25 files changed, 168 insertions, 77 deletions

diff --git a/ChangeLog b/ChangeLog
index e3f5c71d9..698aa3fc0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,28 @@
+20000509
+ - OpenBSD CVS update
+  - markus@cvs.openbsd.org
+    [cipher.h myproposal.h readconf.c readconf.h servconf.c ssh.1 ssh.c]
+    [ssh.h sshconnect1.c sshconnect2.c sshd.8]
+    - complain about invalid ciphers in SSH1 (e.g. arcfour is SSH2 only)
+  - hugh@cvs.openbsd.org
+    [ssh.1]
+    - zap typo
+    [ssh-keygen.1]
+    - One last nit fix. (markus approved)
+    [sshd.8]
+    - some markus certified spelling adjustments
+  - markus@cvs.openbsd.org
+    [auth2.c channels.c clientloop.c compat compat.h dsa.c kex.c]
+    [sshconnect2.c ]
+    - bug compat w/ ssh-2.0.13 x11, split out bugs
+    [nchan.c]
+    - no drain if ibuf_empty, fixes x11fwd problems; tests by fries@
+    [ssh-keygen.c]
+    - handle escapes in real and original key format, ok millert@
+    [version.h]
+    - OpenSSH-2.1
+
+
 20000508
  - Makefile and RPM spec fixes
  - Generate DSA host keys during "make key" or RPM installs
diff --git a/auth2.c b/auth2.c
index 3d997f45b..3c15639dd 100644
--- a/auth2.c
+++ b/auth2.c
@@ -27,7 +27,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.7 2000/05/06 17:45:36 markus Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.8 2000/05/08 17:42:24 markus Exp $");
 
 #include <openssl/dsa.h>
 #include <openssl/rsa.h>
@@ -278,6 +278,10 @@ ssh2_auth_pubkey(struct passwd *pw, unsigned char *raw, unsigned int rlen)
                 debug("pubkey auth disabled");
                 return 0;
         }
+        if (datafellows & SSH_BUG_PUBKEYAUTH) {
+                log("bug compatibility with ssh-2.0.13 pubkey not implemented");
+                return 0;
+        }
         have_sig = packet_get_char();
         pkalg = packet_get_string(&alen);
         if (strcmp(pkalg, KEX_DSS) != 0) {
diff --git a/channels.c b/channels.c
index f833e1bb9..a18c7e300 100644
--- a/channels.c
+++ b/channels.c
@@ -17,7 +17,7 @@
  */
 
 #include "includes.h"
-RCSID("$Id: channels.c,v 1.29 2000/05/07 02:03:15 damien Exp $");
+RCSID("$Id: channels.c,v 1.30 2000/05/09 01:02:59 damien Exp $");
 
 #include "ssh.h"
 #include "packet.h"
@@ -505,7 +505,10 @@ channel_pre_x11_open(Channel *c, fd_set * readset, fd_set * writeset)
         int ret = x11_open_helper(c);
         if (ret == 1) {
                 c->type = SSH_CHANNEL_OPEN;
-                channel_pre_open_15(c, readset, writeset);
+                if (compat20)
+                        channel_pre_open_20(c, readset, writeset);
+                else
+                        channel_pre_open_15(c, readset, writeset);
         } else if (ret == -1) {
                 debug("X11 rejected %d i%d/o%d", c->self, c->istate, c->ostate);
                 chan_read_failed(c);    /** force close? */
@@ -549,7 +552,11 @@ channel_post_x11_listener(Channel *c, fd_set * readset, fd_set * writeset)
                         packet_put_int(c->local_maxpacket);
                         /* originator host and port */
                         packet_put_cstring(remote_hostname);
-                        packet_put_int(remote_port);
+                        if (datafellows & SSH_BUG_X11FWD) {
+                                debug("ssh2 x11 bug compat mode");
+                        } else {
+                                packet_put_int(remote_port);
+                        }
                         packet_send();
                 } else {
                         packet_start(SSH_SMSG_X11_OPEN);
diff --git a/cipher.h b/cipher.h
index 0f94fb206..b7410fbc0 100644
--- a/cipher.h
+++ b/cipher.h
@@ -11,7 +11,7 @@
  *
  */
 
