156 files changed, 16269 insertions, 139 deletions

diff --git a/.bzrignore b/.bzrignore
new file mode 100644
index 000000000..0f130a704
--- /dev/null
+++ b/.bzrignore
@@ -0,0 +1,51 @@
+./.pc
+./*.out
+./Makefile
+./autom4te.cache
+./build-deb
+./build-deb-stamp
+./build-udeb
+./build-udeb-stamp
+./buildit.sh
+./buildpkg.sh
+./config.cache
+./config.h
+./config.log
+./config.status
+./openssh.xml
+./opensshd.init
+./scp
+./sftp
+./sftp-server
+./ssh
+./ssh-add
+./ssh-agent
+./ssh-keygen
+./ssh-keyscan
+./ssh-keysign
+./ssh-rand-helper
+./ssh_prng_cmds
+./sshd
+./stamp-h.in
+./survey
+./survey.sh
+contrib/gnome-ssh-askpass1
+contrib/gnome-ssh-askpass2
+openbsd-compat/Makefile
+scard/Makefile
+debian/*.debhelper*
+debian/*substvars
+debian/copyright
+debian/files
+debian/openssh-client
+debian/openssh-client-udeb
+debian/openssh-server
+debian/openssh-server-udeb
+debian/ssh
+debian/ssh-askpass-gnome
+debian/ssh-krb5
+debian/tests/key1
+debian/tests/key1.pub
+debian/tests/key2
+debian/tests/key2.pub
+debian/tmp
diff --git a/Makefile.in b/Makefile.in
index f9799268a..839abbd48 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -26,6 +26,7 @@ ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass
 SFTP_SERVER=$(libexecdir)/sftp-server
 SSH_KEYSIGN=$(libexecdir)/ssh-keysign
 SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
+SSH_DATADIR=$(datadir)/ssh
 PRIVSEP_PATH=@PRIVSEP_PATH@
 SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
 STRIP_OPT=@STRIP_OPT@
@@ -37,7 +38,8 @@ PATHS= -DSSHDIR=\"$(sysconfdir)\" \
         -D_PATH_SSH_KEY_SIGN=\"$(SSH_KEYSIGN)\" \
         -D_PATH_SSH_PKCS11_HELPER=\"$(SSH_PKCS11_HELPER)\" \
         -D_PATH_SSH_PIDDIR=\"$(piddir)\" \
-        -D_PATH_PRIVSEP_CHROOT_DIR=\"$(PRIVSEP_PATH)\"
+        -D_PATH_PRIVSEP_CHROOT_DIR=\"$(PRIVSEP_PATH)\" \
+        -D_PATH_SSH_DATADIR=\"$(SSH_DATADIR)\"
 
 CC=@CC@
 LD=@LD@
@@ -61,7 +63,7 @@ LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@
 EXEEXT=@EXEEXT@
 MANFMT=@MANFMT@
 
-TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT)
+TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-vulnkey$(EXEEXT)
 
 LIBSSH_OBJS=authfd.o authfile.o bufaux.o bufbn.o buffer.o \
         canohost.o channels.o cipher.o cipher-aes.o \
@@ -94,10 +96,11 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
         sftp-server.o sftp-common.o \
         roaming_common.o roaming_serv.o \
         sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
-        sandbox-seccomp-filter.o
+        sandbox-seccomp-filter.o \
+        consolekit.o
 
-MANPAGES        = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
-MANPAGES_IN     = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
+MANPAGES        = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out ssh-vulnkey.1.out sshd_config.5.out ssh_config.5.out
+MANPAGES_IN     = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 ssh-vulnkey.1 sshd_config.5 ssh_config.5
 MANTYPE         = @MANTYPE@
 
 CONFIGFILES=sshd_config.out ssh_config.out moduli.out
@@ -176,6 +179,9 @@ sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o s
 sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o
         $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT)
 
+ssh-vulnkey$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-vulnkey.o
+        $(LD) -o $@ ssh-vulnkey.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+
 # test driver for the loginrec code - not built by default
 logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o
         $(LD) -o $@ logintest.o $(LDFLAGS) loginrec.o -lopenbsd-compat -lssh $(LIBS)
@@ -272,6 +278,7 @@ install-files:
         $(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
         $(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
         $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
+        $(INSTALL) -m 0755 $(STRIP_OPT) ssh-vulnkey$(EXEEXT) $(DESTDIR)$(bindir)/ssh-vulnkey$(EXEEXT)
         $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
         $(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
         $(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
@@ -282,14 +289,16 @@ install-files:
         $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5
         $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5
         $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8
+        ln -s ../$(mansubdir)8/sshd.8 $(DESTDIR)$(mandir)/$(mansubdir)5/authorized_keys.5
         $(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1
         $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
         $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
         $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
+        $(INSTALL) -m 644 ssh-vulnkey.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-vulnkey.1
         -rm -f $(DESTDIR)$(bindir)/slogin
-        ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
+        ln -s ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
         -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
-        ln -s ./ssh.1 $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
+        ln -s ssh.1 $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
 
 install-sysconf:
         if [ ! -d $(DESTDIR)$(sysconfdir) ]; then \
@@ -367,6 +376,7 @@ uninstall:
         -rm -f $(DESTDIR)$(bindir)/ssh-agent$(EXEEXT)
         -rm -f $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT)
         -rm -f $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT)
+        -rm -f $(DESTDIR)$(bindir)/ssh-vulnkey$(EXEEXT)
         -rm -f $(DESTDIR)$(bindir)/sftp$(EXEEXT)
         -rm -f $(DESTDIR)$(sbindir)/sshd$(EXEEXT)
         -rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
@@ -379,6 +389,7 @@ uninstall:
         -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1
         -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1
         -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1
+        -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-vulnkey.1
         -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8
         -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
         -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
diff --git a/auth-options.c b/auth-options.c
index 80d59ee95..73e330bf5 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -58,9 +58,20 @@ int forced_tun_device = -1;
 /* "principals=" option. */
 char *authorized_principals = NULL;
 
+/* Throttle log messages. */
+int logged_from_hostip = 0;
+int logged_cert_hostip = 0;
+
 extern ServerOptions options;
 
 void
+auth_start_parse_options(void)
+{
+        logged_from_hostip = 0;
+        logged_cert_hostip = 0;
+}
+
+void
 auth_clear_options(void)
 {
         no_agent_forwarding_flag = 0;
@@ -288,10 +299,13 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
                                 /* FALLTHROUGH */
                         case 0:
                                 free(patterns);
-                                logit("Authentication tried for %.100s with "
-                                    "correct key but not from a permitted "
-                                    "host (host=%.200s, ip=%.200s).",
-                                    pw->pw_name, remote_host, remote_ip);
+                                if (!logged_from_hostip) {
+                                        logit("Authentication tried for %.100s with "
+                                            "correct key but not from a permitted "
+                                            "host (host=%.200s, ip=%.200s).",
+                                            pw->pw_name, remote_host, remote_ip);
+                                        logged_from_hostip = 1;
+                                }
                                 auth_debug_add("Your host '%.200s' is not "
                                     "permitted to use this key for login.",
                                     remote_host);
@@ -513,11 +527,14 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
                                         break;
                                 case 0:
                                         /* no match */
-                                        logit("Authentication tried for %.100s "
-                                            "with valid certificate but not "
-                                            "from a permitted host "
-                                            "(ip=%.200s).", pw->pw_name,
-                                            remote_ip);
+                                        if (!logged_cert_hostip) {
+                                                logit("Authentication tried for %.100s "
+                                                    "with valid certificate but not "
+                                                    "from a permitted host "
+                                                    "(ip=%.200s).", pw->pw_name,
+                                                    remote_ip);
+                                                logged_cert_hostip = 1;
+                                        }
                                         auth_debug_add("Your address '%.200s' "
                                             "is not permitted to use this "
                                             "certificate for login.",
diff --git a/auth-options.h b/auth-options.h
index 7455c9454..a3f0a02da 100644
--- a/auth-options.h
+++ b/auth-options.h
@@ -33,6 +33,7 @@ extern int forced_tun_device;
 extern int key_is_cert_authority;
 extern char *authorized_principals;
 
+void    auth_start_parse_options(void);
 int     auth_parse_options(struct passwd *, char *, char *, u_long);
 void    auth_clear_options(void);
 int     auth_cert_options(Key *, struct passwd *);
diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c
index b21a0f4a2..891ec3297 100644
--- a/auth-rh-rsa.c
+++ b/auth-rh-rsa.c
@@ -44,7 +44,7 @@ auth_rhosts_rsa_key_allowed(struct passwd *pw, char *cuser, char *chost,
 {
         HostStatus host_status;
 
-        if (auth_key_is_revoked(client_host_key))
+        if (auth_key_is_revoked(client_host_key, 0))
                 return 0;
 
         /* Check if we would accept it using rhosts authentication. */
diff --git a/auth-rhosts.c b/auth-rhosts.c
index 06ae7f0b9..f20278797 100644
--- a/auth-rhosts.c
+++ b/auth-rhosts.c
@@ -256,8 +256,7 @@ auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostnam
                 return 0;
         }
         if (options.strict_modes &&
-            ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
-            (st.st_mode & 022) != 0)) {
+            !secure_permissions(&st, pw->pw_uid)) {
                 logit("Rhosts authentication refused for %.100s: "
                     "bad ownership or modes for home directory.", pw->pw_name);
                 auth_debug_add("Rhosts authentication refused for %.100s: "
@@ -283,8 +282,7 @@ auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostnam
                  * allowing access to their account by anyone.
                  */
                 if (options.strict_modes &&
-                    ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
-                    (st.st_mode & 022) != 0)) {
+                    !secure_permissions(&st, pw->pw_uid)) {
                         logit("Rhosts authentication refused for %.100s: bad modes for %.200s",
                             pw->pw_name, buf);
                         auth_debug_add("Bad file modes for %.200s", buf);
diff --git a/auth-rsa.c b/auth-rsa.c
index 545aa496a..9b139c928 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -174,6 +174,8 @@ rsa_key_allowed_in_file(struct passwd *pw, char *file,
         if ((f = auth_openkeyfile(file, pw, options.strict_modes)) == NULL)
                 return 0;
 
+        auth_start_parse_options();
+
         /*
          * Go though the accepted keys, looking for the current key.  If
          * found, perform a challenge-response dialog to verify that the
@@ -237,7 +239,7 @@ rsa_key_allowed_in_file(struct passwd *pw, char *file,
                 free(fp);
 
                 /* Never accept a revoked key */
-                if (auth_key_is_revoked(key))
+                if (auth_key_is_revoked(key, 0))
                         break;
 
                 /* We have found the desired key. */
diff --git a/auth.c b/auth.c
index 9a36f1dac..7f6c6c8ad 100644
--- a/auth.c
+++ b/auth.c
@@ -59,6 +59,7 @@
 #include "servconf.h"
 #include "key.h"
 #include "hostfile.h"
+#include "authfile.h"
 #include "auth.h"
 #include "auth-options.h"
 #include "canohost.h"
@@ -407,8 +408,7 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host,
                 user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);
                 if (options.strict_modes &&
                     (stat(user_hostfile, &st) == 0) &&
-                    ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
-                    (st.st_mode & 022) != 0)) {
+                    !secure_permissions(&st, pw->pw_uid)) {
                         logit("Authentication refused for %.100s: "
                             "bad owner or modes for %.200s",
                             pw->pw_name, user_hostfile);
@@ -470,8 +470,7 @@ auth_secure_path(const char *name, struct stat *stp, const char *pw_dir,
                 snprintf(err, errlen, "%s is not a regular file", buf);
                 return -1;
         }
-        if ((!platform_sys_dir_uid(stp->st_uid) && stp->st_uid != uid) ||
-            (stp->st_mode & 022) != 0) {
+        if (!secure_permissions(stp, uid)) {
                 snprintf(err, errlen, "bad ownership or modes for file %s",
                     buf);
                 return -1;
@@ -486,8 +485,7 @@ auth_secure_path(const char *name, struct stat *stp, const char *pw_dir,
                 strlcpy(buf, cp, sizeof(buf));
 
                 if (stat(buf, &st) < 0 ||
-                    (!platform_sys_dir_uid(st.st_uid) && st.st_uid != uid) ||
-                    (st.st_mode & 022) != 0) {
+                    !secure_permissions(&st, uid)) {
                         snprintf(err, errlen,
                             "bad ownership or modes for directory %s", buf);
                         return -1;
@@ -657,10 +655,34 @@ getpwnamallow(const char *user)
 
 /* Returns 1 if key is revoked by revoked_keys_file, 0 otherwise */
 int
-auth_key_is_revoked(Key *key)
+auth_key_is_revoked(Key *key, int hostkey)
 {
         char *key_fp;
 
+        if (blacklisted_key(key, &key_fp) == 1) {
+                if (options.permit_blacklisted_keys) {
+                        if (hostkey)
+                                error("Host key %s blacklisted (see "
+                                    "ssh-vulnkey(1)); continuing anyway",
+                                    key_fp);
+                        else
+                                logit("Public key %s from %s blacklisted (see "
+                                    "ssh-vulnkey(1)); continuing anyway",
+                                    key_fp, get_remote_ipaddr());
+                        free(key_fp);
+                } else {
+                        if (hostkey)
+                                error("Host key %s blacklisted (see "
+                                    "ssh-vulnkey(1))", key_fp);
+                        else
+                                logit("Public key %s from %s blacklisted (see "
+                                    "ssh-vulnkey(1))",
+                                    key_fp, get_remote_ipaddr());
+                        free(key_fp);
+                        return 1;
+                }
+        }
+
         if (options.revoked_keys_file == NULL)
                 return 0;
         switch (ssh_krl_file_contains_key(options.revoked_keys_file, key)) {
diff --git a/auth.h b/auth.h
index 80f089869..ec95460cf 100644
--- a/auth.h
+++ b/auth.h
@@ -59,6 +59,7 @@ struct Authctxt {
         char            *service;
         struct passwd   *pw;            /* set if 'valid' */
         char            *style;
+        char            *role;
         void            *kbdintctxt;
         char            *info;          /* Extra info for next auth_log */
         void            *jpake_ctx;
@@ -190,7 +191,7 @@ char	*authorized_principals_file(struct passwd *);
 
 FILE    *auth_openkeyfile(const char *, struct passwd *, int);
 FILE    *auth_openprincipals(const char *, struct passwd *, int);
-int      auth_key_is_revoked(Key *);
+int      auth_key_is_revoked(Key *, int);
 
 HostStatus
 check_key_in_hostfiles(struct passwd *, Key *, const char *,
diff --git a/auth1.c b/auth1.c
index f1ac59814..2803a3c97 100644
--- a/auth1.c
+++ b/auth1.c
@@ -380,7 +380,7 @@ void
 do_authentication(Authctxt *authctxt)
 {
         u_int ulen;
-        char *user, *style = NULL;
+        char *user, *style = NULL, *role = NULL;
 
         /* Get the name of the user that we wish to log in as. */
         packet_read_expect(SSH_CMSG_USER);
@@ -389,11 +389,17 @@ do_authentication(Authctxt *authctxt)
         user = packet_get_cstring(&ulen);
         packet_check_eom();
 
+        if ((role = strchr(user, '/')) != NULL)
+                *role++ = '\0';
+
         if ((style = strchr(user, ':')) != NULL)
                 *style++ = '\0';
+        else if (role && (style = strchr(role, ':')) != NULL)
+                *style++ = '\0';
 
         authctxt->user = user;
         authctxt->style = style;
+        authctxt->role = role;
 
         /* Verify that the user is a valid user. */
         if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL)
diff --git a/auth2-hostbased.c b/auth2-hostbased.c
index a344dcc1f..3a17f1bf2 100644
--- a/auth2-hostbased.c
+++ b/auth2-hostbased.c
@@ -150,7 +150,7 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
         int len;
         char *fp;
 
-        if (auth_key_is_revoked(key))
+        if (auth_key_is_revoked(key, 0))
                 return 0;
 
         resolvedname = get_canonical_hostname(options.use_dns);
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index 2b3ecb104..7c0ceee55 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -257,6 +257,7 @@ match_principals_file(char *file, struct passwd *pw, struct KeyCert *cert)
                 restore_uid();
                 return 0;
         }
+        auth_start_parse_options();
         while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
                 /* Skip leading whitespace. */
                 for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
@@ -318,6 +319,7 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
         found_key = 0;
 
         found = NULL;
+        auth_start_parse_options();
         while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
                 char *cp, *key_options = NULL;
                 if (found != NULL)
@@ -453,6 +455,7 @@ user_cert_trusted_ca(struct passwd *pw, Key *key)
         if (key_cert_check_authority(key, 0, 1,
             principals_file == NULL ? pw->pw_name : NULL, &reason) != 0)
                 goto fail_reason;
+        auth_start_parse_options();
         if (auth_cert_options(key, pw) != 0)
                 goto out;
 
@@ -647,9 +650,10 @@ user_key_allowed(struct passwd *pw, Key *key)
         u_int success, i;
         char *file;
 
-        if (auth_key_is_revoked(key))
+        if (auth_key_is_revoked(key, 0))
                 return 0;
-        if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key))
+        if (key_is_cert(key) &&
+            auth_key_is_revoked(key->cert->signature_key, 0))
                 return 0;
 
         success = user_cert_trusted_ca(pw, key);
diff --git a/auth2.c b/auth2.c
index 6ed8f042b..b55bbcd95 100644
--- a/auth2.c
+++ b/auth2.c
@@ -222,7 +222,7 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
 {
         Authctxt *authctxt = ctxt;
         Authmethod *m = NULL;
-        char *user, *service, *method, *style = NULL;
+        char *user, *service, *method, *style = NULL, *role = NULL;
         int authenticated = 0;
 
         if (authctxt == NULL)
@@ -234,8 +234,13 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
         debug("userauth-request for user %s service %s method %s", user, service, method);
         debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
 
+        if ((role = strchr(user, '/')) != NULL)
+                *role++ = 0;
+
         if ((style = strchr(user, ':')) != NULL)
                 *style++ = 0;
+        else if (role && (style = strchr(role, ':')) != NULL)
+                *style++ = '\0';
 
         if (authctxt->attempt++ == 0) {
                 /* setup auth context */
@@ -259,8 +264,9 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
                     use_privsep ? " [net]" : "");
                 authctxt->service = xstrdup(service);
                 authctxt->style = style ? xstrdup(style) : NULL;
+                authctxt->role = role ? xstrdup(role) : NULL;
                 if (use_privsep)
-                        mm_inform_authserv(service, style);
+                        mm_inform_authserv(service, style, role);
                 userauth_banner();
                 if (auth2_setup_methods_lists(authctxt) != 0)
                         packet_disconnect("no authentication methods enabled");
diff --git a/authfile.c b/authfile.c
index 63ae16bbd..cb95cfcb8 100644
--- a/authfile.c
+++ b/authfile.c
@@ -68,6 +68,7 @@
 #include "rsa.h"
 #include "misc.h"
 #include "atomicio.h"
+#include "pathnames.h"
 
 #define MAX_KEY_FILE_SIZE       (1024 * 1024)
 
@@ -944,3 +945,139 @@ key_in_file(Key *key, const char *filename, int strict_type)
         return ret;
 }
 
+/* Scan a blacklist of known-vulnerable keys in blacklist_file. */
+static int
+blacklisted_key_in_file(Key *key, const char *blacklist_file, char **fp)
+{
+        int fd = -1;
+        char *dgst_hex = NULL;
+        char *dgst_packed = NULL, *p;
+        int i;
+        size_t line_len;
+        struct stat st;
+        char buf[256];
+        off_t start, lower, upper;
+        int ret = 0;
+
+        debug("Checking blacklist file %s", blacklist_file);
+        fd = open(blacklist_file, O_RDONLY);
+        if (fd < 0) {
+                ret = -1;
+                goto out;
+        }
+
+        dgst_hex = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
+        /* Remove all colons */
+        dgst_packed = xcalloc(1, strlen(dgst_hex) + 1);
+        for (i = 0, p = dgst_packed; dgst_hex[i]; i++)
+                if (dgst_hex[i] != ':')
+                        *p++ = dgst_hex[i];
+        /* Only compare least-significant 80 bits (to keep the blacklist
+         * size down)
+         */
+        line_len = strlen(dgst_packed + 12);
+        if (line_len > 32)
+                goto out;
+
+        /* Skip leading comments */
+        start = 0;
+        for (;;) {
+                ssize_t r;
+                char *newline;
+
+                r = atomicio(read, fd, buf, sizeof(buf));
+                if (r <= 0)
+                        goto out;
+                if (buf[0] != '#')
+                        break;
+
+                newline = memchr(buf, '\n', sizeof(buf));
+                if (!newline)
+                        goto out;
+                start += newline + 1 - buf;
+                if (lseek(fd, start, SEEK_SET) < 0)
+                        goto out;
+        }
+
+        /* Initialise binary search record numbers */
+        if (fstat(fd, &st) < 0)
+                goto out;
+        lower = 0;
+        upper = (st.st_size - start) / (line_len + 1);
+
+        while (lower != upper) {
+                off_t cur;
+                int cmp;
+
+                cur = lower + (upper - lower) / 2;
+
+                /* Read this line and compare to digest; this is
+                 * overflow-safe since cur < max(off_t) / (line_len + 1) */
+                if (lseek(fd, start + cur * (line_len + 1), SEEK_SET) < 0)
+                        break;
+                if (atomicio(read, fd, buf, line_len) != line_len)
+                        break;
+                cmp = memcmp(buf, dgst_packed + 12, line_len);
+                if (cmp < 0) {
+                        if (cur == lower)
+                                break;
+                        lower = cur;
+                } else if (cmp > 0) {
+                        if (cur == upper)
+                                break;
+                        upper = cur;
+                } else {
+                        debug("Found %s in blacklist", dgst_hex);
+                        ret = 1;
+                        break;
+                }
+        }
+
+out:
+        free(dgst_packed);
+        if (ret != 1 && dgst_hex) {
+                free(dgst_hex);
+                dgst_hex = NULL;
+        }
+        if (fp)
+                *fp = dgst_hex;
+        if (fd >= 0)
+                close(fd);
+        return ret;
+}
+
+/*
+ * Scan blacklists of known-vulnerable keys. If a vulnerable key is found,
+ * its fingerprint is returned in *fp, unless fp is NULL.
+ */
+int
+blacklisted_key(Key *key, char **fp)
+{
+        Key *public;
+        char *blacklist_file;
+        int ret, ret2;
+
+        public = key_demote(key);
+        if (public->type == KEY_RSA1)
+                public->type = KEY_RSA;
+
+        xasprintf(&blacklist_file, "%s.%s-%u",
+            _PATH_BLACKLIST, key_type(public), key_size(public));
+        ret = blacklisted_key_in_file(public, blacklist_file, fp);
+        free(blacklist_file);
+        if (ret > 0) {
+                key_free(public);
+                return ret;
+        }
+
+        xasprintf(&blacklist_file, "%s.%s-%u",
+            _PATH_BLACKLIST_CONFIG, key_type(public), key_size(public));
+        ret2 = blacklisted_key_in_file(public, blacklist_file, fp);
+        free(blacklist_file);
+        if (ret2 > ret)
+                ret = ret2;
+
+        key_free(public);
+        return ret;
+}
+
diff --git a/authfile.h b/authfile.h
index 78349beb5..3f2bdcb06 100644
--- a/authfile.h
+++ b/authfile.h
@@ -28,4 +28,6 @@ Key	*key_load_private_pem(int, int, const char *, char **);
 int      key_perm_ok(int, const char *);
 int      key_in_file(Key *, const char *, int);
 
+int      blacklisted_key(Key *key, char **fp);
+
 #endif
diff --git a/clientloop.c b/clientloop.c
index 86695cc16..35550eb4d 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -563,16 +563,21 @@ client_global_request_reply(int type, u_int32_t seq, void *ctxt)
 static void
 server_alive_check(void)
 {
-        if (packet_inc_alive_timeouts() > options.server_alive_count_max) {
-                logit("Timeout, server %s not responding.", host);
-                cleanup_exit(255);
+        if (compat20) {
+                if (packet_inc_alive_timeouts() > options.server_alive_count_max) {
+                        logit("Timeout, server %s not responding.", host);
+                        cleanup_exit(255);
+                }
+                packet_start(SSH2_MSG_GLOBAL_REQUEST);
+                packet_put_cstring("keepalive@openssh.com");
+                packet_put_char(1);     /* boolean: want reply */
+                packet_send();
+                /* Insert an empty placeholder to maintain ordering */
+                client_register_global_confirm(NULL, NULL);
+        } else {
+                packet_send_ignore(0);
+                packet_send();
         }
-        packet_start(SSH2_MSG_GLOBAL_REQUEST);
-        packet_put_cstring("keepalive@openssh.com");
-        packet_put_char(1);     /* boolean: want reply */
-        packet_send();
-        /* Insert an empty placeholder to maintain ordering */
-        client_register_global_confirm(NULL, NULL);
 }
 
 /*
@@ -634,7 +639,7 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp,
          */
 
         timeout_secs = INT_MAX; /* we use INT_MAX to mean no timeout */
-        if (options.server_alive_interval > 0 && compat20) {
+        if (options.server_alive_interval > 0) {
                 timeout_secs = options.server_alive_interval;
                 server_alive_time = now + options.server_alive_interval;
         }
@@ -1712,8 +1717,10 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
                 exit_status = 0;
         }
 
-        if (received_signal)
-                fatal("Killed by signal %d.", (int) received_signal);
+        if (received_signal) {
+                debug("Killed by signal %d.", (int) received_signal);
+                cleanup_exit((int) received_signal + 128);
+        }
 
         /*
          * In interactive mode (with pseudo tty) display a message indicating
diff --git a/configure b/configure
index ceb1b5d6d..78bbcd008 100755
--- a/configure
+++ b/configure
@@ -738,6 +738,7 @@ with_privsep_user
 with_sandbox
 with_selinux
 with_kerberos5
+with_consolekit
 with_privsep_path
 with_xauth
 enable_strip
@@ -1428,6 +1429,7 @@ Optional Packages:
   --with-sandbox=style    Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter)
   --with-selinux          Enable SELinux support
   --with-kerberos5=PATH   Enable Kerberos 5 support
+  --with-consolekit       Enable ConsoleKit support
   --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)
   --with-xauth=PATH       Specify path to xauth program
   --with-maildir=/path/to/mail    Specify your system mail directory
@@ -16375,6 +16377,135 @@ fi
 
 
 
+# Check whether user wants ConsoleKit support
+CONSOLEKIT_MSG="no"
+LIBCK_CONNECTOR=""
+
+# Check whether --with-consolekit was given.
+if test "${with_consolekit+set}" = set; then :
+  withval=$with_consolekit;  if test "x$withval" != "xno" ; then
+                if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args.
+set dummy ${ac_tool_prefix}pkg-config; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_PKGCONFIG+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  case $PKGCONFIG in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_PKGCONFIG="$PKGCONFIG" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_path_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  ;;
+esac
+fi
+PKGCONFIG=$ac_cv_path_PKGCONFIG
+if test -n "$PKGCONFIG"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKGCONFIG" >&5
+$as_echo "$PKGCONFIG" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_path_PKGCONFIG"; then
+  ac_pt_PKGCONFIG=$PKGCONFIG
+  # Extract the first word of "pkg-config", so it can be a program name with args.
+set dummy pkg-config; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_ac_pt_PKGCONFIG+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  case $ac_pt_PKGCONFIG in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_ac_pt_PKGCONFIG="$ac_pt_PKGCONFIG" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_path_ac_pt_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  ;;
+esac
+fi
+ac_pt_PKGCONFIG=$ac_cv_path_ac_pt_PKGCONFIG
+if test -n "$ac_pt_PKGCONFIG"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKGCONFIG" >&5
+$as_echo "$ac_pt_PKGCONFIG" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_pt_PKGCONFIG" = x; then
+    PKGCONFIG="no"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    PKGCONFIG=$ac_pt_PKGCONFIG
+  fi
+else
+  PKGCONFIG="$ac_cv_path_PKGCONFIG"
+fi
+
+                if test "$PKGCONFIG" != "no"; then
+                        { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ck-connector" >&5
+$as_echo_n "checking for ck-connector... " >&6; }
+                        if $PKGCONFIG --exists ck-connector; then
+                                CKCON_CFLAGS=`$PKGCONFIG --cflags ck-connector`
+                                CKCON_LIBS=`$PKGCONFIG --libs ck-connector`
+                                CPPFLAGS="$CPPFLAGS $CKCON_CFLAGS"
+                                SSHDLIBS="$SSHDLIBS $CKCON_LIBS"
+                                { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+$as_echo "#define USE_CONSOLEKIT 1" >>confdefs.h
+
+                                CONSOLEKIT_MSG="yes"
+                        else
+                                { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+                        fi
+                fi
+        fi
+
+fi
+
+
 # Looking for programs, paths and files
 
 PRIVSEP_PATH=/var/empty
@@ -18902,6 +19033,7 @@ echo "              MD5 password support: $MD5_MSG"
 echo "                   libedit support: $LIBEDIT_MSG"
 echo "  Solaris process contract support: $SPC_MSG"
 echo "           Solaris project support: $SP_MSG"
+echo "                ConsoleKit support: $CONSOLEKIT_MSG"
 echo "       IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
 echo "           Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
 echo "                  BSD Auth support: $BSD_AUTH_MSG"
diff --git a/configure.ac b/configure.ac
index 4c1a6589e..d7d500a33 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3841,6 +3841,30 @@ AC_ARG_WITH([kerberos5],
 AC_SUBST([GSSLIBS])
 AC_SUBST([K5LIBS])
 
+# Check whether user wants ConsoleKit support
+CONSOLEKIT_MSG="no"
+LIBCK_CONNECTOR=""
+AC_ARG_WITH(consolekit,
+        [  --with-consolekit       Enable ConsoleKit support],
+        [ if test "x$withval" != "xno" ; then
+                AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
+                if test "$PKGCONFIG" != "no"; then
+                        AC_MSG_CHECKING([for ck-connector])
+                        if $PKGCONFIG --exists ck-connector; then
+                                CKCON_CFLAGS=`$PKGCONFIG --cflags ck-connector`
+                                CKCON_LIBS=`$PKGCONFIG --libs ck-connector`
+                                CPPFLAGS="$CPPFLAGS $CKCON_CFLAGS"
+                                SSHDLIBS="$SSHDLIBS $CKCON_LIBS"
+                                AC_MSG_RESULT([yes])
+                                AC_DEFINE(USE_CONSOLEKIT, 1, [Define if you want ConsoleKit support.])
+                                CONSOLEKIT_MSG="yes"
+                        else
+                                AC_MSG_RESULT([no])
+                        fi
+                fi
+        fi ]
+)
+
 # Looking for programs, paths and files
 
 PRIVSEP_PATH=/var/empty
@@ -4641,6 +4665,7 @@ echo "              MD5 password support: $MD5_MSG"
 echo "                   libedit support: $LIBEDIT_MSG"
 echo "  Solaris process contract support: $SPC_MSG"
 echo "           Solaris project support: $SP_MSG"
+echo "                ConsoleKit support: $CONSOLEKIT_MSG"
 echo "       IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
 echo "           Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
 echo "                  BSD Auth support: $BSD_AUTH_MSG"
diff --git a/consolekit.c b/consolekit.c
new file mode 100644
index 000000000..f1039e652
--- /dev/null
+++ b/consolekit.c
@@ -0,0 +1,240 @@
+/*
+ * Copyright (c) 2008 Colin Watson.  All rights reserved.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+/*
+ * Loosely based on pam-ck-connector, which is:
+ *
+ * Copyright (c) 2007 David Zeuthen <davidz@redhat.com>
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use,
+ * copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following
+ * conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+ * OTHER DEALINGS IN THE SOFTWARE.
+ */
+
+#include "includes.h"
+
+#ifdef USE_CONSOLEKIT
+
+#include <ck-connector.h>
+
+#include "openbsd-compat/sys-queue.h"
+#include "xmalloc.h"
+#include "channels.h"
+#include "key.h"
+#include "hostfile.h"
+#include "auth.h"
+#include "log.h"
+#include "servconf.h"
+#include "canohost.h"
+#include "session.h"
+#include "consolekit.h"
+
+extern ServerOptions options;
+extern u_int utmp_len;
+
+void
+set_active(const char *cookie)
+{
+        DBusError err;
+        DBusConnection *connection;
+        DBusMessage *message = NULL, *reply = NULL;
+        char *sid;
+        DBusMessageIter iter, subiter;
+        const char *interface, *property;
+        dbus_bool_t active;
+
+        dbus_error_init(&err);
+        connection = dbus_bus_get_private(DBUS_BUS_SYSTEM, &err);
+        if (!connection) {
+                if (dbus_error_is_set(&err)) {
+                        error("unable to open DBus connection: %s",
+                            err.message);
+                        dbus_error_free(&err);
+                }
+                goto out;
+        }
+        dbus_connection_set_exit_on_disconnect(connection, FALSE);
+
+        message = dbus_message_new_method_call("org.freedesktop.ConsoleKit",
+            "/org/freedesktop/ConsoleKit/Manager",
+            "org.freedesktop.ConsoleKit.Manager",
+            "GetSessionForCookie");
+        if (!message)
+                goto out;
+        if (!dbus_message_append_args(message, DBUS_TYPE_STRING, &cookie,
+            DBUS_TYPE_INVALID)) {
+                if (dbus_error_is_set(&err)) {
+                        error("unable to get current session: %s",
+                            err.message);
+                        dbus_error_free(&err);
+                }
+                goto out;
+        }
+
+        dbus_error_init(&err);
+        reply = dbus_connection_send_with_reply_and_block(connection, message,
+            -1, &err);
+        if (!reply) {
+                if (dbus_error_is_set(&err)) {
+                        error("unable to get current session: %s",
+                            err.message);
+                        dbus_error_free(&err);
+                }
+                goto out;
+        }
+
+        dbus_error_init(&err);
+        if (!dbus_message_get_args(reply, &err,
+            DBUS_TYPE_OBJECT_PATH, &sid,
+            DBUS_TYPE_INVALID)) {
+                if (dbus_error_is_set(&err)) {
+                        error("unable to get current session: %s",
+                            err.message);
+                        dbus_error_free(&err);
+                }
+                goto out;
+        }
+        dbus_message_unref(reply);
+        dbus_message_unref(message);
+        message = reply = NULL;
+
+        message = dbus_message_new_method_call("org.freedesktop.ConsoleKit",
+            sid, "org.freedesktop.DBus.Properties", "Set");
+        if (!message)
+                goto out;
+        interface = "org.freedesktop.ConsoleKit.Session";
+        property = "active";
+        if (!dbus_message_append_args(message,
+            DBUS_TYPE_STRING, &interface, DBUS_TYPE_STRING, &property,
+            DBUS_TYPE_INVALID))
+                goto out;
+        dbus_message_iter_init_append(message, &iter);
+        if (!dbus_message_iter_open_container(&iter, DBUS_TYPE_VARIANT,
+            DBUS_TYPE_BOOLEAN_AS_STRING, &subiter))
+                goto out;
+        active = TRUE;
+        if (!dbus_message_iter_append_basic(&subiter, DBUS_TYPE_BOOLEAN,
+            &active))
+                goto out;
+        if (!dbus_message_iter_close_container(&iter, &subiter))
+                goto out;
+
+        dbus_error_init(&err);
+        reply = dbus_connection_send_with_reply_and_block(connection, message,
+            -1, &err);
+        if (!reply) {
+                if (dbus_error_is_set(&err)) {
+                        error("unable to make current session active: %s",
+                            err.message);
+                        dbus_error_free(&err);
+                }
+                goto out;
+        }
+
+out:
+        if (reply)
+                dbus_message_unref(reply);
+        if (message)
+                dbus_message_unref(message);
+}
+
+/*
+ * We pass display separately rather than using s->display because the
+ * latter is not available in the monitor when using privsep.
+ */
+
+char *
+consolekit_register(Session *s, const char *display)
+{
+        DBusError err;
+        const char *tty = s->tty;
+        const char *remote_host_name;
+        dbus_bool_t is_local = FALSE;
+        const char *cookie = NULL;
+
+        if (s->ckc) {
+                debug("already registered with ConsoleKit");
+                return xstrdup(ck_connector_get_cookie(s->ckc));
+        }
+
+        s->ckc = ck_connector_new();
+        if (!s->ckc) {
+                error("ck_connector_new failed");
+                return NULL;
+        }
+
+        if (!tty)
+                tty = "";
+        if (!display)
+                display = "";
+        remote_host_name = get_remote_name_or_ip(utmp_len, options.use_dns);
+        if (!remote_host_name)
+                remote_host_name = "";
+
+        dbus_error_init(&err);
+        if (!ck_connector_open_session_with_parameters(s->ckc, &err,
+            "unix-user", &s->pw->pw_uid,
+            "display-device", &tty,
+            "x11-display", &display,
+            "remote-host-name", &remote_host_name,
+            "is-local", &is_local,
+            NULL)) {
+                if (dbus_error_is_set(&err)) {
+                        debug("%s", err.message);
+                        dbus_error_free(&err);
+                } else {
+                        debug("insufficient privileges or D-Bus / ConsoleKit "
+                            "not available");
+                }
+                return NULL;
+        }
+
+        debug("registered uid=%d on tty='%s' with ConsoleKit",
+            s->pw->pw_uid, s->tty);
+
+        cookie = ck_connector_get_cookie(s->ckc);
+        set_active(cookie);
+        return xstrdup(cookie);
+}
+
+void
+consolekit_unregister(Session *s)
+{
+        if (s->ckc) {
+                debug("unregistering ConsoleKit session %s",
+                    ck_connector_get_cookie(s->ckc));
+                ck_connector_unref(s->ckc);
+                s->ckc = NULL;
+        }
+}
+
+#endif /* USE_CONSOLEKIT */
diff --git a/consolekit.h b/consolekit.h
new file mode 100644
index 000000000..8ce371690
--- /dev/null
+++ b/consolekit.h
@@ -0,0 +1,24 @@
+/*
+ * Copyright (c) 2008 Colin Watson.  All rights reserved.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifdef USE_CONSOLEKIT
+
+struct Session;
+
+char *   consolekit_register(struct Session *, const char *);
+void     consolekit_unregister(struct Session *);
+
+#endif /* USE_CONSOLEKIT */
diff --git a/contrib/gnome-ssh-askpass2.c b/contrib/gnome-ssh-askpass2.c
index 9d97c30c0..04b3a110e 100644
--- a/contrib/gnome-ssh-askpass2.c
+++ b/contrib/gnome-ssh-askpass2.c
@@ -209,6 +209,8 @@ main(int argc, char **argv)
 
         gtk_init(&argc, &argv);
 
