998-10-19  Sami Lehtinen  <sjl@ssh.com>

	* Added correct parsing for specifying 'user@host' on the
	  commandline. (`ssh2 user@host' equals `ssh2 -luser host')

	* Fixed --with-etcdir and --with-libwrap options in configure and
	  apps/ssh/Makefile.am.

	* Fixed calculating MAC, as it was done against the draft. Added
	  compatibility code, so that we can work with older
	  ssh-2.0.x-versions (2.0.[789]) still.

	* Implemented PasswordAuthentication and PubkeyAuthentication
	  keywords in the server. Still need to be done in the client.
	
1998-10-07  Sami Lehtinen  <sjl@ssh.com>

	* Added code to configure, so that it detects whether compiled
	  symbols are prepended with underscore or not. With changes to the
	  assembler files, this should fix the problems with commercial
	  versions assembler-optimized crypto functions.

	* Fixed a _lot_ of buggy code in sftp2. Shouldn't seg fault
 	  anymore.

1998-10-06  Timo J. Rinne  <tri@ssh.com>

	* Fixed -t flag in ssh2 client to have an desired 
	  effect (force pty allocation).

1998-10-02  Timo J. Rinne  <tri@ssh.com>

	* Added O_TRUNC into scp.  Existing target files are now
	  also truncated.

1998-09-30  Timo J. Rinne  <tri@ssh.com>

	* Added ssh_getopt.

	* Fixed command line parsing of ssh2 and sshd2.

	* Modified ssh-add2, ssh-agent2, ssh-keygen2 and scp2 to
	  use ssh_getopt2.

1998-09-17  Sami Lehtinen  <sjl@ssh.com>

	* Added support for environment variable DESTDIR in
 	  apps/ssh/Makefile.

	* Added --with-etcdir configuration option.

	* Added libwrap-support. (still partially untested)

	* Fixed a bug in sshd2, which caused sshd2  to go to busy-loop if
	  ssh2-client was killed with, for example, kill -9 .

	* Fixed bug in sshmp.c, which caused FPE in ssh-keygen2, when it
	  was compiled on Alpha with gcc.

	* Fixed little bugs here and there.
	
1998-09-07  Sami Lehtinen  <sjl@ssh.com>

	* Added clean-up-old -target to apps/ssh/Makefile.am to allow easy
	  removal of the *.old-files made by the installation.

	* Fixed a bug in initilization of variables in ssh2 (and other
	  programs, which were run with user-privileges) which caused
	  annoying messages with shadow passwords etc.

	* Fixed a bug in 'make install'.

1998-08-27  Sami Lehtinen  <sjl@ssh.com>

	* Changed 'make install' so that it now renames the old files to
	  have '.old'-trailer.

1998-08-26  Sami Lehtinen  <sjl@ssh.com>

	* Earlier addition: Fixed ssh2-client to not kill all forwarded
	  connections on session_close, but instead fork to background to
	  wait for their completion.

	* Fixed problems with compilation.
	
1998-08-06  Timo J. Rinne  <tri@ssh.com>

	* Made ssh forward also ssh1 agent connections.

1998-08-05  Sami Lehtinen  <sjl@ssh.com>

	* Changed ssh-add2 to fetch first key named 'id_*' when executed
	  without arguments.
	
	* Changed ssh-add2 to use ssh-askpass2 instead of ssh2-askpass.
	