-/* RCSID("$Id: cipher.h,v 1.12 2000/04/16 02:31:50 damien Exp $"); */
+/* RCSID("$Id: cipher.h,v 1.13 2000/05/09 01:03:00 damien Exp $"); */
 
 #ifndef CIPHER_H
 #define CIPHER_H
@@ -23,6 +23,7 @@
 
 /* Cipher types.  New types can be added, but old types should not be removed
    for compatibility.  The maximum allowed value is 31. */
+#define SSH_CIPHER_ILLEGAL      -2      /* No valid cipher selected. */
 #define SSH_CIPHER_NOT_SET      -1      /* None selected (invalid number). */
 #define SSH_CIPHER_NONE         0       /* no encryption */
 #define SSH_CIPHER_IDEA         1       /* IDEA CFB */
diff --git a/clientloop.c b/clientloop.c
index e34f5cdaa..82d1d27d6 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -16,7 +16,7 @@
  */
 
 #include "includes.h"
-RCSID("$Id: clientloop.c,v 1.15 2000/05/08 03:44:53 damien Exp $");
+RCSID("$Id: clientloop.c,v 1.16 2000/05/09 01:03:00 damien Exp $");
 
 #include "xmalloc.h"
 #include "ssh.h"
@@ -979,11 +979,11 @@ client_input_channel_open(int type, int plen)
                 char *originator;
                 int originator_port;
                 originator = packet_get_string(NULL);
-                if (packet_remaining() > 0) {
-                        originator_port = packet_get_int();
-                } else {
+                if (datafellows & SSH_BUG_X11FWD) {
                         debug("buggy server: x11 request w/o originator_port");
                         originator_port = 0;
+                } else {
+                        originator_port = packet_get_int();
                 }
                 packet_done();
                 /* XXX check permission */
diff --git a/compat.c b/compat.c
index 3bf45c122..00f031b8b 100644
--- a/compat.c
+++ b/compat.c
@@ -28,7 +28,7 @@
  */
 
 #include "includes.h"
-RCSID("$Id: compat.c,v 1.9 2000/04/29 13:57:10 damien Exp $");
+RCSID("$Id: compat.c,v 1.10 2000/05/09 01:03:00 damien Exp $");
 
 #include "ssh.h"
 #include "packet.h"
@@ -57,17 +57,20 @@ compat_datafellows(const char *version)
 {
         int i;
         size_t len;
-        static const char *check[] = {
-                "2.0.1",
-                "2.1.0",
-                NULL
+        struct {
+                char    *version;
+                int     bugs;
+        } check[] = {
+                {"2.1.0",       SSH_BUG_SIGBLOB|SSH_BUG_HMAC},
+                {"2.0.1",       SSH_BUG_SIGBLOB|SSH_BUG_HMAC|SSH_BUG_PUBKEYAUTH|SSH_BUG_X11FWD},
+                {NULL,          0}
         };
-        for (i = 0; check[i]; i++) {
-                len = strlen(check[i]);
+        for (i = 0; check[i].version; i++) {
+                len = strlen(check[i].version);
                 if (strlen(version) >= len &&
-                   (strncmp(version, check[i], len) == 0)) {
+                   (strncmp(version, check[i].version, len) == 0)) {
                         verbose("datafellows: %.200s", version);
-                        datafellows = 1;
+                        datafellows = check[i].bugs;
                         return;
                 }
         }
diff --git a/compat.h b/compat.h
index 4943e5a29..cd7c190c7 100644
--- a/compat.h
+++ b/compat.h
@@ -26,7 +26,7 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
-/* RCSID("$Id: compat.h,v 1.5 2000/04/12 10:17:39 damien Exp $"); */
+/* RCSID("$Id: compat.h,v 1.6 2000/05/09 01:03:00 damien Exp $"); */
 
 #ifndef COMPAT_H
 #define COMPAT_H
@@ -36,6 +36,11 @@
 #define SSH_PROTO_1_PREFERRED   0x02
 #define SSH_PROTO_2             0x04
 