+        gtk_window_set_default_icon_from_file ("/usr/share/pixmaps/ssh-askpass-gnome.png", NULL);
+
         if (argc > 1) {
                 message = g_strjoinv(" ", argv + 1);
         } else {
diff --git a/debian/NEWS b/debian/NEWS
new file mode 100644
index 000000000..7a67e1528
--- /dev/null
+++ b/debian/NEWS
@@ -0,0 +1,42 @@
+openssh (1:5.4p1-2) unstable; urgency=low
+
+  Smartcard support is now available using PKCS#11 tokens.  If you were
+  previously using an unofficial build of Debian's OpenSSH package with
+  OpenSC-based smartcard support added, then note that commands like
+  'ssh-add -s 0' will no longer work; you need to use 'ssh-add -s
+  /usr/lib/opensc-pkcs11.so' instead.
+
+ -- Colin Watson <cjwatson@debian.org>  Sat, 10 Apr 2010 01:08:59 +0100
+
+openssh (1:3.8.1p1-9) experimental; urgency=low
+
+  The ssh package has been split into openssh-client and openssh-server. If
+  you had previously requested that the sshd server should not be run, then
+  that request will still be honoured. However, the recommended approach is
+  now to remove the openssh-server package if you do not want to run sshd.
+  You can remove the old /etc/ssh/sshd_not_to_be_run marker file after doing
+  that.
+
+ -- Colin Watson <cjwatson@debian.org>  Mon,  2 Aug 2004 20:48:54 +0100
+
+openssh (1:3.5p1-1) unstable; urgency=low
+
+  This version of OpenSSH disables the environment option for public keys by
+  default, in order to avoid certain attacks (for example, LD_PRELOAD). If
+  you are using this option in an authorized_keys file, beware that the keys
+  in question will no longer work until the option is removed.
+
+  To re-enable this option, set "PermitUserEnvironment yes" in
+  /etc/ssh/sshd_config after the upgrade is complete, taking note of the
+  warning in the sshd_config(5) manual page.
+
+ -- Colin Watson <cjwatson@debian.org>  Sat, 26 Oct 2002 19:41:51 +0100
+
+openssh (1:3.0.1p1-1) unstable; urgency=high
+
+  As of version 3, OpenSSH no longer uses separate files for ssh1 and ssh2
+  keys. This means the authorized_keys2 and known_hosts2 files are no longer
+  needed. They will still be read in order to maintain backward
+  compatibility.
+
+ -- Matthew Vernon <matthew@debian.org>  Thu, 28 Nov 2001 17:43:01 +0000
diff --git a/debian/README.Debian b/debian/README.Debian
new file mode 100644
index 000000000..f37cce4b0
--- /dev/null
+++ b/debian/README.Debian
@@ -0,0 +1,234 @@
+OpenSSH for Debian
+------------------
+
+UPGRADE ISSUES
+==============
+
+Privilege Separation
+--------------------
+
+As of 3.3, openssh has employed privilege separation to reduce the
+quantity of code that runs as root, thereby reducing the impact of
+some security holes in sshd. This now also works properly with PAM.
+
+Privilege separation is turned on by default, so, if you decide you
+want it turned off, you need to add "UsePrivilegeSeparation no" to
+/etc/ssh/sshd_config.
+
+PermitRootLogin set to yes
+--------------------------
+
+This is now the default setting (in line with upstream), and people
+who asked for an automatically-generated configuration file when
+upgrading from potato (or on a new install) will have this setting in
+their /etc/ssh/sshd_config file.
+
+Should you wish to change this setting, edit /etc/ssh/sshd_config, and
+change:
+PermitRootLogin yes
+to:
+PermitRootLogin no
+
+Having PermitRootLogin set to yes means that an attacker that knows
+the root password can ssh in directly (without having to go via a user
+account). If you set it to no, then they must compromise a normal user
+account. In the vast majority of cases, this does not give added
+security; remember that any account you su to root from is equivalent
+to root - compromising this account gives an attacker access to root
+easily. If you only ever log in as root from the physical console,
+then you probably want to set this value to no.
+
+As an aside, PermitRootLogin can also be set to "without-password" or
+"forced-commands-only" - see sshd(8) for more details.
+
+DO NOT FILE BUG REPORTS SAYING YOU THINK THIS DEFAULT IS INCORRECT!
+
+The argument above is somewhat condensed; I have had this discussion
+at great length with many people. If you think the default is
+incorrect, and feel strongly enough to want to argue about it, then
+send email to debian-ssh@lists.debian.org. I will close bug reports
+claiming the default is incorrect.
+
+SSH now uses protocol 2 by default
+----------------------------------
+
+This means all your keyfiles you used for protocol version 1 need to
+be re-generated. The server keys are done automatically, but for RSA
+authentication, please read the ssh-keygen manpage.
+
+If you have an automatically generated configuration file, and decide
+at a later stage that you do want to support protocol version 1 (not
+recommended, but note that the ssh client shipped with Debian potato
+only supported protocol version 1), then you need to do the following:
+
+Change /etc/ssh/sshd_config such that:
+Protocol 2
+becomes:
+Protocol 2,1
+Also add the line:
+HostKey /etc/ssh/ssh_host_key
+
+If you do not already have an RSA1 host key in /etc/ssh/ssh_host_key,
+you will need to generate one. To do so, run this command as root:
+
+  ssh-keygen -f /etc/ssh/ssh_host_key -N '' -t rsa1
+
+As of openssh-server 1:4.1p1-2, the option to support protocol version 1
+is no longer available via debconf. You must edit the configuration file
+instead.
+
+X11 Forwarding
+--------------
+
+ssh's default for ForwardX11 has been changed to ``no'' because it has
+been pointed out that logging into remote systems administered by
+untrusted people is likely to open you up to X11 attacks, so you
+should have to actively decide that you trust the remote machine's
+root, before enabling X11.  I strongly recommend that you do this on a
+machine-by-machine basis, rather than just enabling it in the default
+host settings.
+
+In order for X11 forwarding to work, you need to install xauth on the
+server. In Debian this is in the xbase-clients package.
+
+As of OpenSSH 3.1, the remote $DISPLAY uses localhost by default to reduce
+the security risks of X11 forwarding. Look up X11UseLocalhost in
+sshd_config(8) if this is a problem.
+
+OpenSSH 3.8 invented ForwardX11Trusted, which when set to no causes the
+ssh client to create an untrusted X cookie so that attacks on the
+forwarded X11 connection can't become attacks on X clients on the remote
+machine. However, this has some problems in implementation - notably a
+very short timeout of the untrusted cookie - breaks large numbers of
+existing setups, and generally seems immature. The Debian package
+therefore sets the default for this option to "yes" (in ssh itself,
+rather than in ssh_config).
+
+Fallback to RSH
+---------------
+
+The default for this setting has been changed from Yes to No, for
+security reasons, and to stop the delay attempting to rsh to machines
+that don't offer the service.  Simply switch it back on in either
+/etc/ssh/ssh_config or ~/.ssh/config for those machines that you need
+it for.
+
+Setgid ssh-agent and environment variables
+------------------------------------------
+
+As of version 1:3.5p1-1, ssh-agent is installed setgid to prevent ptrace()
+attacks retrieving private key material. This has the side-effect of causing
+glibc to remove certain environment variables which might have security
+implications for set-id programs, including LD_PRELOAD, LD_LIBRARY_PATH, and
+TMPDIR.
+
+If you need to set any of these environment variables, you will need to do
+so in the program exec()ed by ssh-agent. This may involve creating a small
+wrapper script.
+
+Symlink Hostname invocation
+---------------------------
+
+This version of ssh no longer includes support for invoking ssh with the
+hostname as the name of the file run.  People wanting this support should
+use the ssh-argv0 script.
+
+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
+
+OTHER ISSUES
+============
+
+/usr/bin/ssh not SUID
+---------------------
+
+Due to Debian bug #164325, RhostsRSAAuthentication can only be used if ssh
+is SUID.  Until this is fixed, if that is a problem, use:
+
+   dpkg-statoverride
+
+or if that's also missing, use this:
+
+   chown root.root /usr/bin/ssh
+   chmod 04755 /usr/bin/ssh
+
+Authorization Forwarding
+------------------------
+
+Similarly, root on a remote server could make use of your ssh-agent
+(while you're logged into their machine) to obtain access to machines
+which trust your keys.  This feature is therefore disabled by default.
+You should only re-enable it for those hosts (in your ~/.ssh/config or
+/etc/ssh/ssh_config) where you are confident that the remote machine
+is not a threat.
+
+Problems logging in with RSA authentication
+-------------------------------------------
+
+If you have trouble logging in with RSA authentication then the
+problem is probably caused by the fact that you have your home
+directory writable by group, as well as user (this is the default on
+Debian systems).
+
+Depending upon other settings on your system (i.e. other users being
+in your group) this could open a security hole, so you will need to
+make your home directory writable only by yourself.  Run this command,
+as yourself:
+
+  chmod g-w ~/
+
+to remove group write permissions.  If you use ssh-copy-id to install your
+keys, it does this for you.
+
+-L option of ssh nonfree
+------------------------
+
+non-free ssh supported the usage of the option -L to use a non privileged
+port for scp. This option will not be supported by scp from openssh.
+
+Please use instead scp -o "UsePrivilegedPort=no" as documented in the
+manpage to scp itself.
+
+Problem logging in because of TCP-Wrappers
+------------------------------------------
+
+ssh is compiled with support for tcp-wrappers. So if you can no longer
+log into your system, please check that /etc/hosts.allow and /etc/hosts.deny
+are configured so that ssh is not blocked.
+
+Kerberos support
+----------------
+
+ssh is now compiled with Kerberos support. Unfortunately, privilege
+separation is incompatible with Kerberos support for SSH protocol 1 and
+parts of the support for protocol 2; you may need to run kinit after logging
+in.
+
+Interoperability between scp and the ssh.com SSH server
+-------------------------------------------------------
+
+In version 2 and greater of the commercial SSH server produced by SSH
+Communications Security, scp was changed to use SFTP (SSH2's file transfer
+protocol) instead of the traditional rcp-over-ssh, thereby breaking
+compatibility. The OpenSSH developers regard this as a bug in the ssh.com
+server, and do not currently intend to change OpenSSH's scp to match.
+
+Workarounds for this problem are to install scp1 on the server (scp2 will
+fall back to it), to use sftp, or to use some other transfer mechanism such
+as rsync-over-ssh or tar-over-ssh.
+
+Running sshd from inittab
+-------------------------
+
+Some people find it useful to run the sshd server from inittab, to make sure
+that it always stays running. To do this, stop sshd ('/etc/init.d/ssh
+stop'), add the following line to /etc/inittab, and run 'telinit q':
+
+  ss:2345:respawn:/usr/sbin/sshd -D
+
+If you do this, note that you will need to stop sshd being started in the
+normal way ('rm -f /etc/rc[2345].d/S16ssh') and that you will need to
+restart this sshd manually on upgrades.
+
+-- 
+Matthew Vernon <matthew@debian.org>
+Colin Watson <cjwatson@debian.org>
diff --git a/debian/README.compromised-keys b/debian/README.compromised-keys
new file mode 100644
index 000000000..7a9cb7657
--- /dev/null
+++ b/debian/README.compromised-keys
@@ -0,0 +1,167 @@
+The following instructions relate to CVE-2008-0166. They were prepared by
+Matt Zimmerman, assisted by Colin Watson.
+
+== What Happened ==
+
+A weakness has been discovered in the random number generator used by OpenSSL
+on Debian and Ubuntu systems.  As a result of this weakness, certain encryption
+keys are much more common than they should be, such that an attacker could
+guess the key through a brute-force attack given minimal knowledge of the
+system.  This particularly affects the use of encryption keys in OpenSSH,
+OpenVPN and SSL certificates.
+
+This vulnerability only affects operating systems which (like Ubuntu) are based
+on Debian.  However, other systems can be indirectly affected if weak keys are
+imported into them.
+
+We consider this an extremely serious vulnerability, and urge all users to act
+immediately to secure their systems.
+
+== Who is affected ==
+
+Systems which are running any of the following releases:
+
+ * Debian 4.0 (etch)
+ * Ubuntu 7.04 (Feisty)
+ * Ubuntu 7.10 (Gutsy)
+ * Ubuntu 8.04 LTS (Hardy)
+ * Ubuntu "Intrepid Ibex" (development): libssl <= 0.9.8g-8
+
+and have openssh-server installed or have been used to create an OpenSSH key or
+X.509 (SSL) certificate.
+
+All OpenSSH and X.509 keys generated on such systems must be considered
+untrustworthy, regardless of the system on which they are used, even after the
+update has been applied.
+
+This includes the automatically generated host keys used by OpenSSH, which are
+the basis for its server spoofing and man-in-the-middle protection.
+
+The specific package versions affected are:
+
+ * Debian 4.0: libssl <= 0.9.8c-4etch3
+ * Ubuntu 7.04: libssl <= 0.9.8c-4ubuntu0.2
+ * Ubuntu 7.10: libssl <= 0.9.8e-5ubuntu3.1
+ * Ubuntu 8.04: libssl <= 0.9.8g-4ubuntu3
+
+== What to do if you are affected ==
+
+OpenSSH:
+
+1. Install the security updates
+
+   Once the update is applied, weak user keys will be automatically rejected
+   where possible (though they cannot be detected in all cases).  If you are
+   using such keys for user authentication, they will immediately stop working
+   and will need to be replaced (see step 3).
+   
+   OpenSSH host keys can be automatically regenerated when the OpenSSH security
+   update is applied.  The update will prompt for confirmation before taking
+   this step.
+   
+2. Update OpenSSH known_hosts files
+
+   The regeneration of host keys will cause a warning to be displayed when
+   connecting to the system using SSH until the host key is updated in the
+   known_hosts file.  The warning will look like this:
+
+   @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+   @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
+   @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+   IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
+   Someone could be eavesdropping on you right now (man-in-the-middle attack)!
+   It is also possible that the RSA host key has just been changed.
+
+   In this case, the host key has simply been changed, and you should update
+   the relevant known_hosts file as indicated in the error message.
+
+3. Check all OpenSSH user keys
+
+   The safest course of action is to regenerate all OpenSSH user keys,
+   except where it can be established to a high degree of certainty that the
+   key was generated on an unaffected system.
+
+   Check whether your key is affected by running the ssh-vulnkey tool, included
+   in the security update.  By default, ssh-vulnkey will check the standard
+   location for user keys (~/.ssh/id_rsa, ~/.ssh/id_dsa and ~/.ssh/identity),
+   your authorized_keys file (~/.ssh/authorized_keys and
+   ~/.ssh/authorized_keys2), and the system's host keys
+   (/etc/ssh/ssh_host_dsa_key and /etc/ssh/ssh_host_rsa_key).
+
+   To check all your own keys, assuming they are in the standard
+   locations (~/.ssh/id_rsa, ~/.ssh/id_dsa, or ~/.ssh/identity):
+
+     ssh-vulnkey
+
+   To check all keys on your system:
+
+     sudo ssh-vulnkey -a
+
+   To check a key in a non-standard location:
+
+     ssh-vulnkey /path/to/key
+
+   If ssh-vulnkey says "Unknown (no blacklist information)", then it has no
+   information about whether that key is affected.  If in doubt, destroy the
+   key and generate a new one.
+
+4. Regenerate any affected user keys
+
+   OpenSSH keys used for user authentication must be manually regenerated,
+   including those which may have since been transferred to a different system
+   after being generated.
+
+   New keys can be generated using ssh-keygen, e.g.:
+
+   $ ssh-keygen 
+   Generating public/private rsa key pair.
+   Enter file in which to save the key (/home/user/.ssh/id_rsa): 
+   Enter passphrase (empty for no passphrase): 
+   Enter same passphrase again: 
+   Your identification has been saved in /home/user/.ssh/id_rsa.
+   Your public key has been saved in /home/user/.ssh/id_rsa.pub.
+   The key fingerprint is:
+   00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 user@host
+
+5. Update authorized_keys files (if necessary)
+
+   Once the user keys have been regenerated, the relevant public keys must
+   be propagated to any authorized_keys files on remote systems.  Be sure to
+   delete the affected key.
+
+OpenSSL:
+
+1. Install the security update
+
+2. Create new certificates to replace any server or client certificates in use
+   on the system
+
+3. If certificates have been generated for use on other systems, they must be
+   found and replaced as well.
+
+== Removing openssh-blacklist ==
+
+For the moment, the openssh-server package depends on openssh-blacklist, in
+order that the blacklist is deployed to the maximum possible number of
+systems to reduce the potential spread of worms exploiting this
+vulnerability. We acknowledge that this may be inconvenient for some small
+systems, but nevertheless feel that this was the best course of action.
+
+If you absolutely need to remove the blacklist from your system, then you
+can run the following commands to substitute a fake package for
+openssh-blacklist:
+
+  sudo apt-get install equivs
+  equivs-control openssh-blacklist.ctl
+  sed -i 's/^Package:.*/Package: openssh-blacklist/' openssh-blacklist.ctl
+  sed -i 's/^# Version:.*/Version: 9:1.0/' openssh-blacklist.ctl
+  equivs-build openssh-blacklist.ctl
+  sudo dpkg -i openssh-blacklist_1.0_all.deb
+
+Be warned: this circumvents a security measure for the sake of disk space.
+You should only do this if you have no other option, and if you are certain
+that no compromised keys will ever be generated on or copied onto this
+system.
+
+Once a sufficient amount of time and number of releases have passed, the
+openssh-blacklist package will be phased out.
diff --git a/debian/README.source b/debian/README.source
new file mode 100644
index 000000000..cf28fbd48
--- /dev/null
+++ b/debian/README.source
@@ -0,0 +1,223 @@
+Debian OpenSSH source package handling
+======================================
+
+The Debian package of OpenSSH is maintained in Bazaar
+(http://bazaar-vcs.org/, or the 'bzr' package in Debian). You will need at
+least version 1.16.1; the version in Debian testing as of the time of
+writing (2009-12-21) is fine, or you can use the version in lenny-backports.
+URLs are as follows:
+
+  Anonymous branch: http://anonscm.debian.org/bzr/pkg-ssh/openssh/trunk
+  Web browsing:     http://anonscm.debian.org/loggerhead/pkg-ssh/openssh/trunk
+  Authenticated, for developers with commit access only:
+                    bzr+ssh://bzr.debian.org/bzr/pkg-ssh/openssh/trunk
+
+Although it's possible that I may use something like bzr-loom in the future
+to better manage things like the Kerberos/GSSAPI patch, right now there's no
+funny business and all that developers need to do is:
+
+  # To check out:
+  bzr co bzr+ssh://bzr.debian.org/bzr/pkg-ssh/openssh/trunk openssh
+
+  # To update:
+  bzr up
+
+  # To edit:
+  # hack hack hack, and 'bzr add' any new files
+  debcommit # or bzr commit
+  # note that this pushes automatically; you can use 'bzr unbind' to
+  # temporarily prevent this, or 'bzr branch' to create a local branch which
+  # you can merge later
+
+  # To release:
+  dch -r && debcommit -r
+
+If you have lots of branches, you'll probably want to use a shared
+repository to save space. Run 'bzr init-repo .' in an ancestor directory of
+all your OpenSSH working directories. For example, I have a shared
+repository in ~/src/debian/openssh/, upstream checkouts in
+~/src/debian/openssh/upstream/, and my own working trees in
+~/src/debian/openssh/trunk/.
+
+Patch handling
+--------------
+
+This package uses quilt to manage all modifications to the upstream source.
+Changes are stored in the source package as diffs in debian/patches and
+applied automatically by dpkg-source when the source package is extracted.
+
+To configure quilt to use debian/patches instead of patches, you want either
+to export QUILT_PATCHES=debian/patches in your environment or use this
+snippet in your ~/.quiltrc:
+
+    for where in ./ ../ ../../ ../../../ ../../../../ ../../../../../; do
+        if [ -e ${where}debian/rules -a -d ${where}debian/patches ]; then
+                export QUILT_PATCHES=debian/patches
+                break
+        fi
+    done
+
+After unpacking the source package, all patches will be applied, and you can
+use quilt normally.
+
+If you check out the source code from bzr, then all patches will be applied,
+but you will need to inform quilt of this manually.  Do this by running:
+
+    debian/rules quilt-setup
+
+To add a new set of changes, first run quilt push -a, and then run:
+
+    quilt new <patch>
+
+where <patch> is a descriptive name for the patch, used as the filename in
+debian/patches.  Then, for every file that will be modified by this patch,
+run:
+
+    quilt add <file>
+
+before editing those files.  You must tell quilt with quilt add what files
+will be part of the patch before making changes or quilt will not work
+properly.  After editing the files, run:
+
+    quilt refresh
+
+to save the results as a patch.
+
+Alternately, if you already have an external patch and you just want to add
+it to the build system, run quilt push -a and then:
+
+    quilt import -P <patch> /path/to/patch
+    quilt push -a
+
+(add -p 0 to quilt import if needed). <patch> as above is the filename to
+use in debian/patches.  The last quilt push -a will apply the patch to make
+sure it works properly.
+
+To remove an existing patch from the list of patches that will be applied,
+run:
+
+    quilt delete <patch>
+
+You may need to run quilt pop -a to unapply patches first before running
+this command.
+
+You should only commit changes to bzr with all patches applied, i.e. after
+'quilt push -a'.
+
+Merging new upstream releases
+-----------------------------
+
+(Most developers will not need to read this section.)
+
+Thanks to the import from Portable OpenSSH CVS provided by Launchpad
+(https://code.launchpad.net/~vcs-imports/openssh/main, accessible by the
+shortcut 'lp:openssh' from the bzr client), the Debian branch is a true DVCS
+branch from upstream. This is a worthwhile property, but preserving it does
+take a little bit of work.
+
+Launchpad only imports CVS HEAD, but upstream sometimes produces releases
+from a branch. We use the same software used by Launchpad to import the
+branch as well, but a few small hacks are necessary to do good branch
+imports. In Bazaar, it's important that the same file in different branches
+should have the same file-id, otherwise merge attempts will try to delete
+and re-add the file which usually doesn't work out very well. Occasionally a
+file is added to CVS HEAD and then also added to a branch, and cscvs isn't
+quite smart enough to spot this and copy over the file-id. We need to help
+it out.
+
+To fetch the necessary code:
+
+  bzr branch lp:~cjwatson/launchpad-cscvs/openssh-branch-imports
+  # or 'bzr pull' in the appropriate directory to update this, if you
+  # already have a copy
+
+To import a branch, V_5_3 in this example:
+
+  export PATH="/path/to/cscvs/openssh-branch-imports:$PATH"
+  export PYTHONPATH=/path/to/cscvs/openssh-branch-imports/modules:/path/to/cscvs/openssh-branch-imports
+  # in a CVS checkout of :ext:anoncvs@anoncvs.mindrot.org:/cvs module
+  # openssh:
+  cscvs cache -b
+  # or 'cscvs cache -u' if you've done this before and want to update
+  cvs up -rV_5_3
+
+  # Now we need to get a few bits of information from cscvs' cache.
+  sqlite CVS/Catalog.sqlite
+  sqlite> select csnum,log from changeset where branch = 'V_5_3' order by startdate;
+  # There will be a solid block of "Creation of branch V_5_3" changesets at
+  # the start; look for the first revision *after* this. Substitute this in
+  # the following wherever you see "CSX".
+  sqlite> select revision,filename from revision where branch = 'V_5_3' and csnum >= CSX and revision not like '%.%.%' order by filename;
+  # Anything listed here will need to be added to the openssh_ids dictionary
+  # in modules/CVS/StorageLayer.py in cscvs. Please send Colin Watson a
+  # patch if you do this.
+
+  # Next, look up the branchpoint revision in the main bzr import (bzr
+  # branch lp:openssh). It's usually easiest to just look it up by commit
+  # message and double-check the timestamp. Substitute this revision number
+  # for "BPR" in the following. /path/to/openssh/main is wherever you've
+  # checked out lp:openssh.
+  bzr branch -rBPR /path/to/openssh/main /path/to/openssh/5.3
+  # If you're using Bazaar signed commits with a GPG agent, make sure that
+  # your agent has seen your passphrase recently. Now you can start the
+  # actual import!
+  cscvs -D4 totla -SC V_5_3.CSX: /path/to/openssh/5.3
+  # If this fails at the end with a "directories differ" message, you may
+  # have forgotten to switch your CVS checkout to the appropriate branch
+  # with 'cvs up -r...' above. Otherwise you'll have to debug this for
+  # yourself. It's also worth double-checking that any files added to the
+  # branch have file-ids matching those on the trunk, using 'bzr ls -R
+  # --show-ids'.
+
+Now we have a Bazaar branch corresponding to what's in CVS. Previous such
+branches are available from Launchpad, for reference purposes:
+
+  https://code.launchpad.net/openssh
+
+However, upstream releases involve a 'make distprep' step as well to
+construct the tarball, and we need to import the results of this as well to
+get a clean package.
+
+Start by unpacking the upstream tarball (remember to check its GPG signature
+first!). Copy the .bzr directory from the upstream branch you prepared
+earlier. Now we have another branch, but with a working tree corresponding
+to the upstream tarball. Modifications and deletions are handled
+automatically, but we need to handle additions explicitly to make sure
+file-ids are correct (see above). Run:
+
+  bzr add --file-ids-from=/path/to/openssh/debian/trunk
+  bzr st --show-ids
+  # compare this with 'bzr ls --show-ids' in the Debian trunk to make sure
+  # the result will be mergeable
+  bzr ci -m 'Import 5.3p1 tarball'
+
+Add a parent revision for the previous tarball branch, to make it easier for
+bzr to compute accurate merges.
+
+  bzr log -n0 /path/to/openssh/debian/trunk | less
+  # find revision number for previous tarball import, hence 'PREVIOUS'
+  bzr merge -rPREVIOUS /path/to/openssh/debian/trunk
+  # merge history only, no file changes
+  bzr revert .
+  bzr ci -m 'add 5.2p1 tarball parent revision'
+  bzr tag upstream-5.3p1
+
+Next, merge this into the gssapi branch
+(bzr+ssh://bzr.debian.org/bzr/pkg-ssh/openssh/gssapi/). For this branch, we
+want to ignore the normal results of merging and take only the patch from
+http://www.sxw.org.uk/computing/patches/openssh.html; of course such a patch
+needs to exist first! To do this, run this in the gssapi branch:
+
+  bzr merge /path/to/openssh/tarball/branch
+  bzr revert -rrevno:-1:/path/to/openssh/tarball/branch .
+  patch -p1 </path/to/openssh/gssapi/patch
+  bzr add --file-ids-from=/path/to/openssh/debian/trunk
+  # you may need to deal with applying configure.ac changes to configure
+  # here
+  bzr ci -m 'import openssh-5.3p1-gsskex-all-20100124.patch'
+
+You should now be able to 'bzr merge' from the gssapi branch into the Debian
+trunk, resolve conflicts, and commit. If you see lots of "Contents conflict"
+messages, you may have got the file-ids wrong. Once you've committed the
+merge, you can throw away the tarball branch, as all its history will have
+been incorporated.
diff --git a/debian/adjust-openssl-dependencies b/debian/adjust-openssl-dependencies
new file mode 100755
index 000000000..9daa9b415
--- /dev/null
+++ b/debian/adjust-openssl-dependencies
@@ -0,0 +1,32 @@
+#! /bin/sh
+# Attempt to tighten libssl dependencies to match the check in entropy.c.
+# Must be run after dpkg-shlibdeps.
+
+client=debian/openssh-client.substvars
+server=debian/openssh-server.substvars
+
+libssl_version="$(dpkg-query -W libssl-dev 2>/dev/null | cut -f2)"
+if [ -z "$libssl_version" ]; then
+        echo "Can't find libssl-dev version; leaving dependencies alone."
+        exit 0
+fi
+libssl_version="$(echo "$libssl_version" | sed 's/[a-z-].*//')"
+
+libssl_package="$(sed -n 's/.*[= ]\(libssl[0-9][a-z0-9+.-]*\).*/\1/p' "$client")"
+if [ "$libssl_package" ]; then
+        new_dep="$libssl_package (>= $libssl_version)"
+        sed -i "/^shlibs:Depends=/s/\$/, $new_dep/" "$client"
+        sed -i "/^shlibs:Depends=/s/\$/, $new_dep/" "$server"
+fi
+
+client_udeb=debian/openssh-client-udeb.substvars
+server_udeb=debian/openssh-server-udeb.substvars
+
+libcrypto_package="$(sed -n 's/.*[= ]\(libcrypto[0-9][a-z0-9+.-]*\).*/\1/p' "$client_udeb")"
+if [ "$libcrypto_package" ]; then
+        new_dep="$libcrypto_package (>= $libssl_version)"
+        sed -i "/^shlibs:Depends=/s/\$/, $new_dep/" "$client_udeb"
+        sed -i "/^shlibs:Depends=/s/\$/, $new_dep/" "$server_udeb"
+fi
+
+exit 0
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 000000000..a7359c9c5
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,3550 @@
+openssh (1:6.3p1-1) UNRELEASED; urgency=low
+
+  * New upstream release (http://www.openssh.com/txt/release-6.3).
+    - sftp(1): add support for resuming partial downloads using the "reget"
+      command and on the sftp commandline or on the "get" commandline using
+      the "-a" (append) option (closes: #158590).
+    - ssh(1): add an "IgnoreUnknown" configuration option to selectively
+      suppress errors arising from unknown configuration directives (closes:
+      #436052).
+    - sftp(1): update progressmeter when data is acknowledged, not when it's
+      sent (partially addresses #708372).
+    - ssh(1): do not fatally exit when attempting to cleanup multiplexing-
+      created channels that are incompletely opened (closes: #651357).
+  * When running under Upstart, only consider the daemon started once it is
+    ready to accept connections (by raising SIGSTOP at that point and using
+    "expect stop").
+
+ -- Colin Watson <cjwatson@debian.org>  Mon, 12 Aug 2013 12:52:19 +0100
+
+openssh (1:6.2p2-6) unstable; urgency=low
+
+  * Update config.guess and config.sub automatically at build time.
+    dh_autoreconf does not take care of that by default because openssh does
+    not use automake.
+
+ -- Colin Watson <cjwatson@debian.org>  Tue, 02 Jul 2013 22:54:49 +0100
+
+openssh (1:6.2p2-5) unstable; urgency=low
+
+  [ Colin Watson ]
+  * Document consequences of ssh-agent being setgid in ssh-agent(1); see
+    #711623.
+  * Use 'set -e' rather than '#! /bin/sh -e' in maintainer scripts and
+    ssh-argv0.
+
+  [ Yolanda Robla ]
+  * debian/rules: Include real distribution in SSH_EXTRAVERSION instead of
+    hardcoding Debian (LP: #1195342).
+
+ -- Colin Watson <cjwatson@debian.org>  Thu, 27 Jun 2013 15:24:14 +0100
+
+openssh (1:6.2p2-4) unstable; urgency=low
+
+  * Fix non-portable shell in ssh-copy-id (closes: #711162).
+  * Rebuild against debhelper 9.20130604 with fixed dependencies for
+    invoke-rc.d and Upstart jobs (closes: #711159, #711364).
+  * Set SELinux context on private host keys as well as public host keys
+    (closes: #687436).
+
+ -- Colin Watson <cjwatson@debian.org>  Thu, 06 Jun 2013 17:06:31 +0100
+
+openssh (1:6.2p2-3) unstable; urgency=low
+
+  * If the running init daemon is Upstart, then, on the first upgrade to
+    this version, check whether sysvinit is still managing sshd; if so,
+    manually stop it so that it can be restarted under upstart.  We do this
+    near the end of the postinst, so it shouldn't result in any appreciable
+    extra window where sshd is not running during upgrade.
+
+ -- Colin Watson <cjwatson@debian.org>  Wed, 22 May 2013 17:42:10 +0100
+
+openssh (1:6.2p2-2) unstable; urgency=low
+
+  * Change start condition of Upstart job to be just the standard "runlevel
+    [2345]", rather than "filesystem or runlevel [2345]"; the latter makes
+    it unreasonably difficult to ensure that urandom starts before ssh, and
+    is not really necessary since one of static-network-up and failsafe-boot
+    is guaranteed to happen and will trigger entry to the default runlevel,
+    and we don't care about ssh starting before the network (LP: #1098299).
+  * Drop conffile handling for direct upgrades from pre-split ssh package;
+    this was originally added in 1:4.3p2-7 / 1:4.3p2-8, and contained a
+    truly ghastly hack around a misbehaviour in sarge's dpkg.  Since this is
+    now four Debian releases ago, we can afford to drop this and simplify
+    the packaging.
+  * Remove ssh/use_old_init_script, which was a workaround for a very old
+    bug in /etc/init.d/ssh.  If anyone has ignored this for >10 years then
+    they aren't going to be convinced now (closes: #214182).
+  * Remove support for upgrading directly from ssh-nonfree.
+  * Remove lots of maintainer script support for direct upgrades from
+    pre-etch (three releases before current stable).
+  * Add #DEBHELPER# tokens to openssh-client.postinst and
+    openssh-server.postinst.
+  * Replace old manual conffile handling code with dpkg-maintscript-helper,
+    via dh_installdeb.
+  * Switch to new unified layout for Upstart jobs as documented in
+    https://wiki.ubuntu.com/UpstartCompatibleInitScripts: the init script
+    checks for a running Upstart, and we now let dh_installinit handle most
+    of the heavy lifting in maintainer scripts.  Ubuntu users should be
+    essentially unaffected except that sshd may no longer start
+    automatically in chroots if the running Upstart predates 0.9.0; but the
+    main goal is simply not to break when openssh-server is installed in a
+    chroot.
+  * Remove the check for vulnerable host keys; this was first added five
+    years ago, and everyone should have upgraded through a version that
+    applied these checks by now.  The ssh-vulnkey tool and the blacklisting
+    support in sshd are still here, at least for the moment.
+  * This removes the last of our uses of debconf (closes: #221531).
+  * Use the pam_loginuid session module (thanks, Laurent Bigonville; closes:
+    #677440, LP: #1067779).
+  * Bracket our session stack with calls to pam_selinux close/open (thanks,
+    Laurent Bigonville; closes: #679458).
+  * Fix dh_builddeb invocation so that we really use xz compression for
+    binary packages, as intended since 1:6.1p1-2.
+
+ -- Colin Watson <cjwatson@debian.org>  Wed, 22 May 2013 09:07:42 +0100
+
+openssh (1:6.2p2-1) unstable; urgency=low
+
+  * New upstream release (http://www.openssh.com/txt/release-6.2p2):
+    - Only warn for missing identity files that were explicitly specified
+      (closes: #708275).
+    - Fix bug in contributed contrib/ssh-copy-id script that could result in
+      "rm *" being called on mktemp failure (closes: #708419).
+
+ -- Colin Watson <cjwatson@debian.org>  Thu, 16 May 2013 14:05:06 +0100
+
+openssh (1:6.2p1-3) unstable; urgency=low
+
+  * Renumber Debian-specific additions to enum monitor_reqtype so that they
+    fit within a single byte (thanks, Jason Conti; LP: #1179202).
+
+ -- Colin Watson <cjwatson@debian.org>  Mon, 13 May 2013 10:56:04 +0100
+
+openssh (1:6.2p1-2) unstable; urgency=low
+
+  * Fix build failure on Ubuntu:
+    - Include openbsd-compat/sys-queue.h from consolekit.c.
+    - Fix consolekit mismerges in monitor.c and monitor_wrap.c.
+
+ -- Colin Watson <cjwatson@debian.org>  Thu, 09 May 2013 09:45:57 +0100
+
+openssh (1:6.2p1-1) unstable; urgency=low
+
+  * New upstream release (http://www.openssh.com/txt/release-6.2).
+    - Add support for multiple required authentication in SSH protocol 2 via
+      an AuthenticationMethods option (closes: #195716).
+    - Fix Sophie Germain formula in moduli(5) (closes: #698612).
+    - Update ssh-copy-id to Phil Hands' greatly revised version (closes:
+      #99785, #322228, #620428; LP: #518883, #835901, #1074798).
+  * Use dh-autoreconf.
+
+ -- Colin Watson <cjwatson@debian.org>  Tue, 07 May 2013 11:48:16 +0100
+
+openssh (1:6.1p1-4) experimental; urgency=low
+
+  [ Gunnar Hjalmarsson ]
+  * debian/openssh-server.sshd.pam: Explicitly state that ~/.pam_environment
+    should be read, and move the pam_env calls from "auth" to "session" so
+    that it's also read when $HOME is encrypted (LP: #952185).
+
+  [ Stéphane Graber ]
+  * Add ssh-agent upstart user job.  This implements something similar to
+    the 90x11-common_ssh-agent Xsession script.  That is, start ssh-agent
+    and set the appropriate environment variables (closes: #703906).
+
+ -- Colin Watson <cjwatson@debian.org>  Mon, 25 Mar 2013 16:58:04 +0000
+
+openssh (1:6.1p1-3) experimental; urgency=low
+
+  * Give ssh and ssh-krb5 versioned dependencies on openssh-client and
+    openssh-server, to try to reduce confusion when people run 'apt-get
+    install ssh' or similar and expect that to upgrade everything relevant.
+  * CVE-2010-5107: Improve DoS resistance by changing default of MaxStartups
+    to 10:30:100 (closes: #700102).
+
+ -- Colin Watson <cjwatson@debian.org>  Fri, 08 Feb 2013 21:07:31 +0000
+
+openssh (1:6.1p1-2) experimental; urgency=low
+
+  * Use xz compression for binary packages.
+  * Merge from Ubuntu:
+    - Add support for registering ConsoleKit sessions on login.  (This is
+      currently enabled only when building for Ubuntu.)
+    - Drop openssh-blacklist and openssh-blacklist-extra to Suggests.  It's
+      been long enough since the relevant vulnerability that we shouldn't
+      need these installed by default nowadays.
+    - Add an Upstart job (not currently used by default in Debian).
+    - Add mention of ssh-keygen in ssh connect warning (Scott Moser).
+    - Install apport hooks.
+  * Only build with -j if DEB_BUILD_OPTIONS=parallel=* is used (closes:
+    #694282).
+
+ -- Colin Watson <cjwatson@debian.org>  Mon, 26 Nov 2012 16:39:07 +0000
+
+openssh (1:6.1p1-1) experimental; urgency=low
+
+  * New upstream release (http://www.openssh.com/txt/release-6.1).
+    - Enable pre-auth sandboxing by default for new installs.
+    - Allow "PermitOpen none" to refuse all port-forwarding requests
+      (closes: #543683).
+
+ -- Colin Watson <cjwatson@debian.org>  Fri, 07 Sep 2012 00:22:44 +0100
+
+openssh (1:6.0p1-3) unstable; urgency=low
+
+  * debconf template translations:
+    - Add Indonesian (thanks, Andika Triwidada; closes: #681670).
+  * Call restorecon on copied ~/.ssh/authorized_keys if possible, since some
+    SELinux policies require this (closes: #658675).
+  * Add ncurses-term to openssh-server's Recommends, since it's often needed
+    to support unusual terminal emulators on clients (closes: #675362).
+
+ -- Colin Watson <cjwatson@debian.org>  Fri, 24 Aug 2012 06:55:36 +0100
+
+openssh (1:6.0p1-2) unstable; urgency=low
+
+  * Tighten libssl1.0.0 and libcrypto1.0.0-udeb dependencies to the current
+    "fix" version at build time (closes: #678661).
+
+ -- Colin Watson <cjwatson@debian.org>  Sun, 24 Jun 2012 12:16:06 +0100
+
+openssh (1:6.0p1-1) unstable; urgency=low
+
+  [ Roger Leigh ]
+  * Display dynamic part of MOTD from /run/motd.dynamic, if it exists
+    (closes: #669699).
+
+  [ Colin Watson ]
+  * Update OpenSSH FAQ to revision 1.113, fixing missing line break (closes:
+    #669667).
+  * New upstream release (closes: #671010,
+    http://www.openssh.org/txt/release-6.0).
+    - Fix IPQoS not being set on non-mapped v4-in-v6 addressed connections
+      (closes: #643312, #650512, #671075).
+    - Add a new privilege separation sandbox implementation for Linux's new
+      seccomp sandbox, automatically enabled on platforms that support it.
+      (Note: privilege separation sandboxing is still experimental.)
+  * Fix a bashism in configure's seccomp_filter check.
+  * Add a sandbox fallback mechanism, so that behaviour on Linux depends on
+    whether the running system's kernel has seccomp_filter support, not the
+    build system's kernel (forwarded upstream as
+    https://bugzilla.mindrot.org/show_bug.cgi?id=2011).
+
+ -- Colin Watson <cjwatson@debian.org>  Sat, 26 May 2012 13:48:14 +0100
+
+openssh (1:5.9p1-5) unstable; urgency=low
+
+  * Use dpkg-buildflags, including for hardening support; drop use of
+    hardening-includes.
+  * Fix cross-building:
+    - Allow using a cross-architecture pkg-config.
+    - Pass default LDFLAGS to contrib/Makefile.
+    - Allow dh_strip to strip gnome-ssh-askpass, rather than calling
+      'install -s'.
+
+ -- Colin Watson <cjwatson@debian.org>  Mon, 02 Apr 2012 11:20:33 +0100
+
+openssh (1:5.9p1-4) unstable; urgency=low
+
+  * Disable OpenSSL version check again, as its SONAME is sufficient
+    nowadays (closes: #664383).
+
+ -- Colin Watson <cjwatson@debian.org>  Mon, 19 Mar 2012 11:06:30 +0000
+
+openssh (1:5.9p1-3) unstable; urgency=low
+
+  * debconf template translations:
+    - Update Polish (thanks, Michał Kułach; closes: #659829).
+  * Ignore errors writing to console in init script (closes: #546743).
+  * Move ssh-krb5 to Section: oldlibs.
+
+ -- Colin Watson <cjwatson@debian.org>  Fri, 24 Feb 2012 08:56:18 +0000
+
+openssh (1:5.9p1-2) unstable; urgency=low
+
+  * Mark openssh-client and openssh-server as Multi-Arch: foreign.
+
+ -- Colin Watson <cjwatson@debian.org>  Wed, 09 Nov 2011 02:06:48 +0000
+
+openssh (1:5.9p1-1) unstable; urgency=low
+
+  * New upstream release (http://www.openssh.org/txt/release-5.9).
+    - Introduce sandboxing of the pre-auth privsep child using an optional
+      sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables
+      mandatory restrictions on the syscalls the privsep child can perform.
+    - Add new SHA256-based HMAC transport integrity modes from
+      http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt.
+    - The pre-authentication sshd(8) privilege separation slave process now
+      logs via a socket shared with the master process, avoiding the need to
+      maintain /dev/log inside the chroot (closes: #75043, #429243,
+      #599240).
+    - ssh(1) now warns when a server refuses X11 forwarding (closes:
+      #504757).
+    - sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths,
+      separated by whitespace (closes: #76312).  The authorized_keys2
+      fallback is deprecated but documented (closes: #560156).
+    - ssh(1) and sshd(8): set IPv6 traffic class from IPQoS, as well as IPv4
+      ToS/DSCP (closes: #498297).
+    - ssh-add(1) now accepts keys piped from standard input.  E.g. "ssh-add
+      - < /path/to/key" (closes: #229124).
+    - Clean up lost-passphrase text in ssh-keygen(1) (closes: #444691).
+    - Say "required" rather than "recommended" in unprotected-private-key
+      warning (LP: #663455).
+  * Update OpenSSH FAQ to revision 1.112.
+
+ -- Colin Watson <cjwatson@debian.org>  Wed, 07 Sep 2011 23:46:00 +0100
+
+openssh (1:5.8p1-7) unstable; urgency=low
+
+  * Only recommend ssh-import-id when built on Ubuntu (closes: #635887).
+  * Use 'dpkg-vendor --derives-from Ubuntu' to detect Ubuntu systems rather
+    than 'lsb_release -is' so that Ubuntu derivatives behave the same way as
+    Ubuntu itself.
+
+ -- Colin Watson <cjwatson@debian.org>  Fri, 29 Jul 2011 14:27:52 +0100
+
+openssh (1:5.8p1-6) unstable; urgency=low
+
+  * openssh-client and openssh-server Suggests: monkeysphere.
+  * Quieten logs when multiple from= restrictions are used in different
+    authorized_keys lines for the same key; it's still not ideal, but at
+    least you'll only get one log entry per key (closes: #630606).
+  * Merge from Ubuntu (Dustin Kirkland):
+    - openssh-server Recommends: ssh-import-id (no-op in Debian since that
+      package doesn't exist there, but this reduces the Ubuntu delta).
+
+ -- Colin Watson <cjwatson@debian.org>  Thu, 28 Jul 2011 17:10:18 +0100
+
+openssh (1:5.8p1-5) unstable; urgency=low
+
+  * Drop openssh-server's dependency on openssh-blacklist to a
+    recommendation (closes: #622604).
+  * Update Vcs-* fields and README.source for Alioth changes.
+  * Backport from upstream:
+    - Make hostbased auth with ECDSA keys work correctly (closes: #633368).
+
+ -- Colin Watson <cjwatson@debian.org>  Sun, 24 Jul 2011 11:06:47 +0100
+
+openssh (1:5.8p1-4) unstable; urgency=low
+
+  * Drop hardcoded dependencies on libssl0.9.8 and libcrypto0.9.8-udeb,
+    since the required minimum versions are rather old now anyway and
+    openssl has bumped its SONAME (thanks, Julien Cristau; closes: #620828).
+  * Remove unreachable code from openssh-server.postinst.
+
+ -- Colin Watson <cjwatson@debian.org>  Mon, 04 Apr 2011 15:56:18 +0100
+
+openssh (1:5.8p1-3) unstable; urgency=low
+
+  * Correct ssh-keygen instruction in the changelog for 1:5.7p1-1 (thanks,
+    Joel Stanley).
+  * Allow ssh-add to read from FIFOs (thanks, Daniel Kahn Gillmor; closes:
+    #614897).
+
+ -- Colin Watson <cjwatson@debian.org>  Fri, 18 Mar 2011 16:42:42 +0000
+
+openssh (1:5.8p1-2) unstable; urgency=low
+
+  * Upload to unstable.
+
+ -- Colin Watson <cjwatson@debian.org>  Tue, 08 Feb 2011 10:59:17 +0000
+
+openssh (1:5.8p1-1) experimental; urgency=low
+
+  * New upstream release (http://www.openssh.org/txt/release-5.8):
+    - Fix stack information leak in legacy certificate signing
+      (http://www.openssh.com/txt/legacy-cert.adv).
+
+ -- Colin Watson <cjwatson@debian.org>  Sat, 05 Feb 2011 11:13:11 +0000
+
+openssh (1:5.7p1-2) experimental; urgency=low
+
+  * Fix crash in ssh_selinux_setfscreatecon when SELinux is disabled
+    (LP: #708571).
+
+ -- Colin Watson <cjwatson@debian.org>  Thu, 27 Jan 2011 12:14:17 +0000
+
+openssh (1:5.7p1-1) experimental; urgency=low
+
+  * New upstream release (http://www.openssh.org/txt/release-5.7):
+    - Implement Elliptic Curve Cryptography modes for key exchange (ECDH)
+      and host/user keys (ECDSA) as specified by RFC5656.  ECDH and ECDSA
+      offer better performance than plain DH and DSA at the same equivalent
+      symmetric key length, as well as much shorter keys.
+    - sftp(1)/sftp-server(8): add a protocol extension to support a hard
+      link operation.  It is available through the "ln" command in the
+      client.  The old "ln" behaviour of creating a symlink is available
+      using its "-s" option or through the preexisting "symlink" command.
+    - scp(1): Add a new -3 option to scp: Copies between two remote hosts
+      are transferred through the local host (closes: #508613).
+    - ssh(1): "atomically" create the listening mux socket by binding it on
+      a temporary name and then linking it into position after listen() has
+      succeeded.  This allows the mux clients to determine that the server
+      socket is either ready or stale without races (closes: #454784).
+      Stale server sockets are now automatically removed (closes: #523250).
+    - ssh(1): install a SIGCHLD handler to reap expired child process
+      (closes: #594687).
+    - ssh(1)/ssh-agent(1): honour $TMPDIR for client xauth and ssh-agent
+      temporary directories (closes: #357469, although only if you arrange
+      for ssh-agent to actually see $TMPDIR since the setgid bit will cause
+      it to be stripped off).
+  * Update to current GSSAPI patch from
+    http://www.sxw.org.uk/computing/patches/openssh-5.7p1-gsskex-all-20110125.patch:
+    - Add GSSAPIServerIdentity option.
+  * Generate ECDSA host keys on fresh installations.  Upgraders who wish to
+    add such host keys should manually add 'HostKey
+    /etc/ssh/ssh_host_ecdsa_key' to /etc/ssh/sshd_config and run 'ssh-keygen
+    -q -f /etc/ssh/ssh_host_ecdsa_key -N "" -t ecdsa'.
+  * Build-depend on libssl-dev (>= 0.9.8g) to ensure sufficient ECC support.
+  * Backport SELinux build fix from CVS.
+  * Rearrange selinux-role.patch so that it links properly given this
+    SELinux build fix.
+
+ -- Colin Watson <cjwatson@debian.org>  Wed, 26 Jan 2011 23:48:02 +0000
+
+openssh (1:5.6p1-3) experimental; urgency=low
+
+  * Drop override for desktop-file-but-no-dh_desktop-call, which Lintian no
+    longer issues.
+  * Merge 1:5.5p1-6.
+
+ -- Colin Watson <cjwatson@debian.org>  Thu, 30 Dec 2010 11:48:00 +0000
+
+openssh (1:5.6p1-2) experimental; urgency=low
+
+  * Backport upstream patch to install a SIGCHLD handler to reap expired ssh
+    child processes, preventing lots of zombies when using ControlPersist
+    (closes: #594687).
+
+ -- Colin Watson <cjwatson@debian.org>  Tue, 26 Oct 2010 14:46:40 +0100
+
+openssh (1:5.6p1-1) experimental; urgency=low
+
+  * New upstream release (http://www.openssh.com/txt/release-5.6):
+    - Added a ControlPersist option to ssh_config(5) that automatically
+      starts a background ssh(1) multiplex master when connecting.  This
+      connection can stay alive indefinitely, or can be set to automatically
+      close after a user-specified duration of inactivity (closes: #335697,
+      #350898, #454787, #500573, #550262).
+    - Support AuthorizedKeysFile, AuthorizedPrincipalsFile,
+      HostbasedUsesNameFromPacketOnly, and PermitTunnel in sshd_config(5)
+      Match blocks (closes: #549858).
+    - sftp(1): fix ls in working directories that contain globbing
+      characters in their pathnames (LP: #530714).
+
+ -- Colin Watson <cjwatson@debian.org>  Tue, 24 Aug 2010 00:37:54 +0100
+
+openssh (1:5.5p1-6) unstable; urgency=low
+
+  * Touch /var/run/sshd/.placeholder in the preinst so that /var/run/sshd,
+    which is intentionally no longer shipped in the openssh-server package
+    due to /var/run often being a temporary directory, is not removed on
+    upgrade (closes: #575582).
+
+ -- Colin Watson <cjwatson@debian.org>  Sun, 26 Dec 2010 18:09:29 +0000
+
+openssh (1:5.5p1-5) unstable; urgency=low
+
+  * Use an architecture wildcard for libselinux1-dev (closes: #591740).
+  * debconf template translations:
+    - Update Danish (thanks, Joe Hansen; closes: #592800).
+
+ -- Colin Watson <cjwatson@debian.org>  Mon, 23 Aug 2010 22:59:03 +0100
+
+openssh (1:5.5p1-4) unstable; urgency=low
+
+  [ Sebastian Andrzej Siewior ]
+  * Add powerpcspe to architecture list for libselinux1-dev build-dependency
+    (closes: #579843).
+
+  [ Colin Watson ]
+  * Allow ~/.ssh/authorized_keys and other secure files to be
+    group-writable, provided that the group in question contains only the
+    file's owner; this extends a patch previously applied to ~/.ssh/config
+    (closes: #581919).
+  * Check primary group memberships as well as supplementary group
+    memberships, and only allow group-writability by groups with exactly one
+    member, as zero-member groups are typically used by setgid binaries
+    rather than being user-private groups (closes: #581697).
+
+ -- Colin Watson <cjwatson@debian.org>  Sat, 22 May 2010 23:37:20 +0100
+
+openssh (1:5.5p1-3) unstable; urgency=low
+
+  * Discard error messages while checking whether rsh, rlogin, and rcp
+    alternatives exist (closes: #579285).
+  * Drop IDEA key check; I don't think it works properly any more due to
+    textual changes in error output, it's only relevant for direct upgrades
+    from truly ancient versions, and it breaks upgrades if
+    /etc/ssh/ssh_host_key can't be loaded (closes: #579570).
+
+ -- Colin Watson <cjwatson@debian.org>  Wed, 28 Apr 2010 22:12:47 +0100
+
+openssh (1:5.5p1-2) unstable; urgency=low
+
+  * Use dh_installinit -n, since our maintainer scripts already handle this
+    more carefully (thanks, Julien Cristau).
+
+ -- Colin Watson <cjwatson@debian.org>  Sat, 17 Apr 2010 12:55:56 +0100
+
+openssh (1:5.5p1-1) unstable; urgency=low
+
+  * New upstream release:
+    - Unbreak sshd_config's AuthorizedKeysFile option for $HOME-relative
+      paths.
+    - Include a language tag when sending a protocol 2 disconnection
+      message.
+    - Make logging of certificates used for user authentication more clear
+      and consistent between CAs specified using TrustedUserCAKeys and
+      authorized_keys.
+
+ -- Colin Watson <cjwatson@debian.org>  Fri, 16 Apr 2010 10:27:30 +0100
+
+openssh (1:5.4p1-2) unstable; urgency=low
+
+  * Borrow patch from Fedora to add DNSSEC support: if glibc 2.11 is
+    installed, the host key is published in an SSHFP RR secured with DNSSEC,
+    and VerifyHostKeyDNS=yes, then ssh will no longer prompt for host key
+    verification (closes: #572049).
+  * Convert to dh(1), and use dh_installdocs --link-doc.
+  * Drop lpia support, since Ubuntu no longer supports this architecture.
+  * Use dh_install more effectively.
+  * Add a NEWS.Debian entry about changes in smartcard support relative to
+    previous unofficial builds (closes: #231472).
+
+ -- Colin Watson <cjwatson@debian.org>  Sat, 10 Apr 2010 01:08:59 +0100
+
+openssh (1:5.4p1-1) unstable; urgency=low
+
+  * New upstream release (LP: #535029).
+    - After a transition period of about 10 years, this release disables SSH
+      protocol 1 by default.  Clients and servers that need to use the
+      legacy protocol must explicitly enable it in ssh_config / sshd_config
+      or on the command-line.
+    - Remove the libsectok/OpenSC-based smartcard code and add support for
+      PKCS#11 tokens.  This support is enabled by default in the Debian
+      packaging, since it now doesn't involve additional library
+      dependencies (closes: #231472, LP: #16918).
+    - Add support for certificate authentication of users and hosts using a
+      new, minimal OpenSSH certificate format (closes: #482806).
+    - Added a 'netcat mode' to ssh(1): "ssh -W host:port ...".
+    - Add the ability to revoke keys in sshd(8) and ssh(1).  (For the Debian
+      package, this overlaps with the key blacklisting facility added in
+      openssh 1:4.7p1-9, but with different file formats and slightly
+      different scopes; for the moment, I've roughly merged the two.)
+    - Various multiplexing improvements, including support for requesting
+      port-forwardings via the multiplex protocol (closes: #360151).
+    - Allow setting an explicit umask on the sftp-server(8) commandline to
+      override whatever default the user has (closes: #496843).
+    - Many sftp client improvements, including tab-completion, more options,
+      and recursive transfer support for get/put (LP: #33378).  The old
+      mget/mput commands never worked properly and have been removed
+      (closes: #270399, #428082).
+    - Do not prompt for a passphrase if we fail to open a keyfile, and log
+      the reason why the open failed to debug (closes: #431538).
+    - Prevent sftp from crashing when given a "-" without a command.  Also,
+      allow whitespace to follow a "-" (closes: #531561).
+
+  * Fix 'debian/rules quilt-setup' to avoid writing .orig files if some
+    patches apply with offsets.
+  * Include debian/ssh-askpass-gnome.png in the Debian tarball now that
+    we're using a source format that permits this, rather than messing
+    around with uudecode.
+  * Drop compatibility with the old gssapi mechanism used in ssh-krb5 <<
+    3.8.1p1-1.  Simon Wilkinson refused this patch since the old gssapi
+    mechanism was removed due to a serious security hole, and since these
+    versions of ssh-krb5 are no longer security-supported by Debian I don't
+    think there's any point keeping client compatibility for them.
+  * Fix substitution of ETC_PAM_D_SSH, following the rename in 1:4.7p1-4.
+  * Hardcode the location of xauth to /usr/bin/xauth rather than
+    /usr/bin/X11/xauth (thanks, Aron Griffis; closes: #575725, LP: #8440).
+    xauth no longer depends on x11-common, so we're no longer guaranteed to
+    have the /usr/bin/X11 symlink available.  I was taking advantage of the
+    /usr/bin/X11 symlink to smooth X's move to /usr/bin, but this is far
+    enough in the past now that it's probably safe to just use /usr/bin.
+  * Remove SSHD_OOM_ADJUST configuration.  sshd now unconditionally makes
+    itself non-OOM-killable, and doesn't require configuration to avoid log
+    spam in virtualisation containers (closes: #555625).
+  * Drop Debian-specific removal of OpenSSL version check.  Upstream ignores
+    the two patchlevel nybbles now, which is sufficient to address the
+    original reason this change was introduced, and it appears that any
+    change in the major/minor/fix nybbles would involve a new libssl package
+    name.  (We'd still lose if the status nybble were ever changed, but that
+    would mean somebody had packaged a development/beta version rather than
+    a proper release, which doesn't appear to be normal practice.)
+  * Drop most of our "LogLevel SILENT" (-qq) patch.  This was originally
+    introduced to match the behaviour of non-free SSH, in which -q does not
+    suppress fatal errors, but matching the behaviour of OpenSSH upstream is
+    much more important nowadays.  We no longer document that -q does not
+    suppress fatal errors (closes: #280609).  Migrate "LogLevel SILENT" to
+    "LogLevel QUIET" in sshd_config on upgrade.
+  * Policy version 3.8.4:
+    - Add a Homepage field.
+
+ -- Colin Watson <cjwatson@debian.org>  Tue, 06 Apr 2010 22:38:31 +0100
+
+openssh (1:5.3p1-3) unstable; urgency=low
+
+  * Convert to source format 3.0 (quilt).
+  * Update README.source to match, and add a 'quilt-setup' target to
+    debian/rules for the benefit of those checking out the package from
+    revision control.
+  * All patches are now maintained separately and tagged according to DEP-3.
+  * Add GSSAPIStoreCredentialsOnRekey to 'sshd -T' configuration dump.
+  * Remove documentation of building for Debian 3.0 in README.Debian.
+    Support for this was removed in 1:4.7p1-2.
+  * Remove obsolete header from README.Debian dating from when people
+    expected non-free SSH.
+  * Update copyright years for GSSAPI patch.
+
+ -- Colin Watson <cjwatson@debian.org>  Sun, 28 Feb 2010 01:35:53 +0000
+
+openssh (1:5.3p1-2) unstable; urgency=low
+
+  * Link with -Wl,--as-needed (closes: #560155).
+  * Install upstream sshd_config as an example (closes: #415008).
+  * Use dh_lintian.
+  * Honour DEB_BUILD_OPTIONS=nocheck.
+
+ -- Colin Watson <cjwatson@debian.org>  Mon, 22 Feb 2010 12:43:24 +0000
+
+openssh (1:5.3p1-1) unstable; urgency=low
+
+  * New upstream release.
+  * Update to GSSAPI patch from
+    http://www.sxw.org.uk/computing/patches/openssh-5.3p1-gsskex-all-20100124.patch.
+  * Backport from upstream:
+    - Do not fall back to adding keys without constraints (ssh-add -c / -t
+      ...) when the agent refuses the constrained add request. This was a
+      useful migration measure back in 2002 when constraints were new, but
+      just adds risk now (LP: #209447).
+  * Drop change from 1:3.8p1-3 to avoid setresuid() and setresgid() system
+    calls.  This only applied to Linux 2.2, which it's no longer feasible to
+    run anyway (see 1:5.2p1-2 changelog).
+
+ -- Colin Watson <cjwatson@debian.org>  Tue, 26 Jan 2010 11:55:29 +0000
+
+openssh (1:5.2p1-2) unstable; urgency=low
+
+  [ Colin Watson ]
+  * Backport from upstream:
+    - After sshd receives a SIGHUP, ignore subsequent HUPs while sshd
+      re-execs itself.  Prevents two HUPs in quick succession from resulting
+      in sshd dying (LP: #497781).
+    - Output a debug if we can't open an existing keyfile (LP: #505301).
+  * Use host compiler for ssh-askpass-gnome when cross-compiling.
+  * Don't run tests when cross-compiling.
+  * Drop change from 1:3.6.1p2-5 to disable cmsg_type check for file
+    descriptor passing when running on Linux 2.0.  The previous stable
+    release of Debian dropped support for Linux 2.4, let alone 2.0, so this
+    very likely has no remaining users depending on it.
+
+  [ Kees Cook ]
+  * Implement DebianBanner server configuration flag that can be set to "no"
+    to allow sshd to run without the Debian-specific extra version in the
+    initial protocol handshake (closes: #562048).
+
+ -- Colin Watson <cjwatson@debian.org>  Sat, 16 Jan 2010 01:28:58 +0000
+
+openssh (1:5.2p1-1) unstable; urgency=low
+
+  * New upstream release (closes: #536182). Yes, I know 5.3p1 has been out
+    for a while, but there's no GSSAPI patch available for it yet.
+    - Change the default cipher order to prefer the AES CTR modes and the
+      revised "arcfour256" mode to CBC mode ciphers that are susceptible to
+      CPNI-957037 "Plaintext Recovery Attack Against SSH".
+    - Add countermeasures to mitigate CPNI-957037-style attacks against the
+      SSH protocol's use of CBC-mode ciphers. Upon detection of an invalid
+      packet length or Message Authentication Code, ssh/sshd will continue
+      reading up to the maximum supported packet length rather than
+      immediately terminating the connection. This eliminates most of the
+      known differences in behaviour that leaked information about the
+      plaintext of injected data which formed the basis of this attack
+      (closes: #506115, LP: #379329).
+    - ForceCommand directive now accepts commandline arguments for the
+      internal-sftp server (closes: #524423, LP: #362511).
+    - Add AllowAgentForwarding to available Match keywords list (closes:
+      #540623).
+    - Make ssh(1) send the correct channel number for
+      SSH2_MSG_CHANNEL_SUCCESS and SSH2_MSG_CHANNEL_FAILURE messages to
+      avoid triggering 'Non-public channel' error messages on sshd(8) in
+      openssh-5.1.
+    - Avoid printing 'Non-public channel' warnings in sshd(8), since the
+      ssh(1) has sent incorrect channel numbers since ~2004 (this reverts a
+      behaviour introduced in openssh-5.1; closes: #496017).
+    - Disable nonfunctional ssh(1) ~C escape handler in multiplex slave
+      connections (closes: #507541).
+    - Fix "whitepsace" typo in ssh_config(5) (closes: #514313, LP: #303835).
+  * Update to GSSAPI patch from
+    http://www.sxw.org.uk/computing/patches/openssh-5.2p1-gsskex-all-20090726.patch,
+    including cascading credentials support (LP: #416958).
+  * Use x11.pc when compiling/linking gnome-ssh-askpass2 (closes: #555951).
+  * Moved to bzr.debian.org; add Vcs-Bzr and Vcs-Browser control fields.
+  * Add debian/README.source with instructions on bzr handling.
+  * Make ChrootDirectory work with SELinux (thanks, Russell Coker; closes:
+    #556644).
+  * Initialise sc to NULL in ssh_selinux_getctxbyname (thanks, Václav Ovsík;
+    closes: #498684).
+  * Don't duplicate backslashes when displaying server banner (thanks,
+    Michał Górny; closes: #505378, LP: #425346).
+  * Use hardening-includes for hardening logic (thanks, Kees Cook; closes:
+    #561887).
+  * Update OpenSSH FAQ to revision 1.110.
+  * Remove ssh/new_config, only needed for direct upgrades from potato which
+    are no longer particularly feasible anyway (closes: #420682).
+  * Cope with insserv reordering of init script links.
+  * Remove init script stop link in rc1, as killprocs handles it already.
+  * Adjust short descriptions to avoid relying on previous experience with
+    rsh, based on suggestions from Reuben Thomas (closes: #512198).
+  * Remove manual page references to login.conf, which aren't applicable on
+    non-BSD systems (closes: #154434).
+  * Remove/adjust manual page references to BSD-specific /etc/rc (closes:
+    #513417).
+  * Refer to sshd_config(5) rather than sshd(8) in postinst-written
+    /etc/ssh/sshd_config, and add UsePAM commentary from upstream-shipped
+    configuration file (closes: #415008, although unfortunately this will
+    only be conveniently visible on new installations).
+  * Include URL to OpenBSD's ssl(8) in ssh(1), since I don't see a better
+    source for the same information among Debian's manual pages (closes:
+    #530692, LP: #456660).
+
+ -- Colin Watson <cjwatson@debian.org>  Mon, 04 Jan 2010 13:23:35 +0000
+
+openssh (1:5.1p1-8) unstable; urgency=low
+
+  * Build with just -fPIC on mips/mipsel, not -fPIE as well (thanks, LIU Qi;
+    closes: #538313).
+  * Build-depend on libselinux1-dev on sh4 too (thanks, Nobuhiro Iwamatsu;
+    closes: #547103).
+  * Fix grammar in if-up script (closes: #549128).
+  * Pass $SSHD_OPTS when checking configuration too (thanks, "sobtwmxt";
+    closes: #548662).
+
+ -- Colin Watson <cjwatson@debian.org>  Mon, 05 Oct 2009 13:30:49 +0100
+
+openssh (1:5.1p1-7) unstable; urgency=low
+
+  * Update config.guess and config.sub from autotools-dev 20090611.1
+    (closes: #538301).
+  * Set umask to 022 in the init script as well as postinsts (closes:
+    #539030).
+  * Add ${misc:Depends} to keep Lintian happy.
+  * Use 'which' rather than 'type' in maintainer scripts.
+  * Upgrade to debhelper v7.
+
+ -- Colin Watson <cjwatson@debian.org>  Fri, 31 Jul 2009 16:28:10 +0100
+
+openssh (1:5.1p1-6) unstable; urgency=low
+
+  * Open /proc/self/oom_adj with O_RDONLY or O_WRONLY as necessary, rather
+    than O_RDWR.
+  * Disable OOM adjustment for vserver/OpenVZ (thanks, Karl Chen; closes:
+    #511771).
+  * Add ufw integration (thanks, Didier Roche; see
+    https://wiki.ubuntu.com/UbuntuFirewall#Integrating%20UFW%20with%20Packages;
+    LP: #261884).
+  * Add a comment above PermitRootLogin in sshd_config pointing to
+    README.Debian.
+  * Check if delgroup is present in openssh-client.postrm (closes: #530501).
+  * Build with -fPIC on mips/mipsel (thanks, Luk Claes; closes: #531942).
+  * Remove /var/run/sshd from openssh-server package; it will be created at
+    run-time before starting the server.
+  * Use invoke-rc.d in openssh-server's if-up script.
+
+ -- Colin Watson <cjwatson@debian.org>  Fri, 05 Jun 2009 11:56:03 +0100
+
+openssh (1:5.1p1-5) unstable; urgency=low
+
+  * Backport from upstream CVS (Markus Friedl):
+    - packet_disconnect() on padding error, too. Should reduce the success
+      probability for the CPNI-957037 Plaintext Recovery Attack to 2^-18.
+  * Check that /var/run/sshd.pid exists and that the process ID listed there
+    corresponds to sshd before running '/etc/init.d/ssh reload' from if-up
+    script; SIGHUP is racy if called at boot before sshd has a chance to
+    install its signal handler, but fortunately the pid file is written
+    after that which lets us avoid the race (closes: #502444).
+  * While the above is a valuable sanity-check, it turns out that it doesn't
+    really fix the bug (thanks to Kevin Price for testing), so for the
+    meantime we'll just use '/etc/init.d/ssh restart', even though it is
+    unfortunately heavyweight.
+
+ -- Colin Watson <cjwatson@debian.org>  Wed, 14 Jan 2009 00:34:08 +0000
+
+openssh (1:5.1p1-4) unstable; urgency=low
+
+  * ssh-copy-id: Strip trailing colons from hostname (closes: #226172,
+    LP: #249706; thanks to Karl Goetz for nudging this along; forwarded
+    upstream as https://bugzilla.mindrot.org/show_bug.cgi?id=1530).
+  * Backport from upstream CVS (Markus Friedl):
+    - Only send eow and no-more-sessions requests to openssh 5 and newer;
+      fixes interop problems with broken ssh v2 implementations (closes:
+      #495917).
+  * Fix double-free when failing to parse a forwarding specification given
+    using ~C (closes: #505330; forwarded upstream as
+    https://bugzilla.mindrot.org/show_bug.cgi?id=1539).
+
+ -- Colin Watson <cjwatson@debian.org>  Sun, 23 Nov 2008 14:46:10 +0000
+
+openssh (1:5.1p1-3) unstable; urgency=low
+
+  * Remove unnecessary ssh-vulnkey output in non-verbose mode when no
+    compromised or unknown keys were found (closes: #496495).
+  * Configure with --disable-strip; dh_strip will deal with stripping
+    binaries and will honour DEB_BUILD_OPTIONS (thanks, Bernhard R. Link;
+    closes: #498681).
+  * Fix handling of zero-length server banners (thanks, Tomas Mraz; closes:
+    #497026).
+
+ -- Colin Watson <cjwatson@debian.org>  Tue, 30 Sep 2008 23:09:58 +0100
+
+openssh (1:5.1p1-2) unstable; urgency=low
+
+  * Look for $SHELL on the path when executing ProxyCommands or
+    LocalCommands (closes: #492728).
+
+ -- Colin Watson <cjwatson@debian.org>  Tue, 29 Jul 2008 15:31:25 +0100
+
+openssh (1:5.1p1-1) unstable; urgency=low
+
+  * New upstream release (closes: #474301). Important changes not previously
+    backported to 4.7p1:
+    - 4.9/4.9p1 (http://www.openssh.com/txt/release-4.9):
+      + Added chroot(2) support for sshd(8), controlled by a new option
+        "ChrootDirectory" (closes: #139047, LP: #24777).
+      + Linked sftp-server(8) into sshd(8). The internal sftp server is used
+        when the command "internal-sftp" is specified in a Subsystem or
+        ForceCommand declaration. When used with ChrootDirectory, the
+        internal sftp server requires no special configuration of files
+        inside the chroot environment.
+      + Added a protocol extension method "posix-rename@openssh.com" for
+        sftp-server(8) to perform POSIX atomic rename() operations; sftp(1)
+        prefers this if available (closes: #308561).
+      + Removed the fixed limit of 100 file handles in sftp-server(8).
+      + ssh(8) will now skip generation of SSH protocol 1 ephemeral server
+        keys when in inetd mode and protocol 2 connections are negotiated.
+        This speeds up protocol 2 connections to inetd-mode servers that
+        also allow Protocol 1.
+      + Accept the PermitRootLogin directive in a sshd_config(5) Match
+        block. Allows for, e.g. permitting root only from the local network.
+      + Reworked sftp(1) argument splitting and escaping to be more
+        internally consistent (i.e. between sftp commands) and more
+        consistent with sh(1). Please note that this will change the
+        interpretation of some quoted strings, especially those with
+        embedded backslash escape sequences.
+      + Support "Banner=none" in sshd_config(5) to disable sending of a
+        pre-login banner (e.g. in a Match block).
+      + ssh(1) ProxyCommands are now executed with $SHELL rather than
+        /bin/sh.
+      + ssh(1)'s ConnectTimeout option is now applied to both the TCP
+        connection and the SSH banner exchange (previously it just covered
+        the TCP connection). This allows callers of ssh(1) to better detect
+        and deal with stuck servers that accept a TCP connection but don't
+        progress the protocol, and also makes ConnectTimeout useful for
+        connections via a ProxyCommand.
+      + scp(1) incorrectly reported "stalled" on slow copies (closes:
+        #140828).
+      + scp(1) date underflow for timestamps before epoch.
+      + ssh(1) used the obsolete SIG DNS RRtype for host keys in DNS,
+        instead of the current standard RRSIG.
+      + Correctly drain ACKs when a sftp(1) upload write fails midway,
+        avoids a fatal() exit from what should be a recoverable condition.
+      + Fixed ssh-keygen(1) selective host key hashing (i.e. "ssh-keygen -HF
+        hostname") to not include any IP address in the data to be hashed.
+      + Make ssh(1) skip listening on the IPv6 wildcard address when a
+        binding address of 0.0.0.0 is used against an old SSH server that
+        does not support the RFC4254 syntax for wildcard bind addresses.
+      + Enable IPV6_V6ONLY socket option on sshd(8) listen socket, as is
+        already done for X11/TCP forwarding sockets (closes: #439661).
+      + Fix FD leak that could hang a ssh(1) connection multiplexing master.
+      + Make ssh(1) -q option documentation consistent with reality.
+      + Fixed sshd(8) PAM support not calling pam_session_close(), or
+        failing to call it with root privileges (closes: #372680).
+      + Fix activation of OpenSSL engine support when requested in configure
+        (LP: #119295).
+      + Cache SELinux status earlier so we know if it's enabled after a
+        chroot (LP: #237557).
+    - 5.1/5.1p1 (http://www.openssh.com/txt/release-5.1):
+      + Introduce experimental SSH Fingerprint ASCII Visualisation to ssh(1)
+        and ssh-keygen(1). Visual fingerprint display is controlled by a new
+        ssh_config(5) option "VisualHostKey". The intent is to render SSH
+        host keys in a visual form that is amenable to easy recall and
+        rejection of changed host keys.
+      + sshd_config(5) now supports CIDR address/masklen matching in "Match
+        address" blocks, with a fallback to classic wildcard matching.
+      + sshd(8) now supports CIDR matching in ~/.ssh/authorized_keys
+        from="..." restrictions, also with a fallback to classic wildcard
+        matching.
+      + Added an extended test mode (-T) to sshd(8) to request that it write
+        its effective configuration to stdout and exit. Extended test mode
+        also supports the specification of connection parameters (username,
+        source address and hostname) to test the application of
+        sshd_config(5) Match rules. 
+      + ssh(1) now prints the number of bytes transferred and the overall
+        connection throughput for SSH protocol 2 sessions when in verbose
+        mode (previously these statistics were displayed for protocol 1
+        connections only).
+      + sftp-server(8) now supports extension methods statvfs@openssh.com
+        and fstatvfs@openssh.com that implement statvfs(2)-like operations.
+      + sftp(1) now has a "df" command to the sftp client that uses the
+        statvfs@openssh.com to produce a df(1)-like display of filesystem
+        space and inode utilisation (requires statvfs@openssh.com support on
+        the server).
+      + Added a MaxSessions option to sshd_config(5) to allow control of the
+        number of multiplexed sessions supported over a single TCP
+        connection. This allows increasing the number of allowed sessions
+        above the previous default of 10, disabling connection multiplexing
+        (MaxSessions=1) or disallowing login/shell/subsystem sessions
+        entirely (MaxSessions=0).
+      + Added a no-more-sessions@openssh.com global request extension that
+        is sent from ssh(1) to sshd(8) when the client knows that it will
+        never request another session (i.e. when session multiplexing is
+        disabled). This allows a server to disallow further session requests
+        and terminate the session in cases where the client has been
+        hijacked.
+      + ssh-keygen(1) now supports the use of the -l option in combination
+        with -F to search for a host in ~/.ssh/known_hosts and display its
+        fingerprint.
+      + ssh-keyscan(1) now defaults to "rsa" (protocol 2) keys, instead of
+        "rsa1" (LP: #129794).
+      + Added an AllowAgentForwarding option to sshd_config(8) to control
+        whether authentication agent forwarding is permitted. Note that this
+        is a loose control, as a client may install their own unofficial
+        forwarder.
+      + ssh(1) and sshd(8): avoid unnecessary malloc/copy/free when
+        receiving network data, resulting in a ~10% speedup.
+      + ssh(1) and sshd(8) will now try additional addresses when connecting
+        to a port forward destination whose DNS name resolves to more than
+        one address. The previous behaviour was to try the only first
+        address and give up if that failed.
+      + ssh(1) and sshd(8) now support signalling that channels are
+        half-closed for writing, through a channel protocol extension
+        notification "eow@openssh.com". This allows propagation of closed
+        file descriptors, so that commands such as "ssh -2 localhost od
+        /bin/ls | true" do not send unnecessary data over the wire.
+      + sshd(8): increased the default size of ssh protocol 1 ephemeral keys
+        from 768 to 1024 bits.
+      + When ssh(1) has been requested to fork after authentication ("ssh
+        -f") with ExitOnForwardFailure enabled, delay the fork until after
+        replies for any -R forwards have been seen. Allows for robust
+        detection of -R forward failure when using -f.
+      + "Match group" blocks in sshd_config(5) now support negation of
+        groups. E.g. "Match group staff,!guests".
+      + sftp(1) and sftp-server(8) now allow chmod-like operations to set
+        set[ug]id/sticky bits.
+      + The MaxAuthTries option is now permitted in sshd_config(5) match
+        blocks.
+      + Multiplexed ssh(1) sessions now support a subset of the ~ escapes
+        that are available to a primary connection.
+      + ssh(1) connection multiplexing will now fall back to creating a new
+        connection in most error cases (closes: #352830).
+      + Make ssh(1) deal more gracefully with channel requests that fail.
+        Previously it would optimistically assume that requests would always
+        succeed, which could cause hangs if they did not (e.g. when the
+        server runs out of file descriptors).
+      + ssh(1) now reports multiplexing errors via the multiplex slave's
+        stderr where possible (subject to LogLevel in the mux master).
+      + Fixed an UMAC alignment problem that manifested on Itanium
+        platforms.
+  * Remove our local version of moduli(5) now that there's one upstream.
+  * Say "GTK+" rather than "GTK" in ssh-askpass-gnome's description.
+  * Add lintian overrides for empty /usr/share/doc/openssh-client
+    directories in openssh-server and ssh (necessary due to being symlink
+    targets).
+  * Merge from Ubuntu:
+    - Add 'status' action to openssh-server init script, requiring lsb-base
+      (>= 3.2-13) (thanks, Dustin Kirkland).
+  * debconf template translations:
+    - Update Korean (thanks, Sunjae Park; closes: #484821).
+
+ -- Colin Watson <cjwatson@debian.org>  Fri, 25 Jul 2008 10:45:08 +0100
+
+openssh (1:4.7p1-13) unstable; urgency=low
+
+  * Add some helpful advice to the end of ssh-vulnkey's output if there are
+    unknown or compromised keys (thanks, Dan Jacobson; closes: #483756).
+  * Check compromised key blacklist in ssh or ssh-add, as well as in the
+    server (LP: #232391). To override the blacklist check in ssh
+    temporarily, use 'ssh -o UseBlacklistedKeys=yes'; there is no override
+    for the blacklist check in ssh-add.
+  * Add cross-references to ssh-vulnkey(1) to ssh(1), ssh-add(1),
+    ssh-keygen(1), and sshd(8) (closes: #484451).
+  * Change openssh-client-udeb's Installer-Menu-Item from 99900 to 99999
+    (thanks, Frans Pop).
+  * Drop openssh-client-udeb isinstallable hack, as main-menu (>= 1.26) now
+    takes care of that (thanks, Frans Pop; closes: #484404).
+  * Update DEB_BUILD_OPTIONS parsing code from policy 3.8.0.
+  * Add documentation on removing openssh-blacklist locally (see #484269).
+  * Clarify documentation of SSHD_OOM_ADJUST, and make setting it to the
+    empty string actually skip adjustment as intended (closes: #487325).
+  * Remove empty /usr/share/applications directory in ssh-askpass-gnome.
+  * debconf template translations:
+    - Update Romanian (thanks, Cătălin Feștilă; closes: #485415).
+
+ -- Colin Watson <cjwatson@debian.org>  Mon, 21 Jul 2008 12:18:28 +0100
+
+openssh (1:4.7p1-12) unstable; urgency=low
+
+  * Fill in CVE identifier for ssh-vulnkey bug fixed in 1:4.7p1-10.
+  * Refactor rejection of blacklisted user keys into a single
+    reject_blacklisted_key function in auth.c (thanks, Dmitry V. Levin).
+  * Fix memory leak of blacklisted host keys (thanks, Dmitry V. Levin).
+  * debconf template translations:
+    - Update Dutch (thanks, Bart Cornelis; closes: #483004).
+    - Update Brazilian Portuguese (thanks, Eder L. Marques; closes:
+      #483142).
+    - Update Slovak (thanks, Ivan Masár; closes: #483517).
+
+ -- Colin Watson <cjwatson@debian.org>  Thu, 29 May 2008 21:41:29 +0100
+
+openssh (1:4.7p1-11) unstable; urgency=low
+
+  * Make init script depend on $syslog, and fix some other dependency
+    glitches (thanks, Petter Reinholdtsen; closes: #481018).
+  * Remove 0 and 6 from Default-Stop in init script (thanks, Kel Modderman;
+    closes: #481151).
+  * Restore OOM killer adjustment for child processes (thanks, Vaclav Ovsik;
+    closes: #480020).
+  * Allow building with heimdal-dev (LP: #125805).
+
+  * Check RSA1 keys without the need for a separate blacklist. Thanks to
+    Simon Tatham for the idea.
+  * Generate two keys with the PID forced to the same value and test that
+    they differ, to defend against recurrences of the recent Debian OpenSSL
+    vulnerability.
+  * Recommend openssh-blacklist from openssh-client (closes: #481187).
+  * Recommend openssh-blacklist-extra from openssh-client and
+    openssh-server.
+  * Make ssh-vulnkey report the file name and line number for each key
+    (thanks, Heiko Schlittermann and Christopher Perry; closes: #481398).
+  * Check for blacklists in /usr/share/ssh/ as well as /etc/ssh/ (see
+    #481283).
+  * Log IP addresses of hosts attempting to use blacklisted keys (closes:
+    #481721).
+  * Incorporate various ssh-vulnkey suggestions from Hugh Daniel:
+    - Add -v (verbose) option, and don't print output for keys that have a
+      blacklist file but that are not listed unless in verbose mode.
+    - Move exit status documentation to a separate section.
+    - Document key status descriptions.
+    - Add key type to output.
+    - Fix error output if ssh-vulnkey fails to read key files, with the
+      exception of host keys unless -a was given.
+    - In verbose mode, output the name of each file examined.
+  * Handle leading IP addresses in ssh-vulnkey input (LP: #230497).
+  * Fix various ssh-vulnkey problems pointed out by Solar Designer:
+    - Fix some buffer handling inconsistencies.
+    - Use xasprintf to build user key file names, avoiding truncation
+      problems.
+    - Drop to the user's UID when reading user keys with -a.
+    - Use EUID rather than UID when run with no file names and without -a.
+    - Reword "Unknown (no blacklist information)" to "Unknown (blacklist
+      file not installed)".
+
+  * Fix typo in ssh/vulnerable_host_keys message (thanks, Esko Arajärvi).
+  * debconf template translations:
+    - Update Finnish (thanks, Esko Arajärvi; closes: #481530).
+    - Update French (thanks, Christian Perrier; closes: #481576).
+    - Update Norwegian Bokmål (thanks, Bjørn Steensrud; closes: #481591).
+    - Update Galician (thanks, Jacobo Tarrio; closes: #481596).
+    - Update Japanese (thanks, Kenshi Muto; closes: #481621).
+    - Update Czech (thanks, Miroslav Kure; closes: #481624).
+    - Update German (thanks, Helge Kreutzmann; closes: #481676).
+    - Update Portuguese (thanks, Ricardo Silva; closes: #481781).
+    - Update Basque (thanks, Piarres Beobide; closes: #481836).
+    - Update Bulgarian (thanks, Damyan Ivanov; closes: #481870).
+    - Update Vietnamese (thanks, Clytie Siddall; closes: #481876).
+    - Update Spanish (thanks, Javier Fernandez-Sanguino Peña; closes:
+      #482341).
+    - Update Turkish (thanks, Mert Dirik; closes: #482548).
+    - Update Russian (thanks, Yuri Kozlov; closes: #482887).
+    - Update Swedish (thanks, Martin Bagge; closes: #482464).
+    - Update Italian (thanks, Luca Monducci; closes: #482808).
+
+ -- Colin Watson <cjwatson@debian.org>  Mon, 26 May 2008 12:21:39 +0100
+
+openssh (1:4.7p1-10) unstable; urgency=low
+
+  * Add a FILES section to ssh-vulnkey(1) (thanks, Hugh Daniel).
+  * CVE-2008-2285: ssh-vulnkey handles options in authorized_keys
+    (LP: #230029), and treats # as introducing a comment even if it is
+    preceded by whitespace.
+
+ -- Colin Watson <cjwatson@debian.org>  Wed, 14 May 2008 12:35:05 +0100
+
+openssh (1:4.7p1-9) unstable; urgency=critical
+
+  * Fill in CVE identifier for security vulnerability fixed in 1:4.7p1-8.
+  * Mitigate OpenSSL security vulnerability (CVE-2008-0166):
+    - Add key blacklisting support. Keys listed in
+      /etc/ssh/blacklist.TYPE-LENGTH will be rejected for authentication by
+      sshd, unless "PermitBlacklistedKeys yes" is set in
+      /etc/ssh/sshd_config.
+    - Add a new program, ssh-vulnkey, which can be used to check keys
+      against these blacklists.
+    - Depend on openssh-blacklist.
+    - Force dependencies on libssl0.9.8 / libcrypto0.9.8-udeb to at least
+      0.9.8g-9.
+    - Automatically regenerate known-compromised host keys, with a
+      critical-priority debconf note. (I regret that there was no time to
+      gather translations.)
+
+ -- Colin Watson <cjwatson@debian.org>  Tue, 13 May 2008 12:33:38 +0100
+
+openssh (1:4.7p1-8) unstable; urgency=high
+
+  * Fill in CVE identifier for security vulnerability fixed in 1:4.7p1-5.
+  * Rename KeepAlive to TCPKeepAlive in sshd_config, cleaning up from old
+    configurations (LP: #211400).
+  * Tweak scp's reporting of filenames in verbose mode to be a bit less
+    confusing with spaces (thanks, Nicolas Valcárcel; LP: #89945).
+  * Backport from 4.9p1:
+    - CVE-2008-1657: Ignore ~/.ssh/rc if a sshd_config ForceCommand is
+      specified.
+    - Add no-user-rc authorized_keys option to disable execution of
+      ~/.ssh/rc.
+  * Backport from Simon Wilkinson's GSSAPI key exchange patch for 5.0p1:
+    - Add code to actually implement GSSAPIStrictAcceptorCheck, which had
+      somehow been omitted from a previous version of this patch (closes:
+      #474246).
+
+ -- Colin Watson <cjwatson@debian.org>  Sun, 06 Apr 2008 12:34:19 +0100
+
+openssh (1:4.7p1-7) unstable; urgency=low
+
+  * Ignore errors writing to oom_adj (closes: #473573).
+
+ -- Colin Watson <cjwatson@debian.org>  Mon, 31 Mar 2008 16:24:44 +0100
+
+openssh (1:4.7p1-6) unstable; urgency=low
+
+  * Disable the Linux kernel's OOM-killer for the sshd parent; tweak
+    SSHD_OOM_ADJUST in /etc/default/ssh to change this (closes: #341767).
+
+ -- Colin Watson <cjwatson@debian.org>  Sun, 30 Mar 2008 21:14:12 +0100
+
+openssh (1:4.7p1-5) unstable; urgency=low
+
+  * Recommends: xauth rather than Suggests: xbase-clients.
+  * Document in ssh(1) that '-S none' disables connection sharing
+    (closes: #471437).
+  * Patch from Red Hat / Fedora:
+    - CVE-2008-1483: Don't use X11 forwarding port which can't be bound on
+      all address families, preventing hijacking of X11 forwarding by
+      unprivileged users when both IPv4 and IPv6 are configured (closes:
+      #463011).
+  * Use printf rather than echo -en (a bashism) in openssh-server.config and
+    openssh-server.preinst.
+  * debconf template translations:
+    - Update Finnish (thanks, Esko Arajärvi; closes: #468563).
+
+ -- Colin Watson <cjwatson@debian.org>  Sat, 22 Mar 2008 12:37:00 +0000
+
+openssh (1:4.7p1-4) unstable; urgency=low
+
+  [ Caleb Case ]
+  * Fix configure detection of getseuserbyname and
+    get_default_context_with_level (closes: #465614, LP: #188136).
+
+  [ Colin Watson ]
+  * Include the autogenerated debian/copyright in the source package.
+  * Move /etc/pam.d/ssh to /etc/pam.d/sshd, allowing us to stop defining
+    SSHD_PAM_SERVICE (closes: #255870).
+
+ -- Colin Watson <cjwatson@debian.org>  Wed, 13 Feb 2008 18:18:52 +0000
+
+openssh (1:4.7p1-3) unstable; urgency=low
+
+  * Improve grammar of ssh-askpass-gnome description.
+  * Backport from upstream:
+    - Use the correct packet maximum sizes for remote port and agent
+      forwarding. Prevents the server from killing the connection if too
+      much data is queued and an excessively large packet gets sent
+      (https://bugzilla.mindrot.org/show_bug.cgi?id=1360).
+  * Allow passing temporary daemon parameters on the init script's command
+    line, e.g. '/etc/init.d/ssh start "-o PermitRootLogin=yes"' (thanks,
+    Marc Haber; closes: #458547).
+
+ -- Colin Watson <cjwatson@debian.org>  Fri, 01 Feb 2008 21:59:59 +0000
+
+openssh (1:4.7p1-2) unstable; urgency=low
+
+  * Adjust many relative links in faq.html to point to
+    http://www.openssh.org/ (thanks, Dan Jacobson; mentioned in #459807).
+  * Pass --with-mantype=doc to configure rather than build-depending on
+    groff (closes: #460121).
+  * Add armel to architecture list for libselinux1-dev build-dependency
+    (closes: #460136).
+  * Drop source-compatibility with Debian 3.0:
+    - Remove support for building with GNOME 1. This allows simplification
+      of our GNOME build-dependencies (see #460136).
+    - Remove hacks to support the old PAM configuration scheme.
+    - Remove compatibility for building without po-debconf.
+  * Build-depend on libgtk2.0-dev rather than libgnomeui-dev. As far as I
+    can see, the GTK2 version of ssh-askpass-gnome has never required
+    libgnomeui-dev.
+
+ -- Colin Watson <cjwatson@debian.org>  Fri, 11 Jan 2008 00:14:10 +0000
+
+openssh (1:4.7p1-1) unstable; urgency=low
+
+  * New upstream release (closes: #453367).
+    - CVE-2007-4752: Prevent ssh(1) from using a trusted X11 cookie if
+      creation of an untrusted cookie fails; found and fixed by Jan Pechanec
+      (closes: #444738).
+    - sshd(8) in new installations defaults to SSH Protocol 2 only. Existing
+      installations are unchanged.
+    - The SSH channel window size has been increased, and both ssh(1)
+      sshd(8) now send window updates more aggressively. These improves
+      performance on high-BDP (Bandwidth Delay Product) networks.
+    - ssh(1) and sshd(8) now preserve MAC contexts between packets, which
+      saves 2 hash calls per packet and results in 12-16% speedup for
+      arcfour256/hmac-md5.
+    - A new MAC algorithm has been added, UMAC-64 (RFC4418) as
+      "umac-64@openssh.com". UMAC-64 has been measured to be approximately
+      20% faster than HMAC-MD5.
+    - Failure to establish a ssh(1) TunnelForward is now treated as a fatal
+      error when the ExitOnForwardFailure option is set.
+    - ssh(1) returns a sensible exit status if the control master goes away
+      without passing the full exit status.
+    - When using a ProxyCommand in ssh(1), set the outgoing hostname with
+      gethostname(2), allowing hostbased authentication to work.
+    - Make scp(1) skip FIFOs rather than hanging (closes: #246774).
+    - Encode non-printing characters in scp(1) filenames. These could cause
+      copies to be aborted with a "protocol error".
+    - Handle SIGINT in sshd(8) privilege separation child process to ensure
+      that wtmp and lastlog records are correctly updated.
+    - Report GSSAPI mechanism in errors, for libraries that support multiple
+      mechanisms.
+    - Improve documentation for ssh-add(1)'s -d option.
+    - Rearrange and tidy GSSAPI code, removing server-only code being linked
+      into the client.
+    - Delay execution of ssh(1)'s LocalCommand until after all forwardings
+      have been established.
+    - In scp(1), do not truncate non-regular files.
+    - Improve exit message from ControlMaster clients.
+    - Prevent sftp-server(8) from reading until it runs out of buffer space,
+      whereupon it would exit with a fatal error (closes: #365541).
+    - pam_end() was not being called if authentication failed
+      (closes: #405041).
+    - Manual page datestamps updated (closes: #433181).
+  * Install the OpenSSH FAQ in /usr/share/doc/openssh-client.
+    - Includes documentation on copying files with colons using scp
+      (closes: #303453).
+  * Create /var/run/sshd on start even if /etc/ssh/sshd_not_to_be_run exists
+    (closes: #453285).
+  * Fix "overriden" typo in ssh(1) (thanks, A. Costa; closes: #390699).
+  * Refactor debian/rules configure and make invocations to make development
+    easier.
+  * Remove the hideously old /etc/ssh/primes on upgrade (closes: #123013).
+  * Update moduli(5) to revision 1.11 from OpenBSD CVS.
+  * Document the non-default options we set as standard in ssh_config(5) and
+    sshd_config(5) (closes: #327886, #345628).
+  * Recode LICENCE to UTF-8 when concatenating it to debian/copyright.
+  * Override desktop-file-but-no-dh_desktop-call lintian warning; the
+    .desktop file is intentionally not installed (see 1:3.8.1p1-10).
+  * Update copyright dates for Kerberos patch in debian/copyright.head.
+  * Policy version 3.7.3: no changes required.
+
+ -- Colin Watson <cjwatson@debian.org>  Mon, 24 Dec 2007 16:43:02 +0000
+
+openssh (1:4.6p1-7) unstable; urgency=low
+
+  * Don't build PIE executables on m68k (closes: #451192).
+  * Use autotools-dev's recommended configure --build and --host options.
+  * Adjust README.Debian to suggest mailing debian-ssh@lists.debian.org
+    rather than Matthew.
+  * Check whether deluser exists in postrm (closes: #454085).
+
+ -- Colin Watson <cjwatson@debian.org>  Mon, 03 Dec 2007 11:11:02 +0000
+
+openssh (1:4.6p1-6) unstable; urgency=low
+
+  * Remove blank line between head comment and first template in
+    debian/openssh-server.templates.master; apparently it confuses some
+    versions of debconf.
+  * Install authorized_keys(5) as a symlink to sshd(8) (thanks, Tomas
+    Pospisek; closes: #441817).
+  * Discard error output from dpkg-query in preinsts, in case the ssh
+    metapackage is not installed.
+  * Fix sshd/inittab advice in README.Debian to account for rc.d movement
+    (closes: #450632).
+  * Suppress error from debian/rules if lsb-release is not installed.
+  * Don't ignore errors from 'make -C contrib clean'.
+  * Adjust categories in ssh-askpass-gnome.desktop to comply with the
+    Desktop Menu Specification.
+  * debconf template translations:
+    - Add Slovak (thanks, Ivan Masár; closes: #441690).
+    - Update Brazilian Portuguese (thanks, Eder L. Marques;
+      closes: #447145).
+
+ -- Colin Watson <cjwatson@debian.org>  Mon, 12 Nov 2007 11:47:28 +0000
+
+openssh (1:4.6p1-5) unstable; urgency=low
+
+  * Identify ssh as a metapackage rather than a transitional package. It's
+    still useful as a quick way to install both the client and the server.
+  * ssh-copy-id now checks the exit status of ssh-add -L (thanks, Adeodato
+    Simó; closes: #221675).
+  * ssh-copy-id no longer prints the output of expr (thanks, Peter
+    Eisentraut; closes: #291534).
+  * ssh-copy-id defaults to ~/.ssh/id_rsa.pub rather than
+    ~/.ssh/identity.pub, in line with ssh-keygen (thanks, Greg Norris;
+    closes: #234627).
+  * Build-depend on libselinux1-dev on lpia.
+  * openssh-client Suggests: keychain.
+  * debconf template translations:
+    - Update Catalan (thanks, Jordà Polo; closes: #431970).
+
+ -- Colin Watson <cjwatson@debian.org>  Mon, 30 Jul 2007 09:34:38 +0100
+
+openssh (1:4.6p1-4) unstable; urgency=low
+
+  * Don't build PIE executables on hppa, as they crash.
+
+ -- Colin Watson <cjwatson@debian.org>  Thu, 05 Jul 2007 11:06:54 +0100
+
+openssh (1:4.6p1-3) unstable; urgency=low
+
+  * Only build PIE executables on Linux and NetBSD (closes: #430455).
+  * Fix broken switch fallthrough when SELinux is running in permissive mode
+    (closes: #430838).
+  * Document that HashKnownHosts may break tab-completion (closes: #430154).
+
+ -- Colin Watson <cjwatson@debian.org>  Fri, 29 Jun 2007 07:15:38 +0100
+
+openssh (1:4.6p1-2) unstable; urgency=low
+
+  * Fix ordering of SYSLOG_LEVEL_QUIET and SYSLOG_LEVEL_FATAL.
+  * Clarify that 'ssh -q -q' still prints errors caused by bad arguments
+    (i.e. before the logging system is initialised).
+  * Suppress "Connection to <host> closed" and "Connection to master closed"
+    messages at loglevel SILENT (thanks, Jaap Eldering; closes: #409788).
+  * Suppress "Pseudo-terminal will not be allocated because stdin is not a
+    terminal" message at loglevels QUIET and SILENT (closes: #366814).
+  * Document the SILENT loglevel in sftp-server(8), ssh_config(5), and
+    sshd_config(5).
+  * Add try-restart action to init script.
+  * Add /etc/network/if-up.d/openssh-server to restart sshd when new
+    interfaces appear (LP: #103436).
+  * Backport from upstream:
+    - Move C/R -> kbdint special case to after the defaults have been
+      loaded, which makes ChallengeResponse default to yes again. This was
+      broken by the Match changes and not fixed properly subsequently
+      (closes: #428968).
+    - Silence spurious error messages from hang-on-exit fix
+      (http://bugzilla.mindrot.org/show_bug.cgi?id=1306, closes: #429531).
+
+ -- Colin Watson <cjwatson@debian.org>  Wed, 20 Jun 2007 11:52:44 +0100
+
+openssh (1:4.6p1-1) unstable; urgency=low
+
+  * New upstream release (closes: #395507, #397961, #420035). Important
+    changes not previously backported to 4.3p2:
+    - 4.4/4.4p1 (http://www.openssh.org/txt/release-4.4):
+      + On portable OpenSSH, fix a GSSAPI authentication abort that could be
+        used to determine the validity of usernames on some platforms.
+      + Implemented conditional configuration in sshd_config(5) using the
+        "Match" directive. This allows some configuration options to be
+        selectively overridden if specific criteria (based on user, group,
+        hostname and/or address) are met. So far a useful subset of
+        post-authentication options are supported and more are expected to
+        be added in future releases.
+      + Add support for Diffie-Hellman group exchange key agreement with a
+        final hash of SHA256.
+      + Added a "ForceCommand" directive to sshd_config(5). Similar to the
+        command="..." option accepted in ~/.ssh/authorized_keys, this forces
+        the execution of the specified command regardless of what the user
+        requested. This is very useful in conjunction with the new "Match"
+        option.
+      + Add a "PermitOpen" directive to sshd_config(5). This mirrors the
+        permitopen="..." authorized_keys option, allowing fine-grained
+        control over the port-forwardings that a user is allowed to
+        establish.
+      + Add optional logging of transactions to sftp-server(8).
+      + ssh(1) will now record port numbers for hosts stored in
+        ~/.ssh/known_hosts when a non-standard port has been requested
+        (closes: #50612).
+      + Add an "ExitOnForwardFailure" option to cause ssh(1) to exit (with a
+        non-zero exit code) when requested port forwardings could not be
+        established.
+      + Extend sshd_config(5) "SubSystem" declarations to allow the
+        specification of command-line arguments.
+      + Replacement of all integer overflow susceptible invocations of
+        malloc(3) and realloc(3) with overflow-checking equivalents.
+      + Many manpage fixes and improvements.
+      + Add optional support for OpenSSL hardware accelerators (engines),
+        enabled using the --with-ssl-engine configure option.
+      + Tokens in configuration files may be double-quoted in order to
+        contain spaces (closes: #319639).
+      + Move a debug() call out of a SIGCHLD handler, fixing a hang when the
+        session exits very quickly (closes: #307890).
+      + Fix some incorrect buffer allocation calculations (closes: #410599).
+      + ssh-add doesn't ask for a passphrase if key file permissions are too
+        liberal (closes: #103677).
+      + Likewise, ssh doesn't ask either (closes: #99675).
+    - 4.6/4.6p1 (http://www.openssh.org/txt/release-4.6):
+      + sshd now allows the enabling and disabling of authentication methods
+        on a per user, group, host and network basis via the Match directive
+        in sshd_config.
+      + Fixed an inconsistent check for a terminal when displaying scp
+        progress meter (closes: #257524).
+      + Fix "hang on exit" when background processes are running at the time
+        of exit on a ttyful/login session (closes: #88337).
+  * Update to current GSSAPI patch from
+    http://www.sxw.org.uk/computing/patches/openssh-4.6p1-gsskex-20070312.patch;
+    install ChangeLog.gssapi.
+  * Build the .deb --with-ssl-engine (closes: #408027, LP: #119295).
+  * Use LSB functions in init scripts, and add an LSB-style header (partly
+    from Ubuntu and partly thanks to Christian Perrier; closes: #389038).
+  * Move init script start links to S16, move rc1 stop link to K84, and
+    remove rc0 and rc6 stop links altogether (the last part from Ubuntu;
+    closes: #122188).
+  * Emit a slightly more informative message from the init script if
+    /dev/null has somehow become not a character device (closes: #369964).
+  * Belatedly build-depend on zlib1g-dev (>= 1:1.2.3-1) (closes: #333447).
+  * Merge from Ubuntu:
+    - Build position-independent executables (only for debs, not for udebs)
+      to take advantage of address space layout randomisation.
+    - If building on Ubuntu, add /sbin, /usr/sbin, and /usr/local/sbin to
+      the default path.
+  * Use ${binary:Version} rather than ${Source-Version} in openssh-server ->
+    openssh-client dependency.
+
+ -- Colin Watson <cjwatson@debian.org>  Wed, 13 Jun 2007 00:28:26 +0100
+
+openssh (1:4.3p2-11) unstable; urgency=low
+
+  * It's been four and a half years now since I took over as "temporary"
+    maintainer, so the Maintainer field is getting a bit inaccurate. Set
+    Maintainer to debian-ssh@lists.debian.org and leave Matthew and myself
+    as Uploaders.
+  * Use dpkg-query to fetch conffile md5sums rather than parsing
+    /var/lib/dpkg/status directly.
+  * openssh-client Suggests: libpam-ssh (closes: #427840).
+  * Use 'start-stop-daemon --oknodo' so that openssh-server's init script
+    exits successfully if sshd is already running (closes: #426858).
+
+  * Apply results of debconf templates and package descriptions review by
+    debian-l10n-english (closes: #420107, #420742).
+  * debconf template translations:
+    - Update Dutch (thanks, Machteld de Kok; closes: #419260).
+    - Update Norwegian Bokmål (thanks, Bjørn Steensrud; closes: #420630).
+    - Update Galician (thanks, Jacobo Tarrio; closes: #420635).
+    - Update Spanish (thanks, Javier Fernández-Sanguino Peña;
+      closes: #420651).
+    - Update Swedish (thanks, Daniel Nylander; closes: #420663).
+    - Add Bulgarian (thanks, Damyan Ivanov; closes: #420703).
+    - Add Tamil (thanks, Tirumurti Vasudevan; closes: #420739).
+    - Update German (thanks, Helge Kreutzmann; closes: #420743).
+    - Update Japanese (thanks, Kenshi Muto; closes: #420946).
+    - Add Basque (thanks, Piarres Beobide; closes: #421238).
+    - Update Italian (thanks, Luca Monducci; closes: #421348).
+    - Update Czech (thanks, Miroslav Kure; closes: #421484).
+    - Update Romanian (thanks, Igor Stirbu; closes: #421760).
+    - Update Russian (thanks, Yuriy Talakan' and Sergey Alyoshin;
+      closes: #420862).
+    - Update Dutch (thanks, Bart Cornelis; closes: #422767).
+    - Update Portuguese (thanks, Ricardo Silva; closes: #423112).
+    - Update French (thanks, Christian Perrier).
+    - Add Korean (thanks, Sunjae Park; closes: #424008).
+    - Update Vietnamese (thanks, Clytie Siddall; closes: #426991).
+
+ -- Colin Watson <cjwatson@debian.org>  Sun, 10 Jun 2007 08:59:42 +0100
+
+openssh (1:4.3p2-10) unstable; urgency=low
+
+  * Multiply openssh-client-udeb's Installer-Menu-Item by 100.
+  * Increase MAX_SESSIONS to 64.
+
+ -- Colin Watson <cjwatson@debian.org>  Tue, 10 Apr 2007 19:17:20 +0100
+
+openssh (1:4.3p2-9) unstable; urgency=high
+
+  [ Russ Allbery ]
+  * Fix GSSAPIKeyExchange configuration file handling logic in ssh-krb5
+    (closes: #404863).
+  * Fix uncommenting of GSSAPI options by ssh-krb5 (closes: #407766).
+
+  [ Colin Watson ]
+  * debconf template translations:
+    - Add Norwegian Bokmål (thanks, Bjørn Steensrud; closes: #412330).
+
+ -- Colin Watson <cjwatson@debian.org>  Mon,  5 Mar 2007 16:13:50 +0000
+
+openssh (1:4.3p2-8) unstable; urgency=medium
+
+  [ Vincent Untz ]
+  * Give the ssh-askpass-gnome window a default icon; remove unnecessary
+    icon extension from .desktop file (closes:
+    https://launchpad.net/bugs/27152).
+
+  [ Colin Watson ]
+  * Drop versioning on ssh/ssh-krb5 Replaces, as otherwise it isn't
+    sufficient to replace conffiles (closes: #402804).
+  * Make GSSAPICleanupCreds a compatibility alias for
+    GSSAPICleanupCredentials. Mark GSSUseSessionCCache and
+    GSSAPIUseSessionCredCache as known-but-unsupported options, and migrate
+    away from them on upgrade.
+  * It turns out that the people who told me that removing a conffile in the
+    preinst was sufficient to have dpkg replace it without prompting when
+    moving a conffile between packages were very much mistaken. As far as I
+    can tell, the only way to do this reliably is to write out the desired
+    new text of the conffile in the preinst. This is gross, and requires
+    shipping the text of all conffiles in the preinst too, but there's
+    nothing for it. Fortunately this nonsense is only required for smooth
+    upgrades from sarge.
+  * debconf template translations:
+    - Add Romanian (thanks, Stan Ioan-Eugen; closes: #403528).
+
+ -- Colin Watson <cjwatson@debian.org>  Sat, 23 Dec 2006 18:38:33 +0000
+
+openssh (1:4.3p2-7) unstable; urgency=medium
+
+  [ Colin Watson ]
+  * Ignore errors from usermod when changing sshd's shell, since it will
+    fail if the sshd user is not local (closes: #398436).
+  * Remove version control tags from /etc/ssh/moduli and /etc/ssh/ssh_config
+    to avoid unnecessary conffile resolution steps for administrators
+    (thanks, Jari Aalto; closes: #335259).
+  * Fix quoting error in configure.ac and regenerate configure (thanks, Ben
+    Pfaff; closes: #391248).
+  * When installing openssh-client or openssh-server from scratch, remove
+    any unchanged conffiles from the pre-split ssh package to work around a
+    bug in sarge's dpkg (thanks, Justin Pryzby and others; closes: #335276).
+
+  [ Russ Allbery ]
+  * Create transitional ssh-krb5 package which enables GSSAPI configuration
+    in sshd_config (closes: #390986).
+  * Default client to attempting GSSAPI authentication.
+  * Remove obsolete GSSAPINoMICAuthentication from sshd_config if it's
+    found.
+  * Add ssh -K option, the converse of -k, to enable GSSAPI credential
+    delegation (closes: #401483).
+
+ -- Colin Watson <cjwatson@debian.org>  Wed,  6 Dec 2006 23:00:49 +0000
+
+openssh (1:4.3p2-6) unstable; urgency=low
+
+  * Acknowledge NMU (thanks, Manoj; closes: #394795).
+  * Backport from 4.5p1:
+    - Fix a bug in the sshd privilege separation monitor that weakened its
+      verification of successful authentication. This bug is not known to be
+      exploitable in the absence of additional vulnerabilities.
+  * openssh-server Suggests: molly-guard (closes: #395473).
+  * debconf template translations:
+    - Update German (thanks, Helge Kreutzmann; closes: #395947).
+
+ -- Colin Watson <cjwatson@debian.org>  Wed, 15 Nov 2006 00:07:32 +0000
+
+openssh (1:4.3p2-5.1) unstable; urgency=low
+
+  * NMU to update SELinux patch, bringing it in line with current selinux
+    releases.  The patch for this NMU is simply the Bug#394795 patch, 
+    and no other changes.                       (closes: #394795)
+
+ -- Manoj Srivastava <srivasta@debian.org>  Mon,  23 Oct 2006 14:11:24 -0500
+
+openssh (1:4.3p2-5) unstable; urgency=low
+
+  * Remove ssh/insecure_telnetd check altogether (closes: #391081).
+  * debconf template translations:
+    - Update Danish (thanks, Claus Hindsgaul; closes: #390612).
+
+ -- Colin Watson <cjwatson@debian.org>  Thu,  5 Oct 2006 09:04:19 +0100
+
+openssh (1:4.3p2-4) unstable; urgency=high
+
+  * Backport from 4.4p1 (since I don't have an updated version of the GSSAPI
+    patch yet):
+    - CVE-2006-4924: Fix a pre-authentication denial of service found by
+      Tavis Ormandy, that would cause sshd(8) to spin until the login grace
+      time expired (closes: #389995).
+    - CVE-2006-5051: Fix an unsafe signal hander reported by Mark Dowd. The
+      signal handler was vulnerable to a race condition that could be
+      exploited to perform a pre-authentication denial of service. On
+      portable OpenSSH, this vulnerability could theoretically lead to
+      pre-authentication remote code execution if GSSAPI authentication is
+      enabled, but the likelihood of successful exploitation appears remote.
+
+  * Read /etc/default/locale as well as /etc/environment (thanks, Raphaël
+    Hertzog; closes: #369395).
+  * Remove no-longer-used ssh/insecure_rshd debconf template.
+  * Make ssh/insecure_telnetd Type: error (closes: #388946).
+
+  * debconf template translations:
+    - Update Portuguese (thanks, Rui Branco; closes: #381942).
+    - Update Spanish (thanks, Javier Fernández-Sanguino Peña;
+      closes: #382966).
+
+ -- Colin Watson <cjwatson@debian.org>  Fri, 29 Sep 2006 16:28:24 +0100
+
+openssh (1:4.3p2-3) unstable; urgency=low
+
+  * Document KeepAlive->TCPKeepAlive renaming in sshd_config(5) (closes:
+    https://launchpad.net/bugs/50702).
+  * Change sshd user's shell to /usr/sbin/nologin (closes: #366541).
+    Introduces dependency on passwd for usermod.
+  * debconf template translations:
+    - Update French (thanks, Denis Barbier; closes: #368503).
+    - Update Dutch (thanks, Bart Cornelis; closes: #375100).
+    - Update Japanese (thanks, Kenshi Muto; closes: #379950).
+
+ -- Colin Watson <cjwatson@debian.org>  Thu, 27 Jul 2006 00:12:36 +0100
+
+openssh (1:4.3p2-2) unstable; urgency=low
+
+  * Include commented-out pam_access example in /etc/pam.d/ssh.
+  * On '/etc/init.d/ssh restart', create /var/run/sshd before checking the
+    server configuration, as otherwise 'sshd -t' will complain about the
+    lack of /var/run/sshd (closes: https://launchpad.net/bugs/45234).
+  * debconf template translations:
+    - Update Russian (thanks, Yuriy Talakan'; closes: #367143).
+    - Update Czech (thanks, Miroslav Kure; closes: #367161).
+    - Update Italian (thanks, Luca Monducci; closes: #367186).
+    - Update Galician (thanks, Jacobo Tarrio; closes: #367318).
+    - Update Swedish (thanks, Daniel Nylander; closes: #367971).
+
+ -- Colin Watson <cjwatson@debian.org>  Fri, 19 May 2006 09:14:27 +0100
+
+openssh (1:4.3p2-1) unstable; urgency=low
+
+  * New upstream release (closes: #361032).
+    - CVE-2006-0225: scp (as does rcp, on which it is based) invoked a
+      subshell to perform local to local, and remote to remote copy
+      operations. This subshell exposed filenames to shell expansion twice;
+      allowing a local attacker to create filenames containing shell
+      metacharacters that, if matched by a wildcard, could lead to execution
+      of attacker-specified commands with the privilege of the user running
+      scp (closes: #349645).
+    - Add support for tunneling arbitrary network packets over a connection
+      between an OpenSSH client and server via tun(4) virtual network
+      interfaces. This allows the use of OpenSSH (4.3+) to create a true VPN
+      between the client and server providing real network connectivity at
+      layer 2 or 3. This feature is experimental.
+    - Reduce default key length for new DSA keys generated by ssh-keygen
+      back to 1024 bits. DSA is not specified for longer lengths and does
+      not fully benefit from simply making keys longer. As per FIPS 186-2
+      Change Notice 1, ssh-keygen will refuse to generate a new DSA key
+      smaller or larger than 1024 bits.
+    - Fixed X forwarding failing to start when the X11 client is executed in
+      background at the time of session exit.
+    - Change ssh-keygen to generate a protocol 2 RSA key when invoked
+      without arguments (closes: #114894).
+    - Fix timing variance for valid vs. invalid accounts when attempting
+      Kerberos authentication.
+    - Ensure that ssh always returns code 255 on internal error
+      (closes: #259865).
+    - Cleanup wtmp files on SIGTERM when not using privsep.
+    - Set SO_REUSEADDR on X11 listeners to avoid problems caused by
+      lingering sockets from previous session (X11 applications can
+      sometimes not connect to 127.0.0.1:60xx) (closes:
+      https://launchpad.net/bugs/25528).
+    - Ensure that fds 0, 1 and 2 are always attached in all programs, by
+      duping /dev/null to them if necessary.
+    - Xauth list invocation had bogus "." argument.
+    - Remove internal assumptions on key exchange hash algorithm and output
+      length, preparing OpenSSH for KEX methods with alternate hashes.
+    - Ignore junk sent by a server before it sends the "SSH-" banner.
+    - Many manual page improvements.
+    - Lots of cleanups, including fixes to memory leaks on error paths and
+      possible crashes.
+  * Update to current GSSAPI patch from
+    http://www.sxw.org.uk/computing/patches/openssh-4.3p2-gsskex-20060223.patch
+    (closes: #352042).
+  * debian/rules: Resynchronise CFLAGS with that generated by configure.
+  * Restore pam_nologin to /etc/pam.d/ssh; sshd no longer checks this itself
+    when PAM is enabled, but relies on PAM to do it.
+  * Rename KeepAlive to TCPKeepAlive in default sshd_config
+    (closes: #349896).
+  * Rephrase ssh/new_config and ssh/encrypted_host_key_but_no_keygen debconf
+    templates to make boolean short descriptions end with a question mark
+    and to avoid use of the first person.
+  * Ship README.tun.
+  * Policy version 3.7.2: no changes required.
+  * debconf template translations:
+    - Update Italian (thanks, Luca Monducci; closes: #360348).
+    - Add Galician (thanks, Jacobo Tarrio; closes: #361220).
+
+ -- Colin Watson <cjwatson@debian.org>  Fri, 12 May 2006 12:48:24 +0100
+
+openssh (1:4.2p1-8) unstable; urgency=low
+
+  [ Frans Pop ]
+  * Use udeb support introduced in debhelper 4.2.0 (available in sarge)
+    rather than constructing udebs by steam.
+  * Require debhelper 5.0.22, which generates correct shared library
+    dependencies for udebs (closes: #360068). This build-dependency can be
+    ignored if building on sarge.
+
+  [ Colin Watson ]
+  * Switch to debhelper compatibility level 4, since we now require
+    debhelper 4 even on sarge anyway for udeb support.
+
+ -- Colin Watson <cjwatson@debian.org>  Fri, 31 Mar 2006 09:44:55 +0100
+
+openssh (1:4.2p1-7) unstable; urgency=low
+
+  * I accidentally applied the default $PATH change in 1:4.2p1-6 to the udeb
+    rather than the deb. Fixed.
+
+ -- Colin Watson <cjwatson@debian.org>  Wed,  1 Mar 2006 16:19:00 +0000
+
+openssh (1:4.2p1-6) unstable; urgency=low
+
+  * Sync default values of $PATH from shadow 1:4.0.12-6, adding /usr/bin/X11
+    to the normal and superuser paths and /usr/games to the normal path.
+  * When the client receives a signal, don't fatal() with "Killed by signal
+    %d." (which produces unhelpful noise on stderr and causes confusion for
+    users of some applications that wrap ssh); instead, generate a debug
+    message and exit with the traditional status (closes: #313371).
+  * debconf template translations:
+    - Add Swedish (thanks, Daniel Nylander; closes: #333133).
+    - Update Spanish (thanks, Javier Fernández-Sanguino Peña;
+      closes: #341371).
+    - Correct erroneously-changed Last-Translator headers in Greek and
+      Spanish translations.
+
+ -- Colin Watson <cjwatson@debian.org>  Mon, 20 Feb 2006 16:50:55 +0000
+
+openssh (1:4.2p1-5) unstable; urgency=low
+
+  * Add a CVE name to the 1:4.0p1-1 changelog entry.
+  * Build-depend on libselinux1-dev on armeb.
+  * Only send GSSAPI proposal if GSSAPIAuthentication is enabled.
+  * Build-depend on libssl-dev (>= 0.9.8-1) to cope with surprise OpenSSL
+    transition, since otherwise who knows what the buildds will do. If
+    you're building openssh yourself, you can safely ignore this and use an
+    older libssl-dev.
+
+ -- Colin Watson <cjwatson@debian.org>  Fri,  7 Oct 2005 12:23:42 +0100
+
+openssh (1:4.2p1-4) unstable; urgency=low
+
+  * Initialise token to GSS_C_EMPTY_BUFFER in ssh_gssapi_check_mechanism
+    (closes: #328606).
+
+ -- Colin Watson <cjwatson@debian.org>  Fri, 16 Sep 2005 12:50:16 +0100
+
+openssh (1:4.2p1-3) unstable; urgency=low
+
+  * Add prototype for ssh_gssapi_server_mechanisms (closes: #328372).
+  * Interoperate with ssh-krb5 << 3.8.1p1-1 servers, which used a slightly
+    different version of the gssapi authentication method (thanks, Aaron M.
+    Ucko; closes: #328388).
+  * Explicitly tell po2debconf to use the 'popular' output encoding, so that
+    the woody-compatibility hack works even with po-debconf 0.9.0.
+
+ -- Colin Watson <cjwatson@debian.org>  Thu, 15 Sep 2005 09:28:21 +0100
+
+openssh (1:4.2p1-2) unstable; urgency=low
+
+  * Annotate 1:4.2p1-1 changelog with CVE references.
+  * Add remaining pieces of Kerberos support (closes: #152657, #275472):
+    - Add GSSAPI key exchange support from
+      http://www.sxw.org.uk/computing/patches/openssh.html (thanks, Stephen
+      Frost).
+    - Build-depend on libkrb5-dev and configure --with-kerberos5=/usr.
+    - openssh-client and openssh-server replace ssh-krb5.
+    - Update commented-out Kerberos/GSSAPI options in default sshd_config.
+    - Fix HAVE_GSSAPI_KRB5_H/HAVE_GSSAPI_GSSAPI_KRB5_H typos in
+      gss-serv-krb5.c.
+
+ -- Colin Watson <cjwatson@debian.org>  Wed, 14 Sep 2005 18:28:49 +0100
+
+openssh (1:4.2p1-1) unstable; urgency=low
+
+  * New upstream release.
+    - SECURITY (CAN-2005-2797): Fix a bug introduced in OpenSSH 4.0 that
+      caused GatewayPorts to be incorrectly activated for dynamic ("-D")
+      port forwardings when no listen address was explicitly specified
+      (closes: #326065).
+    - SECURITY (CAN-2005-2798): Fix improper delegation of GSSAPI
+      credentials. This code is only built in openssh-krb5, not openssh, but
+      I mention the CVE reference here anyway for completeness.
+    - Add a new compression method ("Compression delayed") that delays zlib
+      compression until after authentication, eliminating the risk of zlib
+      vulnerabilities being exploited by unauthenticated users. Note that
+      users of OpenSSH versions earlier than 3.5 will need to disable
+      compression on the client or set "Compression yes" (losing this
+      security benefit) on the server.
+    - Increase the default size of new RSA/DSA keys generated by ssh-keygen
+      from 1024 to 2048 bits (closes: #181162).
+    - Many bugfixes and improvements to connection multiplexing.
+    - Don't pretend to accept $HOME (closes: #208648).
+  * debian/rules: Resynchronise CFLAGS with that generated by configure.
+  * openssh-client and openssh-server conflict with pre-split ssh to avoid
+    problems when ssh is left un-upgraded (closes: #324695).
+  * Set X11Forwarding to yes in the default sshd_config (new installs only).
+    At least when X11UseLocalhost is turned on, which is the default, the
+    security risks of using X11 forwarding are risks to the client, not to
+    the server (closes: #320104).
+
+ -- Colin Watson <cjwatson@debian.org>  Wed, 14 Sep 2005 15:16:14 +0100
+
+openssh (1:4.1p1-7) unstable; urgency=low
+
+  * Do the IDEA host key check on a temporary file to avoid altering
+    /etc/ssh/ssh_host_key itself (closes: #312312).
+  * Work around the ssh-askpass alternative somehow ending up in manual mode
+    pointing to the obsolete /usr/lib/ssh/gnome-ssh-askpass.
+  * Add GNU/kFreeBSD support (thanks, Aurelien Jarno; closes: #318113).
+  * Fix XSIish uses of 'test' in openssh-server.preinst.
+  * Policy version 3.6.2: no changes required.
+
+ -- Colin Watson <cjwatson@debian.org>  Fri,  2 Sep 2005 16:18:11 +0100
+
+openssh (1:4.1p1-6) unstable; urgency=low
+
+  * Fix one-character typo that meant the binaries in openssh-client and
+    openssh-server got recompiled with the wrong options during
+    'debian/rules install' (closes: #317088, #317238, #317241).
+
+ -- Colin Watson <cjwatson@debian.org>  Thu,  7 Jul 2005 10:56:16 +0100
+
+openssh (1:4.1p1-5) unstable; urgency=low
+
+  * Build-depend on libselinux1-dev on ppc64 too (closes: #314625).
+  * Drop priority of ssh to extra to match the override file.
+  * Make /usr/share/doc/openssh-server and /usr/share/doc/ssh symlinks to
+    /usr/share/doc/openssh-client (closes: #314745).
+  * Ship README.dns (closes: #284874).
+  * Disable btmp logging, since Debian's /var/log/btmp has inappropriate
+    permissions (closes: #314956).
+  * Allow ~/.ssh/config to be group-writable, provided that the group in
+    question contains only the file's owner (closes: #314347).
+  * debconf template translations:
+    - Update Brazilian Portuguese (thanks, André Luís Lopes;
+      closes: #315477).
+    - Add Vietnamese (thanks, Clytie Siddall; closes: #316636).
+
+ -- Colin Watson <cjwatson@debian.org>  Sun,  3 Jul 2005 17:08:08 +0100
+
+openssh (1:4.1p1-4) unstable; urgency=low
+
+  * openssh-client and openssh-server conflict with ssh-krb5, as ssh-krb5
+    only conflicts with ssh (closes: #312475).
+  * SELinux support (thanks, Manoj Srivastava; closes: #308555):
+    - Added SELinux capability, and turned it on be default. Added
+      restorecon calls in preinst and postinst (should not matter if the
+      machine is not SELinux aware). By and large, the changes made should
+      have no effect unless the rules file calls --with-selinux; and even
+      then there should be no performance hit for machines not actively
+      running SELinux.
+    - Modified the preinst and postinst to call restorecon to set the
+      security context for the generated public key files.
+    - Added a comment to /etc/pam.d/ssh to indicate that an SELinux system
+      may want to also include pam_selinux.so.
+  * Re-enable ssh-askpass-gnome on the Hurd, now that its build-dependencies
+    are available.
+  * Restore /usr/lib/sftp-server temporarily, as a symlink to
+    /usr/lib/openssh/sftp-server (closes: #312891).
+  * Switch to debhelper compatibility level 3, since 2 is deprecated.
+  * debconf template translations:
+    - Update German (thanks, Jens Seidel; closes: #313949).
+
+ -- Colin Watson <cjwatson@debian.org>  Fri, 17 Jun 2005 14:20:20 +0100
+
+openssh (1:4.1p1-3) unstable; urgency=low
+
+  * Upload to unstable.
+
+ -- Colin Watson <cjwatson@debian.org>  Mon,  6 Jun 2005 22:28:33 +0100
+
+openssh (1:4.1p1-2) experimental; urgency=low
+
+  * Drop debconf support for allowing SSH protocol 1, which is discouraged
+    and has not been the default since openssh 1:3.0.1p1-1. Users who need
+    this should edit sshd_config instead (closes: #147212).
+  * Since ssh-keysign isn't used by default (you need to set
+    EnableSSHKeysign to "yes" in /etc/ssh/ssh_config), having a debconf
+    question to ask whether it should be setuid is overkill, and the
+    question text had got out of date anyway. Remove this question, ship
+    ssh-keysign setuid in openssh-client.deb, and set a statoverride if the
+    debconf question was previously set to false.
+  * Add lintian overrides for the above (setuid-binary,
+    no-debconf-templates).
+  * Fix picky lintian errors about slogin symlinks.
+  * Fix DEB_HOST_ARCH_OS/DEB_HOST_GNU_SYSTEM compatibility handling.
+  * Apply Linux 2.2 workaround (see #239999) only on Linux.
+
+ -- Colin Watson <cjwatson@debian.org>  Thu,  2 Jun 2005 00:55:58 +0100
+
+openssh (1:4.1p1-1) experimental; urgency=low
+
+  * New upstream release.
+    - Normalise socket addresses returned by get_remote_hostname(), fixing
+      4-in-6 mapping issues with AllowUsers et al (closes: #192234).
+  * Take upstream's hint and disable the unsupported USE_POSIX_THREADS
+    (closes: #295757, #308868, and possibly others; may open other bugs).
+    Use PAM password authentication to avoid #278394. In future I may
+    provide two sets of binaries built with and without this option, since
+    it seems I can't win.
+  * Disable ChallengeResponseAuthentication in new installations, returning
+    to PasswordAuthentication by default, since it now supports PAM and
+    apparently works better with a non-threaded sshd (closes: #247521).
+  * openssh-server Suggests: rssh (closes: #233012).
+  * Change libexecdir to /usr/lib/openssh, and fix up various alternatives
+    and configuration files to match (closes: #87900, #151321).
+  * Fix up very old sshd_config files that refer to /usr/libexec/sftp-server
+    (closes: #141979).
+
+ -- Colin Watson <cjwatson@debian.org>  Tue, 31 May 2005 01:33:33 +0100
+
+openssh (1:4.0p1-1) experimental; urgency=low
+
+  * New upstream release.
+    - Port-forwarding specifications now take optional bind addresses, and
+      the server allows client-specified bind addresses for remote port
+      forwardings when configured with "GatewayPorts clientspecified"
+      (closes: #87253, #192206).
+    - ssh and ssh-keyscan now support hashing of known_hosts files for
+      improved privacy (CAN-2005-2666). ssh-keygen has new options for
+      managing known_hosts files, which understand hashing.
+    - sftp supports command history and editing support using libedit
+      (closes: #287013).
+    - Have scp and sftp wait for the spawned ssh to exit before they exit
+      themselves, allowing ssh to restore terminal modes (closes: #257130).
+    - Improved the handling of bad data in authorized_keys files,
+      eliminating fatal errors on corrupt or very large keys; e.g. linefeeds
+      in keys only produce errors in auth.log now (closes: #220726).
+    - Add "command mode" to ssh connection multiplexing (closes: #303452).
+    - Mention $HOME/.hushlogin in sshd(8) FILES section (closes: #163933).
+  * Make gnome-ssh-askpass stay above other windows (thanks, Liyang HU;
+    closes: #296487).
+  * Remove obsolete and unnecessary ssh/forward_warning debconf note.
+  * Hurd build fixes (although sshd still doesn't work):
+    - Restore X forwarding fix from #102991, lost somewhere along the way.
+    - Link with -lcrypt.
+    - Link with -lpthread rather than -pthread.
+    - Don't build ssh-askpass-gnome on the Hurd, until GNOME is available to
+      satisfy build-dependencies.
+  * Drop workaround for #242462 on amd64; it's been fixed properly upstream.
+  * Enable HashKnownHosts by default. This only affects new entries; use
+    'ssh-keygen -H' to convert an entire known_hosts file to hashed format.
+  * Note in ssh_config(5) that the SetupTimeOut option is Debian-specific
+    (closes: #307069).
+  * debconf template translations:
+    - Update Czech (thanks, Miroslav Kure; closes: #298744).
+    - Update Finnish (thanks, Matti Pöllä; closes: #303787).
+    - Synchronise Spanish with sarge branch (thanks, Javier
+      Fernández-Sanguino Peña; closes: #298536).
+    - Add Ukrainian (thanks, Eugeniy Meshcheryakov; closes: #301852).
+
+ -- Colin Watson <cjwatson@debian.org>  Thu, 26 May 2005 11:23:18 +0100
+
+openssh (1:3.9p1-3) experimental; urgency=low
+
+  * Explain how to run sshd from inittab in README.Debian (closes: #147360).
+  * Add debian/watch file.
+
+ -- Colin Watson <cjwatson@debian.org>  Fri, 18 Feb 2005 00:20:16 +0000
+
+openssh (1:3.9p1-2) experimental; urgency=low
+
+  * Remove pam_nologin from /etc/pam.d/ssh, as sshd's built-in support
+    appears to be sufficient and more useful (closes: #162996).
+  * Depend on debconf | debconf-2.0.
+  * Drop LoginGraceTime back to the upstream default of two minutes on new
+    installs (closes: #289573).
+  * debconf template translations from Ubuntu bug #1232:
+    - Update Greek (thanks, Logiotatidis George).
+    - Update Spanish (thanks, Santiago Erquicia).
+
+ -- Colin Watson <cjwatson@debian.org>  Sat, 15 Jan 2005 12:37:54 +0000
+
+openssh (1:3.9p1-1) experimental; urgency=low
+
+  * New upstream release.
+    - PAM password authentication implemented again (closes: #238699,
+      #242119).
+    - Implemented the ability to pass selected environment variables between
+      the client and the server.
+    - Fix ssh-keyscan breakage when remote server doesn't speak SSH protocol
+      (closes: #228828).
+    - Fix res_query detection (closes: #242462).
+    - 'ssh -c' documentation improved (closes: #265627).
+  * Pass LANG and LC_* environment variables from the client by default, and
+    accept them to the server by default in new installs, although not on
+    upgrade (closes: #264024).
+  * Build ssh in binary-indep, not binary-arch (thanks, LaMont Jones).
+  * Expand on openssh-client package description (closes: #273831).
+
+ -- Colin Watson <cjwatson@debian.org>  Tue,  4 Jan 2005 14:18:31 +0000
+
+openssh (1:3.8.1p1-14) experimental; urgency=low
+
+  * We use DH_COMPAT=2, so build-depend on debhelper (>= 2).
+  * Fix timing information leak allowing discovery of invalid usernames in
+    PAM keyboard-interactive authentication (backported from a patch by
+    Darren Tucker; closes: #281595).
+  * Make sure that there's a delay in PAM keyboard-interactive
+    authentication when PermitRootLogin is not set to yes and the correct
+    root password is entered (closes: #248747).
+
+ -- Colin Watson <cjwatson@debian.org>  Sun, 28 Nov 2004 18:09:37 +0000
+
+openssh (1:3.8.1p1-13) experimental; urgency=low
+
+  * Enable threading for PAM, on Sam Hartman's advice (closes: #278394).
+  * debconf template translations:
+    - Update Dutch (thanks, cobaco; closes: #278715).
+  * Correct README.Debian's ForwardX11Trusted description (closes: #280190).
+
+ -- Colin Watson <cjwatson@debian.org>  Fri, 12 Nov 2004 12:03:13 +0000
+
+openssh (1:3.8.1p1-12) experimental; urgency=low
+
+  * Preserve /etc/ssh/sshd_config ownership/permissions (closes: #276754).
+  * Shorten the version string from the form "OpenSSH_3.8.1p1 Debian
+    1:3.8.1p1-8.sarge.1" to "OpenSSH_3.8.1p1 Debian-8.sarge.1", as some SSH
+    implementations apparently have problems with the long version string.
+    This is of course a bug in those implementations, but since the extent
+    of the problem is unknown it's best to play safe (closes: #275731).
+  * debconf template translations:
+    - Add Finnish (thanks, Matti Pöllä; closes: #265339).
+    - Update Danish (thanks, Morten Brix Pedersen; closes: #275895).
+    - Update French (thanks, Denis Barbier; closes: #276703).
+    - Update Japanese (thanks, Kenshi Muto; closes: #277438).
+
+ -- Colin Watson <cjwatson@debian.org>  Sun, 24 Oct 2004 19:21:17 +0100
+
+openssh (1:3.8.1p1-11) experimental; urgency=high
+
+  * Move sshd_config(5) to openssh-server, where it belongs.
+  * If PasswordAuthentication is disabled, then offer to disable
+    ChallengeResponseAuthentication too. The current PAM code will attempt
+    password-style authentication if ChallengeResponseAuthentication is
+    enabled (closes: #250369).
+  * This will ask a question of anyone who installed fresh with 1:3.8p1-2 or
+    later and then upgraded. Sorry about that ... for this reason, the
+    default answer is to leave ChallengeResponseAuthentication enabled.
+
+ -- Colin Watson <cjwatson@debian.org>  Wed,  6 Oct 2004 14:28:20 +0100
+
+openssh (1:3.8.1p1-10) experimental; urgency=low
+
+  * Don't install the ssh-askpass-gnome .desktop file by default; I've had
+    too many GNOME people tell me it's the wrong thing to be doing. I've
+    left it in /usr/share/doc/ssh-askpass-gnome/examples/ for now.
+
+ -- Colin Watson <cjwatson@debian.org>  Wed, 25 Aug 2004 18:18:14 +0100
+
+openssh (1:3.8.1p1-9) experimental; urgency=low
+
+  * Split the ssh binary package into openssh-client and openssh-server
+    (closes: #39741). openssh-server depends on openssh-client for some
+    common functionality; it didn't seem worth creating yet another package
+    for this. openssh-client is priority standard, openssh-server optional.
+  * New transitional ssh package, priority optional, depending on
+    openssh-client and openssh-server. May be removed once nothing depends
+    on it.
+  * When upgrading from ssh to openssh-{client,server}, it's very difficult
+    for the maintainer scripts to find out what version we're upgrading from
+    without dodgy dpkg hackery. I've therefore taken the opportunity to move
+    a couple of debconf notes into NEWS files, namely ssh/ssh2_keys_merged
+    and ssh/user_environment_tell.
+  * Add a heuristic to try to make sure the sshd_config upgrade to >= 3.7
+    happens even though we don't know what version we're upgrading from.
+  * Remove /etc/ssh/sshd_not_to_be_run on purge of openssh-server. For now
+    (until sarge+2) it's still honoured to avoid breaking existing
+    configurations, but the right approach is now to remove the
+    openssh-server package if you don't want to run the server. Add a NEWS
+    item to that effect.
+
+ -- Colin Watson <cjwatson@debian.org>  Mon,  2 Aug 2004 20:48:54 +0100
+
+openssh (1:3.8.1p1-8.sarge.4) unstable; urgency=high
+
+  * Fix timing information leak allowing discovery of invalid usernames in
+    PAM keyboard-interactive authentication (backported from a patch by
+    Darren Tucker; closes: #281595).
+  * Make sure that there's a delay in PAM keyboard-interactive
+    authentication when PermitRootLogin is not set to yes and the correct
+    root password is entered (closes: #248747).
+
+ -- Colin Watson <cjwatson@debian.org>  Sun, 28 Nov 2004 12:37:16 +0000
+
+openssh (1:3.8.1p1-8.sarge.3) unstable; urgency=low
+
+  * Enable threading for PAM, on Sam Hartman's advice (closes: #278394).
+  * debconf template translations:
+    - Update Dutch (thanks, cobaco; closes: #278715).
+  * Correct README.Debian's ForwardX11Trusted description (closes: #280190).
+
+ -- Colin Watson <cjwatson@debian.org>  Fri, 12 Nov 2004 10:31:12 +0000
+
+openssh (1:3.8.1p1-8.sarge.2) unstable; urgency=low
+
+  * Preserve /etc/ssh/sshd_config ownership/permissions (closes: #276754).
+  * Shorten the version string from the form "OpenSSH_3.8.1p1 Debian
+    1:3.8.1p1-8.sarge.1" to "OpenSSH_3.8.1p1 Debian-8.sarge.1", as some SSH
+    implementations apparently have problems with the long version string.
+    This is of course a bug in those implementations, but since the extent
+    of the problem is unknown it's best to play safe (closes: #275731).
+  * debconf template translations:
+    - Add Finnish (thanks, Matti Pöllä; closes: #265339).
+    - Update Danish (thanks, Morten Brix Pedersen; closes: #275895).
+    - Update French (thanks, Denis Barbier; closes: #276703).
+    - Update Japanese (thanks, Kenshi Muto; closes: #277438).
+
+ -- Colin Watson <cjwatson@debian.org>  Sun, 24 Oct 2004 17:57:14 +0100
+
+openssh (1:3.8.1p1-8.sarge.1) unstable; urgency=high
+
+  * If PasswordAuthentication is disabled, then offer to disable
+    ChallengeResponseAuthentication too. The current PAM code will attempt
+    password-style authentication if ChallengeResponseAuthentication is
+    enabled (closes: #250369).
+  * This will ask a question of anyone who installed fresh with 1:3.8p1-2 or
+    later and then upgraded. Sorry about that ... for this reason, the
+    default answer is to leave ChallengeResponseAuthentication enabled.
+
+ -- Colin Watson <cjwatson@debian.org>  Wed,  6 Oct 2004 14:21:55 +0100
+
+openssh (1:3.8.1p1-8) unstable; urgency=high
+
+  * Matthew Vernon:
+    - Add a GPL exception to the licensing terms of the Debian patch
+      (closes: #211644).
+
+ -- Colin Watson <cjwatson@debian.org>  Thu, 29 Jul 2004 13:28:47 +0100
+
+openssh (1:3.8.1p1-7) unstable; urgency=low
+
+  * Re-enable shadow password support in openssh-server-udeb, at Bastian
+    Blank's request (closes: #260800).
+
+ -- Colin Watson <cjwatson@debian.org>  Thu, 22 Jul 2004 10:56:06 +0100
+
+openssh (1:3.8.1p1-6) unstable; urgency=low
+
+  * Implement hack in
+    http://lists.debian.org/debian-boot/2004/07/msg01207.html to get
+    openssh-client-udeb to show up as a retrievable debian-installer
+    component.
+  * Generate host keys in postinst only if the relevant HostKey directives
+    are found in sshd_config (closes: #87946).
+
+ -- Colin Watson <cjwatson@debian.org>  Wed, 21 Jul 2004 15:14:46 +0100
+
+openssh (1:3.8.1p1-5) unstable; urgency=medium
+
+  * Update German debconf template translation (thanks, Helge Kreutzmann;
+    closes: #252226).
+  * Remove Suggests: dnsutils, as it was only needed for
+    make-ssh-known-hosts (#93265), which has been replaced by ssh-keyscan.
+  * Disable shadow password support in openssh-server-udeb.
+  * Fix non-portable shell constructs in maintainer scripts, Makefile, and
+    ssh-copy-id (thanks, David Weinehall; closes: #258517).
+  * Apply patch from Darren Tucker to make the PAM authentication SIGCHLD
+    handler kill the PAM thread if its waitpid() call returns 0, as well as
+    the previous check for -1 (closes: #252676).
+  * Add scp and sftp to openssh-client-udeb. It might not be very 'u' any
+    more; oh well.
+
+ -- Colin Watson <cjwatson@debian.org>  Sat, 10 Jul 2004 13:57:27 +0100
+
+openssh (1:3.8.1p1-4) unstable; urgency=medium
+
+  * Kill off PAM thread if privsep slave dies (closes: #248125).
+
+ -- Colin Watson <cjwatson@debian.org>  Fri, 28 May 2004 17:58:45 -0300
+
+openssh (1:3.8.1p1-3) unstable; urgency=low
+
+  * Add ssh-keygen to openssh-server-udeb.
+
+ -- Colin Watson <cjwatson@debian.org>  Thu, 20 May 2004 16:31:52 +0100
+
+openssh (1:3.8.1p1-2) unstable; urgency=low
+
+  * Add Catalan debconf template translation (thanks, Aleix Badia i Bosch;
+    closes: #248748).
+  * openssh-client-udeb and openssh-server-udeb depend on libnss-files-udeb
+    (not yet uploaded).
+  * Restore ssh-askpass-gnome binary, lost by mistake.
+  * Don't link against libnsl in udeb builds.
+
+ -- Colin Watson <cjwatson@debian.org>  Thu, 20 May 2004 11:15:58 +0100
+
+openssh (1:3.8.1p1-1) unstable; urgency=low
+
+  * New upstream release.
+    - Use a longer buffer for tty names in utmp (closes: #247538).
+  * Make sure there's a newline at the end of sshd_config before adding
+    'UsePAM yes' (closes: #244829).
+  * Generate a new .orig.tar.gz without RFC.nroff, and remove
+    /usr/share/doc/ssh/RFC.gz (closes: #211640). It isn't DFSG-free and only
+    documents the obsolete SSH1 protocol, not to mention that it was never a
+    real RFC but only an Internet-Draft. It's available from
+    http://www.free.lp.se/bamse/draft-ylonen-ssh-protocol-00.txt if you want
+    it for some reason.
+  * Add openssh-client-udeb and openssh-server-udeb binary packages for use
+    in debian-installer. They still need libnss_files to be supplied in udeb
+    form by glibc.
+  * Work around lack of res_query weak alias in libresolv on amd64 (see
+    #242462, awaiting real fix upstream).
+  * Fix grammar in sshd(8) (closes: #238753).
+  * Add .desktop file and icon for ssh-askpass-gnome (closes: #232333).
+  * Update Polish debconf template translation (thanks, Emil Nowak;
+    closes: #242808).
+  * Add Turkish debconf template translation (thanks, Recai Oktaş;
+    closes: #246068).
+
+ -- Colin Watson <cjwatson@debian.org>  Tue, 11 May 2004 23:38:10 +0100
+
+openssh (1:3.8p1-3) unstable; urgency=low
+
+  * Remove deprecated ReverseMappingCheck option from newly generated
+    sshd_config files (closes: #239987).
+  * Build everything apart from contrib in a subdirectory, to allow for
+    multiple builds.
+  * Some older kernels are missing setresuid() and setresgid(), so don't try
+    to use them. setreuid() and setregid() will do well enough for our
+    purposes (closes: #239999).
+
+ -- Colin Watson <cjwatson@debian.org>  Mon,  5 Apr 2004 21:23:43 +0100
+
+openssh (1:3.8p1-2) unstable; urgency=medium
+
+  * Disable PasswordAuthentication for new installations (closes: #236810).
+  * Turn off the new ForwardX11Trusted by default, returning to the
+    semantics of 3.7 and earlier, since it seems immature and causes far too
+    many problems with existing setups. See README.Debian for details
+    (closes: #237021).
+
+ -- Colin Watson <cjwatson@debian.org>  Wed, 10 Mar 2004 10:33:07 +0000
+
+openssh (1:3.8p1-1) unstable; urgency=low
+
+  * New upstream release (closes: #232281):
+    - New PAM implementation based on that in FreeBSD. This runs PAM session
+      modules before dropping privileges (closes: #132681, #150968).
+    - Since PAM session modules are run as root, we can turn pam_limits back
+      on by default, and it no longer spits out "Operation not permitted" to
+      syslog (closes: #171673).
+    - Password expiry works again (closes: #153235).
+    - 'ssh -q' suppresses login banner (closes: #134589).
+    - sshd doesn't lie to PAM about invalid usernames (closes: #157078).
+    - ssh-add prints key comment on each prompt (closes: #181869).
+    - Punctuation formatting fixed in man pages (closes: #191131).
+    - EnableSSHKeysign documented in ssh_config(5) (closes: #224457).
+  * Add 'UsePAM yes' to /etc/ssh/sshd_config on upgrade from versions older
+    than this, to maintain the standard Debian sshd configuration.
+  * Comment out PAMAuthenticationViaKbdInt and RhostsAuthentication in
+    sshd_config on upgrade. Neither option is supported any more.
+  * Privilege separation and PAM are now properly supported together, so
+    remove both debconf questions related to them and simply set it
+    unconditionally in newly generated sshd_config files (closes: #228838).
+  * ServerAliveInterval implemented upstream, so ProtocolKeepAlives is now a
+    compatibility alias. The semantics differ slightly, though; see
+    ssh_config(5) for details.
+  * Implement SSH1 support for ServerAliveInterval using SSH_MSG_IGNORE. As
+    documented in ssh_config(5), it's not as good as the SSH2 version.
+  * Remove -fno-builtin-log, -DHAVE_MMAP_ANON_SHARED, and
+    -D__FILE_OFFSET_BITS=64 compiler options, which are no longer necessary.
+  * Update config.guess and config.sub from autotools-dev 20040105.1.
+  * Darren Tucker:
+    - Reset signal status when starting pam auth thread, prevent hanging
+      during PAM keyboard-interactive authentications.
+    - Fix a non-security-critical segfault in PAM authentication.
+  * Add debconf template translations:
+    - Greek (thanks, Konstantinos Margaritis; closes: #232843).
+    - Italian (thanks, Renato Gini; closes: #234777).
+
+ -- Colin Watson <cjwatson@debian.org>  Sat,  6 Mar 2004 18:43:44 +0000
+
+openssh (1:3.6.1p2-12) unstable; urgency=low
+
+  * Update Spanish debconf template translation (thanks, Javier
+    Fernández-Sanguino Peña; closes: #228242).
+  * Add debconf template translations:
+    - Czech (thanks, Miroslav Kure; closes: #230110).
+    - Simplified Chinese (thanks, Hiei Xu; closes: #230726).
+
+ -- Colin Watson <cjwatson@debian.org>  Wed, 11 Feb 2004 09:37:57 +0000
+
+openssh (1:3.6.1p2-11) unstable; urgency=low
+
+  * Comment out pam_limits in default configuration, for now at least
+    (closes: #198254).
+  * Use invoke-rc.d (if it exists) to run the init script.
+  * Backport format string bug fix in sshconnect.c (closes: #225238).
+  * ssh-copy-id exits if ssh fails (closes: #215252).
+
+ -- Colin Watson <cjwatson@debian.org>  Sun,  4 Jan 2004 18:59:21 +0000
+
+openssh (1:3.6.1p2-10) unstable; urgency=low
+
+  * Use --retry in init script when restarting rather than sleeping, to make
+    sure the old process is dead (thanks, Herbert Xu; closes: #212117).
+    Depend on dpkg (>= 1.9.0) for start-stop-daemon's --retry option.
+  * Update debconf template translations:
+    - Brazilian Portuguese (thanks, Andre Luis Lopes; closes: #219844).
+    - Danish (thanks, Morten Brix Pedersen; closes: #217964).
+    - Japanese (thanks, Kenshi Muto; closes: #212497).
+    - Russian (thanks, Ilgiz Kalmetev).
+    - Spanish (thanks, Carlos Valdivia Yagüe; closes: #211832).
+  * Add Dutch debconf template translation (thanks, cobaco;
+    closes: #215372).
+  * Update config.guess and config.sub from autotools-dev 20031007.1
+    (closes: #217696).
+  * Implement New World Order for PAM configuration, including
+    /etc/pam.d/common-* from /etc/pam.d/ssh (closes: #212959).
+    - To backport this release to woody, you need to set DEB_BUILD_SSH_WOODY
+      in your environment. See README.Debian.
+  * Add more commentary to /etc/pam.d/ssh.
+
+ -- Colin Watson <cjwatson@debian.org>  Sun, 16 Nov 2003 01:14:16 +0000
+
+openssh (1:3.6.1p2-9) unstable; urgency=high
+
+  * Merge even more buffer allocation fixes from upstream (CAN-2003-0682;
+    closes: #211434).
+
+ -- Colin Watson <cjwatson@debian.org>  Fri, 19 Sep 2003 10:25:25 +0100
+
+openssh (1:3.6.1p2-8) unstable; urgency=high
+
+  * Merge more buffer allocation fixes from new upstream version 3.7.1p1
+    (closes: #211324).
+
+ -- Colin Watson <cjwatson@debian.org>  Wed, 17 Sep 2003 03:07:19 +0100
+
+openssh (1:3.6.1p2-7) unstable; urgency=high
+
+  * Update debconf template translations:
+    - French (thanks, Christian Perrier; closes: #208801).
+    - Japanese (thanks, Kenshi Muto; closes: #210380).
+  * Some small improvements to the English templates courtesy of Christian
+    Perrier. I've manually unfuzzied a few translations where it was
+    obvious, on Christian's advice, but the others will have to be updated.
+  * Document how to generate an RSA1 host key (closes: #141703).
+  * Incorporate NMU fix for early buffer expansion vulnerability,
+    CAN-2003-0693 (closes: #211205). Thanks to Michael Stone.
+
+ -- Colin Watson <cjwatson@debian.org>  Tue, 16 Sep 2003 14:32:28 +0100
+
+openssh (1:3.6.1p2-6.0) unstable; urgency=high
+
+  * SECURITY: fix for CAN-2003-0693, buffer allocation error
+
+ -- Michael Stone <mstone@debian.org>  Tue, 16 Sep 2003 08:27:07 -0400
+
+openssh (1:3.6.1p2-6) unstable; urgency=medium
+
+  * Use a more CVS-friendly means of setting SSH_VERSION.
+  * Update Brazilian Portuguese debconf template translation (thanks, Andre
+    Luis Lopes; closes: #208036).
+  * Don't run 'sshd -t' in init script if the server isn't to be run
+    (closes: #197576).
+  * Fix login delay, spurious auth.log entry, and PermitRootLogin
+    information leakage due to PAM issues with upstream's recent security
+    update (thanks, Darren Tucker; closes: #99168, #192207, #193546).
+  * Policy version 3.6.1: recode this changelog to UTF-8.
+
+ -- Colin Watson <cjwatson@debian.org>  Wed,  3 Sep 2003 19:14:02 +0100
+
+openssh (1:3.6.1p2-5) unstable; urgency=low
+
+  * Disable cmsg_type check for file descriptor passing when running on
+    Linux 2.0 (closes: #150976). Remove comments about non-functional
+    privilege separation on 2.0 from ssh/privsep_ask and ssh/privsep_tell
+    debconf questions and from README.Debian, since it should all now work.
+  * Fix "defails" typo in generated sshd_config (closes: #206484).
+  * Backport upstream patch to strip trailing whitespace (including
+    newlines) from configuration directives (closes: #192079).
+
+ -- Colin Watson <cjwatson@debian.org>  Wed, 27 Aug 2003 02:19:57 +0100
+
+openssh (1:3.6.1p2-4) unstable; urgency=low
+
+  * getent can get just one key; no need to use grep (thanks, James Troup).
+  * Move /usr/local/bin to the front of the default path, following
+    /etc/login.defs (closes: #201150).
+  * Remove specifics of problematic countries from package description
+    (closes: #197040).
+  * Update Spanish debconf template translation (thanks, Carlos Valdivia
+    Yagüe; closes: #198456).
+  * Backport upstream patch to pass monitor signals through to child
+    (closes: #164797).
+
+ -- Colin Watson <cjwatson@debian.org>  Sun, 27 Jul 2003 17:31:15 +0100
+
+openssh (1:3.6.1p2-3) unstable; urgency=low
+
+  * Update French debconf template translation (thanks, Christian Perrier;
+    closes: #194323).
+  * Version the adduser dependency for --no-create-home (closes: #195756).
+  * Add a version of moduli(5), namely revision 1.7 of
+    http://www.openbsd.org/cgi-bin/cvsweb/src/share/man/man5/moduli.5 with
+    '/etc/moduli' changed to '/etc/ssh/moduli' throughout (closes: #196061).
+
+ -- Colin Watson <cjwatson@debian.org>  Mon,  9 Jun 2003 02:51:35 +0100
+
+openssh (1:3.6.1p2-2) unstable; urgency=low
+
+  * Force /etc/default/ssh to be non-executable, since dpkg apparently
+    doesn't deal with permissions changes on conffiles (closes: #192966).
+  * Use debconf 0.5's seen flag rather than the deprecated isdefault.
+  * Add GPL location to copyright file.
+  * Remove debian/postinst.old.
+  * Switch to po-debconf, with some careful manual use of po2debconf to
+    ensure that the source package continues to build smoothly on woody
+    (closes: #183986).
+  * Update debconf template translations:
+    - Brazilian Portugese (thanks, Andre Luis Lopes; see #183986).
+    - Japanese (thanks, Tomohiro KUBOTA; closes: #192429).
+  * Compile with -fno-builtin-log for now, otherwise gcc-3.3 complains
+    "log.h:59: warning: conflicting types for built-in function `log'". The
+    OpenSSH log() function has been renamed in upstream CVS.
+
+ -- Colin Watson <cjwatson@debian.org>  Mon, 19 May 2003 01:52:38 +0100
+
+openssh (1:3.6.1p2-1) unstable; urgency=medium
+
+  * New upstream release, including fix for PAM user-discovery security hole
+    (closes: #191681).
+  * Fix ChallengeResponseAuthentication default in generated sshd_config
+    (closes: #106037).
+  * Put newlines after full stops in man page documentation for
+    ProtocolKeepAlives and SetupTimeOut.
+  * Policy version 3.5.9: support DEB_BUILD_OPTIONS=noopt, build
+    gnome-ssh-askpass with -g and -Wall flags.
+  * Really ask ssh/new_config debconf question before trying to fetch its
+    value (closes: #188721).
+  * On purge, remove only the files we know about in /etc/ssh rather than
+    the whole thing, and remove the directory if that leaves it empty
+    (closes: #176679).
+  * ssh has depended on debconf for some time now with no complaints, so:
+    - Simplify the postinst by relying on debconf being present. (The absent
+      case was buggy anyway.)
+    - Get rid of "if you have not installed debconf" text in README.Debian,
+      and generally update the "/usr/bin/ssh not SUID" entry.
+  * More README.Debian work:
+    - Reorganize into "UPGRADE ISSUES" and "OTHER ISSUES", in an effort to
+      make it easier for people to find the former. The upgrade issues
+      should probably be sorted by version somehow.
+    - Document X11UseLocalhost under "X11 Forwarding" (closes: #150913).
+  * Fix setting of IP flags for interactive sessions (upstream bug #541).
+
+ -- Colin Watson <cjwatson@debian.org>  Mon,  5 May 2003 17:47:40 +0100
+
+openssh (1:3.6.1p1-1) unstable; urgency=low
+
+  * New upstream release (thanks, Laurence J. Lane).
+  * debian/control: ssh-askpass-gnome is now Section: gnome, following the
+    override file.
+
+ -- Colin Watson <cjwatson@debian.org>  Wed,  2 Apr 2003 00:51:02 +0100
+
+openssh (1:3.6p1-1) unstable; urgency=low
+
+  * New upstream release.
+    - Workaround applied upstream for a bug in the interaction of glibc's
+      getaddrinfo() with the Linux 2.2 kernel (closes: #155814).
+    - As such, it should now be safe to remove --with-ipv4-default, so
+      starting sshd with -6 is no longer necessary (closes: #79861 and lots
+      of other merged bugs).
+    - ssh-copy-id prints usage when run without arguments (closes: #71376).
+    - scp exits 1 if ssh fails (closes: #138400).
+    - sshd writes to utmp's ut_addr_v6 field in IPv6 mode (closes: #167867).
+    - 'ssh-add -c' causes ssh-agent to ask the user each time a key is used
+      (closes: #109795).
+  * Install /etc/default/ssh non-executable (closes: #185537).
+
+ -- Colin Watson <cjwatson@debian.org>  Mon, 31 Mar 2003 23:00:59 +0100
+
+openssh (1:3.5p1-5) unstable; urgency=low
+
+  * Add /etc/default/ssh (closes: #161049).
+  * Run the init script under 'set -e' (closes: #175010).
+  * Change the default superuser path to include /sbin, /usr/sbin, and
+    /usr/local/sbin (closes: #128235, #151267). Using login.defs would be
+    nice, but that belongs to another package. Without a defined API to
+    retrieve its settings, parsing it is off-limits.
+  * Build ssh-askpass-gnome with GNOME 2. The source package should still
+    support building on stable with GNOME 1, using the alternate
+    libgnome-dev build-dependency (thanks, Colin Walters; closes: #167582).
+
+ -- Colin Watson <cjwatson@debian.org>  Sun,  9 Mar 2003 20:12:10 +0000
+
+openssh (1:3.5p1-4) unstable; urgency=low
+
+  * Point rlogin and rcp alternatives at slogin and scp respectively rather
+    than ssh (closes: #121103, #151666). Fix alternative removal to match;
+    previously it was completely wrong anyway.
+  * Find out whether /etc/ssh/sshd_not_to_be_run exists and set the debconf
+    question's default using that information, rather than using debconf as
+    a registry. Other solutions may be better in the long run, but this is
+    at least correct (thanks, Matthew Woodcraft; closes: #84725).
+  * Stop using pam_lastlog, as it doesn't currently work well as a session
+    module when privilege separation is enabled; it can usually read
+    /var/log/lastlog but can't write to it. Instead, just use sshd's
+    built-in support, already enabled by default (closes: #151297, #169938).
+  * Use 'ssh-keygen -q' rather than redirecting output to /dev/null.
+  * Add a "this may take some time" warning when creating host keys on
+    installation (part of #110094).
+  * When restarting via the init script, check for sshd_not_to_be_run after
+    stopping sshd (idea from Tomas Pospisek; closes: #149850).
+  * Append /usr/sbin:/sbin to the init script's $PATH, just in case of
+    strangeness (closes: #115138).
+  * Fix a dpkg-statoverride call to redirect stdout to /dev/null, not
+    stderr.
+  * Correct copyright file typo: "orignal" -> "original" (closes: #176490).
+  * Rebuild with libssl0.9.7 (closes: #176983).
+  * We're up to policy version 3.5.6. DEB_BUILD_OPTIONS stuff still needs to
+    be looked at.
+
+ -- Colin Watson <cjwatson@debian.org>  Sat, 18 Jan 2003 01:37:23 +0000
+
+openssh (1:3.5p1-3) unstable; urgency=low
+
+  * Happy new year!
+  * Use getent rather than id to find out whether the sshd user exists
+    (closes: #150974).
+  * Remove some duplication from the postinst's ssh-keysign setuid code.
+  * Replace db_text with db_input throughout debian/config. (db_text has
+    been a compatibility wrapper since debconf 0.1.5.)
+  * Warn about PermitUserEnvironment on upgrade (closes: #167895).
+  * Use 'make install-nokeys', and disable unused debhelper commands,
+    thereby forward-porting the last pieces of Zack Weinberg's patch
+    (closes: #68341).
+  * Move the man page for gnome-ssh-askpass from the ssh package to
+    ssh-askpass-gnome (closes: #174449).
+  * Build with -DLOGIN_NO_ENDOPT, since Debian's /bin/login doesn't accept
+    '--' to terminate the list of options (closes: #171554).
+  * Add Jonathan Amery's ssh-argv0 script (closes: #111341).
+  * Update Danish debconf template (thanks, Morten Brix Pedersen;
+    closes: #174757).
+  * Document setgid ssh-agent's effect on certain environment variables in
+    README.Debian (closes: #167974).
+  * Document interoperability problems between scp and ssh.com's server in
+    README.Debian, and suggest some workarounds (closes: #174662).
+
+ -- Colin Watson <cjwatson@debian.org>  Wed,  1 Jan 2003 14:18:30 +0000
+
+openssh (1:3.5p1-2) unstable; urgency=low
+
+  * Mention in the ssh package description that it provides both ssh and
+    sshd (closes: #99680).
+  * Create a system group for ssh-agent, not a user group (closes: #167669).
+
+ -- Colin Watson <cjwatson@debian.org>  Mon,  4 Nov 2002 13:43:53 +0000
+
+openssh (1:3.5p1-1) unstable; urgency=low
+
+  * New upstream release.
+    - Fixes typo in ssh-add usage (closes: #152239).
+    - Fixes 'PermitRootLogin forced-commands-only' (closes: #166184).
+    - ~/.ssh/environment and environment= options in ~/.ssh/authorized_keys
+      are deprecated for security reasons and will eventually go away. For
+      now they can be re-enabled by setting 'PermitUserEnvironment yes' in
+      sshd_config.
+    - ssh-agent is installed setgid to prevent ptrace() attacks. The group
+      actually doesn't matter, as it drops privileges immediately, but to
+      avoid confusion the postinst creates a new 'ssh' group for it.
+  * Obsolete patches:
+    - Solar Designer's privsep+compression patch for Linux 2.2 (see
+      1:3.3p1-0.0woody1).
+    - Hostbased auth ssh-keysign backport (see 1:3.4p1-4).
+
+  * Remove duplicated phrase in ssh_config(5) (closes: #152404).
+  * Source the debconf confmodule at the top of the postrm rather than at
+    the bottom, to avoid making future non-idempotency problems worse (see
+    #151035).
+  * Debconf templates:
+    - Add Polish (thanks, Grzegorz Kusnierz).
+    - Update French (thanks, Denis Barbier; closes: #132509).
+    - Update Spanish (thanks, Carlos Valdivia Yagüe; closes: #164716).
+  * Write a man page for gnome-ssh-askpass, and link it to ssh-askpass.1 if
+    this is the selected ssh-askpass alternative (closes: #67775).
+
+ -- Colin Watson <cjwatson@debian.org>  Sat, 26 Oct 2002 19:41:51 +0100
+
+openssh (1:3.4p1-4) unstable; urgency=low
+
+  * Allow ssh-krb5 in ssh-askpass-gnome's dependencies (closes: #129532).
+  * Restore Russia to list of countries where encryption is problematic (see
+    #148951 and http://www.average.org/freecrypto/).
+  * Drop ssh-askpass-gnome's priority to optional, per the override file.
+  * Drop the PAM special case for hurd-i386 (closes: #99157).
+  * s/dile/idle/ in ssh_config(5) (closes: #118331).
+  * Note in README.Debian that you need xauth from xbase-clients on the
+    server for X11 forwarding (closes: #140269).
+  * Use correct path to upstream README in copyright file (closes: #146037).
+  * Document the units for ProtocolKeepAlives (closes: #159479).
+  * Backport upstream patch to fix hostbased auth (closes: #117114).
+  * Add -g to CFLAGS.
+
+ -- Colin Watson <cjwatson@debian.org>  Sun, 13 Oct 2002 18:58:53 +0100
+
+openssh (1:3.4p1-3) unstable; urgency=low
+
+  * Add myself to Uploaders: and begin acting as temporary maintainer, at
+    Matthew's request. (Normal service will resume in some months' time.)
+  * Add sharutils to Build-Depends (closes: #138465).
+  * Stop creating the /usr/doc/ssh symlink.
+
+  * Fix some debconf template typos (closes: #160358).
+  * Split debconf templates into one file per language.
+  * Add debconf template translations:
+    - Brazilian Portuguese (thanks, Andre Luis Lopes; closes: #106173).
+    - Danish (thanks, Claus Hindsgaul; closes: #126607).
+    - Japanese (thanks, Tomohiro KUBOTA; closes: #137427).
+    - Russian (thanks, Ilgiz Kalmetev; closes: #136610).
+    - Spanish (thanks, Carlos Valdivia Yagüe; closes: #129041).
+  * Update debconf template translations:
+    - French (thanks, Igor Genibel; closes: #151361).
+    - German (thanks, Axel Noetzold; closes: #147069).
+  * Some of these translations are fuzzy. Please send updates.
+
+ -- Colin Watson <cjwatson@debian.org>  Sun, 13 Oct 2002 14:09:57 +0100
+
+openssh (1:3.4p1-2) unstable; urgency=high
+
+  * Get a security-fixed version into unstable
+  * Also tidy README.Debian up a little
+
+ -- Matthew Vernon <matthew@debian.org>  Fri, 28 Jun 2002 17:20:59 +0100
+
+openssh (1:3.4p1-1) testing; urgency=high
+
+  * Extend my tendrils back into this package (Closes: #150915, #151098)
+  * thanks to the security team for their work
+  * no thanks to ISS/Theo de Raadt for their handling of these bugs
+  * save old sshd_configs to sshd_config.dpkg-old when auto-generating a
+    new one
+  * tell/ask the user about PriviledgeSeparation
+  * /etc/init.d/ssh run will now create the chroot empty dir if necessary 
+  * Remove our previous statoverride on /usr/bin/ssh (only for people 
+    upgrading from a version where we'd put one in ourselves!)
+  * Stop slandering Russia, since someone asked so nicely (Closes: #148951)
+  * Reduce the sleep time in /etc/init.d/ssh during a restart
+
+ -- Matthew Vernon <matthew@debian.org>  Fri, 28 Jun 2002 15:52:10 +0100
+
+openssh (1:3.4p1-0.0woody1) testing-security; urgency=high
+
+  * NMU by the security team.
+  * New upstream version
+
+ -- Michael Stone <mstone@debian.org>  Wed, 26 Jun 2002 15:40:38 -0400
+
+openssh (1:3.3p1-0.0woody4) testing-security; urgency=high
+
+  * NMU by the security team.
+  * fix error when /etc/ssh/sshd_config exists on new install
+  * check that user doesn't exist before running adduser
+  * use openssl internal random unconditionally
+
+ -- Michael Stone <mstone@debian.org>  Tue, 25 Jun 2002 19:44:39 -0400
+
+openssh (1:3.3p1-0.0woody3) testing-security; urgency=high
+
+  * NMU by the security team.
+  * use correct home directory when sshd user is created
+
+ -- Michael Stone <mstone@debian.org>  Tue, 25 Jun 2002 08:59:50 -0400
+
+openssh (1:3.3p1-0.0woody2) testing-security; urgency=high
+
+  * NMU by the security team.
+  * Fix rsa1 key creation (Closes: #150949)
+  * don't fail if sshd user removal fails
+  * depends: on adduser (Closes: #150907)
+
+ -- Michael Stone <mstone@debian.org>  Tue, 25 Jun 2002 08:59:50 -0400
+
+openssh (1:3.3p1-0.0woody1) testing-security; urgency=high
+
+  * NMU by the security team.
+  * New upstream version.
+    - Enable privilege separation by default.
+  * Include patch from Solar Designer for privilege separation and
+    compression on 2.2.x kernels.
+  * Remove --disable-suid-ssh from configure.
+  * Support setuid ssh-keysign binary instead of setuid ssh client.
+  * Check sshd configuration before restarting.
+
+ -- Daniel Jacobowitz <dan@debian.org>  Mon, 24 Jun 2002 13:43:44 -0400
+
+openssh (1:3.0.2p1-9) unstable; urgency=high
+
+  * Thanks to those who NMUd
+  * The only change in this version is to debian/control - I've removed
+    the bit that says you can't export it from the US - it would look 
+    pretty daft to say this about a package in main! Also, it's now OK
+    to use crypto in France, so I've edited that comment slightly
+  * Correct a path in README.Debian too (Closes: #138634)
+
+ -- Matthew Vernon <matthew@debian.org>  Sun,  4 Apr 2002 09:52:59 +0100
+
+openssh (1:3.0.2p1-8.3) unstable; urgency=medium
+
+  * NMU
+  * Really set urgency to medium this time (oops)
+  * Fix priority to standard per override while I'm at it
+
+ -- Aaron M. Ucko <ucko@debian.org>  Sun, 24 Mar 2002 09:00:08 -0500
+
+openssh (1:3.0.2p1-8.2) unstable; urgency=low
+
+  * NMU with maintainer's permission
+  * Prepare for upcoming ssh-nonfree transitional packages per
+    <http://lists.debian.org/debian-ssh/2002/debian-ssh-200203/msg00008.html>
+  * Urgency medium because it would really be good to get this into woody
+    before it releases
+  * Fix sections to match override file
+  * Reissued due to clash with non-US -> main move
+
+ -- Aaron M. Ucko <ucko@debian.org>  Sat, 23 Mar 2002 21:21:52 -0500
+
+openssh (1:3.0.2p1-8.1) unstable; urgency=low
+
+  * NMU
+  * Move from non-US to mani
+
+ -- LaMont Jones <lamont@debian.org>  Thu, 21 Mar 2002 09:33:50 -0700
+
+openssh (1:3.0.2p1-8) unstable; urgency=critical
+
+  * Security fix - patch from upstream (Closes: #137209, #137210)
+  * Undo the changes in the unreleased -7, since they appear to break 
+    things here. Accordingly, the code change is minimal, and I'm 
+    happy to get it into testing ASAP
+
+ -- Matthew Vernon <matthew@debian.org>  Thu,  7 Mar 2002 14:25:23 +0000
+
+openssh (1:3.0.2p1-7) unstable; urgency=high
+
+  * Build to support IPv6 and IPv4 by default again
+
+ -- Matthew Vernon <matthew@debian.org>  Sat,  2 Mar 2002 00:25:05 +0000
+
+openssh (1:3.0.2p1-6) unstable; urgency=high
+
+  * Correct error in the clean target (Closes: #130868)
+
+ -- Matthew Vernon <matthew@debian.org>  Sat, 26 Jan 2002 00:32:00 +0000
+
+openssh (1:3.0.2p1-5) unstable; urgency=medium
+
+  * Include the Debian version in our identification, to make it easier to
+    audit networks for patched versions in future
+
+ -- Matthew Vernon <matthew@debian.org>  Mon, 21 Jan 2002 17:16:10 +0000
+
+openssh (1:3.0.2p1-4) unstable; urgency=medium
+
+  * If we're asked to not run sshd, stop any running sshd's first 
+    (Closes: #129327)
+
+ -- Matthew Vernon <matthew@debian.org>  Wed, 16 Jan 2002 21:24:16 +0000
+
+openssh (1:3.0.2p1-3) unstable; urgency=high
+
+  * Fix /etc/pam.d/ssh to not set $MAIL (Closes: #128913)
+  * Remove extra debconf suggestion (Closes: #128094)
+  * Mmm. speedy bug-fixing :-)
+
+ -- Matthew Vernon <matthew@debian.org>  Sat, 12 Jan 2002 17:23:58 +0000
+
+openssh (1:3.0.2p1-2) unstable; urgency=high
+
+  * Fix postinst to not automatically overwrite sshd_config (!) 
+    (Closes: #127842, #127867)
+  * Add section in README.Debian about the PermitRootLogin setting
+
+ -- Matthew Vernon <matthew@debian.org>  Sat,  5 Jan 2003 05:26:30 +0000
+
+openssh (1:3.0.2p1-1) unstable; urgency=high
+
+  * Incorporate fix from Colin's NMU
+  * New upstream version (fixes the bug Wichert fixed) (Closes: #124035)
+  * Capitalise IETF (Closes: #125379)
+  * Refer to the correct sftp-server location (Closes: #126854, #126224)
+  * Do what we're asked re SetUID ssh (Closes: #124065, #124154, #123247)
+  * Ask people upgrading from potato if they want a new conffile 
+    (Closes: #125642)
+  * Fix a typo in postinst (Closes: #122192, #122410, #123440)
+  * Frob the default config a little (Closes: #122284, #125827, #125696,
+    #123854)
+  * Make /etc/init.d/ssh be more clear about ssh not running (Closes:
+    #123552)
+  * Fix typo in templates file (Closes: #123411)
+
+ -- Matthew Vernon <matthew@debian.org>  Fri,  4 Jan 2002 16:01:52 +0000
+
+openssh (1:3.0.1p1-1.2) unstable; urgency=high
+
+  * Non-maintainer upload
+  * Prevent local users from passing environment variables to the login
+    process when UseLogin is enabled
+
+ -- Wichert Akkerman <wakkerma@debian.org>  Mon,  3 Dec 2001 19:34:45 +0100
+
+openssh (1:3.0.1p1-1.1) unstable; urgency=low
+
+  * Non-maintainer upload, at Matthew's request.
+  * Remove sa_restorer assignment to fix compilation on alpha, hppa, and
+    ia64 (closes: #122086).
+
+ -- Colin Watson <cjwatson@debian.org>  Sun,  2 Dec 2001 18:54:16 +0000
+
+openssh (1:3.0.1p1-1) unstable; urgency=high
+
+  * New upstream version (Closes: #113646, #113513, #114707, #118564)
+  * Building with a libc that works (!) (Closes: #115228)
+  * Patches forward-ported are -1/-2 options for scp, the improvement to
+    'waiting for forwarded connections to terminate...'
+  * Fix /etc/init.d/ssh to stop sshd properly (Closes: #115228)
+  * /etc/ssh/sshd_config is no longer a conffile but generated in the postinst
+  * Remove suidregister leftover from postrm
+  * Mention key we are making in the postinst
+  * Default to not enable SSH protocol 1 support, since protocol 2 is
+    much safer anyway.
+  * New version of the vpn-fixes patch, from Ian Jackson
+  * New handling of -q, and added new -qq option; thanks to Jon Amery
+  * Experimental smartcard support not enabled, since I have no way of
+    testing it.
+
+ -- Matthew Vernon <matthew@debian.org>  Thu, 28 Nov 2001 17:43:01 +0000
+
+openssh (1:2.9p2-6) unstable; urgency=low
+
+  * check for correct file in /etc/init.d/ssh (Closes: #110876)
+  * correct location of version 2 keys in ssh.1 (Closes: #110439)
+  * call update-alternatives --quiet (Closes: #103314)
+  * hack ssh-copy-id to chmod go-w (Closes: #95551)
+  * TEMPORARY fix to provide largefile support using a -D in the cflags
+    line. long-term, upstream will patch the autoconf stuff
+    (Closes: #106809, #111849)
+  * remove /etc/rc references in ssh-keygen.1 (Closes: #68350)
+  * scp.1 patch from Adam McKenna to document -r properly (Closes: #76054)
+  * Check for files containing a newline character (Closes: #111692)
+
+ -- Matthew Vernon <matthew@debian.org>  Thu, 13 Sep 2001 16:47:36 +0100
+
+openssh (1:2.9p2-5) unstable; urgency=high
+
+  * Thanks to all the bug-fixers who helped!
+  * remove sa_restorer assignment (Closes: #102837)
+  * patch from Peter Benie to DTRT wrt X forwarding if the server refuses
+    us access (Closes: #48297)
+  * patch from upstream CVS to fix port forwarding (Closes: #107132)
+  * patch from Jonathan Amery to document ssh-keygen behaviour 
+    (Closes:#106643, #107512)
+  * patch to postinst from Jonathan Amery (Closes: #106411)
+  * patch to manpage from Jonathan Amery (Closes: #107364)
+  * patch from Matthew Vernon to make -q emit fatal errors as that is the
+    documented behaviour (Closes: #64347)
+  * patch from Ian Jackson to cause us to destroy a file when we scp it
+    onto itself, rather than dumping bits of our memory into it, which was
+    a security hole (see #51955)
+  * patch from Jonathan Amery to document lack of Kerberos support 
+    (Closes: #103726)
+  * patch from Matthew Vernon to make the 'waiting for connections to
+    terminate' message more helpful (Closes: #50308)
+
+ -- Matthew Vernon <matthew@debian.org>  Thu, 23 Aug 2001 02:14:09 +0100
+
+openssh (1:2.9p2-4) unstable; urgency=high
+
+  * Today's build of ssh is strawberry flavoured
+  * Patch from mhp to reduce length of time sshd is stopped for (Closes: #106176)
+  * Tidy up debconf template (Closes: #106152)
+  * If called non-setuid, then setgid()'s failure should not be fatal (see
+    #105854)
+
+ -- Matthew Vernon <matthew@debian.org>  Sun, 22 Jul 2001 14:19:43 +0100
+
+openssh (1:2.9p2-3) unstable; urgency=low
+
+  * Patch from yours truly to add -1 and -2 options to scp (Closes: #106061)
+  * Improve the IdentityFile section in the man page (Closes: #106038)
+
+ -- Matthew Vernon <matthew@debian.org>  Sat, 21 Jul 2001 14:47:27 +0100
+
+openssh (1:2.9p2-2) unstable; urgency=low
+
+  * Document the protocol version 2 and IPV6 changes (Closes: #105845, #105868)
+  * Make PrintLastLog 'no' by default (Closes: #105893)
+
+ -- Matthew Vernon <matthew@debian.org>  Thu, 19 Jul 2001 18:36:41 +0100
+
+openssh (1:2.9p2-1) unstable; urgency=low
+
+  * new (several..) upstream version (Closes: #96726, #81856, #96335)
+  * Hopefully, this will close some other bugs too
+
+ -- Matthew Vernon <matthew@debian.org>  Tue, 17 Jul 2001 19:41:58 +0100
+
+openssh (1:2.5.2p2-3) unstable; urgency=low
+
+  * Taking Over this package
+  * Patches from Robert Bihlmeyer for the Hurd (Closes: #102991)
+  * Put PermitRootLogin back to yes (Closes: #67334, #67371, #78274)
+  * Don't fiddle with conf-files any more (Closes: #69501)
+
+ -- Matthew Vernon <matthew@debian.org>  Tue, 03 Jul 2001 02:58:13 +0100
+
+openssh (1:2.5.2p2-2.2) unstable; urgency=low
+
+  * NMU
+  * Include Hurd compatibility patches from Robert Bihlmeyer (Closes: #76033)
+  * Patch from Richard Kettlewell for protocolkeepalives (Closes: #99273)
+  * Patch from Matthew Vernon for BannerTimeOut, batchmode, and
+    documentation for protocolkeepalives. Makes ssh more generally useful
+    for scripting uses (Closes: #82877, #99275)
+  * Set a umask, so ourpidfile isn't world-writable (closes: #100012,
+    #98286, #97391)
+
+ -- Matthew Vernon <matthew@debian.org>  Thu, 28 Jun 2001 23:15:42 +0100
+
+openssh (1:2.5.2p2-2.1) unstable; urgency=low
+ 
+  * NMU
+  * Remove duplicate Build-Depends for libssl096-dev and change it to 
+    depend on libssl-dev instaed.  Also adding in virtual | real package
+    style build-deps.  (Closes: #93793, #75228)
+  * Removing add-log entry (Closes: #79266)
+  * This was a pam bug from a while back (Closes: #86908, #88457, #86843)
+  * pam build-dep already exists (Closes: #93683)
+  * libgnome-dev build-dep already exists (Closes: #93694)
+  * No longer in non-free (Closes: #85401)
+  * Adding in fr debconf translations (Closes: #83783)
+  * Already suggests xbase-clients (Closes: #79741)
+  * No need to suggest libpam-pwdb anymore (Closes: #81658)
+  * Providing rsh-client (Closes: #79437)
+  * hurd patch was already applied (Closes: #76033)
+  * default set to no (Closes: #73682)
+  * Adding in a suggests for dnsutils (Closes: #93265)
+  * postinst bugs fixed (Closes: #88057, #88066, #88196, #88405, #88612)
+    (Closes: #88774, #88196, #89556, #90123, #90228, #90833, #87814, #85465)
+  * Adding in debconf dependency
+ 
+ -- Ivan E. Moore II <rkrusty@debian.org>  Mon, 16 Apr 2001 14:11:04 +0100
+
+openssh (1:2.5.2p2-2) unstable; urgency=high
+
+  * disable the OpenSSL version check in entropy.c
+    (closes: #93581, #93588, #93590, #93614, #93619, #93635, #93648)
+
+ -- Philip Hands <phil@uk.alcove.com>  Wed, 11 Apr 2001 20:30:04 +0100
+
+openssh (1:2.5.2p2-1) unstable; urgency=low
+
+  * New upstream release
+  * removed make-ssh-known-hosts, since ssh-keyscan does that job (closes: #86069, #87748)
+  * fix double space indent in german templates (closes: #89493)
+  * make postinst check for ssh_host_rsa_key
+  * get rid of the last of the misguided debian/rules NMU debris  :-/
+
+ -- Philip Hands <phil@hands.com>  Sat, 24 Mar 2001 20:59:33 +0000
+
+openssh (1:2.5.1p2-2) unstable; urgency=low
+
+  * rebuild with new debhelper (closes: #89558, #89536, #90225)
+  * fix broken dpkg-statoverride test in postinst
+    (closes: #89612, #90474, #90460, #89605)
+  * NMU bug fixed but not closed in last upload  (closes: #88206)
+  
+ -- Philip Hands <phil@hands.com>  Fri, 23 Mar 2001 16:11:33 +0000
+
+openssh (1:2.5.1p2-1) unstable; urgency=high
+
+  * New upstream release
+  * fix typo in postinst (closes: #88110)
+  * revert to setting PAM service name in debian/rules, backing out last
+    NMU, which also (closes: #88101)
+  * restore the pam lastlog/motd lines, lost during the NMUs, and sshd_config
+  * restore printlastlog option patch
+  * revert to using debhelper, which had been partially disabled in NMUs
+
+ -- Philip Hands <phil@hands.com>  Tue, 13 Mar 2001 01:41:34 +0000
+
+openssh (1:2.5.1p1-1.8) unstable; urgency=high
+
+  * And now the old pam-bug s/sshd/ssh in ssh.c is also fixed
+
+ -- Christian Kurz <shorty@debian.org>  Thu,  1 Mar 2001 19:48:01 +0100
+
+openssh (1:2.5.1p1-1.7) unstable; urgency=high
+
+  * And now we mark the correct binary as setuid, when a user requested
+    to install it setuid.
+
+ -- Christian Kurz <shorty@debian.org>  Thu,  1 Mar 2001 07:19:56 +0100
+
+openssh (1:2.5.1p1-1.6) unstable; urgency=high
+
+  * Fixes postinst to handle overrides that are already there. Damn, I 
+    should have noticed the bug earlier.
+
+ -- Christian Kurz <shorty@debian.org>  Wed, 28 Feb 2001 22:35:00 +0100
+
+openssh (1:2.5.1p1-1.5) unstable; urgency=high
+
+  * Rebuild ssh with pam-support.
+
+ -- Christian Kurz <shorty@debian.org>  Mon, 26 Feb 2001 21:55:51 +0100
+
+openssh (1:2.5.1p1-1.4) unstable; urgency=low
+
+  * Added Build-Depends on libssl096-dev.
+  * Fixed sshd_config file to disallow root logins again.
+
+ -- Christian Kurz <shorty@debian.org>  Sun, 25 Feb 2001 20:03:55 +0100
+
+openssh (1:2.5.1p1-1.3) unstable; urgency=low
+
+  * Fixed missing manpages for sftp.1 and ssh-keyscan.1
+  * Made package policy 3.5.2 compliant.
+
+ -- Christian Kurz <shorty@debian.org>  Sun, 25 Feb 2001 15:46:26 +0100
+
+openssh (1:2.5.1p1-1.2) unstable; urgency=low
+
+  * Added Conflict with sftp, since we now provide our own sftp-client.
+  * Added a fix for our broken dpkg-statoverride call in the 
+    2.3.0p1-13.
+  * Fixed some config pathes in the comments of sshd_config.
+  * Removed ssh-key-exchange-vulnerability-patch since it's not needed
+    anymore because upstream included the fix.
+
+ -- Christian Kurz <shorty@debian.org>  Sun, 25 Feb 2001 13:46:58 +0100
+
+openssh (1:2.5.1p1-1.1) unstable; urgency=high
+
+  * Another NMU to get the new upstream version 2.5.1p1 into
+    unstable. (Closes: #87123)
+  * Corrected postinst to mark ssh as setuid. (Closes: #86391, #85766)
+  * Key Exchange patch is already included by upstream. (Closes: #86015)
+  * Upgrading should be possible now. (Closes: #85525, #85523)
+  * Added --disable-suid-ssh as compile option, so ssh won't get installed
+    suid per default.
+  * Fixed postinst to run dpkg-statoverride only, when dpkg-statoverride
+    is available and the mode of the binary should be 4755. And also added
+    suggestion for a newer dpkg.
+    (Closes: #85734, #85741, #86876)
+  * sftp and ssh-keyscan will also be included from now on. (Closes: #79994)
+  * scp now understands spaces in filenames (Closes: #53783, #58958,
+    #66723)
+  * ssh-keygen now supports showing DSA fingerprints. (Closes: #68623)
+  * ssh doesn' t show motd anymore when switch -t is used. (Closes #69035)
+  * ssh supports the usage of other dsa keys via the ssh command line
+    options. (Closes: #81250)
+  * Documentation in sshd_config fixed. (Closes: #81088)
+  * primes file included by upstream and included now. (Closes: #82101)
+  * scp now allows dots in the username. (Closes: #82477)
+  * Spelling error in ssh-copy-id.1 corrected by upstream. (Closes: #78124)
+
+ -- Christian Kurz <shorty@debian.org>  Sun, 25 Feb 2001 10:06:08 +0100
+
+openssh (1:2.3.0p1-1.13) unstable; urgency=low
+
+  * Config should now also be fixed with this hopefully last NMU.
+
+ -- Christian Kurz <shorty@debian.org>  Sat, 10 Feb 2001 22:56:36 +0100
+
+openssh (1:2.3.0p1-1.12) unstable; urgency=high
+
+  * Added suggest for xbase-clients to control-file. (Closes #85227)
+  * Applied patch from Markus Friedl to fix a vulnerability in 
+    the rsa keyexchange.
+  * Fixed position of horizontal line. (Closes: #83613)
+  * Fixed hopefully the grep problem in the config-file. (Closes: #78802)
+  * Converted package from suidregister to dpkg-statoverride.
+
+ -- Christian Kurz <shorty@debian.org>  Fri,  9 Feb 2001 19:43:55 +0100
+
+openssh (1:2.3.0p1-1.11) unstable; urgency=medium
+
+  * Fixed some typos in the german translation of the debconf
+    template.
+
+ -- Christian Kurz <shorty@debian.org>  Wed, 24 Jan 2001 18:22:38 +0100
+
+openssh (1:2.3.0p1-1.10) unstable; urgency=medium
+
+  * Fixed double printing of motd. (Closes: #82618)
+
+ -- Christian Kurz <shorty@debian.org>  Tue, 23 Jan 2001 21:03:43 +0100
+
+openssh (1:2.3.0p1-1.9) unstable; urgency=high
+
+  * And the next NMU which includes the patch from Andrew Bartlett
+    and Markus Friedl to fix the root privileges handling of openssh.
+    (Closes: #82657)
+
+ -- Christian Kurz <shorty@debian.org>  Wed, 17 Jan 2001 22:20:54 +0100
+
+openssh (1:2.3.0p1-1.8) unstable; urgency=high
+
+  * Applied fix from Ryan Murray to allow building on other architectures
+    since the hurd patch was wrong. (Closes: #82471)
+
+ -- Christian Kurz <shorty@debian.org>  Tue, 16 Jan 2001 22:45:51 +0100
+
+openssh (1:2.3.0p1-1.7) unstable; urgency=medium
+
+  * Fixed another typo on sshd_config
+
+ -- Christian Kurz <shorty@debian.org>  Sun, 14 Jan 2001 19:01:31 +0100
+
+openssh (1:2.3.0p1-1.6) unstable; urgency=high
+
+  * Added Build-Dependency on groff (Closes: #81886)
+  * Added Build-Depencency on debhelper (Closes: #82072)
+  * Fixed entry for known_hosts in sshd_config (Closes: #82096)
+
+ -- Christian Kurz <shorty@debian.org>  Thu, 11 Jan 2001 23:08:16 +0100
+
+openssh (1:2.3.0p1-1.5) unstable; urgency=high
+
+  * Fixed now also the problem with sshd used as default ipv4 and
+    didn't use IPv6. This should be now fixed.
+
+ -- Christian Kurz <shorty@debian.org>  Thu, 11 Jan 2001 21:25:55 +0100
+
+openssh (1:2.3.0p1-1.4) unstable; urgency=high
+
+  * Fixed buggy entry in postinst.
+
+ -- Christian Kurz <shorty@debian.org>  Wed, 10 Jan 2001 23:12:16 +0100
+
+openssh (1:2.3.0p1-1.3) unstable; urgency=high
+
+  * After finishing the rewrite of the rules-file I had to notice that
+    the manpage installation was broken. This should now work again.
+
+ -- Christian Kurz <shorty@debian.org>  Wed, 10 Jan 2001 22:11:59 +0100
+
+openssh (1:2.3.0p1-1.2) unstable; urgency=high
+
+  * Fixed the screwed up build-dependency.
+  * Removed --with-ipv4-default to support ipv6.
+  * Changed makefile to use /etc/pam.d/ssh instead of /etc/pam.d/sshd.
+  * Fixed location to sftp-server in config.
+  * Since debian still relies on /etc/pam.d/ssh instead of moving to
+    /etc/pam.d/sshd, I had to hack ssh.h to get ssh to use this name.
+  * Fixed path to host key in sshd_config.
+
+ -- Christian Kurz <shorty@debian.org>  Wed, 10 Jan 2001 08:23:47 +0100
+
+openssh (1:2.3.0p1-1.1) unstable; urgency=medium
+
+  * NMU with permission of Phil Hands.
+  * New upstream release
+  * Update Build-Depends to point to new libssl096.
+  * This upstream release doesn't leak any information depending
+    on the setting of PermitRootLogin (Closes: #59933)
+  * New upstream release contains fix against forcing a client to 
+    do X/agent forwarding (Closes: #76788)
+  * Changed template to contain correct path to the documentation 
+    (Closes: #67245)
+  * Added --with-4in6 switch as compile option into debian/rules.       
+  * Added --with-ipv4-default as compile option into debian/rules. 
+    (Closes: #75037)
+  * Changed default path to also contain /usr/local/bin and 
+    /usr/X11R6/bin (Closes: #62472,#54567,#62810)
+  * Changed path to sftp-server in sshd_config to match the
+    our package (Closes: #68347)
+  * Replaced OpenBSDh with OpenBSD in the init-script.  
+  * Changed location to original source in copyright.head
+  * Changed behaviour of init-script when invoked with the option
+    restart (Closes: #68706,#72560)
+  * Added a note about -L option of scp to README.Debian        
+  * ssh won't print now the motd if invoked with -t option
+    (Closes: #59933)
+  * RFC.nroff.gz get's now converted into RFC.gz. (Closes: #63867)      
+  * Added a note about tcp-wrapper support to README.Debian 
+    (Closes: #72807,#22190)
+  * Removed two unneeded options from building process. 
+  * Added sshd.pam into debian dir and install it.
+  * Commented out unnecessary call to dh_installinfo.
+  * Added a line to sshd.pam so that limits will be paid attention
+    to (Closes: #66904)
+  * Restart Option has a Timeout of 10 seconds (Closes: 51264)
+  * scp won't override files anymore (Closes: 51955)
+  * Removed pam_lastlog module, so that the lastlog is now printed
+    only once (Closes: #71742, #68335, #69592, #71495, #77781)
+  * If password is expired, openssh now forces the user to change it.
+    (Closes: #51747)
+  * scp should now have no more problems with shell-init-files that
+    produces ouput (Closes: #56280,#59873)
+  * ssh now prints the motd correctly (Closes: #66926)  
+  * ssh upgrade should disable ssh daemon only if users has choosen
+    to do so (Closes: #67478)
+  * ssh can now be installed suid (Closes: #70879)      
+  * Modified debian/rules to support hurd.
+
+ -- Christian Kurz <shorty@debian.org>  Wed, 27 Dec 2000 20:06:57 +0100
+
+openssh (1:2.2.0p1-1.1) unstable; urgency=medium
+
+  * Non-Maintainer Upload
+  * Check for new returns in the new libc
+    (closes: #72803, #74393, #72797, #71307, #71702)
+  * Link against libssl095a (closes: #66304)
+  * Correct check for PermitRootLogin (closes: #69448)
+
+ -- Ryan Murray <rmurray@debian.org>  Wed, 18 Oct 2000 00:48:18 -0700
+
+openssh (1:2.2.0p1-1) unstable; urgency=low
+
+  * New upstream release
+
+ -- Philip Hands <phil@hands.com>  Mon, 11 Sep 2000 14:49:43 +0100
+
+openssh (1:2.1.1p4-3) unstable; urgency=low
+
+  * add rsh alternatives
+  * add -S option to scp (using Tommi Virtanen's patch) (closes: #63097)
+  * do the IPV4_DEFAULT thing properly this time
+
+ -- Philip Hands <phil@hands.com>  Fri, 11 Aug 2000 18:14:37 +0100
+
+openssh (1:2.1.1p4-2) unstable; urgency=low
+
+  * reinstate manpage .out patch from 1:1.2.3
+  * fix typo in postinst
+  * only compile ssh with IPV4_DEFAULT
+  * apply James Troup's patch to add a -o option to scp and updated manpage
+
+ -- Philip Hands <phil@hands.com>  Sun, 30 Jul 2000 00:12:49 +0100
+
+openssh (1:2.1.1p4-1) unstable; urgency=low
+
+  * New upstream release
+
+ -- Philip Hands <phil@hands.com>  Sat, 29 Jul 2000 14:46:16 +0100
+
+openssh (1:1.2.3-10) unstable; urgency=low
+
+  * add version to libpam-modules dependency, because old versions of
+    pam_motd make it impossible to log in.
+
+ -- Philip Hands <phil@hands.com>  Sat, 29 Jul 2000 13:28:22 +0100
+
+openssh (1:1.2.3-9) frozen unstable; urgency=low
+
+  * force location of /usr/bin/X11/xauth
+    (closes: #64424, #66437, #66859)  *RC*
+  * typos in config (closes: #66779, #66780)
+  * sshd_not_to_be_run could be assumed to be true, in error, if the config
+    script died in an unusual way --- I've reversed this (closes: #66335)  
+  * Apply Zack Weinberg <zack@wolery.cumb.org>'s patch to ssh-askpass-ptk
+    (closes: #65981)
+  * change default for PermitRootLogin to "no" (closes: #66406)
+
+ -- Philip Hands <phil@hands.com>  Tue, 11 Jul 2000 20:51:18 +0100
+
+openssh (1:1.2.3-8) frozen unstable; urgency=low
+
+  * get rid of Provides: rsh-server (this will mean that rstartd
+    will need to change it's depends to deal with #63948, which I'm
+    reopening)  (closes: #66257)
+    Given that this is also a trivial change, and is a reversal of a
+    change that was mistakenly made after the freeze, I think this should
+    also go into frozen.
+
+ -- Philip Hands <phil@hands.com>  Wed, 28 Jun 2000 03:26:30 +0100
+
+openssh (1:1.2.3-7) frozen unstable; urgency=low
+
+  * check if debconf is installed before calling db_stop in postinst.
+    This is required to allow ssh to be installed when debconf is not
+    wanted, which probably makes it an RC upload (hopefully the last of
+    too many).
+
+ -- Philip Hands <phil@hands.com>  Wed, 28 Jun 2000 03:19:47 +0100
+
+openssh (1:1.2.3-6) frozen unstable; urgency=low
+
+  * fixed depressing little bug involving a line wrap looking like
+    a blank line in the templates file   *RC*
+    (closes: #66090, #66078, #66083, #66182)
+
+ -- Philip Hands <phil@hands.com>  Mon, 26 Jun 2000 00:45:05 +0100
+
+openssh (1:1.2.3-5) frozen unstable; urgency=low
+
+  * add code to prevent UseLogin exploit, although I think our PAM
+    conditional code breaks UseLogin in a way that protects us from this
+    exploit anyway. ;-)  (closes: #65495)  *RC*
+  * Apply Zack Weinberg <zack@wolery.cumb.org>'s patch to fix keyboard
+    grab vulnerability in ssh-askpass-gnome (closes: #64795) *RC*
+  * stop redirection of sshd's file descriptors (introduced in 1:1.2.3-3)
+    and use db_stop in the postinst to solve that problem instead
+    (closes: #65104)
+  * add Provides: rsh-server to ssh (closes: #63948)
+  * provide config option not to run sshd
+
+ -- Philip Hands <phil@hands.com>  Mon, 12 Jun 2000 23:05:11 +0100
+
+openssh (1:1.2.3-4) frozen unstable; urgency=low
+
+  * fixes #63436 which is *RC*
+  * add 10 second pause in init.d restart (closes: #63844)
+  * get rid of noenv in PAM mail line (closes: #63856)
+  * fix host key path in make-ssh-known-hosts (closes: #63713)
+  * change wording of SUID template (closes: #62788, #63436)
+
+ -- Philip Hands <phil@hands.com>  Sat, 27 May 2000 11:18:06 +0100
+
+openssh (1:1.2.3-3) frozen unstable; urgency=low
+
+  * redirect sshd's file descriptors to /dev/null in init to
+    prevent debconf from locking up during installation 
+    ** grave bug just submited by me **
+
+ -- Philip Hands <phil@hands.com>  Thu, 20 Apr 2000 17:10:59 +0100
+
+openssh (1:1.2.3-2) frozen  unstable; urgency=low
+
+  * allow user to select SUID status of /usr/bin/ssh (closes: 62462) ** RC **
+  * suggest debconf
+  * conflict with debconf{,-tiny} (<<0.2.17) so I can clean up the preinst
+
+ -- Philip Hands <phil@hands.com>  Wed, 19 Apr 2000 17:49:15 +0100
+
+openssh (1:1.2.3-1) frozen unstable; urgency=low
+
+  * New upstream release
+  * patch sshd to create extra xauth key required for localhost
+    (closes: #49944)  *** RC ***
+  * FallbacktoRsh now defaults to ``no'' to match impression
+    given in sshd_config
+  * stop setting suid bit on ssh (closes: #58711, #58558)
+    This breaks Rhosts authentication (which nobody uses) and allows
+    the LD_PRELOAD trick to get socks working, so seems like a net benefit.
+
+ -- Philip Hands <phil@hands.com>  Thu, 13 Apr 2000 20:01:54 +0100
+
+openssh (1:1.2.2-1.4) frozen unstable; urgency=low
+
+  * Recompile for frozen, contains fix for RC bug.
+
+ -- Tommi Virtanen <tv@debian.org>  Tue, 29 Feb 2000 22:14:58 +0200
+
+openssh (1:1.2.2-1.3) unstable; urgency=low
+
+  * Integrated man page addition for PrintLastLog.
+    This bug was filed on "openssh", and I ended up
+    creating my own patch for this (closes: #59054)
+  * Improved error message when ssh_exchange_identification
+    gets EOF (closes: #58904)
+  * Fixed typo (your -> you're) in debian/preinst.
+  * Added else-clauses to config to make this upgradepath possible:
+    oldssh -> openssh preinst fails due to upgrade_to_openssh=false
+    -> ssh-nonfree -> openssh. Without these, debconf remembered
+    the old answer, config didn't force asking it, and preinst always
+    aborted (closes: #56596, #57782)
+  * Moved setting upgrade_to_openssh isdefault flag to the place
+    where preinst would abort. This means no double question to most
+    users, people who currently suffer from "can't upgrade" may need
+    to run apt-get install ssh twice. Did not do the same for 
+    use_old_init_script, as the situation is a bit different, and
+    less common (closes: #54010, #56224)
+  * Check for existance of ssh-keygen before attempting to use it in
+    preinst, added warning for non-existant ssh-keygen in config. This
+    happens when the old ssh is removed (say, due to ssh-nonfree getting
+    installed).
+
+ -- Tommi Virtanen <tv@debian.org>  Sun, 27 Feb 2000 21:36:43 +0200
+
+openssh (1:1.2.2-1.2) frozen unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Added configuration option PrintLastLog, default off due to PAM
+    (closes: #54007, #55042)
+  * ssh-askpass-{gnome,ptk} now provide ssh-askpass, making ssh's
+    Suggests: line more accurate. Also closing related bugs fixed
+    earlier, when default ssh-askpass moved to /usr/bin.
+    (closes: #52403, #54741, #50607, #52298, #50967, #51661)
+  * Patched to call vhangup, with autoconf detection and all
+    (closes: #55379)
+  * Added --with-ipv4-default workaround to a glibc bug causing
+    slow DNS lookups, as per UPGRADING. Use -6 to really use
+    IPv6 addresses. (closes: #57891, #58744, #58713, #57970)
+  * Added noenv to PAM pam_mail line. Thanks to Ben Collins.
+    (closes: #58429)
+  * Added the UPGRADING file to the package.
+  * Added frozen to the changelog line and recompiled before
+    package was installed into the archive.
+
+ -- Tommi Virtanen <tv@debian.org>  Fri, 25 Feb 2000 22:08:57 +0200
+
+openssh (1:1.2.2-1.1) frozen unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Integrated scp pipe buffer patch from Ben Collins
+    <benc@debian.org>, should now work even if reading
+    a pipe gives less than fstat st_blksize bytes. 
+    Should now work on Alpha and Sparc Linux (closes: #53697, #52071)
+  * Made ssh depend on libssl09 (>= 0.9.4-3) (closes: #51393)
+  * Integrated patch from Ben Collins <benc@debian.org>
+    to do full shadow account locking and expiration
+    checking (closes: #58165, #51747)
+
+ -- Tommi Virtanen <tv@debian.org>  Tue, 22 Feb 2000 20:46:12 +0200
+
+openssh (1:1.2.2-1) frozen unstable; urgency=medium
+
+  * New upstream release (closes: #56870, #56346)
+  * built against new libesd (closes: #56805)
+  * add  Colin Watson <cjw44@cam.ac.uk> =NULL patch
+    (closes: #49902, #54894)
+  * use socketpairs as suggested by Andrew Tridgell to eliminate rsync
+    (and other) lockups
+  * patch SSHD_PAM_SERVICE back into auth-pam.c, again :-/
+    (closes: #49902, #55872, #56959)
+  * uncoment the * line in ssh_config (closes: #56444)
+  
+  * #54894 & #49902 are release critical, so this should go in frozen
+
+ -- Philip Hands <phil@hands.com>  Wed,  9 Feb 2000 04:52:04 +0000
+
+openssh (1:1.2.1pre24-1) unstable; urgency=low
+
+  * New upstream release
+
+ -- Philip Hands <phil@hands.com>  Fri, 31 Dec 1999 02:47:24 +0000
+
+openssh (1:1.2.1pre23-1) unstable; urgency=low
+
+  * New upstream release
+  * excape ? in /etc/init.d/ssh (closes: #53269)
+
+ -- Philip Hands <phil@hands.com>  Wed, 29 Dec 1999 16:50:46 +0000
+
+openssh (1:1.2pre17-1) unstable; urgency=low
+
+  * New upstream release
+
+ -- Philip Hands <phil@hands.com>  Thu,  9 Dec 1999 16:50:40 +0000
+
+openssh (1:1.2pre16-1) unstable; urgency=low
+
+  * New upstream release
+  * upstream release (1.2pre14) (closes: #50299)
+  * make ssh depend on libwrap0 (>= 7.6-1.1) (closes: #50973, #50776)
+  * dispose of grep -q broken pipe message in config script (closes: #50855)
+  * add make-ssh-known-hosts (closes: #50660)
+  * add -i option to ssh-copy-id (closes: #50657)
+  * add check for *LK* in password, indicating a locked account
+
+ -- Philip Hands <phil@hands.com>  Wed,  8 Dec 1999 22:59:38 +0000
+
+openssh (1:1.2pre13-1) unstable; urgency=low
+
+  * New upstream release
+  * make sshd.c use SSHD_PAM_SERVICE and define it as "ssh" in debian/rules
+  * remove duplicate line in /etc/pam.d/ssh (closes: #50310)
+  * mention ssh -A option in ssh.1 & ssh_config
+  * enable forwarding to localhost in default ssh_config (closes: #50373)
+  * tweak preinst to deal with debconf being `unpacked'
+  * use --with-tcp-wrappers (closes: #49545)
+
+ -- Philip Hands <phil@hands.com>  Sat, 20 Nov 1999 14:20:04 +0000
+
+openssh (1:1.2pre11-2) unstable; urgency=low
+
+  * oops, just realised that I forgot to strip out the unpleasant
+    fiddling mentioned below (which turned not to be a fix anyway)
+
+ -- Philip Hands <phil@hands.com>  Mon, 15 Nov 1999 01:35:23 +0000
+
+openssh (1:1.2pre11-1) unstable; urgency=low
+
+  * New upstream release (closes: #49722)
+  * add 2>/dev/null to dispose of spurious message casused by grep -q
+    (closes: #49876, #49604)
+  * fix typo in debian/control (closes: #49841)
+  * Do some unpleasant fiddling with upgraded keys in the preinst, which
+    should make the keylength problem go away.   (closes: #49676)
+  * make pam_start in sshd use ``ssh'' as the service name (closes: #49956)
+  * If /etc/ssh/NOSERVER exist, stop sshd from starting (closes: #47107)
+  * apply Ben Collins <bcollins@debian.org>'s shadow patch
+  * disable lastlogin and motd printing if using pam (closes: #49957)
+  * add ssh-copy-id script and manpage
+
+ -- Philip Hands <phil@hands.com>  Fri, 12 Nov 1999 01:03:38 +0000
+
+openssh (1:1.2pre9-1) unstable; urgency=low
+
+  * New upstream release
+  * apply Chip Salzenberg <chip@valinux.com>'s SO_REUSEADDR patch
+    to channels.c, to make forwarded ports instantly reusable
+  * replace Pre-Depend: debconf with some check code in preinst
+  * make the ssh-add ssh-askpass failure message more helpful
+  * fix the ssh-agent getopts bug (closes: #49426)
+  * fixed typo on Suggests: line (closes: #49704, #49571)
+  * tidy up ssh package description (closes: #49642)
+  * make ssh suid (closes: #49635)
+  * in preinst upgrade code, ensure ssh_host_keys is mode 600 (closes: #49606)
+  * disable agent forwarding by default, for the similar reasons as
+    X forwarding (closes: #49586)
+
+ -- Philip Hands <phil@hands.com>  Tue,  9 Nov 1999 09:57:47 +0000
+
+openssh (1:1.2pre7-4) unstable; urgency=low
+
+  * predepend on debconf (>= 0.2.17) should now allow preinst questions
+
+ -- Philip Hands <phil@hands.com>  Sat,  6 Nov 1999 10:31:06 +0000
+
+openssh (1:1.2pre7-3) unstable; urgency=low
+
+  * add ssh-askpass package using Tommi Virtanen's perl-tk script
+  * add ssh-preconfig package cludge
+  * add usage hints to ssh-agent.1
+
+ -- Philip Hands <phil@hands.com>  Fri,  5 Nov 1999 00:38:33 +0000
+
+openssh (1:1.2pre7-2) unstable; urgency=low
+
+  * use pam patch from Ben Collins <bcollins@debian.org>
+  * add slogin symlink to Makefile.in
+  * change /usr/bin/login to LOGIN_PROGRAM define of /bin/login 
+  * sort out debconf usage
+  * patch from Tommi Virtanen <tv@debian.org>'s makes ssh-add use ssh-askpass
+
+ -- Philip Hands <phil@hands.com>  Thu,  4 Nov 1999 11:08:54 +0000
+
+openssh (1:1.2pre7-1) unstable; urgency=low
+
+  * New upstream release
+
+ -- Philip Hands <phil@hands.com>  Tue,  2 Nov 1999 21:02:37 +0000
+
+openssh (1:1.2.0.pre6db1-2) unstable; urgency=low
+
+  * change the binary package name to ssh (the non-free branch of ssh has
+    been renamed to ssh-nonfree)
+  * make pam file comply with Debian standards
+  * use an epoch to make sure openssh supercedes ssh-nonfree
+
+ -- Philip Hands <phil@hands.com>  Sat, 30 Oct 1999 16:26:05 +0100
+
+openssh (1.2pre6db1-1) unstable; urgency=low
+
+  * New upstream source
+  * sshd accepts logins now!
+
+ -- Dan Brosemer <odin@linuxfreak.com>  Fri, 29 Oct 1999 11:13:38 -0500
+
+openssh (1.2.0.19991028-1) unstable; urgency=low
+
+  * New upstream source
+  * Added test for -lnsl to configure script
+
+ -- Dan Brosemer <odin@linuxfreak.com>  Thu, 28 Oct 1999 18:52:09 -0500
+
+openssh (1.2.0.19991027-3) unstable; urgency=low
+
+  * Initial release
+
+ -- Dan Brosemer <odin@linuxfreak.com>  Wed, 27 Oct 1999 19:39:46 -0500
diff --git a/debian/clean b/debian/clean
new file mode 100644
index 000000000..5da17f8eb
--- /dev/null
+++ b/debian/clean
@@ -0,0 +1 @@
+config.log
diff --git a/debian/compat b/debian/compat
new file mode 100644
index 000000000..7f8f011eb
--- /dev/null
+++ b/debian/compat
@@ -0,0 +1 @@
+7
diff --git a/debian/control b/debian/control
new file mode 100644
index 000000000..82fdde9e6
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,137 @@
+Source: openssh
+Section: net
+Priority: standard
+Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
+Build-Depends: libwrap0-dev | libwrap-dev, zlib1g-dev (>= 1:1.2.3-1), libssl-dev (>= 0.9.8g), libpam0g-dev | libpam-dev, libgtk2.0-dev, libedit-dev, debhelper (>= 8.1.0~), libselinux1-dev [linux-any], libkrb5-dev | heimdal-dev, dpkg (>= 1.16.1~), libck-connector-dev, dh-autoreconf, autotools-dev
+Standards-Version: 3.8.4
+Uploaders: Colin Watson <cjwatson@debian.org>, Matthew Vernon <matthew@debian.org>
+Homepage: http://www.openssh.org/
+Vcs-Bzr: http://anonscm.debian.org/bzr/pkg-ssh/openssh/trunk
+Vcs-Browser: http://anonscm.debian.org/loggerhead/pkg-ssh/openssh/trunk
+
+Package: openssh-client
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, adduser (>= 3.10), dpkg (>= 1.7.0), passwd
+Recommends: xauth
+Conflicts: ssh (<< 1:3.8.1p1-9), sftp, rsh-client (<<0.16.1-1), ssh-krb5 (<< 1:4.3p2-7)
+Replaces: ssh, ssh-krb5
+Suggests: ssh-askpass, libpam-ssh, keychain, monkeysphere, openssh-blacklist, openssh-blacklist-extra
+Provides: rsh-client, ssh-client
+Multi-Arch: foreign
+Description: secure shell (SSH) client, for secure access to remote machines
+ This is the portable version of OpenSSH, a free implementation of
+ the Secure Shell protocol as specified by the IETF secsh working
+ group.
+ .
+ Ssh (Secure Shell) is a program for logging into a remote machine
+ and for executing commands on a remote machine.
+ It provides secure encrypted communications between two untrusted
+ hosts over an insecure network. X11 connections and arbitrary TCP/IP
+ ports can also be forwarded over the secure channel.
+ It can be used to provide applications with a secure communication
+ channel.
+ .
+ This package provides the ssh, scp and sftp clients, the ssh-agent
+ and ssh-add programs to make public key authentication more convenient,
+ and the ssh-keygen, ssh-keyscan, ssh-copy-id and ssh-argv0 utilities.
+ .
+ In some countries it may be illegal to use any encryption at all
+ without a special permit.
+ .
+ ssh replaces the insecure rsh, rcp and rlogin programs, which are
+ obsolete for most purposes.
+
+Package: openssh-server
+Priority: optional
+Architecture: any
+Pre-Depends: ${misc:Pre-Depends}
+Depends: ${shlibs:Depends}, ${misc:Depends}, libpam-runtime (>= 0.76-14), libpam-modules (>= 0.72-9), adduser (>= 3.9), dpkg (>= 1.9.0), openssh-client (= ${binary:Version}), lsb-base (>= 4.1+Debian3), procps
+Recommends: xauth, ncurses-term, ${openssh-server:Recommends}
+Conflicts: ssh (<< 1:3.8.1p1-9), ssh-nonfree (<<2), ssh-socks, ssh2, sftp, rsh-client (<<0.16.1-1), ssh-krb5 (<< 1:4.3p2-7)
+Replaces: ssh, openssh-client (<< 1:3.8.1p1-11), ssh-krb5
+Suggests: ssh-askpass, rssh, molly-guard, ufw, monkeysphere, openssh-blacklist, openssh-blacklist-extra
+Provides: ssh-server
+Multi-Arch: foreign
+Description: secure shell (SSH) server, for secure access from remote machines
+ This is the portable version of OpenSSH, a free implementation of
+ the Secure Shell protocol as specified by the IETF secsh working
+ group.
+ .
+ Ssh (Secure Shell) is a program for logging into a remote machine
+ and for executing commands on a remote machine.
+ It provides secure encrypted communications between two untrusted
+ hosts over an insecure network. X11 connections and arbitrary TCP/IP
+ ports can also be forwarded over the secure channel.
+ It can be used to provide applications with a secure communication
+ channel.
+ .
+ This package provides the sshd server.
+ .
+ In some countries it may be illegal to use any encryption at all
+ without a special permit.
+ .
+ sshd replaces the insecure rshd program, which is obsolete for most
+ purposes.
+
+Package: ssh
+Priority: extra
+Architecture: all
+Depends: ${misc:Depends}, openssh-client (>= ${binary:Version}), openssh-server (>= ${binary:Version})
+Description: secure shell client and server (metapackage)
+ This metapackage is a convenient way to install both the OpenSSH client
+ and the OpenSSH server. It provides nothing in and of itself, so you
+ may remove it if nothing depends on it.
+
+Package: ssh-krb5
+Section: oldlibs
+Priority: extra
+Architecture: all
+Depends: ${misc:Depends}, openssh-client (>= ${binary:Version}), openssh-server (>= ${binary:Version})
+Description: secure shell client and server (transitional package)
+ This is a transitional package depending on the regular Debian OpenSSH
+ client and server, which now support GSSAPI natively. It will add the
+ necessary GSSAPI options to the server configuration file. You can
+ remove it once the upgrade is complete and nothing depends on it.
+
+Package: ssh-askpass-gnome
+Section: gnome
+Priority: optional
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, openssh-client | ssh (>= 1:1.2pre7-4) | ssh-krb5
+Replaces: ssh (<< 1:3.5p1-3)
+Provides: ssh-askpass
+Description: interactive X program to prompt users for a passphrase for ssh-add
+ This has been split out of the main openssh-client package so that
+ openssh-client does not need to depend on GTK+.
+ .
+ You probably want the ssh-askpass package instead, but this is
+ provided to add to your choice and/or confusion.
+
+Package: openssh-client-udeb
+XC-Package-Type: udeb
+Section: debian-installer
+Priority: optional
+Architecture: any
+Depends: ${shlibs:Depends}, libnss-files-udeb
+XB-Installer-Menu-Item: 99999
+Description: secure shell client for the Debian installer
+ This is the portable version of OpenSSH, a free implementation of
+ the Secure Shell protocol as specified by the IETF secsh working
+ group.
+ .
+ This package provides the ssh client for use in debian-installer.
+
+Package: openssh-server-udeb
+XC-Package-Type: udeb
+Section: debian-installer
+Priority: optional
+Architecture: any
+Depends: ${shlibs:Depends}, libnss-files-udeb
+Description: secure shell server for the Debian installer
+ This is the portable version of OpenSSH, a free implementation of
+ the Secure Shell protocol as specified by the IETF secsh working
+ group.
+ .
+ This package provides the sshd server for use in debian-installer.
+ Since it is expected to be used in specialized situations (e.g. S/390
+ installs with no console), it does not provide any configuration.
diff --git a/debian/copyright.head b/debian/copyright.head
new file mode 100644
index 000000000..c59278825
--- /dev/null
+++ b/debian/copyright.head
@@ -0,0 +1,52 @@
+This package was debianized by Philip Hands <phil@hands.com> on 31 Oct 1999
+(with help from  Dan Brosemer <odin@linuxfreak.com>)
+
+It was downloaded from here:
+  ftp://ftp.fu-berlin.de/unix/security/openssh/openssh-2.3.0p1.tar.gz
+
+worldwide mirrors are listed here:
+  http://www.openssh.com/ftp.html
+
+The Debian-specific parts of the package were initially derived from the
+original ssh package, which has since been renamed as ssh-nonfree.
+
+The Debian patch is distributed under the terms of the GPL, which you
+can find in /usr/share/common-licenses/GPL.
+
+In addition, as a special exception, Matthew Vernon gives permission
+to link the code of the Debian patch with any version of the OpenSSH
+code which is distributed under a license identical to that listed in
+the included Copyright file, and distribute linked combinations
+including the two.  You must obey the GNU General Public License in
+all respects for all of the code used other than OpenSSH.  If you
+modify this file, you may extend this exception to your version of the
+file, but you are not obligated to do so.  If you do not wish to do
+so, delete this exception statement from your version.
+
+The upstream source for this package is a combination of the ssh
+branch that is being maintained by the OpenBSD team (starting from
+the last version of SSH that was distributed under a free license),
+and porting work by Damien Miller <damien@ibs.com.au> to get it
+working on Linux.  Other people also contributed to this, and are
+credited in /usr/share/doc/ssh/README.
+
+This package contains Kerberos version 5 patches from
+http://www.sxw.org.uk/computing/patches/openssh.html; this is Copyright
+(c) 2001-2009 Simon Wilkinson and provided under the standard 2-term BSD
+licence used elsewhere in OpenSSH.
+
+Copyright:
+
+Code in helper.[ch] is Copyright Internet Business Solutions and is
+released under a X11-style license (see source file for details).
+
+(A)RC4 code in rc4.[ch] is Copyright Damien Miller. It too is under a
+X11-style license (see source file for details).
+
+make-ssh-known-hosts is Copyright Tero Kivinen <Tero.Kivinen@hut.fi>,
+and is distributed under the GPL (see source file for details).
+
+The copyright for the original SSH version follows.  It has been
+modified with [comments] to reflect the changes that the OpenBSD folks
+have made:
+
diff --git a/debian/faq.html b/debian/faq.html
new file mode 100644
index 000000000..d6eb7fda5
--- /dev/null
+++ b/debian/faq.html
@@ -0,0 +1,1187 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title>OpenSSH FAQ</title>
+<link rev= "made" href= "mailto:www@openbsd.org">
+<meta name= "resource-type" content= "document">
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<meta name= "description"   content= "the OpenSSH FAQ page">
+<meta name= "keywords"      content= "OpenSSH,SSH,Secure Shell,faq">
+<meta name= "distribution"  content= "global">
+<meta name= "copyright"     content= "This document copyright 1999-2010 OpenBSD.">
+</head>
+
+<body bgcolor= "#ffffff" text= "#000000" link= "#23238E">
+<a href="http://www.openssh.org/index.html"><img alt="[OpenSSH]" height="30" width="141" src="images/smalltitle.gif" border="0"></a>
+<p>
+
+<h1>OpenSSH FAQ (Frequently asked questions)</h1>
+
+<hr>
+
+<blockquote>
+<h3><a href= "#1.0">1.0 - What Is OpenSSH and Where Can I Get It?</a></h3>
+<ul>
+<li><a href= "#1.1">1.1 - What is OpenSSH and where can I download it?</a>
+<li><a href= "#1.2">1.2 - Why should it be used?</a>
+<li><a href= "#1.3">1.3 - What Operating Systems are supported?</a>
+<li><a href= "#1.4">1.4 - What about copyright, usage and patents?</a>
+<li><a href= "#1.5">1.5 - Where should I ask for help?</a>
+<li><a href= "#1.6">1.6 - I have found a bug. Where do I report it?</a>
+</ul>
+
+<h3><a href= "#2.0">2.0 - General Questions</a></h3>
+<ul>
+<li><a href= "#2.1">2.1 - Why does ssh/scp make connections from low-numbered ports. My firewall blocks these.</a>
+<li><a href= "#2.2">2.2 - Why is the ssh client setuid root?</a>
+<li><a href= "#2.3">2.3 - Why does SSH 2.3 have problems interoperating with OpenSSH 2.1.1?</a>
+<li><a href= "#2.4">2.4 - Why does OpenSSH print: Dispatch protocol error: type 20</a>
+<li><a href= "#2.5">2.5 - Old versions of commercial SSH encrypt host keys with IDEA.</a>
+<li><a href= "#2.6">2.6 - What are these warning messages about key lengths?</a>
+<li><a href= "#2.7">2.7 - X11 and/or agent forwarding does not work.</a>
+<li><a href= "#2.8">2.8 - After upgrading OpenSSH I lost SSH2 support.</a>
+<li><a href= "#2.9">2.9 - sftp/scp fails at connection, but ssh is OK.</a>
+<li><a href= "#2.10">2.10 - Will you add [foo] to scp?</a>
+<li><a href= "#2.11">2.11 - How do I use port forwarding?</a>
+<li><a href= "#2.12">2.12 - My ssh connection freezes or drops out after N minutes of inactivity.</a>
+<li><a href= "#2.13">2.13 - How do I use scp to copy a file with a colon in it?</a>
+<li><a href= "#2.14">2.14 - Why does OpenSSH report its version to clients?</a>
+</ul>
+
+<h3><a href= "#3.0">3.0 - Portable OpenSSH Questions</a></h3>
+<ul>
+<li><a href= "#3.1">3.1 - Spurious PAM authentication messages in logfiles.</a>
+<li><a href= "#3.2">3.2 - Empty passwords not allowed with PAM authentication.</a>
+<li><a href= "#3.3">3.3 - ssh(1) takes a long time to connect or log in</a>
+<li><a href= "#3.4">3.4 - "Can't locate module net-pf-10" messages in log under Linux.</a>
+<li><a href= "#3.5">3.5 - Password authentication doesn't work (eg on Slackware 7.0 or Red Hat Linux 6.x)</a>
+<li><a href= "#3.6">3.6 - Configure or sshd(8) complain about lack of RSA support</a>
+<li><a href= "#3.7">3.7 - "scp: command not found" errors</a>
+<li><a href= "#3.8">3.8 - Unable to read passphrase</a>
+<li><a href= "#3.9">3.9 - 'configure' missing or make fails</a>
+<li><a href= "#3.10">3.10 - Hangs when exiting ssh</a>
+<li><a href= "#3.11">3.11 - Why does ssh hang on exit?</a>
+<li><a href= "#3.12">3.12 - I upgraded to OpenSSH 3.1 and X11 forwarding stopped working.</a>
+<li><a href= "#3.13">3.13 - I upgraded to OpenSSH 3.8 and some X11 programs stopped working.</a>
+<li><a href= "#3.14">3.14 - I copied my public key to authorized_keys but public-key authentication still doesn't work.</a>
+<li><a href= "#3.15">3.15 - OpenSSH versions and PAM behaviour.</a>
+<li><a href= "#3.16">3.16 - Why doesn't "w" or "who" on AIX 5.x show users logged in via ssh?</a>
+</ul>
+
+</blockquote>
+
+<hr>
+
+<h2><u><a name= "1.0">1.0 - What Is OpenSSH and Where Can I Get It?</a></u></h2>
+
+<h2><a name= "1.1">1.1 - What is OpenSSH and where can I download it?</a></h2>
+
+OpenSSH provides end-to-end encrypted replacement of applications such as
+telnet, rlogin, and ftp.
+Unlike these legacy applications, OpenSSH never passes anything
+(including username and password) over the wire in unencrypted form, and
+provides host authentication, to verify that you really are talking to
+the system that you think you are and that no one else can take over
+that session.
+
+<p>
+The OpenSSH suite includes the 
+<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&amp;sektion=1">ssh(1)</a> 
+program which replaces rlogin and telnet, and 
+<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&amp;sektion=1">scp(1)</a> 
+which replaces 
+<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rcp&amp;sektion=1">rcp(1)</a> and 
+<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&amp;sektion=1">ftp(1)</a>. 
+OpenSSH has also added 
+<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&amp;sektion=1">sftp(1)</a> and 
+<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp-server&amp;sektion=8">sftp-server(8)</a> 
+which implement an easier solution for file-transfer. This is based upon the 
+<a href="http://www.openssh.org/txt/draft-ietf-secsh-filexfer-02.txt">secsh-filexfer</a> IETF draft.
+
+
+<p><strong>OpenSSH consists of a number of programs.</strong>
+
+<ul>
+<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&amp;sektion=8">sshd(8)</a> - Server program run on the server machine. This listens for connections from client machines, and whenever it receives a connection, it performs authentication and starts serving the client.
+Its behaviour is controlled by the config file <i><a
+href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&amp;sektion=5">
+sshd_config(5)</a></i>.
+<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&amp;sektion=1">ssh(1)</a> - This is the client program used to log into another machine or to execute commands on the other machine. <i>slogin</i> is another name for this program.
+Its behaviour is controlled by the global config file <i><a
+href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config&amp;sektion=5">
+ssh_config(5)</a></i> and individual users' <i>$HOME/.ssh/config</i> files.
+<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&amp;sektion=1">scp(1)</a> - Securely copies files from one machine to another.
+<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keygen&amp;sektion=1">ssh-keygen(1)</a> - Used to create Pubkey Authentication (RSA or DSA) keys (host keys and user authentication keys).
+<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&amp;sektion=1">ssh-agent(1)</a> - Authentication agent.  This can be used to hold RSA keys for authentication.
+<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-add&amp;sektion=1">ssh-add(1)</a> - Used to register new keys with the agent.
+<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp-server&amp;sektion=8">sftp-server(8)</a> - SFTP server subsystem.
+<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&amp;sektion=1">sftp(1)</a> - Secure file transfer program.
+<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keyscan&amp;sektion=1">ssh-keyscan(1)</a> - gather ssh public keys.
+<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keysign&amp;sektion=8">ssh-keysign(8)</a> - ssh helper program for hostbased authentication.
+</ul>
+
+<h3>Downloading</h3>
+
+<p>
+The most recent version of OpenSSH is included with the current
+distribution of <a href="http://www.openbsd.org/">OpenBSD</a>, and
+installed as part of a basic install.
+
+<p>
+Today, most other operating systems include some version of OpenSSH
+(often re-badged or privately labeled), so most users can immediately
+use it.
+However, sometimes the included versions are quite old, and missing
+features of the current release of OpenSSH, and you may wish to install
+the current version, or install it on one of the few OSs that lacked it,
+and where the OS publisher does not make a modern version available.
+You may also wish to use OpenSSH on your embedded application.
+
+<p>
+Non-OpenBSD users will want to download, compile and install the
+multi-platform <a href="http://www.openssh.org/portable.html">Portable</a> distribution from a
+<a href="http://www.openssh.org/portable.html#mirrors">mirror</a> near you.
+
+
+<h2><a name= "1.2">1.2 - Why should it be used?</a></h2>
+
+<p>
+OpenSSH is a suite of tools to help secure your network 
+connections. Here is a list of features:
+
+
+<ul>
+        <li>Strong authentication.  Closes several security holes (e.g., IP, routing, and DNS spoofing).
+        <li>Improved privacy.  All communications are automatically and transparently encrypted.
+        <li>Secure X11 sessions.  The program automatically sets DISPLAY on the server machine, and forwards any X11 connections over the secure channel.
+        <li>Arbitrary TCP/IP ports can be redirected through the encrypted channel in both directions (e.g., for e-cash transactions).
+        <li>No retraining needed for normal users.
+        <li>Never trusts the network. Minimal trust on the remote side of the connection. Minimal trust on domain name servers. Pure RSA authentication never trusts anything but the private key.
+        <li>Client RSA-authenticates the server machine in the beginning of every connection to prevent trojan horses (by routing or DNS spoofing) and man-in-the-middle attacks, and the server RSA-authenticates the client machine before accepting <i>.rhosts</i> or <i>/etc/hosts.equiv</i> authentication (to prevent DNS, routing, or IP-spoofing).
+        <li>Host authentication key distribution can be centrally by the administration, automatically when the first connection is made to a machine.
+        <li>Any user can create any number of user authentication RSA keys for his/her own use.
+        <li>The server program has its own server RSA key which is automatically regenerated every hour.
+        <li>An authentication agent, running in the user's laptop or local workstation, can be used to hold the user's RSA authentication keys.
+        <li>The software can be installed and used (with restricted functionality) even without root privileges.
+        <li>The client is customizable in system-wide and per-user configuration files.
+        <li>Optional compression of all data with gzip (including forwarded X11 and TCP/IP port data), which may result in significant speedups on slow connections.
+        <li>Complete replacement for rlogin, rsh, and rcp.
+</ul>
+
+<p>
+Currently, almost all communications in computer networks are done
+without encryption.  As a consequence, anyone who has access to any
+machine connected to the network can listen in on any communication.
+This is being done by hackers, curious administrators, employers,
+criminals, industrial spies, and governments.  Some networks leak off
+enough electromagnetic radiation that data may be captured even from a
+distance.
+
+
+<p>
+When you log in, your password goes in the network in plain
+text.  Thus, any listener can then use your account to do any evil he
+likes.  Many incidents have been encountered worldwide where crackers
+have started programs on workstations without the owner's knowledge
+just to listen to the network and collect passwords.  Programs for
+doing this are available on the Internet, or can be built by a
+competent programmer in a few hours.
+
+
+<p>
+Businesses have trade secrets, patent applications in preparation,
+pricing information, subcontractor information, client data, personnel
+data, financial information, etc.  Currently, anyone with access to
+the network (any machine on the network) can listen to anything that
+goes in the network, without any regard to normal access restrictions.
+
+
+<p>
+Many companies are not aware that information can so easily be
+recovered from the network.  They trust that their data is safe
+since nobody is supposed to know that there is sensitive information
+in the network, or because so much other data is transferred in the
+network.  This is not a safe policy.
+
+
+<h2><a name= "1.3">1.3 - What operating systems are supported?</a></h2>
+
+<p>
+Even though OpenSSH is developed on 
+<a href="http://www.openbsd.org/">OpenBSD</a> a wide variety of 
+ports to other operating systems exist. The portable version of OpenSSH 
+is headed by <a href="mailto:djm@openbsd.org">Damien Miller</a>. 
+For a quick overview of the portable version of OpenSSH see 
+<a href="http://www.openssh.org/portable.html">OpenSSH Portable Release</a>.
+Currently, the supported operating systems are:
+
+
+<ul>
+        <li>OpenBSD
+        <li>NetBSD
+        <li>FreeBSD
+        <li>AIX 
+        <li>HP-UX 
+        <li>IRIX 
+        <li>Linux 
+        <li>NeXT 
+        <li>SCO 
+        <li>SNI/Reliant Unix 
+        <li>Solaris 
+        <li>Digital Unix/Tru64/OSF 
+        <li>Mac OS X 
+        <li>Cygwin
+</ul>
+
+<p>
+A list of vendors that include OpenSSH in their distributions 
+is located in the <a href="http://www.openssh.org/users.html">OpenSSH Users page</a>.
+
+<h2><a name= "1.4">1.4 - What about copyrights, usage and patents?</a></h2>
+<p>
+The OpenSSH developers have tried very hard to keep OpenSSH free of any 
+patent or copyright problems. To do this, some options had to be 
+stripped from OpenSSH. Namely support for patented algorithms.
+
+<p>
+OpenSSH does not support any patented transport algorithms. In SSH1 mode, 
+only 3DES and Blowfish are available options. In SSH2 mode, only 3DES, 
+Blowfish, CAST128, Arcfour and AES can be selected. 
+The patented IDEA algorithm is not supported.
+
+<p>
+OpenSSH provides support for both SSH1 and SSH2 protocols. 
+
+<p>
+Since the RSA patent has expired, there are no restrictions on the use 
+of RSA algorithm using software, including OpenBSD.
+
+<h2><a name= "1.5">1.5 - Where should I ask for help?</a></h2>
+<p>
+There are many places to turn to for help. In addition to the main
+<a href="http://www.openssh.org/index.html">OpenSSH website</a>, 
+there are many mailing lists to try. Before trying any mailing lists, 
+please search through all mailing list archives to see if your question 
+has already been answered. The OpenSSH Mailing List has been archived and 
+put in searchable form and can be found at 
+<a href="http://marc.info/?l=openssh-unix-dev&amp;r=1&amp;w=2">marc.info</a>.
+
+<p>
+For more information on subscribing to OpenSSH related mailing lists, 
+please see <a href="http://www.openssh.org/list.html">OpenSSH Mailing lists</a>.
+
+<h2><a name= "1.6">1.6 - I have found a bug. Where do I report it?</a></h2>
+<p>
+Information about submitting bug reports can be found at the OpenSSH
+<a href="http://www.openssh.org/report.html">Reporting bugs</a> page.
+<p>
+If you wish to report a security bug, please contact the private developers
+list &lt;<a href="mailto:openssh@openssh.com">openssh@openssh.com</a>&gt;.
+
+<h2><u><a name= "2.0">2.0 - General Questions</a></u></h2>
+
+<h2><a name= "2.1">2.1 - Why does ssh/scp make connections from low-numbered ports.</a></h2>
+<p>
+The OpenSSH client uses low numbered ports for rhosts and rhosts-rsa 
+authentication because the server needs to trust the username provided by 
+the client. To get around this, you can add the below example to your 
+<i>ssh_config</i> or <i>~/.ssh/config</i> file.
+
+
+<blockquote>
+<table border=0 width="800">
+        <tr>
+                <td nowrap bgcolor="#EEEEEE">
+<b>UsePrivilegedPort no</b>
+                </td>
+        </tr>
+</table>
+</blockquote>
+
+<p>
+Or you can specify this option on the command line, using the <b>-o</b> 
+option to 
+<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&amp;sektion=1">ssh(1)</a> command.
+
+<blockquote>
+<table border=0 width="800">
+        <tr>
+                <td nowrap bgcolor="#EEEEEE">
+$ <b>ssh -o "UsePrivilegedPort no" host.com</b>
+                </td>
+        </tr>
+</table>
+</blockquote>
+
+<h2><a name= "2.2">2.2 - Why is the ssh client setuid root?</a></h2>
+
+<p>
+In conjunction with the previous question, (<a href="#2.1">2.1</a>)
+OpenSSH needs root authority to be able to bind to low-numbered ports to 
+facilitate <i>rhosts authentication</i>.
+A privileged port is also required for rhosts-rsa authentication to older
+SSH releases.
+
+<p>
+Additionally, for both <i>rhosts-rsa authentication</i> (in protocol 
+version 1) and <i>hostbased authentication</i> (in protocol version 2) 
+the ssh client needs to access the <i>private host key</i> in order to 
+authenticate the client machine to the server.
+OpenSSH versions prior to 3.3 required the <code>ssh</code> binary to be
+setuid root to enable this, and you may safely remove it if you don't
+want to use these authentication methods.
+
+<p>
+Starting in OpenSSH 3.3, <code>ssh</code> is not setuid by default.  <a
+href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keysign">ssh-keysign</a>,
+is used for access to the private hosts keys, and ssh does not use privileged
+source ports by default.  If you wish to use a privileged source port, you must
+manually set the setuid bit on <code>ssh</code>.
+
+<h2><a name= "2.3">2.3 - Why does SSH 2.3 have problems interoperating with OpenSSH 2.1.1?</a></h2>
+
+<p>
+SSH 2.3 and earlier versions contain a flaw in their HMAC implementation. 
+Their code was not supplying the full data block output from the digest, 
+and instead always provided 128 bits. For longer digests, this caused 
+SSH 2.3 to not interoperate with OpenSSH.
+
+<p>
+OpenSSH 2.2.0 detects that SSH 2.3 has this flaw. Recent versions of SSH 
+will have this bug fixed. Or you can add the following to 
+SSH 2.3 <i>sshd2_config</i>.
+
+
+<blockquote>
+<table border=0 width="800">
+        <tr>
+                <td nowrap bgcolor="#EEEEEE">
+<b>Mac hmac-md5</b>
+               </td>
+        </tr>
+</table>
+</blockquote>
+
+<h2><a name= "2.4">2.4 - Why does OpenSSH print: Dispatch protocol error: type 20</a></h2>
+
+<p>
+Problems in interoperation have been seen because older versions of 
+OpenSSH did not support session rekeying. However the commercial SSH 2.3 
+tries to negotiate this feature, and you might experience connection 
+freezes or see the error message &quot;<b>Dispatch protocol error: 
+type 20 </b>&quot;. 
+To solve this problem, either upgrade to a recent OpenSSH release or 
+disable rekeying by adding the following to your commercial SSH 2.3's
+<i>ssh2_config</i> or <i>sshd2_config</i>.
+
+
+<blockquote>
+<table border=0 width="800">
+        <tr>
+                <td nowrap bgcolor="#EEEEEE">
+<b>RekeyIntervalSeconds 0</b>
+                </td>
+        </tr>
+</table>
+</blockquote>
+
+<h2><a name= "2.5">2.5 - Old versions of commercial SSH encrypt host keys with IDEA.</a></h2>
+
+<p>
+The old versions of SSH used a patented algorithm to encrypt their 
+<i>/etc/ssh/ssh_host_key</i>. This problem will manifest as 
+<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&amp;sektion=8">sshd(8)</a> 
+not being able to read its host key. To solve this, use the command below 
+to convert your ssh_host_key to use 3DES. 
+<b>NOTE:</b> Use the 
+<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keygen&amp;sektion=1">ssh-keygen(1)</a> 
+program from the Commercial SSH product, *NOT* OpenSSH for the example 
+below.
+
+
+<blockquote>
+<table border=0 width="800">
+        <tr>
+                <td nowrap bgcolor="#EEEEEE">
+# <b>ssh-keygen -u -f /etc/ssh/ssh_host_key</b>
+                </td>
+        </tr>
+</table>
+</blockquote>
+
+<h2><a name= "2.6">2.6 - What are these warning messages about key lengths</a></h2>
+
+<p>
+Commercial SSH's 
+<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keygen&amp;sektion=1">ssh-keygen(1)</a> 
+program contained a bug which caused it to occasionally generate Pubkey 
+Authentication (RSA or DSA) keys which had their Most Significant Bit 
+(MSB) unset. Such keys were advertised as being full-length, but are 
+actually, half the time, smaller than advertised.
+
+<p>
+OpenSSH will print warning messages when it encounters such keys. To rid 
+yourself of these message, edit your <i>known_hosts</i> files and replace the 
+incorrect key length (usually "1024") with the correct key length 
+(usually "1023").
+
+<h2><a name= "2.7">2.7 - X11 and/or agent forwarding does not work.</a></h2>
+
+<p>
+Check your <i>ssh_config</i> and <i>sshd_config</i>. The default 
+configuration files disable authentication agent and X11 forwarding. To 
+enable it, put the line below in <i>sshd_config</i>:
+
+<blockquote>
+<table border=0 width="800">
+        <tr>
+                <td nowrap bgcolor="#EEEEEE">
+<b>X11Forwarding yes</b>
+                </td>
+        </tr>
+</table>
+</blockquote>
+
+<p>
+and put the following lines in <i>ssh_config</i>:
+
+<blockquote>
+<table border=0 width="800">
+        <tr>
+                <td nowrap bgcolor="#EEEEEE">
+<b>ForwardAgent yes</b><br>
+<b>ForwardX11 yes</b>
+                </td>
+        </tr>
+</table>
+</blockquote>
+
+<p>
+X11 forwarding requires a working <a
+href="http://www.openbsd.org/cgi-bin/man.cgi?query=xauth&amp;sektion=1"
+>xauth(1)</a> binary.  On OpenBSD this is in the <i>xbase</i> file
+set but will probably be different on other platforms.  For OpenSSH
+Portable, xauth must be either found at configure time or specified
+via <b>XAuthLocation</b> in sshd_config(5) and ssh_config(5).
+
+<p>
+Note on agent interoperability: There are two different and
+incompatible agent forwarding mechanisms within the SSH2 protocol.
+OpenSSH has always used an extension of the original SSH1 agent
+requests, however some commercial products use a different, non-free
+agent forwarding protocol.  This means that agent forwarding cannot
+be used between OpenSSH and those products.
+
+<p>
+<b>NOTE:</b> For users of Linux Mandrake 7.2, Mandrake modifies the 
+<i>XAUTHORITY</i> environment variable in <i>/etc/skel/.bashrc</i>, 
+and thus any bash user's home directory. This variable is set by OpenSSH 
+and for either of the above options to work, you need to comment out 
+the line:
+
+
+<blockquote>
+<table border=0 width="800">
+        <tr>
+                <td nowrap bgcolor="#EEEEEE">
+<b># export XAUTHORITY=$HOME/.Xauthority</b>
+                </td>
+        </tr>
+</table>
+</blockquote>
+
+<h2><a name= "2.8">2.8 - After upgrading OpenSSH I lost SSH2 support.</a></h2>
+
+<p>
+Between versions changes can be made to <i>sshd_config</i> or 
+<i>ssh_config</i>. You should always check on these changes when upgrading 
+versions of OpenSSH. After OpenSSH Version 2.3.0 you need to add the 
+following to your <i>sshd_config</i>:
+
+
+<blockquote>
+<table border=0 width="800">
+        <tr>
+                <td nowrap bgcolor="#EEEEEE">
+<b>HostKey /etc/ssh_host_dsa_key</b><br>
+<b>HostKey /etc/ssh_host_rsa_key</b>
+                </td>
+        </tr>
+</table>
+</blockquote>
+
+<h2><a name= "2.9">2.9 - sftp/scp fails at connection, but ssh is OK.</a></h2>
+
+<p>
+sftp and/or scp may fail at connection time if you have shell 
+initialization (.profile, .bashrc, .cshrc, etc) which produces output 
+for non-interactive sessions. This output confuses the sftp/scp client.  
+You can verify if your shell is doing this by executing:
+
+<blockquote>
+<table border=0 width="800">
+        <tr>
+                <td nowrap bgcolor="#EEEEEE">
+<b>ssh yourhost /usr/bin/true</b>
+                </td>
+        </tr>
+</table>
+</blockquote>
+
+<p>
+If the above command produces any output, then you need to modify your 
+shell initialization.
+
+<h2><a name= "2.10">2.10 - Will you add [foo] to scp?</a></h2>
+
+<p>
+Short Answer: no.
+
+<p>
+Long Answer: scp is not standardized. The closest thing it has to a
+specification is "what rcp does".  Since the same command is used on both ends
+of the connection, adding features or options risks breaking interoperability with other
+implementations.
+
+<p>
+New features are more likely in sftp, since the protocol is standardized
+(well, a <a href="http://www.ietf.org/html.charters/OLD/secsh-charter.html">
+draft standard</a>), extensible, and the client and server are decoupled.
+
+<h2><a name= "2.11">2.11 - How do I use port forwarding?</a></h2>
+
+<p>
+If the remote server is running sshd(8), it may be possible to
+``tunnel'' certain services via ssh.  This may be desirable, for
+example, to encrypt POP or SMTP connections, even though the software
+does not directly support encrypted communications.  Tunnelling uses
+port forwarding to create a connection between the client and server.
+The client software must be able to specify a non-standard port to
+connect to for this to work.
+
+<p>
+The idea is that the user connects to the remote host using ssh,
+and specifies which port on the client's machine should be used to
+forward connections to the remote server.  After that it is possible
+to start the service which is to be encrypted (e.g. fetchmail, irc)
+on the client machine, specifying the same local port passed to
+ssh, and the connection will be tunnelled through ssh.  By default,
+the system running the forward will only accept connections from
+itself.
+
+<p>
+The options most relevant to tunnelling are the -L and -R options,
+which allow the user to forward connections, the -D option, which
+permits dynamic port forwarding, the -g option, which permits other
+hosts to use port forwards, and the -f option, which instructs ssh
+to put itself in the background after authentication.  See the <a
+href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&amp;sektion=1"
+>ssh(1)</a> man page for further details.
+
+<p>
+This is an example of tunnelling an IRC session from client machine
+``127.0.0.1'' (localhost) to remote server ``server.example.com'':
+
+<blockquote>
+<table border=0 width="800">
+        <tr>
+                <td nowrap bgcolor="#EEEEEE">
+<b>ssh -f -L 1234:server.example.com:6667 server.example.com sleep 10<br>
+irc -c '#users' -p 1234 pinky 127.0.0.1</b>
+        </td>
+        </tr>
+</table>
+</blockquote>
+
+<p>
+This tunnels a connection to IRC server server.example.com, joining
+channel ``#users'', using the nickname ``pinky''.  The local port used
+in this example is 1234.  It does not matter which port is used, as
+long as it's greater than 1023 (remember, only root can open sockets on
+privileged ports) and doesn't conflict with any ports already in use.
+The connection is forwarded to port 6667 on the remote server, since
+that's the standard port for IRC services.
+
+<p>
+The remote command ``sleep 10'' was specified to allow an amount
+of time (10 seconds, in the example) to start the service which is to
+be tunnelled.  If no connections are made within the time specified,
+ssh will exit.  If more time is required, the sleep(1) value can be
+increased appropriately or, alternatively, the example above could
+be added as a function to the user's shell.  See ksh(1) and csh(1)
+for more details about user-defined functions.
+
+<p>
+ssh also has an -N option, convenient for use with port forwarding:
+if -N is specified, it is not necessary to specify a remote command
+(``sleep 10'' in the example above).  However, use of this option
+causes ssh to wait around for ever (as opposed to exiting after a
+remote command has completed), and the user must take care to manually
+kill(1) the process afterwards.
+
+<h2><a name= "2.12">2.12 - My ssh connection freezes or drops out after N minutes of inactivity.</a></h2>
+
+<p>
+This is usually the result of a packet filter or NAT device
+timing out your TCP connection due to inactivity.  You can enable
+<b>ClientAliveInterval</b> in the server's <i><a
+href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&amp;sektion=5">
+sshd_config</a></i>, or enable <b>ServerAliveInterval</b> in the
+client's <i><a
+href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config&amp;sektion=5">
+ssh_config</a></i> (the latter is available in OpenSSH 3.8 and newer).
+
+<p>
+Enabling either option and setting the interval for less than the time
+it takes to time out your session will ensure that the connection is
+kept "fresh" in the device's connection table.
+
+<h2><a name= "2.13">2.13 - How do I use scp to copy a file with a colon in it?</a></h2>
+
+<b><a
+href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&amp;sektion=1">
+scp</a></b> will interpret the component before the colon to be a remote
+server name and attempt to connect to it.  To prevent this, refer to
+the file by a relative or absolute path, eg:
+
+<blockquote>
+<table border=0 width="800">
+        <tr>
+                <td nowrap bgcolor="#EEEEEE">
+$ scp ./source:file sshserver:
+                </td>
+        </tr>
+</table>
+</blockquote>
+
+<h2><a name= "2.14">2.14 - Why does OpenSSH report its version to clients?</a></h2>
+
+<p>
+OpenSSH, like most SSH implementations, reports its name and version to clients
+when they connect, e.g.
+</p>
+
+<blockquote>
+SSH-2.0-OpenSSH_3.9
+</blockquote>
+
+<p>
+This information is used by clients and servers to enable protocol 
+compatibility tweaks to work around changed, buggy or missing features in 
+the implementation they are talking to. This protocol feature checking is 
+still required at present because versions with incompatibilities are still
+in wide use.
+</p>
+
+<h2><u><a name= "3.0">3.0 - Portable OpenSSH Questions</a></u></h2>
+
+<h2><a name= "3.1">3.1 - Spurious PAM authentication messages in logfiles.</a></h2>
+
+<p>
+The portable version of OpenSSH will generate spurious authentication 
+failures at every login, similar to:
+
+
+<blockquote>
+<table border=0 width="800">
+        <tr>
+                <td nowrap bgcolor="#EEEEEE">
+&quot;<b>authentication failure; (uid=0) -&gt; root for sshd service</b>&quot;
+                </td>
+        </tr>
+</table>
+</blockquote>
+
+<p>
+These are generated because OpenSSH first tries to determine whether a 
+user needs authentication to login (e.g. empty password). Unfortunately 
+PAM likes to log all authentication events, this one included.
+
+<p>
+If it annoys you too much, set &quot;<b>PermitEmptyPasswords no</b>&quot; 
+in <i>sshd_config</i>. This will quiet the error message at the expense 
+of disabling logins to accounts with no password set. 
+This is the default if you use the supplied <i>sshd_config</i> file.
+
+<h2><a name= "3.2">3.2 - Empty passwords not allowed with PAM authentication.</a></h2>
+
+<p>
+To enable empty passwords with a version of OpenSSH built with PAM you 
+must add the flag nullok to the end of the password checking module 
+in the <i>/etc/pam.d/sshd</i> file. For example:
+
+<blockquote>
+<table border=0 width="800">
+        <tr>
+                <td nowrap bgcolor="#EEEEEE">
+auth required/lib/security/pam_unix.so shadow nodelay nullok
+                </td>
+        </tr>
+</table>
+</blockquote>
+
+<p>
+This must be done in addition to setting &quot;<b>PermitEmptyPasswords 
+yes</b>&quot; in the <i>sshd_config</i> file. 
+
+<p>
+There is one caveat when using empty passwords with PAM authentication: 
+PAM will allow any password when authenticating an account with an empty 
+password. This breaks the check that 
+<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&amp;sektion=8">sshd(8)</a> 
+uses to determine whether an account has no password set and grant 
+users access to the account regardless of the policy specified by 
+<b>PermitEmptyPasswords</b>. For this reason, it is recommended that you 
+do not add the <b>nullok</b> directive to your PAM configuration file 
+unless you specifically wish to allow empty passwords.
+
+
+<h2><a name= "3.3">3.3 - ssh(1) takes a long time to connect or log
+in</a></h2>
+
+<p>
+Large delays (more than 10 seconds) are typically caused by a problem with
+name resolution:
+<ul>
+<li>Some versions of glibc (notably glibc 2.1 shipped with Red Hat 6.1)
+can take a long time to resolve "IPv6 or IPv4" addresses from domain
+names. This can be worked around with by specifying <b>AddressFamily
+inet</b> option in <i>ssh_config</i>.</li>
+
+<li>There may be a DNS lookup problem, either at the client or server.
+You can use the <code>nslookup</code> command to check this on both client
+and server by looking up the other end's name and IP address.  In
+addition, on the server look up the name returned by the client's
+IP-name lookup.  You can disable most of the server-side lookups by
+setting <b>UseDNS no</b> in <i>sshd_config</i>.</li>
+</ul>
+
+<p>
+Delays less than 10 seconds can have other causes.
+
+<ul>
+
+<li>OpenSSH releases prior to 3.8 had an <i>moduli</i> file with
+moduli that were just smaller than what sshd would look for, and
+as a result, sshd would end up using moduli significantly larger
+than requested, which resulted in a speed penalty.  Replacing the
+<i>moduli</i> file will resolve this (note that in most cases this
+file will not be replaced during an upgrade and must be replaced
+manually).</li>
+
+<li>OpenSSH releases prior to 3.8 had a flaw in <code>ssh</code> that
+would cause it to request moduli larger than intended (which when
+combined with the above resulted in significant slowdowns).
+Upgrading the client to 3.8 or higher will resolve this issue.</li>
+
+<li>If either the client or server lack a kernel-based random number
+device (eg Solaris &lt; 9, AIX &lt; 5.2, HP-UX &lt; 11.11) and no
+substitute is available (eg <a href=
+"ftp://ftp.ayamura.org/pub/prngd/">prngd</a>) it's possible that
+one of the programs called by <code>ssh-rand-helper</code> to
+generate entropy is hanging.  This can be investigated by running
+it in debug mode:
+
+<blockquote>
+<table border=0 width="800">
+        <tr>
+                <td nowrap bgcolor="#EEEEEE">
+/usr/local/libexec/ssh-rand-helper -vvv
+                </td>
+        </tr>
+</table>
+</blockquote>
+
+Any significant delays should be investigated and rectified, or the
+corresponding commands should be removed from <i>ssh_prng_cmds</i>.
+</li>
+
+</ul>
+
+<h3>How slow is "slow"?</h3>
+Under normal conditions, the speed of SSH logins is dependant on
+CPU speed of client and server.  For comparison the following are
+typical connect times for <code>time ssh localhost true</code>
+with a 1024-bit RSA key on otherwise unloaded hosts.  OpenSSH and
+OpenSSL were compiled with gcc 3.3.x.
+
+<p>
+<table>
+<tr><th>CPU</th><th>Time (SSHv1)<a href="#3.3fn1">[1]</a></th>
+        <th>Time (SSHv2)</th></tr>
+<tr><td>170MHz SPARC/sun4m</td><td>0.74 sec</td><td>1.25 sec</td></tr>
+<tr><td>236MHz HPPA/8200<a href="#3.3fn2">[2]</a></td><td>0.44 sec</td>
+        <td>0.79 sec</td></tr>
+<tr><td>375MHz PowerPC/604e</td><td>0.38 sec</td><td>0.51 sec</td></tr>
+<tr><td>933MHz VIA Ezra</td><td>0.34 sec</td><td>0.44 sec</td></tr>
+<tr><td>2.1GHz Athlon XP 2600+</td><td>0.14 sec</td><td>0.22 sec</td></tr>
+</table>
+
+<br>
+
+<a name="3.3fn1">[1]</a> The SSHv1 protocol is faster but is
+cryptographically weaker than SSHv2.<br>
+
+<a name="3.3fn2">[2]</a> At the time of writing, gcc generates
+relatively slow code on HPPA for RSA and Diffie-Hellman operations
+(see <a href= "http://gcc.gnu.org/bugzilla/show_bug.cgi?id=7625">gcc
+bug #7625</a> and <a
+href="http://marc.info/?l=openssh-unix-dev&amp;m=102646106016694">
+discussion on openssh-unix-dev</a>).
+
+<h2><a name= "3.4">3.4 - "Can't locate module net-pf-10" messages in log under Linux.</a></h2>
+
+<p>
+The Linux kernel is looking (via modprobe) for protocol family 10 (IPv6). 
+Either load the appropriate kernel module, enter the correct alias in 
+<i>/etc/modules.conf</i> or disable IPv6 in <i>/etc/modules.conf</i>.
+
+
+<p>
+For some silly reason <i>/etc/modules.conf</i> may also be named 
+<i>/etc/conf.modules</i>.
+
+
+<h2><a name= "3.5">3.5 - Password authentication doesn't work (eg on Slackware 7.0 or Red Hat 6.x)</a></h2>
+
+<p>
+If the password is correct password the login is still denied, the
+usual cause is that the system is configured to use MD5-type passwords
+but the
+<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypt&amp;sektion=3"
+>crypt(3)</a> function used by sshd doesn't understand them.
+
+<p>
+Affected accounts will have password strings in <i>/etc/passwd</i>
+or <i>/etc/shadow</i> that start with <b>$1$</b>.
+If password authentication fails for new accounts or accounts with
+recently changed passwords, but works for old accounts, this is the
+likely culprit.
+
+<p>
+The underlying cause is that some versions of OpenSSL have a crypt(3)
+function that does not understand MD5 passwords, and the link order of
+sshd means that OpenSSL's crypt(3) is used instead of the system's.
+OpensSSH's configure attempts to correct for this but is not always
+successful.
+
+<p>
+There are several possible solutions:
+
+<ul>
+<li>
+<p>
+Enable sshd's built-in support for MD5 passwords at build time.
+
+<blockquote>
+<table border=0 width="800">
+        <tr>
+                <td nowrap bgcolor="#EEEEEE">
+./configure --with-md5-passwords [options]
+                </td>
+        </tr>
+</table>
+</blockquote>
+
+This is safe even if you have both types of encryption as sshd will
+select the correct algorithm for each account automatically.
+
+<li>
+<p>
+If your system has a separate libcrypt library (eg Slackware 7) then you
+can manually add -lcrypt to the LIBS list so it's used instead of
+OpenSSL's:
+
+<blockquote>
+<table border=0 width="800">
+        <tr>
+                <td nowrap bgcolor="#EEEEEE">
+LIBS=-lcrypt ./configure [options]
+                </td>
+        </tr>
+</table>
+</blockquote>
+
+<li>
+<p>
+If your platforms supports PAM, you may configure sshd to use it
+(see <a href= "#3.15" >section 3.15</a>).  This will mean that sshd will
+not verify passwords itself but will defer to the configured PAM modules.
+</ul>
+
+<h2><a name= "3.6">3.6 - Configure or sshd(8) complain about lack of RSA or DSA support</a></h2>
+
+<p>
+Ensure that your OpenSSL libraries have been built to include RSA or DSA 
+support either internally or through RSAref.
+
+
+<h2><a name= "3.7">3.7 - "scp: command not found" errors</a></h2>
+
+<p>
+<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&amp;sektion=1">scp(1)</a> 
+must be in the default PATH on both the client and the server. You may 
+need to use the <b>--with-default-path</b> option to specify a custom 
+path to search on the server. This option replaces the default path, 
+so you need to specify all the current directories on your path as well 
+as where you have installed scp. For example:
+
+<blockquote>
+<table border=0 width="800">
+        <tr>
+                <td nowrap bgcolor="#EEEEEE">
+$ <b>./configure --with-default-path=/bin:/usr/bin:/usr/local/bin:/path/to/scp</b>
+                </td>
+        </tr>
+</table>
+</blockquote>
+
+<p>
+Note that configuration by the server's admin will take precedence over the
+setting of <b>--with-default-path</b>.  This includes resetting PATH in
+<i>/etc/profile</i>, PATH in <i>/etc/environment</i> on AIX, or (for 3.7p1 and
+above) setting PATH or SUPATH in <i>/etc/default/login</i> on Solaris or
+Reliant Unix.
+
+<h2><a name= "3.8">3.8 - Unable to read passphrase</a></h2>
+
+<p>
+Some operating systems set <i>/dev/tty</i> with incorrect modes, causing 
+the reading of passwords to fail with the following error:
+
+<blockquote>
+<table border=0 width="800">
+        <tr>
+                <td nowrap bgcolor="#EEEEEE">
+You have no controlling tty.  Cannot read passphrase.
+                </td>
+        </tr>
+</table>
+</blockquote>
+
+<p>
+The solution to this is to reset the permissions on <i>/dev/tty</i> 
+to mode 0666 and report the error as a bug to your OS vendor. 
+
+
+<h2><a name= "3.9">3.9 - 'configure' missing or make fails</a></h2>
+
+<p>
+If there is no 'configure' file in the tar.gz file that you downloaded 
+or make fails with "missing separator" errors, you have probably 
+downloaded the OpenBSD distribution of OpenSSH and are attempting to 
+compile it on another platform. Please refer to the information on the 
+<a href="http://www.openssh.org/portable.html">portable version</a>.
+
+
+<h2><a name= "3.10">3.10 - Hangs when exiting ssh</a></h2>
+
+<p>
+OpenSSH may hang when exiting.  This can occur when there is an active 
+background process.  This is known to occur on Linux and HP-UX.  
+The problem can be verified by doing the following:
+
+<blockquote>
+<table border=0 width="800">
+        <tr>
+                <td nowrap bgcolor="#EEEEEE">
+$ <b>sleep 20 &amp; exit</b>
+                </td>
+        </tr>
+</table>
+</blockquote>
+
+Try to use this instead:
+<blockquote>
+<table border=0 width="800">
+        <tr>
+                <td nowrap bgcolor="#EEEEEE">
+$ <b>sleep 20 &lt; /dev/null &gt; /dev/null 2&gt;&amp;1 &amp;</b>
+                </td>
+        </tr>
+</table>
+</blockquote>
+
+<p>
+A work around for bash users is to place <b>"shopt -s huponexit"</b> 
+in either /etc/bashrc  or ~/.bashrc.  Otherwise, consult your shell's 
+man page for an option to enable it to send a HUP signal to active 
+jobs when exiting.  See <a
+href="http://bugzilla.mindrot.org/show_bug.cgi?id=52">bug #52</a>
+for other workarounds.
+
+<h2><a name= "3.11">3.11 - Why does ssh hang on exit?</a></h2>
+
+<p>
+When executing
+<blockquote>
+<table border=0 width="800">
+        <tr>
+                <td nowrap bgcolor="#EEEEEE">
+$ <b>ssh host command</b>
+                </td>
+        </tr>
+</table>
+</blockquote>
+ssh <b>needs</b> to hang, because it needs to wait:
+<ul>
+<li>
+until it can be sure that <code>command</code> does not need
+more input.
+<li>
+until it can be sure that <code>command</code> does not produce
+more output. 
+<li>
+until <code>command</code> exits because sshd needs to tell
+the exit status from <code>command</code> to ssh.
+</ul>
+<p>
+
+<h2><a name= "3.12">3.12 - I upgraded to OpenSSH 3.1 and X11
+forwarding stopped working.</a></h2>
+
+Starting with OpenSSH 3.1, the sshd x11 forwarding server listens on
+localhost by default; see the sshd <b>X11UseLocalhost</b> option to
+revert to prior behaviour if your older X11 clients do not function
+with this configuration.<p>
+
+In general, X11 clients using X11 R6 should work with the default
+setting.  Some vendors, including HP, ship X11 clients with R6
+and R5 libs, so some clients will work, and others will not work.
+This is true for HP-UX 11.X.<p>
+
+<h2><a name= "3.13">3.13 - I upgraded to OpenSSH 3.8 and some
+X11 programs stopped working.</a></h2>
+
+<p>
+As documented in the <a href="http://www.openssh.org/txt/release-3.8">3.8 release notes</a>,
+<code>ssh</code> will now use untrusted X11 cookies by 
+default.  The previous behaviour can be restored by setting
+<b>ForwardX11Trusted yes</b> in <i>ssh_config</i>.
+
+<p>
+Possible symptoms include:<br>
+<code>BadWindow (invalid Window parameter)<br>
+BadAccess (attempt to access private resource denied)<br>
+X Error of failed request:  BadAtom (invalid Atom parameter)<br>
+Major opcode of failed request:  20 (X_GetProperty)<br></code>
+
+<h2><a name= "3.14">3.14 - I copied my public key to authorized_keys
+but public-key authentication still doesn't work.</a></h2>
+
+<p>
+Typically this is caused by the file permissions on $HOME, $HOME/.ssh or
+$HOME/.ssh/authorized_keys being more permissive than sshd allows by default.
+
+<p>
+In this case, it can be solved by executing the following on the server.
+<blockquote>
+<table border=0 width="800">
+<tr>
+  <td nowrap bgcolor="#EEEEEE">
+$ <b>chmod go-w $HOME $HOME/.ssh</b><br>
+$ <b>chmod 600 $HOME/.ssh/authorized_keys</b><br>
+$ <b>chown `whoami` $HOME/.ssh/authorized_keys</b><br>
+  </td>
+</tr>
+</table>
+</blockquote>
+
+<p>
+If this is not possible for some reason, an alternative is to set
+<b>StrictModes no</b> in <i>sshd_config</i>, however this is not
+recommended.
+
+<h2><a name= "3.15">3.15 - OpenSSH versions and PAM behaviour.</a></h2>
+
+Portable OpenSSH has a configure-time option to enable sshd's use of the
+<a href="http://www.opengroup.org/onlinepubs/008329799/">PAM</a>
+(Pluggable Authentication Modules) interface.
+
+<blockquote>
+<table border=0 width="800">
+        <tr>
+                <td nowrap bgcolor="#EEEEEE">
+./configure --with-pam [options]
+                </td>
+        </tr>
+</table>
+</blockquote>
+
+To use PAM at all, this option must be provided at build time.
+The run-time behaviour when PAM is built in varies with the version of
+Portable OpenSSH, and on later versions it must also be enabled by setting
+<b>UsePAM</b> to <b>yes</b> in <i>sshd_config</i>.
+
+<p>
+The behaviour of the relevant authentications options when PAM support is built
+in is summarised by the following table.
+
+<p>
+<table border="1">
+  <tr> <th>Version</th> <th>UsePAM</th> <th>PasswordAuthentication</th> <th>ChallengeResponseAuthentication</th> </tr>
+  <tr>
+    <td>&lt;=3.6.1p2</td>
+    <td>Not applicable</td>
+    <td>Uses PAM</td>
+    <td>Uses PAM if <b>PAMAuthenticationViaKbdInt</b> is enabled</td>
+  </tr>
+  <tr>
+    <td>3.7p1 - 3.7.1p1</td>
+    <td>Defaults to <b>yes</b></td>
+    <td>Does not use PAM</td>
+    <td>Uses PAM if <b>UsePAM</b> is enabled</td>
+  </tr>
+  <tr>
+    <td>3.7.1p2 - 3.8.1p1</td>
+    <td>Defaults to <b>no</b></td>
+    <td>Does not use PAM <a href="#3.15fn1">[1]</a></td>
+    <td>Uses PAM if <b>UsePAM</b> is enabled</td>
+  </tr>
+  <tr>
+    <td>3.9p1</td>
+    <td>Defaults to <b>no</b></td>
+    <td>Uses PAM if <b>UsePAM</b> is enabled</td>
+    <td>Uses PAM if <b>UsePAM</b> is enabled</td>
+  </tr>
+</table>
+<p>
+
+<a name= "3.15fn1">[1]</a> Some vendors, notably Redhat/Fedora, have
+backported the PasswordAuthentication from 3.9p1 to their 3.8x based
+packages.  If you're using a vendor-supplied package then consult their
+documentation.
+
+<p>
+OpenSSH Portable's PAM interface still has problems with a few modules,
+however we hope that this number will reduce in the future.  As at the
+3.9p1 release, the known problems are:
+
+<ul>
+  <li>Modules relying on module-private data (eg pam_dhkeys, pam_krb5, AFS)
+  may fail to correctly establish credentials (bug <a
+  href="http://bugzilla.mindrot.org/show_bug.cgi?id=688">#688</a>) when
+  authenticating via <b>ChallengeResponseAuthentication</b>.
+  <b>PasswordAuthentication</b> with 3.9p1 and above should work.
+</ul>
+
+You can also check <a
+href="http://bugzilla.mindrot.org/buglist.cgi?product=Portable+OpenSSH&amp;bug_status=RESOLVED&amp;bug_status=NEW&amp;bug_status=ACCEPTED&amp;component=PAM+support"
+>bugzilla for current PAM issues</a>.
+
+<h2><a name= "3.16">3.16 - Why doesn't "w" or "who" on AIX 5.x show users
+logged in via ssh?</a></h2>
+
+Between AIX 4.3.3 and AIX 5.x, the format of the wtmp struct changed.  This
+means that sshd binaries built on AIX 4.x will not correctly write wtmp
+entries when run on AIX 5.x.  This can be fixed by simply recompiling 
+sshd on an AIX 5.x system and using that.
+
+<hr>
+<a href="http://www.openssh.org/index.html"><img height=24 width=24 src="back.gif" border=0 alt=OpenSSH></a>
+<a href="mailto:www@openbsd.org">www@openbsd.org</a>
+<br>
+<small>$OpenBSD: faq.html,v 1.113 2012/04/21 12:12:22 dtucker Exp $</small>
+
+</body>
+</html>
diff --git a/debian/gnome-ssh-askpass.1 b/debian/gnome-ssh-askpass.1
new file mode 100644
index 000000000..b74c410a8
--- /dev/null
+++ b/debian/gnome-ssh-askpass.1
@@ -0,0 +1,51 @@
+.TH GNOME-SSH-ASKPASS 1
+.SH NAME
+gnome\-ssh\-askpass \- prompts a user for a passphrase using GNOME
+.SH SYNOPSIS
+.B gnome\-ssh\-askpass
+.SH DESCRIPTION
+.B gnome\-ssh\-askpass
+is a GNOME-based passphrase dialog for use with OpenSSH.
+It is intended to be called by the
+.BR ssh\-add (1)
+program and not invoked directly.
+It allows
+.BR ssh\-add (1)
+to obtain a passphrase from a user, even if not connected to a terminal
+(assuming that an X display is available).
+This happens automatically in the case where
+.B ssh\-add
+is invoked from one's
+.B ~/.xsession
+or as one of the GNOME startup programs, for example.
+.PP
+In order to be called automatically by
+.BR ssh\-add ,
+.B gnome\-ssh\-askpass
+should be installed as
+.IR /usr/bin/ssh\-askpass .
+.SH "ENVIRONMENT VARIABLES"
+The following environment variables are recognized:
+.TP
+.I GNOME_SSH_ASKPASS_GRAB_SERVER
+Causes
+.B gnome\-ssh\-askpass
+to grab the X server before asking for a passphrase.
+.TP
+.I GNOME_SSH_ASKPASS_GRAB_POINTER
+Causes
+.B gnome\-ssh\-askpass
+to grab the mouse pointer using
+.IR gdk_pointer_grab ()
+before asking for a passphrase.
+.PP
+Regardless of whether either of these environment variables is set,
+.B gnome\-ssh\-askpass
+will grab the keyboard using
+.IR gdk_keyboard_grab ().
+.SH AUTHOR
+This manual page was written by Colin Watson <cjwatson@debian.org>
+for the Debian system (but may be used by others).
+It was based on that for
+.B x11\-ssh\-askpass
+by Philip Hands.
diff --git a/debian/openssh-client-udeb.dirs b/debian/openssh-client-udeb.dirs
new file mode 100644
index 000000000..e77248175
--- /dev/null
+++ b/debian/openssh-client-udeb.dirs
@@ -0,0 +1 @@
+usr/bin
diff --git a/debian/openssh-client-udeb.install b/debian/openssh-client-udeb.install
new file mode 100644
index 000000000..b3891f02d
--- /dev/null
+++ b/debian/openssh-client-udeb.install
@@ -0,0 +1,3 @@
+scp usr/bin
+sftp usr/bin
+ssh usr/bin
diff --git a/debian/openssh-client.apport b/debian/openssh-client.apport
new file mode 100644
index 000000000..3dbc8e5e6
--- /dev/null
+++ b/debian/openssh-client.apport
@@ -0,0 +1,32 @@
+#!/usr/bin/python
+
+'''apport hook for openssh-client
+
+(c) 2010 Canonical Ltd.
+Author: Chuck Short <chuck.short@canonical.com>
+
+This program is free software; you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by the
+Free Software Foundation; either version 2 of the License, or (at your
+option) any later version.  See http://www.gnu.org/copyleft/gpl.html for
+the full text of the license.
+'''
+
+from apport.hookutils import *
+
+def add_info(report, ui):
+    response = ui.yesno("The contents of your /etc/ssh/ssh_config file "
+                        "may help developers diagnose your bug more "
+                        "quickly.  However, it may contain sensitive "
+                        "information.  Do you want to include it in your "
+                        "bug report?")
+
+    if response == None: # user cancelled
+        raise StopIteration
+
+    elif response == True:
+        attach_conffiles(report, 'openssh-client')
+
+    attach_related_packages(report,
+        ['ssh-askpass', 'libpam-ssh', 'keychain', 'ssh-askpass-gnome'])
+    report['SSHClientVersion'] = command_output(['/usr/bin/ssh', '-V'])
diff --git a/debian/openssh-client.dirs b/debian/openssh-client.dirs
new file mode 100644
index 000000000..44f9ef061
--- /dev/null
+++ b/debian/openssh-client.dirs
@@ -0,0 +1,2 @@
+usr/share/apport/package-hooks
+usr/share/lintian/overrides
diff --git a/debian/openssh-client.docs b/debian/openssh-client.docs
new file mode 100644
index 000000000..00fd691c4
--- /dev/null
+++ b/debian/openssh-client.docs
@@ -0,0 +1,7 @@
+ChangeLog.gssapi
+OVERVIEW
+README
+README.dns
+README.tun
+debian/faq.html
+debian/README.compromised-keys
diff --git a/debian/openssh-client.install b/debian/openssh-client.install
new file mode 100644
index 000000000..fd9e8feab
--- /dev/null
+++ b/debian/openssh-client.install
@@ -0,0 +1,29 @@
+etc/ssh/moduli
+etc/ssh/ssh_config
+usr/bin/scp
+usr/bin/sftp
+usr/bin/slogin
+usr/bin/ssh
+usr/bin/ssh-add
+usr/bin/ssh-agent
+usr/bin/ssh-keygen
+usr/bin/ssh-keyscan
+usr/bin/ssh-vulnkey
+usr/lib/openssh/ssh-keysign
+usr/lib/openssh/ssh-pkcs11-helper
+usr/share/man/man1/scp.1
+usr/share/man/man1/sftp.1
+usr/share/man/man1/slogin.1
+usr/share/man/man1/ssh-add.1
+usr/share/man/man1/ssh-agent.1
+usr/share/man/man1/ssh-keygen.1
+usr/share/man/man1/ssh-keyscan.1
+usr/share/man/man1/ssh-vulnkey.1
+usr/share/man/man1/ssh.1
+usr/share/man/man5/moduli.5
+usr/share/man/man5/ssh_config.5
+usr/share/man/man8/ssh-keysign.8
+usr/share/man/man8/ssh-pkcs11-helper.8
+
+contrib/ssh-copy-id usr/bin
+debian/ssh-argv0 usr/bin
diff --git a/debian/openssh-client.lintian-overrides b/debian/openssh-client.lintian-overrides
new file mode 100644
index 000000000..486567744
--- /dev/null
+++ b/debian/openssh-client.lintian-overrides
@@ -0,0 +1 @@
+openssh-client: setuid-binary usr/lib/openssh/ssh-keysign 4755 root/root
diff --git a/debian/openssh-client.manpages b/debian/openssh-client.manpages
new file mode 100644
index 000000000..690bd8a22
--- /dev/null
+++ b/debian/openssh-client.manpages
@@ -0,0 +1,2 @@
+contrib/ssh-copy-id.1
+debian/ssh-argv0.1
diff --git a/debian/openssh-client.postinst b/debian/openssh-client.postinst
new file mode 100644
index 000000000..978b04a9b
--- /dev/null
+++ b/debian/openssh-client.postinst
@@ -0,0 +1,46 @@
+#!/bin/sh
+set -e
+
+action="$1"
+oldversion="$2"
+
+umask 022
+
+
+create_alternatives() {
+# Create alternatives for the various r* tools.
+# Make sure we don't change existing alternatives that a user might have
+# changed, but clean up after some old alternatives that mistakenly pointed
+# rlogin and rcp to ssh.
+        update-alternatives --quiet --remove rlogin /usr/bin/ssh
+        update-alternatives --quiet --remove rcp /usr/bin/ssh
+        for cmd in rsh rlogin rcp; do
+                scmd="s${cmd#r}"
+                if ! update-alternatives --display "$cmd" 2>/dev/null | \
+                                grep -q "$scmd"; then
+                        update-alternatives --quiet --install "/usr/bin/$cmd" "$cmd" "/usr/bin/$scmd" 20 \
+                                --slave "/usr/share/man/man1/$cmd.1.gz" "$cmd.1.gz" "/usr/share/man/man1/$scmd.1.gz"
+                fi
+        done
+}
+
+set_ssh_agent_permissions() {
+        if ! getent group ssh >/dev/null; then
+                addgroup --system --quiet ssh
+        fi
+        if ! [ -x /usr/sbin/dpkg-statoverride ] || \
+            ! dpkg-statoverride --list /usr/bin/ssh-agent >/dev/null ; then
+                chgrp ssh /usr/bin/ssh-agent
+                chmod 2755 /usr/bin/ssh-agent
+        fi
+}
+
+
+if [ "$action" = configure ]; then
+        create_alternatives
+        set_ssh_agent_permissions
+fi
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/openssh-client.postrm b/debian/openssh-client.postrm
new file mode 100644
index 000000000..a3b610ed1
--- /dev/null
+++ b/debian/openssh-client.postrm
@@ -0,0 +1,22 @@
+#!/bin/sh
+set -e
+
+#DEBHELPER#
+
+case $1 in
+        purge)
+                # Remove all non-conffiles that ssh might create, so that we
+                # can smoothly remove /etc/ssh if and only if the user
+                # hasn't dropped some other files in there. Conffiles have
+                # already been removed at this point.
+                rm -f /etc/ssh/moduli /etc/ssh/primes
+                rm -f /etc/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts2
+                rmdir --ignore-fail-on-non-empty /etc/ssh
+
+                if which delgroup; then
+                        delgroup --quiet ssh > /dev/null || true
+                fi
+                ;;
+esac
+
+exit 0
diff --git a/debian/openssh-client.prerm b/debian/openssh-client.prerm
new file mode 100644
index 000000000..2d631cb9c
--- /dev/null
+++ b/debian/openssh-client.prerm
@@ -0,0 +1,39 @@
+#! /bin/sh
+# prerm script for ssh
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+#        * <prerm> `remove'
+#        * <old-prerm> `upgrade' <new-version>
+#        * <new-prerm> `failed-upgrade' <old-version>
+#        * <conflictor's-prerm> `remove' `in-favour' <package> <new-version>
+#        * <deconfigured's-prerm> `deconfigure' `in-favour'
+#          <package-being-installed> <version> `removing'
+#          <conflicting-package> <version>
+# for details, see /usr/share/doc/packaging-manual/
+
+case "$1" in
+    remove|deconfigure)
+        update-alternatives --quiet --remove rsh /usr/bin/ssh
+        update-alternatives --quiet --remove rlogin /usr/bin/slogin
+        update-alternatives --quiet --remove rcp /usr/bin/scp
+        ;;
+    upgrade)
+        ;;
+    failed-upgrade)
+        ;;
+    *)
+        echo "prerm called with unknown argument \`$1'" >&2
+        exit 0
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/openssh-server-udeb.dirs b/debian/openssh-server-udeb.dirs
new file mode 100644
index 000000000..f2b0bd9da
--- /dev/null
+++ b/debian/openssh-server-udeb.dirs
@@ -0,0 +1,3 @@
+usr/bin
+usr/sbin
+var/run/sshd
diff --git a/debian/openssh-server-udeb.install b/debian/openssh-server-udeb.install
new file mode 100644
index 000000000..05ccbf7af
--- /dev/null
+++ b/debian/openssh-server-udeb.install
@@ -0,0 +1,2 @@
+sshd usr/sbin
+ssh-keygen usr/bin
diff --git a/debian/openssh-server.apport b/debian/openssh-server.apport
new file mode 100644
index 000000000..3644bd855
--- /dev/null
+++ b/debian/openssh-server.apport
@@ -0,0 +1,28 @@
+#!/usr/bin/python
+
+'''apport hook for openssh-server
+
+(c) 2010 Canonical Ltd.
+Author: Chuck Short <chuck.short@canonical.com>
+
+This program is free software; you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by the
+Free Software Foundation; either version 2 of the License, or (at your
+option) any later version.  See http://www.gnu.org/copyleft/gpl.html for
+the full text of the license.
+'''
+
+from apport.hookutils import *
+
+def add_info(report, ui):
+    response = ui.yesno("The contents of your /etc/ssh/sshd_config file "
+                        "may help developers diagnose your bug more "
+                        "quickly.  However, it may contain sensitive "
+                        "information.  Do you want to include it in your "
+                        "bug report?")
+
+    if response == None: # user cancelled
+        raise StopIteration
+
+    elif response == True:
+        report['SSHDConfig'] = root_command_output(['/usr/sbin/sshd', '-T'])
diff --git a/debian/openssh-server.dirs b/debian/openssh-server.dirs
new file mode 100644
index 000000000..0ed9bea44
--- /dev/null
+++ b/debian/openssh-server.dirs
@@ -0,0 +1,10 @@
+etc/init.d
+etc/default
+etc/network/if-up.d
+etc/ufw/applications.d
+usr/lib/openssh
+usr/sbin
+usr/share/apport/package-hooks
+usr/share/lintian/overrides
+usr/share/man/man5
+usr/share/man/man8
diff --git a/debian/openssh-server.examples b/debian/openssh-server.examples
new file mode 100644
index 000000000..0d0e55a7a
--- /dev/null
+++ b/debian/openssh-server.examples
@@ -0,0 +1 @@
+sshd_config
diff --git a/debian/openssh-server.if-up b/debian/openssh-server.if-up
new file mode 100644
index 000000000..de92866e6
--- /dev/null
+++ b/debian/openssh-server.if-up
@@ -0,0 +1,37 @@
+#! /bin/sh
+# Reload the OpenSSH server when an interface comes up, to allow it to start
+# listening on new addresses.
+
+set -e
+
+# Don't bother to restart sshd when lo is configured.
+if [ "$IFACE" = lo ]; then
+        exit 0
+fi
+
+# Only run from ifup.
+if [ "$MODE" != start ]; then
+        exit 0
+fi
+
+# OpenSSH only cares about inet and inet6. Get ye gone, strange people
+# still using ipx.
+if [ "$ADDRFAM" != inet ] && [ "$ADDRFAM" != inet6 ]; then
+        exit 0
+fi
+
+# Is /usr mounted?
+if [ ! -e /usr/sbin/sshd ]; then
+        exit 0
+fi
+
+if [ ! -f /var/run/sshd.pid ] || \
+   [ "$(ps -p "$(cat /var/run/sshd.pid)" -o comm=)" != sshd ]; then
+        exit 0
+fi
+
+# We'd like to use 'reload' here, but it has some problems; see
+# #502444.
+invoke-rc.d ssh restart >/dev/null 2>&1 || true
+
+exit 0
diff --git a/debian/openssh-server.install b/debian/openssh-server.install
new file mode 100644
index 000000000..8e04c4170
--- /dev/null
+++ b/debian/openssh-server.install
@@ -0,0 +1,6 @@
+usr/lib/openssh/sftp-server
+usr/sbin/sshd
+usr/share/man/man5/authorized_keys.5
+usr/share/man/man5/sshd_config.5
+usr/share/man/man8/sftp-server.8
+usr/share/man/man8/sshd.8
diff --git a/debian/openssh-server.links b/debian/openssh-server.links
new file mode 100644
index 000000000..2d98b1dcb
--- /dev/null
+++ b/debian/openssh-server.links
@@ -0,0 +1 @@
+usr/lib/openssh/sftp-server usr/lib/sftp-server
diff --git a/debian/openssh-server.lintian-overrides b/debian/openssh-server.lintian-overrides
new file mode 100644
index 000000000..17d912cb0
--- /dev/null
+++ b/debian/openssh-server.lintian-overrides
@@ -0,0 +1 @@
+openssh-server: package-contains-empty-directory usr/share/doc/openssh-client/
diff --git a/debian/openssh-server.maintscript b/debian/openssh-server.maintscript
new file mode 100644
index 000000000..f9e3c4d53
--- /dev/null
+++ b/debian/openssh-server.maintscript
@@ -0,0 +1 @@
+mv_conffile /etc/pam.d/ssh /etc/pam.d/sshd 1:4.7p1-4~
diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst
new file mode 100644
index 000000000..24d9a2c93
--- /dev/null
+++ b/debian/openssh-server.postinst
@@ -0,0 +1,294 @@
+#!/bin/sh
+set -e
+
+action="$1"
+oldversion="$2"
+
+umask 022
+
+
+get_config_option() {
+        option="$1"
+
+        [ -f /etc/ssh/sshd_config ] || return
+
+        # TODO: actually only one '=' allowed after option
+        perl -lne 's/\s+/ /g; print if s/^\s*'"$option"'[[:space:]=]+//i' \
+           /etc/ssh/sshd_config
+}
+
+
+set_config_option() {
+        option="$1"
+        value="$2"
+
+        perl -le '
+                $option = $ARGV[0]; $value = $ARGV[1]; $done = 0;
+                while (<STDIN>) {
+                        chomp;
+                        (my $match = $_) =~ s/\s+/ /g;
+                        if ($match =~ s/^\s*\Q$option\E\s+.*/$option $value/) {
+                                $_ = $match;
+                                $done = 1;
+                        }
+                        print;
+                }
+                print "$option $value" unless $done;' \
+                "$option" "$value" \
+                < /etc/ssh/sshd_config > /etc/ssh/sshd_config.dpkg-new
+        chown --reference /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-new
+        chmod --reference /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-new
+        mv /etc/ssh/sshd_config.dpkg-new /etc/ssh/sshd_config
+}
+
+
+rename_config_option() {
+        oldoption="$1"
+        newoption="$2"
+
+        value="$(get_config_option "$oldoption")"
+        [ "$value" ] || return 0
+
+        perl -le '
+                $oldoption = $ARGV[0]; $newoption = $ARGV[1];
+                while (<STDIN>) {
+                        chomp;
+                        (my $match = $_) =~ s/\s+/ /g;
+                        # TODO: actually only one "=" allowed after option
+                        if ($match =~ s/^(\s*)\Q$oldoption\E([[:space:]=]+)/$1$newoption$2/i) {
+                                $_ = $match;
+                        }
+                        print;
+                }' \
+                "$oldoption" "$newoption" \
+                < /etc/ssh/sshd_config > /etc/ssh/sshd_config.dpkg-new
+        chown --reference /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-new
+        chmod --reference /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-new
+        mv /etc/ssh/sshd_config.dpkg-new /etc/ssh/sshd_config
+}
+
+
+host_keys_required() {
+        hostkeys="$(get_config_option HostKey)"
+        if [ "$hostkeys" ]; then
+                echo "$hostkeys"
+        else
+                # No HostKey directives at all, so the server picks some
+                # defaults depending on the setting of Protocol.
+                protocol="$(get_config_option Protocol)"
+                [ "$protocol" ] || protocol=1,2
+                if echo "$protocol" | grep 1 >/dev/null; then
+                        echo /etc/ssh/ssh_host_key
+                fi
+                if echo "$protocol" | grep 2 >/dev/null; then
+                        echo /etc/ssh/ssh_host_rsa_key
+                        echo /etc/ssh/ssh_host_dsa_key
+                        echo /etc/ssh/ssh_host_ecdsa_key
+                fi
+        fi
+}
+
+
+create_key() {
+        msg="$1"
+        shift
+        hostkeys="$1"
+        shift
+        file="$1"
+        shift
+
+        if echo "$hostkeys" | grep -x "$file" >/dev/null && \
+           [ ! -f "$file" ] ; then
+                echo -n $msg
+                ssh-keygen -q -f "$file" -N '' "$@"
+                echo
+                if which restorecon >/dev/null 2>&1; then
+                        restorecon "$file" "$file.pub"
+                fi
+        fi
+}
+
+
+create_keys() {
+        hostkeys="$(host_keys_required)"
+
+        create_key "Creating SSH1 key; this may take some time ..." \
+                "$hostkeys" /etc/ssh/ssh_host_key -t rsa1
+
+        create_key "Creating SSH2 RSA key; this may take some time ..." \
+                "$hostkeys" /etc/ssh/ssh_host_rsa_key -t rsa
+        create_key "Creating SSH2 DSA key; this may take some time ..." \
+                "$hostkeys" /etc/ssh/ssh_host_dsa_key -t dsa
+        create_key "Creating SSH2 ECDSA key; this may take some time ..." \
+                "$hostkeys" /etc/ssh/ssh_host_ecdsa_key -t ecdsa
+}
+
+
+fix_loglevel_silent() {
+        if [ "$(get_config_option LogLevel)" = SILENT ]; then
+                set_config_option LogLevel QUIET
+        fi
+}
+
+
+create_sshdconfig() {
+        if [ -e /etc/ssh/sshd_config ] ; then
+            # Upgrade an existing sshd configuration.
+
+            # This option was renamed in 3.8p1, but we never took care
+            # of adjusting the configuration file until now.
+            if dpkg --compare-versions "$oldversion" lt 1:4.7p1-8; then
+                rename_config_option KeepAlive TCPKeepAlive
+            fi
+
+            # 'LogLevel SILENT' is now equivalent to QUIET.
+            if dpkg --compare-versions "$oldversion" lt 1:5.4p1-1; then
+                fix_loglevel_silent
+            fi
+
+            return 0
+        fi
+
+        cat <<EOF > /etc/ssh/sshd_config
+# Package generated configuration file
+# See the sshd_config(5) manpage for details
+
+# What ports, IPs and protocols we listen for
+Port 22
+# Use these options to restrict which interfaces/protocols sshd will bind to
+#ListenAddress ::
+#ListenAddress 0.0.0.0
+Protocol 2
+# HostKeys for protocol version 2
+HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_dsa_key
+HostKey /etc/ssh/ssh_host_ecdsa_key
+#Privilege Separation is turned on for security
+UsePrivilegeSeparation yes
+
+# Lifetime and size of ephemeral version 1 server key
+KeyRegenerationInterval 3600
+ServerKeyBits 768
+
+# Logging
+SyslogFacility AUTH
+LogLevel INFO
+
+# Authentication:
+LoginGraceTime 120
+PermitRootLogin yes
+StrictModes yes
+
+RSAAuthentication yes
+PubkeyAuthentication yes
+#AuthorizedKeysFile     %h/.ssh/authorized_keys
+
+# Don't read the user's ~/.rhosts and ~/.shosts files
+IgnoreRhosts yes
+# For this to work you will also need host keys in /etc/ssh_known_hosts
+RhostsRSAAuthentication no
+# similar for protocol version 2
+HostbasedAuthentication no
+# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
+#IgnoreUserKnownHosts yes
+
+# To enable empty passwords, change to yes (NOT RECOMMENDED)
+PermitEmptyPasswords no
+
+# Change to yes to enable challenge-response passwords (beware issues with
+# some PAM modules and threads)
+ChallengeResponseAuthentication no
+
+# Change to no to disable tunnelled clear text passwords
+#PasswordAuthentication yes
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosGetAFSToken no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+X11Forwarding yes
+X11DisplayOffset 10
+PrintMotd no
+PrintLastLog yes
+TCPKeepAlive yes
+#UseLogin no
+
+#MaxStartups 10:30:60
+#Banner /etc/issue.net
+
+# Allow client to pass locale environment variables
+AcceptEnv LANG LC_*
+
+Subsystem sftp /usr/lib/openssh/sftp-server
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+UsePAM yes
+EOF
+}
+
+fix_statoverride() {
+# Remove an erronous override for sshd (we should have overridden ssh)
+        if [ -x /usr/sbin/dpkg-statoverride ]; then
+                if dpkg-statoverride --list /usr/sbin/sshd >/dev/null ; then
+                        dpkg-statoverride --remove /usr/sbin/sshd
+                fi
+        fi
+}
+
+setup_sshd_user() {
+        if ! getent passwd sshd >/dev/null; then
+                adduser --quiet --system --no-create-home --home /var/run/sshd --shell /usr/sbin/nologin sshd
+        fi
+}
+
+remove_old_init_links() {
+        # Yes, this only works with the SysV init script layout. I know.
+        # The important thing is that it doesn't actually *break* with
+        # file-rc ...
+        if [ -e /etc/rc2.d/S20ssh ]; then
+                update-rc.d -f ssh remove >/dev/null 2>&1
+        fi
+        rm -f /etc/rc0.d/K??ssh /etc/rc1.d/K??ssh /etc/rc6.d/K??ssh
+}
+
+if [ "$action" = configure ]; then
+        create_sshdconfig
+        create_keys
+        fix_statoverride
+        setup_sshd_user
+        if dpkg --compare-versions "$2" lt 1:5.2p1-1; then
+            remove_old_init_links
+        fi
+        # Renamed to /etc/ssh/moduli in 2.9.9 (!)
+        if dpkg --compare-versions "$2" lt 1:4.7p1-1; then
+            rm -f /etc/ssh/primes
+        fi
+        if dpkg --compare-versions "$2" lt 1:5.5p1-6; then
+            rm -f /var/run/sshd/.placeholder
+        fi
+        if dpkg --compare-versions "$2" lt 1:6.2p2-3 && \
+           which initctl >/dev/null && initctl version | grep -q upstart && \
+           ! status ssh 2>/dev/null | grep -q ' start/'; then
+            # We must stop the sysvinit-controlled sshd before we can
+            # restart it under Upstart.
+            start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/sshd.pid || true
+        fi
+fi
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/openssh-server.postrm b/debian/openssh-server.postrm
new file mode 100644
index 000000000..33191522b
--- /dev/null
+++ b/debian/openssh-server.postrm
@@ -0,0 +1,26 @@
+#!/bin/sh
+set -e
+
+#DEBHELPER#
+
+case $1 in
+        purge)
+                # Remove all non-conffiles that ssh might create, so that we
+                # can smoothly remove /etc/ssh if and only if the user
+                # hasn't dropped some other files in there. Conffiles have
+                # already been removed at this point.
+                rm -f /etc/ssh/ssh_host_key /etc/ssh/ssh_host_key.pub
+                rm -f /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key.pub
+                rm -f /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_dsa_key.pub
+                rm -f /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ecdsa_key.pub
+                rm -f /etc/ssh/sshd_config
+                rm -f /etc/ssh/sshd_not_to_be_run
+                rmdir --ignore-fail-on-non-empty /etc/ssh
+
+                if which deluser >/dev/null 2>&1; then
+                        deluser --quiet sshd > /dev/null || true
+                fi
+                ;;
+esac
+
+exit 0
diff --git a/debian/openssh-server.preinst b/debian/openssh-server.preinst
new file mode 100644
index 000000000..9fb5d350e
--- /dev/null
+++ b/debian/openssh-server.preinst
@@ -0,0 +1,18 @@
+#!/bin/sh
+set -e
+
+action=$1
+version=$2
+
+if [ "$action" = upgrade ] || [ "$action" = install ]
+then
+  if dpkg --compare-versions "$version" lt 1:5.5p1-6 && \
+     [ -d /var/run/sshd ]; then
+    # make sure /var/run/sshd is not removed on upgrades
+    touch /var/run/sshd/.placeholder
+  fi
+fi
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/openssh-server.ssh.default b/debian/openssh-server.ssh.default
new file mode 100644
index 000000000..304042224
--- /dev/null
+++ b/debian/openssh-server.ssh.default
@@ -0,0 +1,5 @@
+# Default settings for openssh-server. This file is sourced by /bin/sh from
+# /etc/init.d/ssh.
+
+# Options to pass to sshd
+SSHD_OPTS=
diff --git a/debian/openssh-server.ssh.init b/debian/openssh-server.ssh.init
new file mode 100644
index 000000000..bda7a92b8
--- /dev/null
+++ b/debian/openssh-server.ssh.init
@@ -0,0 +1,174 @@
+#! /bin/sh
+
+### BEGIN INIT INFO
+# Provides:             sshd
+# Required-Start:       $remote_fs $syslog
+# Required-Stop:        $remote_fs $syslog
+# Default-Start:        2 3 4 5
+# Default-Stop:         
+# Short-Description:    OpenBSD Secure Shell server
+### END INIT INFO
+
+set -e
+
+# /etc/init.d/ssh: start and stop the OpenBSD "secure shell(tm)" daemon
+
+test -x /usr/sbin/sshd || exit 0
+( /usr/sbin/sshd -\? 2>&1 | grep -q OpenSSH ) 2>/dev/null || exit 0
+
+umask 022
+
+if test -f /etc/default/ssh; then
+    . /etc/default/ssh
+fi
+
+. /lib/lsb/init-functions
+
+if [ -n "$2" ]; then
+    SSHD_OPTS="$SSHD_OPTS $2"
+fi
+
+# Are we running from init?
+run_by_init() {
+    ([ "$previous" ] && [ "$runlevel" ]) || [ "$runlevel" = S ]
+}
+
+check_for_upstart() {
+    if init_is_upstart; then
+        exit $1
+    fi
+}
+
+check_for_no_start() {
+    # forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists
+    if [ -e /etc/ssh/sshd_not_to_be_run ]; then 
+        if [ "$1" = log_end_msg ]; then
+            log_end_msg 0 || true
+        fi
+        if ! run_by_init; then
+            log_action_msg "OpenBSD Secure Shell server not in use (/etc/ssh/sshd_not_to_be_run)" || true
+        fi
+        exit 0
+    fi
+}
+
+check_dev_null() {
+    if [ ! -c /dev/null ]; then
+        if [ "$1" = log_end_msg ]; then
+            log_end_msg 1 || true
+        fi
+        if ! run_by_init; then
+            log_action_msg "/dev/null is not a character device!" || true
+        fi
+        exit 1
+    fi
+}
+
+check_privsep_dir() {
+    # Create the PrivSep empty dir if necessary
+    if [ ! -d /var/run/sshd ]; then
+        mkdir /var/run/sshd
+        chmod 0755 /var/run/sshd
+    fi
+}
+
+check_config() {
+    if [ ! -e /etc/ssh/sshd_not_to_be_run ]; then
+        /usr/sbin/sshd $SSHD_OPTS -t || exit 1
+    fi
+}
+
+export PATH="${PATH:+$PATH:}/usr/sbin:/sbin"
+
+case "$1" in
+  start)
+        check_for_upstart 1
+        check_privsep_dir
+        check_for_no_start
+        check_dev_null
+        log_daemon_msg "Starting OpenBSD Secure Shell server" "sshd" || true
+        if start-stop-daemon --start --quiet --oknodo --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd -- $SSHD_OPTS; then
+            log_end_msg 0 || true
+        else
+            log_end_msg 1 || true
+        fi
+        ;;
+  stop)
+        check_for_upstart 0
+        log_daemon_msg "Stopping OpenBSD Secure Shell server" "sshd" || true
+        if start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/sshd.pid; then
+            log_end_msg 0 || true
+        else
+            log_end_msg 1 || true
+        fi
+        ;;
+
+  reload|force-reload)
+        check_for_upstart 1
+        check_for_no_start
+        check_config
+        log_daemon_msg "Reloading OpenBSD Secure Shell server's configuration" "sshd" || true
+        if start-stop-daemon --stop --signal 1 --quiet --oknodo --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd; then
+            log_end_msg 0 || true
+        else
+            log_end_msg 1 || true
+        fi
+        ;;
+
+  restart)
+        check_for_upstart 1
+        check_privsep_dir
+        check_config
+        log_daemon_msg "Restarting OpenBSD Secure Shell server" "sshd" || true
+        start-stop-daemon --stop --quiet --oknodo --retry 30 --pidfile /var/run/sshd.pid
+        check_for_no_start log_end_msg
+        check_dev_null log_end_msg
+        if start-stop-daemon --start --quiet --oknodo --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd -- $SSHD_OPTS; then
+            log_end_msg 0 || true
+        else
+            log_end_msg 1 || true
+        fi
+        ;;
+
+  try-restart)
+        check_for_upstart 1
+        check_privsep_dir
+        check_config
+        log_daemon_msg "Restarting OpenBSD Secure Shell server" "sshd" || true
+        RET=0
+        start-stop-daemon --stop --quiet --retry 30 --pidfile /var/run/sshd.pid || RET="$?"
+        case $RET in
+            0)
+                # old daemon stopped
+                check_for_no_start log_end_msg
+                check_dev_null log_end_msg
+                if start-stop-daemon --start --quiet --oknodo --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd -- $SSHD_OPTS; then
+                    log_end_msg 0 || true
+                else
+                    log_end_msg 1 || true
+                fi
+                ;;
+            1)
+                # daemon not running
+                log_progress_msg "(not running)" || true
+                log_end_msg 0 || true
+                ;;
+            *)
+                # failed to stop
+                log_progress_msg "(failed to stop)" || true
+                log_end_msg 1 || true
+                ;;
+        esac
+        ;;
+
+  status)
+        check_for_upstart 1
+        status_of_proc -p /var/run/sshd.pid /usr/sbin/sshd sshd && exit 0 || exit $?
+        ;;
+
+  *)
+        log_action_msg "Usage: /etc/init.d/ssh {start|stop|reload|force-reload|restart|try-restart|status}" || true
+        exit 1
+esac
+
+exit 0
diff --git a/debian/openssh-server.ssh.upstart b/debian/openssh-server.ssh.upstart
new file mode 100644
index 000000000..10ab744f1
--- /dev/null
+++ b/debian/openssh-server.ssh.upstart
@@ -0,0 +1,30 @@
+# ssh - OpenBSD Secure Shell server
+#
+# The OpenSSH server provides secure shell access to the system.
+
+description     "OpenSSH server"
+
+start on runlevel [2345]
+stop on runlevel [!2345]
+
+respawn
+respawn limit 10 5
+umask 022
+
+env SSH_SIGSTOP=1
+expect stop
+
+# 'sshd -D' leaks stderr and confuses things in conjunction with 'console log'
+console none
+
+pre-start script
+    test -x /usr/sbin/sshd || { stop; exit 0; }
+    test -e /etc/ssh/sshd_not_to_be_run && { stop; exit 0; }
+    test -c /dev/null || { stop; exit 0; }
+
+    mkdir -p -m0755 /var/run/sshd
+end script
+
+# if you used to set SSHD_OPTS in /etc/default/ssh, you can change the
+# 'exec' line here instead
+exec /usr/sbin/sshd -D
diff --git a/debian/openssh-server.sshd.pam b/debian/openssh-server.sshd.pam
new file mode 100644
index 000000000..5f7ab2f60
--- /dev/null
+++ b/debian/openssh-server.sshd.pam
@@ -0,0 +1,52 @@
+# PAM configuration for the Secure Shell service
+
+# Standard Un*x authentication.
+@include common-auth
+
+# Disallow non-root logins when /etc/nologin exists.
+account    required     pam_nologin.so
+
+# Uncomment and edit /etc/security/access.conf if you need to set complex
+# access limits that are hard to express in sshd_config.
+# account  required     pam_access.so
+
+# Standard Un*x authorization.
+@include common-account
+
+# SELinux needs to be the first session rule.  This ensures that any
+# lingering context has been cleared.  Without this it is possible that a
+# module could execute code in the wrong domain.
+session [success=ok ignore=ignore module_unknown=ignore default=bad]        pam_selinux.so close
+
+# Set the loginuid process attribute.
+session    required     pam_loginuid.so
+
+# Standard Un*x session setup and teardown.
+@include common-session
+
+# Print the message of the day upon successful login.
+# This includes a dynamically generated part from /run/motd.dynamic
+# and a static (admin-editable) part from /etc/motd.
+session    optional     pam_motd.so  motd=/run/motd.dynamic noupdate
+session    optional     pam_motd.so # [1]
+
+# Print the status of the user's mailbox upon successful login.
+session    optional     pam_mail.so standard noenv # [1]
+
+# Set up user limits from /etc/security/limits.conf.
+session    required     pam_limits.so
+
+# Read environment variables from /etc/environment and
+# /etc/security/pam_env.conf.
+session    required     pam_env.so # [1]
+# In Debian 4.0 (etch), locale-related environment variables were moved to
+# /etc/default/locale, so read that as well.
+session    required     pam_env.so user_readenv=1 envfile=/etc/default/locale
+
+# SELinux needs to intervene at login time to ensure that the process starts
+# in the proper default security context.  Only sessions which are intended
+# to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad]        pam_selinux.so open
+
+# Standard Un*x password updating.
+@include common-password
diff --git a/debian/openssh-server.ufw.profile b/debian/openssh-server.ufw.profile
new file mode 100644
index 000000000..9bbe906bc
--- /dev/null
+++ b/debian/openssh-server.ufw.profile
@@ -0,0 +1,4 @@
+[OpenSSH]
+title=Secure shell server, an rshd replacement
+description=OpenSSH is a free implementation of the Secure Shell protocol.
+ports=22/tcp
diff --git a/debian/patches/auth-log-verbosity.patch b/debian/patches/auth-log-verbosity.patch
new file mode 100644
index 000000000..a6a842ecd
--- /dev/null
+++ b/debian/patches/auth-log-verbosity.patch
@@ -0,0 +1,122 @@
+Description: Quieten logs when multiple from= restrictions are used
+Author: Colin Watson <cjwatson@debian.org>
+Bug-Debian: http://bugs.debian.org/630606
+Forwarded: no
+Last-Update: 2013-09-14
+
+Index: b/auth-options.c
+===================================================================
+--- a/auth-options.c
++++ b/auth-options.c
+@@ -58,9 +58,20 @@
+ /* "principals=" option. */
+ char *authorized_principals = NULL;
+ 
++/* Throttle log messages. */
++int logged_from_hostip = 0;
++int logged_cert_hostip = 0;
++
+ extern ServerOptions options;
+ 
+ void
++auth_start_parse_options(void)
++{
++       logged_from_hostip = 0;
++       logged_cert_hostip = 0;
++}
++
++void
+ auth_clear_options(void)
+ {
+        no_agent_forwarding_flag = 0;
+@@ -288,10 +299,13 @@
+                                /* FALLTHROUGH */
+                        case 0:
+                                free(patterns);
+-                               logit("Authentication tried for %.100s with "
+-                                   "correct key but not from a permitted "
+-                                   "host (host=%.200s, ip=%.200s).",
+-                                   pw->pw_name, remote_host, remote_ip);
++                               if (!logged_from_hostip) {
++                                       logit("Authentication tried for %.100s with "
++                                           "correct key but not from a permitted "
++                                           "host (host=%.200s, ip=%.200s).",
++                                           pw->pw_name, remote_host, remote_ip);
++                                       logged_from_hostip = 1;
++                               }
+                                auth_debug_add("Your host '%.200s' is not "
+                                    "permitted to use this key for login.",
+                                    remote_host);
+@@ -513,11 +527,14 @@
+                                        break;
+                                case 0:
+                                        /* no match */
+-                                       logit("Authentication tried for %.100s "
+-                                           "with valid certificate but not "
+-                                           "from a permitted host "
+-                                           "(ip=%.200s).", pw->pw_name,
+-                                           remote_ip);
++                                       if (!logged_cert_hostip) {
++                                               logit("Authentication tried for %.100s "
++                                                   "with valid certificate but not "
++                                                   "from a permitted host "
++                                                   "(ip=%.200s).", pw->pw_name,
++                                                   remote_ip);
++                                               logged_cert_hostip = 1;
++                                       }
+                                        auth_debug_add("Your address '%.200s' "
+                                            "is not permitted to use this "
+                                            "certificate for login.",
+Index: b/auth-options.h
+===================================================================
+--- a/auth-options.h
++++ b/auth-options.h
+@@ -33,6 +33,7 @@
+ extern int key_is_cert_authority;
+ extern char *authorized_principals;
+ 
++void   auth_start_parse_options(void);
+ int    auth_parse_options(struct passwd *, char *, char *, u_long);
+ void   auth_clear_options(void);
+ int    auth_cert_options(Key *, struct passwd *);
+Index: b/auth-rsa.c
+===================================================================
+--- a/auth-rsa.c
++++ b/auth-rsa.c
+@@ -174,6 +174,8 @@
+        if ((f = auth_openkeyfile(file, pw, options.strict_modes)) == NULL)
+                return 0;
+ 
++       auth_start_parse_options();
++
+        /*
+         * Go though the accepted keys, looking for the current key.  If
+         * found, perform a challenge-response dialog to verify that the
+Index: b/auth2-pubkey.c
+===================================================================
+--- a/auth2-pubkey.c
++++ b/auth2-pubkey.c
+@@ -257,6 +257,7 @@
+                restore_uid();
+                return 0;
+        }
++       auth_start_parse_options();
+        while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
+                /* Skip leading whitespace. */
+                for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
+@@ -318,6 +319,7 @@
+        found_key = 0;
+ 
+        found = NULL;
++       auth_start_parse_options();
+        while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
+                char *cp, *key_options = NULL;
+                if (found != NULL)
+@@ -453,6 +455,7 @@
+        if (key_cert_check_authority(key, 0, 1,
+            principals_file == NULL ? pw->pw_name : NULL, &reason) != 0)
+                goto fail_reason;
++       auth_start_parse_options();
+        if (auth_cert_options(key, pw) != 0)
+                goto out;
+ 
diff --git a/debian/patches/authorized-keys-man-symlink.patch b/debian/patches/authorized-keys-man-symlink.patch
new file mode 100644
index 000000000..e48a3cb3e
--- /dev/null
+++ b/debian/patches/authorized-keys-man-symlink.patch
@@ -0,0 +1,18 @@
+Description: Install authorized_keys(5) as a symlink to sshd(8)
+Author: Tomas Pospisek <tpo_deb@sourcepole.ch>
+Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1720
+Bug-Debian: http://bugs.debian.org/441817
+Last-Update: 2013-09-14
+
+Index: b/Makefile.in
+===================================================================
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -289,6 +289,7 @@
+        $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5
+        $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5
+        $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8
++       ln -s ../$(mansubdir)8/sshd.8 $(DESTDIR)$(mandir)/$(mansubdir)5/authorized_keys.5
+        $(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1
+        $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
+        $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
diff --git a/debian/patches/consolekit.patch b/debian/patches/consolekit.patch
new file mode 100644
index 000000000..fd064a848
--- /dev/null
+++ b/debian/patches/consolekit.patch
@@ -0,0 +1,720 @@
+Description: Add support for registering ConsoleKit sessions on login
+Author: Colin Watson <cjwatson@ubuntu.com>
+Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1450
+Last-Updated: 2013-09-14
+
+Index: b/Makefile.in
+===================================================================
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -96,7 +96,8 @@
+        sftp-server.o sftp-common.o \
+        roaming_common.o roaming_serv.o \
+        sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
+-       sandbox-seccomp-filter.o
++       sandbox-seccomp-filter.o \
++       consolekit.o
+ 
+ MANPAGES       = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out ssh-vulnkey.1.out sshd_config.5.out ssh_config.5.out
+ MANPAGES_IN    = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 ssh-vulnkey.1 sshd_config.5 ssh_config.5
+Index: b/configure.ac
+===================================================================
+--- a/configure.ac
++++ b/configure.ac
+@@ -3841,6 +3841,30 @@
+ AC_SUBST([GSSLIBS])
+ AC_SUBST([K5LIBS])
+ 
++# Check whether user wants ConsoleKit support
++CONSOLEKIT_MSG="no"
++LIBCK_CONNECTOR=""
++AC_ARG_WITH(consolekit,
++       [  --with-consolekit       Enable ConsoleKit support],
++       [ if test "x$withval" != "xno" ; then
++               AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
++               if test "$PKGCONFIG" != "no"; then
++                       AC_MSG_CHECKING([for ck-connector])
++                       if $PKGCONFIG --exists ck-connector; then
++                               CKCON_CFLAGS=`$PKGCONFIG --cflags ck-connector`
++                               CKCON_LIBS=`$PKGCONFIG --libs ck-connector`
++                               CPPFLAGS="$CPPFLAGS $CKCON_CFLAGS"
++                               SSHDLIBS="$SSHDLIBS $CKCON_LIBS"
++                               AC_MSG_RESULT([yes])
++                               AC_DEFINE(USE_CONSOLEKIT, 1, [Define if you want ConsoleKit support.])
++                               CONSOLEKIT_MSG="yes"
++                       else
++                               AC_MSG_RESULT([no])
++                       fi
++               fi
++       fi ]
++)
++
+ # Looking for programs, paths and files
+ 
+ PRIVSEP_PATH=/var/empty
+@@ -4641,6 +4665,7 @@
+ echo "                   libedit support: $LIBEDIT_MSG"
+ echo "  Solaris process contract support: $SPC_MSG"
+ echo "           Solaris project support: $SP_MSG"
++echo "                ConsoleKit support: $CONSOLEKIT_MSG"
+ echo "       IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
+ echo "           Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
+ echo "                  BSD Auth support: $BSD_AUTH_MSG"
+Index: b/configure
+===================================================================
+--- a/configure
++++ b/configure
+@@ -738,6 +738,7 @@
+ with_sandbox
+ with_selinux
+ with_kerberos5
++with_consolekit
+ with_privsep_path
+ with_xauth
+ enable_strip
+@@ -1428,6 +1429,7 @@
+   --with-sandbox=style    Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter)
+   --with-selinux          Enable SELinux support
+   --with-kerberos5=PATH   Enable Kerberos 5 support
++  --with-consolekit       Enable ConsoleKit support
+   --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)
+   --with-xauth=PATH       Specify path to xauth program
+   --with-maildir=/path/to/mail    Specify your system mail directory
+@@ -16375,6 +16377,135 @@
+ 
+ 
+ 
++# Check whether user wants ConsoleKit support
++CONSOLEKIT_MSG="no"
++LIBCK_CONNECTOR=""
++
++# Check whether --with-consolekit was given.
++if test "${with_consolekit+set}" = set; then :
++  withval=$with_consolekit;  if test "x$withval" != "xno" ; then
++               if test -n "$ac_tool_prefix"; then
++  # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args.
++set dummy ${ac_tool_prefix}pkg-config; ac_word=$2
++{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
++$as_echo_n "checking for $ac_word... " >&6; }
++if ${ac_cv_path_PKGCONFIG+:} false; then :
++  $as_echo_n "(cached) " >&6
++else
++  case $PKGCONFIG in
++  [\\/]* | ?:[\\/]*)
++  ac_cv_path_PKGCONFIG="$PKGCONFIG" # Let the user override the test with a path.
++  ;;
++  *)
++  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
++for as_dir in $PATH
++do
++  IFS=$as_save_IFS
++  test -z "$as_dir" && as_dir=.
++    for ac_exec_ext in '' $ac_executable_extensions; do
++  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
++    ac_cv_path_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext"
++    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
++    break 2
++  fi
++done
++  done
++IFS=$as_save_IFS
++
++  ;;
++esac
++fi
++PKGCONFIG=$ac_cv_path_PKGCONFIG
++if test -n "$PKGCONFIG"; then
++  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKGCONFIG" >&5
++$as_echo "$PKGCONFIG" >&6; }
++else
++  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
++$as_echo "no" >&6; }
++fi
++
++
++fi
++if test -z "$ac_cv_path_PKGCONFIG"; then
++  ac_pt_PKGCONFIG=$PKGCONFIG
++  # Extract the first word of "pkg-config", so it can be a program name with args.
++set dummy pkg-config; ac_word=$2
++{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
++$as_echo_n "checking for $ac_word... " >&6; }
++if ${ac_cv_path_ac_pt_PKGCONFIG+:} false; then :
++  $as_echo_n "(cached) " >&6
++else
++  case $ac_pt_PKGCONFIG in
++  [\\/]* | ?:[\\/]*)
++  ac_cv_path_ac_pt_PKGCONFIG="$ac_pt_PKGCONFIG" # Let the user override the test with a path.
++  ;;
++  *)
++  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
++for as_dir in $PATH
++do
++  IFS=$as_save_IFS
++  test -z "$as_dir" && as_dir=.
++    for ac_exec_ext in '' $ac_executable_extensions; do
++  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
++    ac_cv_path_ac_pt_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext"
++    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
++    break 2
++  fi
++done
++  done
++IFS=$as_save_IFS
++
++  ;;
++esac
++fi
++ac_pt_PKGCONFIG=$ac_cv_path_ac_pt_PKGCONFIG
++if test -n "$ac_pt_PKGCONFIG"; then
++  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKGCONFIG" >&5
++$as_echo "$ac_pt_PKGCONFIG" >&6; }
++else
++  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
++$as_echo "no" >&6; }
++fi
++
++  if test "x$ac_pt_PKGCONFIG" = x; then
++    PKGCONFIG="no"
++  else
++    case $cross_compiling:$ac_tool_warned in
++yes:)
++{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
++$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
++ac_tool_warned=yes ;;
++esac
++    PKGCONFIG=$ac_pt_PKGCONFIG
++  fi
++else
++  PKGCONFIG="$ac_cv_path_PKGCONFIG"
++fi
++
++               if test "$PKGCONFIG" != "no"; then
++                       { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ck-connector" >&5
++$as_echo_n "checking for ck-connector... " >&6; }
++                       if $PKGCONFIG --exists ck-connector; then
++                               CKCON_CFLAGS=`$PKGCONFIG --cflags ck-connector`
++                               CKCON_LIBS=`$PKGCONFIG --libs ck-connector`
++                               CPPFLAGS="$CPPFLAGS $CKCON_CFLAGS"
++                               SSHDLIBS="$SSHDLIBS $CKCON_LIBS"
++                               { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
++$as_echo "yes" >&6; }
++
++$as_echo "#define USE_CONSOLEKIT 1" >>confdefs.h
++
++                               CONSOLEKIT_MSG="yes"
++                       else
++                               { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
++$as_echo "no" >&6; }
++                       fi
++               fi
++       fi
++
++fi
++
++
+ # Looking for programs, paths and files
+ 
+ PRIVSEP_PATH=/var/empty
+@@ -18902,6 +19033,7 @@
+ echo "                   libedit support: $LIBEDIT_MSG"
+ echo "  Solaris process contract support: $SPC_MSG"
+ echo "           Solaris project support: $SP_MSG"
++echo "                ConsoleKit support: $CONSOLEKIT_MSG"
+ echo "       IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
+ echo "           Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
+ echo "                  BSD Auth support: $BSD_AUTH_MSG"
+Index: b/consolekit.c
+===================================================================
+--- /dev/null
++++ b/consolekit.c
+@@ -0,0 +1,240 @@
++/*
++ * Copyright (c) 2008 Colin Watson.  All rights reserved.
++ *
++ * Permission to use, copy, modify, and distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
++ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
++ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
++ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++ */
++/*
++ * Loosely based on pam-ck-connector, which is:
++ *
++ * Copyright (c) 2007 David Zeuthen <davidz@redhat.com>
++ *
++ * Permission is hereby granted, free of charge, to any person
++ * obtaining a copy of this software and associated documentation
++ * files (the "Software"), to deal in the Software without
++ * restriction, including without limitation the rights to use,
++ * copy, modify, merge, publish, distribute, sublicense, and/or sell
++ * copies of the Software, and to permit persons to whom the
++ * Software is furnished to do so, subject to the following
++ * conditions:
++ *
++ * The above copyright notice and this permission notice shall be
++ * included in all copies or substantial portions of the Software.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
++ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
++ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
++ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
++ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
++ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
++ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
++ * OTHER DEALINGS IN THE SOFTWARE.
++ */
++
++#include "includes.h"
++
++#ifdef USE_CONSOLEKIT
++
++#include <ck-connector.h>
++
++#include "openbsd-compat/sys-queue.h"
++#include "xmalloc.h"
++#include "channels.h"
++#include "key.h"
++#include "hostfile.h"
++#include "auth.h"
++#include "log.h"
++#include "servconf.h"
++#include "canohost.h"
++#include "session.h"
++#include "consolekit.h"
++
++extern ServerOptions options;
++extern u_int utmp_len;
++
++void
++set_active(const char *cookie)
++{
++       DBusError err;
++       DBusConnection *connection;
++       DBusMessage *message = NULL, *reply = NULL;
++       char *sid;
++       DBusMessageIter iter, subiter;
++       const char *interface, *property;
++       dbus_bool_t active;
++
++       dbus_error_init(&err);
++       connection = dbus_bus_get_private(DBUS_BUS_SYSTEM, &err);
++       if (!connection) {
++               if (dbus_error_is_set(&err)) {
++                       error("unable to open DBus connection: %s",
++                           err.message);
++                       dbus_error_free(&err);
++               }
++               goto out;
++       }
++       dbus_connection_set_exit_on_disconnect(connection, FALSE);
++
++       message = dbus_message_new_method_call("org.freedesktop.ConsoleKit",
++           "/org/freedesktop/ConsoleKit/Manager",
++           "org.freedesktop.ConsoleKit.Manager",
++           "GetSessionForCookie");
++       if (!message)
++               goto out;
++       if (!dbus_message_append_args(message, DBUS_TYPE_STRING, &cookie,
++           DBUS_TYPE_INVALID)) {
++               if (dbus_error_is_set(&err)) {
++                       error("unable to get current session: %s",
++                           err.message);
++                       dbus_error_free(&err);
++               }
++               goto out;
++       }
++
++       dbus_error_init(&err);
++       reply = dbus_connection_send_with_reply_and_block(connection, message,
++           -1, &err);
++       if (!reply) {
++               if (dbus_error_is_set(&err)) {
++                       error("unable to get current session: %s",
++                           err.message);
++                       dbus_error_free(&err);
++               }
++               goto out;
++       }
++
++       dbus_error_init(&err);
++       if (!dbus_message_get_args(reply, &err,
++           DBUS_TYPE_OBJECT_PATH, &sid,
++           DBUS_TYPE_INVALID)) {
++               if (dbus_error_is_set(&err)) {
++                       error("unable to get current session: %s",
++                           err.message);
++                       dbus_error_free(&err);
++               }
++               goto out;
++       }
++       dbus_message_unref(reply);
++       dbus_message_unref(message);
++       message = reply = NULL;
++
++       message = dbus_message_new_method_call("org.freedesktop.ConsoleKit",
++           sid, "org.freedesktop.DBus.Properties", "Set");
++       if (!message)
++               goto out;
++       interface = "org.freedesktop.ConsoleKit.Session";
++       property = "active";
++       if (!dbus_message_append_args(message,
++           DBUS_TYPE_STRING, &interface, DBUS_TYPE_STRING, &property,
++           DBUS_TYPE_INVALID))
++               goto out;
++       dbus_message_iter_init_append(message, &iter);
++       if (!dbus_message_iter_open_container(&iter, DBUS_TYPE_VARIANT,
++           DBUS_TYPE_BOOLEAN_AS_STRING, &subiter))
++               goto out;
++       active = TRUE;
++       if (!dbus_message_iter_append_basic(&subiter, DBUS_TYPE_BOOLEAN,
++           &active))
++               goto out;
++       if (!dbus_message_iter_close_container(&iter, &subiter))
++               goto out;
++
++       dbus_error_init(&err);
++       reply = dbus_connection_send_with_reply_and_block(connection, message,
++           -1, &err);
++       if (!reply) {
++               if (dbus_error_is_set(&err)) {
++                       error("unable to make current session active: %s",
++                           err.message);
++                       dbus_error_free(&err);
++               }
++               goto out;
++       }
++
++out:
++       if (reply)
++               dbus_message_unref(reply);
++       if (message)
++               dbus_message_unref(message);
++}
++
++/*
++ * We pass display separately rather than using s->display because the
++ * latter is not available in the monitor when using privsep.
++ */
++
++char *
++consolekit_register(Session *s, const char *display)
++{
++       DBusError err;
++       const char *tty = s->tty;
++       const char *remote_host_name;
++       dbus_bool_t is_local = FALSE;
++       const char *cookie = NULL;
++
++       if (s->ckc) {
++               debug("already registered with ConsoleKit");
++               return xstrdup(ck_connector_get_cookie(s->ckc));
++       }
++
++       s->ckc = ck_connector_new();
++       if (!s->ckc) {
++               error("ck_connector_new failed");
++               return NULL;
++       }
++
++       if (!tty)
++               tty = "";
++       if (!display)
++               display = "";
++       remote_host_name = get_remote_name_or_ip(utmp_len, options.use_dns);
++       if (!remote_host_name)
++               remote_host_name = "";
++
++       dbus_error_init(&err);
++       if (!ck_connector_open_session_with_parameters(s->ckc, &err,
++           "unix-user", &s->pw->pw_uid,
++           "display-device", &tty,
++           "x11-display", &display,
++           "remote-host-name", &remote_host_name,
++           "is-local", &is_local,
++           NULL)) {
++               if (dbus_error_is_set(&err)) {
++                       debug("%s", err.message);
++                       dbus_error_free(&err);
++               } else {
++                       debug("insufficient privileges or D-Bus / ConsoleKit "
++                           "not available");
++               }
++               return NULL;
++       }
++
++       debug("registered uid=%d on tty='%s' with ConsoleKit",
++           s->pw->pw_uid, s->tty);
++
++       cookie = ck_connector_get_cookie(s->ckc);
++       set_active(cookie);
++       return xstrdup(cookie);
++}
++
++void
++consolekit_unregister(Session *s)
++{
++       if (s->ckc) {
++               debug("unregistering ConsoleKit session %s",
++                   ck_connector_get_cookie(s->ckc));
++               ck_connector_unref(s->ckc);
++               s->ckc = NULL;
++       }
++}
++
++#endif /* USE_CONSOLEKIT */
+Index: b/consolekit.h
+===================================================================
+--- /dev/null
++++ b/consolekit.h
+@@ -0,0 +1,24 @@
++/*
++ * Copyright (c) 2008 Colin Watson.  All rights reserved.
++ *
++ * Permission to use, copy, modify, and distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
++ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
++ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
++ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++ */
++
++#ifdef USE_CONSOLEKIT
++
++struct Session;
++
++char *  consolekit_register(struct Session *, const char *);
++void    consolekit_unregister(struct Session *);
++
++#endif /* USE_CONSOLEKIT */
+Index: b/monitor.c
+===================================================================
+--- a/monitor.c
++++ b/monitor.c
+@@ -98,6 +98,9 @@
+ #include "jpake.h"
+ #include "roaming.h"
+ #include "authfd.h"
++#ifdef USE_CONSOLEKIT
++#include "consolekit.h"
++#endif
+ 
+ #ifdef GSSAPI
+ static Gssctxt *gsscontext = NULL;
+@@ -193,6 +196,10 @@
+ 
+ static int monitor_read_log(struct monitor *);
+ 
++#ifdef USE_CONSOLEKIT
++int mm_answer_consolekit_register(int, Buffer *);
++#endif
++
+ static Authctxt *authctxt;
+ static BIGNUM *ssh1_challenge = NULL;  /* used for ssh1 rsa auth */
+ 
+@@ -285,6 +292,9 @@
+     {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
+     {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command},
+ #endif
++#ifdef USE_CONSOLEKIT
++    {MONITOR_REQ_CONSOLEKIT_REGISTER, 0, mm_answer_consolekit_register},
++#endif
+     {0, 0, NULL}
+ };
+ 
+@@ -327,6 +337,9 @@
+     {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
+     {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command},
+ #endif
++#ifdef USE_CONSOLEKIT
++    {MONITOR_REQ_CONSOLEKIT_REGISTER, 0, mm_answer_consolekit_register},
++#endif
+     {0, 0, NULL}
+ };
+ 
+@@ -514,6 +527,9 @@
+                monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1);
+                monitor_permit(mon_dispatch, MONITOR_REQ_PTYCLEANUP, 1);
+        }
++#ifdef USE_CONSOLEKIT
++       monitor_permit(mon_dispatch, MONITOR_REQ_CONSOLEKIT_REGISTER, 1);
++#endif
+ 
+        for (;;)
+                monitor_read(pmonitor, mon_dispatch, NULL);
+@@ -2492,3 +2508,30 @@
+ }
+ 
+ #endif /* JPAKE */
++
++#ifdef USE_CONSOLEKIT
++int
++mm_answer_consolekit_register(int sock, Buffer *m)
++{
++       Session *s;
++       char *tty, *display;
++       char *cookie = NULL;
++
++       debug3("%s entering", __func__);
++
++       tty = buffer_get_string(m, NULL);
++       display = buffer_get_string(m, NULL);
++       s = session_by_tty(tty);
++       if (s != NULL)
++               cookie = consolekit_register(s, display);
++       buffer_clear(m);
++       buffer_put_cstring(m, cookie != NULL ? cookie : "");
++       mm_request_send(sock, MONITOR_ANS_CONSOLEKIT_REGISTER, m);
++
++       free(cookie);
++       free(display);
++       free(tty);
++
++       return (0);
++}
++#endif /* USE_CONSOLEKIT */
+Index: b/monitor.h
+===================================================================
+--- a/monitor.h
++++ b/monitor.h
+@@ -75,6 +75,8 @@
+ 
+        MONITOR_REQ_AUTHROLE = 154,
+ 
++       MONITOR_REQ_CONSOLEKIT_REGISTER = 156, MONITOR_ANS_CONSOLEKIT_REGISTER = 157,
++
+ };
+ 
+ struct mm_master;
+Index: b/monitor_wrap.c
+===================================================================
+--- a/monitor_wrap.c
++++ b/monitor_wrap.c
+@@ -1516,3 +1516,34 @@
+        return success;
+ }
+ #endif /* JPAKE */
++
++#ifdef USE_CONSOLEKIT
++char *
++mm_consolekit_register(Session *s, const char *display)
++{
++       Buffer m;
++       char *cookie;
++
++       debug3("%s entering", __func__);
++
++       if (s->ttyfd == -1)
++               return NULL;
++       buffer_init(&m);
++       buffer_put_cstring(&m, s->tty);
++       buffer_put_cstring(&m, display != NULL ? display : "");
++       mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_CONSOLEKIT_REGISTER, &m);
++       buffer_clear(&m);
++
++       mm_request_receive_expect(pmonitor->m_recvfd,
++           MONITOR_ANS_CONSOLEKIT_REGISTER, &m);
++       cookie = buffer_get_string(&m, NULL);
++       buffer_free(&m);
++
++       /* treat empty cookie as missing cookie */
++       if (strlen(cookie) == 0) {
++               free(cookie);
++               cookie = NULL;
++       }
++       return (cookie);
++}
++#endif /* USE_CONSOLEKIT */
+Index: b/monitor_wrap.h
+===================================================================
+--- a/monitor_wrap.h
++++ b/monitor_wrap.h
+@@ -131,4 +131,8 @@
+ void mm_zfree(struct mm_master *, void *);
+ void mm_init_compression(struct mm_master *);
+ 
++#ifdef USE_CONSOLEKIT
++char *mm_consolekit_register(struct Session *, const char *);
++#endif /* USE_CONSOLEKIT */
++
+ #endif /* _MM_WRAP_H_ */
+Index: b/session.c
+===================================================================
+--- a/session.c
++++ b/session.c
+@@ -92,6 +92,7 @@
+ #include "kex.h"
+ #include "monitor_wrap.h"
+ #include "sftp.h"
++#include "consolekit.h"
+ 
+ #if defined(KRB5) && defined(USE_AFS)
+ #include <kafs.h>
+@@ -1132,6 +1133,9 @@
+ #if !defined (HAVE_LOGIN_CAP) && !defined (HAVE_CYGWIN)
+        char *path = NULL;
+ #endif
++#ifdef USE_CONSOLEKIT
++       const char *ckcookie = NULL;
++#endif /* USE_CONSOLEKIT */
+ 
+        /* Initialize the environment. */
+        envsize = 100;
+@@ -1276,6 +1280,11 @@
+                child_set_env(&env, &envsize, "KRB5CCNAME",
+                    s->authctxt->krb5_ccname);
+ #endif
++#ifdef USE_CONSOLEKIT
++       ckcookie = PRIVSEP(consolekit_register(s, s->display));
++       if (ckcookie)
++               child_set_env(&env, &envsize, "XDG_SESSION_COOKIE", ckcookie);
++#endif /* USE_CONSOLEKIT */
+ #ifdef USE_PAM
+        /*
+         * Pull in any environment variables that may have
+@@ -2320,6 +2329,10 @@
+ 
+        debug("session_pty_cleanup: session %d release %s", s->self, s->tty);
+ 
++#ifdef USE_CONSOLEKIT
++       consolekit_unregister(s);
++#endif /* USE_CONSOLEKIT */
++
+        /* Record that the user has logged out. */
+        if (s->pid != 0)
+                record_logout(s->pid, s->tty, s->pw->pw_name);
+Index: b/session.h
+===================================================================
+--- a/session.h
++++ b/session.h
+@@ -26,6 +26,8 @@
+ #ifndef SESSION_H
+ #define SESSION_H
+ 
++struct _CkConnector;
++
+ #define TTYSZ 64
+ typedef struct Session Session;
+ struct Session {
+@@ -60,6 +62,10 @@
+                char    *name;
+                char    *val;
+        } *env;
++
++#ifdef USE_CONSOLEKIT
++       struct _CkConnector *ckc;
++#endif /* USE_CONSOLEKIT */
+ };
+ 
+ void    do_authenticated(Authctxt *);
diff --git a/debian/patches/debian-banner.patch b/debian/patches/debian-banner.patch
new file mode 100644
index 000000000..981cdd697
--- /dev/null
+++ b/debian/patches/debian-banner.patch
@@ -0,0 +1,99 @@
+Description: Add DebianBanner server configuration option
+ Setting this to "no" causes sshd to omit the Debian revision from its
+ initial protocol handshake, for those scared by package-versioning.patch.
+Author: Kees Cook <kees@debian.org>
+Bug-Debian: http://bugs.debian.org/562048
+Forwarded: not-needed
+Last-Update: 2013-09-14
+
+Index: b/servconf.c
+===================================================================
+--- a/servconf.c
++++ b/servconf.c
+@@ -157,6 +157,7 @@
+        options->ip_qos_interactive = -1;
+        options->ip_qos_bulk = -1;
+        options->version_addendum = NULL;
++       options->debian_banner = -1;
+ }
+ 
+ void
+@@ -310,6 +311,8 @@
+                options->ip_qos_bulk = IPTOS_THROUGHPUT;
+        if (options->version_addendum == NULL)
+                options->version_addendum = xstrdup("");
++       if (options->debian_banner == -1)
++               options->debian_banner = 1;
+        /* Turn privilege separation on by default */
+        if (use_privsep == -1)
+                use_privsep = PRIVSEP_NOSANDBOX;
+@@ -360,6 +363,7 @@
+        sKexAlgorithms, sIPQoS, sVersionAddendum,
+        sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
+        sAuthenticationMethods, sHostKeyAgent,
++       sDebianBanner,
+        sDeprecated, sUnsupported
+ } ServerOpCodes;
+ 
+@@ -501,6 +505,7 @@
+        { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL },
+        { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL },
+        { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL },
++       { "debianbanner", sDebianBanner, SSHCFG_GLOBAL },
+        { NULL, sBadOption, 0 }
+ };
+ 
+@@ -1648,6 +1653,10 @@
+                }
+                return 0;
+ 
++       case sDebianBanner:
++               intptr = &options->debian_banner;
++               goto parse_int;
++
+        case sDeprecated:
+                logit("%s line %d: Deprecated option %s",
+                    filename, linenum, arg);
+Index: b/servconf.h
+===================================================================
+--- a/servconf.h
++++ b/servconf.h
+@@ -188,6 +188,8 @@
+ 
+        u_int   num_auth_methods;
+        char   *auth_methods[MAX_AUTH_METHODS];
++
++       int     debian_banner;
+ }       ServerOptions;
+ 
+ /* Information about the incoming connection as used by Match */
+Index: b/sshd.c
+===================================================================
+--- a/sshd.c
++++ b/sshd.c
+@@ -440,7 +440,8 @@
+        }
+ 
+        xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
+-           major, minor, SSH_RELEASE,
++           major, minor,
++           options.debian_banner ? SSH_RELEASE : SSH_RELEASE_MINIMUM,
+            *options.version_addendum == '\0' ? "" : " ",
+            options.version_addendum, newline);
+ 
+Index: b/sshd_config.5
+===================================================================
+--- a/sshd_config.5
++++ b/sshd_config.5
+@@ -404,6 +404,11 @@
+ .Dq no .
+ The default is
+ .Dq delayed .
++.It Cm DebianBanner
++Specifies whether the distribution-specified extra version suffix is
++included during initial protocol handshake.
++The default is
++.Dq yes .
+ .It Cm DenyGroups
+ This keyword can be followed by a list of group name patterns, separated
+ by spaces.
diff --git a/debian/patches/debian-config.patch b/debian/patches/debian-config.patch
new file mode 100644
index 000000000..d005bdc2e
--- /dev/null
+++ b/debian/patches/debian-config.patch
@@ -0,0 +1,146 @@
+Description: Various Debian-specific configuration changes
+ ssh: Enable ForwardX11Trusted, returning to earlier semantics which cause
+ fewer problems with existing setups (http://bugs.debian.org/237021).
+ .
+ ssh: Set 'SendEnv LANG LC_*' by default (http://bugs.debian.org/264024).
+ .
+ ssh: Enable HashKnownHosts by default to try to limit the spread of ssh
+ worms.
+ .
+ ssh: Enable GSSAPIAuthentication and disable GSSAPIDelegateCredentials by
+ default.
+ .
+ sshd: Refer to /usr/share/doc/openssh-server/README.Debian.gz alongside
+ PermitRootLogin default.
+ .
+ Document all of this, along with several sshd defaults set in
+ debian/openssh-server.postinst.
+Author: Colin Watson <cjwatson@debian.org>
+Author: Russ Allbery <rra@debian.org>
+Forwarded: not-needed
+Last-Update: 2013-09-14
+
+Index: b/readconf.c
+===================================================================
+--- a/readconf.c
++++ b/readconf.c
+@@ -1298,7 +1298,7 @@
+        if (options->forward_x11 == -1)
+                options->forward_x11 = 0;
+        if (options->forward_x11_trusted == -1)
+-               options->forward_x11_trusted = 0;
++               options->forward_x11_trusted = 1;
+        if (options->forward_x11_timeout == -1)
+                options->forward_x11_timeout = 1200;
+        if (options->exit_on_forward_failure == -1)
+Index: b/ssh_config
+===================================================================
+--- a/ssh_config
++++ b/ssh_config
+@@ -17,9 +17,10 @@
+ # list of available options, their meanings and defaults, please see the
+ # ssh_config(5) man page.
+ 
+-# Host *
++Host *
+ #   ForwardAgent no
+ #   ForwardX11 no
++#   ForwardX11Trusted yes
+ #   RhostsRSAAuthentication no
+ #   RSAAuthentication yes
+ #   PasswordAuthentication yes
+@@ -48,3 +49,7 @@
+ #   VisualHostKey no
+ #   ProxyCommand ssh -q -W %h:%p gateway.example.com
+ #   RekeyLimit 1G 1h
++    SendEnv LANG LC_*
++    HashKnownHosts yes
++    GSSAPIAuthentication yes
++    GSSAPIDelegateCredentials no
+Index: b/ssh_config.5
+===================================================================
+--- a/ssh_config.5
++++ b/ssh_config.5
+@@ -71,6 +71,22 @@
+ host-specific declarations should be given near the beginning of the
+ file, and general defaults at the end.
+ .Pp
++Note that the Debian
++.Ic openssh-client
++package sets several options as standard in
++.Pa /etc/ssh/ssh_config
++which are not the default in
++.Xr ssh 1 :
++.Pp
++.Bl -bullet -offset indent -compact
++.It
++.Cm SendEnv No LANG LC_*
++.It
++.Cm HashKnownHosts No yes
++.It
++.Cm GSSAPIAuthentication No yes
++.El
++.Pp
+ The configuration file has the following format:
+ .Pp
+ Empty lines and lines starting with
+@@ -501,7 +517,8 @@
+ Remote clients will be refused access after this time.
+ .Pp
+ The default is
+-.Dq no .
++.Dq yes
++(Debian-specific).
+ .Pp
+ See the X11 SECURITY extension specification for full details on
+ the restrictions imposed on untrusted clients.
+Index: b/sshd_config
+===================================================================
+--- a/sshd_config
++++ b/sshd_config
+@@ -40,6 +40,7 @@
+ # Authentication:
+ 
+ #LoginGraceTime 2m
++# See /usr/share/doc/openssh-server/README.Debian.gz.
+ #PermitRootLogin yes
+ #StrictModes yes
+ #MaxAuthTries 6
+Index: b/sshd_config.5
+===================================================================
+--- a/sshd_config.5
++++ b/sshd_config.5
+@@ -57,6 +57,33 @@
+ .Pq \&"
+ in order to represent arguments containing spaces.
+ .Pp
++Note that the Debian
++.Ic openssh-server
++package sets several options as standard in
++.Pa /etc/ssh/sshd_config
++which are not the default in
++.Xr sshd 8 .
++The exact list depends on whether the package was installed fresh or
++upgraded from various possible previous versions, but includes at least the
++following:
++.Pp
++.Bl -bullet -offset indent -compact
++.It
++.Cm Protocol No 2
++.It
++.Cm ChallengeResponseAuthentication No no
++.It
++.Cm X11Forwarding No yes
++.It
++.Cm PrintMotd No no
++.It
++.Cm AcceptEnv No LANG LC_*
++.It
++.Cm Subsystem No sftp /usr/lib/openssh/sftp-server
++.It
++.Cm UsePAM No yes
++.El
++.Pp
+ The possible
+ keywords and their meanings are as follows (note that
+ keywords are case-insensitive and arguments are case-sensitive):
diff --git a/debian/patches/dnssec-sshfp.patch b/debian/patches/dnssec-sshfp.patch
new file mode 100644
index 000000000..0615de097
--- /dev/null
+++ b/debian/patches/dnssec-sshfp.patch
@@ -0,0 +1,82 @@
+Description: Force use of DNSSEC even if "options edns0" isn't in resolv.conf
+ This allows SSHFP DNS records to be verified if glibc 2.11 is installed.
+Origin: vendor, https://cvs.fedoraproject.org/viewvc/F-12/openssh/openssh-5.2p1-edns.patch?revision=1.1&view=markup
+Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572049
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572049
+Last-Update: 2010-04-06
+
+Index: b/dns.c
+===================================================================
+--- a/dns.c
++++ b/dns.c
+@@ -196,6 +196,7 @@
+ {
+        u_int counter;
+        int result;
++       unsigned int rrset_flags = 0;
+        struct rrsetinfo *fingerprints = NULL;
+ 
+        u_int8_t hostkey_algorithm;
+@@ -219,8 +220,19 @@
+                return -1;
+        }
+ 
++       /*
++        * Original getrrsetbyname function, found on OpenBSD for example,
++        * doesn't accept any flag and prerequisite for obtaining AD bit in
++        * DNS response is set by "options edns0" in resolv.conf.
++        *
++        * Our version is more clever and use RRSET_FORCE_EDNS0 flag.
++        */
++#ifndef HAVE_GETRRSETBYNAME
++       rrset_flags |= RRSET_FORCE_EDNS0;
++#endif
+        result = getrrsetbyname(hostname, DNS_RDATACLASS_IN,
+-           DNS_RDATATYPE_SSHFP, 0, &fingerprints);
++           DNS_RDATATYPE_SSHFP, rrset_flags, &fingerprints);
++
+        if (result) {
+                verbose("DNS lookup error: %s", dns_result_totext(result));
+                return -1;
+Index: b/openbsd-compat/getrrsetbyname.c
+===================================================================
+--- a/openbsd-compat/getrrsetbyname.c
++++ b/openbsd-compat/getrrsetbyname.c
+@@ -209,8 +209,8 @@
+                goto fail;
+        }
+ 
+-       /* don't allow flags yet, unimplemented */
+-       if (flags) {
++       /* Allow RRSET_FORCE_EDNS0 flag only. */
++       if ((flags & !RRSET_FORCE_EDNS0) != 0) {
+                result = ERRSET_INVAL;
+                goto fail;
+        }
+@@ -226,9 +226,9 @@
+ #endif /* DEBUG */
+ 
+ #ifdef RES_USE_DNSSEC
+-       /* turn on DNSSEC if EDNS0 is configured */
+-       if (_resp->options & RES_USE_EDNS0)
+-               _resp->options |= RES_USE_DNSSEC;
++       /* turn on DNSSEC if required  */
++       if (flags & RRSET_FORCE_EDNS0)
++               _resp->options |= (RES_USE_EDNS0|RES_USE_DNSSEC);
+ #endif /* RES_USE_DNSEC */
+ 
+        /* make query */
+Index: b/openbsd-compat/getrrsetbyname.h
+===================================================================
+--- a/openbsd-compat/getrrsetbyname.h
++++ b/openbsd-compat/getrrsetbyname.h
+@@ -72,6 +72,9 @@
+ #ifndef RRSET_VALIDATED
+ # define RRSET_VALIDATED       1
+ #endif
++#ifndef RRSET_FORCE_EDNS0
++# define RRSET_FORCE_EDNS0     0x0001
++#endif
+ 
+ /*
+  * Return codes for getrrsetbyname()
diff --git a/debian/patches/doc-hash-tab-completion.patch b/debian/patches/doc-hash-tab-completion.patch
new file mode 100644
index 000000000..4c197323c
--- /dev/null
+++ b/debian/patches/doc-hash-tab-completion.patch
@@ -0,0 +1,20 @@
+Description: Document that HashKnownHosts may break tab-completion
+Author: Colin Watson <cjwatson@debian.org>
+Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1727
+Bug-Debian: http://bugs.debian.org/430154
+Last-Update: 2013-09-14
+
+Index: b/ssh_config.5
+===================================================================
+--- a/ssh_config.5
++++ b/ssh_config.5
+@@ -587,6 +587,9 @@
+ will not be converted automatically,
+ but may be manually hashed using
+ .Xr ssh-keygen 1 .
++Use of this option may break facilities such as tab-completion that rely
++on being able to read unhashed host names from
++.Pa ~/.ssh/known_hosts .
+ .It Cm HostbasedAuthentication
+ Specifies whether to try rhosts based authentication with public key
+ authentication.
diff --git a/debian/patches/doc-upstart.patch b/debian/patches/doc-upstart.patch
new file mode 100644
index 000000000..a471f9c4c
--- /dev/null
+++ b/debian/patches/doc-upstart.patch
@@ -0,0 +1,21 @@
+Description: Refer to ssh's Upstart job as well as its init script
+Author: Colin Watson <cjwatson@ubuntu.com>
+Forwarded: not-needed
+Last-Update: 2013-09-14
+
+Index: b/sshd.8
+===================================================================
+--- a/sshd.8
++++ b/sshd.8
+@@ -70,7 +70,10 @@
+ .Nm
+ listens for connections from clients.
+ It is normally started at boot from
+-.Pa /etc/init.d/ssh .
++.Pa /etc/init.d/ssh
++(or
++.Pa /etc/init/ssh.conf
++on systems using the Upstart init daemon).
+ It forks a new
+ daemon for each incoming connection.
+ The forked daemons handle
diff --git a/debian/patches/gnome-ssh-askpass2-icon.patch b/debian/patches/gnome-ssh-askpass2-icon.patch
new file mode 100644
index 000000000..96bbf3a09
--- /dev/null
+++ b/debian/patches/gnome-ssh-askpass2-icon.patch
@@ -0,0 +1,18 @@
+Description: Give the ssh-askpass-gnome window a default icon
+Author: Vincent Untz <vuntz@ubuntu.com>
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/27152
+Last-Update: 2010-02-28
+
+Index: b/contrib/gnome-ssh-askpass2.c
+===================================================================
+--- a/contrib/gnome-ssh-askpass2.c
++++ b/contrib/gnome-ssh-askpass2.c
+@@ -209,6 +209,8 @@
+ 
+        gtk_init(&argc, &argv);
+ 
++       gtk_window_set_default_icon_from_file ("/usr/share/pixmaps/ssh-askpass-gnome.png", NULL);
++
+        if (argc > 1) {
+                message = g_strjoinv(" ", argv + 1);
+        } else {
diff --git a/debian/patches/gssapi.patch b/debian/patches/gssapi.patch
new file mode 100644
index 000000000..85c6722f0
--- /dev/null
+++ b/debian/patches/gssapi.patch
@@ -0,0 +1,3088 @@
+Description: GSSAPI key exchange support
+ This patch has been rejected upstream: "None of the OpenSSH developers are
+ in favour of adding this, and this situation has not changed for several
+ years.  This is not a slight on Simon's patch, which is of fine quality,
+ but just that a) we don't trust GSSAPI implementations that much and b) we
+ don't like adding new KEX since they are pre-auth attack surface.  This one
+ is particularly scary, since it requires hooks out to typically root-owned
+ system resources."
+ .
+ However, quite a lot of people rely on this in Debian, and it's better to
+ have it merged into the main openssh package rather than having separate
+ -krb5 packages (as we used to have).  It seems to have a generally good
+ security history.
+Author: Simon Wilkinson <simon@sxw.org.uk>
+Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
+Last-Updated: 2013-09-14
+
+Index: b/ChangeLog.gssapi
+===================================================================
+--- /dev/null
++++ b/ChangeLog.gssapi
+@@ -0,0 +1,113 @@
++20110101
++  - Finally update for OpenSSH 5.6p1
++  - Add GSSAPIServerIdentity option from Jim Basney
++ 
++20100308
++  - [ Makefile.in, key.c, key.h ]
++    Updates for OpenSSH 5.4p1
++  - [ servconf.c ]
++    Include GSSAPI options in the sshd -T configuration dump, and flag
++    some older configuration options as being unsupported. Thanks to Colin 
++    Watson.
++  -
++
++20100124
++  - [ sshconnect2.c ]
++    Adapt to deal with additional element in Authmethod structure. Thanks to
++    Colin Watson
++
++20090615
++  - [ gss-genr.c gss-serv.c kexgssc.c kexgsss.c monitor.c sshconnect2.c
++      sshd.c ]
++    Fix issues identified by Greg Hudson following a code review
++       Check return value of gss_indicate_mechs
++       Protect GSSAPI calls in monitor, so they can only be used if enabled
++       Check return values of bignum functions in key exchange
++       Use BN_clear_free to clear other side's DH value
++       Make ssh_gssapi_id_kex more robust
++       Only configure kex table pointers if GSSAPI is enabled
++       Don't leak mechanism list, or gss mechanism list
++       Cast data.length before printing
++       If serverkey isn't provided, use an empty string, rather than NULL
++
++20090201
++  - [ gss-genr.c gss-serv.c kex.h kexgssc.c readconf.c readconf.h ssh-gss.h
++      ssh_config.5 sshconnet2.c ]
++    Add support for the GSSAPIClientIdentity option, which allows the user
++    to specify which GSSAPI identity to use to contact a given server
++
++20080404
++  - [ gss-serv.c ]
++    Add code to actually implement GSSAPIStrictAcceptCheck, which had somehow
++    been omitted from a previous version of this patch. Reported by Borislav
++    Stoichkov
++
++20070317
++  - [ gss-serv-krb5.c ]
++    Remove C99ism, where new_ccname was being declared in the middle of a 
++    function
++
++20061220
++  - [ servconf.c ]
++    Make default for GSSAPIStrictAcceptorCheck be Yes, to match previous, and 
++    documented, behaviour. Reported by Dan Watson.
++
++20060910
++  - [ gss-genr.c kexgssc.c kexgsss.c kex.h monitor.c sshconnect2.c sshd.c
++      ssh-gss.h ]
++    add support for gss-group14-sha1 key exchange mechanisms
++  - [ gss-serv.c servconf.c servconf.h sshd_config sshd_config.5 ]
++    Add GSSAPIStrictAcceptorCheck option to allow the disabling of
++    acceptor principal checking on multi-homed machines.
++    <Bugzilla #928>
++  - [ sshd_config ssh_config ]
++    Add settings for GSSAPIKeyExchange and GSSAPITrustDNS to the sample
++    configuration files
++  - [ kexgss.c kegsss.c sshconnect2.c sshd.c ]
++    Code cleanup. Replace strlen/xmalloc/snprintf sequences with xasprintf()
++    Limit length of error messages displayed by client
++
++20060909
++  - [ gss-genr.c gss-serv.c ]
++    move ssh_gssapi_acquire_cred() and ssh_gssapi_server_ctx to be server
++    only, where they belong 
++    <Bugzilla #1225>
++
++20060829
++  - [ gss-serv-krb5.c ]
++    Fix CCAPI credentials cache name when creating KRB5CCNAME environment 
++    variable
++
++20060828
++  - [ gss-genr.c ]
++    Avoid Heimdal context freeing problem
++    <Fixed upstream 20060829>
++
++20060818
++  - [ gss-genr.c ssh-gss.h sshconnect2.c ]
++    Make sure that SPENGO is disabled 
++    <Bugzilla #1218 - Fixed upstream 20060818>
++
++20060421
++  - [ gssgenr.c, sshconnect2.c ]
++    a few type changes (signed versus unsigned, int versus size_t) to
++    fix compiler errors/warnings 
++    (from jbasney AT ncsa.uiuc.edu)
++  - [ kexgssc.c, sshconnect2.c ]
++    fix uninitialized variable warnings
++    (from jbasney AT ncsa.uiuc.edu)
++  - [ gssgenr.c ]
++    pass oid to gss_display_status (helpful when using GSSAPI mechglue)
++    (from jbasney AT ncsa.uiuc.edu)
++    <Bugzilla #1220 >
++  - [ gss-serv-krb5.c ]
++    #ifdef HAVE_GSSAPI_KRB5 should be #ifdef HAVE_GSSAPI_KRB5_H
++    (from jbasney AT ncsa.uiuc.edu)
++    <Fixed upstream 20060304>
++  - [ readconf.c, readconf.h, ssh_config.5, sshconnect2.c 
++    add client-side GssapiKeyExchange option
++    (from jbasney AT ncsa.uiuc.edu)
++  - [ sshconnect2.c ]
++    add support for GssapiTrustDns option for gssapi-with-mic
++    (from jbasney AT ncsa.uiuc.edu)
++    <gssapi-with-mic support is Bugzilla #1008>
+Index: b/Makefile.in
+===================================================================
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -72,6 +72,7 @@
+        atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \
+        monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
+        kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \
++       kexgssc.o \
+        msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \
+        jpake.o schnorr.o ssh-pkcs11.o krl.o
+ 
+@@ -88,7 +89,7 @@
+        auth2-none.o auth2-passwd.o auth2-pubkey.o auth2-jpake.o \
+        monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o kexecdhs.o \
+        auth-krb5.o \
+-       auth2-gss.o gss-serv.o gss-serv-krb5.o \
++       auth2-gss.o gss-serv.o gss-serv-krb5.o kexgsss.o\
+        loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
+        sftp-server.o sftp-common.o \
+        roaming_common.o roaming_serv.o \
+Index: b/auth-krb5.c
+===================================================================
+--- a/auth-krb5.c
++++ b/auth-krb5.c
+@@ -181,8 +181,13 @@
+ 
+        len = strlen(authctxt->krb5_ticket_file) + 6;
+        authctxt->krb5_ccname = xmalloc(len);
++#ifdef USE_CCAPI
++       snprintf(authctxt->krb5_ccname, len, "API:%s",
++           authctxt->krb5_ticket_file);
++#else
+        snprintf(authctxt->krb5_ccname, len, "FILE:%s",
+            authctxt->krb5_ticket_file);
++#endif
+ 
+ #ifdef USE_PAM
+        if (options.use_pam)
+@@ -239,15 +244,22 @@
+ #ifndef HEIMDAL
+ krb5_error_code
+ ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) {
+-       int tmpfd, ret, oerrno;
++       int ret, oerrno;
+        char ccname[40];
+        mode_t old_umask;
++#ifdef USE_CCAPI
++       char cctemplate[] = "API:krb5cc_%d";
++#else
++       char cctemplate[] = "FILE:/tmp/krb5cc_%d_XXXXXXXXXX";
++       int tmpfd;
++#endif
+ 
+        ret = snprintf(ccname, sizeof(ccname),
+-           "FILE:/tmp/krb5cc_%d_XXXXXXXXXX", geteuid());
++           cctemplate, geteuid());
+        if (ret < 0 || (size_t)ret >= sizeof(ccname))
+                return ENOMEM;
+ 
++#ifndef USE_CCAPI
+        old_umask = umask(0177);
+        tmpfd = mkstemp(ccname + strlen("FILE:"));
+        oerrno = errno;
+@@ -264,6 +276,7 @@
+                return oerrno;
+        }
+        close(tmpfd);
++#endif
+ 
+        return (krb5_cc_resolve(ctx, ccname, ccache));
+ }
+Index: b/auth2-gss.c
+===================================================================
+--- a/auth2-gss.c
++++ b/auth2-gss.c
+@@ -1,7 +1,7 @@
+ /* $OpenBSD: auth2-gss.c,v 1.20 2013/05/17 00:13:13 djm Exp $ */
+ 
+ /*
+- * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
++ * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved.
+  *
+  * Redistribution and use in source and binary forms, with or without
+  * modification, are permitted provided that the following conditions
+@@ -52,6 +52,40 @@
+ static void input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt);
+ static void input_gssapi_errtok(int, u_int32_t, void *);
+ 
++/* 
++ * The 'gssapi_keyex' userauth mechanism.
++ */
++static int
++userauth_gsskeyex(Authctxt *authctxt)
++{
++       int authenticated = 0;
++       Buffer b;
++       gss_buffer_desc mic, gssbuf;
++       u_int len;
++
++       mic.value = packet_get_string(&len);
++       mic.length = len;
++
++       packet_check_eom();
++
++       ssh_gssapi_buildmic(&b, authctxt->user, authctxt->service,
++           "gssapi-keyex");
++
++       gssbuf.value = buffer_ptr(&b);
++       gssbuf.length = buffer_len(&b);
++
++       /* gss_kex_context is NULL with privsep, so we can't check it here */
++       if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gss_kex_context, 
++           &gssbuf, &mic))))
++               authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user,
++                   authctxt->pw));
++       
++       buffer_free(&b);
++       free(mic.value);
++
++       return (authenticated);
++}
++
+ /*
+  * We only support those mechanisms that we know about (ie ones that we know
+  * how to check local user kuserok and the like)
+@@ -240,7 +274,8 @@
+ 
+        packet_check_eom();
+ 
+-       authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user));
++       authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user,
++           authctxt->pw));
+ 
+        authctxt->postponed = 0;
+        dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
+@@ -275,7 +310,8 @@
+        gssbuf.length = buffer_len(&b);
+ 
+        if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic))))
+-               authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user));
++               authenticated = 
++                   PRIVSEP(ssh_gssapi_userok(authctxt->user, authctxt->pw));
+        else
+                logit("GSSAPI MIC check failed");
+ 
+@@ -290,6 +326,12 @@
+        userauth_finish(authctxt, authenticated, "gssapi-with-mic", NULL);
+ }
+ 
++Authmethod method_gsskeyex = {
++       "gssapi-keyex",
++       userauth_gsskeyex,
++       &options.gss_authentication
++};
++
+ Authmethod method_gssapi = {
+        "gssapi-with-mic",
+        userauth_gssapi,
+Index: b/auth2.c
+===================================================================
+--- a/auth2.c
++++ b/auth2.c
+@@ -69,6 +69,7 @@
+ extern Authmethod method_kbdint;
+ extern Authmethod method_hostbased;
+ #ifdef GSSAPI
++extern Authmethod method_gsskeyex;
+ extern Authmethod method_gssapi;
+ #endif
+ #ifdef JPAKE
+@@ -79,6 +80,7 @@
+        &method_none,
+        &method_pubkey,
+ #ifdef GSSAPI
++       &method_gsskeyex,
+        &method_gssapi,
+ #endif
+ #ifdef JPAKE
+Index: b/clientloop.c
+===================================================================
+--- a/clientloop.c
++++ b/clientloop.c
+@@ -111,6 +111,10 @@
+ #include "msg.h"
+ #include "roaming.h"
+ 
++#ifdef GSSAPI
++#include "ssh-gss.h"
++#endif
++
+ /* import options */
+ extern Options options;
+ 
+@@ -1608,6 +1612,15 @@
+                /* Do channel operations unless rekeying in progress. */
+                if (!rekeying) {
+                        channel_after_select(readset, writeset);
++
++#ifdef GSSAPI
++                       if (options.gss_renewal_rekey &&
++                           ssh_gssapi_credentials_updated(GSS_C_NO_CONTEXT)) {
++                               debug("credentials updated - forcing rekey");
++                               need_rekeying = 1;
++                       }
++#endif
++
+                        if (need_rekeying || packet_need_rekeying()) {
+                                debug("need rekeying");
+                                xxx_kex->done = 0;
+Index: b/config.h.in
+===================================================================
+--- a/config.h.in
++++ b/config.h.in
+@@ -1546,6 +1546,9 @@
+ /* Use btmp to log bad logins */
+ #undef USE_BTMP
+ 
++/* platform uses an in-memory credentials cache */
++#undef USE_CCAPI
++
+ /* Use libedit for sftp */
+ #undef USE_LIBEDIT
+ 
+@@ -1561,6 +1564,9 @@
+ /* Use PIPES instead of a socketpair() */
+ #undef USE_PIPES
+ 
++/* platform has the Security Authorization Session API */
++#undef USE_SECURITY_SESSION_API
++
+ /* Define if you have Solaris process contracts */
+ #undef USE_SOLARIS_PROCESS_CONTRACTS
+ 
+Index: b/configure
+===================================================================
+--- a/configure
++++ b/configure
+@@ -6780,6 +6780,63 @@
+ 
+ $as_echo "#define SSH_TUN_PREPEND_AF 1" >>confdefs.h
+ 
++       { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we have the Security Authorization Session API" >&5
++$as_echo_n "checking if we have the Security Authorization Session API... " >&6; }
++       cat confdefs.h - <<_ACEOF >conftest.$ac_ext
++/* end confdefs.h.  */
++#include <Security/AuthSession.h>
++int
++main ()
++{
++SessionCreate(0, 0);
++  ;
++  return 0;
++}
++_ACEOF
++if ac_fn_c_try_compile "$LINENO"; then :
++  ac_cv_use_security_session_api="yes"
++
++$as_echo "#define USE_SECURITY_SESSION_API 1" >>confdefs.h
++
++                LIBS="$LIBS -framework Security"
++                { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
++$as_echo "yes" >&6; }
++else
++  ac_cv_use_security_session_api="no"
++                { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
++$as_echo "no" >&6; }
++fi
++rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
++       { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we have an in-memory credentials cache" >&5
++$as_echo_n "checking if we have an in-memory credentials cache... " >&6; }
++       cat confdefs.h - <<_ACEOF >conftest.$ac_ext
++/* end confdefs.h.  */
++#include <Kerberos/Kerberos.h>
++int
++main ()
++{
++cc_context_t c;
++                (void) cc_initialize (&c, 0, NULL, NULL);
++  ;
++  return 0;
++}
++_ACEOF
++if ac_fn_c_try_compile "$LINENO"; then :
++
++$as_echo "#define USE_CCAPI 1" >>confdefs.h
++
++                LIBS="$LIBS -framework Security"
++                { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
++$as_echo "yes" >&6; }
++                if test "x$ac_cv_use_security_session_api" = "xno"; then
++                       as_fn_error $? "*** Need a security framework to use the credentials cache API ***" "$LINENO" 5
++               fi
++else
++  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
++$as_echo "no" >&6; }
++
++fi
++rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ 
+        ac_fn_c_check_decl "$LINENO" "AU_IPv4" "ac_cv_have_decl_AU_IPv4" "$ac_includes_default"
+ if test "x$ac_cv_have_decl_AU_IPv4" = xyes; then :
+Index: b/configure.ac
+===================================================================
+--- a/configure.ac
++++ b/configure.ac
+@@ -548,6 +548,30 @@
+            [Use tunnel device compatibility to OpenBSD])
+        AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
+            [Prepend the address family to IP tunnel traffic])
++       AC_MSG_CHECKING([if we have the Security Authorization Session API])
++       AC_TRY_COMPILE([#include <Security/AuthSession.h>],
++               [SessionCreate(0, 0);],
++               [ac_cv_use_security_session_api="yes"
++                AC_DEFINE([USE_SECURITY_SESSION_API], [1], 
++                       [platform has the Security Authorization Session API])
++                LIBS="$LIBS -framework Security"
++                AC_MSG_RESULT([yes])],
++               [ac_cv_use_security_session_api="no"
++                AC_MSG_RESULT([no])])
++       AC_MSG_CHECKING([if we have an in-memory credentials cache])
++       AC_TRY_COMPILE(
++               [#include <Kerberos/Kerberos.h>],
++               [cc_context_t c;
++                (void) cc_initialize (&c, 0, NULL, NULL);],
++               [AC_DEFINE([USE_CCAPI], [1], 
++                       [platform uses an in-memory credentials cache])
++                LIBS="$LIBS -framework Security"
++                AC_MSG_RESULT([yes])
++                if test "x$ac_cv_use_security_session_api" = "xno"; then
++                       AC_MSG_ERROR([*** Need a security framework to use the credentials cache API ***])
++               fi],
++               [AC_MSG_RESULT([no])]
++       )
+        m4_pattern_allow([AU_IPv])
+        AC_CHECK_DECL([AU_IPv4], [], 
+            AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
+Index: b/gss-genr.c
+===================================================================
+--- a/gss-genr.c
++++ b/gss-genr.c
+@@ -1,7 +1,7 @@
+ /* $OpenBSD: gss-genr.c,v 1.21 2013/05/17 00:13:13 djm Exp $ */
+ 
+ /*
+- * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved.
++ * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
+  *
+  * Redistribution and use in source and binary forms, with or without
+  * modification, are permitted provided that the following conditions
+@@ -39,12 +39,167 @@
+ #include "buffer.h"
+ #include "log.h"
+ #include "ssh2.h"
++#include "cipher.h"
++#include "key.h"
++#include "kex.h"
++#include <openssl/evp.h>
+ 
+ #include "ssh-gss.h"
+ 
+ extern u_char *session_id2;
+ extern u_int session_id2_len;
+ 
++typedef struct {
++       char *encoded;
++       gss_OID oid;
++} ssh_gss_kex_mapping;
++
++/*
++ * XXX - It would be nice to find a more elegant way of handling the
++ * XXX   passing of the key exchange context to the userauth routines
++ */
++
++Gssctxt *gss_kex_context = NULL;
++
++static ssh_gss_kex_mapping *gss_enc2oid = NULL;
++
++int 
++ssh_gssapi_oid_table_ok() {
++       return (gss_enc2oid != NULL);
++}
++
++/*
++ * Return a list of the gss-group1-sha1 mechanisms supported by this program
++ *
++ * We test mechanisms to ensure that we can use them, to avoid starting
++ * a key exchange with a bad mechanism
++ */
++
++char *
++ssh_gssapi_client_mechanisms(const char *host, const char *client) {
++       gss_OID_set gss_supported;
++       OM_uint32 min_status;
++
++       if (GSS_ERROR(gss_indicate_mechs(&min_status, &gss_supported)))
++               return NULL;
++
++       return(ssh_gssapi_kex_mechs(gss_supported, ssh_gssapi_check_mechanism,
++           host, client));
++}
++
++char *
++ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check,
++    const char *host, const char *client) {
++       Buffer buf;
++       size_t i;
++       int oidpos, enclen;
++       char *mechs, *encoded;
++       u_char digest[EVP_MAX_MD_SIZE];
++       char deroid[2];
++       const EVP_MD *evp_md = EVP_md5();
++       EVP_MD_CTX md;
++
++       if (gss_enc2oid != NULL) {
++               for (i = 0; gss_enc2oid[i].encoded != NULL; i++)
++                       free(gss_enc2oid[i].encoded);
++               free(gss_enc2oid);
++       }
++
++       gss_enc2oid = xmalloc(sizeof(ssh_gss_kex_mapping) *
++           (gss_supported->count + 1));
++
++       buffer_init(&buf);
++
++       oidpos = 0;
++       for (i = 0; i < gss_supported->count; i++) {
++               if (gss_supported->elements[i].length < 128 &&
++                   (*check)(NULL, &(gss_supported->elements[i]), host, client)) {
++
++                       deroid[0] = SSH_GSS_OIDTYPE;
++                       deroid[1] = gss_supported->elements[i].length;
++
++                       EVP_DigestInit(&md, evp_md);
++                       EVP_DigestUpdate(&md, deroid, 2);
++                       EVP_DigestUpdate(&md,
++                           gss_supported->elements[i].elements,
++                           gss_supported->elements[i].length);
++                       EVP_DigestFinal(&md, digest, NULL);
++
++                       encoded = xmalloc(EVP_MD_size(evp_md) * 2);
++                       enclen = __b64_ntop(digest, EVP_MD_size(evp_md),
++                           encoded, EVP_MD_size(evp_md) * 2);
++
++                       if (oidpos != 0)
++                               buffer_put_char(&buf, ',');
++
++                       buffer_append(&buf, KEX_GSS_GEX_SHA1_ID,
++                           sizeof(KEX_GSS_GEX_SHA1_ID) - 1);
++                       buffer_append(&buf, encoded, enclen);
++                       buffer_put_char(&buf, ',');
++                       buffer_append(&buf, KEX_GSS_GRP1_SHA1_ID, 
++                           sizeof(KEX_GSS_GRP1_SHA1_ID) - 1);
++                       buffer_append(&buf, encoded, enclen);
++                       buffer_put_char(&buf, ',');
++                       buffer_append(&buf, KEX_GSS_GRP14_SHA1_ID,
++                           sizeof(KEX_GSS_GRP14_SHA1_ID) - 1);
++                       buffer_append(&buf, encoded, enclen);
++
++                       gss_enc2oid[oidpos].oid = &(gss_supported->elements[i]);
++                       gss_enc2oid[oidpos].encoded = encoded;
++                       oidpos++;
++               }
++       }
++       gss_enc2oid[oidpos].oid = NULL;
++       gss_enc2oid[oidpos].encoded = NULL;
++
++       buffer_put_char(&buf, '\0');
++
++       mechs = xmalloc(buffer_len(&buf));
++       buffer_get(&buf, mechs, buffer_len(&buf));
++       buffer_free(&buf);
++
++       if (strlen(mechs) == 0) {
++               free(mechs);
++               mechs = NULL;
++       }
++       
++       return (mechs);
++}
++
++gss_OID
++ssh_gssapi_id_kex(Gssctxt *ctx, char *name, int kex_type) {
++       int i = 0;
++       
++       switch (kex_type) {
++       case KEX_GSS_GRP1_SHA1:
++               if (strlen(name) < sizeof(KEX_GSS_GRP1_SHA1_ID))
++                       return GSS_C_NO_OID;
++               name += sizeof(KEX_GSS_GRP1_SHA1_ID) - 1;
++               break;
++       case KEX_GSS_GRP14_SHA1:
++               if (strlen(name) < sizeof(KEX_GSS_GRP14_SHA1_ID))
++                       return GSS_C_NO_OID;
++               name += sizeof(KEX_GSS_GRP14_SHA1_ID) - 1;
++               break;
++       case KEX_GSS_GEX_SHA1:
++               if (strlen(name) < sizeof(KEX_GSS_GEX_SHA1_ID))
++                       return GSS_C_NO_OID;
++               name += sizeof(KEX_GSS_GEX_SHA1_ID) - 1;
++               break;
++       default:
++               return GSS_C_NO_OID;
++       }
++
++       while (gss_enc2oid[i].encoded != NULL &&
++           strcmp(name, gss_enc2oid[i].encoded) != 0)
++               i++;
++
++       if (gss_enc2oid[i].oid != NULL && ctx != NULL)
++               ssh_gssapi_set_oid(ctx, gss_enc2oid[i].oid);
++
++       return gss_enc2oid[i].oid;
++}
++
+ /* Check that the OID in a data stream matches that in the context */
+ int
+ ssh_gssapi_check_oid(Gssctxt *ctx, void *data, size_t len)
+@@ -197,7 +352,7 @@
+        }
+ 
+        ctx->major = gss_init_sec_context(&ctx->minor,
+-           GSS_C_NO_CREDENTIAL, &ctx->context, ctx->name, ctx->oid,
++           ctx->client_creds, &ctx->context, ctx->name, ctx->oid,
+            GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG | deleg_flag,
+            0, NULL, recv_tok, NULL, send_tok, flags, NULL);
+ 
+@@ -227,8 +382,42 @@
+ }
+ 
+ OM_uint32
++ssh_gssapi_client_identity(Gssctxt *ctx, const char *name)
++{
++       gss_buffer_desc gssbuf;
++       gss_name_t gssname;
++       OM_uint32 status;
++       gss_OID_set oidset;
++
++       gssbuf.value = (void *) name;
++       gssbuf.length = strlen(gssbuf.value);
++
++       gss_create_empty_oid_set(&status, &oidset);
++       gss_add_oid_set_member(&status, ctx->oid, &oidset);
++
++       ctx->major = gss_import_name(&ctx->minor, &gssbuf,
++           GSS_C_NT_USER_NAME, &gssname);
++
++       if (!ctx->major)
++               ctx->major = gss_acquire_cred(&ctx->minor, 
++                   gssname, 0, oidset, GSS_C_INITIATE, 
++                   &ctx->client_creds, NULL, NULL);
++
++       gss_release_name(&status, &gssname);
++       gss_release_oid_set(&status, &oidset);
++
++       if (ctx->major)
++               ssh_gssapi_error(ctx);
++
++       return(ctx->major);
++}
++
++OM_uint32
+ ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_t buffer, gss_buffer_t hash)
+ {
++       if (ctx == NULL) 
++               return -1;
++
+        if ((ctx->major = gss_get_mic(&ctx->minor, ctx->context,
+            GSS_C_QOP_DEFAULT, buffer, hash)))
+                ssh_gssapi_error(ctx);
+@@ -236,6 +425,19 @@
+        return (ctx->major);
+ }
+ 
++/* Priviledged when used by server */
++OM_uint32
++ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)
++{
++       if (ctx == NULL)
++               return -1;
++
++       ctx->major = gss_verify_mic(&ctx->minor, ctx->context,
++           gssbuf, gssmic, NULL);
++
++       return (ctx->major);
++}
++
+ void
+ ssh_gssapi_buildmic(Buffer *b, const char *user, const char *service,
+     const char *context)
+@@ -249,11 +451,16 @@
+ }
+ 
+ int
+-ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host)
++ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host, 
++    const char *client)
+ {
+        gss_buffer_desc token = GSS_C_EMPTY_BUFFER;
+        OM_uint32 major, minor;
+        gss_OID_desc spnego_oid = {6, (void *)"\x2B\x06\x01\x05\x05\x02"};
++       Gssctxt *intctx = NULL;
++
++       if (ctx == NULL)
++               ctx = &intctx;
+ 
+        /* RFC 4462 says we MUST NOT do SPNEGO */
+        if (oid->length == spnego_oid.length && 
+@@ -263,6 +470,10 @@
+        ssh_gssapi_build_ctx(ctx);
+        ssh_gssapi_set_oid(*ctx, oid);
+        major = ssh_gssapi_import_name(*ctx, host);
++
++       if (!GSS_ERROR(major) && client)
++               major = ssh_gssapi_client_identity(*ctx, client);
++
+        if (!GSS_ERROR(major)) {
+                major = ssh_gssapi_init_ctx(*ctx, 0, GSS_C_NO_BUFFER, &token, 
+                    NULL);
+@@ -272,10 +483,67 @@
+                            GSS_C_NO_BUFFER);
+        }
+ 
+-       if (GSS_ERROR(major)) 
++       if (GSS_ERROR(major) || intctx != NULL) 
+                ssh_gssapi_delete_ctx(ctx);
+ 
+        return (!GSS_ERROR(major));
+ }
+ 
++int
++ssh_gssapi_credentials_updated(Gssctxt *ctxt) {
++       static gss_name_t saved_name = GSS_C_NO_NAME;
++       static OM_uint32 saved_lifetime = 0;
++       static gss_OID saved_mech = GSS_C_NO_OID;
++       static gss_name_t name;
++       static OM_uint32 last_call = 0;
++       OM_uint32 lifetime, now, major, minor;
++       int equal;
++       gss_cred_usage_t usage = GSS_C_INITIATE;
++       
++       now = time(NULL);
++
++       if (ctxt) {
++               debug("Rekey has happened - updating saved versions");
++
++               if (saved_name != GSS_C_NO_NAME)
++                       gss_release_name(&minor, &saved_name);
++
++               major = gss_inquire_cred(&minor, GSS_C_NO_CREDENTIAL,
++                   &saved_name, &saved_lifetime, NULL, NULL);
++
++               if (!GSS_ERROR(major)) {
++                       saved_mech = ctxt->oid;
++                       saved_lifetime+= now;
++               } else {
++                       /* Handle the error */
++               }
++               return 0;
++       }
++
++       if (now - last_call < 10)
++               return 0;
++
++       last_call = now;
++
++       if (saved_mech == GSS_C_NO_OID)
++               return 0;
++       
++       major = gss_inquire_cred(&minor, GSS_C_NO_CREDENTIAL, 
++           &name, &lifetime, NULL, NULL);
++       if (major == GSS_S_CREDENTIALS_EXPIRED)
++               return 0;
++       else if (GSS_ERROR(major))
++               return 0;
++
++       major = gss_compare_name(&minor, saved_name, name, &equal);
++       gss_release_name(&minor, &name);
++       if (GSS_ERROR(major))
++               return 0;
++
++       if (equal && (saved_lifetime < lifetime + now - 10))
++               return 1;
++
++       return 0;
++}
++
+ #endif /* GSSAPI */
+Index: b/gss-serv-krb5.c
+===================================================================
+--- a/gss-serv-krb5.c
++++ b/gss-serv-krb5.c
+@@ -1,7 +1,7 @@
+ /* $OpenBSD: gss-serv-krb5.c,v 1.8 2013/07/20 01:55:13 djm Exp $ */
+ 
+ /*
+- * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
++ * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved.
+  *
+  * Redistribution and use in source and binary forms, with or without
+  * modification, are permitted provided that the following conditions
+@@ -122,6 +122,7 @@
+        OM_uint32 maj_status, min_status;
+        int len;
+        const char *errmsg;
++       const char *new_ccname;
+ 
+        if (client->creds == NULL) {
+                debug("No credentials stored");
+@@ -174,11 +175,16 @@
+                return;
+        }
+ 
+-       client->store.filename = xstrdup(krb5_cc_get_name(krb_context, ccache));
++       new_ccname = krb5_cc_get_name(krb_context, ccache);
++
+        client->store.envvar = "KRB5CCNAME";
+-       len = strlen(client->store.filename) + 6;
+-       client->store.envval = xmalloc(len);
+-       snprintf(client->store.envval, len, "FILE:%s", client->store.filename);
++#ifdef USE_CCAPI
++       xasprintf(&client->store.envval, "API:%s", new_ccname);
++       client->store.filename = NULL;
++#else
++       xasprintf(&client->store.envval, "FILE:%s", new_ccname);
++       client->store.filename = xstrdup(new_ccname);
++#endif
+ 
+ #ifdef USE_PAM
+        if (options.use_pam)
+@@ -190,6 +196,71 @@
+        return;
+ }
+ 
++int
++ssh_gssapi_krb5_updatecreds(ssh_gssapi_ccache *store, 
++    ssh_gssapi_client *client)
++{
++       krb5_ccache ccache = NULL;
++       krb5_principal principal = NULL;
++       char *name = NULL;
++       krb5_error_code problem;
++       OM_uint32 maj_status, min_status;
++
++       if ((problem = krb5_cc_resolve(krb_context, store->envval, &ccache))) {
++                logit("krb5_cc_resolve(): %.100s",
++                    krb5_get_err_text(krb_context, problem));
++                return 0;
++               }
++       
++       /* Find out who the principal in this cache is */
++       if ((problem = krb5_cc_get_principal(krb_context, ccache, 
++           &principal))) {
++               logit("krb5_cc_get_principal(): %.100s",
++                   krb5_get_err_text(krb_context, problem));
++               krb5_cc_close(krb_context, ccache);
++               return 0;
++       }
++
++       if ((problem = krb5_unparse_name(krb_context, principal, &name))) {
++               logit("krb5_unparse_name(): %.100s",
++                   krb5_get_err_text(krb_context, problem));
++               krb5_free_principal(krb_context, principal);
++               krb5_cc_close(krb_context, ccache);
++               return 0;
++       }
++
++
++       if (strcmp(name,client->exportedname.value)!=0) {
++               debug("Name in local credentials cache differs. Not storing");
++               krb5_free_principal(krb_context, principal);
++               krb5_cc_close(krb_context, ccache);
++               krb5_free_unparsed_name(krb_context, name);
++               return 0;
++       }
++       krb5_free_unparsed_name(krb_context, name);
++
++       /* Name matches, so lets get on with it! */
++
++       if ((problem = krb5_cc_initialize(krb_context, ccache, principal))) {
++               logit("krb5_cc_initialize(): %.100s",
++                   krb5_get_err_text(krb_context, problem));
++               krb5_free_principal(krb_context, principal);
++               krb5_cc_close(krb_context, ccache);
++               return 0;
++       }
++
++       krb5_free_principal(krb_context, principal);
++
++       if ((maj_status = gss_krb5_copy_ccache(&min_status, client->creds,
++           ccache))) {
++               logit("gss_krb5_copy_ccache() failed. Sorry!");
++               krb5_cc_close(krb_context, ccache);
++               return 0;
++       }
++
++       return 1;
++}
++
+ ssh_gssapi_mech gssapi_kerberos_mech = {
+        "toWM5Slw5Ew8Mqkay+al2g==",
+        "Kerberos",
+@@ -197,7 +268,8 @@
+        NULL,
+        &ssh_gssapi_krb5_userok,
+        NULL,
+-       &ssh_gssapi_krb5_storecreds
++       &ssh_gssapi_krb5_storecreds,
++       &ssh_gssapi_krb5_updatecreds
+ };
+ 
+ #endif /* KRB5 */
+Index: b/gss-serv.c
+===================================================================
+--- a/gss-serv.c
++++ b/gss-serv.c
+@@ -1,7 +1,7 @@
+ /* $OpenBSD: gss-serv.c,v 1.24 2013/07/20 01:55:13 djm Exp $ */
+ 
+ /*
+- * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
++ * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
+  *
+  * Redistribution and use in source and binary forms, with or without
+  * modification, are permitted provided that the following conditions
+@@ -45,15 +45,21 @@
+ #include "channels.h"
+ #include "session.h"
+ #include "misc.h"
++#include "servconf.h"
++#include "uidswap.h"
+ 
+ #include "ssh-gss.h"
++#include "monitor_wrap.h"
++
++extern ServerOptions options;
+ 
+ static ssh_gssapi_client gssapi_client =
+     { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER,
+-    GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL, NULL}};
++    GSS_C_NO_CREDENTIAL, GSS_C_NO_NAME,  NULL,
++    {NULL, NULL, NULL, NULL, NULL}, 0, 0};
+ 
+ ssh_gssapi_mech gssapi_null_mech =
+-    { NULL, NULL, {0, NULL}, NULL, NULL, NULL, NULL};
++    { NULL, NULL, {0, NULL}, NULL, NULL, NULL, NULL, NULL};
+ 
+ #ifdef KRB5
+ extern ssh_gssapi_mech gssapi_kerberos_mech;
+@@ -81,25 +87,32 @@
+        char lname[MAXHOSTNAMELEN];
+        gss_OID_set oidset;
+ 
+-       gss_create_empty_oid_set(&status, &oidset);
+-       gss_add_oid_set_member(&status, ctx->oid, &oidset);
++       if (options.gss_strict_acceptor) {
++               gss_create_empty_oid_set(&status, &oidset);
++               gss_add_oid_set_member(&status, ctx->oid, &oidset);
++
++               if (gethostname(lname, MAXHOSTNAMELEN)) {
++                       gss_release_oid_set(&status, &oidset);
++                       return (-1);
++               }
+ 
+-       if (gethostname(lname, MAXHOSTNAMELEN)) {
+-               gss_release_oid_set(&status, &oidset);
+-               return (-1);
+-       }
++               if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {
++                       gss_release_oid_set(&status, &oidset);
++                       return (ctx->major);
++               }
++
++               if ((ctx->major = gss_acquire_cred(&ctx->minor,
++                   ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, 
++                   NULL, NULL)))
++                       ssh_gssapi_error(ctx);
+ 
+-       if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {
+                gss_release_oid_set(&status, &oidset);
+                return (ctx->major);
++       } else {
++               ctx->name = GSS_C_NO_NAME;
++               ctx->creds = GSS_C_NO_CREDENTIAL;
+        }
+-
+-       if ((ctx->major = gss_acquire_cred(&ctx->minor,
+-           ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL)))
+-               ssh_gssapi_error(ctx);
+-
+-       gss_release_oid_set(&status, &oidset);
+-       return (ctx->major);
++       return GSS_S_COMPLETE;
+ }
+ 
+ /* Privileged */
+@@ -114,6 +127,29 @@
+ }
+ 
+ /* Unprivileged */
++char *
++ssh_gssapi_server_mechanisms() {
++       gss_OID_set     supported;
++
++       ssh_gssapi_supported_oids(&supported);
++       return (ssh_gssapi_kex_mechs(supported, &ssh_gssapi_server_check_mech,
++           NULL, NULL));
++}
++
++/* Unprivileged */
++int
++ssh_gssapi_server_check_mech(Gssctxt **dum, gss_OID oid, const char *data,
++    const char *dummy) {
++       Gssctxt *ctx = NULL;
++       int res;
++ 
++       res = !GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctx, oid)));
++       ssh_gssapi_delete_ctx(&ctx);
++
++       return (res);
++}
++
++/* Unprivileged */
+ void
+ ssh_gssapi_supported_oids(gss_OID_set *oidset)
+ {
+@@ -123,7 +159,9 @@
+        gss_OID_set supported;
+ 
+        gss_create_empty_oid_set(&min_status, oidset);
+-       gss_indicate_mechs(&min_status, &supported);
++
++       if (GSS_ERROR(gss_indicate_mechs(&min_status, &supported)))
++               return;
+ 
+        while (supported_mechs[i]->name != NULL) {
+                if (GSS_ERROR(gss_test_oid_set_member(&min_status,
+@@ -249,8 +287,48 @@
+ ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client)
+ {
+        int i = 0;
++       int equal = 0;
++       gss_name_t new_name = GSS_C_NO_NAME;
++       gss_buffer_desc ename = GSS_C_EMPTY_BUFFER;
++
++       if (options.gss_store_rekey && client->used && ctx->client_creds) {
++               if (client->mech->oid.length != ctx->oid->length ||
++                   (memcmp(client->mech->oid.elements,
++                    ctx->oid->elements, ctx->oid->length) !=0)) {
++                       debug("Rekeyed credentials have different mechanism");
++                       return GSS_S_COMPLETE;
++               }
++
++               if ((ctx->major = gss_inquire_cred_by_mech(&ctx->minor, 
++                   ctx->client_creds, ctx->oid, &new_name, 
++                   NULL, NULL, NULL))) {
++                       ssh_gssapi_error(ctx);
++                       return (ctx->major);
++               }
++
++               ctx->major = gss_compare_name(&ctx->minor, client->name, 
++                   new_name, &equal);
+ 
+-       gss_buffer_desc ename;
++               if (GSS_ERROR(ctx->major)) {
++                       ssh_gssapi_error(ctx);
++                       return (ctx->major);
++               }
++ 
++               if (!equal) {
++                       debug("Rekeyed credentials have different name");
++                       return GSS_S_COMPLETE;
++               }
++
++               debug("Marking rekeyed credentials for export");
++
++               gss_release_name(&ctx->minor, &client->name);
++               gss_release_cred(&ctx->minor, &client->creds);
++               client->name = new_name;
++               client->creds = ctx->client_creds;
++               ctx->client_creds = GSS_C_NO_CREDENTIAL;
++               client->updated = 1;
++               return GSS_S_COMPLETE;
++       }
+ 
+        client->mech = NULL;
+ 
+@@ -265,6 +343,13 @@
+        if (client->mech == NULL)
+                return GSS_S_FAILURE;
+ 
++       if (ctx->client_creds &&
++           (ctx->major = gss_inquire_cred_by_mech(&ctx->minor,
++            ctx->client_creds, ctx->oid, &client->name, NULL, NULL, NULL))) {
++               ssh_gssapi_error(ctx);
++               return (ctx->major);
++       }
++
+        if ((ctx->major = gss_display_name(&ctx->minor, ctx->client,
+            &client->displayname, NULL))) {
+                ssh_gssapi_error(ctx);
+@@ -282,6 +367,8 @@
+                return (ctx->major);
+        }
+ 
++       gss_release_buffer(&ctx->minor, &ename);
++
+        /* We can't copy this structure, so we just move the pointer to it */
+        client->creds = ctx->client_creds;
+        ctx->client_creds = GSS_C_NO_CREDENTIAL;
+@@ -329,7 +416,7 @@
+ 
+ /* Privileged */
+ int
+-ssh_gssapi_userok(char *user)
++ssh_gssapi_userok(char *user, struct passwd *pw)
+ {
+        OM_uint32 lmin;
+ 
+@@ -339,9 +426,11 @@
+                return 0;
+        }
+        if (gssapi_client.mech && gssapi_client.mech->userok)
+-               if ((*gssapi_client.mech->userok)(&gssapi_client, user))
++               if ((*gssapi_client.mech->userok)(&gssapi_client, user)) {
++                       gssapi_client.used = 1;
++                       gssapi_client.store.owner = pw;
+                        return 1;
+-               else {
++               } else {
+                        /* Destroy delegated credentials if userok fails */
+                        gss_release_buffer(&lmin, &gssapi_client.displayname);
+                        gss_release_buffer(&lmin, &gssapi_client.exportedname);
+@@ -354,14 +443,90 @@
+        return (0);
+ }
+ 
+-/* Privileged */
+-OM_uint32
+-ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)
++/* These bits are only used for rekeying. The unpriviledged child is running 
++ * as the user, the monitor is root.
++ *
++ * In the child, we want to :
++ *    *) Ask the monitor to store our credentials into the store we specify
++ *    *) If it succeeds, maybe do a PAM update
++ */
++
++/* Stuff for PAM */
++
++#ifdef USE_PAM
++static int ssh_gssapi_simple_conv(int n, const struct pam_message **msg, 
++    struct pam_response **resp, void *data)
+ {
+-       ctx->major = gss_verify_mic(&ctx->minor, ctx->context,
+-           gssbuf, gssmic, NULL);
++       return (PAM_CONV_ERR);
++}
++#endif
+ 
+-       return (ctx->major);
++void
++ssh_gssapi_rekey_creds() {
++       int ok;
++       int ret;
++#ifdef USE_PAM
++       pam_handle_t *pamh = NULL;
++       struct pam_conv pamconv = {ssh_gssapi_simple_conv, NULL};
++       char *envstr;
++#endif
++
++       if (gssapi_client.store.filename == NULL && 
++           gssapi_client.store.envval == NULL &&
++           gssapi_client.store.envvar == NULL)
++               return;
++ 
++       ok = PRIVSEP(ssh_gssapi_update_creds(&gssapi_client.store));
++
++       if (!ok)
++               return;
++
++       debug("Rekeyed credentials stored successfully");
++
++       /* Actually managing to play with the ssh pam stack from here will
++        * be next to impossible. In any case, we may want different options
++        * for rekeying. So, use our own :)
++        */
++#ifdef USE_PAM 
++       if (!use_privsep) {
++               debug("Not even going to try and do PAM with privsep disabled");
++               return;
++       }
++
++       ret = pam_start("sshd-rekey", gssapi_client.store.owner->pw_name,
++           &pamconv, &pamh);
++       if (ret)
++               return;
++
++       xasprintf(&envstr, "%s=%s", gssapi_client.store.envvar, 
++           gssapi_client.store.envval);
++
++       ret = pam_putenv(pamh, envstr);
++       if (!ret)
++               pam_setcred(pamh, PAM_REINITIALIZE_CRED);
++       pam_end(pamh, PAM_SUCCESS);
++#endif
++}
++
++int 
++ssh_gssapi_update_creds(ssh_gssapi_ccache *store) {
++       int ok = 0;
++
++       /* Check we've got credentials to store */
++       if (!gssapi_client.updated)
++               return 0;
++
++       gssapi_client.updated = 0;
++
++       temporarily_use_uid(gssapi_client.store.owner);
++       if (gssapi_client.mech && gssapi_client.mech->updatecreds)
++               ok = (*gssapi_client.mech->updatecreds)(store, &gssapi_client);
++       else
++               debug("No update function for this mechanism");
++
++       restore_uid();
++
++       return ok;
+ }
+ 
+ #endif
+Index: b/kex.c
+===================================================================
+--- a/kex.c
++++ b/kex.c
+@@ -50,6 +50,10 @@
+ #include "monitor.h"
+ #include "roaming.h"
+ 
++#ifdef GSSAPI
++#include "ssh-gss.h"
++#endif
++
+ #if OPENSSL_VERSION_NUMBER >= 0x00907000L
+ # if defined(HAVE_EVP_SHA256)
+ # define evp_ssh_sha256 EVP_sha256
+@@ -82,6 +86,14 @@
+ #endif
+        { NULL, -1, -1, NULL},
+ };
++static const struct kexalg kexalg_prefixes[] = {
++#ifdef GSSAPI
++       { KEX_GSS_GEX_SHA1_ID, KEX_GSS_GEX_SHA1, 0, EVP_sha1 },
++       { KEX_GSS_GRP1_SHA1_ID, KEX_GSS_GRP1_SHA1, 0, EVP_sha1 },
++       { KEX_GSS_GRP14_SHA1_ID, KEX_GSS_GRP14_SHA1, 0, EVP_sha1 },
++#endif
++       { NULL, -1, -1, NULL },
++};
+ 
+ char *
+ kex_alg_list(void)
+@@ -110,6 +122,10 @@
+                if (strcmp(k->name, name) == 0)
+                        return k;
+        }
++       for (k = kexalg_prefixes; k->name != NULL; k++) {
++               if (strncmp(k->name, name, strlen(k->name)) == 0)
++                       return k;
++       }
+        return NULL;
+ }
+ 
+Index: b/kex.h
+===================================================================
+--- a/kex.h
++++ b/kex.h
+@@ -74,6 +74,9 @@
+        KEX_DH_GEX_SHA1,
+        KEX_DH_GEX_SHA256,
+        KEX_ECDH_SHA2,
++       KEX_GSS_GRP1_SHA1,
++       KEX_GSS_GRP14_SHA1,
++       KEX_GSS_GEX_SHA1,
+        KEX_MAX
+ };
+ 
+@@ -133,6 +136,12 @@
+        int     flags;
+        const EVP_MD *evp_md;
+        int     ec_nid;
++#ifdef GSSAPI
++       int     gss_deleg_creds;
++       int     gss_trust_dns;
++       char    *gss_host;
++       char    *gss_client;
++#endif
+        char    *client_version_string;
+        char    *server_version_string;
+        int     (*verify_host_key)(Key *);
+@@ -162,6 +171,11 @@
+ void    kexecdh_client(Kex *);
+ void    kexecdh_server(Kex *);
+ 
++#ifdef GSSAPI
++void   kexgss_client(Kex *);
++void   kexgss_server(Kex *);
++#endif
++
+ void
+ kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int,
+     BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *);
+Index: b/kexgssc.c
+===================================================================
+--- /dev/null
++++ b/kexgssc.c
+@@ -0,0 +1,333 @@
++/*
++ * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in the
++ *    documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR
++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
++ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ */
++
++#include "includes.h"
++
++#ifdef GSSAPI
++
++#include "includes.h"
++
++#include <openssl/crypto.h>
++#include <openssl/bn.h>
++
++#include <string.h>
++
++#include "xmalloc.h"
++#include "buffer.h"
++#include "ssh2.h"
++#include "key.h"
++#include "cipher.h"
++#include "kex.h"
++#include "log.h"
++#include "packet.h"
++#include "dh.h"
++
++#include "ssh-gss.h"
++
++void
++kexgss_client(Kex *kex) {
++       gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
++       gss_buffer_desc recv_tok, gssbuf, msg_tok, *token_ptr;
++       Gssctxt *ctxt;
++       OM_uint32 maj_status, min_status, ret_flags;
++       u_int klen, kout, slen = 0, hashlen, strlen;
++       DH *dh; 
++       BIGNUM *dh_server_pub = NULL;
++       BIGNUM *shared_secret = NULL;
++       BIGNUM *p = NULL;
++       BIGNUM *g = NULL;       
++       u_char *kbuf, *hash;
++       u_char *serverhostkey = NULL;
++       u_char *empty = "";
++       char *msg;
++       char *lang;
++       int type = 0;
++       int first = 1;
++       int nbits = 0, min = DH_GRP_MIN, max = DH_GRP_MAX;
++
++       /* Initialise our GSSAPI world */       
++       ssh_gssapi_build_ctx(&ctxt);
++       if (ssh_gssapi_id_kex(ctxt, kex->name, kex->kex_type) 
++           == GSS_C_NO_OID)
++               fatal("Couldn't identify host exchange");
++
++       if (ssh_gssapi_import_name(ctxt, kex->gss_host))
++               fatal("Couldn't import hostname");
++
++       if (kex->gss_client && 
++           ssh_gssapi_client_identity(ctxt, kex->gss_client))