+#define SSH_BUG_SIGBLOB         0x01
+#define SSH_BUG_PUBKEYAUTH      0x02
+#define SSH_BUG_HMAC            0x04
+#define SSH_BUG_X11FWD          0x08
+
 void    enable_compat13(void);
 void    enable_compat20(void);
 void    compat_datafellows(const char *s);
diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec
index 96e972cf1..3b1cd7060 100644
--- a/contrib/redhat/openssh.spec
+++ b/contrib/redhat/openssh.spec
@@ -1,5 +1,5 @@
 # Version of OpenSSH
-%define oversion 2.0.0beta2
+%define oversion 2.1.0beta1
 
 # Version of ssh-askpass
 %define aversion 1.0
diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec
index 0f63ef658..f9afea418 100644
--- a/contrib/suse/openssh.spec
+++ b/contrib/suse/openssh.spec
@@ -1,6 +1,6 @@
 Summary: OpenSSH, a free Secure Shell (SSH) implementation
 Name: openssh
-Version: 2.0.0beta2
+Version: 2.1.0beta1
 URL: http://www.openssh.com/
 Release: 1
 Source0: openssh-%{version}.tar.gz
diff --git a/dsa.c b/dsa.c
index 580590809..51d7ff285 100644
--- a/dsa.c
+++ b/dsa.c
@@ -28,7 +28,7 @@
  */
 
 #include "includes.h"
-RCSID("$Id: dsa.c,v 1.6 2000/05/04 22:37:59 markus Exp $");
+RCSID("$Id: dsa.c,v 1.7 2000/05/08 17:42:24 markus Exp $");
 
 #include "ssh.h"
 #include "xmalloc.h"
@@ -162,7 +162,7 @@ dsa_sign(
         BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen);
         DSA_SIG_free(sig);
 
-        if (datafellows) {
+        if (datafellows & SSH_BUG_SIGBLOB) {
                 debug("datafellows");
                 ret = xmalloc(SIGBLOB_LEN);
                 memcpy(ret, sigblob, SIGBLOB_LEN);
@@ -209,15 +209,20 @@ dsa_verify(
                 return -1;
         }
 
-        if (datafellows && signaturelen != SIGBLOB_LEN) {
-                log("heh? datafellows ssh2 complies with ietf-drafts????");
-                datafellows = 0;
+        if (!(datafellows & SSH_BUG_SIGBLOB) &&
+            signaturelen == SIGBLOB_LEN) {
+                datafellows |= ~SSH_BUG_SIGBLOB;
+                log("autodetect SSH_BUG_SIGBLOB");
+        } else if ((datafellows & SSH_BUG_SIGBLOB) &&
+            signaturelen != SIGBLOB_LEN) {
+                log("autoremove SSH_BUG_SIGBLOB");
+                datafellows &= ~SSH_BUG_SIGBLOB;
         }
 
         debug("len %d datafellows %d", signaturelen, datafellows);
 
         /* fetch signature */
-        if (datafellows) {
+        if (datafellows & SSH_BUG_SIGBLOB) {
                 sigblob = signature;
                 len = signaturelen;
         } else {
@@ -242,7 +247,8 @@ dsa_verify(
         sig->s = BN_new();
         BN_bin2bn(sigblob, INTBLOB_LEN, sig->r);
         BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s);
-        if (!datafellows) {
+
+        if (!(datafellows & SSH_BUG_SIGBLOB)) {
                 memset(sigblob, 0, len);
                 xfree(sigblob);
         }
diff --git a/kex.c b/kex.c
index 114df780e..221e03041 100644
--- a/kex.c
+++ b/kex.c
@@ -28,7 +28,7 @@
  */
 
 #include "includes.h"
-RCSID("$Id: kex.c,v 1.7 2000/04/16 01:52:47 damien Exp $");
+RCSID("$Id: kex.c,v 1.8 2000/05/09 01:03:01 damien Exp $");
 
 #include "ssh.h"
 #include "ssh2.h"
@@ -314,7 +314,7 @@ choose_mac(Mac *mac, char *client, char *server)
         }
         mac->name = name;
         mac->mac_len = mac->md->md_size;
-        mac->key_len = datafellows ? 16 : mac->mac_len;
+        mac->key_len = (datafellows & SSH_BUG_HMAC) ? 16 : mac->mac_len;
         mac->key = NULL;
         mac->enabled = 0;
 }
diff --git a/myproposal.h b/myproposal.h
index 7e4baff9d..8b2417972 100644
--- a/myproposal.h
+++ b/myproposal.h
@@ -1,6 +1,6 @@
 #define KEX_DEFAULT_KEX         "diffie-hellman-group1-sha1"
 #define KEX_DEFAULT_PK_ALG      "ssh-dss"
-#define KEX_DEFAULT_ENCRYPT     "blowfish-cbc,3des-cbc,arcfour,cast128-cbc"
+#define KEX_DEFAULT_ENCRYPT     "3des-cbc,blowfish-cbc,arcfour,cast128-cbc"
 #define KEX_DEFAULT_MAC         "hmac-sha1,hmac-md5,hmac-ripemd160@openssh.com"
 #define KEX_DEFAULT_COMP        "zlib,none"
 #define KEX_DEFAULT_LANG        ""
diff --git a/nchan.c b/nchan.c
index b00686a48..0ea88da33 100644
--- a/nchan.c
+++ b/nchan.c
@@ -28,7 +28,7 @@
  */
 
 #include "includes.h"
-RCSID("$Id: nchan.c,v 1.9 2000/05/07 02:03:16 damien Exp $");
+RCSID("$Id: nchan.c,v 1.10 2000/05/09 01:03:01 damien Exp $");
 
 #include "ssh.h"
 
@@ -107,6 +107,10 @@ chan_read_failed_12(Channel *c)
                 debug("channel %d: input open -> drain", c->self);
                 chan_shutdown_read(c);
                 c->istate = CHAN_INPUT_WAIT_DRAIN;
+                if (buffer_len(&c->input) == 0) {
+                        debug("channel %d: input: no drain shortcut", c->self);
+                        chan_ibuf_empty(c);
+                }
                 break;
         default:
                 error("channel %d: internal error: we do not read, but chan_read_failed for istate %d",
diff --git a/readconf.c b/readconf.c
index c69e10dda..9c5638b07 100644
--- a/readconf.c
+++ b/readconf.c
@@ -14,7 +14,7 @@
  */
 
 #include "includes.h"
-RCSID("$Id: readconf.c,v 1.13 2000/05/07 02:03:17 damien Exp $");
+RCSID("$Id: readconf.c,v 1.14 2000/05/09 01:03:01 damien Exp $");
 
 #include "ssh.h"
 #include "cipher.h"
@@ -475,7 +475,7 @@ parse_int:
         case oCiphers:
                 cp = strtok(NULL, WHITESPACE);
                 if (!ciphers_valid(cp))
-                        fatal("%.200s line %d: Bad cipher spec '%s'.",
+                        fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
                               filename, linenum, cp ? cp : "<NONE>");
                 if (*activep && options->ciphers == NULL)
                         options->ciphers = xstrdup(cp);
@@ -745,6 +745,7 @@ fill_default_options(Options * options)
         /* Selected in ssh_login(). */
         if (options->cipher == -1)
                 options->cipher = SSH_CIPHER_NOT_SET;
+        /* options->ciphers, default set in myproposals.h */
         if (options->protocol == SSH_PROTO_UNKNOWN)
                 options->protocol = SSH_PROTO_1|SSH_PROTO_2|SSH_PROTO_1_PREFERRED;
         if (options->num_identity_files == 0) {
diff --git a/readconf.h b/readconf.h
index ba53542d9..3f0e44254 100644
--- a/readconf.h
+++ b/readconf.h
@@ -13,7 +13,7 @@
  *
  */
 
-/* RCSID("$Id: readconf.h,v 1.10 2000/05/07 02:03:17 damien Exp $"); */
+/* RCSID("$Id: readconf.h,v 1.11 2000/05/09 01:03:01 damien Exp $"); */
 