++               fatal("Couldn't acquire client credentials");
++
++       switch (kex->kex_type) {
++       case KEX_GSS_GRP1_SHA1:
++               dh = dh_new_group1();
++               break;
++       case KEX_GSS_GRP14_SHA1:
++               dh = dh_new_group14();
++               break;
++       case KEX_GSS_GEX_SHA1:
++               debug("Doing group exchange\n");
++               nbits = dh_estimate(kex->we_need * 8);
++               packet_start(SSH2_MSG_KEXGSS_GROUPREQ);
++               packet_put_int(min);
++               packet_put_int(nbits);
++               packet_put_int(max);
++
++               packet_send();
++
++               packet_read_expect(SSH2_MSG_KEXGSS_GROUP);
++
++               if ((p = BN_new()) == NULL)
++                       fatal("BN_new() failed");
++               packet_get_bignum2(p);
++               if ((g = BN_new()) == NULL)
++                       fatal("BN_new() failed");
++               packet_get_bignum2(g);
++               packet_check_eom();
++
++               if (BN_num_bits(p) < min || BN_num_bits(p) > max)
++                       fatal("GSSGRP_GEX group out of range: %d !< %d !< %d",
++                           min, BN_num_bits(p), max);
++
++               dh = dh_new_group(g, p);
++               break;
++       default:
++               fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type);
++       }
++       
++       /* Step 1 - e is dh->pub_key */
++       dh_gen_key(dh, kex->we_need * 8);
++
++       /* This is f, we initialise it now to make life easier */
++       dh_server_pub = BN_new();
++       if (dh_server_pub == NULL)
++               fatal("dh_server_pub == NULL");
++
++       token_ptr = GSS_C_NO_BUFFER;
++                        
++       do {
++               debug("Calling gss_init_sec_context");
++               
++               maj_status = ssh_gssapi_init_ctx(ctxt,
++                   kex->gss_deleg_creds, token_ptr, &send_tok,
++                   &ret_flags);
++
++               if (GSS_ERROR(maj_status)) {
++                       if (send_tok.length != 0) {
++                               packet_start(SSH2_MSG_KEXGSS_CONTINUE);
++                               packet_put_string(send_tok.value,
++                                   send_tok.length);
++                       }
++                       fatal("gss_init_context failed");
++               }
++
++               /* If we've got an old receive buffer get rid of it */
++               if (token_ptr != GSS_C_NO_BUFFER)
++                       free(recv_tok.value);
++
++               if (maj_status == GSS_S_COMPLETE) {
++                       /* If mutual state flag is not true, kex fails */
++                       if (!(ret_flags & GSS_C_MUTUAL_FLAG))
++                               fatal("Mutual authentication failed");
++
++                       /* If integ avail flag is not true kex fails */
++                       if (!(ret_flags & GSS_C_INTEG_FLAG))
++                               fatal("Integrity check failed");
++               }
++
++               /* 
++                * If we have data to send, then the last message that we
++                * received cannot have been a 'complete'. 
++                */
++               if (send_tok.length != 0) {
++                       if (first) {
++                               packet_start(SSH2_MSG_KEXGSS_INIT);
++                               packet_put_string(send_tok.value,
++                                   send_tok.length);
++                               packet_put_bignum2(dh->pub_key);
++                               first = 0;
++                       } else {
++                               packet_start(SSH2_MSG_KEXGSS_CONTINUE);
++                               packet_put_string(send_tok.value,
++                                   send_tok.length);
++                       }
++                       packet_send();
++                       gss_release_buffer(&min_status, &send_tok);
++
++                       /* If we've sent them data, they should reply */
++                       do {    
++                               type = packet_read();
++                               if (type == SSH2_MSG_KEXGSS_HOSTKEY) {
++                                       debug("Received KEXGSS_HOSTKEY");
++                                       if (serverhostkey)
++                                               fatal("Server host key received more than once");
++                                       serverhostkey = 
++                                           packet_get_string(&slen);
++                               }
++                       } while (type == SSH2_MSG_KEXGSS_HOSTKEY);
++
++                       switch (type) {
++                       case SSH2_MSG_KEXGSS_CONTINUE:
++                               debug("Received GSSAPI_CONTINUE");
++                               if (maj_status == GSS_S_COMPLETE) 
++                                       fatal("GSSAPI Continue received from server when complete");
++                               recv_tok.value = packet_get_string(&strlen);
++                               recv_tok.length = strlen; 
++                               break;
++                       case SSH2_MSG_KEXGSS_COMPLETE:
++                               debug("Received GSSAPI_COMPLETE");
++                               packet_get_bignum2(dh_server_pub);
++                               msg_tok.value =  packet_get_string(&strlen);
++                               msg_tok.length = strlen; 
++
++                               /* Is there a token included? */
++                               if (packet_get_char()) {
++                                       recv_tok.value=
++                                           packet_get_string(&strlen);
++                                       recv_tok.length = strlen;
++                                       /* If we're already complete - protocol error */
++                                       if (maj_status == GSS_S_COMPLETE)
++                                               packet_disconnect("Protocol error: received token when complete");
++                                       } else {
++                                               /* No token included */
++                                               if (maj_status != GSS_S_COMPLETE)
++                                                       packet_disconnect("Protocol error: did not receive final token");
++                               }
++                               break;
++                       case SSH2_MSG_KEXGSS_ERROR:
++                               debug("Received Error");
++                               maj_status = packet_get_int();
++                               min_status = packet_get_int();
++                               msg = packet_get_string(NULL);
++                               lang = packet_get_string(NULL);
++                               fatal("GSSAPI Error: \n%.400s",msg);
++                       default:
++                               packet_disconnect("Protocol error: didn't expect packet type %d",
++                               type);
++                       }
++                       token_ptr = &recv_tok;
++               } else {
++                       /* No data, and not complete */
++                       if (maj_status != GSS_S_COMPLETE)
++                               fatal("Not complete, and no token output");
++               }
++       } while (maj_status & GSS_S_CONTINUE_NEEDED);
++
++       /* 
++        * We _must_ have received a COMPLETE message in reply from the 
++        * server, which will have set dh_server_pub and msg_tok 
++        */
++
++       if (type != SSH2_MSG_KEXGSS_COMPLETE)
++               fatal("Didn't receive a SSH2_MSG_KEXGSS_COMPLETE when I expected it");
++
++       /* Check f in range [1, p-1] */
++       if (!dh_pub_is_valid(dh, dh_server_pub))
++               packet_disconnect("bad server public DH value");
++
++       /* compute K=f^x mod p */
++       klen = DH_size(dh);
++       kbuf = xmalloc(klen);
++       kout = DH_compute_key(kbuf, dh_server_pub, dh);
++       if (kout < 0)
++               fatal("DH_compute_key: failed");
++
++       shared_secret = BN_new();
++       if (shared_secret == NULL)
++               fatal("kexgss_client: BN_new failed");
++
++       if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
++               fatal("kexdh_client: BN_bin2bn failed");
++
++       memset(kbuf, 0, klen);
++       free(kbuf);
++
++       switch (kex->kex_type) {
++       case KEX_GSS_GRP1_SHA1:
++       case KEX_GSS_GRP14_SHA1:
++               kex_dh_hash( kex->client_version_string, 
++                   kex->server_version_string,
++                   buffer_ptr(&kex->my), buffer_len(&kex->my),
++                   buffer_ptr(&kex->peer), buffer_len(&kex->peer),
++                   (serverhostkey ? serverhostkey : empty), slen,
++                   dh->pub_key,        /* e */
++                   dh_server_pub,      /* f */
++                   shared_secret,      /* K */
++                   &hash, &hashlen
++               );
++               break;
++       case KEX_GSS_GEX_SHA1:
++               kexgex_hash(
++                   kex->evp_md,
++                   kex->client_version_string,
++                   kex->server_version_string,
++                   buffer_ptr(&kex->my), buffer_len(&kex->my),
++                   buffer_ptr(&kex->peer), buffer_len(&kex->peer),
++                   (serverhostkey ? serverhostkey : empty), slen,
++                   min, nbits, max,
++                   dh->p, dh->g,
++                   dh->pub_key,
++                   dh_server_pub,
++                   shared_secret,
++                   &hash, &hashlen
++               );
++               break;
++       default:
++               fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type);
++       }
++
++       gssbuf.value = hash;
++       gssbuf.length = hashlen;
++
++       /* Verify that the hash matches the MIC we just got. */
++       if (GSS_ERROR(ssh_gssapi_checkmic(ctxt, &gssbuf, &msg_tok)))
++               packet_disconnect("Hash's MIC didn't verify");
++
++       free(msg_tok.value);
++
++       DH_free(dh);
++       free(serverhostkey);
++       BN_clear_free(dh_server_pub);
++
++       /* save session id */
++       if (kex->session_id == NULL) {
++               kex->session_id_len = hashlen;
++               kex->session_id = xmalloc(kex->session_id_len);
++               memcpy(kex->session_id, hash, kex->session_id_len);
++       }
++
++       if (kex->gss_deleg_creds)
++               ssh_gssapi_credentials_updated(ctxt);
++
++       if (gss_kex_context == NULL)
++               gss_kex_context = ctxt;
++       else
++               ssh_gssapi_delete_ctx(&ctxt);
++
++       kex_derive_keys(kex, hash, hashlen, shared_secret);
++       BN_clear_free(shared_secret);
++       kex_finish(kex);
++}
++
++#endif /* GSSAPI */
+Index: b/kexgsss.c
+===================================================================
+--- /dev/null
++++ b/kexgsss.c
+@@ -0,0 +1,289 @@
++/*
++ * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in the
++ *    documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR
++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
++ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ */
++
++#include "includes.h"
++
++#ifdef GSSAPI
++
++#include <string.h>
++
++#include <openssl/crypto.h>
++#include <openssl/bn.h>
++
++#include "xmalloc.h"
++#include "buffer.h"
++#include "ssh2.h"
++#include "key.h"
++#include "cipher.h"
++#include "kex.h"
++#include "log.h"
++#include "packet.h"
++#include "dh.h"
++#include "ssh-gss.h"
++#include "monitor_wrap.h"
++#include "servconf.h"
++
++extern ServerOptions options;
++
++void
++kexgss_server(Kex *kex)
++{
++       OM_uint32 maj_status, min_status;
++       
++       /* 
++        * Some GSSAPI implementations use the input value of ret_flags (an
++        * output variable) as a means of triggering mechanism specific 
++        * features. Initializing it to zero avoids inadvertently 
++        * activating this non-standard behaviour.
++        */
++
++       OM_uint32 ret_flags = 0;
++       gss_buffer_desc gssbuf, recv_tok, msg_tok;
++       gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
++       Gssctxt *ctxt = NULL;
++       u_int slen, klen, kout, hashlen;
++       u_char *kbuf, *hash;
++       DH *dh;
++       int min = -1, max = -1, nbits = -1;
++       BIGNUM *shared_secret = NULL;
++       BIGNUM *dh_client_pub = NULL;
++       int type = 0;
++       gss_OID oid;
++       char *mechs;
++
++       /* Initialise GSSAPI */
++
++       /* If we're rekeying, privsep means that some of the private structures
++        * in the GSSAPI code are no longer available. This kludges them back
++        * into life
++        */
++       if (!ssh_gssapi_oid_table_ok()) {
++               mechs = ssh_gssapi_server_mechanisms();
++               free(mechs);
++       }
++
++       debug2("%s: Identifying %s", __func__, kex->name);
++       oid = ssh_gssapi_id_kex(NULL, kex->name, kex->kex_type);
++       if (oid == GSS_C_NO_OID)
++          fatal("Unknown gssapi mechanism");
++
++       debug2("%s: Acquiring credentials", __func__);
++
++       if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, oid))))
++               fatal("Unable to acquire credentials for the server");
++
++       switch (kex->kex_type) {
++       case KEX_GSS_GRP1_SHA1:
++               dh = dh_new_group1();
++               break;
++       case KEX_GSS_GRP14_SHA1:
++               dh = dh_new_group14();
++               break;
++       case KEX_GSS_GEX_SHA1:
++               debug("Doing group exchange");
++               packet_read_expect(SSH2_MSG_KEXGSS_GROUPREQ);
++               min = packet_get_int();
++               nbits = packet_get_int();
++               max = packet_get_int();
++               min = MAX(DH_GRP_MIN, min);
++               max = MIN(DH_GRP_MAX, max);
++               packet_check_eom();
++               if (max < min || nbits < min || max < nbits)
++                       fatal("GSS_GEX, bad parameters: %d !< %d !< %d",
++                           min, nbits, max);
++               dh = PRIVSEP(choose_dh(min, nbits, max));
++               if (dh == NULL)
++                       packet_disconnect("Protocol error: no matching group found");
++
++               packet_start(SSH2_MSG_KEXGSS_GROUP);
++               packet_put_bignum2(dh->p);
++               packet_put_bignum2(dh->g);
++               packet_send();
++
++               packet_write_wait();
++               break;
++       default:
++               fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type);
++       }
++
++       dh_gen_key(dh, kex->we_need * 8);
++
++       do {
++               debug("Wait SSH2_MSG_GSSAPI_INIT");
++               type = packet_read();
++               switch(type) {
++               case SSH2_MSG_KEXGSS_INIT:
++                       if (dh_client_pub != NULL) 
++                               fatal("Received KEXGSS_INIT after initialising");
++                       recv_tok.value = packet_get_string(&slen);
++                       recv_tok.length = slen; 
++
++                       if ((dh_client_pub = BN_new()) == NULL)
++                               fatal("dh_client_pub == NULL");
++
++                       packet_get_bignum2(dh_client_pub);
++
++                       /* Send SSH_MSG_KEXGSS_HOSTKEY here, if we want */
++                       break;
++               case SSH2_MSG_KEXGSS_CONTINUE:
++                       recv_tok.value = packet_get_string(&slen);
++                       recv_tok.length = slen; 
++                       break;
++               default:
++                       packet_disconnect(
++                           "Protocol error: didn't expect packet type %d",
++                           type);
++               }
++
++               maj_status = PRIVSEP(ssh_gssapi_accept_ctx(ctxt, &recv_tok, 
++                   &send_tok, &ret_flags));
++
++               free(recv_tok.value);
++
++               if (maj_status != GSS_S_COMPLETE && send_tok.length == 0)
++                       fatal("Zero length token output when incomplete");
++
++               if (dh_client_pub == NULL)
++                       fatal("No client public key");
++               
++               if (maj_status & GSS_S_CONTINUE_NEEDED) {
++                       debug("Sending GSSAPI_CONTINUE");
++                       packet_start(SSH2_MSG_KEXGSS_CONTINUE);
++                       packet_put_string(send_tok.value, send_tok.length);
++                       packet_send();
++                       gss_release_buffer(&min_status, &send_tok);
++               }
++       } while (maj_status & GSS_S_CONTINUE_NEEDED);
++
++       if (GSS_ERROR(maj_status)) {
++               if (send_tok.length > 0) {
++                       packet_start(SSH2_MSG_KEXGSS_CONTINUE);
++                       packet_put_string(send_tok.value, send_tok.length);
++                       packet_send();
++               }
++               fatal("accept_ctx died");
++       }
++
++       if (!(ret_flags & GSS_C_MUTUAL_FLAG))
++               fatal("Mutual Authentication flag wasn't set");
++
++       if (!(ret_flags & GSS_C_INTEG_FLAG))
++               fatal("Integrity flag wasn't set");
++       
++       if (!dh_pub_is_valid(dh, dh_client_pub))
++               packet_disconnect("bad client public DH value");
++
++       klen = DH_size(dh);
++       kbuf = xmalloc(klen); 
++       kout = DH_compute_key(kbuf, dh_client_pub, dh);
++       if (kout < 0)
++               fatal("DH_compute_key: failed");
++
++       shared_secret = BN_new();
++       if (shared_secret == NULL)
++               fatal("kexgss_server: BN_new failed");
++
++       if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
++               fatal("kexgss_server: BN_bin2bn failed");
++
++       memset(kbuf, 0, klen);
++       free(kbuf);
++
++       switch (kex->kex_type) {
++       case KEX_GSS_GRP1_SHA1:
++       case KEX_GSS_GRP14_SHA1:
++               kex_dh_hash(
++                   kex->client_version_string, kex->server_version_string,
++                   buffer_ptr(&kex->peer), buffer_len(&kex->peer),
++                   buffer_ptr(&kex->my), buffer_len(&kex->my),
++                   NULL, 0, /* Change this if we start sending host keys */
++                   dh_client_pub, dh->pub_key, shared_secret,
++                   &hash, &hashlen
++               );
++               break;
++       case KEX_GSS_GEX_SHA1:
++               kexgex_hash(
++                   kex->evp_md,
++                   kex->client_version_string, kex->server_version_string,
++                   buffer_ptr(&kex->peer), buffer_len(&kex->peer),
++                   buffer_ptr(&kex->my), buffer_len(&kex->my),
++                   NULL, 0,
++                   min, nbits, max,
++                   dh->p, dh->g,
++                   dh_client_pub,
++                   dh->pub_key,
++                   shared_secret,
++                   &hash, &hashlen
++               );
++               break;
++       default:
++               fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type);
++       }
++
++       BN_clear_free(dh_client_pub);
++
++       if (kex->session_id == NULL) {
++               kex->session_id_len = hashlen;
++               kex->session_id = xmalloc(kex->session_id_len);
++               memcpy(kex->session_id, hash, kex->session_id_len);
++       }
++
++       gssbuf.value = hash;
++       gssbuf.length = hashlen;
++
++       if (GSS_ERROR(PRIVSEP(ssh_gssapi_sign(ctxt,&gssbuf,&msg_tok))))
++               fatal("Couldn't get MIC");
++
++       packet_start(SSH2_MSG_KEXGSS_COMPLETE);
++       packet_put_bignum2(dh->pub_key);
++       packet_put_string(msg_tok.value,msg_tok.length);
++
++       if (send_tok.length != 0) {
++               packet_put_char(1); /* true */
++               packet_put_string(send_tok.value, send_tok.length);
++       } else {
++               packet_put_char(0); /* false */
++       }
++       packet_send();
++
++       gss_release_buffer(&min_status, &send_tok);
++       gss_release_buffer(&min_status, &msg_tok);
++
++       if (gss_kex_context == NULL)
++               gss_kex_context = ctxt;
++       else 
++               ssh_gssapi_delete_ctx(&ctxt);
++
++       DH_free(dh);
++
++       kex_derive_keys(kex, hash, hashlen, shared_secret);
++       BN_clear_free(shared_secret);
++       kex_finish(kex);
++
++       /* If this was a rekey, then save out any delegated credentials we
++        * just exchanged.  */
++       if (options.gss_store_rekey)
++               ssh_gssapi_rekey_creds();
++}
++#endif /* GSSAPI */
+Index: b/key.c
+===================================================================
+--- a/key.c
++++ b/key.c
+@@ -933,6 +933,7 @@
+            KEY_RSA_CERT_V00, 0, 1 },
+        { "ssh-dss-cert-v00@openssh.com", "DSA-CERT-V00",
+            KEY_DSA_CERT_V00, 0, 1 },
++       { "null", "null", KEY_NULL, 0, 0 },
+        { NULL, NULL, -1, -1, 0 }
+ };
+ 
+Index: b/key.h
+===================================================================
+--- a/key.h
++++ b/key.h
+@@ -44,6 +44,7 @@
+        KEY_ECDSA_CERT,
+        KEY_RSA_CERT_V00,
+        KEY_DSA_CERT_V00,
++       KEY_NULL,
+        KEY_UNSPEC
+ };
+ enum fp_type {
+Index: b/monitor.c
+===================================================================
+--- a/monitor.c
++++ b/monitor.c
+@@ -181,6 +181,8 @@
+ int mm_answer_gss_accept_ctx(int, Buffer *);
+ int mm_answer_gss_userok(int, Buffer *);
+ int mm_answer_gss_checkmic(int, Buffer *);
++int mm_answer_gss_sign(int, Buffer *);
++int mm_answer_gss_updatecreds(int, Buffer *);
+ #endif
+ 
+ #ifdef SSH_AUDIT_EVENTS
+@@ -253,6 +255,7 @@
+     {MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx},
+     {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok},
+     {MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic},
++    {MONITOR_REQ_GSSSIGN, MON_ONCE, mm_answer_gss_sign},
+ #endif
+ #ifdef JPAKE
+     {MONITOR_REQ_JPAKE_GET_PWDATA, MON_ONCE, mm_answer_jpake_get_pwdata},
+@@ -265,6 +268,12 @@
+ };
+ 
+ struct mon_table mon_dispatch_postauth20[] = {
++#ifdef GSSAPI
++    {MONITOR_REQ_GSSSETUP, 0, mm_answer_gss_setup_ctx},
++    {MONITOR_REQ_GSSSTEP, 0, mm_answer_gss_accept_ctx},
++    {MONITOR_REQ_GSSSIGN, 0, mm_answer_gss_sign},
++    {MONITOR_REQ_GSSUPCREDS, 0, mm_answer_gss_updatecreds},
++#endif
+     {MONITOR_REQ_MODULI, 0, mm_answer_moduli},
+     {MONITOR_REQ_SIGN, 0, mm_answer_sign},
+     {MONITOR_REQ_PTY, 0, mm_answer_pty},
+@@ -373,6 +382,10 @@
+                /* Permit requests for moduli and signatures */
+                monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
+                monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
++#ifdef GSSAPI
++               /* and for the GSSAPI key exchange */
++               monitor_permit(mon_dispatch, MONITOR_REQ_GSSSETUP, 1);
++#endif
+        } else {
+                mon_dispatch = mon_dispatch_proto15;
+ 
+@@ -487,6 +500,10 @@
+                monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
+                monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
+                monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
++#ifdef GSSAPI
++               /* and for the GSSAPI key exchange */
++               monitor_permit(mon_dispatch, MONITOR_REQ_GSSSETUP, 1);
++#endif         
+        } else {
+                mon_dispatch = mon_dispatch_postauth15;
+                monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
+@@ -1855,6 +1872,13 @@
+        kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
+        kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
+        kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
++#ifdef GSSAPI
++       if (options.gss_keyex) {
++               kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
++               kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_server;
++               kex->kex[KEX_GSS_GEX_SHA1] = kexgss_server;
++       }
++#endif
+        kex->server = 1;
+        kex->hostkey_type = buffer_get_int(m);
+        kex->kex_type = buffer_get_int(m);
+@@ -2062,6 +2086,9 @@
+        OM_uint32 major;
+        u_int len;
+ 
++       if (!options.gss_authentication && !options.gss_keyex)
++               fatal("In GSSAPI monitor when GSSAPI is disabled");
++
+        goid.elements = buffer_get_string(m, &len);
+        goid.length = len;
+ 
+@@ -2089,6 +2116,9 @@
+        OM_uint32 flags = 0; /* GSI needs this */
+        u_int len;
+ 
++       if (!options.gss_authentication && !options.gss_keyex)
++               fatal("In GSSAPI monitor when GSSAPI is disabled");
++
+        in.value = buffer_get_string(m, &len);
+        in.length = len;
+        major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags);
+@@ -2106,6 +2136,7 @@
+                monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0);
+                monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
+                monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1);
++               monitor_permit(mon_dispatch, MONITOR_REQ_GSSSIGN, 1);
+        }
+        return (0);
+ }
+@@ -2117,6 +2148,9 @@
+        OM_uint32 ret;
+        u_int len;
+ 
++       if (!options.gss_authentication && !options.gss_keyex)
++               fatal("In GSSAPI monitor when GSSAPI is disabled");
++
+        gssbuf.value = buffer_get_string(m, &len);
+        gssbuf.length = len;
+        mic.value = buffer_get_string(m, &len);
+@@ -2143,7 +2177,11 @@
+ {
+        int authenticated;
+ 
+-       authenticated = authctxt->valid && ssh_gssapi_userok(authctxt->user);
++       if (!options.gss_authentication && !options.gss_keyex)
++               fatal("In GSSAPI monitor when GSSAPI is disabled");
++
++       authenticated = authctxt->valid && 
++           ssh_gssapi_userok(authctxt->user, authctxt->pw);
+ 
+        buffer_clear(m);
+        buffer_put_int(m, authenticated);
+@@ -2156,6 +2194,74 @@
+        /* Monitor loop will terminate if authenticated */
+        return (authenticated);
+ }
++
++int 
++mm_answer_gss_sign(int socket, Buffer *m)
++{
++       gss_buffer_desc data;
++       gss_buffer_desc hash = GSS_C_EMPTY_BUFFER;
++       OM_uint32 major, minor;
++       u_int len;
++
++       if (!options.gss_authentication && !options.gss_keyex)
++               fatal("In GSSAPI monitor when GSSAPI is disabled");
++
++       data.value = buffer_get_string(m, &len);
++       data.length = len;
++       if (data.length != 20) 
++               fatal("%s: data length incorrect: %d", __func__, 
++                   (int) data.length);
++
++       /* Save the session ID on the first time around */
++       if (session_id2_len == 0) {
++               session_id2_len = data.length;
++               session_id2 = xmalloc(session_id2_len);
++               memcpy(session_id2, data.value, session_id2_len);
++       }
++       major = ssh_gssapi_sign(gsscontext, &data, &hash);
++
++       free(data.value);
++
++       buffer_clear(m);
++       buffer_put_int(m, major);
++       buffer_put_string(m, hash.value, hash.length);
++
++       mm_request_send(socket, MONITOR_ANS_GSSSIGN, m);
++
++       gss_release_buffer(&minor, &hash);
++
++       /* Turn on getpwnam permissions */
++       monitor_permit(mon_dispatch, MONITOR_REQ_PWNAM, 1);
++       
++       /* And credential updating, for when rekeying */
++       monitor_permit(mon_dispatch, MONITOR_REQ_GSSUPCREDS, 1);
++
++       return (0);
++}
++
++int
++mm_answer_gss_updatecreds(int socket, Buffer *m) {
++       ssh_gssapi_ccache store;
++       int ok;
++
++       store.filename = buffer_get_string(m, NULL);
++       store.envvar   = buffer_get_string(m, NULL);
++       store.envval   = buffer_get_string(m, NULL);
++
++       ok = ssh_gssapi_update_creds(&store);
++
++       free(store.filename);
++       free(store.envvar);
++       free(store.envval);
++
++       buffer_clear(m);
++       buffer_put_int(m, ok);
++
++       mm_request_send(socket, MONITOR_ANS_GSSUPCREDS, m);
++
++       return(0);
++}
++
+ #endif /* GSSAPI */
+ 
+ #ifdef JPAKE
+Index: b/monitor.h
+===================================================================
+--- a/monitor.h
++++ b/monitor.h
+@@ -70,6 +70,9 @@
+        MONITOR_REQ_PAM_FREE_CTX = 110, MONITOR_ANS_PAM_FREE_CTX = 111,
+        MONITOR_REQ_AUDIT_EVENT = 112, MONITOR_REQ_AUDIT_COMMAND = 113,
+ 
++       MONITOR_REQ_GSSSIGN = 150, MONITOR_ANS_GSSSIGN = 151,
++       MONITOR_REQ_GSSUPCREDS = 152, MONITOR_ANS_GSSUPCREDS = 153,
++
+ };
+ 
+ struct mm_master;
+Index: b/monitor_wrap.c
+===================================================================
+--- a/monitor_wrap.c
++++ b/monitor_wrap.c
+@@ -1273,7 +1273,7 @@
+ }
+ 
+ int
+-mm_ssh_gssapi_userok(char *user)
++mm_ssh_gssapi_userok(char *user, struct passwd *pw)
+ {
+        Buffer m;
+        int authenticated = 0;
+@@ -1290,6 +1290,51 @@
+        debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not ");
+        return (authenticated);
+ }
++
++OM_uint32
++mm_ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_desc *data, gss_buffer_desc *hash)
++{
++       Buffer m;
++       OM_uint32 major;
++       u_int len;
++
++       buffer_init(&m);
++       buffer_put_string(&m, data->value, data->length);
++
++       mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSIGN, &m);
++       mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSIGN, &m);
++
++       major = buffer_get_int(&m);
++       hash->value = buffer_get_string(&m, &len);
++       hash->length = len;
++
++       buffer_free(&m);
++
++       return(major);
++}
++
++int
++mm_ssh_gssapi_update_creds(ssh_gssapi_ccache *store)
++{
++       Buffer m;
++       int ok;
++
++       buffer_init(&m);
++
++       buffer_put_cstring(&m, store->filename ? store->filename : "");
++       buffer_put_cstring(&m, store->envvar ? store->envvar : "");
++       buffer_put_cstring(&m, store->envval ? store->envval : "");
++       
++       mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUPCREDS, &m);
++       mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSUPCREDS, &m);
++
++       ok = buffer_get_int(&m);
++
++       buffer_free(&m);
++       
++       return (ok);
++}
++
+ #endif /* GSSAPI */
+ 
+ #ifdef JPAKE
+Index: b/monitor_wrap.h
+===================================================================
+--- a/monitor_wrap.h
++++ b/monitor_wrap.h
+@@ -58,8 +58,10 @@
+ OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID);
+ OM_uint32 mm_ssh_gssapi_accept_ctx(Gssctxt *,
+    gss_buffer_desc *, gss_buffer_desc *, OM_uint32 *);
+-int mm_ssh_gssapi_userok(char *user);
++int mm_ssh_gssapi_userok(char *user, struct passwd *);
+ OM_uint32 mm_ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t);
++OM_uint32 mm_ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t);
++int mm_ssh_gssapi_update_creds(ssh_gssapi_ccache *);
+ #endif
+ 
+ #ifdef USE_PAM
+Index: b/readconf.c
+===================================================================
+--- a/readconf.c
++++ b/readconf.c
+@@ -132,6 +132,8 @@
+        oClearAllForwardings, oNoHostAuthenticationForLocalhost,
+        oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
+        oAddressFamily, oGssAuthentication, oGssDelegateCreds,
++       oGssTrustDns, oGssKeyEx, oGssClientIdentity, oGssRenewalRekey,
++       oGssServerIdentity, 
+        oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
+        oSendEnv, oControlPath, oControlMaster, oControlPersist,
+        oHashKnownHosts,
+@@ -172,10 +174,19 @@
+        { "afstokenpassing", oUnsupported },
+ #if defined(GSSAPI)
+        { "gssapiauthentication", oGssAuthentication },
++       { "gssapikeyexchange", oGssKeyEx },
+        { "gssapidelegatecredentials", oGssDelegateCreds },
++       { "gssapitrustdns", oGssTrustDns },
++       { "gssapiclientidentity", oGssClientIdentity },
++       { "gssapiserveridentity", oGssServerIdentity },
++       { "gssapirenewalforcesrekey", oGssRenewalRekey },
+ #else
+        { "gssapiauthentication", oUnsupported },
++       { "gssapikeyexchange", oUnsupported },
+        { "gssapidelegatecredentials", oUnsupported },
++       { "gssapitrustdns", oUnsupported },
++       { "gssapiclientidentity", oUnsupported },
++       { "gssapirenewalforcesrekey", oUnsupported },
+ #endif
+        { "fallbacktorsh", oDeprecated },
+        { "usersh", oDeprecated },
+@@ -516,10 +527,30 @@
+                intptr = &options->gss_authentication;
+                goto parse_flag;
+ 
++       case oGssKeyEx:
++               intptr = &options->gss_keyex;
++               goto parse_flag;
++
+        case oGssDelegateCreds:
+                intptr = &options->gss_deleg_creds;
+                goto parse_flag;
+ 
++       case oGssTrustDns:
++               intptr = &options->gss_trust_dns;
++               goto parse_flag;
++
++       case oGssClientIdentity:
++               charptr = &options->gss_client_identity;
++               goto parse_string;
++
++       case oGssServerIdentity:
++               charptr = &options->gss_server_identity;
++               goto parse_string;
++
++       case oGssRenewalRekey:
++               intptr = &options->gss_renewal_rekey;
++               goto parse_flag;
++
+        case oBatchMode:
+                intptr = &options->batch_mode;
+                goto parse_flag;
+@@ -1168,7 +1199,12 @@
+        options->pubkey_authentication = -1;
+        options->challenge_response_authentication = -1;
+        options->gss_authentication = -1;
++       options->gss_keyex = -1;
+        options->gss_deleg_creds = -1;
++       options->gss_trust_dns = -1;
++       options->gss_renewal_rekey = -1;
++       options->gss_client_identity = NULL;
++       options->gss_server_identity = NULL;
+        options->password_authentication = -1;
+        options->kbd_interactive_authentication = -1;
+        options->kbd_interactive_devices = NULL;
+@@ -1268,8 +1304,14 @@
+                options->challenge_response_authentication = 1;
+        if (options->gss_authentication == -1)
+                options->gss_authentication = 0;
++       if (options->gss_keyex == -1)
++               options->gss_keyex = 0;
+        if (options->gss_deleg_creds == -1)
+                options->gss_deleg_creds = 0;
++       if (options->gss_trust_dns == -1)
++               options->gss_trust_dns = 0;
++       if (options->gss_renewal_rekey == -1)
++               options->gss_renewal_rekey = 0;
+        if (options->password_authentication == -1)
+                options->password_authentication = 1;
+        if (options->kbd_interactive_authentication == -1)
+Index: b/readconf.h
+===================================================================
+--- a/readconf.h
++++ b/readconf.h
+@@ -48,7 +48,12 @@
+        int     challenge_response_authentication;
+                                        /* Try S/Key or TIS, authentication. */
+        int     gss_authentication;     /* Try GSS authentication */
++       int     gss_keyex;              /* Try GSS key exchange */
+        int     gss_deleg_creds;        /* Delegate GSS credentials */
++       int     gss_trust_dns;          /* Trust DNS for GSS canonicalization */
++       int     gss_renewal_rekey;      /* Credential renewal forces rekey */
++       char    *gss_client_identity;   /* Principal to initiate GSSAPI with */
++       char    *gss_server_identity;   /* GSSAPI target principal */
+        int     password_authentication;        /* Try password
+                                                 * authentication. */
+        int     kbd_interactive_authentication; /* Try keyboard-interactive auth. */
+Index: b/servconf.c
+===================================================================
+--- a/servconf.c
++++ b/servconf.c
+@@ -107,7 +107,10 @@
+        options->kerberos_ticket_cleanup = -1;
+        options->kerberos_get_afs_token = -1;
+        options->gss_authentication=-1;
++       options->gss_keyex = -1;
+        options->gss_cleanup_creds = -1;
++       options->gss_strict_acceptor = -1;
++       options->gss_store_rekey = -1;
+        options->password_authentication = -1;
+        options->kbd_interactive_authentication = -1;
+        options->challenge_response_authentication = -1;
+@@ -240,8 +243,14 @@
+                options->kerberos_get_afs_token = 0;
+        if (options->gss_authentication == -1)
+                options->gss_authentication = 0;
++       if (options->gss_keyex == -1)
++               options->gss_keyex = 0;
+        if (options->gss_cleanup_creds == -1)
+                options->gss_cleanup_creds = 1;
++       if (options->gss_strict_acceptor == -1)
++               options->gss_strict_acceptor = 1;
++       if (options->gss_store_rekey == -1)
++               options->gss_store_rekey = 0;
+        if (options->password_authentication == -1)
+                options->password_authentication = 1;
+        if (options->kbd_interactive_authentication == -1)
+@@ -338,7 +347,9 @@
+        sBanner, sUseDNS, sHostbasedAuthentication,
+        sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
+        sClientAliveCountMax, sAuthorizedKeysFile,
+-       sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
++       sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
++       sGssKeyEx, sGssStoreRekey,
++       sAcceptEnv, sPermitTunnel,
+        sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
+        sUsePrivilegeSeparation, sAllowAgentForwarding,
+        sZeroKnowledgePasswordAuthentication, sHostCertificate,
+@@ -405,10 +416,20 @@
+ #ifdef GSSAPI
+        { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
+        { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
++       { "gssapicleanupcreds", sGssCleanupCreds, SSHCFG_GLOBAL },
++       { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
++       { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL },
++       { "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL },
+ #else
+        { "gssapiauthentication", sUnsupported, SSHCFG_ALL },
+        { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
++       { "gssapicleanupcreds", sUnsupported, SSHCFG_GLOBAL },
++       { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
++       { "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL },
++       { "gssapistorecredentialsonrekey", sUnsupported, SSHCFG_GLOBAL },
+ #endif
++       { "gssusesessionccache", sUnsupported, SSHCFG_GLOBAL },
++       { "gssapiusesessioncredcache", sUnsupported, SSHCFG_GLOBAL },
+        { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
+        { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
+        { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
+@@ -1073,10 +1094,22 @@
+                intptr = &options->gss_authentication;
+                goto parse_flag;
+ 
++       case sGssKeyEx:
++               intptr = &options->gss_keyex;
++               goto parse_flag;
++
+        case sGssCleanupCreds:
+                intptr = &options->gss_cleanup_creds;
+                goto parse_flag;
+ 
++       case sGssStrictAcceptor:
++               intptr = &options->gss_strict_acceptor;
++               goto parse_flag;
++
++       case sGssStoreRekey:
++               intptr = &options->gss_store_rekey;
++               goto parse_flag;
++
+        case sPasswordAuthentication:
+                intptr = &options->password_authentication;
+                goto parse_flag;
+@@ -1983,7 +2016,10 @@
+ #endif
+ #ifdef GSSAPI
+        dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
++       dump_cfg_fmtint(sGssKeyEx, o->gss_keyex);
+        dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds);
++       dump_cfg_fmtint(sGssStrictAcceptor, o->gss_strict_acceptor);
++       dump_cfg_fmtint(sGssStoreRekey, o->gss_store_rekey);
+ #endif
+ #ifdef JPAKE
+        dump_cfg_fmtint(sZeroKnowledgePasswordAuthentication,
+Index: b/servconf.h
+===================================================================
+--- a/servconf.h
++++ b/servconf.h
+@@ -111,7 +111,10 @@
+        int     kerberos_get_afs_token;         /* If true, try to get AFS token if
+                                                 * authenticated with Kerberos. */
+        int     gss_authentication;     /* If true, permit GSSAPI authentication */
++       int     gss_keyex;              /* If true, permit GSSAPI key exchange */
+        int     gss_cleanup_creds;      /* If true, destroy cred cache on logout */
++       int     gss_strict_acceptor;    /* If true, restrict the GSSAPI acceptor name */
++       int     gss_store_rekey;
+        int     password_authentication;        /* If true, permit password
+                                                 * authentication. */
+        int     kbd_interactive_authentication; /* If true, permit */
+Index: b/ssh-gss.h
+===================================================================
+--- a/ssh-gss.h
++++ b/ssh-gss.h
+@@ -1,6 +1,6 @@
+ /* $OpenBSD: ssh-gss.h,v 1.10 2007/06/12 08:20:00 djm Exp $ */
+ /*
+- * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
++ * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
+  *
+  * Redistribution and use in source and binary forms, with or without
+  * modification, are permitted provided that the following conditions
+@@ -61,10 +61,22 @@
+ 
+ #define SSH_GSS_OIDTYPE 0x06
+ 
++#define SSH2_MSG_KEXGSS_INIT                            30
++#define SSH2_MSG_KEXGSS_CONTINUE                        31
++#define SSH2_MSG_KEXGSS_COMPLETE                        32
++#define SSH2_MSG_KEXGSS_HOSTKEY                         33
++#define SSH2_MSG_KEXGSS_ERROR                           34
++#define SSH2_MSG_KEXGSS_GROUPREQ                       40
++#define SSH2_MSG_KEXGSS_GROUP                          41
++#define KEX_GSS_GRP1_SHA1_ID                           "gss-group1-sha1-"
++#define KEX_GSS_GRP14_SHA1_ID                          "gss-group14-sha1-"
++#define KEX_GSS_GEX_SHA1_ID                            "gss-gex-sha1-"
++
+ typedef struct {
+        char *filename;
+        char *envvar;
+        char *envval;
++       struct passwd *owner;
+        void *data;
+ } ssh_gssapi_ccache;
+ 
+@@ -72,8 +84,11 @@
+        gss_buffer_desc displayname;
+        gss_buffer_desc exportedname;
+        gss_cred_id_t creds;
++       gss_name_t name;
+        struct ssh_gssapi_mech_struct *mech;
+        ssh_gssapi_ccache store;
++       int used;
++       int updated;
+ } ssh_gssapi_client;
+ 
+ typedef struct ssh_gssapi_mech_struct {
+@@ -84,6 +99,7 @@
+        int (*userok) (ssh_gssapi_client *, char *);
+        int (*localname) (ssh_gssapi_client *, char **);
+        void (*storecreds) (ssh_gssapi_client *);
++       int (*updatecreds) (ssh_gssapi_ccache *, ssh_gssapi_client *);
+ } ssh_gssapi_mech;
+ 
+ typedef struct {
+@@ -94,10 +110,11 @@
+        gss_OID         oid; /* client */
+        gss_cred_id_t   creds; /* server */
+        gss_name_t      client; /* server */
+-       gss_cred_id_t   client_creds; /* server */
++       gss_cred_id_t   client_creds; /* both */
+ } Gssctxt;
+ 
+ extern ssh_gssapi_mech *supported_mechs[];
++extern Gssctxt *gss_kex_context;
+ 
+ int  ssh_gssapi_check_oid(Gssctxt *, void *, size_t);
+ void ssh_gssapi_set_oid_data(Gssctxt *, void *, size_t);
+@@ -117,16 +134,30 @@
+ void ssh_gssapi_delete_ctx(Gssctxt **);
+ OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t);
+ void ssh_gssapi_buildmic(Buffer *, const char *, const char *, const char *);
+-int ssh_gssapi_check_mechanism(Gssctxt **, gss_OID, const char *);
++int ssh_gssapi_check_mechanism(Gssctxt **, gss_OID, const char *, const char *);
++OM_uint32 ssh_gssapi_client_identity(Gssctxt *, const char *);
++int ssh_gssapi_credentials_updated(Gssctxt *);
+ 
+ /* In the server */
++typedef int ssh_gssapi_check_fn(Gssctxt **, gss_OID, const char *, 
++    const char *);
++char *ssh_gssapi_client_mechanisms(const char *, const char *);
++char *ssh_gssapi_kex_mechs(gss_OID_set, ssh_gssapi_check_fn *, const char *,
++    const char *);
++gss_OID ssh_gssapi_id_kex(Gssctxt *, char *, int);
++int ssh_gssapi_server_check_mech(Gssctxt **,gss_OID, const char *, 
++    const char *);
+ OM_uint32 ssh_gssapi_server_ctx(Gssctxt **, gss_OID);
+-int ssh_gssapi_userok(char *name);
++int ssh_gssapi_userok(char *name, struct passwd *);
+ OM_uint32 ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t);
+ void ssh_gssapi_do_child(char ***, u_int *);
+ void ssh_gssapi_cleanup_creds(void);
+ void ssh_gssapi_storecreds(void);
+ 
++char *ssh_gssapi_server_mechanisms(void);
++int ssh_gssapi_oid_table_ok();
++
++int ssh_gssapi_update_creds(ssh_gssapi_ccache *store);
+ #endif /* GSSAPI */
+ 
+ #endif /* _SSH_GSS_H */
+Index: b/ssh_config
+===================================================================
+--- a/ssh_config
++++ b/ssh_config
+@@ -26,6 +26,8 @@
+ #   HostbasedAuthentication no
+ #   GSSAPIAuthentication no
+ #   GSSAPIDelegateCredentials no
++#   GSSAPIKeyExchange no
++#   GSSAPITrustDNS no
+ #   BatchMode no
+ #   CheckHostIP yes
+ #   AddressFamily any
+Index: b/ssh_config.5
+===================================================================
+--- a/ssh_config.5
++++ b/ssh_config.5
+@@ -529,11 +529,43 @@
+ The default is
+ .Dq no .
+ Note that this option applies to protocol version 2 only.
++.It Cm GSSAPIKeyExchange
++Specifies whether key exchange based on GSSAPI may be used. When using
++GSSAPI key exchange the server need not have a host key.
++The default is
++.Dq no .
++Note that this option applies to protocol version 2 only.
++.It Cm GSSAPIClientIdentity
++If set, specifies the GSSAPI client identity that ssh should use when 
++connecting to the server. The default is unset, which means that the default 
++identity will be used.
++.It Cm GSSAPIServerIdentity
++If set, specifies the GSSAPI server identity that ssh should expect when 
++connecting to the server. The default is unset, which means that the
++expected GSSAPI server identity will be determined from the target
++hostname.
+ .It Cm GSSAPIDelegateCredentials
+ Forward (delegate) credentials to the server.
+ The default is
+ .Dq no .
+-Note that this option applies to protocol version 2 only.
++Note that this option applies to protocol version 2 connections using GSSAPI.
++.It Cm GSSAPIRenewalForcesRekey
++If set to 
++.Dq yes
++then renewal of the client's GSSAPI credentials will force the rekeying of the
++ssh connection. With a compatible server, this can delegate the renewed 
++credentials to a session on the server.
++The default is
++.Dq no .
++.It Cm GSSAPITrustDns
++Set to 
++.Dq yes to indicate that the DNS is trusted to securely canonicalize
++the name of the host being connected to. If 
++.Dq no, the hostname entered on the
++command line will be passed untouched to the GSSAPI library.
++The default is
++.Dq no .
++This option only applies to protocol version 2 connections using GSSAPI.
+ .It Cm HashKnownHosts
+ Indicates that
+ .Xr ssh 1
+Index: b/sshconnect2.c
+===================================================================
+--- a/sshconnect2.c
++++ b/sshconnect2.c
+@@ -160,9 +160,34 @@
+ {
+        Kex *kex;
+ 
++#ifdef GSSAPI
++       char *orig = NULL, *gss = NULL;
++       char *gss_host = NULL;
++#endif
++
+        xxx_host = host;
+        xxx_hostaddr = hostaddr;
+ 
++#ifdef GSSAPI
++       if (options.gss_keyex) {
++               /* Add the GSSAPI mechanisms currently supported on this 
++                * client to the key exchange algorithm proposal */
++               orig = myproposal[PROPOSAL_KEX_ALGS];
++
++               if (options.gss_trust_dns)
++                       gss_host = (char *)get_canonical_hostname(1);
++               else
++                       gss_host = host;
++
++               gss = ssh_gssapi_client_mechanisms(gss_host, options.gss_client_identity);
++               if (gss) {
++                       debug("Offering GSSAPI proposal: %s", gss);
++                       xasprintf(&myproposal[PROPOSAL_KEX_ALGS],
++                           "%s,%s", gss, orig);
++               }
++       }
++#endif
++
+        if (options.ciphers == (char *)-1) {
+                logit("No valid ciphers for protocol version 2 given, using defaults.");
+                options.ciphers = NULL;
+@@ -197,6 +222,17 @@
+        if (options.kex_algorithms != NULL)
+                myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
+ 
++#ifdef GSSAPI
++       /* If we've got GSSAPI algorithms, then we also support the
++        * 'null' hostkey, as a last resort */
++       if (options.gss_keyex && gss) {
++               orig = myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS];
++               xasprintf(&myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS], 
++                   "%s,null", orig);
++               free(gss);
++       }
++#endif
++
+        if (options.rekey_limit || options.rekey_interval)
+                packet_set_rekey_limits((u_int32_t)options.rekey_limit,
+                    (time_t)options.rekey_interval);
+@@ -208,10 +244,30 @@
+        kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
+        kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
+        kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
++#ifdef GSSAPI
++       if (options.gss_keyex) {
++               kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_client;
++               kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_client;
++               kex->kex[KEX_GSS_GEX_SHA1] = kexgss_client;
++       }
++#endif
+        kex->client_version_string=client_version_string;
+        kex->server_version_string=server_version_string;
+        kex->verify_host_key=&verify_host_key_callback;
+ 
++#ifdef GSSAPI
++       if (options.gss_keyex) {
++               kex->gss_deleg_creds = options.gss_deleg_creds;
++               kex->gss_trust_dns = options.gss_trust_dns;
++               kex->gss_client = options.gss_client_identity;
++               if (options.gss_server_identity) {
++                       kex->gss_host = options.gss_server_identity;
++               } else {
++                       kex->gss_host = gss_host;
++        }
++       }
++#endif
++
+        xxx_kex = kex;
+ 
+        dispatch_run(DISPATCH_BLOCK, &kex->done, kex);
+@@ -307,6 +363,7 @@
+ void   input_gssapi_hash(int type, u_int32_t, void *);
+ void   input_gssapi_error(int, u_int32_t, void *);
+ void   input_gssapi_errtok(int, u_int32_t, void *);
++int    userauth_gsskeyex(Authctxt *authctxt);
+ #endif
+ 
+ void   userauth(Authctxt *, char *);
+@@ -322,6 +379,11 @@
+ 
+ Authmethod authmethods[] = {
+ #ifdef GSSAPI
++       {"gssapi-keyex",
++               userauth_gsskeyex,
++               NULL,
++               &options.gss_authentication,
++               NULL},
+        {"gssapi-with-mic",
+                userauth_gssapi,
+                NULL,
+@@ -625,19 +687,31 @@
+        static u_int mech = 0;
+        OM_uint32 min;
+        int ok = 0;
++       const char *gss_host;
++
++       if (options.gss_server_identity)
++               gss_host = options.gss_server_identity;
++       else if (options.gss_trust_dns)
++               gss_host = get_canonical_hostname(1);
++       else
++               gss_host = authctxt->host;
+ 
+        /* Try one GSSAPI method at a time, rather than sending them all at
+         * once. */
+ 
+        if (gss_supported == NULL)
+-               gss_indicate_mechs(&min, &gss_supported);
++               if (GSS_ERROR(gss_indicate_mechs(&min, &gss_supported))) {
++                       gss_supported = NULL;
++                       return 0;
++               }
+ 
+        /* Check to see if the mechanism is usable before we offer it */
+        while (mech < gss_supported->count && !ok) {
+                /* My DER encoding requires length<128 */
+                if (gss_supported->elements[mech].length < 128 &&
+                    ssh_gssapi_check_mechanism(&gssctxt, 
+-                   &gss_supported->elements[mech], authctxt->host)) {
++                   &gss_supported->elements[mech], gss_host, 
++                    options.gss_client_identity)) {
+                        ok = 1; /* Mechanism works */
+                } else {
+                        mech++;
+@@ -734,8 +808,8 @@
+ {
+        Authctxt *authctxt = ctxt;
+        Gssctxt *gssctxt;
+-       int oidlen;
+-       char *oidv;
++       u_int oidlen;
++       u_char *oidv;
+ 
+        if (authctxt == NULL)
+                fatal("input_gssapi_response: no authentication context");
+@@ -844,6 +918,48 @@
+        free(msg);
+        free(lang);
+ }
++
++int
++userauth_gsskeyex(Authctxt *authctxt)
++{
++       Buffer b;
++       gss_buffer_desc gssbuf;
++       gss_buffer_desc mic = GSS_C_EMPTY_BUFFER;
++       OM_uint32 ms;
++
++       static int attempt = 0;
++       if (attempt++ >= 1)
++               return (0);
++
++       if (gss_kex_context == NULL) {
++               debug("No valid Key exchange context"); 
++               return (0);
++       }
++
++       ssh_gssapi_buildmic(&b, authctxt->server_user, authctxt->service,
++           "gssapi-keyex");
++
++       gssbuf.value = buffer_ptr(&b);
++       gssbuf.length = buffer_len(&b);
++
++       if (GSS_ERROR(ssh_gssapi_sign(gss_kex_context, &gssbuf, &mic))) {
++               buffer_free(&b);
++               return (0);
++       }
++
++       packet_start(SSH2_MSG_USERAUTH_REQUEST);
++       packet_put_cstring(authctxt->server_user);
++       packet_put_cstring(authctxt->service);
++       packet_put_cstring(authctxt->method->name);
++       packet_put_string(mic.value, mic.length);
++       packet_send();
++
++       buffer_free(&b);
++       gss_release_buffer(&ms, &mic);
++
++       return (1);
++}
++
+ #endif /* GSSAPI */
+ 
+ int
+Index: b/sshd.c
+===================================================================
+--- a/sshd.c
++++ b/sshd.c
+@@ -122,6 +122,10 @@
+ #include "ssh-sandbox.h"
+ #include "version.h"
+ 
++#ifdef USE_SECURITY_SESSION_API
++#include <Security/AuthSession.h>
++#endif
++
+ #ifdef LIBWRAP
+ #include <tcpd.h>
+ #include <syslog.h>
+@@ -1703,10 +1707,13 @@
+                logit("Disabling protocol version 1. Could not load host key");
+                options.protocol &= ~SSH_PROTO_1;
+        }
++#ifndef GSSAPI
++       /* The GSSAPI key exchange can run without a host key */
+        if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) {
+                logit("Disabling protocol version 2. Could not load host key");
+                options.protocol &= ~SSH_PROTO_2;
+        }
++#endif
+        if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) {
+                logit("sshd: no hostkeys available -- exiting.");
+                exit(1);
+@@ -2035,6 +2042,60 @@
+        /* Log the connection. */
+        verbose("Connection from %.500s port %d", remote_ip, remote_port);
+ 
++#ifdef USE_SECURITY_SESSION_API
++       /*
++        * Create a new security session for use by the new user login if
++        * the current session is the root session or we are not launched
++        * by inetd (eg: debugging mode or server mode).  We do not
++        * necessarily need to create a session if we are launched from
++        * inetd because Panther xinetd will create a session for us.
++        *
++        * The only case where this logic will fail is if there is an
++        * inetd running in a non-root session which is not creating
++        * new sessions for us.  Then all the users will end up in the
++        * same session (bad).
++        *
++        * When the client exits, the session will be destroyed for us
++        * automatically.
++        *
++        * We must create the session before any credentials are stored
++        * (including AFS pags, which happens a few lines below).
++        */
++       {
++               OSStatus err = 0;
++               SecuritySessionId sid = 0;
++               SessionAttributeBits sattrs = 0;
++
++               err = SessionGetInfo(callerSecuritySession, &sid, &sattrs);
++               if (err)
++                       error("SessionGetInfo() failed with error %.8X",
++                           (unsigned) err);
++               else
++                       debug("Current Session ID is %.8X / Session Attributes are %.8X",
++                           (unsigned) sid, (unsigned) sattrs);
++
++               if (inetd_flag && !(sattrs & sessionIsRoot))
++                       debug("Running in inetd mode in a non-root session... "
++                           "assuming inetd created the session for us.");
++               else {
++                       debug("Creating new security session...");
++                       err = SessionCreate(0, sessionHasTTY | sessionIsRemote);
++                       if (err)
++                               error("SessionCreate() failed with error %.8X",
++                                   (unsigned) err);
++
++                       err = SessionGetInfo(callerSecuritySession, &sid, 
++                           &sattrs);
++                       if (err)
++                               error("SessionGetInfo() failed with error %.8X",
++                                   (unsigned) err);
++                       else
++                               debug("New Session ID is %.8X / Session Attributes are %.8X",
++                                   (unsigned) sid, (unsigned) sattrs);
++               }
++       }
++#endif
++
+        /*
+         * We don't want to listen forever unless the other side
+         * successfully authenticates itself.  So we set up an alarm which is
+@@ -2439,6 +2500,48 @@
+ 
+        myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
+ 
++#ifdef GSSAPI
++       {
++       char *orig;
++       char *gss = NULL;
++       char *newstr = NULL;
++       orig = myproposal[PROPOSAL_KEX_ALGS];
++
++       /* 
++        * If we don't have a host key, then there's no point advertising
++        * the other key exchange algorithms
++        */
++
++       if (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]) == 0)
++               orig = NULL;
++
++       if (options.gss_keyex)
++               gss = ssh_gssapi_server_mechanisms();
++       else
++               gss = NULL;
++
++       if (gss && orig)
++               xasprintf(&newstr, "%s,%s", gss, orig);
++       else if (gss)
++               newstr = gss;
++       else if (orig)
++               newstr = orig;
++
++       /* 
++        * If we've got GSSAPI mechanisms, then we've got the 'null' host
++        * key alg, but we can't tell people about it unless its the only
++        * host key algorithm we support
++        */
++       if (gss && (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS])) == 0)
++               myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "null";
++
++       if (newstr)
++               myproposal[PROPOSAL_KEX_ALGS] = newstr;
++       else
++               fatal("No supported key exchange algorithms");
++       }
++#endif
++
+        /* start key exchange */
+        kex = kex_setup(myproposal);
+        kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
+@@ -2446,6 +2549,13 @@
+        kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
+        kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
+        kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
++#ifdef GSSAPI
++       if (options.gss_keyex) {
++               kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
++               kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_server;
++               kex->kex[KEX_GSS_GEX_SHA1] = kexgss_server;
++       }
++#endif
+        kex->server = 1;
+        kex->client_version_string=client_version_string;
+        kex->server_version_string=server_version_string;
+Index: b/sshd_config
+===================================================================
+--- a/sshd_config
++++ b/sshd_config
+@@ -83,6 +83,8 @@
+ # GSSAPI options
+ #GSSAPIAuthentication no
+ #GSSAPICleanupCredentials yes
++#GSSAPIStrictAcceptorCheck yes
++#GSSAPIKeyExchange no
+ 
+ # Set this to 'yes' to enable PAM authentication, account processing, 
+ # and session processing. If this is enabled, PAM authentication will 
+Index: b/sshd_config.5
+===================================================================
+--- a/sshd_config.5
++++ b/sshd_config.5
+@@ -484,12 +484,40 @@
+ The default is
+ .Dq no .
+ Note that this option applies to protocol version 2 only.
++.It Cm GSSAPIKeyExchange
++Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange
++doesn't rely on ssh keys to verify host identity.
++The default is
++.Dq no .
++Note that this option applies to protocol version 2 only.
+ .It Cm GSSAPICleanupCredentials
+ Specifies whether to automatically destroy the user's credentials cache
+ on logout.
+ The default is
+ .Dq yes .
+ Note that this option applies to protocol version 2 only.
++.It Cm GSSAPIStrictAcceptorCheck
++Determines whether to be strict about the identity of the GSSAPI acceptor 
++a client authenticates against. If
++.Dq yes
++then the client must authenticate against the
++.Pa host
++service on the current hostname. If 
++.Dq no
++then the client may authenticate against any service key stored in the 
++machine's default store. This facility is provided to assist with operation 
++on multi homed machines. 
++The default is
++.Dq yes .
++Note that this option applies only to protocol version 2 GSSAPI connections,
++and setting it to 
++.Dq no
++may only work with recent Kerberos GSSAPI libraries.
++.It Cm GSSAPIStoreCredentialsOnRekey
++Controls whether the user's GSSAPI credentials should be updated following a 
++successful connection rekeying. This option can be used to accepted renewed 
++or updated credentials from a compatible client. The default is
++.Dq no .
+ .It Cm HostbasedAuthentication
+ Specifies whether rhosts or /etc/hosts.equiv authentication together
+ with successful public key client host authentication is allowed
diff --git a/debian/patches/helpful-wait-terminate.patch b/debian/patches/helpful-wait-terminate.patch
new file mode 100644
index 000000000..298e8e216
--- /dev/null
+++ b/debian/patches/helpful-wait-terminate.patch
@@ -0,0 +1,18 @@
+Description: Mention ~& when waiting for forwarded connections to terminate
+Author: Matthew Vernon <matthew@debian.org>
+Bug-Debian: http://bugs.debian.org/50308
+Last-Update: 2010-02-27
+
+Index: b/serverloop.c
+===================================================================
+--- a/serverloop.c
++++ b/serverloop.c
+@@ -686,7 +686,7 @@
+                        if (!channel_still_open())
+                                break;
+                        if (!waiting_termination) {
+-                               const char *s = "Waiting for forwarded connections to terminate...\r\n";
++                               const char *s = "Waiting for forwarded connections to terminate... (press ~& to background)\r\n";
+                                char *cp;
+                                waiting_termination = 1;
+                                buffer_append(&stderr_buffer, s, strlen(s));
diff --git a/debian/patches/keepalive-extensions.patch b/debian/patches/keepalive-extensions.patch
new file mode 100644
index 000000000..a851a91bf
--- /dev/null
+++ b/debian/patches/keepalive-extensions.patch
@@ -0,0 +1,124 @@
+Description: Various keepalive extensions
+ Add compatibility aliases for ProtocolKeepAlives and SetupTimeOut,
+ supported in previous versions of Debian's OpenSSH package but since
+ superseded by ServerAliveInterval.  (We're probably stuck with this bit for
+ compatibility.)
+ .
+ In batch mode, default ServerAliveInterval to five minutes.
+ .
+ Adjust documentation to match and to give some more advice on use of
+ keepalives.
+Author: Richard Kettlewell <rjk@greenend.org.uk>
+Author: Ian Jackson <ian@chiark.greenend.org.uk>
+Author: Matthew Vernon <matthew@debian.org>
+Author: Colin Watson <cjwatson@debian.org>
+Last-Update: 2013-09-14
+
+Index: b/readconf.c
+===================================================================
+--- a/readconf.c
++++ b/readconf.c
+@@ -141,6 +141,7 @@
+        oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
+        oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
+        oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown,
++       oProtocolKeepAlives, oSetupTimeOut,
+        oIgnoredUnknownOption, oDeprecated, oUnsupported
+ } OpCodes;
+ 
+@@ -263,6 +264,8 @@
+        { "ipqos", oIPQoS },
+        { "requesttty", oRequestTTY },
+        { "ignoreunknown", oIgnoreUnknown },
++       { "protocolkeepalives", oProtocolKeepAlives },
++       { "setuptimeout", oSetupTimeOut },
+ 
+        { NULL, oBadOption }
+ };
+@@ -939,6 +942,8 @@
+                goto parse_flag;
+ 
+        case oServerAliveInterval:
++       case oProtocolKeepAlives: /* Debian-specific compatibility alias */
++       case oSetupTimeOut:       /* Debian-specific compatibility alias */
+                intptr = &options->server_alive_interval;
+                goto parse_time;
+ 
+@@ -1404,8 +1409,13 @@
+                options->rekey_interval = 0;
+        if (options->verify_host_key_dns == -1)
+                options->verify_host_key_dns = 0;
+-       if (options->server_alive_interval == -1)
+-               options->server_alive_interval = 0;
++       if (options->server_alive_interval == -1) {
++               /* in batch mode, default is 5mins */
++               if (options->batch_mode == 1)
++                       options->server_alive_interval = 300;
++               else
++                       options->server_alive_interval = 0;
++       }
+        if (options->server_alive_count_max == -1)
+                options->server_alive_count_max = 3;
+        if (options->control_master == -1)
+Index: b/ssh_config.5
+===================================================================
+--- a/ssh_config.5
++++ b/ssh_config.5
+@@ -136,8 +136,12 @@
+ If set to
+ .Dq yes ,
+ passphrase/password querying will be disabled.
++In addition, the
++.Cm ServerAliveInterval
++option will be set to 300 seconds by default.
+ This option is useful in scripts and other batch jobs where no user
+-is present to supply the password.
++is present to supply the password,
++and where it is desirable to detect a broken network swiftly.
+ The argument must be
+ .Dq yes
+ or
+@@ -1141,8 +1145,15 @@
+ will send a message through the encrypted
+ channel to request a response from the server.
+ The default
+-is 0, indicating that these messages will not be sent to the server.
++is 0, indicating that these messages will not be sent to the server,
++or 300 if the
++.Cm BatchMode
++option is set.
+ This option applies to protocol version 2 only.
++.Cm ProtocolKeepAlives
++and
++.Cm SetupTimeOut
++are Debian-specific compatibility aliases for this option.
+ .It Cm StrictHostKeyChecking
+ If this flag is set to
+ .Dq yes ,
+@@ -1181,6 +1192,12 @@
+ other side.
+ If they are sent, death of the connection or crash of one
+ of the machines will be properly noticed.
++This option only uses TCP keepalives (as opposed to using ssh level
++keepalives), so takes a long time to notice when the connection dies.
++As such, you probably want
++the
++.Cm ServerAliveInterval
++option as well.
+ However, this means that
+ connections will die if the route is down temporarily, and some people
+ find it annoying.
+Index: b/sshd_config.5
+===================================================================
+--- a/sshd_config.5
++++ b/sshd_config.5
+@@ -1161,6 +1161,9 @@
+ .Pp
+ To disable TCP keepalive messages, the value should be set to
+ .Dq no .
++.Pp
++This option was formerly called
++.Cm KeepAlive .
+ .It Cm TrustedUserCAKeys
+ Specifies a file containing public keys of certificate authorities that are
+ trusted to sign user certificates for authentication.
diff --git a/debian/patches/lintian-symlink-pickiness.patch b/debian/patches/lintian-symlink-pickiness.patch
new file mode 100644
index 000000000..19ae33b22
--- /dev/null
+++ b/debian/patches/lintian-symlink-pickiness.patch
@@ -0,0 +1,23 @@
+Description: Fix picky lintian errors about slogin symlinks
+ Apparently this breaks some SVR4 packaging systems, so upstream can't win
+ either way and opted to keep the status quo.  We need this patch anyway.
+Author: Colin Watson <cjwatson@debian.org>
+Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1728
+Last-Update: 2013-09-14
+
+Index: b/Makefile.in
+===================================================================
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -296,9 +296,9 @@
+        $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
+        $(INSTALL) -m 644 ssh-vulnkey.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-vulnkey.1
+        -rm -f $(DESTDIR)$(bindir)/slogin
+-       ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
++       ln -s ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
+        -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
+-       ln -s ./ssh.1 $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
++       ln -s ssh.1 $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
+ 
+ install-sysconf:
+        if [ ! -d $(DESTDIR)$(sysconfdir) ]; then \
diff --git a/debian/patches/mention-ssh-keygen-on-keychange.patch b/debian/patches/mention-ssh-keygen-on-keychange.patch
new file mode 100644
index 000000000..55c277031
--- /dev/null
+++ b/debian/patches/mention-ssh-keygen-on-keychange.patch
@@ -0,0 +1,33 @@
+Description: Mention ssh-keygen in ssh fingerprint changed warning
+Author: Scott Moser <smoser@ubuntu.com>
+Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1843
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/686607
+Last-Update: 2013-09-14
+
+Index: b/sshconnect.c
+===================================================================
+--- a/sshconnect.c
++++ b/sshconnect.c
+@@ -981,9 +981,12 @@
+                        error("%s. This could either mean that", key_msg);
+                        error("DNS SPOOFING is happening or the IP address for the host");
+                        error("and its host key have changed at the same time.");
+-                       if (ip_status != HOST_NEW)
++                       if (ip_status != HOST_NEW) {
+                                error("Offending key for IP in %s:%lu",
+                                    ip_found->file, ip_found->line);
++                               error("  remove with: ssh-keygen -f \"%s\" -R %s",
++                                   ip_found->file, ip);
++                       }
+                }
+                /* The host key has changed. */
+                warn_changed_key(host_key);
+@@ -991,6 +994,8 @@
+                    user_hostfiles[0]);
+                error("Offending %s key in %s:%lu", key_type(host_found->key),
+                    host_found->file, host_found->line);
++               error("  remove with: ssh-keygen -f \"%s\" -R %s",
++                   host_found->file, host);
+ 
+                /*
+                 * If strict host key checking is in use, the user will have
diff --git a/debian/patches/openbsd-docs.patch b/debian/patches/openbsd-docs.patch
new file mode 100644
index 000000000..d4eeee6e8
--- /dev/null
+++ b/debian/patches/openbsd-docs.patch
@@ -0,0 +1,135 @@
+Description: Adjust various OpenBSD-specific references in manual pages
+ No single bug reference for this patch, but history includes:
+  http://bugs.debian.org/154434 (login.conf(5))
+  http://bugs.debian.org/513417 (/etc/rc)
+  http://bugs.debian.org/530692 (ssl(8))
+  https://bugs.launchpad.net/bugs/456660 (ssl(8))
+Author: Colin Watson <cjwatson@debian.org>
+Forwarded: not-needed
+Last-Update: 2013-09-14
+
+Index: b/moduli.5
+===================================================================
+--- a/moduli.5
++++ b/moduli.5
+@@ -21,7 +21,7 @@
+ .Nd Diffie-Hellman moduli
+ .Sh DESCRIPTION
+ The
+-.Pa /etc/moduli
++.Pa /etc/ssh/moduli
+ file contains prime numbers and generators for use by
+ .Xr sshd 8
+ in the Diffie-Hellman Group Exchange key exchange method.
+@@ -110,7 +110,7 @@
+ Diffie-Hellman output to sufficiently key the selected symmetric cipher.
+ .Xr sshd 8
+ then randomly selects a modulus from
+-.Fa /etc/moduli
++.Fa /etc/ssh/moduli
+ that best meets the size requirement.
+ .Sh SEE ALSO
+ .Xr ssh-keygen 1 ,
+Index: b/ssh-keygen.1
+===================================================================
+--- a/ssh-keygen.1
++++ b/ssh-keygen.1
+@@ -171,9 +171,7 @@
+ .Pa ~/.ssh/id_dsa
+ or
+ .Pa ~/.ssh/id_rsa .
+-Additionally, the system administrator may use this to generate host keys,
+-as seen in
+-.Pa /etc/rc .
++Additionally, the system administrator may use this to generate host keys.
+ .Pp
+ Normally this program generates the key and asks for a file in which
+ to store the private key.
+@@ -219,9 +217,7 @@
+ For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys
+ do not exist, generate the host keys with the default key file path,
+ an empty passphrase, default bits for the key type, and default comment.
+-This is used by
+-.Pa /etc/rc
+-to generate new host keys.
++This is used by system administration scripts to generate new host keys.
+ .It Fl a Ar trials
+ Specifies the number of primality tests to perform when screening DH-GEX
+ candidates using the
+@@ -605,7 +601,7 @@
+ Valid generator values are 2, 3, and 5.
+ .Pp
+ Screened DH groups may be installed in
+-.Pa /etc/moduli .
++.Pa /etc/ssh/moduli .
+ It is important that this file contains moduli of a range of bit lengths and
+ that both ends of a connection share common moduli.
+ .Sh CERTIFICATES
+@@ -800,7 +796,7 @@
+ where the user wishes to log in using public key authentication.
+ There is no need to keep the contents of this file secret.
+ .Pp
+-.It Pa /etc/moduli
++.It Pa /etc/ssh/moduli
+ Contains Diffie-Hellman groups used for DH-GEX.
+ The file format is described in
+ .Xr moduli 5 .
+Index: b/ssh.1
+===================================================================
+--- a/ssh.1
++++ b/ssh.1
+@@ -756,6 +756,10 @@
+ but protocol 2 may use any.
+ The HISTORY section of
+ .Xr ssl 8
++(on non-OpenBSD systems, see
++.nh
++http://www.openbsd.org/cgi\-bin/man.cgi?query=ssl&sektion=8#HISTORY)
++.hy
+ contains a brief discussion of the DSA and RSA algorithms.
+ .Pp
+ The file
+Index: b/sshd.8
+===================================================================
+--- a/sshd.8
++++ b/sshd.8
+@@ -70,7 +70,7 @@
+ .Nm
+ listens for connections from clients.
+ It is normally started at boot from
+-.Pa /etc/rc .
++.Pa /etc/init.d/ssh .
+ It forks a new
+ daemon for each incoming connection.
+ The forked daemons handle
+@@ -859,7 +859,7 @@
+ .Xr ssh 1 ) .
+ It should only be writable by root.
+ .Pp
+-.It Pa /etc/moduli
++.It Pa /etc/ssh/moduli
+ Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
+ The file format is described in
+ .Xr moduli 5 .
+@@ -957,7 +957,6 @@
+ .Xr ssh-vulnkey 1 ,
+ .Xr chroot 2 ,
+ .Xr hosts_access 5 ,
+-.Xr login.conf 5 ,
+ .Xr moduli 5 ,
+ .Xr sshd_config 5 ,
+ .Xr inetd 8 ,
+Index: b/sshd_config.5
+===================================================================
+--- a/sshd_config.5
++++ b/sshd_config.5
+@@ -283,8 +283,7 @@
+ By default, no banner is displayed.
+ .It Cm ChallengeResponseAuthentication
+ Specifies whether challenge-response authentication is allowed (e.g. via
+-PAM or though authentication styles supported in
+-.Xr login.conf 5 )
++PAM).
+ The default is
+ .Dq yes .
+ .It Cm ChrootDirectory
diff --git a/debian/patches/package-versioning.patch b/debian/patches/package-versioning.patch
new file mode 100644
index 000000000..2be45ebf8
--- /dev/null
+++ b/debian/patches/package-versioning.patch
@@ -0,0 +1,54 @@
+Description: Include the Debian version in our identification
+ This makes it easier to audit networks for versions patched against
+ security vulnerabilities.  It has little detrimental effect, as attackers
+ will generally just try attacks rather than bothering to scan for
+ vulnerable-looking version strings.  (However, see debian-banner.patch.)
+Author: Matthew Vernon <matthew@debian.org>
+Forwarded: not-needed
+Last-Update: 2013-09-14
+
+Index: b/sshconnect.c
+===================================================================
+--- a/sshconnect.c
++++ b/sshconnect.c
+@@ -442,10 +442,10 @@
+        /* Send our own protocol version identification. */
+        if (compat20) {
+                xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n",
+-                   PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION);
++                   PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE);
+        } else {
+                xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n",
+-                   PROTOCOL_MAJOR_1, minor1, SSH_VERSION);
++                   PROTOCOL_MAJOR_1, minor1, SSH_RELEASE);
+        }
+        if (roaming_atomicio(vwrite, connection_out, client_version_string,
+            strlen(client_version_string)) != strlen(client_version_string))
+Index: b/sshd.c
+===================================================================
+--- a/sshd.c
++++ b/sshd.c
+@@ -440,7 +440,7 @@
+        }
+ 
+        xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
+-           major, minor, SSH_VERSION,
++           major, minor, SSH_RELEASE,
+            *options.version_addendum == '\0' ? "" : " ",
+            options.version_addendum, newline);
+ 
+Index: b/version.h
+===================================================================
+--- a/version.h
++++ b/version.h
+@@ -3,4 +3,9 @@
+ #define SSH_VERSION    "OpenSSH_6.3"
+ 
+ #define SSH_PORTABLE   "p1"
+-#define SSH_RELEASE    SSH_VERSION SSH_PORTABLE
++#define SSH_RELEASE_MINIMUM    SSH_VERSION SSH_PORTABLE
++#ifdef SSH_EXTRAVERSION
++#define SSH_RELEASE    SSH_RELEASE_MINIMUM " " SSH_EXTRAVERSION
++#else
++#define SSH_RELEASE    SSH_RELEASE_MINIMUM
++#endif
diff --git a/debian/patches/quieter-signals.patch b/debian/patches/quieter-signals.patch
new file mode 100644
index 000000000..32f4cfc67
--- /dev/null
+++ b/debian/patches/quieter-signals.patch
@@ -0,0 +1,31 @@
+Description: Reduce severity of "Killed by signal %d"
+ This produces irritating messages when using ProxyCommand or other programs
+ that use ssh under the covers (e.g. Subversion).  These messages are more
+ normally printed by the calling program, such as the shell.
+ .
+ According to the upstream bug, the right way to avoid this is to use the -q
+ option, so we may drop this patch after further investigation into whether
+ any software in Debian is still relying on it.
+Author: Peter Samuelson <peter@p12n.org>
+Author: Colin Watson <cjwatson@debian.org>
+Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1118
+Bug-Debian: http://bugs.debian.org/313371
+Last-Update: 2013-09-14
+
+Index: b/clientloop.c
+===================================================================
+--- a/clientloop.c
++++ b/clientloop.c
+@@ -1717,8 +1717,10 @@
+                exit_status = 0;
+        }
+ 
+-       if (received_signal)
+-               fatal("Killed by signal %d.", (int) received_signal);
++       if (received_signal) {
++               debug("Killed by signal %d.", (int) received_signal);
++               cleanup_exit((int) received_signal + 128);
++       }
+ 
+        /*
+         * In interactive mode (with pseudo tty) display a message indicating
diff --git a/debian/patches/scp-quoting.patch b/debian/patches/scp-quoting.patch
new file mode 100644
index 000000000..239c1b599
--- /dev/null
+++ b/debian/patches/scp-quoting.patch
@@ -0,0 +1,32 @@
+Description: Adjust scp quoting in verbose mode
+ Tweak scp's reporting of filenames in verbose mode to be a bit less
+ confusing with spaces.
+ .
+ This should be revised to mimic real shell quoting.
+Author: Nicolas Valcárcel <nvalcarcel@ubuntu.com>
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/89945
+Last-Update: 2010-02-27
+
+Index: b/scp.c
+===================================================================
+--- a/scp.c
++++ b/scp.c
+@@ -189,8 +189,16 @@
+ 
+        if (verbose_mode) {
+                fprintf(stderr, "Executing:");
+-               for (i = 0; i < a->num; i++)
+-                       fprintf(stderr, " %s", a->list[i]);
++               for (i = 0; i < a->num; i++) {
++                       if (i == 0)
++                               fprintf(stderr, " %s", a->list[i]);
++                       else
++                               /*
++                                * TODO: misbehaves if a->list[i] contains a
++                                * single quote
++                                */
++                               fprintf(stderr, " '%s'", a->list[i]);
++               }
+                fprintf(stderr, "\n");
+        }
+        if ((pid = fork()) == -1)
diff --git a/debian/patches/selinux-role.patch b/debian/patches/selinux-role.patch
new file mode 100644
index 000000000..f3376c20a
--- /dev/null
+++ b/debian/patches/selinux-role.patch
@@ -0,0 +1,479 @@
+Description: Handle SELinux authorisation roles
+ Rejected upstream due to discomfort with magic usernames; a better approach
+ will need an SSH protocol change.  In the meantime, this came from Debian's
+ SELinux maintainer, so we'll keep it until we have something better.
+Author: Manoj Srivastava <srivasta@debian.org>
+Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641
+Bug-Debian: http://bugs.debian.org/394795
+Last-Update: 2013-09-14
+
+Index: b/auth.h
+===================================================================
+--- a/auth.h
++++ b/auth.h
+@@ -59,6 +59,7 @@
+        char            *service;
+        struct passwd   *pw;            /* set if 'valid' */
+        char            *style;
++       char            *role;
+        void            *kbdintctxt;
+        char            *info;          /* Extra info for next auth_log */
+        void            *jpake_ctx;
+Index: b/auth1.c
+===================================================================
+--- a/auth1.c
++++ b/auth1.c
+@@ -380,7 +380,7 @@
+ do_authentication(Authctxt *authctxt)
+ {
+        u_int ulen;
+-       char *user, *style = NULL;
++       char *user, *style = NULL, *role = NULL;
+ 
+        /* Get the name of the user that we wish to log in as. */
+        packet_read_expect(SSH_CMSG_USER);
+@@ -389,11 +389,17 @@
+        user = packet_get_cstring(&ulen);
+        packet_check_eom();
+ 
++       if ((role = strchr(user, '/')) != NULL)
++               *role++ = '\0';
++
+        if ((style = strchr(user, ':')) != NULL)
+                *style++ = '\0';
++       else if (role && (style = strchr(role, ':')) != NULL)
++               *style++ = '\0';
+ 
+        authctxt->user = user;
+        authctxt->style = style;
++       authctxt->role = role;
+ 
+        /* Verify that the user is a valid user. */
+        if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL)
+Index: b/auth2.c
+===================================================================
+--- a/auth2.c
++++ b/auth2.c
+@@ -222,7 +222,7 @@
+ {
+        Authctxt *authctxt = ctxt;
+        Authmethod *m = NULL;
+-       char *user, *service, *method, *style = NULL;
++       char *user, *service, *method, *style = NULL, *role = NULL;
+        int authenticated = 0;
+ 
+        if (authctxt == NULL)
+@@ -234,8 +234,13 @@
+        debug("userauth-request for user %s service %s method %s", user, service, method);
+        debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
+ 
++       if ((role = strchr(user, '/')) != NULL)
++               *role++ = 0;
++
+        if ((style = strchr(user, ':')) != NULL)
+                *style++ = 0;
++       else if (role && (style = strchr(role, ':')) != NULL)
++               *style++ = '\0';
+ 
+        if (authctxt->attempt++ == 0) {
+                /* setup auth context */
+@@ -259,8 +264,9 @@
+                    use_privsep ? " [net]" : "");
+                authctxt->service = xstrdup(service);
+                authctxt->style = style ? xstrdup(style) : NULL;
++               authctxt->role = role ? xstrdup(role) : NULL;
+                if (use_privsep)
+-                       mm_inform_authserv(service, style);
++                       mm_inform_authserv(service, style, role);
+                userauth_banner();
+                if (auth2_setup_methods_lists(authctxt) != 0)
+                        packet_disconnect("no authentication methods enabled");
+Index: b/monitor.c
+===================================================================
+--- a/monitor.c
++++ b/monitor.c
+@@ -146,6 +146,7 @@
+ int mm_answer_pwnamallow(int, Buffer *);
+ int mm_answer_auth2_read_banner(int, Buffer *);
+ int mm_answer_authserv(int, Buffer *);
++int mm_answer_authrole(int, Buffer *);
+ int mm_answer_authpassword(int, Buffer *);
+ int mm_answer_bsdauthquery(int, Buffer *);
+ int mm_answer_bsdauthrespond(int, Buffer *);
+@@ -227,6 +228,7 @@
+     {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
+     {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
+     {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
++    {MONITOR_REQ_AUTHROLE, MON_ONCE, mm_answer_authrole},
+     {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
+     {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
+ #ifdef USE_PAM
+@@ -844,6 +846,7 @@
+        else {
+                /* Allow service/style information on the auth context */
+                monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
++               monitor_permit(mon_dispatch, MONITOR_REQ_AUTHROLE, 1);
+                monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
+        }
+ #ifdef USE_PAM
+@@ -874,14 +877,37 @@
+ 
+        authctxt->service = buffer_get_string(m, NULL);
+        authctxt->style = buffer_get_string(m, NULL);
+-       debug3("%s: service=%s, style=%s",
+-           __func__, authctxt->service, authctxt->style);
++       authctxt->role = buffer_get_string(m, NULL);
++       debug3("%s: service=%s, style=%s, role=%s",
++           __func__, authctxt->service, authctxt->style, authctxt->role);
+ 
+        if (strlen(authctxt->style) == 0) {
+                free(authctxt->style);
+                authctxt->style = NULL;
+        }
+ 
++       if (strlen(authctxt->role) == 0) {
++               free(authctxt->role);
++               authctxt->role = NULL;
++       }
++
++       return (0);
++}
++
++int
++mm_answer_authrole(int sock, Buffer *m)
++{
++       monitor_permit_authentications(1);
++
++       authctxt->role = buffer_get_string(m, NULL);
++       debug3("%s: role=%s",
++           __func__, authctxt->role);
++
++       if (strlen(authctxt->role) == 0) {
++               free(authctxt->role);
++               authctxt->role = NULL;
++       }
++
+        return (0);
+ }
+ 
+@@ -1486,7 +1512,7 @@
+        res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty));
+        if (res == 0)
+                goto error;
+-       pty_setowner(authctxt->pw, s->tty);
++       pty_setowner(authctxt->pw, s->tty, authctxt->role);
+ 
+        buffer_put_int(m, 1);
+        buffer_put_cstring(m, s->tty);
+Index: b/monitor.h
+===================================================================
+--- a/monitor.h
++++ b/monitor.h
+@@ -73,6 +73,8 @@
+        MONITOR_REQ_GSSSIGN = 150, MONITOR_ANS_GSSSIGN = 151,
+        MONITOR_REQ_GSSUPCREDS = 152, MONITOR_ANS_GSSUPCREDS = 153,
+ 
++       MONITOR_REQ_AUTHROLE = 154,
++
+ };
+ 
+ struct mm_master;
+Index: b/monitor_wrap.c
+===================================================================
+--- a/monitor_wrap.c
++++ b/monitor_wrap.c
+@@ -320,10 +320,10 @@
+        return (banner);
+ }
+ 
+-/* Inform the privileged process about service and style */
++/* Inform the privileged process about service, style, and role */
+ 
+ void
+-mm_inform_authserv(char *service, char *style)
++mm_inform_authserv(char *service, char *style, char *role)
+ {
+        Buffer m;
+ 
+@@ -332,11 +332,29 @@
+        buffer_init(&m);
+        buffer_put_cstring(&m, service);
+        buffer_put_cstring(&m, style ? style : "");
++       buffer_put_cstring(&m, role ? role : "");
+ 
+        mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHSERV, &m);
+ 
+        buffer_free(&m);
+ }
++
++/* Inform the privileged process about role */
++
++void
++mm_inform_authrole(char *role)
++{
++       Buffer m;
++
++       debug3("%s entering", __func__);
++
++       buffer_init(&m);
++       buffer_put_cstring(&m, role ? role : "");
++
++       mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHROLE, &m);
++
++       buffer_free(&m);
++}
+ 
+ /* Do the password authentication */
+ int
+Index: b/monitor_wrap.h
+===================================================================
+--- a/monitor_wrap.h
++++ b/monitor_wrap.h
+@@ -41,7 +41,8 @@
+ int mm_is_monitor(void);
+ DH *mm_choose_dh(int, int, int);
+ int mm_key_sign(Key *, u_char **, u_int *, u_char *, u_int);
+-void mm_inform_authserv(char *, char *);
++void mm_inform_authserv(char *, char *, char *);
++void mm_inform_authrole(char *);
+ struct passwd *mm_getpwnamallow(const char *);
+ char *mm_auth2_read_banner(void);
+ int mm_auth_password(struct Authctxt *, char *);
+Index: b/openbsd-compat/port-linux.c
+===================================================================
+--- a/openbsd-compat/port-linux.c
++++ b/openbsd-compat/port-linux.c
+@@ -29,6 +29,12 @@
+ #include <string.h>
+ #include <stdio.h>
+ 
++#ifdef WITH_SELINUX
++#include "key.h"
++#include "hostfile.h"
++#include "auth.h"
++#endif
++
+ #include "log.h"
+ #include "xmalloc.h"
+ #include "port-linux.h"
+@@ -58,7 +64,7 @@
+ 
+ /* Return the default security context for the given username */
+ static security_context_t
+-ssh_selinux_getctxbyname(char *pwname)
++ssh_selinux_getctxbyname(char *pwname, const char *role)
+ {
+        security_context_t sc = NULL;
+        char *sename = NULL, *lvl = NULL;
+@@ -73,9 +79,16 @@
+ #endif
+ 
+ #ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL
+-       r = get_default_context_with_level(sename, lvl, NULL, &sc);
++       if (role != NULL && role[0])
++               r = get_default_context_with_rolelevel(sename, role, lvl, NULL,
++                                                      &sc);
++       else
++               r = get_default_context_with_level(sename, lvl, NULL, &sc);
+ #else
+-       r = get_default_context(sename, NULL, &sc);
++       if (role != NULL && role[0])
++               r = get_default_context_with_role(sename, role, NULL, &sc);
++       else
++               r = get_default_context(sename, NULL, &sc);
+ #endif
+ 
+        if (r != 0) {
+@@ -105,7 +118,7 @@
+ 
+ /* Set the execution context to the default for the specified user */
+ void
+-ssh_selinux_setup_exec_context(char *pwname)
++ssh_selinux_setup_exec_context(char *pwname, const char *role)
+ {
+        security_context_t user_ctx = NULL;
+ 
+@@ -114,7 +127,7 @@
+ 
+        debug3("%s: setting execution context", __func__);
+ 
+-       user_ctx = ssh_selinux_getctxbyname(pwname);
++       user_ctx = ssh_selinux_getctxbyname(pwname, role);
+        if (setexeccon(user_ctx) != 0) {
+                switch (security_getenforce()) {
+                case -1:
+@@ -136,7 +149,7 @@
+ 
+ /* Set the TTY context for the specified user */
+ void
+-ssh_selinux_setup_pty(char *pwname, const char *tty)
++ssh_selinux_setup_pty(char *pwname, const char *tty, const char *role)
+ {
+        security_context_t new_tty_ctx = NULL;
+        security_context_t user_ctx = NULL;
+@@ -147,7 +160,7 @@
+ 
+        debug3("%s: setting TTY context on %s", __func__, tty);
+ 
+-       user_ctx = ssh_selinux_getctxbyname(pwname);
++       user_ctx = ssh_selinux_getctxbyname(pwname, role);
+ 
+        /* XXX: should these calls fatal() upon failure in enforcing mode? */
+ 
+Index: b/openbsd-compat/port-linux.h
+===================================================================
+--- a/openbsd-compat/port-linux.h
++++ b/openbsd-compat/port-linux.h
+@@ -21,8 +21,8 @@
+ 
+ #ifdef WITH_SELINUX
+ int ssh_selinux_enabled(void);
+-void ssh_selinux_setup_pty(char *, const char *);
+-void ssh_selinux_setup_exec_context(char *);
++void ssh_selinux_setup_pty(char *, const char *, const char *);
++void ssh_selinux_setup_exec_context(char *, const char *);
+ void ssh_selinux_change_context(const char *);
+ void ssh_selinux_setfscreatecon(const char *);
+ #endif
+Index: b/platform.c
+===================================================================
+--- a/platform.c
++++ b/platform.c
+@@ -134,7 +134,7 @@
+  * called if sshd is running as root.
+  */
+ void
+-platform_setusercontext_post_groups(struct passwd *pw)
++platform_setusercontext_post_groups(struct passwd *pw, const char *role)
+ {
+ #if !defined(HAVE_LOGIN_CAP) && defined(USE_PAM)
+        /*
+@@ -181,7 +181,7 @@
+        }
+ #endif /* HAVE_SETPCRED */
+ #ifdef WITH_SELINUX
+-       ssh_selinux_setup_exec_context(pw->pw_name);
++       ssh_selinux_setup_exec_context(pw->pw_name, role);
+ #endif
+ }
+ 
+Index: b/platform.h
+===================================================================
+--- a/platform.h
++++ b/platform.h
+@@ -26,7 +26,7 @@
+ void platform_post_fork_child(void);
+ int  platform_privileged_uidswap(void);
+ void platform_setusercontext(struct passwd *);
+-void platform_setusercontext_post_groups(struct passwd *);
++void platform_setusercontext_post_groups(struct passwd *, const char *);
+ char *platform_get_krb5_client(const char *);
+ char *platform_krb5_get_principal_name(const char *);
+ int platform_sys_dir_uid(uid_t);
+Index: b/session.c
+===================================================================
+--- a/session.c
++++ b/session.c
+@@ -1474,7 +1474,7 @@
+ 
+ /* Set login name, uid, gid, and groups. */
+ void
+-do_setusercontext(struct passwd *pw)
++do_setusercontext(struct passwd *pw, const char *role)
+ {
+        char *chroot_path, *tmp;
+ 
+@@ -1502,7 +1502,7 @@
+                endgrent();
+ #endif
+ 
+-               platform_setusercontext_post_groups(pw);
++               platform_setusercontext_post_groups(pw, role);
+ 
+                if (options.chroot_directory != NULL &&
+                    strcasecmp(options.chroot_directory, "none") != 0) {
+@@ -1646,7 +1646,7 @@
+ 
+        /* Force a password change */
+        if (s->authctxt->force_pwchange) {
+-               do_setusercontext(pw);
++               do_setusercontext(pw, s->authctxt->role);
+                child_close_fds();
+                do_pwchange(s);
+                exit(1);
+@@ -1673,7 +1673,7 @@
+                /* When PAM is enabled we rely on it to do the nologin check */
+                if (!options.use_pam)
+                        do_nologin(pw);
+-               do_setusercontext(pw);
++               do_setusercontext(pw, s->authctxt->role);
+                /*
+                 * PAM session modules in do_setusercontext may have
+                 * generated messages, so if this in an interactive
+@@ -2084,7 +2084,7 @@
+        tty_parse_modes(s->ttyfd, &n_bytes);
+ 
+        if (!use_privsep)
+-               pty_setowner(s->pw, s->tty);
++               pty_setowner(s->pw, s->tty, s->authctxt->role);
+ 
+        /* Set window size from the packet. */
+        pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);
+Index: b/session.h
+===================================================================
+--- a/session.h
++++ b/session.h
+@@ -76,7 +76,7 @@
+ Session        *session_new(void);
+ Session        *session_by_tty(char *);
+ void    session_close(Session *);
+-void    do_setusercontext(struct passwd *);
++void    do_setusercontext(struct passwd *, const char *);
+ void    child_set_env(char ***envp, u_int *envsizep, const char *name,
+                       const char *value);
+ 
+Index: b/sshd.c
+===================================================================
+--- a/sshd.c
++++ b/sshd.c
+@@ -753,7 +753,7 @@
+        RAND_seed(rnd, sizeof(rnd));
+ 
+        /* Drop privileges */
+-       do_setusercontext(authctxt->pw);
++       do_setusercontext(authctxt->pw, authctxt->role);
+ 
+  skip:
+        /* It is safe now to apply the key state */
+Index: b/sshpty.c
+===================================================================
+--- a/sshpty.c
++++ b/sshpty.c
+@@ -200,7 +200,7 @@
+ }
+ 
+ void
+-pty_setowner(struct passwd *pw, const char *tty)
++pty_setowner(struct passwd *pw, const char *tty, const char *role)
+ {
+        struct group *grp;
+        gid_t gid;
+@@ -227,7 +227,7 @@
+                    strerror(errno));
+ 
+ #ifdef WITH_SELINUX
+-       ssh_selinux_setup_pty(pw->pw_name, tty);
++       ssh_selinux_setup_pty(pw->pw_name, tty, role);
+ #endif
+ 
+        if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
+Index: b/sshpty.h
+===================================================================
+--- a/sshpty.h
++++ b/sshpty.h
+@@ -24,4 +24,4 @@
+ void    pty_release(const char *);
+ void    pty_make_controlling_tty(int *, const char *);
+ void    pty_change_window_size(int, u_int, u_int, u_int, u_int);
+-void    pty_setowner(struct passwd *, const char *);
++void    pty_setowner(struct passwd *, const char *, const char *);
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 000000000..f5c2ebb52
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1,48 @@
+# GSSAPI
+gssapi.patch
+
+# SELinux
+selinux-role.patch
+
+# Key blacklisting
+ssh-vulnkey.patch
+
+# Keepalive handling
+ssh1-keepalive.patch
+keepalive-extensions.patch
+
+# Message adjustments
+syslog-level-silent.patch
+quieter-signals.patch
+helpful-wait-terminate.patch
+
+# ConsoleKit
+consolekit.patch
+
+# Miscellaneous bug fixes
+user-group-modes.patch
+scp-quoting.patch
+shell-path.patch
+dnssec-sshfp.patch
+auth-log-verbosity.patch
+mention-ssh-keygen-on-keychange.patch
+
+# Versioning
+package-versioning.patch
+debian-banner.patch
+
+# File system layout
+authorized-keys-man-symlink.patch
+lintian-symlink-pickiness.patch
+
+# Documentation
+openbsd-docs.patch
+ssh-argv0.patch
+doc-hash-tab-completion.patch
+doc-upstart.patch
+ssh-agent-setgid.patch
+
+# Debian-specific configuration
+gnome-ssh-askpass2-icon.patch
+sigstop.patch
+debian-config.patch
diff --git a/debian/patches/shell-path.patch b/debian/patches/shell-path.patch
new file mode 100644
index 000000000..a1c6efc8d
--- /dev/null
+++ b/debian/patches/shell-path.patch
@@ -0,0 +1,30 @@
+Description: Look for $SHELL on the path for ProxyCommand/LocalCommand
+ There's some debate on the upstream bug about whether POSIX requires this.
+ I (Colin Watson) agree with Vincent and think it does.
+Author: Colin Watson <cjwatson@debian.org>
+Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1494
+Bug-Debian: http://bugs.debian.org/492728
+Last-Update: 2013-09-14
+
+Index: b/sshconnect.c
+===================================================================
+--- a/sshconnect.c
++++ b/sshconnect.c
+@@ -151,7 +151,7 @@
+                /* Execute the proxy command.  Note that we gave up any
+                   extra privileges above. */
+                signal(SIGPIPE, SIG_DFL);
+-               execv(argv[0], argv);
++               execvp(argv[0], argv);
+                perror(argv[0]);
+                exit(1);
+        }
+@@ -1298,7 +1298,7 @@
+        if (pid == 0) {
+                signal(SIGPIPE, SIG_DFL);
+                debug3("Executing %s -c \"%s\"", shell, args);
+-               execl(shell, shell, "-c", args, (char *)NULL);
++               execlp(shell, shell, "-c", args, (char *)NULL);
+                error("Couldn't execute %s -c \"%s\": %s",
+                    shell, args, strerror(errno));
+                _exit(1);
diff --git a/debian/patches/sigstop.patch b/debian/patches/sigstop.patch
new file mode 100644
index 000000000..3311a797c
--- /dev/null
+++ b/debian/patches/sigstop.patch
@@ -0,0 +1,20 @@
+Description: Support synchronisation with service supervisor using SIGSTOP
+Author: Colin Watson <cjwatson@debian.org>
+Forwarded: no
+Last-Update: 2013-09-14
+
+Index: b/sshd.c
+===================================================================
+--- a/sshd.c
++++ b/sshd.c
+@@ -1914,6 +1914,10 @@
+                        }
+                }
+ 
++               if (getenv("SSH_SIGSTOP"))
++                       /* Tell service supervisor that we are ready. */
++                       kill(getpid(), SIGSTOP);
++
+                /* Accept a connection and return in a forked child */
+                server_accept_loop(&sock_in, &sock_out,
+                    &newsock, config_s);
diff --git a/debian/patches/ssh-agent-setgid.patch b/debian/patches/ssh-agent-setgid.patch
new file mode 100644
index 000000000..7e909a165
--- /dev/null
+++ b/debian/patches/ssh-agent-setgid.patch
@@ -0,0 +1,32 @@
+Description: Document consequences of ssh-agent being setgid in ssh-agent(1)
+Author: Colin Watson <cjwatson@debian.org>
+Bug-Debian: http://bugs.debian.org/711623
+Forwarded: no
+Last-Update: 2013-06-08
+
+Index: b/ssh-agent.1
+===================================================================
+--- a/ssh-agent.1
++++ b/ssh-agent.1
+@@ -182,6 +182,21 @@
+ .Pp
+ The agent exits automatically when the command given on the command
+ line terminates.
++.Pp
++In Debian,
++.Nm
++is installed with the set-group-id bit set, to prevent
++.Xr ptrace 2
++attacks retrieving private key material.
++This has the side-effect of causing the run-time linker to remove certain
++environment variables which might have security implications for set-id
++programs, including
++.Ev LD_PRELOAD ,
++.Ev LD_LIBRARY_PATH ,
++and
++.Ev TMPDIR .
++If you need to set any of these environment variables, you will need to do
++so in the program executed by ssh-agent.
+ .Sh FILES
+ .Bl -tag -width Ds
+ .It Pa ~/.ssh/identity
diff --git a/debian/patches/ssh-argv0.patch b/debian/patches/ssh-argv0.patch
new file mode 100644
index 000000000..28d144221
--- /dev/null
+++ b/debian/patches/ssh-argv0.patch
@@ -0,0 +1,21 @@
+Description: ssh(1): Refer to ssh-argv0(1)
+ Old versions of OpenSSH (up to 2.5 or thereabouts) allowed creating
+ symlinks to ssh with the name of the host you want to connect to.  Debian
+ ships an ssh-argv0 script restoring this feature; this patch refers to its
+ manual page from ssh(1).
+Bug-Debian: http://bugs.debian.org/111341
+Forwarded: not-needed
+Last-Update: 2013-09-14
+
+Index: b/ssh.1
+===================================================================
+--- a/ssh.1
++++ b/ssh.1
+@@ -1451,6 +1451,7 @@
+ .Xr sftp 1 ,
+ .Xr ssh-add 1 ,
+ .Xr ssh-agent 1 ,
++.Xr ssh-argv0 1 ,
+ .Xr ssh-keygen 1 ,
+ .Xr ssh-keyscan 1 ,
+ .Xr ssh-vulnkey 1 ,
diff --git a/debian/patches/ssh-vulnkey.patch b/debian/patches/ssh-vulnkey.patch
new file mode 100644
index 000000000..a56911290
--- /dev/null
+++ b/debian/patches/ssh-vulnkey.patch
@@ -0,0 +1,1382 @@
+Description: Reject vulnerable keys to mitigate Debian OpenSSL flaw
+ In 2008, Debian (and derived distributions such as Ubuntu) shipped an
+ OpenSSL package with a flawed random number generator, causing OpenSSH to
+ generate only a very limited set of keys which were subject to private half
+ precomputation.  To mitigate this, this patch checks key authentications
+ against a blacklist of known-vulnerable keys, and adds a new ssh-vulnkey
+ program which can be used to explicitly check keys against that blacklist.
+ See CVE-2008-0166.
+Author: Colin Watson <cjwatson@ubuntu.com>
+Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1469
+Last-Update: 2013-09-14
+
+Index: b/Makefile.in
+===================================================================
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -26,6 +26,7 @@
+ SFTP_SERVER=$(libexecdir)/sftp-server
+ SSH_KEYSIGN=$(libexecdir)/ssh-keysign
+ SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
++SSH_DATADIR=$(datadir)/ssh
+ PRIVSEP_PATH=@PRIVSEP_PATH@
+ SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
+ STRIP_OPT=@STRIP_OPT@
+@@ -37,7 +38,8 @@
+        -D_PATH_SSH_KEY_SIGN=\"$(SSH_KEYSIGN)\" \
+        -D_PATH_SSH_PKCS11_HELPER=\"$(SSH_PKCS11_HELPER)\" \
+        -D_PATH_SSH_PIDDIR=\"$(piddir)\" \
+-       -D_PATH_PRIVSEP_CHROOT_DIR=\"$(PRIVSEP_PATH)\"
++       -D_PATH_PRIVSEP_CHROOT_DIR=\"$(PRIVSEP_PATH)\" \
++       -D_PATH_SSH_DATADIR=\"$(SSH_DATADIR)\"
+ 
+ CC=@CC@
+ LD=@LD@
+@@ -61,7 +63,7 @@
+ EXEEXT=@EXEEXT@
+ MANFMT=@MANFMT@
+ 
+-TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT)
++TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-vulnkey$(EXEEXT)
+ 
+ LIBSSH_OBJS=authfd.o authfile.o bufaux.o bufbn.o buffer.o \
+        canohost.o channels.o cipher.o cipher-aes.o \
+@@ -96,8 +98,8 @@
+        sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
+        sandbox-seccomp-filter.o
+ 
+-MANPAGES       = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
+-MANPAGES_IN    = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
++MANPAGES       = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out ssh-vulnkey.1.out sshd_config.5.out ssh_config.5.out
++MANPAGES_IN    = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 ssh-vulnkey.1 sshd_config.5 ssh_config.5
+ MANTYPE                = @MANTYPE@
+ 
+ CONFIGFILES=sshd_config.out ssh_config.out moduli.out
+@@ -176,6 +178,9 @@
+ sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o
+        $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT)
+ 
++ssh-vulnkey$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-vulnkey.o
++       $(LD) -o $@ ssh-vulnkey.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
++
+ # test driver for the loginrec code - not built by default
+ logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o
+        $(LD) -o $@ logintest.o $(LDFLAGS) loginrec.o -lopenbsd-compat -lssh $(LIBS)
+@@ -272,6 +277,7 @@
+        $(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
+        $(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
+        $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
++       $(INSTALL) -m 0755 $(STRIP_OPT) ssh-vulnkey$(EXEEXT) $(DESTDIR)$(bindir)/ssh-vulnkey$(EXEEXT)
+        $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
+        $(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
+        $(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
+@@ -286,6 +292,7 @@
+        $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
+        $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
+        $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
++       $(INSTALL) -m 644 ssh-vulnkey.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-vulnkey.1
+        -rm -f $(DESTDIR)$(bindir)/slogin
+        ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
+        -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
+@@ -367,6 +374,7 @@
+        -rm -f $(DESTDIR)$(bindir)/ssh-agent$(EXEEXT)
+        -rm -f $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT)
+        -rm -f $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT)
++       -rm -f $(DESTDIR)$(bindir)/ssh-vulnkey$(EXEEXT)
+        -rm -f $(DESTDIR)$(bindir)/sftp$(EXEEXT)
+        -rm -f $(DESTDIR)$(sbindir)/sshd$(EXEEXT)
+        -rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
+@@ -379,6 +387,7 @@
+        -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1
+        -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1
+        -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1
++       -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-vulnkey.1
+        -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8
+        -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
+        -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
+Index: b/auth-rh-rsa.c
+===================================================================
+--- a/auth-rh-rsa.c
++++ b/auth-rh-rsa.c
+@@ -44,7 +44,7 @@
+ {
+        HostStatus host_status;
+ 
+-       if (auth_key_is_revoked(client_host_key))
++       if (auth_key_is_revoked(client_host_key, 0))
+                return 0;
+ 
+        /* Check if we would accept it using rhosts authentication. */
+Index: b/auth-rsa.c
+===================================================================
+--- a/auth-rsa.c
++++ b/auth-rsa.c
+@@ -237,7 +237,7 @@
+                free(fp);
+ 
+                /* Never accept a revoked key */
+-               if (auth_key_is_revoked(key))
++               if (auth_key_is_revoked(key, 0))
+                        break;
+ 
+                /* We have found the desired key. */
+Index: b/auth.c
+===================================================================
+--- a/auth.c
++++ b/auth.c
+@@ -59,6 +59,7 @@
+ #include "servconf.h"
+ #include "key.h"
+ #include "hostfile.h"
++#include "authfile.h"
+ #include "auth.h"
+ #include "auth-options.h"
+ #include "canohost.h"
+@@ -657,10 +658,34 @@
+ 
+ /* Returns 1 if key is revoked by revoked_keys_file, 0 otherwise */
+ int
+-auth_key_is_revoked(Key *key)
++auth_key_is_revoked(Key *key, int hostkey)
+ {
+        char *key_fp;
+ 
++       if (blacklisted_key(key, &key_fp) == 1) {
++               if (options.permit_blacklisted_keys) {
++                       if (hostkey)
++                               error("Host key %s blacklisted (see "
++                                   "ssh-vulnkey(1)); continuing anyway",
++                                   key_fp);
++                       else
++                               logit("Public key %s from %s blacklisted (see "
++                                   "ssh-vulnkey(1)); continuing anyway",
++                                   key_fp, get_remote_ipaddr());
++                       free(key_fp);
++               } else {
++                       if (hostkey)
++                               error("Host key %s blacklisted (see "
++                                   "ssh-vulnkey(1))", key_fp);
++                       else
++                               logit("Public key %s from %s blacklisted (see "
++                                   "ssh-vulnkey(1))",
++                                   key_fp, get_remote_ipaddr());
++                       free(key_fp);
++                       return 1;
++               }
++       }
++
+        if (options.revoked_keys_file == NULL)
+                return 0;
+        switch (ssh_krl_file_contains_key(options.revoked_keys_file, key)) {
+Index: b/auth.h
+===================================================================
+--- a/auth.h
++++ b/auth.h
+@@ -191,7 +191,7 @@
+ 
+ FILE   *auth_openkeyfile(const char *, struct passwd *, int);
+ FILE   *auth_openprincipals(const char *, struct passwd *, int);
+-int     auth_key_is_revoked(Key *);
++int     auth_key_is_revoked(Key *, int);
+ 
+ HostStatus
+ check_key_in_hostfiles(struct passwd *, Key *, const char *,
+Index: b/auth2-hostbased.c
+===================================================================
+--- a/auth2-hostbased.c
++++ b/auth2-hostbased.c
+@@ -150,7 +150,7 @@
+        int len;
+        char *fp;
+ 
+-       if (auth_key_is_revoked(key))
++       if (auth_key_is_revoked(key, 0))
+                return 0;
+ 
+        resolvedname = get_canonical_hostname(options.use_dns);
+Index: b/auth2-pubkey.c
+===================================================================
+--- a/auth2-pubkey.c
++++ b/auth2-pubkey.c
+@@ -647,9 +647,10 @@
+        u_int success, i;
+        char *file;
+ 
+-       if (auth_key_is_revoked(key))
++       if (auth_key_is_revoked(key, 0))
+                return 0;
+-       if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key))
++       if (key_is_cert(key) &&
++           auth_key_is_revoked(key->cert->signature_key, 0))
+                return 0;
+ 
+        success = user_cert_trusted_ca(pw, key);
+Index: b/authfile.c
+===================================================================
+--- a/authfile.c
++++ b/authfile.c
+@@ -68,6 +68,7 @@
+ #include "rsa.h"
+ #include "misc.h"
+ #include "atomicio.h"
++#include "pathnames.h"
+ 
+ #define MAX_KEY_FILE_SIZE      (1024 * 1024)
+ 
+@@ -944,3 +945,139 @@
+        return ret;
+ }
+ 
++/* Scan a blacklist of known-vulnerable keys in blacklist_file. */
++static int
++blacklisted_key_in_file(Key *key, const char *blacklist_file, char **fp)
++{
++       int fd = -1;
++       char *dgst_hex = NULL;
++       char *dgst_packed = NULL, *p;
++       int i;
++       size_t line_len;
++       struct stat st;
++       char buf[256];
++       off_t start, lower, upper;
++       int ret = 0;
++
++       debug("Checking blacklist file %s", blacklist_file);
++       fd = open(blacklist_file, O_RDONLY);
++       if (fd < 0) {
++               ret = -1;
++               goto out;
++       }
++
++       dgst_hex = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
++       /* Remove all colons */
++       dgst_packed = xcalloc(1, strlen(dgst_hex) + 1);
++       for (i = 0, p = dgst_packed; dgst_hex[i]; i++)
++               if (dgst_hex[i] != ':')
++                       *p++ = dgst_hex[i];
++       /* Only compare least-significant 80 bits (to keep the blacklist
++        * size down)
++        */
++       line_len = strlen(dgst_packed + 12);
++       if (line_len > 32)
++               goto out;
++
++       /* Skip leading comments */
++       start = 0;
++       for (;;) {
++               ssize_t r;
++               char *newline;
++
++               r = atomicio(read, fd, buf, sizeof(buf));
++               if (r <= 0)
++                       goto out;
++               if (buf[0] != '#')
++                       break;
++
++               newline = memchr(buf, '\n', sizeof(buf));
++               if (!newline)
++                       goto out;
++               start += newline + 1 - buf;
++               if (lseek(fd, start, SEEK_SET) < 0)
++                       goto out;
++       }
++
++       /* Initialise binary search record numbers */
++       if (fstat(fd, &st) < 0)
++               goto out;
++       lower = 0;
++       upper = (st.st_size - start) / (line_len + 1);
++
++       while (lower != upper) {
++               off_t cur;
++               int cmp;
++
++               cur = lower + (upper - lower) / 2;
++
++               /* Read this line and compare to digest; this is
++                * overflow-safe since cur < max(off_t) / (line_len + 1) */
++               if (lseek(fd, start + cur * (line_len + 1), SEEK_SET) < 0)
++                       break;
++               if (atomicio(read, fd, buf, line_len) != line_len)
++                       break;
++               cmp = memcmp(buf, dgst_packed + 12, line_len);
++               if (cmp < 0) {
++                       if (cur == lower)
++                               break;
++                       lower = cur;
++               } else if (cmp > 0) {
++                       if (cur == upper)
++                               break;
++                       upper = cur;
++               } else {
++                       debug("Found %s in blacklist", dgst_hex);
++                       ret = 1;
++                       break;
++               }
++       }
++
++out:
++       free(dgst_packed);
++       if (ret != 1 && dgst_hex) {
++               free(dgst_hex);
++               dgst_hex = NULL;
++       }
++       if (fp)
++               *fp = dgst_hex;
++       if (fd >= 0)
++               close(fd);
++       return ret;
++}
++
++/*
++ * Scan blacklists of known-vulnerable keys. If a vulnerable key is found,
++ * its fingerprint is returned in *fp, unless fp is NULL.
++ */
++int
++blacklisted_key(Key *key, char **fp)
++{
++       Key *public;
++       char *blacklist_file;
++       int ret, ret2;
++
++       public = key_demote(key);
++       if (public->type == KEY_RSA1)
++               public->type = KEY_RSA;
++
++       xasprintf(&blacklist_file, "%s.%s-%u",
++           _PATH_BLACKLIST, key_type(public), key_size(public));
++       ret = blacklisted_key_in_file(public, blacklist_file, fp);
++       free(blacklist_file);
++       if (ret > 0) {
++               key_free(public);
++               return ret;
++       }
++
++       xasprintf(&blacklist_file, "%s.%s-%u",
++           _PATH_BLACKLIST_CONFIG, key_type(public), key_size(public));
++       ret2 = blacklisted_key_in_file(public, blacklist_file, fp);
++       free(blacklist_file);
++       if (ret2 > ret)
++               ret = ret2;
++
++       key_free(public);
++       return ret;
++}
++
+Index: b/authfile.h
+===================================================================
+--- a/authfile.h
++++ b/authfile.h
+@@ -28,4 +28,6 @@
+ int     key_perm_ok(int, const char *);
+ int     key_in_file(Key *, const char *, int);
+ 
++int     blacklisted_key(Key *key, char **fp);
++
+ #endif
+Index: b/pathnames.h
+===================================================================
+--- a/pathnames.h
++++ b/pathnames.h
+@@ -18,6 +18,10 @@
+ #define SSHDIR                         ETCDIR "/ssh"
+ #endif
+ 
++#ifndef _PATH_SSH_DATADIR
++#define _PATH_SSH_DATADIR              "/usr/share/ssh"
++#endif
++
+ #ifndef _PATH_SSH_PIDDIR
+ #define _PATH_SSH_PIDDIR               "/var/run"
+ #endif
+@@ -44,6 +48,9 @@
+ /* Backwards compatibility */
+ #define _PATH_DH_PRIMES                        SSHDIR "/primes"
+ 
++#define _PATH_BLACKLIST                        _PATH_SSH_DATADIR "/blacklist"
++#define _PATH_BLACKLIST_CONFIG         SSHDIR "/blacklist"
++
+ #ifndef _PATH_SSH_PROGRAM
+ #define _PATH_SSH_PROGRAM              "/usr/bin/ssh"
+ #endif
+Index: b/readconf.c
+===================================================================
+--- a/readconf.c
++++ b/readconf.c
+@@ -128,6 +128,7 @@
+        oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
+        oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
+        oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
++       oUseBlacklistedKeys,
+        oHostKeyAlgorithms, oBindAddress, oPKCS11Provider,
+        oClearAllForwardings, oNoHostAuthenticationForLocalhost,
+        oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
+@@ -161,6 +162,7 @@
+        { "passwordauthentication", oPasswordAuthentication },
+        { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
+        { "kbdinteractivedevices", oKbdInteractiveDevices },
++       { "useblacklistedkeys", oUseBlacklistedKeys },
+        { "rsaauthentication", oRSAAuthentication },
+        { "pubkeyauthentication", oPubkeyAuthentication },
+        { "dsaauthentication", oPubkeyAuthentication },             /* alias */
+@@ -523,6 +525,10 @@
+                intptr = &options->challenge_response_authentication;
+                goto parse_flag;
+ 
++       case oUseBlacklistedKeys:
++               intptr = &options->use_blacklisted_keys;
++               goto parse_flag;
++
+        case oGssAuthentication:
+                intptr = &options->gss_authentication;
+                goto parse_flag;
+@@ -1210,6 +1216,7 @@
+        options->kbd_interactive_devices = NULL;
+        options->rhosts_rsa_authentication = -1;
+        options->hostbased_authentication = -1;
++       options->use_blacklisted_keys = -1;
+        options->batch_mode = -1;
+        options->check_host_ip = -1;
+        options->strict_host_key_checking = -1;
+@@ -1320,6 +1327,8 @@
+                options->rhosts_rsa_authentication = 0;
+        if (options->hostbased_authentication == -1)
+                options->hostbased_authentication = 0;
++       if (options->use_blacklisted_keys == -1)
++               options->use_blacklisted_keys = 0;
+        if (options->batch_mode == -1)
+                options->batch_mode = 0;
+        if (options->check_host_ip == -1)
+Index: b/readconf.h
+===================================================================
+--- a/readconf.h
++++ b/readconf.h
+@@ -59,6 +59,7 @@
+        int     kbd_interactive_authentication; /* Try keyboard-interactive auth. */
+        char    *kbd_interactive_devices; /* Keyboard-interactive auth devices. */
+        int     zero_knowledge_password_authentication; /* Try jpake */
++       int     use_blacklisted_keys;   /* If true, send */
+        int     batch_mode;     /* Batch mode: do not ask for passwords. */
+        int     check_host_ip;  /* Also keep track of keys for IP address */
+        int     strict_host_key_checking;       /* Strict host key checking. */
+Index: b/servconf.c
+===================================================================
+--- a/servconf.c
++++ b/servconf.c
+@@ -114,6 +114,7 @@
+        options->password_authentication = -1;
+        options->kbd_interactive_authentication = -1;
+        options->challenge_response_authentication = -1;
++       options->permit_blacklisted_keys = -1;
+        options->permit_empty_passwd = -1;
+        options->permit_user_env = -1;
+        options->use_login = -1;
+@@ -257,6 +258,8 @@
+                options->kbd_interactive_authentication = 0;
+        if (options->challenge_response_authentication == -1)
+                options->challenge_response_authentication = 1;
++       if (options->permit_blacklisted_keys == -1)
++               options->permit_blacklisted_keys = 0;
+        if (options->permit_empty_passwd == -1)
+                options->permit_empty_passwd = 0;
+        if (options->permit_user_env == -1)
+@@ -338,7 +341,7 @@
+        sListenAddress, sAddressFamily,
+        sPrintMotd, sPrintLastLog, sIgnoreRhosts,
+        sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
+-       sStrictModes, sEmptyPasswd, sTCPKeepAlive,
++       sStrictModes, sPermitBlacklistedKeys, sEmptyPasswd, sTCPKeepAlive,
+        sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
+        sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
+        sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
+@@ -451,6 +454,7 @@
+        { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL },
+        { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL },
+        { "strictmodes", sStrictModes, SSHCFG_GLOBAL },
++       { "permitblacklistedkeys", sPermitBlacklistedKeys, SSHCFG_GLOBAL },
+        { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL },
+        { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL },
+        { "uselogin", sUseLogin, SSHCFG_GLOBAL },
+@@ -1158,6 +1162,10 @@
+                intptr = &options->tcp_keep_alive;
+                goto parse_flag;
+ 
++       case sPermitBlacklistedKeys:
++               intptr = &options->permit_blacklisted_keys;
++               goto parse_flag;
++
+        case sEmptyPasswd:
+                intptr = &options->permit_empty_passwd;
+                goto parse_flag;
+@@ -2036,6 +2044,7 @@
+        dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost);
+        dump_cfg_fmtint(sStrictModes, o->strict_modes);
+        dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive);
++       dump_cfg_fmtint(sPermitBlacklistedKeys, o->permit_blacklisted_keys);
+        dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);
+        dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);
+        dump_cfg_fmtint(sUseLogin, o->use_login);
+Index: b/servconf.h
+===================================================================
+--- a/servconf.h
++++ b/servconf.h
+@@ -121,6 +121,7 @@
+        int     challenge_response_authentication;
+        int     zero_knowledge_password_authentication;
+                                        /* If true, permit jpake auth */
++       int     permit_blacklisted_keys;        /* If true, permit */
+        int     permit_empty_passwd;    /* If false, do not permit empty
+                                         * passwords. */
+        int     permit_user_env;        /* If true, read ~/.ssh/environment */
+Index: b/ssh-add.1
+===================================================================
+--- a/ssh-add.1
++++ b/ssh-add.1
+@@ -81,6 +81,10 @@
+ .Nm
+ to work.
+ .Pp
++Any keys recorded in the blacklist of known-compromised keys (see
++.Xr ssh-vulnkey 1 )
++will be refused.
++.Pp
+ The options are as follows:
+ .Bl -tag -width Ds
+ .It Fl c
+@@ -186,6 +190,7 @@
+ .Xr ssh 1 ,
+ .Xr ssh-agent 1 ,
+ .Xr ssh-keygen 1 ,
++.Xr ssh-vulnkey 1 ,
+ .Xr sshd 8
+ .Sh AUTHORS
+ OpenSSH is a derivative of the original and free
+Index: b/ssh-add.c
+===================================================================
+--- a/ssh-add.c
++++ b/ssh-add.c
+@@ -167,7 +167,7 @@
+ add_file(AuthenticationConnection *ac, const char *filename, int key_only)
+ {
+        Key *private, *cert;
+-       char *comment = NULL;
++       char *comment = NULL, *fp;
+        char msg[1024], *certpath = NULL;
+        int fd, perms_ok, ret = -1;
+        Buffer keyblob;
+@@ -243,6 +243,14 @@
+        } else {
+                fprintf(stderr, "Could not add identity: %s\n", filename);
+        }
++       if (blacklisted_key(private, &fp) == 1) {
++               fprintf(stderr, "Public key %s blacklisted (see "
++                   "ssh-vulnkey(1)); refusing to add it\n", fp);
++               free(fp);
++               key_free(private);
++               free(comment);
++               return -1;
++       }
+ 
+        /* Skip trying to load the cert if requested */
+        if (key_only)
+Index: b/ssh-keygen.1
+===================================================================
+--- a/ssh-keygen.1
++++ b/ssh-keygen.1
+@@ -809,6 +809,7 @@
+ .Xr ssh 1 ,
+ .Xr ssh-add 1 ,
+ .Xr ssh-agent 1 ,
++.Xr ssh-vulnkey 1 ,
+ .Xr moduli 5 ,
+ .Xr sshd 8
+ .Rs
+Index: b/ssh-vulnkey.1
+===================================================================
+--- /dev/null
++++ b/ssh-vulnkey.1
+@@ -0,0 +1,242 @@
++.\" Copyright (c) 2008 Canonical Ltd.  All rights reserved.
++.\"
++.\" Redistribution and use in source and binary forms, with or without
++.\" modification, are permitted provided that the following conditions
++.\" are met:
++.\" 1. Redistributions of source code must retain the above copyright
++.\"    notice, this list of conditions and the following disclaimer.
++.\" 2. Redistributions in binary form must reproduce the above copyright
++.\"    notice, this list of conditions and the following disclaimer in the
++.\"    documentation and/or other materials provided with the distribution.
++.\"
++.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
++.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
++.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
++.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
++.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
++.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
++.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
++.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++.\"
++.Dd $Mdocdate: May 12 2008 $
++.Dt SSH-VULNKEY 1
++.Os
++.Sh NAME
++.Nm ssh-vulnkey
++.Nd check blacklist of compromised keys
++.Sh SYNOPSIS
++.Nm
++.Op Fl q | Fl v
++.Ar file ...
++.Nm
++.Fl a
++.Sh DESCRIPTION
++.Nm
++checks a key against a blacklist of compromised keys.
++.Pp
++A substantial number of keys are known to have been generated using a broken
++version of OpenSSL distributed by Debian which failed to seed its random
++number generator correctly.
++Keys generated using these OpenSSL versions should be assumed to be
++compromised.
++This tool may be useful in checking for such keys.
++.Pp
++Keys that are compromised cannot be repaired; replacements must be generated
++using
++.Xr ssh-keygen 1 .
++Make sure to update
++.Pa authorized_keys
++files on all systems where compromised keys were permitted to authenticate.
++.Pp
++The argument list will be interpreted as a list of paths to public key files
++or
++.Pa authorized_keys
++files.
++If no suitable file is found at a given path,
++.Nm
++will append
++.Pa .pub
++and retry, in case it was given a private key file.
++If no files are given as arguments,
++.Nm
++will check
++.Pa ~/.ssh/id_rsa ,
++.Pa ~/.ssh/id_dsa ,
++.Pa ~/.ssh/identity ,
++.Pa ~/.ssh/authorized_keys
++and
++.Pa ~/.ssh/authorized_keys2 ,
++as well as the system's host keys if readable.
++.Pp
++If
++.Dq -
++is given as an argument,
++.Nm
++will read from standard input.
++This can be used to process output from
++.Xr ssh-keyscan 1 ,
++for example:
++.Pp
++.Dl $ ssh-keyscan -t rsa remote.example.org | ssh-vulnkey -
++.Pp
++Unless the
++.Cm PermitBlacklistedKeys
++option is used,
++.Xr sshd 8
++will reject attempts to authenticate with keys in the compromised list.
++.Pp
++The output from
++.Nm
++looks like this:
++.Pp
++.Bd -literal -offset indent
++/etc/ssh/ssh_host_key:1: COMPROMISED: RSA1 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx root@host
++/home/user/.ssh/id_dsa:1: Not blacklisted: DSA 1024 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx /home/user/.ssh/id_dsa.pub
++/home/user/.ssh/authorized_keys:3: Unknown (blacklist file not installed): RSA 1024 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx user@host
++.Ed
++.Pp
++Each line is of the following format (any lines beginning with
++.Dq #
++should be ignored by scripts):
++.Pp
++.Dl Ar filename : Ns Ar line : Ar status : Ar type Ar size Ar fingerprint Ar comment
++.Pp
++It is important to distinguish between the possible values of
++.Ar status :
++.Pp
++.Bl -tag -width Ds
++.It COMPROMISED
++These keys are listed in a blacklist file, normally because their
++corresponding private keys are well-known.
++Replacements must be generated using
++.Xr ssh-keygen 1 .
++.It Not blacklisted
++A blacklist file exists for this key type and size, but this key is not
++listed in it.
++Unless there is some particular reason to believe otherwise, this key
++may be used safely.
++(Note that DSA keys used with the broken version of OpenSSL distributed
++by Debian may be compromised in the event that anyone captured a network
++trace, even if they were generated with a secure version of OpenSSL.)
++.It Unknown (blacklist file not installed)
++No blacklist file exists for this key type and size.
++You should find a suitable published blacklist and install it before
++deciding whether this key is safe to use.
++.El
++.Pp
++The options are as follows:
++.Bl -tag -width Ds
++.It Fl a
++Check keys of all users on the system.
++You will typically need to run
++.Nm
++as root to use this option.
++For each user,
++.Nm
++will check
++.Pa ~/.ssh/id_rsa ,
++.Pa ~/.ssh/id_dsa ,
++.Pa ~/.ssh/identity ,
++.Pa ~/.ssh/authorized_keys
++and
++.Pa ~/.ssh/authorized_keys2 .
++It will also check the system's host keys.
++.It Fl q
++Quiet mode.
++Normally,
++.Nm
++outputs the fingerprint of each key scanned, with a description of its
++status.
++This option suppresses that output.
++.It Fl v
++Verbose mode.
++Normally,
++.Nm
++does not output anything for keys that are not listed in their corresponding
++blacklist file (although it still produces output for keys for which there
++is no blacklist file, since their status is unknown).
++This option causes
++.Nm
++to produce output for all keys.
++.El
++.Sh EXIT STATUS
++.Nm
++will exit zero if any of the given keys were in the compromised list,
++otherwise non-zero.
++.Sh BLACKLIST FILE FORMAT
++The blacklist file may start with comments, on lines starting with
++.Dq # .
++After these initial comments, it must follow a strict format:
++.Pp
++.Bl -bullet -offset indent -compact
++.It
++All the lines must be exactly the same length (20 characters followed by a
++newline) and must be in sorted order.
++.It
++Each line must consist of the lower-case hexadecimal MD5 key fingerprint,
++without colons, and with the first 12 characters removed (that is, the least
++significant 80 bits of the fingerprint).
++.El
++.Pp
++The key fingerprint may be generated using
++.Xr ssh-keygen 1 :
++.Pp
++.Dl $ ssh-keygen -l -f /path/to/key
++.Pp
++This strict format is necessary to allow the blacklist file to be checked
++quickly, using a binary-search algorithm.
++.Sh FILES
++.Bl -tag -width Ds
++.It Pa ~/.ssh/id_rsa
++If present, contains the protocol version 2 RSA authentication identity of
++the user.
++.It Pa ~/.ssh/id_dsa
++If present, contains the protocol version 2 DSA authentication identity of
++the user.
++.It Pa ~/.ssh/identity
++If present, contains the protocol version 1 RSA authentication identity of
++the user.
++.It Pa ~/.ssh/authorized_keys
++If present, lists the public keys (RSA/DSA) that can be used for logging in
++as this user.
++.It Pa ~/.ssh/authorized_keys2
++Obsolete name for
++.Pa ~/.ssh/authorized_keys .
++This file may still be present on some old systems, but should not be
++created if it is missing.
++.It Pa /etc/ssh/ssh_host_rsa_key
++If present, contains the protocol version 2 RSA identity of the system.
++.It Pa /etc/ssh/ssh_host_dsa_key
++If present, contains the protocol version 2 DSA identity of the system.
++.It Pa /etc/ssh/ssh_host_key
++If present, contains the protocol version 1 RSA identity of the system.
++.It Pa /usr/share/ssh/blacklist. Ns Ar TYPE Ns Pa - Ns Ar LENGTH
++If present, lists the blacklisted keys of type
++.Ar TYPE
++.Pf ( Dq RSA
++or
++.Dq DSA )
++and bit length
++.Ar LENGTH .
++The format of this file is described above.
++RSA1 keys are converted to RSA before being checked in the blacklist.
++Note that the fingerprints of RSA1 keys are computed differently, so you
++will not be able to find them in the blacklist by hand.
++.It Pa /etc/ssh/blacklist. Ns Ar TYPE Ns Pa - Ns Ar LENGTH
++Same as
++.Pa /usr/share/ssh/blacklist. Ns Ar TYPE Ns Pa - Ns Ar LENGTH ,
++but may be edited by the system administrator to add new blacklist entries.
++.El
++.Sh SEE ALSO
++.Xr ssh-keygen 1 ,
++.Xr sshd 8
++.Sh AUTHORS
++.An -nosplit
++.An Colin Watson Aq cjwatson@ubuntu.com
++.Pp
++Florian Weimer suggested the option to check keys of all users, and the idea
++of processing
++.Xr ssh-keyscan 1
++output.
+Index: b/ssh-vulnkey.c
+===================================================================
+--- /dev/null
++++ b/ssh-vulnkey.c
+@@ -0,0 +1,386 @@
++/*
++ * Copyright (c) 2008 Canonical Ltd.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in the
++ *    documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
++ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ */
++
++#include "includes.h"
++
++#include <sys/types.h>
++#include <sys/stat.h>
++
++#include <errno.h>
++#include <string.h>
++#include <stdio.h>
++#include <fcntl.h>
++#include <unistd.h>
++
++#include <openssl/evp.h>
++
++#include "xmalloc.h"
++#include "ssh.h"
++#include "log.h"
++#include "key.h"
++#include "authfile.h"
++#include "pathnames.h"
++#include "uidswap.h"
++#include "misc.h"
++
++extern char *__progname;
++
++/* Default files to check */
++static char *default_host_files[] = {
++       _PATH_HOST_RSA_KEY_FILE,
++       _PATH_HOST_DSA_KEY_FILE,
++       _PATH_HOST_KEY_FILE,
++       NULL
++};
++static char *default_files[] = {
++       _PATH_SSH_CLIENT_ID_RSA,
++       _PATH_SSH_CLIENT_ID_DSA,
++       _PATH_SSH_CLIENT_IDENTITY,
++       _PATH_SSH_USER_PERMITTED_KEYS,
++       _PATH_SSH_USER_PERMITTED_KEYS2,
++       NULL
++};
++
++static int verbosity = 0;
++
++static int some_keys = 0;
++static int some_unknown = 0;
++static int some_compromised = 0;
++
++static void
++usage(void)
++{
++       fprintf(stderr, "usage: %s [-aqv] [file ...]\n", __progname);
++       fprintf(stderr, "Options:\n");
++       fprintf(stderr, "  -a          Check keys of all users.\n");
++       fprintf(stderr, "  -q          Quiet mode.\n");
++       fprintf(stderr, "  -v          Verbose mode.\n");
++       exit(1);
++}
++
++static void
++describe_key(const char *filename, u_long linenum, const char *msg,
++    Key *key, const char *comment, int min_verbosity)
++{
++       char *fp;
++
++       fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
++       if (verbosity >= min_verbosity) {
++               if (strchr(filename, ':'))
++                       printf("\"%s\"", filename);
++               else
++                       printf("%s", filename);
++               printf(":%lu: %s: %s %u %s %s\n", linenum, msg,
++                   key_type(key), key_size(key), fp, comment);
++       }
++       free(fp);
++}
++
++static int
++do_key(const char *filename, u_long linenum,
++    Key *key, const char *comment)
++{
++       Key *public;
++       int blacklist_status;
++       int ret = 1;
++
++       some_keys = 1;
++
++       public = key_demote(key);
++       if (public->type == KEY_RSA1)
++               public->type = KEY_RSA;
++
++       blacklist_status = blacklisted_key(public, NULL);
++       if (blacklist_status == -1) {
++               describe_key(filename, linenum,
++                   "Unknown (blacklist file not installed)", key, comment, 0);
++               some_unknown = 1;
++       } else if (blacklist_status == 1) {
++               describe_key(filename, linenum,
++                   "COMPROMISED", key, comment, 0);
++               some_compromised = 1;
++               ret = 0;
++       } else
++               describe_key(filename, linenum,
++                   "Not blacklisted", key, comment, 1);
++
++       key_free(public);
++
++       return ret;
++}
++
++static int
++do_filename(const char *filename, int quiet_open)
++{
++       FILE *f;
++       char line[SSH_MAX_PUBKEY_BYTES];
++       char *cp;
++       u_long linenum = 0;
++       Key *key;
++       char *comment = NULL;
++       int found = 0, ret = 1;
++
++       /* Copy much of key_load_public's logic here so that we can read
++        * several keys from a single file (e.g. authorized_keys).
++        */
++
++       if (strcmp(filename, "-") != 0) {
++               int save_errno;
++               f = fopen(filename, "r");
++               save_errno = errno;
++               if (!f) {
++                       char pubfile[MAXPATHLEN];
++                       if (strlcpy(pubfile, filename, sizeof pubfile) <
++                           sizeof(pubfile) &&
++                           strlcat(pubfile, ".pub", sizeof pubfile) <
++                           sizeof(pubfile))
++                               f = fopen(pubfile, "r");
++               }
++               errno = save_errno; /* earlier errno is more useful */
++               if (!f) {
++                       if (!quiet_open)
++                               perror(filename);
++                       return -1;
++               }
++               if (verbosity > 0)
++                       printf("# %s\n", filename);
++       } else
++               f = stdin;
++       while (read_keyfile_line(f, filename, line, sizeof(line),
++                   &linenum) != -1) {
++               int i;
++               char *space;
++               int type;
++               char *end;
++
++               /* Chop trailing newline. */
++               i = strlen(line) - 1;
++               if (line[i] == '\n')
++                       line[i] = '\0';
++
++               /* Skip leading whitespace, empty and comment lines. */
++               for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
++                       ;
++               if (!*cp || *cp == '\n' || *cp == '#')
++                       continue;
++
++               /* Cope with ssh-keyscan output and options in
++                * authorized_keys files.
++                */
++               space = strchr(cp, ' ');
++               if (!space)
++                       continue;
++               *space = '\0';
++               type = key_type_from_name(cp);
++               *space = ' ';
++               /* Leading number (RSA1) or valid type (RSA/DSA) indicates
++                * that we have no host name or options to skip.
++                */
++               if ((strtol(cp, &end, 10) == 0 || *end != ' ') &&
++                   type == KEY_UNSPEC) {
++                       int quoted = 0;
++
++                       for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
++                               if (*cp == '\\' && cp[1] == '"')
++                                       cp++;   /* Skip both */
++                               else if (*cp == '"')
++                                       quoted = !quoted;
++                       }
++                       /* Skip remaining whitespace. */
++                       for (; *cp == ' ' || *cp == '\t'; cp++)
++                               ;
++                       if (!*cp)
++                               continue;
++               }
++
++               /* Read and process the key itself. */
++               key = key_new(KEY_RSA1);
++               if (key_read(key, &cp) == 1) {
++                       while (*cp == ' ' || *cp == '\t')
++                               cp++;
++                       if (!do_key(filename, linenum,
++                           key, *cp ? cp : filename))
++                               ret = 0;
++                       found = 1;
++               } else {
++                       key_free(key);
++                       key = key_new(KEY_UNSPEC);
++                       if (key_read(key, &cp) == 1) {
++                               while (*cp == ' ' || *cp == '\t')
++                                       cp++;
++                               if (!do_key(filename, linenum,
++                                   key, *cp ? cp : filename))
++                                       ret = 0;
++                               found = 1;
++                       }
++               }
++               key_free(key);
++       }
++       if (f != stdin)
++               fclose(f);
++
++       if (!found && filename) {
++               key = key_load_public(filename, &comment);
++               if (key) {
++                       if (!do_key(filename, 1, key, comment))
++                               ret = 0;
++                       found = 1;
++               }
++               free(comment);
++       }
++
++       return ret;
++}
++
++static int
++do_host(int quiet_open)
++{
++       int i;
++       struct stat st;
++       int ret = 1;
++
++       for (i = 0; default_host_files[i]; i++) {
++               if (stat(default_host_files[i], &st) < 0 && errno == ENOENT)
++                       continue;
++               if (!do_filename(default_host_files[i], quiet_open))
++                       ret = 0;
++       }
++
++       return ret;
++}
++
++static int
++do_user(const char *dir)
++{
++       int i;
++       char *file;
++       struct stat st;
++       int ret = 1;
++
++       for (i = 0; default_files[i]; i++) {
++               xasprintf(&file, "%s/%s", dir, default_files[i]);
++               if (stat(file, &st) < 0 && errno == ENOENT) {
++                       free(file);
++                       continue;
++               }
++               if (!do_filename(file, 0))
++                       ret = 0;
++               free(file);
++       }
++
++       return ret;
++}
++
++int
++main(int argc, char **argv)
++{
++       int opt, all_users = 0;
++       int ret = 1;
++       extern int optind;
++
++       /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
++       sanitise_stdfd();
++
++       __progname = ssh_get_progname(argv[0]);
++
++       SSLeay_add_all_algorithms();
++       log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
++
++       /* We don't need the RNG ourselves, but symbol references here allow
++        * ld to link us properly.
++        */
++       seed_rng();
++
++       while ((opt = getopt(argc, argv, "ahqv")) != -1) {
++               switch (opt) {
++               case 'a':
++                       all_users = 1;
++                       break;
++               case 'q':
++                       verbosity--;
++                       break;
++               case 'v':
++                       verbosity++;
++                       break;
++               case 'h':
++               default:
++                       usage();
++               }
++       }
++
++       if (all_users) {
++               struct passwd *pw;
++
++               if (!do_host(0))
++                       ret = 0;
++
++               while ((pw = getpwent()) != NULL) {
++                       if (pw->pw_dir) {
++                               temporarily_use_uid(pw);
++                               if (!do_user(pw->pw_dir))
++                                       ret = 0;
++                               restore_uid();
++                       }
++               }
++       } else if (optind == argc) {
++               struct passwd *pw;
++
++               if (!do_host(1))
++                       ret = 0;
++
++               if ((pw = getpwuid(geteuid())) == NULL)
++                       fprintf(stderr, "No user found with uid %u\n",
++                           (u_int)geteuid());
++               else {
++                       if (!do_user(pw->pw_dir))
++                               ret = 0;
++               }
++       } else {
++               while (optind < argc)
++                       if (!do_filename(argv[optind++], 0))
++                               ret = 0;
++       }
++
++       if (verbosity >= 0) {
++               if (some_unknown) {
++                       printf("#\n");
++                       printf("# The status of some keys on your system is unknown.\n");
++                       printf("# You may need to install additional blacklist files.\n");
++               }
++               if (some_compromised) {
++                       printf("#\n");
++                       printf("# Some keys on your system have been compromised!\n");
++                       printf("# You must replace them using ssh-keygen(1).\n");
++               }
++               if (some_unknown || some_compromised) {
++                       printf("#\n");
++                       printf("# See the ssh-vulnkey(1) manual page for further advice.\n");
++               } else if (some_keys && verbosity > 0) {
++                       printf("#\n");
++                       printf("# No blacklisted keys!\n");
++               }
++       }
++
++       return ret;
++}
+Index: b/ssh.1
+===================================================================
+--- a/ssh.1
++++ b/ssh.1
+@@ -1447,6 +1447,7 @@
+ .Xr ssh-agent 1 ,
+ .Xr ssh-keygen 1 ,
+ .Xr ssh-keyscan 1 ,
++.Xr ssh-vulnkey 1 ,
+ .Xr tun 4 ,
+ .Xr hosts.equiv 5 ,
+ .Xr ssh_config 5 ,
+Index: b/ssh.c
+===================================================================
+--- a/ssh.c
++++ b/ssh.c
+@@ -1525,7 +1525,7 @@
+ static void
+ load_public_identity_files(void)
+ {
+-       char *filename, *cp, thishost[NI_MAXHOST];
++       char *filename, *cp, thishost[NI_MAXHOST], *fp;
+        char *pwdir = NULL, *pwname = NULL;
+        int i = 0;
+        Key *public;
+@@ -1583,6 +1583,22 @@
+                public = key_load_public(filename, NULL);
+                debug("identity file %s type %d", filename,
+                    public ? public->type : -1);
++               if (public && blacklisted_key(public, &fp) == 1) {
++                       if (options.use_blacklisted_keys)
++                               logit("Public key %s blacklisted (see "
++                                   "ssh-vulnkey(1)); continuing anyway", fp);
++                       else
++                               logit("Public key %s blacklisted (see "
++                                   "ssh-vulnkey(1)); refusing to send it",
++                                   fp);
++                       free(fp);
++                       if (!options.use_blacklisted_keys) {
++                               key_free(public);
++                               free(filename);
++                               filename = NULL;
++                               public = NULL;
++                       }
++               }
+                free(options.identity_files[i]);
+                identity_files[n_ids] = filename;
+                identity_keys[n_ids] = public;
+Index: b/ssh_config.5
+===================================================================
+--- a/ssh_config.5
++++ b/ssh_config.5
+@@ -1229,6 +1229,23 @@
+ .Dq any .
+ The default is
+ .Dq any:any .
++.It Cm UseBlacklistedKeys
++Specifies whether
++.Xr ssh 1
++should use keys recorded in its blacklist of known-compromised keys (see
++.Xr ssh-vulnkey 1 )
++for authentication.
++If
++.Dq yes ,
++then attempts to use compromised keys for authentication will be logged but
++accepted.
++It is strongly recommended that this be used only to install new authorized
++keys on the remote system, and even then only with the utmost care.
++If
++.Dq no ,
++then attempts to use compromised keys for authentication will be prevented.
++The default is
++.Dq no .
+ .It Cm UsePrivilegedPort
+ Specifies whether to use a privileged port for outgoing connections.
+ The argument must be
+Index: b/sshconnect2.c
+===================================================================
+--- a/sshconnect2.c
++++ b/sshconnect2.c
+@@ -1491,6 +1491,8 @@
+ 
+        /* list of keys stored in the filesystem and PKCS#11 */
+        for (i = 0; i < options.num_identity_files; i++) {
++               if (options.identity_files[i] == NULL)
++                       continue;
+                key = options.identity_keys[i];
+                if (key && key->type == KEY_RSA1)
+                        continue;
+@@ -1608,7 +1610,7 @@
+                        debug("Offering %s public key: %s", key_type(id->key),
+                            id->filename);
+                        sent = send_pubkey_test(authctxt, id);
+-               } else if (id->key == NULL) {
++               } else if (id->key == NULL && id->filename) {
+                        debug("Trying private key: %s", id->filename);
+                        id->key = load_identity_file(id->filename,
+                            id->userprovided);
+Index: b/sshd.8
+===================================================================
+--- a/sshd.8
++++ b/sshd.8
+@@ -954,6 +954,7 @@
+ .Xr ssh-agent 1 ,
+ .Xr ssh-keygen 1 ,
+ .Xr ssh-keyscan 1 ,
++.Xr ssh-vulnkey 1 ,
+ .Xr chroot 2 ,
+ .Xr hosts_access 5 ,
+ .Xr login.conf 5 ,
+Index: b/sshd.c
+===================================================================
+--- a/sshd.c
++++ b/sshd.c
+@@ -1688,6 +1688,11 @@
+                        sensitive_data.host_pubkeys[i] = NULL;
+                        continue;
+                }
++               if (auth_key_is_revoked(key != NULL ? key : pubkey, 1)) {
++                       sensitive_data.host_keys[i] = NULL;
++                       sensitive_data.host_pubkeys[i] = NULL;
++                       continue;
++               }
+ 
+                switch (keytype) {
+                case KEY_RSA1:
+Index: b/sshd_config.5
+===================================================================
+--- a/sshd_config.5
++++ b/sshd_config.5
+@@ -885,6 +885,20 @@
+ Specifies whether password authentication is allowed.
+ The default is
+ .Dq yes .
++.It Cm PermitBlacklistedKeys
++Specifies whether
++.Xr sshd 8
++should allow keys recorded in its blacklist of known-compromised keys (see
++.Xr ssh-vulnkey 1 ) .
++If
++.Dq yes ,
++then attempts to authenticate with compromised keys will be logged but
++accepted.
++If
++.Dq no ,
++then attempts to authenticate with compromised keys will be rejected.
++The default is
++.Dq no .
+ .It Cm PermitEmptyPasswords
+ When password authentication is allowed, it specifies whether the
+ server allows login to accounts with empty password strings.
diff --git a/debian/patches/ssh1-keepalive.patch b/debian/patches/ssh1-keepalive.patch
new file mode 100644
index 000000000..de61e1dd9
--- /dev/null
+++ b/debian/patches/ssh1-keepalive.patch
@@ -0,0 +1,65 @@
+Description: Partial server keep-alive implementation for SSH1
+Author: Colin Watson <cjwatson@debian.org>
+Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1712
+Last-Update: 2013-09-14
+
+Index: b/clientloop.c
+===================================================================
+--- a/clientloop.c
++++ b/clientloop.c
+@@ -563,16 +563,21 @@
+ static void
+ server_alive_check(void)
+ {
+-       if (packet_inc_alive_timeouts() > options.server_alive_count_max) {
+-               logit("Timeout, server %s not responding.", host);
+-               cleanup_exit(255);
++       if (compat20) {
++               if (packet_inc_alive_timeouts() > options.server_alive_count_max) {
++                       logit("Timeout, server %s not responding.", host);
++                       cleanup_exit(255);
++               }
++               packet_start(SSH2_MSG_GLOBAL_REQUEST);
++               packet_put_cstring("keepalive@openssh.com");
++               packet_put_char(1);     /* boolean: want reply */
++               packet_send();
++               /* Insert an empty placeholder to maintain ordering */
++               client_register_global_confirm(NULL, NULL);
++       } else {
++               packet_send_ignore(0);
++               packet_send();
+        }
+-       packet_start(SSH2_MSG_GLOBAL_REQUEST);
+-       packet_put_cstring("keepalive@openssh.com");
+-       packet_put_char(1);     /* boolean: want reply */
+-       packet_send();
+-       /* Insert an empty placeholder to maintain ordering */
+-       client_register_global_confirm(NULL, NULL);
+ }
+ 
+ /*
+@@ -634,7 +639,7 @@
+         */
+ 
+        timeout_secs = INT_MAX; /* we use INT_MAX to mean no timeout */
+-       if (options.server_alive_interval > 0 && compat20) {
++       if (options.server_alive_interval > 0) {
+                timeout_secs = options.server_alive_interval;
+                server_alive_time = now + options.server_alive_interval;
+        }
+Index: b/ssh_config.5
+===================================================================
+--- a/ssh_config.5
++++ b/ssh_config.5
+@@ -1130,7 +1130,10 @@
+ .Cm ServerAliveCountMax
+ is left at the default, if the server becomes unresponsive,
+ ssh will disconnect after approximately 45 seconds.
+-This option applies to protocol version 2 only.
++This option applies to protocol version 2 only; in protocol version
++1 there is no mechanism to request a response from the server to the
++server alive messages, so disconnection is the responsibility of the TCP
++stack.
+ .It Cm ServerAliveInterval
+ Sets a timeout interval in seconds after which if no data has been received
+ from the server,
diff --git a/debian/patches/syslog-level-silent.patch b/debian/patches/syslog-level-silent.patch
new file mode 100644
index 000000000..f8be76c89
--- /dev/null
+++ b/debian/patches/syslog-level-silent.patch
@@ -0,0 +1,37 @@
+Description: "LogLevel SILENT" compatibility
+ "LogLevel SILENT" (-qq) was introduced in Debian openssh 1:3.0.1p1-1 to
+ match the behaviour of non-free SSH, in which -q does not suppress fatal
+ errors.  However, this was unintentionally broken in 1:4.6p1-2 and nobody
+ complained, so we've dropped most of it.  The parts that remain are basic
+ configuration file compatibility, and an adjustment to "Pseudo-terminal
+ will not be allocated ..." which should be split out into a separate patch.
+Author: Jonathan David Amery <jdamery@ysolde.ucam.org>
+Author: Matthew Vernon <matthew@debian.org>
+Author: Colin Watson <cjwatson@debian.org>
+Last-Update: 2013-09-14
+
+Index: b/log.c
+===================================================================
+--- a/log.c
++++ b/log.c
+@@ -94,6 +94,7 @@
+        LogLevel val;
+ } log_levels[] =
+ {
++       { "SILENT",     SYSLOG_LEVEL_QUIET }, /* compatibility */
+        { "QUIET",      SYSLOG_LEVEL_QUIET },
+        { "FATAL",      SYSLOG_LEVEL_FATAL },
+        { "ERROR",      SYSLOG_LEVEL_ERROR },
+Index: b/ssh.c
+===================================================================
+--- a/ssh.c
++++ b/ssh.c
+@@ -740,7 +740,7 @@
+        /* Do not allocate a tty if stdin is not a tty. */
+        if ((!isatty(fileno(stdin)) || stdin_null_flag) &&
+            options.request_tty != REQUEST_TTY_FORCE) {
+-               if (tty_flag)
++               if (tty_flag && options.log_level != SYSLOG_LEVEL_QUIET)
+                        logit("Pseudo-terminal will not be allocated because "
+                            "stdin is not a terminal.");
+                tty_flag = 0;
diff --git a/debian/patches/user-group-modes.patch b/debian/patches/user-group-modes.patch
new file mode 100644
index 000000000..ac00edac6
--- /dev/null
+++ b/debian/patches/user-group-modes.patch
@@ -0,0 +1,250 @@
+Description: Allow harmless group-writability
+ Allow secure files (~/.ssh/config, ~/.ssh/authorized_keys, etc.) to be
+ group-writable, provided that the group in question contains only the
+ file's owner.  Rejected upstream for IMO incorrect reasons (e.g. a
+ misunderstanding about the contents of gr->gr_mem).  Given that
+ per-user groups and umask 002 are the default setup in Debian (for good
+ reasons - this makes operating in setgid directories with other groups
+ much easier), we need to permit this by default.
+Author: Colin Watson <cjwatson@debian.org>
+Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347
+Last-Update: 2013-09-14
+
+Index: b/readconf.c
+===================================================================
+--- a/readconf.c
++++ b/readconf.c
+@@ -30,6 +30,8 @@
+ #include <stdio.h>
+ #include <string.h>
+ #include <unistd.h>
++#include <pwd.h>
++#include <grp.h>
+ #ifdef HAVE_UTIL_H
+ #include <util.h>
+ #endif
+@@ -1160,8 +1162,7 @@
+ 
+                if (fstat(fileno(f), &sb) == -1)
+                        fatal("fstat %s: %s", filename, strerror(errno));
+-               if (((sb.st_uid != 0 && sb.st_uid != getuid()) ||
+-                   (sb.st_mode & 022) != 0))
++               if (!secure_permissions(&sb, getuid()))
+                        fatal("Bad owner or permissions on %s", filename);
+        }
+ 
+Index: b/ssh.1
+===================================================================
+--- a/ssh.1
++++ b/ssh.1
+@@ -1338,6 +1338,8 @@
+ .Xr ssh_config 5 .
+ Because of the potential for abuse, this file must have strict permissions:
+ read/write for the user, and not writable by others.
++It may be group-writable provided that the group in question contains only
++the user.
+ .Pp
+ .It Pa ~/.ssh/environment
+ Contains additional definitions for environment variables; see
+Index: b/ssh_config.5
+===================================================================
+--- a/ssh_config.5
++++ b/ssh_config.5
+@@ -1382,6 +1382,8 @@
+ This file is used by the SSH client.
+ Because of the potential for abuse, this file must have strict permissions:
+ read/write for the user, and not accessible by others.
++It may be group-writable provided that the group in question contains only
++the user.
+ .It Pa /etc/ssh/ssh_config
+ Systemwide configuration file.
+ This file provides defaults for those
+Index: b/auth.c
+===================================================================
+--- a/auth.c
++++ b/auth.c
+@@ -408,8 +408,7 @@
+                user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);
+                if (options.strict_modes &&
+                    (stat(user_hostfile, &st) == 0) &&
+-                   ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
+-                   (st.st_mode & 022) != 0)) {
++                   !secure_permissions(&st, pw->pw_uid)) {
+                        logit("Authentication refused for %.100s: "
+                            "bad owner or modes for %.200s",
+                            pw->pw_name, user_hostfile);
+@@ -471,8 +470,7 @@
+                snprintf(err, errlen, "%s is not a regular file", buf);
+                return -1;
+        }
+-       if ((!platform_sys_dir_uid(stp->st_uid) && stp->st_uid != uid) ||
+-           (stp->st_mode & 022) != 0) {
++       if (!secure_permissions(stp, uid)) {
+                snprintf(err, errlen, "bad ownership or modes for file %s",
+                    buf);
+                return -1;
+@@ -487,8 +485,7 @@
+                strlcpy(buf, cp, sizeof(buf));
+ 
+                if (stat(buf, &st) < 0 ||
+-                   (!platform_sys_dir_uid(st.st_uid) && st.st_uid != uid) ||
+-                   (st.st_mode & 022) != 0) {
++                   !secure_permissions(&st, uid)) {
+                        snprintf(err, errlen,
+                            "bad ownership or modes for directory %s", buf);
+                        return -1;
+Index: b/misc.c
+===================================================================
+--- a/misc.c
++++ b/misc.c
+@@ -48,8 +48,9 @@
+ #include <netdb.h>
+ #ifdef HAVE_PATHS_H
+ # include <paths.h>
+-#include <pwd.h>
+ #endif
++#include <pwd.h>
++#include <grp.h>
+ #ifdef SSH_TUN_OPENBSD
+ #include <net/if.h>
+ #endif
+@@ -58,6 +59,7 @@
+ #include "misc.h"
+ #include "log.h"
+ #include "ssh.h"
++#include "platform.h"
+ 
+ /* remove newline at end of string */
+ char *
+@@ -642,6 +644,71 @@
+        return -1;
+ }
+ 
++/*
++ * return 1 if the specified uid is a uid that may own a system directory
++ * otherwise 0.
++ */
++int
++platform_sys_dir_uid(uid_t uid)
++{
++       if (uid == 0)
++               return 1;
++#ifdef PLATFORM_SYS_DIR_UID
++       if (uid == PLATFORM_SYS_DIR_UID)
++               return 1;
++#endif
++       return 0;
++}
++
++int
++secure_permissions(struct stat *st, uid_t uid)
++{
++       if (!platform_sys_dir_uid(st->st_uid) && st->st_uid != uid)
++               return 0;
++       if ((st->st_mode & 002) != 0)
++               return 0;
++       if ((st->st_mode & 020) != 0) {
++               /* If the file is group-writable, the group in question must
++                * have exactly one member, namely the file's owner.
++                * (Zero-member groups are typically used by setgid
++                * binaries, and are unlikely to be suitable.)
++                */
++               struct passwd *pw;
++               struct group *gr;
++               int members = 0;
++
++               gr = getgrgid(st->st_gid);
++               if (!gr)
++                       return 0;
++
++               /* Check primary group memberships. */
++               while ((pw = getpwent()) != NULL) {
++                       if (pw->pw_gid == gr->gr_gid) {
++                               ++members;
++                               if (pw->pw_uid != uid)
++                                       return 0;
++                       }
++               }
++               endpwent();
++
++               pw = getpwuid(st->st_uid);
++               if (!pw)
++                       return 0;
++
++               /* Check supplementary group memberships. */
++               if (gr->gr_mem[0]) {
++                       ++members;
++                       if (strcmp(pw->pw_name, gr->gr_mem[0]) ||
++                           gr->gr_mem[1])
++                               return 0;
++               }
++
++               if (!members)
++                       return 0;
++       }
++       return 1;
++}
++
+ int
+ tun_open(int tun, int mode)
+ {
+Index: b/misc.h
+===================================================================
+--- a/misc.h
++++ b/misc.h
+@@ -104,4 +104,6 @@
+ int     ask_permission(const char *, ...) __attribute__((format(printf, 1, 2)));
+ int     read_keyfile_line(FILE *, const char *, char *, size_t, u_long *);
+ 
++int     secure_permissions(struct stat *st, uid_t uid);
++
+ #endif /* _MISC_H */
+Index: b/auth-rhosts.c
+===================================================================
+--- a/auth-rhosts.c
++++ b/auth-rhosts.c
+@@ -256,8 +256,7 @@
+                return 0;
+        }
+        if (options.strict_modes &&
+-           ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
+-           (st.st_mode & 022) != 0)) {
++           !secure_permissions(&st, pw->pw_uid)) {
+                logit("Rhosts authentication refused for %.100s: "
+                    "bad ownership or modes for home directory.", pw->pw_name);
+                auth_debug_add("Rhosts authentication refused for %.100s: "
+@@ -283,8 +282,7 @@
+                 * allowing access to their account by anyone.
+                 */
+                if (options.strict_modes &&
+-                   ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
+-                   (st.st_mode & 022) != 0)) {
++                   !secure_permissions(&st, pw->pw_uid)) {
+                        logit("Rhosts authentication refused for %.100s: bad modes for %.200s",
+                            pw->pw_name, buf);
+                        auth_debug_add("Bad file modes for %.200s", buf);
+Index: b/platform.c
+===================================================================
+--- a/platform.c
++++ b/platform.c
+@@ -194,19 +194,3 @@
+        return NULL;
+ #endif
+ }
+-
+-/*
+- * return 1 if the specified uid is a uid that may own a system directory
+- * otherwise 0.
+- */
+-int
+-platform_sys_dir_uid(uid_t uid)
+-{
+-       if (uid == 0)
+-               return 1;
+-#ifdef PLATFORM_SYS_DIR_UID
+-       if (uid == PLATFORM_SYS_DIR_UID)
+-               return 1;
+-#endif
+-       return 0;
+-}
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 000000000..d53bafa4c
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,228 @@
+#!/usr/bin/make -f
+
+# Uncomment this to turn on verbose mode.
+# export DH_VERBOSE=1
+
+# This has to be exported to make some magic below work.
+export DH_OPTIONS
+
+ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
+  RUN_TESTS := yes
+else
+  RUN_TESTS :=
+endif
+
+ifeq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
+  PARALLEL :=
+else
+  PARALLEL := \
+        -j$(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
+endif
+
+DEB_HOST_GNU_TYPE  ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
+DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
+
+ifeq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
+  CC := gcc
+  PKG_CONFIG = pkg-config
+else
+  CC := $(DEB_HOST_GNU_TYPE)-gcc
+  PKG_CONFIG = $(DEB_HOST_GNU_TYPE)-pkg-config
+  RUN_TESTS :=
+endif
+
+DEB_HOST_ARCH_OS := $(shell dpkg-architecture -qDEB_HOST_ARCH_OS 2>/dev/null)
+
+# Take account of old dpkg-architecture output.
+ifeq ($(DEB_HOST_ARCH_OS),)
+  DEB_HOST_ARCH_OS := $(subst -gnu,,$(shell dpkg-architecture -qDEB_HOST_GNU_SYSTEM))
+  ifeq ($(DEB_HOST_ARCH_OS),gnu)
+    DEB_HOST_ARCH_OS := hurd
+  endif
+endif
+
+# Change the version string to reflect distribution
+DISTRIBUTION := $(shell dpkg-vendor --query vendor)
+SSH_EXTRAVERSION := $(DISTRIBUTION)-$(shell dpkg-parsechangelog | sed -n -e '/^Version:/s/Version: //p' | sed -e 's/[^-]*-//')
+
+DISTRIBUTOR := $(shell if dpkg-vendor --derives-from Ubuntu 2>/dev/null; then echo Ubuntu; else echo Debian; fi)
+ifeq ($(DISTRIBUTOR),Ubuntu)
+DEFAULT_PATH := /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11:/usr/games
+else
+DEFAULT_PATH := /usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games
+endif
+SUPERUSER_PATH := /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11
+
+ifeq ($(DISTRIBUTOR),Ubuntu)
+server_recommends := ssh-import-id
+else
+server_recommends :=
+endif
+
+# Common path configuration.
+confflags += --sysconfdir=/etc/ssh
+
+# Common build options.
+confflags += --disable-strip
+confflags += --with-mantype=doc
+confflags += --with-4in6
+confflags += --with-privsep-path=/var/run/sshd
+
+# The Hurd needs libcrypt for res_query et al.
+ifeq ($(DEB_HOST_ARCH_OS),hurd)
+confflags += --with-libs=-lcrypt
+endif
+
+# Everything above here is common to the deb and udeb builds.
+confflags_udeb := $(confflags)
+
+# Options specific to the deb build.
+confflags += --with-tcp-wrappers
+confflags += --with-pam
+confflags += --with-libedit
+confflags += --with-kerberos5=/usr
+confflags += --with-ssl-engine
+ifeq ($(DEB_HOST_ARCH_OS),linux)
+confflags += --with-selinux
+endif
+ifeq ($(DISTRIBUTOR),Ubuntu)
+confflags += --with-consolekit
+endif
+
+# The deb build wants xauth; the udeb build doesn't.
+confflags += --with-xauth=/usr/bin/xauth
+confflags_udeb += --without-xauth
+
+# Default paths. The udeb build has /usr/bin/X11 and /usr/games removed.
+confflags += --with-default-path=$(DEFAULT_PATH) --with-superuser-path=$(SUPERUSER_PATH)
+confflags_udeb += --with-default-path=/usr/local/bin:/usr/bin:/bin --with-superuser-path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+# Compiler flags.
+export DEB_BUILD_MAINT_OPTIONS := hardening=+all
+default_cflags := $(shell dpkg-buildflags --get CPPFLAGS) $(shell dpkg-buildflags --get CFLAGS)
+cflags := $(default_cflags)
+cflags += -DLOGIN_PROGRAM=\"/bin/login\" -DLOGIN_NO_ENDOPT
+cflags += -DSSH_EXTRAVERSION=\"$(SSH_EXTRAVERSION)\"
+cflags_udeb := -Os
+cflags_udeb += -DSSH_EXTRAVERSION=\"$(SSH_EXTRAVERSION)\"
+confflags += --with-cflags='$(cflags)'
+confflags_udeb += --with-cflags='$(cflags_udeb)'
+
+# Linker flags.
+default_ldflags := $(shell dpkg-buildflags --get LDFLAGS)
+confflags += --with-ldflags='$(strip -Wl,--as-needed $(default_ldflags))'
+confflags_udeb += --with-ldflags='-Wl,--as-needed'
+
+%:
+        dh $@ --with=autoreconf
+
+autoreconf:
+        autoreconf -f -i
+        cp -f /usr/share/misc/config.guess /usr/share/misc/config.sub ./
+
+override_dh_autoreconf:
+        dh_autoreconf debian/rules -- autoreconf
+
+override_dh_auto_configure:
+        dh_auto_configure -Bbuild-deb -- $(confflags)
+        dh_auto_configure -Bbuild-udeb -- $(confflags_udeb)
+
+override_dh_auto_build:
+        # Debian's /var/log/btmp has inappropriate permissions.
+        perl -pi -e 's,.*#define USE_BTMP .*,/* #undef USE_BTMP */,' build-deb/config.h
+        perl -pi -e 's,.*#define USE_BTMP .*,/* #undef USE_BTMP */,' build-udeb/config.h
+
+        # Avoid libnsl linkage. Ugh.
+        perl -pi -e 's/ +-lnsl//' build-udeb/config.status
+        cd build-udeb && ./config.status
+
+        $(MAKE) -C build-deb $(PARALLEL) ASKPASS_PROGRAM='/usr/bin/ssh-askpass'
+        $(MAKE) -C build-udeb $(PARALLEL) ASKPASS_PROGRAM='/usr/bin/ssh-askpass' ssh scp sftp sshd ssh-keygen
+
+        $(MAKE) -C contrib gnome-ssh-askpass2 CC='$(CC) $(default_cflags) -Wall -Wl,--as-needed $(default_ldflags)' PKG_CONFIG=$(PKG_CONFIG)
+
+override_dh_auto_test:
+ifeq ($(RUN_TESTS),yes)
+        $(MAKE) -C debian/tests
+endif
+
+override_dh_auto_clean:
+        rm -rf build-deb build-udeb
+ifeq ($(RUN_TESTS),yes)
+        $(MAKE) -C debian/tests clean
+endif
+        $(MAKE) -C contrib clean
+        (cat debian/copyright.head; iconv -f ISO-8859-1 -t UTF-8 LICENCE) \
+                > debian/copyright
+
+override_dh_auto_install:
+        $(MAKE) -C build-deb DESTDIR=`pwd`/debian/tmp install-nokeys
+
+override_dh_install:
+        rm -f debian/tmp/etc/ssh/sshd_config
+
+        dh_install -Nopenssh-client-udeb -Nopenssh-server-udeb --fail-missing
+        dh_install -popenssh-client-udeb -popenssh-server-udeb \
+                --sourcedir=build-udeb
+
+        install -o root -g root -m 755 contrib/gnome-ssh-askpass2 debian/ssh-askpass-gnome/usr/lib/openssh/gnome-ssh-askpass
+
+        install -o root -g root debian/openssh-server.if-up debian/openssh-server/etc/network/if-up.d/openssh-server
+        install -o root -g root -m 644 debian/openssh-server.ufw.profile debian/openssh-server/etc/ufw/applications.d/openssh-server
+
+        # Remove version control tags to avoid unnecessary conffile
+        # resolution steps for administrators.
+        sed -i '/\$$OpenBSD:/d' \
+                debian/openssh-client/etc/ssh/moduli \
+                debian/openssh-client/etc/ssh/ssh_config
+
+        # dh_apport would be neater, but at the time of writing it isn't in
+        # unstable yet.
+        install -p -m 644 debian/openssh-client.apport debian/openssh-client/usr/share/apport/package-hooks/openssh-client.py
+        install -p -m 644 debian/openssh-server.apport debian/openssh-server/usr/share/apport/package-hooks/openssh-server.py
+
+        # Upstart user job (only used under user sessions)
+        install -p -m 644 -D debian/ssh-agent.user-session.upstart debian/openssh-client/usr/share/upstart/sessions/ssh-agent.conf
+
+override_dh_installdocs:
+        dh_installdocs -Nopenssh-server -Nssh
+        dh_installdocs -popenssh-server -pssh --link-doc=openssh-client
+        # Avoid breaking dh_installexamples later.
+        mkdir -p debian/openssh-server/usr/share/doc/openssh-client
+
+override_dh_installinit:
+        dh_installinit -R --name ssh -- start 16 2 3 4 5 .
+
+override_dh_installpam:
+        dh_installpam --name sshd
+
+override_dh_fixperms:
+        dh_fixperms
+        chmod u+s debian/openssh-client/usr/lib/openssh/ssh-keysign
+
+# Tighten libssl dependencies to match the check in entropy.c.
+override_dh_shlibdeps:
+        dh_shlibdeps
+        debian/adjust-openssl-dependencies
+
+override_dh_gencontrol:
+        dh_gencontrol -- -V'openssh-server:Recommends=$(server_recommends)'
+
+override_dh_builddeb:
+        dh_builddeb -- -Zxz
+
+debian/faq.html:
+        wget -O - http://www.openssh.org/faq.html | \
+                sed 's,\(href="\)\(txt/\|[^":]*\.html\),\1http://www.openssh.org/\2,g' \
+                > debian/faq.html
+
+# You only need to run this immediately after checking out the package from
+# revision control.
+quilt-setup:
+        [ ! -d .pc ]
+        set -e; for patch in $$(quilt series | tac); do \
+                patch -p1 -R --no-backup-if-mismatch <"debian/patches/$$patch"; \
+        done
+        quilt push -a
+
+.PHONY: quilt-setup
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 000000000..163aaf8d8
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (quilt)
diff --git a/debian/source/include-binaries b/debian/source/include-binaries
new file mode 100644
index 000000000..df5790e2e
--- /dev/null
+++ b/debian/source/include-binaries
@@ -0,0 +1 @@
+debian/ssh-askpass-gnome.png
diff --git a/debian/ssh-agent.user-session.upstart b/debian/ssh-agent.user-session.upstart
new file mode 100644
index 000000000..8553e12f1
--- /dev/null
+++ b/debian/ssh-agent.user-session.upstart
@@ -0,0 +1,19 @@
+description "SSH Agent"
+author "Stéphane Graber <stgraber@ubuntu.com>"
+
+start on starting xsession-init
+
+pre-start script
+    [ -e /etc/X11/Xsession.options ] || { stop; exit 0; }
+    grep -q "^use-ssh-agent$" /etc/X11/Xsession.options || { stop; exit 0; }
+
+    eval "$(ssh-agent)" >/dev/null
+    initctl set-env --global SSH_AUTH_SOCK=$SSH_AUTH_SOCK
+    initctl set-env --global SSH_AGENT_PID=$SSH_AGENT_PID
+end script
+
+post-stop script
+    kill $SSH_AGENT_PID 2>/dev/null || true
+    initctl unset-env --global SSH_AUTH_SOCK
+    initctl unset-env --global SSH_AGENT_PID
+end script
diff --git a/debian/ssh-argv0 b/debian/ssh-argv0
new file mode 100644
index 000000000..37506a4d7
--- /dev/null
+++ b/debian/ssh-argv0
@@ -0,0 +1,31 @@
+#! /bin/sh
+set -e
+
+# Copyright (c) 2001 Jonathan Amery.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+if [ "${0##*/}" = "ssh-argv0" ]
+then
+  echo 'ssh-argv0: This script should not be run like this, see ssh-argv0(1) for details' 1>&2
+  exit 1
+fi
+exec ssh "${0##*/}" "$@"
diff --git a/debian/ssh-argv0.1 b/debian/ssh-argv0.1
new file mode 100644
index 000000000..a36a63d40
--- /dev/null
+++ b/debian/ssh-argv0.1
@@ -0,0 +1,64 @@
+.Dd September 7, 2001 
+.Dt SSH-ARGV0 1
+.Os Debian Project
+.Sh NAME
+.Nm ssh-argv0
+.Nd replaces the old ssh command-name as hostname handling
+.Sh SYNOPSIS
+.Ar hostname | user@hostname
+.Op Fl l Ar login_name
+.Op Ar command
+.Pp
+.Ar hostname | user@hostname
+.Op Fl afgknqstvxACNTX1246
+.Op Fl b Ar bind_address
+.Op Fl c Ar cipher_spec
+.Op Fl e Ar escape_char
+.Op Fl i Ar identity_file
+.Op Fl l Ar login_name
+.Op Fl m Ar mac_spec
+.Op Fl o Ar option
+.Op Fl p Ar port
+.Op Fl F Ar configfile
+.Oo Fl L Xo
+.Sm off
+.Ar port :
+.Ar host :
+.Ar hostport
+.Sm on
+.Xc
+.Oc
+.Oo Fl R Xo
+.Sm off
+.Ar port :
+.Ar host :
+.Ar hostport
+.Sm on
+.Xc
+.Oc
+.Op Fl D Ar port
+.Op Ar command
+.Sh DESCRIPTION
+.Nm
+replaces the old ssh command-name as hostname handling.
+If you link to this script with a hostname then executing the link is
+equivalent to having executed ssh with that hostname as an argument.
+All other arguments are passed to ssh and will be processed normally.
+.Sh OPTIONS
+See
+.Xr ssh 1 .
+.Sh FILES
+See
+.Xr ssh 1 .
+.Sh AUTHORS
+OpenSSH is a derivative of the original and free
+ssh 1.2.12 release by Tatu Ylonen.
+Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
+Theo de Raadt and Dug Song
+removed many bugs, re-added newer features and
+created OpenSSH.
+Markus Friedl contributed the support for SSH
+protocol versions 1.5 and 2.0.
+Jonathan Amery wrote this ssh-argv0 script and the associated documentation.
+.Sh SEE ALSO
+.Xr ssh 1
diff --git a/debian/ssh-askpass-gnome.copyright b/debian/ssh-askpass-gnome.copyright
new file mode 100644
index 000000000..4a71dda00
--- /dev/null
+++ b/debian/ssh-askpass-gnome.copyright
@@ -0,0 +1,44 @@
+This package contains a Gnome based implementation of ssh-askpass
+written by Damien Miller.
+
+It is split out from the main package to isolate the dependency on the
+Gnome and X11 libraries.
+
+It was packaged for Debian by Philip Hands <phil@hands.com>.
+
+Copyright:
+
+/*
+**
+** GNOME ssh passphrase requestor
+**
+** Damien Miller <djm@ibs.com.au>
+** 
+** Copyright 1999 Internet Business Solutions
+**
+** Permission is hereby granted, free of charge, to any person
+** obtaining a copy of this software and associated documentation
+** files (the "Software"), to deal in the Software without
+** restriction, including without limitation the rights to use, copy,
+** modify, merge, publish, distribute, sublicense, and/or sell copies
+** of the Software, and to permit persons to whom the Software is
+** furnished to do so, subject to the following conditions:
+**
+** The above copyright notice and this permission notice shall be
+** included in all copies or substantial portions of the Software.
+**
+** THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY
+** KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
+** WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+** AND NONINFRINGEMENT.  IN NO EVENT SHALL DAMIEN MILLER OR INTERNET
+** BUSINESS SOLUTIONS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+** LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+** ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE
+** OR OTHER DEALINGS IN THE SOFTWARE.
+**
+** Except as contained in this notice, the name of Internet Business
+** Solutions shall not be used in advertising or otherwise to promote
+** the sale, use or other dealings in this Software without prior
+** written authorization from Internet Business Solutions.
+**
+*/
diff --git a/debian/ssh-askpass-gnome.desktop b/debian/ssh-askpass-gnome.desktop
new file mode 100644
index 000000000..eba7a67d1
--- /dev/null
+++ b/debian/ssh-askpass-gnome.desktop
@@ -0,0 +1,12 @@
+[Desktop Entry]
+Version=1.0
+Encoding=UTF-8
+Name=SSH AskPass
+GenericName=ssh-add
+Comment=Enter passphrase to authenticate to the ssh agent
+Exec=/usr/bin/ssh-add
+TryExec=ssh-add
+Terminal=false
+Type=Application
+Icon=ssh-askpass-gnome
+Categories=Network;Security;
diff --git a/debian/ssh-askpass-gnome.dirs b/debian/ssh-askpass-gnome.dirs
new file mode 100644
index 000000000..0ffa45024
--- /dev/null
+++ b/debian/ssh-askpass-gnome.dirs
@@ -0,0 +1,3 @@
+usr/lib/openssh
+usr/share/man/man1
+usr/share/pixmaps
diff --git a/debian/ssh-askpass-gnome.examples b/debian/ssh-askpass-gnome.examples
new file mode 100644
index 000000000..66fd8c0e4
--- /dev/null
+++ b/debian/ssh-askpass-gnome.examples
@@ -0,0 +1 @@
+debian/ssh-askpass-gnome.desktop
diff --git a/debian/ssh-askpass-gnome.install b/debian/ssh-askpass-gnome.install
new file mode 100644
index 000000000..8b6b5f045
--- /dev/null
+++ b/debian/ssh-askpass-gnome.install
@@ -0,0 +1 @@
+debian/ssh-askpass-gnome.png usr/share/pixmaps
diff --git a/debian/ssh-askpass-gnome.manpages b/debian/ssh-askpass-gnome.manpages
new file mode 100644
index 000000000..7749f13bb
--- /dev/null
+++ b/debian/ssh-askpass-gnome.manpages
@@ -0,0 +1 @@
+debian/gnome-ssh-askpass.1
diff --git a/debian/ssh-askpass-gnome.png b/debian/ssh-askpass-gnome.png
new file mode 100644
index 000000000..06f75764e
--- /dev/null
+++ b/debian/ssh-askpass-gnome.png
diff --git a/debian/ssh-askpass-gnome.postinst b/debian/ssh-askpass-gnome.postinst
new file mode 100644
index 000000000..8a454e520
--- /dev/null
+++ b/debian/ssh-askpass-gnome.postinst
@@ -0,0 +1,48 @@
+#! /bin/sh
+# postinst script for ssh-askpass-gnome
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+#        * <postinst> `configure' <most-recently-configured-version>
+#        * <old-postinst> `abort-upgrade' <new version>
+#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+#          <new-version>
+#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+#          <failed-install-package> <version> `removing'
+#          <conflicting-package> <version>
+# for details, see /usr/share/doc/packaging-manual/
+#
+# quoting from the policy:
+#     Any necessary prompting should almost always be confined to the
+#     post-installation script, and should be protected with a conditional
+#     so that unnecessary prompting doesn't happen if a package's
+#     installation fails and the `postinst' is called with `abort-upgrade',
+#     `abort-remove' or `abort-deconfigure'.
+
+case "$1" in
+    configure)
+        update-alternatives --quiet \
+            --install /usr/bin/ssh-askpass ssh-askpass \
+                      /usr/lib/openssh/gnome-ssh-askpass 30 \
+            --slave /usr/share/man/man1/ssh-askpass.1.gz \
+                    ssh-askpass.1.gz /usr/share/man/man1/gnome-ssh-askpass.1.gz
+    ;;
+
+    abort-upgrade|abort-remove|abort-deconfigure)
+    ;;
+
+    *)
+        echo "postinst called with unknown argument \`$1'" >&2
+        exit 0
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/ssh-askpass-gnome.prerm b/debian/ssh-askpass-gnome.prerm
new file mode 100644
index 000000000..0adcfc76b
--- /dev/null
+++ b/debian/ssh-askpass-gnome.prerm
@@ -0,0 +1,39 @@
+#! /bin/sh
+# prerm script for ssh-askpass-gnome
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+#        * <prerm> `remove'
+#        * <old-prerm> `upgrade' <new-version>
+#        * <new-prerm> `failed-upgrade' <old-version>
+#        * <conflictor's-prerm> `remove' `in-favour' <package> <new-version>
+#        * <deconfigured's-prerm> `deconfigure' `in-favour'
+#          <package-being-installed> <version> `removing'
+#          <conflicting-package> <version>
+# for details, see /usr/share/doc/packaging-manual/
+
+case "$1" in
+    remove|deconfigure)
+        update-alternatives --quiet --remove ssh-askpass /usr/lib/openssh/gnome-ssh-askpass
+        ;;
+    upgrade)
+        ;;
+    failed-upgrade)
+        ;;
+    *)
+        echo "prerm called with unknown argument \`$1'" >&2
+        exit 0
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
+
+
diff --git a/debian/ssh-krb5.NEWS b/debian/ssh-krb5.NEWS
new file mode 100644
index 000000000..5a6433ab2
--- /dev/null
+++ b/debian/ssh-krb5.NEWS
@@ -0,0 +1,18 @@
+ssh-krb5 (1:4.3p2-7) unstable; urgency=low
+
+  The normal openssh-server and openssh-client packages in Debian now
+  include full GSSAPI support, including key exchange.  This package is
+  now only a transitional package that depends on openssh-server and
+  openssh-client and configures openssh-server for GSSAPI authentication
+  if it wasn't already.
+
+  You can now simply install openssh-server and openssh-client directly
+  and remove this package.  Just make sure that /etc/ssh/sshd_config
+  contains:
+
+    GSSAPIAuthentication yes
+    GSSAPIKeyExchange yes
+
+  if you want to support GSSAPI authentication to your ssh server.
+
+ -- Russ Allbery <rra@debian.org>  Tue, 03 Oct 2006 22:27:27 -0700
diff --git a/debian/ssh-krb5.postinst b/debian/ssh-krb5.postinst
new file mode 100644
index 000000000..f799accfe
--- /dev/null
+++ b/debian/ssh-krb5.postinst
@@ -0,0 +1,61 @@
+#!/bin/sh
+
+set -e
+
+action="$1"
+oldversion="$2"
+
+if [ "$action" = configure ] ; then
+    # Make sure that GSSAPI is enabled.  If there is no uncommented GSSAPI
+    # configuration, uncomment any commented-out configuration if present
+    # (this will catch the case of a fresh install of openssh-server).
+    # Otherwise, add configuration turning on GSSAPIAuthentication and
+    # GSSAPIKeyExchange.
+    #
+    # If there is some configuration, we may be upgrading from ssh-krb5.  It
+    # enabled GSSAPIKeyExchange without any configuration option.  Therefore,
+    # if it isn't explicitly set, always enable it for compatible behavior
+    # with ssh-krb5.
+    if dpkg --compare-versions "$oldversion" ge 1:4.3p2-9; then
+        :
+    else
+        changed=
+        if grep -qi '^[         ]*GSSAPI' /etc/ssh/sshd_config ; then
+            if grep -qi '^[     ]*GSSAPIKeyExchange' /etc/ssh/sshd_config ; then
+                :
+            else
+                changed=true
+                cat >> /etc/ssh/sshd_config <<EOF
+
+# GSSAPI key exchange (added by ssh-krb5 transitional package)
+GSSAPIKeyExchange yes
+EOF
+            fi
+        else
+            changed=true
+            if grep -qi '^#GSSAPI' /etc/ssh/sshd_config ; then
+                perl -pe 's/^\#(GSSAPI(Authentication|KeyExchange))\b.*/$1 yes/i' \
+                    < /etc/ssh/sshd_config > /etc/ssh/sshd_config.dpkg-new
+                chown --reference /etc/ssh/sshd_config \
+                    /etc/ssh/sshd_config.dpkg-new
+                chmod --reference /etc/ssh/sshd_config \
+                    /etc/ssh/sshd_config.dpkg-new
+                mv /etc/ssh/sshd_config.dpkg-new /etc/ssh/sshd_config
+            else
+                cat >> /etc/ssh/sshd_config <<EOF
+
+# GSSAPI authentication (added by ssh-krb5 transitional package)
+GSSAPIAuthentication yes
+GSSAPIKeyExchange yes
+EOF
+            fi
+        fi
+        if [ -n "$changed" ]; then
+            invoke-rc.d ssh restart
+        fi
+    fi
+fi
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/ssh.dirs b/debian/ssh.dirs
new file mode 100644
index 000000000..1da8fba83
--- /dev/null
+++ b/debian/ssh.dirs
@@ -0,0 +1 @@
+usr/share/lintian/overrides
diff --git a/debian/ssh.lintian-overrides b/debian/ssh.lintian-overrides
new file mode 100644
index 000000000..b9bf7ea08
--- /dev/null
+++ b/debian/ssh.lintian-overrides
@@ -0,0 +1 @@
+ssh: package-contains-empty-directory usr/share/doc/openssh-client/
diff --git a/debian/tests/Makefile b/debian/tests/Makefile
new file mode 100644
index 000000000..666ed8227
--- /dev/null
+++ b/debian/tests/Makefile
@@ -0,0 +1,12 @@
+test: getpid.so
+        chmod +x keygen-test
+        ./keygen-test
+
+getpid.o: getpid.c
+        gcc -fPIC -c $< -o $@
+
+getpid.so: getpid.o
+        gcc -shared -o $@ $<
+
+clean:
+        rm -f getpid.o getpid.so key1 key1.pub key2 key2.pub
diff --git a/debian/tests/getpid.c b/debian/tests/getpid.c
new file mode 100644
index 000000000..c9e35b87e
--- /dev/null
+++ b/debian/tests/getpid.c
@@ -0,0 +1,39 @@
+/*
+ * Compile:
+
+gcc -fPIC -c getpid.c -o getpid.o
+gcc -shared -o getpid.so getpid.o
+
+ * Use:
+ 
+FORCE_PID=1234 LD_PRELOAD=./getpid.so bash
+
+#
+# Copyright (C) 2001-2008 Kees Cook
+# kees@outflux.net, http://outflux.net/
+# 
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+# 
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+# http://www.gnu.org/copyleft/gpl.html
+
+*/
+
+#include <sys/types.h>
+#include <unistd.h>
+#include <stdlib.h>
+
+pid_t getpid(void)
+{
+    return atoi(getenv("FORCE_PID"));
+}
diff --git a/debian/tests/keygen-test b/debian/tests/keygen-test
new file mode 100755
index 000000000..02b7c761a
--- /dev/null
+++ b/debian/tests/keygen-test
@@ -0,0 +1,12 @@
+#! /bin/sh
+
+rm -f key1 key1.pub key2 key2.pub
+LD_PRELOAD="$(pwd)/getpid.so" FORCE_PID=1234 \
+        ../../build-deb/ssh-keygen -N '' -f key1 >/dev/null
+LD_PRELOAD="$(pwd)/getpid.so" FORCE_PID=1234 \
+        ../../build-deb/ssh-keygen -N '' -f key2 >/dev/null
+if cmp -s key1 key2; then
+        echo "Generated two identical keys!" >&2
+        exit 1
+fi
+exit 0
diff --git a/debian/watch b/debian/watch
new file mode 100644
index 000000000..6ffdc3708
--- /dev/null
+++ b/debian/watch
@@ -0,0 +1,3 @@
+version=2
+ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-(.*)\.tar\.gz \
+  debian uupdate
diff --git a/dns.c b/dns.c
index 630b97ae8..478c3d9c5 100644
--- a/dns.c
+++ b/dns.c
@@ -196,6 +196,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
 {
         u_int counter;
         int result;
+        unsigned int rrset_flags = 0;
         struct rrsetinfo *fingerprints = NULL;
 