 #ifndef READCONF_H
 #define READCONF_H
@@ -65,7 +65,7 @@ typedef struct {
         int     number_of_password_prompts;     /* Max number of password
                                                  * prompts. */
         int     cipher;         /* Cipher to use. */
-        char   *ciphers;        /* Ciphers in order of preference. */
+        char   *ciphers;        /* SSH2 ciphers in order of preference. */
         int     protocol;       /* Protocol in order of preference. */
         char   *hostname;       /* Real host to connect. */
         char   *proxy_command;  /* Proxy command for connecting the host. */
diff --git a/servconf.c b/servconf.c
index ada4f487c..05630c766 100644
--- a/servconf.c
+++ b/servconf.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$Id: servconf.c,v 1.15 2000/05/07 02:03:18 damien Exp $");
+RCSID("$Id: servconf.c,v 1.16 2000/05/09 01:03:01 damien Exp $");
 
 #include "ssh.h"
 #include "servconf.h"
@@ -589,7 +589,7 @@ parse_flag:
                 case sCiphers:
                         cp = strtok(NULL, WHITESPACE);
                         if (!ciphers_valid(cp))
-                                fatal("%s line %d: Bad cipher spec '%s'.",
+                                fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
                                     filename, linenum, cp ? cp : "<NONE>");
                         if (options->ciphers == NULL)
                                 options->ciphers = xstrdup(cp);
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 50e74e110..9a32ad859 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -9,7 +9,7 @@
 .\"
 .\" Created: Sat Apr 22 23:55:14 1995 ylo
 .\"
-.\" $Id: ssh-keygen.1,v 1.14 2000/05/07 02:03:18 damien Exp $
+.\" $Id: ssh-keygen.1,v 1.15 2000/05/09 01:03:02 damien Exp $
 .\"
 .Dd September 25, 1999
 .Dt SSH-KEYGEN 1
@@ -142,13 +142,13 @@ support is not functional, exits with code 1.  This flag will be
 removed once the RSA patent expires.
 .It Fl x
 This option will read a private
-OpenSSH DSA format file and prints to stdout a SSH2-compatible public key.
+OpenSSH DSA format file and print a SSH2-compatible public key to stdout.
 .It Fl X
 This option will read a
-SSH2-compatible public key file and print to stdout an OpenSSH DSA compatible public key.
+SSH2-compatible public key file and print an OpenSSH DSA compatible public key to stdout.
 .It Fl y
 This option will read a private
-OpenSSH DSA format file and prints to stdout an OpenSSH DSA public key.
+OpenSSH DSA format file and print an OpenSSH DSA public key to stdout.
 .El
 .Sh FILES
 .Bl -tag -width Ds
diff --git a/ssh-keygen.c b/ssh-keygen.c
index a2599dab9..351036dd4 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -7,7 +7,7 @@
  */
 
 #include "includes.h"
-RCSID("$Id: ssh-keygen.c,v 1.17 2000/05/07 02:03:19 damien Exp $");
+RCSID("$Id: ssh-keygen.c,v 1.18 2000/05/09 01:03:02 damien Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/pem.h>
@@ -148,6 +148,7 @@ do_convert_from_ssh2(struct passwd *pw)
         char blob[8096];
         char encoded[8096];
         struct stat st;
+        int escaped = 0;
         FILE *fp;
 