         u_int8_t hostkey_algorithm;
@@ -219,8 +220,19 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
                 return -1;
         }
 
+        /*
+         * Original getrrsetbyname function, found on OpenBSD for example,
+         * doesn't accept any flag and prerequisite for obtaining AD bit in
+         * DNS response is set by "options edns0" in resolv.conf.
+         *
+         * Our version is more clever and use RRSET_FORCE_EDNS0 flag.
+         */
+#ifndef HAVE_GETRRSETBYNAME
+        rrset_flags |= RRSET_FORCE_EDNS0;
+#endif
         result = getrrsetbyname(hostname, DNS_RDATACLASS_IN,
-            DNS_RDATATYPE_SSHFP, 0, &fingerprints);
+            DNS_RDATATYPE_SSHFP, rrset_flags, &fingerprints);
+
         if (result) {
                 verbose("DNS lookup error: %s", dns_result_totext(result));
                 return -1;
diff --git a/log.c b/log.c
index 32e1d2e45..53e7b6561 100644
--- a/log.c
+++ b/log.c
@@ -94,6 +94,7 @@ static struct {
         LogLevel val;
 } log_levels[] =
 {
+        { "SILENT",     SYSLOG_LEVEL_QUIET }, /* compatibility */
         { "QUIET",      SYSLOG_LEVEL_QUIET },
         { "FATAL",      SYSLOG_LEVEL_FATAL },
         { "ERROR",      SYSLOG_LEVEL_ERROR },
diff --git a/misc.c b/misc.c
index c3c809943..eb57bfc1b 100644
--- a/misc.c
+++ b/misc.c
@@ -48,8 +48,9 @@
 #include <netdb.h>
 #ifdef HAVE_PATHS_H
 # include <paths.h>
-#include <pwd.h>
 #endif
+#include <pwd.h>
+#include <grp.h>
 #ifdef SSH_TUN_OPENBSD
 #include <net/if.h>
 #endif
@@ -58,6 +59,7 @@
 #include "misc.h"
 #include "log.h"
 #include "ssh.h"
+#include "platform.h"
 
 /* remove newline at end of string */
 char *
@@ -642,6 +644,71 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz,
         return -1;
 }
 
+/*
+ * return 1 if the specified uid is a uid that may own a system directory
+ * otherwise 0.
+ */
+int
+platform_sys_dir_uid(uid_t uid)
+{
+        if (uid == 0)
+                return 1;
+#ifdef PLATFORM_SYS_DIR_UID
+        if (uid == PLATFORM_SYS_DIR_UID)
+                return 1;
+#endif
+        return 0;
+}
+
+int
+secure_permissions(struct stat *st, uid_t uid)
+{
+        if (!platform_sys_dir_uid(st->st_uid) && st->st_uid != uid)
+                return 0;
+        if ((st->st_mode & 002) != 0)
+                return 0;
+        if ((st->st_mode & 020) != 0) {
+                /* If the file is group-writable, the group in question must
+                 * have exactly one member, namely the file's owner.
+                 * (Zero-member groups are typically used by setgid
+                 * binaries, and are unlikely to be suitable.)
+                 */
+                struct passwd *pw;
+                struct group *gr;
+                int members = 0;
+
+                gr = getgrgid(st->st_gid);
+                if (!gr)
+                        return 0;
+
+                /* Check primary group memberships. */
+                while ((pw = getpwent()) != NULL) {
+                        if (pw->pw_gid == gr->gr_gid) {
+                                ++members;
+                                if (pw->pw_uid != uid)
+                                        return 0;
+                        }
+                }
+                endpwent();
+
+                pw = getpwuid(st->st_uid);
+                if (!pw)
+                        return 0;
+
+                /* Check supplementary group memberships. */
+                if (gr->gr_mem[0]) {
+                        ++members;
+                        if (strcmp(pw->pw_name, gr->gr_mem[0]) ||
+                            gr->gr_mem[1])
+                                return 0;
+                }
+
+                if (!members)
+                        return 0;
+        }
+        return 1;
+}
+
 int
 tun_open(int tun, int mode)
 {
diff --git a/misc.h b/misc.h
index fceb30655..51ba182e1 100644
--- a/misc.h
+++ b/misc.h
@@ -104,4 +104,6 @@ char	*read_passphrase(const char *, int);
 int      ask_permission(const char *, ...) __attribute__((format(printf, 1, 2)));
 int      read_keyfile_line(FILE *, const char *, char *, size_t, u_long *);
 