         if (!have_identity)
@@ -163,14 +164,21 @@ do_convert_from_ssh2(struct passwd *pw)
         }
         encoded[0] = '\0';
         while (fgets(line, sizeof(line), fp)) {
+                if (!(p = strchr(line, '\n'))) {
+                        fprintf(stderr, "input line too long.\n");
+                        exit(1);
+                }
+                if (p > line && p[-1] == '\\')
+                        escaped++;
                 if (strncmp(line, "----", 4) == 0 ||
                     strstr(line, ": ") != NULL) {
                         fprintf(stderr, "ignore: %s", line);
                         continue;
                 }
-                if (!(p = strchr(line, '\n'))) {
-                        fprintf(stderr, "input line too long.\n");
-                        exit(1);
+                if (escaped) {
+                        escaped--;
+                        fprintf(stderr, "escaped: %s", line);
+                        continue;
                 }
                 *p = '\0';
                 strlcat(encoded, line, sizeof(encoded));
diff --git a/ssh.1 b/ssh.1
index a4738e63f..48040c439 100644
--- a/ssh.1
+++ b/ssh.1
@@ -9,7 +9,7 @@
 .\"
 .\" Created: Sat Apr 22 21:55:14 1995 ylo
 .\"
-.\" $Id: ssh.1,v 1.24 2000/05/07 02:03:19 damien Exp $
+.\" $Id: ssh.1,v 1.25 2000/05/09 01:03:02 damien Exp $
 .\"
 .Dd September 25, 1999
 .Dt SSH 1
@@ -25,7 +25,7 @@
 .Pp
 .Nm ssh
 .Op Fl afgknqtvxCPX246
-.Op Fl c Ar blowfish | 3des
+.Op Fl c Ar cipher_spec
 .Op Fl e Ar escape_char
 .Op Fl i Ar identity_file
 .Op Fl l Ar login_name
@@ -202,7 +202,7 @@ This protocol 2 implementation does not yet support Kerberos or
 S/Key authentication.
 .Pp
 Protocol 2 provides additional mechanisms for confidentiality
-(the traffic is encrypted using 3DES, blowfish, cast128 or arcfour)
+(the traffic is encrypted using 3DES, Blowfish, CAST128 or Arcfour)
 and integrity (hmac-sha1, hmac-md5).
 Note that protocol 1 lacks a strong mechanism for ensuring the
 integrity of the connection.
@@ -342,10 +342,15 @@ It is believed to be secure.
 (triple-des) is an encrypt-decrypt-encrypt triple with three different keys.
 It is presumably more secure than the
 .Ar des
-cipher which is no longer supported in ssh.
+cipher which is no longer supported in
+.Nm ssh .
 .Ar blowfish
 is a fast block cipher, it appears very secure and is much faster than
 .Ar 3des .
+.It Fl c Ar "3des-cbc,blowfish-cbc,arcfour,cast128-cbc"
+Additionally, for protocol version 2 a comma-separated list of ciphers can
+be specified in order of preference. Protocol version 2 supports
+3DES, Blowfish and CAST128 in CBC mode and Arcfour.
 .It Fl e Ar ch|^ch|none
 Sets the escape character for sessions with a pty (default:
 .Ql ~ ) .
@@ -601,7 +606,7 @@ Specifies the ciphers allowed for protocol version 2
 in order of preference.
 Multiple ciphers must be comma-separated.
 The default is
-.Dq blowfish-cbc,3des-cbc,arcfour,cast128-cbc .
+.Dq 3des-cbc,blowfish-cbc,arcfour,cast128-cbc .
 .It Cm Compression
 Specifies whether to use compression.
 The argument must be
@@ -785,7 +790,7 @@ The default is
 This means that
 .Nm
 tries version 1 and falls back to version 2
-if version 1 is no available.
+if version 1 is not available.
 .It Cm ProxyCommand
 Specifies the command to use to connect to the server.
 The command
diff --git a/ssh.c b/ssh.c
index c46243462..2dfc2b02f 100644
--- a/ssh.c
+++ b/ssh.c
@@ -11,7 +11,7 @@
  */
 
 #include "includes.h"
-RCSID("$Id: ssh.c,v 1.29 2000/05/01 10:59:51 damien Exp $");
+RCSID("$Id: ssh.c,v 1.30 2000/05/09 01:03:02 damien Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/dsa.h>
@@ -367,6 +367,7 @@ main(int ac, char **av)
                         if (ciphers_valid(optarg)) {
                                 /* SSH2 only */
                                 options.ciphers = xstrdup(optarg);
+                                options.cipher = SSH_CIPHER_ILLEGAL;
                         } else {
                                 /* SSH1 only */
                                 options.cipher = cipher_number(optarg);
diff --git a/ssh.h b/ssh.h
index 649c89de2..42a710088 100644
--- a/ssh.h
+++ b/ssh.h
@@ -13,7 +13,7 @@
  *
  */
 
-/* RCSID("$Id: ssh.h,v 1.38 2000/05/07 02:03:19 damien Exp $"); */
+/* RCSID("$Id: ssh.h,v 1.39 2000/05/09 01:03:02 damien Exp $"); */
 
 #ifndef SSH_H
 #define SSH_H
@@ -30,6 +30,7 @@
 #include "cipher.h"
 