+int      secure_permissions(struct stat *st, uid_t uid);
+
 #endif /* _MISC_H */
diff --git a/moduli.5 b/moduli.5
index ef0de0850..149846c8c 100644
--- a/moduli.5
+++ b/moduli.5
@@ -21,7 +21,7 @@
 .Nd Diffie-Hellman moduli
 .Sh DESCRIPTION
 The
-.Pa /etc/moduli
+.Pa /etc/ssh/moduli
 file contains prime numbers and generators for use by
 .Xr sshd 8
 in the Diffie-Hellman Group Exchange key exchange method.
@@ -110,7 +110,7 @@ first estimates the size of the modulus required to produce enough
 Diffie-Hellman output to sufficiently key the selected symmetric cipher.
 .Xr sshd 8
 then randomly selects a modulus from
-.Fa /etc/moduli
+.Fa /etc/ssh/moduli
 that best meets the size requirement.
 .Sh SEE ALSO
 .Xr ssh-keygen 1 ,
diff --git a/monitor.c b/monitor.c
index 9079c9762..9bc4f0b2e 100644
--- a/monitor.c
+++ b/monitor.c
@@ -98,6 +98,9 @@
 #include "jpake.h"
 #include "roaming.h"
 #include "authfd.h"
+#ifdef USE_CONSOLEKIT
+#include "consolekit.h"
+#endif
 