 /*
+ * XXX
  * The default cipher used if IDEA is not supported by the remote host. It is
  * recommended that this be one of the mandatory ciphers (DES, 3DES), though
  * that is not required.
diff --git a/sshconnect1.c b/sshconnect1.c
index 31ee9843c..4360d7283 100644
--- a/sshconnect1.c
+++ b/sshconnect1.c
@@ -9,7 +9,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect1.c,v 1.2 2000/05/04 22:38:00 markus Exp $");
+RCSID("$OpenBSD: sshconnect1.c,v 1.3 2000/05/08 17:12:16 markus Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/dsa.h>
@@ -832,13 +832,17 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
         RSA_free(public_key);
         RSA_free(host_key);
 
-        if (options.cipher == SSH_CIPHER_NOT_SET) {
+        if (options.cipher == SSH_CIPHER_ILLEGAL) {
+                log("No valid SSH1 cipher, using %.100s instead.",
+                    cipher_name(SSH_FALLBACK_CIPHER));
+                options.cipher = SSH_FALLBACK_CIPHER;
+        } else if (options.cipher == SSH_CIPHER_NOT_SET) {
                 if (cipher_mask1() & supported_ciphers & (1 << ssh_cipher_default))
                         options.cipher = ssh_cipher_default;
                 else {
                         debug("Cipher %s not supported, using %.100s instead.",
-                              cipher_name(ssh_cipher_default),
-                              cipher_name(SSH_FALLBACK_CIPHER));
+                            cipher_name(ssh_cipher_default),
+                            cipher_name(SSH_FALLBACK_CIPHER));
                         options.cipher = SSH_FALLBACK_CIPHER;
                 }
         }
diff --git a/sshconnect2.c b/sshconnect2.c
index 3bddd7cc8..99ffb2c47 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -28,7 +28,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.8 2000/05/07 18:23:32 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.10 2000/05/08 17:42:25 markus Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
@@ -96,13 +96,14 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
         if (options.ciphers != NULL) {
                 myproposal[PROPOSAL_ENC_ALGS_CTOS] =
                 myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
-        } else if (
-            options.cipher == SSH_CIPHER_ARCFOUR ||
-            options.cipher == SSH_CIPHER_3DES_CBC ||
-            options.cipher == SSH_CIPHER_CAST128_CBC ||
-            options.cipher == SSH_CIPHER_BLOWFISH_CBC) {
+        } else if (options.cipher == SSH_CIPHER_3DES) {
                 myproposal[PROPOSAL_ENC_ALGS_CTOS] =
-                myproposal[PROPOSAL_ENC_ALGS_STOC] = cipher_name(options.cipher);
+                myproposal[PROPOSAL_ENC_ALGS_STOC] =
+                    cipher_name(SSH_CIPHER_3DES_CBC);
+        } else if (options.cipher == SSH_CIPHER_BLOWFISH) {
+                myproposal[PROPOSAL_ENC_ALGS_CTOS] =
+                myproposal[PROPOSAL_ENC_ALGS_STOC] =
+                    cipher_name(SSH_CIPHER_BLOWFISH_CBC);
         }
         if (options.compression) {
                 myproposal[PROPOSAL_COMP_ALGS_CTOS] = "zlib";
@@ -344,12 +345,14 @@ ssh2_try_pubkey(char *filename,
         buffer_append(&b, session_id2, session_id2_len);
         buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
         buffer_put_cstring(&b, server_user);
-        buffer_put_cstring(&b, service);
+        buffer_put_cstring(&b,
+            datafellows & SSH_BUG_PUBKEYAUTH ?
+            "ssh-userauth" :
+            service);
         buffer_put_cstring(&b, "publickey");
         buffer_put_char(&b, 1);
         buffer_put_cstring(&b, KEX_DSS); 
         buffer_put_string(&b, blob, bloblen);
-        xfree(blob);
 
         /* generate signature */
         dsa_sign(k, &signature, &slen, buffer_ptr(&b), buffer_len(&b));
@@ -357,6 +360,19 @@ ssh2_try_pubkey(char *filename,
 #ifdef DEBUG_DSS
         buffer_dump(&b);
 #endif
+        if (datafellows & SSH_BUG_PUBKEYAUTH) {
+                /* e.g. ssh-2.0.13: data-to-be-signed != data-on-the-wire */
+                buffer_clear(&b);
+                buffer_append(&b, session_id2, session_id2_len);
+                buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
+                buffer_put_cstring(&b, server_user);
+                buffer_put_cstring(&b, service);
+                buffer_put_cstring(&b, "publickey");
+                buffer_put_char(&b, 1);
+                buffer_put_cstring(&b, KEX_DSS); 
+                buffer_put_string(&b, blob, bloblen);
+        }
+        xfree(blob);
         /* append signature */
         buffer_put_string(&b, signature, slen);
         xfree(signature);
diff --git a/sshd.8 b/sshd.8
index 78f4ea10f..003f29124 100644
--- a/sshd.8
+++ b/sshd.8
@@ -9,7 +9,7 @@
 .\"
 .\" Created: Sat Apr 22 21:55:14 1995 ylo
 .\"
-.\" $Id: sshd.8,v 1.21 2000/05/07 02:03:20 damien Exp $
+.\" $Id: sshd.8,v 1.22 2000/05/09 01:03:03 damien Exp $
 .\"
 .Dd September 25, 1999
 .Dt SSHD 8
@@ -115,7 +115,7 @@ Blowfish, 3DES or CAST128 in CBC mode or Arcfour.
 The client selects the encryption algorithm
 to use from those offered by the server.
 Additionally, session integrity is provided
-through a crytographic message authentication code
+through a cryptographic message authentication code
 (hmac-sha1 or hmac-md5).
 .Pp
 Protocol version 2 provides a public key based
@@ -277,7 +277,7 @@ By default login is allowed regardless of the user name.
 Specifies the ciphers allowed for protocol version 2.
 Multiple ciphers must be comma-separated.
 The default is
-.Dq blowfish-cbc,3des-cbc,arcfour,cast128-cbc .
+.Dq 3des-cbc,blowfish-cbc,arcfour,cast128-cbc .
 .It Cm CheckMail
 Specifies whether
 .Nm
@@ -327,14 +327,14 @@ Specifies the file containing the private DSA host key (default
 used by SSH protocol 2.0.
 Note that
 .Nm
-disables protcol 2.0 if this file is group/world-accessible.
+disables protocol 2.0 if this file is group/world-accessible.
 .It Cm HostKey
 Specifies the file containing the private RSA host key (default
 .Pa /etc/ssh_host_key )
 used by SSH protocols 1.3 and 1.5.
 Note that
 .Nm
-disables protcols 1.3 and 1.5 if this file is group/world-accessible.
+disables protocols 1.3 and 1.5 if this file is group/world-accessible.
 .It Cm IgnoreRhosts
 Specifies that
 .Pa .rhosts
@@ -364,7 +364,7 @@ of the machines will be properly noticed.
 However, this means that
 connections will die if the route is down temporarily, and some people
 find it annoying.
-On the other hand, if keepalives are not send,
+On the other hand, if keepalives are not sent,
 sessions may hang indefinitely on the server, leaving
 .Dq ghost
 users and consuming server resources.
@@ -620,7 +620,7 @@ The
 .Pa $HOME/.ssh/authorized_keys
 file lists the RSA keys that are
 permitted for RSA authentication in SSH protocols 1.3 and 1.5
-Similarily, the
+Similarly, the
 .Pa $HOME/.ssh/authorized_keys2
 file lists the DSA keys that are
 permitted for DSA authentication in SSH protocol 2.0.
@@ -679,8 +679,8 @@ A quote may be included in the command by quoting it with a backslash.
 This option might be useful
 to restrict certain RSA keys to perform just a specific operation.
 An example might be a key that permits remote backups but nothing else.
-Notice that the client may specify TCP/IP and/or X11
-forwardings unless they are explicitly prohibited.
+Note that the client may specify TCP/IP and/or X11
+forwarding unless they are explicitly prohibited.
 .It Cm environment="NAME=value"
 Specifies that the string is to be added to the environment when
 logging in using this key.
diff --git a/version.h b/version.h
index 5e7a38da0..d577644d6 100644
--- a/version.h
+++ b/version.h
@@ -1 +1 @@
-#define SSH_VERSION     "OpenSSH-2.0"
+#define SSH_VERSION     "OpenSSH-2.1"