 #ifdef GSSAPI
 static Gssctxt *gsscontext = NULL;
@@ -146,6 +149,7 @@ int mm_answer_sign(int, Buffer *);
 int mm_answer_pwnamallow(int, Buffer *);
 int mm_answer_auth2_read_banner(int, Buffer *);
 int mm_answer_authserv(int, Buffer *);
+int mm_answer_authrole(int, Buffer *);
 int mm_answer_authpassword(int, Buffer *);
 int mm_answer_bsdauthquery(int, Buffer *);
 int mm_answer_bsdauthrespond(int, Buffer *);
@@ -192,6 +196,10 @@ int mm_answer_audit_command(int, Buffer *);
 
 static int monitor_read_log(struct monitor *);
 
+#ifdef USE_CONSOLEKIT
+int mm_answer_consolekit_register(int, Buffer *);
+#endif
+
 static Authctxt *authctxt;
 static BIGNUM *ssh1_challenge = NULL;   /* used for ssh1 rsa auth */
 
@@ -227,6 +235,7 @@ struct mon_table mon_dispatch_proto20[] = {
     {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
     {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
     {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
+    {MONITOR_REQ_AUTHROLE, MON_ONCE, mm_answer_authrole},
     {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
     {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
 #ifdef USE_PAM
@@ -283,6 +292,9 @@ struct mon_table mon_dispatch_postauth20[] = {
     {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
     {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command},
 #endif
+#ifdef USE_CONSOLEKIT
+    {MONITOR_REQ_CONSOLEKIT_REGISTER, 0, mm_answer_consolekit_register},
+#endif
     {0, 0, NULL}
 };
 
@@ -325,6 +337,9 @@ struct mon_table mon_dispatch_postauth15[] = {
     {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
     {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command},
 #endif
+#ifdef USE_CONSOLEKIT
+    {MONITOR_REQ_CONSOLEKIT_REGISTER, 0, mm_answer_consolekit_register},
+#endif
     {0, 0, NULL}
 };
 
@@ -512,6 +527,9 @@ monitor_child_postauth(struct monitor *pmonitor)
                 monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1);
                 monitor_permit(mon_dispatch, MONITOR_REQ_PTYCLEANUP, 1);
         }
+#ifdef USE_CONSOLEKIT
+        monitor_permit(mon_dispatch, MONITOR_REQ_CONSOLEKIT_REGISTER, 1);
+#endif
 
         for (;;)
                 monitor_read(pmonitor, mon_dispatch, NULL);
@@ -844,6 +862,7 @@ mm_answer_pwnamallow(int sock, Buffer *m)
         else {
                 /* Allow service/style information on the auth context */
                 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
+                monitor_permit(mon_dispatch, MONITOR_REQ_AUTHROLE, 1);
                 monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
         }
 #ifdef USE_PAM
@@ -874,14 +893,37 @@ mm_answer_authserv(int sock, Buffer *m)
 
         authctxt->service = buffer_get_string(m, NULL);
         authctxt->style = buffer_get_string(m, NULL);
-        debug3("%s: service=%s, style=%s",
-            __func__, authctxt->service, authctxt->style);
+        authctxt->role = buffer_get_string(m, NULL);
+        debug3("%s: service=%s, style=%s, role=%s",
+            __func__, authctxt->service, authctxt->style, authctxt->role);
 
         if (strlen(authctxt->style) == 0) {
                 free(authctxt->style);
                 authctxt->style = NULL;
         }
 
+        if (strlen(authctxt->role) == 0) {
+                free(authctxt->role);
+                authctxt->role = NULL;
+        }
+
+        return (0);
+}
+
+int
+mm_answer_authrole(int sock, Buffer *m)
+{
+        monitor_permit_authentications(1);
+
+        authctxt->role = buffer_get_string(m, NULL);
+        debug3("%s: role=%s",
+            __func__, authctxt->role);
+
+        if (strlen(authctxt->role) == 0) {
+                free(authctxt->role);
+                authctxt->role = NULL;
+        }
+
         return (0);
 }
 
@@ -1486,7 +1528,7 @@ mm_answer_pty(int sock, Buffer *m)
         res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty));
         if (res == 0)
                 goto error;
-        pty_setowner(authctxt->pw, s->tty);
+        pty_setowner(authctxt->pw, s->tty, authctxt->role);
 
         buffer_put_int(m, 1);
         buffer_put_cstring(m, s->tty);
@@ -2466,3 +2508,30 @@ mm_answer_jpake_check_confirm(int sock, Buffer *m)
 }
 
 #endif /* JPAKE */
+
+#ifdef USE_CONSOLEKIT
+int
+mm_answer_consolekit_register(int sock, Buffer *m)
+{
+        Session *s;
+        char *tty, *display;
+        char *cookie = NULL;
+
+        debug3("%s entering", __func__);
+
+        tty = buffer_get_string(m, NULL);
+        display = buffer_get_string(m, NULL);
+        s = session_by_tty(tty);
+        if (s != NULL)
+                cookie = consolekit_register(s, display);
+        buffer_clear(m);
+        buffer_put_cstring(m, cookie != NULL ? cookie : "");
+        mm_request_send(sock, MONITOR_ANS_CONSOLEKIT_REGISTER, m);
+
+        free(cookie);
+        free(display);
+        free(tty);
+
+        return (0);
+}
+#endif /* USE_CONSOLEKIT */
diff --git a/monitor.h b/monitor.h
index 315ef996d..cd8342823 100644
--- a/monitor.h
+++ b/monitor.h
@@ -73,6 +73,10 @@ enum monitor_reqtype {
         MONITOR_REQ_GSSSIGN = 150, MONITOR_ANS_GSSSIGN = 151,
         MONITOR_REQ_GSSUPCREDS = 152, MONITOR_ANS_GSSUPCREDS = 153,
 
+        MONITOR_REQ_AUTHROLE = 154,
+
+        MONITOR_REQ_CONSOLEKIT_REGISTER = 156, MONITOR_ANS_CONSOLEKIT_REGISTER = 157,
+
 };
 
 struct mm_master;
diff --git a/monitor_wrap.c b/monitor_wrap.c
index 433b234d2..9662a4c63 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -320,10 +320,10 @@ mm_auth2_read_banner(void)
         return (banner);
 }
 
-/* Inform the privileged process about service and style */
+/* Inform the privileged process about service, style, and role */
 
 void
-mm_inform_authserv(char *service, char *style)
+mm_inform_authserv(char *service, char *style, char *role)
 {
         Buffer m;
 
@@ -332,12 +332,30 @@ mm_inform_authserv(char *service, char *style)
         buffer_init(&m);
         buffer_put_cstring(&m, service);
         buffer_put_cstring(&m, style ? style : "");
+        buffer_put_cstring(&m, role ? role : "");
 
         mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHSERV, &m);
 
         buffer_free(&m);
 }
 
+/* Inform the privileged process about role */
+
+void
+mm_inform_authrole(char *role)
+{
+        Buffer m;
+
+        debug3("%s entering", __func__);
+
+        buffer_init(&m);
+        buffer_put_cstring(&m, role ? role : "");
+
+        mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHROLE, &m);
+
+        buffer_free(&m);
+}
+
 /* Do the password authentication */
 int
 mm_auth_password(Authctxt *authctxt, char *password)
@@ -1498,3 +1516,34 @@ mm_jpake_check_confirm(const BIGNUM *k,
         return success;
 }
 #endif /* JPAKE */
+
+#ifdef USE_CONSOLEKIT
+char *
+mm_consolekit_register(Session *s, const char *display)
+{
+        Buffer m;
+        char *cookie;
+
+        debug3("%s entering", __func__);
+
+        if (s->ttyfd == -1)
+                return NULL;
+        buffer_init(&m);
+        buffer_put_cstring(&m, s->tty);
+        buffer_put_cstring(&m, display != NULL ? display : "");
+        mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_CONSOLEKIT_REGISTER, &m);
+        buffer_clear(&m);
+
+        mm_request_receive_expect(pmonitor->m_recvfd,
+            MONITOR_ANS_CONSOLEKIT_REGISTER, &m);
+        cookie = buffer_get_string(&m, NULL);
+        buffer_free(&m);
+
+        /* treat empty cookie as missing cookie */
+        if (strlen(cookie) == 0) {
+                free(cookie);
+                cookie = NULL;
+        }
+        return (cookie);
+}
+#endif /* USE_CONSOLEKIT */
diff --git a/monitor_wrap.h b/monitor_wrap.h
index ec9b9b1c3..360fb9f57 100644
--- a/monitor_wrap.h
+++ b/monitor_wrap.h
@@ -41,7 +41,8 @@ void mm_log_handler(LogLevel, const char *, void *);
 int mm_is_monitor(void);
 DH *mm_choose_dh(int, int, int);
 int mm_key_sign(Key *, u_char **, u_int *, u_char *, u_int);
-void mm_inform_authserv(char *, char *);
+void mm_inform_authserv(char *, char *, char *);
+void mm_inform_authrole(char *);
 struct passwd *mm_getpwnamallow(const char *);
 char *mm_auth2_read_banner(void);
 int mm_auth_password(struct Authctxt *, char *);
@@ -130,4 +131,8 @@ void *mm_zalloc(struct mm_master *, u_int, u_int);
 void mm_zfree(struct mm_master *, void *);
 void mm_init_compression(struct mm_master *);
 
+#ifdef USE_CONSOLEKIT
+char *mm_consolekit_register(struct Session *, const char *);
+#endif /* USE_CONSOLEKIT */
+
 #endif /* _MM_WRAP_H_ */
diff --git a/openbsd-compat/getrrsetbyname.c b/openbsd-compat/getrrsetbyname.c
index dc6fe0533..e061a290a 100644
--- a/openbsd-compat/getrrsetbyname.c
+++ b/openbsd-compat/getrrsetbyname.c
@@ -209,8 +209,8 @@ getrrsetbyname(const char *hostname, unsigned int rdclass,
                 goto fail;
         }
 
-        /* don't allow flags yet, unimplemented */
-        if (flags) {
+        /* Allow RRSET_FORCE_EDNS0 flag only. */
+        if ((flags & !RRSET_FORCE_EDNS0) != 0) {
                 result = ERRSET_INVAL;
                 goto fail;
         }
@@ -226,9 +226,9 @@ getrrsetbyname(const char *hostname, unsigned int rdclass,
 #endif /* DEBUG */
 
 #ifdef RES_USE_DNSSEC
-        /* turn on DNSSEC if EDNS0 is configured */
-        if (_resp->options & RES_USE_EDNS0)
-                _resp->options |= RES_USE_DNSSEC;
+        /* turn on DNSSEC if required  */
+        if (flags & RRSET_FORCE_EDNS0)
+                _resp->options |= (RES_USE_EDNS0|RES_USE_DNSSEC);
 #endif /* RES_USE_DNSEC */
 
         /* make query */
diff --git a/openbsd-compat/getrrsetbyname.h b/openbsd-compat/getrrsetbyname.h
index 1283f5506..dbbc85a2a 100644
--- a/openbsd-compat/getrrsetbyname.h
+++ b/openbsd-compat/getrrsetbyname.h
@@ -72,6 +72,9 @@
 #ifndef RRSET_VALIDATED
 # define RRSET_VALIDATED        1
 #endif
+#ifndef RRSET_FORCE_EDNS0
+# define RRSET_FORCE_EDNS0      0x0001
+#endif
 
 /*
  * Return codes for getrrsetbyname()
diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c
index 4637a7a3e..de6ad3fd7 100644
--- a/openbsd-compat/port-linux.c
+++ b/openbsd-compat/port-linux.c
@@ -29,6 +29,12 @@
 #include <string.h>
 #include <stdio.h>
 
+#ifdef WITH_SELINUX
+#include "key.h"
+#include "hostfile.h"
+#include "auth.h"
+#endif
+
 #include "log.h"
 #include "xmalloc.h"
 #include "port-linux.h"
@@ -58,7 +64,7 @@ ssh_selinux_enabled(void)
 
 /* Return the default security context for the given username */
 static security_context_t
-ssh_selinux_getctxbyname(char *pwname)
+ssh_selinux_getctxbyname(char *pwname, const char *role)
 {
         security_context_t sc = NULL;
         char *sename = NULL, *lvl = NULL;
@@ -73,9 +79,16 @@ ssh_selinux_getctxbyname(char *pwname)
 #endif
 
 #ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL
-        r = get_default_context_with_level(sename, lvl, NULL, &sc);
+        if (role != NULL && role[0])
+                r = get_default_context_with_rolelevel(sename, role, lvl, NULL,
+                                                       &sc);
+        else
+                r = get_default_context_with_level(sename, lvl, NULL, &sc);
 #else
-        r = get_default_context(sename, NULL, &sc);
+        if (role != NULL && role[0])
+                r = get_default_context_with_role(sename, role, NULL, &sc);
+        else
+                r = get_default_context(sename, NULL, &sc);
 #endif
 
         if (r != 0) {
@@ -105,7 +118,7 @@ ssh_selinux_getctxbyname(char *pwname)
 
 /* Set the execution context to the default for the specified user */
 void
-ssh_selinux_setup_exec_context(char *pwname)
+ssh_selinux_setup_exec_context(char *pwname, const char *role)
 {
         security_context_t user_ctx = NULL;
 
@@ -114,7 +127,7 @@ ssh_selinux_setup_exec_context(char *pwname)
 
         debug3("%s: setting execution context", __func__);
 
-        user_ctx = ssh_selinux_getctxbyname(pwname);
+        user_ctx = ssh_selinux_getctxbyname(pwname, role);
         if (setexeccon(user_ctx) != 0) {
                 switch (security_getenforce()) {
                 case -1:
@@ -136,7 +149,7 @@ ssh_selinux_setup_exec_context(char *pwname)
 
 /* Set the TTY context for the specified user */
 void
-ssh_selinux_setup_pty(char *pwname, const char *tty)
+ssh_selinux_setup_pty(char *pwname, const char *tty, const char *role)
 {
         security_context_t new_tty_ctx = NULL;
         security_context_t user_ctx = NULL;
@@ -147,7 +160,7 @@ ssh_selinux_setup_pty(char *pwname, const char *tty)
 
         debug3("%s: setting TTY context on %s", __func__, tty);
 
-        user_ctx = ssh_selinux_getctxbyname(pwname);
+        user_ctx = ssh_selinux_getctxbyname(pwname, role);
 
         /* XXX: should these calls fatal() upon failure in enforcing mode? */
 
diff --git a/openbsd-compat/port-linux.h b/openbsd-compat/port-linux.h
index e3d1004aa..80ce13ad9 100644
--- a/openbsd-compat/port-linux.h
+++ b/openbsd-compat/port-linux.h
@@ -21,8 +21,8 @@
 
 #ifdef WITH_SELINUX
 int ssh_selinux_enabled(void);
-void ssh_selinux_setup_pty(char *, const char *);
-void ssh_selinux_setup_exec_context(char *);
+void ssh_selinux_setup_pty(char *, const char *, const char *);
+void ssh_selinux_setup_exec_context(char *, const char *);
 void ssh_selinux_change_context(const char *);
 void ssh_selinux_setfscreatecon(const char *);
 #endif
diff --git a/pathnames.h b/pathnames.h
index 5027fbaed..47f7867d5 100644
--- a/pathnames.h
+++ b/pathnames.h
@@ -18,6 +18,10 @@
 #define SSHDIR                          ETCDIR "/ssh"
 #endif
 
+#ifndef _PATH_SSH_DATADIR
+#define _PATH_SSH_DATADIR               "/usr/share/ssh"
+#endif
+
 #ifndef _PATH_SSH_PIDDIR
 #define _PATH_SSH_PIDDIR                "/var/run"
 #endif
@@ -44,6 +48,9 @@
 /* Backwards compatibility */
 #define _PATH_DH_PRIMES                 SSHDIR "/primes"
 
+#define _PATH_BLACKLIST                 _PATH_SSH_DATADIR "/blacklist"
+#define _PATH_BLACKLIST_CONFIG          SSHDIR "/blacklist"
+
 #ifndef _PATH_SSH_PROGRAM
 #define _PATH_SSH_PROGRAM               "/usr/bin/ssh"
 #endif
diff --git a/platform.c b/platform.c
index 3262b2478..0b3bee147 100644
--- a/platform.c
+++ b/platform.c
@@ -134,7 +134,7 @@ platform_setusercontext(struct passwd *pw)
  * called if sshd is running as root.
  */
 void
-platform_setusercontext_post_groups(struct passwd *pw)
+platform_setusercontext_post_groups(struct passwd *pw, const char *role)
 {
 #if !defined(HAVE_LOGIN_CAP) && defined(USE_PAM)
         /*
@@ -181,7 +181,7 @@ platform_setusercontext_post_groups(struct passwd *pw)
         }
 #endif /* HAVE_SETPCRED */
 #ifdef WITH_SELINUX
-        ssh_selinux_setup_exec_context(pw->pw_name);
+        ssh_selinux_setup_exec_context(pw->pw_name, role);
 #endif
 }
 
@@ -194,19 +194,3 @@ platform_krb5_get_principal_name(const char *pw_name)
         return NULL;
 #endif
 }
-
-/*
- * return 1 if the specified uid is a uid that may own a system directory
- * otherwise 0.
- */
-int
-platform_sys_dir_uid(uid_t uid)
-{
-        if (uid == 0)
-                return 1;
-#ifdef PLATFORM_SYS_DIR_UID
-        if (uid == PLATFORM_SYS_DIR_UID)
-                return 1;
-#endif
-        return 0;
-}
diff --git a/platform.h b/platform.h
index 19f6bfdd3..3188a3d7c 100644
--- a/platform.h
+++ b/platform.h
@@ -26,7 +26,7 @@ void platform_post_fork_parent(pid_t child_pid);
 void platform_post_fork_child(void);
 int  platform_privileged_uidswap(void);
 void platform_setusercontext(struct passwd *);
-void platform_setusercontext_post_groups(struct passwd *);
+void platform_setusercontext_post_groups(struct passwd *, const char *);
 char *platform_get_krb5_client(const char *);
 char *platform_krb5_get_principal_name(const char *);
 int platform_sys_dir_uid(uid_t);
diff --git a/readconf.c b/readconf.c
index 2695fd6c0..2778176c6 100644
--- a/readconf.c
+++ b/readconf.c
@@ -30,6 +30,8 @@
 #include <stdio.h>
 #include <string.h>
 #include <unistd.h>
+#include <pwd.h>
+#include <grp.h>
 #ifdef HAVE_UTIL_H
 #include <util.h>
 #endif
@@ -128,6 +130,7 @@ typedef enum {
         oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
         oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
         oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
+        oUseBlacklistedKeys,
         oHostKeyAlgorithms, oBindAddress, oPKCS11Provider,
         oClearAllForwardings, oNoHostAuthenticationForLocalhost,
         oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
@@ -140,6 +143,7 @@ typedef enum {
         oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
         oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
         oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown,
+        oProtocolKeepAlives, oSetupTimeOut,
         oIgnoredUnknownOption, oDeprecated, oUnsupported
 } OpCodes;
 
@@ -161,6 +165,7 @@ static struct {
         { "passwordauthentication", oPasswordAuthentication },
         { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
         { "kbdinteractivedevices", oKbdInteractiveDevices },
+        { "useblacklistedkeys", oUseBlacklistedKeys },
         { "rsaauthentication", oRSAAuthentication },
         { "pubkeyauthentication", oPubkeyAuthentication },
         { "dsaauthentication", oPubkeyAuthentication },             /* alias */
@@ -261,6 +266,8 @@ static struct {
         { "ipqos", oIPQoS },
         { "requesttty", oRequestTTY },
         { "ignoreunknown", oIgnoreUnknown },
+        { "protocolkeepalives", oProtocolKeepAlives },
+        { "setuptimeout", oSetupTimeOut },
 
         { NULL, oBadOption }
 };
@@ -523,6 +530,10 @@ parse_flag:
                 intptr = &options->challenge_response_authentication;
                 goto parse_flag;
 
+        case oUseBlacklistedKeys:
+                intptr = &options->use_blacklisted_keys;
+                goto parse_flag;
+
         case oGssAuthentication:
                 intptr = &options->gss_authentication;
                 goto parse_flag;
@@ -933,6 +944,8 @@ parse_int:
                 goto parse_flag;
 
         case oServerAliveInterval:
+        case oProtocolKeepAlives: /* Debian-specific compatibility alias */
+        case oSetupTimeOut:       /* Debian-specific compatibility alias */
                 intptr = &options->server_alive_interval;
                 goto parse_time;
 
@@ -1149,8 +1162,7 @@ read_config_file(const char *filename, const char *host, Options *options,
 
                 if (fstat(fileno(f), &sb) == -1)
                         fatal("fstat %s: %s", filename, strerror(errno));
-                if (((sb.st_uid != 0 && sb.st_uid != getuid()) ||
-                    (sb.st_mode & 022) != 0))
+                if (!secure_permissions(&sb, getuid()))
                         fatal("Bad owner or permissions on %s", filename);
         }
 
@@ -1210,6 +1222,7 @@ initialize_options(Options * options)
         options->kbd_interactive_devices = NULL;
         options->rhosts_rsa_authentication = -1;
         options->hostbased_authentication = -1;
+        options->use_blacklisted_keys = -1;
         options->batch_mode = -1;
         options->check_host_ip = -1;
         options->strict_host_key_checking = -1;
@@ -1285,7 +1298,7 @@ fill_default_options(Options * options)
         if (options->forward_x11 == -1)
                 options->forward_x11 = 0;
         if (options->forward_x11_trusted == -1)
-                options->forward_x11_trusted = 0;
+                options->forward_x11_trusted = 1;
         if (options->forward_x11_timeout == -1)
                 options->forward_x11_timeout = 1200;
         if (options->exit_on_forward_failure == -1)
@@ -1320,6 +1333,8 @@ fill_default_options(Options * options)
                 options->rhosts_rsa_authentication = 0;
         if (options->hostbased_authentication == -1)
                 options->hostbased_authentication = 0;
+        if (options->use_blacklisted_keys == -1)
+                options->use_blacklisted_keys = 0;
         if (options->batch_mode == -1)
                 options->batch_mode = 0;
         if (options->check_host_ip == -1)
@@ -1395,8 +1410,13 @@ fill_default_options(Options * options)
                 options->rekey_interval = 0;
         if (options->verify_host_key_dns == -1)
                 options->verify_host_key_dns = 0;
-        if (options->server_alive_interval == -1)
-                options->server_alive_interval = 0;
+        if (options->server_alive_interval == -1) {
+                /* in batch mode, default is 5mins */
+                if (options->batch_mode == 1)
+                        options->server_alive_interval = 300;
+                else
+                        options->server_alive_interval = 0;
+        }
         if (options->server_alive_count_max == -1)
                 options->server_alive_count_max = 3;
         if (options->control_master == -1)
diff --git a/readconf.h b/readconf.h
index 675b35dfe..a508151f7 100644
--- a/readconf.h
+++ b/readconf.h
@@ -59,6 +59,7 @@ typedef struct {
         int     kbd_interactive_authentication; /* Try keyboard-interactive auth. */
         char    *kbd_interactive_devices; /* Keyboard-interactive auth devices. */
         int     zero_knowledge_password_authentication; /* Try jpake */
+        int     use_blacklisted_keys;   /* If true, send */
         int     batch_mode;     /* Batch mode: do not ask for passwords. */
         int     check_host_ip;  /* Also keep track of keys for IP address */
         int     strict_host_key_checking;       /* Strict host key checking. */
diff --git a/scp.c b/scp.c
index 28ded5e9a..b7a17abfe 100644
--- a/scp.c
+++ b/scp.c
@@ -189,8 +189,16 @@ do_local_cmd(arglist *a)
 
         if (verbose_mode) {
                 fprintf(stderr, "Executing:");
-                for (i = 0; i < a->num; i++)
-                        fprintf(stderr, " %s", a->list[i]);
+                for (i = 0; i < a->num; i++) {
+                        if (i == 0)
+                                fprintf(stderr, " %s", a->list[i]);
+                        else
+                                /*
+                                 * TODO: misbehaves if a->list[i] contains a
+                                 * single quote
+                                 */
+                                fprintf(stderr, " '%s'", a->list[i]);
+                }
                 fprintf(stderr, "\n");
         }
         if ((pid = fork()) == -1)
diff --git a/servconf.c b/servconf.c
index c938ae399..a2928ff57 100644
--- a/servconf.c
+++ b/servconf.c
@@ -114,6 +114,7 @@ initialize_server_options(ServerOptions *options)
         options->password_authentication = -1;
         options->kbd_interactive_authentication = -1;
         options->challenge_response_authentication = -1;
+        options->permit_blacklisted_keys = -1;
         options->permit_empty_passwd = -1;
         options->permit_user_env = -1;
         options->use_login = -1;
@@ -156,6 +157,7 @@ initialize_server_options(ServerOptions *options)
         options->ip_qos_interactive = -1;
         options->ip_qos_bulk = -1;
         options->version_addendum = NULL;
+        options->debian_banner = -1;
 }
 
 void
@@ -257,6 +259,8 @@ fill_default_server_options(ServerOptions *options)
                 options->kbd_interactive_authentication = 0;
         if (options->challenge_response_authentication == -1)
                 options->challenge_response_authentication = 1;
+        if (options->permit_blacklisted_keys == -1)
+                options->permit_blacklisted_keys = 0;
         if (options->permit_empty_passwd == -1)
                 options->permit_empty_passwd = 0;
         if (options->permit_user_env == -1)
@@ -307,6 +311,8 @@ fill_default_server_options(ServerOptions *options)
                 options->ip_qos_bulk = IPTOS_THROUGHPUT;
         if (options->version_addendum == NULL)
                 options->version_addendum = xstrdup("");
+        if (options->debian_banner == -1)
+                options->debian_banner = 1;
         /* Turn privilege separation on by default */
         if (use_privsep == -1)
                 use_privsep = PRIVSEP_NOSANDBOX;
@@ -338,7 +344,7 @@ typedef enum {
         sListenAddress, sAddressFamily,
         sPrintMotd, sPrintLastLog, sIgnoreRhosts,
         sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
-        sStrictModes, sEmptyPasswd, sTCPKeepAlive,
+        sStrictModes, sPermitBlacklistedKeys, sEmptyPasswd, sTCPKeepAlive,
         sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
         sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
         sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
@@ -357,6 +363,7 @@ typedef enum {
         sKexAlgorithms, sIPQoS, sVersionAddendum,
         sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
         sAuthenticationMethods, sHostKeyAgent,
+        sDebianBanner,
         sDeprecated, sUnsupported
 } ServerOpCodes;
 
@@ -451,6 +458,7 @@ static struct {
         { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL },
         { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL },
         { "strictmodes", sStrictModes, SSHCFG_GLOBAL },
+        { "permitblacklistedkeys", sPermitBlacklistedKeys, SSHCFG_GLOBAL },
         { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL },
         { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL },
         { "uselogin", sUseLogin, SSHCFG_GLOBAL },
@@ -497,6 +505,7 @@ static struct {
         { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL },
         { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL },
         { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL },
+        { "debianbanner", sDebianBanner, SSHCFG_GLOBAL },
         { NULL, sBadOption, 0 }
 };
 
@@ -1158,6 +1167,10 @@ process_server_config_line(ServerOptions *options, char *line,
                 intptr = &options->tcp_keep_alive;
                 goto parse_flag;
 
+        case sPermitBlacklistedKeys:
+                intptr = &options->permit_blacklisted_keys;
+                goto parse_flag;
+
         case sEmptyPasswd:
                 intptr = &options->permit_empty_passwd;
                 goto parse_flag;
@@ -1640,6 +1653,10 @@ process_server_config_line(ServerOptions *options, char *line,
                 }
                 return 0;
 
+        case sDebianBanner:
+                intptr = &options->debian_banner;
+                goto parse_int;
+
         case sDeprecated:
                 logit("%s line %d: Deprecated option %s",
                     filename, linenum, arg);
@@ -2036,6 +2053,7 @@ dump_config(ServerOptions *o)
         dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost);
         dump_cfg_fmtint(sStrictModes, o->strict_modes);
         dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive);
+        dump_cfg_fmtint(sPermitBlacklistedKeys, o->permit_blacklisted_keys);
         dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);
         dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);
         dump_cfg_fmtint(sUseLogin, o->use_login);
diff --git a/servconf.h b/servconf.h
index ab6e34669..fd72ce2a3 100644
--- a/servconf.h
+++ b/servconf.h
@@ -121,6 +121,7 @@ typedef struct {
         int     challenge_response_authentication;
         int     zero_knowledge_password_authentication;
                                         /* If true, permit jpake auth */
+        int     permit_blacklisted_keys;        /* If true, permit */
         int     permit_empty_passwd;    /* If false, do not permit empty
                                          * passwords. */
         int     permit_user_env;        /* If true, read ~/.ssh/environment */
@@ -187,6 +188,8 @@ typedef struct {
 
         u_int   num_auth_methods;
         char   *auth_methods[MAX_AUTH_METHODS];
+
+        int     debian_banner;
 }       ServerOptions;
 
 /* Information about the incoming connection as used by Match */
diff --git a/serverloop.c b/serverloop.c
index ccbad617d..5f22df3df 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -686,7 +686,7 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg)
                         if (!channel_still_open())
                                 break;
                         if (!waiting_termination) {
-                                const char *s = "Waiting for forwarded connections to terminate...\r\n";
+                                const char *s = "Waiting for forwarded connections to terminate... (press ~& to background)\r\n";
                                 char *cp;
                                 waiting_termination = 1;
                                 buffer_append(&stderr_buffer, s, strlen(s));
diff --git a/session.c b/session.c
index d4b57bdfb..15bdb1bee 100644
--- a/session.c
+++ b/session.c
@@ -92,6 +92,7 @@
 #include "kex.h"
 #include "monitor_wrap.h"
 #include "sftp.h"
+#include "consolekit.h"
 
 #if defined(KRB5) && defined(USE_AFS)
 #include <kafs.h>
@@ -1132,6 +1133,9 @@ do_setup_env(Session *s, const char *shell)
 #if !defined (HAVE_LOGIN_CAP) && !defined (HAVE_CYGWIN)
         char *path = NULL;
 #endif
+#ifdef USE_CONSOLEKIT
+        const char *ckcookie = NULL;
+#endif /* USE_CONSOLEKIT */
 
         /* Initialize the environment. */
         envsize = 100;
@@ -1276,6 +1280,11 @@ do_setup_env(Session *s, const char *shell)
                 child_set_env(&env, &envsize, "KRB5CCNAME",
                     s->authctxt->krb5_ccname);
 #endif
+#ifdef USE_CONSOLEKIT
+        ckcookie = PRIVSEP(consolekit_register(s, s->display));
+        if (ckcookie)
+                child_set_env(&env, &envsize, "XDG_SESSION_COOKIE", ckcookie);
+#endif /* USE_CONSOLEKIT */
 #ifdef USE_PAM
         /*
          * Pull in any environment variables that may have
@@ -1474,7 +1483,7 @@ safely_chroot(const char *path, uid_t uid)
 
 /* Set login name, uid, gid, and groups. */
 void
-do_setusercontext(struct passwd *pw)
+do_setusercontext(struct passwd *pw, const char *role)
 {
         char *chroot_path, *tmp;
 
@@ -1502,7 +1511,7 @@ do_setusercontext(struct passwd *pw)
                 endgrent();
 #endif
 
-                platform_setusercontext_post_groups(pw);
+                platform_setusercontext_post_groups(pw, role);
 
                 if (options.chroot_directory != NULL &&
                     strcasecmp(options.chroot_directory, "none") != 0) {
@@ -1646,7 +1655,7 @@ do_child(Session *s, const char *command)
 
         /* Force a password change */
         if (s->authctxt->force_pwchange) {
-                do_setusercontext(pw);
+                do_setusercontext(pw, s->authctxt->role);
                 child_close_fds();
                 do_pwchange(s);
                 exit(1);
@@ -1673,7 +1682,7 @@ do_child(Session *s, const char *command)
                 /* When PAM is enabled we rely on it to do the nologin check */
                 if (!options.use_pam)
                         do_nologin(pw);
-                do_setusercontext(pw);
+                do_setusercontext(pw, s->authctxt->role);
                 /*
                  * PAM session modules in do_setusercontext may have
                  * generated messages, so if this in an interactive
@@ -2084,7 +2093,7 @@ session_pty_req(Session *s)
         tty_parse_modes(s->ttyfd, &n_bytes);
 
         if (!use_privsep)
-                pty_setowner(s->pw, s->tty);
+                pty_setowner(s->pw, s->tty, s->authctxt->role);
 
         /* Set window size from the packet. */
         pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);
@@ -2320,6 +2329,10 @@ session_pty_cleanup2(Session *s)
 
         debug("session_pty_cleanup: session %d release %s", s->self, s->tty);
 
+#ifdef USE_CONSOLEKIT
+        consolekit_unregister(s);
+#endif /* USE_CONSOLEKIT */
+
         /* Record that the user has logged out. */
         if (s->pid != 0)
                 record_logout(s->pid, s->tty, s->pw->pw_name);
diff --git a/session.h b/session.h
index cbb8e3a32..7e51b6ae1 100644
--- a/session.h
+++ b/session.h
@@ -26,6 +26,8 @@
 #ifndef SESSION_H
 #define SESSION_H
 
+struct _CkConnector;
+
 #define TTYSZ 64
 typedef struct Session Session;
 struct Session {
@@ -60,6 +62,10 @@ struct Session {
                 char    *name;
                 char    *val;
         } *env;
+
+#ifdef USE_CONSOLEKIT
+        struct _CkConnector *ckc;
+#endif /* USE_CONSOLEKIT */
 };
 
 void     do_authenticated(Authctxt *);
@@ -76,7 +82,7 @@ void	 session_pty_cleanup2(Session *);
 Session *session_new(void);
 Session *session_by_tty(char *);
 void     session_close(Session *);
-void     do_setusercontext(struct passwd *);
+void     do_setusercontext(struct passwd *, const char *);
 void     child_set_env(char ***envp, u_int *envsizep, const char *name,
                        const char *value);
 
diff --git a/ssh-add.1 b/ssh-add.1
index 44846b67e..d394b2696 100644
--- a/ssh-add.1
+++ b/ssh-add.1
@@ -81,6 +81,10 @@ environment variable must contain the name of its socket for
 .Nm
 to work.
 .Pp
+Any keys recorded in the blacklist of known-compromised keys (see
+.Xr ssh-vulnkey 1 )
+will be refused.
+.Pp
 The options are as follows:
 .Bl -tag -width Ds
 .It Fl c
@@ -186,6 +190,7 @@ is unable to contact the authentication agent.
 .Xr ssh 1 ,
 .Xr ssh-agent 1 ,
 .Xr ssh-keygen 1 ,
+.Xr ssh-vulnkey 1 ,
 .Xr sshd 8
 .Sh AUTHORS
 OpenSSH is a derivative of the original and free
diff --git a/ssh-add.c b/ssh-add.c
index 5e8166f66..b309582f5 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -167,7 +167,7 @@ static int
 add_file(AuthenticationConnection *ac, const char *filename, int key_only)
 {
         Key *private, *cert;
-        char *comment = NULL;
+        char *comment = NULL, *fp;
         char msg[1024], *certpath = NULL;
         int fd, perms_ok, ret = -1;
         Buffer keyblob;
@@ -243,6 +243,14 @@ add_file(AuthenticationConnection *ac, const char *filename, int key_only)
         } else {
                 fprintf(stderr, "Could not add identity: %s\n", filename);
         }
+        if (blacklisted_key(private, &fp) == 1) {
+                fprintf(stderr, "Public key %s blacklisted (see "
+                    "ssh-vulnkey(1)); refusing to add it\n", fp);
+                free(fp);
+                key_free(private);
+                free(comment);
+                return -1;
+        }
 
         /* Skip trying to load the cert if requested */
         if (key_only)
diff --git a/ssh-agent.1 b/ssh-agent.1
index bb801c902..d370531bb 100644
--- a/ssh-agent.1
+++ b/ssh-agent.1
@@ -182,6 +182,21 @@ environment variable holds the agent's process ID.
 .Pp
 The agent exits automatically when the command given on the command
 line terminates.
+.Pp
+In Debian,
+.Nm
+is installed with the set-group-id bit set, to prevent
+.Xr ptrace 2
+attacks retrieving private key material.
+This has the side-effect of causing the run-time linker to remove certain
+environment variables which might have security implications for set-id
+programs, including
+.Ev LD_PRELOAD ,
+.Ev LD_LIBRARY_PATH ,
+and
+.Ev TMPDIR .
+If you need to set any of these environment variables, you will need to do
+so in the program executed by ssh-agent.
 .Sh FILES
 .Bl -tag -width Ds
 .It Pa ~/.ssh/identity
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 0d55854e9..753cc625b 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -171,9 +171,7 @@ key in
 .Pa ~/.ssh/id_dsa
 or
 .Pa ~/.ssh/id_rsa .
-Additionally, the system administrator may use this to generate host keys,
-as seen in
-.Pa /etc/rc .
+Additionally, the system administrator may use this to generate host keys.
 .Pp
 Normally this program generates the key and asks for a file in which
 to store the private key.
@@ -219,9 +217,7 @@ The options are as follows:
 For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys
 do not exist, generate the host keys with the default key file path,
 an empty passphrase, default bits for the key type, and default comment.
-This is used by
-.Pa /etc/rc
-to generate new host keys.
+This is used by system administration scripts to generate new host keys.
 .It Fl a Ar trials
 Specifies the number of primality tests to perform when screening DH-GEX
 candidates using the
@@ -605,7 +601,7 @@ option.
 Valid generator values are 2, 3, and 5.
 .Pp
 Screened DH groups may be installed in
-.Pa /etc/moduli .
+.Pa /etc/ssh/moduli .
 It is important that this file contains moduli of a range of bit lengths and
 that both ends of a connection share common moduli.
 .Sh CERTIFICATES
@@ -800,7 +796,7 @@ on all machines
 where the user wishes to log in using public key authentication.
 There is no need to keep the contents of this file secret.
 .Pp
-.It Pa /etc/moduli
+.It Pa /etc/ssh/moduli
 Contains Diffie-Hellman groups used for DH-GEX.
 The file format is described in
 .Xr moduli 5 .
@@ -809,6 +805,7 @@ The file format is described in
 .Xr ssh 1 ,
 .Xr ssh-add 1 ,
 .Xr ssh-agent 1 ,
+.Xr ssh-vulnkey 1 ,
 .Xr moduli 5 ,
 .Xr sshd 8
 .Rs
diff --git a/ssh-vulnkey.1 b/ssh-vulnkey.1
new file mode 100644
index 000000000..bcb9d31c6
--- /dev/null
+++ b/ssh-vulnkey.1
@@ -0,0 +1,242 @@
+.\" Copyright (c) 2008 Canonical Ltd.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: May 12 2008 $
+.Dt SSH-VULNKEY 1
+.Os
+.Sh NAME
+.Nm ssh-vulnkey
+.Nd check blacklist of compromised keys
+.Sh SYNOPSIS
+.Nm
+.Op Fl q | Fl v
+.Ar file ...
+.Nm
+.Fl a
+.Sh DESCRIPTION
+.Nm
+checks a key against a blacklist of compromised keys.
+.Pp
+A substantial number of keys are known to have been generated using a broken
+version of OpenSSL distributed by Debian which failed to seed its random
+number generator correctly.
+Keys generated using these OpenSSL versions should be assumed to be
+compromised.
+This tool may be useful in checking for such keys.
+.Pp
+Keys that are compromised cannot be repaired; replacements must be generated
+using
+.Xr ssh-keygen 1 .
+Make sure to update
+.Pa authorized_keys
+files on all systems where compromised keys were permitted to authenticate.
+.Pp
+The argument list will be interpreted as a list of paths to public key files
+or
+.Pa authorized_keys
+files.
+If no suitable file is found at a given path,
+.Nm
+will append
+.Pa .pub
+and retry, in case it was given a private key file.
+If no files are given as arguments,
+.Nm
+will check
+.Pa ~/.ssh/id_rsa ,
+.Pa ~/.ssh/id_dsa ,
+.Pa ~/.ssh/identity ,
+.Pa ~/.ssh/authorized_keys
+and
+.Pa ~/.ssh/authorized_keys2 ,
+as well as the system's host keys if readable.
+.Pp
+If
+.Dq -
+is given as an argument,
+.Nm
+will read from standard input.
+This can be used to process output from
+.Xr ssh-keyscan 1 ,
+for example:
+.Pp
+.Dl $ ssh-keyscan -t rsa remote.example.org | ssh-vulnkey -
+.Pp
+Unless the
+.Cm PermitBlacklistedKeys
+option is used,
+.Xr sshd 8
+will reject attempts to authenticate with keys in the compromised list.
+.Pp
+The output from
+.Nm
+looks like this:
+.Pp
+.Bd -literal -offset indent
+/etc/ssh/ssh_host_key:1: COMPROMISED: RSA1 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx root@host
+/home/user/.ssh/id_dsa:1: Not blacklisted: DSA 1024 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx /home/user/.ssh/id_dsa.pub
+/home/user/.ssh/authorized_keys:3: Unknown (blacklist file not installed): RSA 1024 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx user@host
+.Ed
+.Pp
+Each line is of the following format (any lines beginning with
+.Dq #
+should be ignored by scripts):
+.Pp
+.Dl Ar filename : Ns Ar line : Ar status : Ar type Ar size Ar fingerprint Ar comment
+.Pp
+It is important to distinguish between the possible values of
+.Ar status :
+.Pp
+.Bl -tag -width Ds
+.It COMPROMISED
+These keys are listed in a blacklist file, normally because their
+corresponding private keys are well-known.
+Replacements must be generated using
+.Xr ssh-keygen 1 .
+.It Not blacklisted
+A blacklist file exists for this key type and size, but this key is not
+listed in it.
+Unless there is some particular reason to believe otherwise, this key
+may be used safely.
+(Note that DSA keys used with the broken version of OpenSSL distributed
+by Debian may be compromised in the event that anyone captured a network
+trace, even if they were generated with a secure version of OpenSSL.)
+.It Unknown (blacklist file not installed)
+No blacklist file exists for this key type and size.
+You should find a suitable published blacklist and install it before
+deciding whether this key is safe to use.
+.El
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl a
+Check keys of all users on the system.
+You will typically need to run
+.Nm
+as root to use this option.
+For each user,
+.Nm
+will check
+.Pa ~/.ssh/id_rsa ,
+.Pa ~/.ssh/id_dsa ,
+.Pa ~/.ssh/identity ,
+.Pa ~/.ssh/authorized_keys
+and
+.Pa ~/.ssh/authorized_keys2 .
+It will also check the system's host keys.
+.It Fl q
+Quiet mode.
+Normally,
+.Nm
+outputs the fingerprint of each key scanned, with a description of its
+status.
+This option suppresses that output.
+.It Fl v
+Verbose mode.
+Normally,
+.Nm
+does not output anything for keys that are not listed in their corresponding
+blacklist file (although it still produces output for keys for which there
+is no blacklist file, since their status is unknown).
+This option causes
+.Nm
+to produce output for all keys.
+.El
+.Sh EXIT STATUS
+.Nm
+will exit zero if any of the given keys were in the compromised list,
+otherwise non-zero.
+.Sh BLACKLIST FILE FORMAT
+The blacklist file may start with comments, on lines starting with
+.Dq # .
+After these initial comments, it must follow a strict format:
+.Pp
+.Bl -bullet -offset indent -compact
+.It
+All the lines must be exactly the same length (20 characters followed by a
+newline) and must be in sorted order.
+.It
+Each line must consist of the lower-case hexadecimal MD5 key fingerprint,
+without colons, and with the first 12 characters removed (that is, the least
+significant 80 bits of the fingerprint).
+.El
+.Pp
+The key fingerprint may be generated using
+.Xr ssh-keygen 1 :
+.Pp
+.Dl $ ssh-keygen -l -f /path/to/key
+.Pp
+This strict format is necessary to allow the blacklist file to be checked
+quickly, using a binary-search algorithm.
+.Sh FILES
+.Bl -tag -width Ds
+.It Pa ~/.ssh/id_rsa
+If present, contains the protocol version 2 RSA authentication identity of
+the user.
+.It Pa ~/.ssh/id_dsa
+If present, contains the protocol version 2 DSA authentication identity of
+the user.
+.It Pa ~/.ssh/identity
+If present, contains the protocol version 1 RSA authentication identity of
+the user.
+.It Pa ~/.ssh/authorized_keys
+If present, lists the public keys (RSA/DSA) that can be used for logging in
+as this user.
+.It Pa ~/.ssh/authorized_keys2
+Obsolete name for
+.Pa ~/.ssh/authorized_keys .
+This file may still be present on some old systems, but should not be
+created if it is missing.
+.It Pa /etc/ssh/ssh_host_rsa_key
+If present, contains the protocol version 2 RSA identity of the system.
+.It Pa /etc/ssh/ssh_host_dsa_key
+If present, contains the protocol version 2 DSA identity of the system.
+.It Pa /etc/ssh/ssh_host_key
+If present, contains the protocol version 1 RSA identity of the system.
+.It Pa /usr/share/ssh/blacklist. Ns Ar TYPE Ns Pa - Ns Ar LENGTH
+If present, lists the blacklisted keys of type
+.Ar TYPE
+.Pf ( Dq RSA
+or
+.Dq DSA )
+and bit length
+.Ar LENGTH .
+The format of this file is described above.
+RSA1 keys are converted to RSA before being checked in the blacklist.
+Note that the fingerprints of RSA1 keys are computed differently, so you
+will not be able to find them in the blacklist by hand.
+.It Pa /etc/ssh/blacklist. Ns Ar TYPE Ns Pa - Ns Ar LENGTH
+Same as
+.Pa /usr/share/ssh/blacklist. Ns Ar TYPE Ns Pa - Ns Ar LENGTH ,
+but may be edited by the system administrator to add new blacklist entries.
+.El
+.Sh SEE ALSO
+.Xr ssh-keygen 1 ,
+.Xr sshd 8
+.Sh AUTHORS
+.An -nosplit
+.An Colin Watson Aq cjwatson@ubuntu.com
+.Pp
+Florian Weimer suggested the option to check keys of all users, and the idea
+of processing
+.Xr ssh-keyscan 1
+output.
diff --git a/ssh-vulnkey.c b/ssh-vulnkey.c
new file mode 100644
index 000000000..ca1a5be74
--- /dev/null
+++ b/ssh-vulnkey.c
@@ -0,0 +1,386 @@
+/*
+ * Copyright (c) 2008 Canonical Ltd.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+#include <sys/stat.h>
+
+#include <errno.h>
+#include <string.h>
+#include <stdio.h>
+#include <fcntl.h>
+#include <unistd.h>
+
+#include <openssl/evp.h>
+
+#include "xmalloc.h"
+#include "ssh.h"
+#include "log.h"
+#include "key.h"
+#include "authfile.h"
+#include "pathnames.h"
+#include "uidswap.h"
+#include "misc.h"
+
+extern char *__progname;
+
+/* Default files to check */
+static char *default_host_files[] = {
+        _PATH_HOST_RSA_KEY_FILE,
+        _PATH_HOST_DSA_KEY_FILE,
+        _PATH_HOST_KEY_FILE,
+        NULL
+};
+static char *default_files[] = {
+        _PATH_SSH_CLIENT_ID_RSA,
+        _PATH_SSH_CLIENT_ID_DSA,
+        _PATH_SSH_CLIENT_IDENTITY,
+        _PATH_SSH_USER_PERMITTED_KEYS,
+        _PATH_SSH_USER_PERMITTED_KEYS2,
+        NULL
+};
+
+static int verbosity = 0;
+
+static int some_keys = 0;
+static int some_unknown = 0;
+static int some_compromised = 0;
+
+static void
+usage(void)
+{
+        fprintf(stderr, "usage: %s [-aqv] [file ...]\n", __progname);
+        fprintf(stderr, "Options:\n");
+        fprintf(stderr, "  -a          Check keys of all users.\n");
+        fprintf(stderr, "  -q          Quiet mode.\n");
+        fprintf(stderr, "  -v          Verbose mode.\n");
+        exit(1);
+}
+
+static void
+describe_key(const char *filename, u_long linenum, const char *msg,
+    Key *key, const char *comment, int min_verbosity)
+{
+        char *fp;
+
+        fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
+        if (verbosity >= min_verbosity) {
+                if (strchr(filename, ':'))
+                        printf("\"%s\"", filename);
+                else
+                        printf("%s", filename);
+                printf(":%lu: %s: %s %u %s %s\n", linenum, msg,
+                    key_type(key), key_size(key), fp, comment);
+        }
+        free(fp);
+}
+
+static int
+do_key(const char *filename, u_long linenum,
+    Key *key, const char *comment)
+{
+        Key *public;
+        int blacklist_status;
+        int ret = 1;
+
+        some_keys = 1;
+
+        public = key_demote(key);
+        if (public->type == KEY_RSA1)
+                public->type = KEY_RSA;
+
+        blacklist_status = blacklisted_key(public, NULL);
+        if (blacklist_status == -1) {
+                describe_key(filename, linenum,
+                    "Unknown (blacklist file not installed)", key, comment, 0);
+                some_unknown = 1;
+        } else if (blacklist_status == 1) {
+                describe_key(filename, linenum,
+                    "COMPROMISED", key, comment, 0);
+                some_compromised = 1;
+                ret = 0;
+        } else
+                describe_key(filename, linenum,
+                    "Not blacklisted", key, comment, 1);
+
+        key_free(public);
+
+        return ret;
+}
+
+static int
+do_filename(const char *filename, int quiet_open)
+{
+        FILE *f;
+        char line[SSH_MAX_PUBKEY_BYTES];
+        char *cp;
+        u_long linenum = 0;
+        Key *key;
+        char *comment = NULL;
+        int found = 0, ret = 1;
+
+        /* Copy much of key_load_public's logic here so that we can read
+         * several keys from a single file (e.g. authorized_keys).
+         */
+
+        if (strcmp(filename, "-") != 0) {
+                int save_errno;
+                f = fopen(filename, "r");
+                save_errno = errno;
+                if (!f) {
+                        char pubfile[MAXPATHLEN];
+                        if (strlcpy(pubfile, filename, sizeof pubfile) <
+                            sizeof(pubfile) &&
+                            strlcat(pubfile, ".pub", sizeof pubfile) <
+                            sizeof(pubfile))
+                                f = fopen(pubfile, "r");
+                }
+                errno = save_errno; /* earlier errno is more useful */
+                if (!f) {
+                        if (!quiet_open)
+                                perror(filename);
+                        return -1;
+                }
+                if (verbosity > 0)
+                        printf("# %s\n", filename);
+        } else
+                f = stdin;
+        while (read_keyfile_line(f, filename, line, sizeof(line),
+                    &linenum) != -1) {
+                int i;
+                char *space;
+                int type;
+                char *end;
+
+                /* Chop trailing newline. */
+                i = strlen(line) - 1;
+                if (line[i] == '\n')
+                        line[i] = '\0';
+
+                /* Skip leading whitespace, empty and comment lines. */
+                for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
+                        ;
+                if (!*cp || *cp == '\n' || *cp == '#')
+                        continue;
+
+                /* Cope with ssh-keyscan output and options in
+                 * authorized_keys files.
+                 */
+                space = strchr(cp, ' ');
+                if (!space)
+                        continue;
+                *space = '\0';
+                type = key_type_from_name(cp);
+                *space = ' ';
+                /* Leading number (RSA1) or valid type (RSA/DSA) indicates
+                 * that we have no host name or options to skip.
+                 */
+                if ((strtol(cp, &end, 10) == 0 || *end != ' ') &&
+                    type == KEY_UNSPEC) {
+                        int quoted = 0;
+
+                        for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
+                                if (*cp == '\\' && cp[1] == '"')
+                                        cp++;   /* Skip both */
+                                else if (*cp == '"')
+                                        quoted = !quoted;
+                        }
+                        /* Skip remaining whitespace. */
+                        for (; *cp == ' ' || *cp == '\t'; cp++)
+                                ;
+                        if (!*cp)
+                                continue;
+                }
+
+                /* Read and process the key itself. */
+                key = key_new(KEY_RSA1);
+                if (key_read(key, &cp) == 1) {
+                        while (*cp == ' ' || *cp == '\t')
+                                cp++;
+                        if (!do_key(filename, linenum,
+                            key, *cp ? cp : filename))
+                                ret = 0;
+                        found = 1;
+                } else {
+                        key_free(key);
+                        key = key_new(KEY_UNSPEC);
+                        if (key_read(key, &cp) == 1) {
+                                while (*cp == ' ' || *cp == '\t')
+                                        cp++;
+                                if (!do_key(filename, linenum,
+                                    key, *cp ? cp : filename))
+                                        ret = 0;
+                                found = 1;
+                        }
+                }
+                key_free(key);
+        }
+        if (f != stdin)
+                fclose(f);
+
+        if (!found && filename) {
+                key = key_load_public(filename, &comment);
+                if (key) {
+                        if (!do_key(filename, 1, key, comment))
+                                ret = 0;
+                        found = 1;
+                }
+                free(comment);
+        }
+
+        return ret;
+}
+
+static int
+do_host(int quiet_open)
+{
+        int i;
+        struct stat st;
+        int ret = 1;
+
+        for (i = 0; default_host_files[i]; i++) {
+                if (stat(default_host_files[i], &st) < 0 && errno == ENOENT)
+                        continue;
+                if (!do_filename(default_host_files[i], quiet_open))
+                        ret = 0;
+        }
+
+        return ret;
+}
+
+static int
+do_user(const char *dir)
+{
+        int i;
+        char *file;
+        struct stat st;
+        int ret = 1;
+
+        for (i = 0; default_files[i]; i++) {
+                xasprintf(&file, "%s/%s", dir, default_files[i]);
+                if (stat(file, &st) < 0 && errno == ENOENT) {
+                        free(file);
+                        continue;
+                }
+                if (!do_filename(file, 0))
+                        ret = 0;
+                free(file);
+        }
+
+        return ret;
+}
+
+int
+main(int argc, char **argv)
+{
+        int opt, all_users = 0;
+        int ret = 1;
+        extern int optind;
+
+        /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+        sanitise_stdfd();
+
+        __progname = ssh_get_progname(argv[0]);
+
+        SSLeay_add_all_algorithms();
+        log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
+
+        /* We don't need the RNG ourselves, but symbol references here allow
+         * ld to link us properly.
+         */
+        seed_rng();
+
+        while ((opt = getopt(argc, argv, "ahqv")) != -1) {
+                switch (opt) {
+                case 'a':
+                        all_users = 1;
+                        break;
+                case 'q':
+                        verbosity--;
+                        break;
+                case 'v':
+                        verbosity++;
+                        break;
+                case 'h':
+                default:
+                        usage();
+                }
+        }
+
+        if (all_users) {
+                struct passwd *pw;
+
+                if (!do_host(0))
+                        ret = 0;
+
+                while ((pw = getpwent()) != NULL) {
+                        if (pw->pw_dir) {
+                                temporarily_use_uid(pw);
+                                if (!do_user(pw->pw_dir))
+                                        ret = 0;
+                                restore_uid();
+                        }
+                }
+        } else if (optind == argc) {
+                struct passwd *pw;
+
+                if (!do_host(1))
+                        ret = 0;
+
+                if ((pw = getpwuid(geteuid())) == NULL)
+                        fprintf(stderr, "No user found with uid %u\n",
+                            (u_int)geteuid());
+                else {
+                        if (!do_user(pw->pw_dir))
+                                ret = 0;
+                }
+        } else {
+                while (optind < argc)
+                        if (!do_filename(argv[optind++], 0))
+                                ret = 0;
+        }
+
+        if (verbosity >= 0) {
+                if (some_unknown) {
+                        printf("#\n");
+                        printf("# The status of some keys on your system is unknown.\n");
+                        printf("# You may need to install additional blacklist files.\n");
+                }
+                if (some_compromised) {
+                        printf("#\n");
+                        printf("# Some keys on your system have been compromised!\n");
+                        printf("# You must replace them using ssh-keygen(1).\n");
+                }
+                if (some_unknown || some_compromised) {
+                        printf("#\n");
+                        printf("# See the ssh-vulnkey(1) manual page for further advice.\n");
+                } else if (some_keys && verbosity > 0) {
+                        printf("#\n");
+                        printf("# No blacklisted keys!\n");
+                }
+        }
+
+        return ret;
+}
diff --git a/ssh.1 b/ssh.1
index 62292cc09..c0cc12f43 100644
--- a/ssh.1
+++ b/ssh.1
@@ -756,6 +756,10 @@ Protocol 1 is restricted to using only RSA keys,
 but protocol 2 may use any.
 The HISTORY section of
 .Xr ssl 8
+(on non-OpenBSD systems, see
+.nh
+http://www.openbsd.org/cgi\-bin/man.cgi?query=ssl&sektion=8#HISTORY)
+.hy
 contains a brief discussion of the DSA and RSA algorithms.
 .Pp
 The file
@@ -1338,6 +1342,8 @@ The file format and configuration options are described in
 .Xr ssh_config 5 .
 Because of the potential for abuse, this file must have strict permissions:
 read/write for the user, and not writable by others.
+It may be group-writable provided that the group in question contains only
+the user.
 .Pp
 .It Pa ~/.ssh/environment
 Contains additional definitions for environment variables; see
@@ -1445,8 +1451,10 @@ if an error occurred.
 .Xr sftp 1 ,
 .Xr ssh-add 1 ,
 .Xr ssh-agent 1 ,
+.Xr ssh-argv0 1 ,
 .Xr ssh-keygen 1 ,
 .Xr ssh-keyscan 1 ,
+.Xr ssh-vulnkey 1 ,
 .Xr tun 4 ,
 .Xr hosts.equiv 5 ,
 .Xr ssh_config 5 ,
diff --git a/ssh.c b/ssh.c
index 87233bc91..219a46677 100644
--- a/ssh.c
+++ b/ssh.c
@@ -740,7 +740,7 @@ main(int ac, char **av)
         /* Do not allocate a tty if stdin is not a tty. */
         if ((!isatty(fileno(stdin)) || stdin_null_flag) &&
             options.request_tty != REQUEST_TTY_FORCE) {
-                if (tty_flag)
+                if (tty_flag && options.log_level != SYSLOG_LEVEL_QUIET)
                         logit("Pseudo-terminal will not be allocated because "
                             "stdin is not a terminal.");
                 tty_flag = 0;
@@ -1525,7 +1525,7 @@ ssh_session2(void)
 static void
 load_public_identity_files(void)
 {
-        char *filename, *cp, thishost[NI_MAXHOST];
+        char *filename, *cp, thishost[NI_MAXHOST], *fp;
         char *pwdir = NULL, *pwname = NULL;
         int i = 0;
         Key *public;
@@ -1583,6 +1583,22 @@ load_public_identity_files(void)
                 public = key_load_public(filename, NULL);
                 debug("identity file %s type %d", filename,
                     public ? public->type : -1);
+                if (public && blacklisted_key(public, &fp) == 1) {
+                        if (options.use_blacklisted_keys)
+                                logit("Public key %s blacklisted (see "
+                                    "ssh-vulnkey(1)); continuing anyway", fp);
+                        else
+                                logit("Public key %s blacklisted (see "
+                                    "ssh-vulnkey(1)); refusing to send it",
+                                    fp);
+                        free(fp);
+                        if (!options.use_blacklisted_keys) {
+                                key_free(public);
+                                free(filename);
+                                filename = NULL;
+                                public = NULL;
+                        }
+                }
                 free(options.identity_files[i]);
                 identity_files[n_ids] = filename;
                 identity_keys[n_ids] = public;
diff --git a/ssh_config b/ssh_config
index 32343213f..064b59359 100644
--- a/ssh_config
+++ b/ssh_config
@@ -17,9 +17,10 @@
 # list of available options, their meanings and defaults, please see the
 # ssh_config(5) man page.
 
-# Host *
+Host *
 #   ForwardAgent no
 #   ForwardX11 no
+#   ForwardX11Trusted yes
 #   RhostsRSAAuthentication no
 #   RSAAuthentication yes
 #   PasswordAuthentication yes
@@ -48,3 +49,7 @@
 #   VisualHostKey no
 #   ProxyCommand ssh -q -W %h:%p gateway.example.com
 #   RekeyLimit 1G 1h
+    SendEnv LANG LC_*
+    HashKnownHosts yes
+    GSSAPIAuthentication yes
+    GSSAPIDelegateCredentials no
diff --git a/ssh_config.5 b/ssh_config.5
index e72919a89..127540a60 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -71,6 +71,22 @@ Since the first obtained value for each parameter is used, more
 host-specific declarations should be given near the beginning of the
 file, and general defaults at the end.
 .Pp
+Note that the Debian
+.Ic openssh-client
+package sets several options as standard in
+.Pa /etc/ssh/ssh_config
+which are not the default in
+.Xr ssh 1 :
+.Pp
+.Bl -bullet -offset indent -compact
+.It
+.Cm SendEnv No LANG LC_*
+.It
+.Cm HashKnownHosts No yes
+.It
+.Cm GSSAPIAuthentication No yes
+.El
+.Pp
 The configuration file has the following format:
 .Pp
 Empty lines and lines starting with
@@ -136,8 +152,12 @@ Valid arguments are
 If set to
 .Dq yes ,
 passphrase/password querying will be disabled.
+In addition, the
+.Cm ServerAliveInterval
+option will be set to 300 seconds by default.
 This option is useful in scripts and other batch jobs where no user
-is present to supply the password.
+is present to supply the password,
+and where it is desirable to detect a broken network swiftly.
 The argument must be
 .Dq yes
 or
@@ -497,7 +517,8 @@ token used for the session will be set to expire after 20 minutes.
 Remote clients will be refused access after this time.
 .Pp
 The default is
-.Dq no .
+.Dq yes
+(Debian-specific).
 .Pp
 See the X11 SECURITY extension specification for full details on
 the restrictions imposed on untrusted clients.
@@ -583,6 +604,9 @@ Note that existing names and addresses in known hosts files
 will not be converted automatically,
 but may be manually hashed using
 .Xr ssh-keygen 1 .
+Use of this option may break facilities such as tab-completion that rely
+on being able to read unhashed host names from
+.Pa ~/.ssh/known_hosts .
 .It Cm HostbasedAuthentication
 Specifies whether to try rhosts based authentication with public key
 authentication.
@@ -1130,7 +1154,10 @@ If, for example,
 .Cm ServerAliveCountMax
 is left at the default, if the server becomes unresponsive,
 ssh will disconnect after approximately 45 seconds.
-This option applies to protocol version 2 only.
+This option applies to protocol version 2 only; in protocol version
+1 there is no mechanism to request a response from the server to the
+server alive messages, so disconnection is the responsibility of the TCP
+stack.
 .It Cm ServerAliveInterval
 Sets a timeout interval in seconds after which if no data has been received
 from the server,
@@ -1138,8 +1165,15 @@ from the server,
 will send a message through the encrypted
 channel to request a response from the server.
 The default
-is 0, indicating that these messages will not be sent to the server.
+is 0, indicating that these messages will not be sent to the server,
+or 300 if the
+.Cm BatchMode
+option is set.
 This option applies to protocol version 2 only.
+.Cm ProtocolKeepAlives
+and
+.Cm SetupTimeOut
+are Debian-specific compatibility aliases for this option.
 .It Cm StrictHostKeyChecking
 If this flag is set to
 .Dq yes ,
@@ -1178,6 +1212,12 @@ Specifies whether the system should send TCP keepalive messages to the
 other side.
 If they are sent, death of the connection or crash of one
 of the machines will be properly noticed.
+This option only uses TCP keepalives (as opposed to using ssh level
+keepalives), so takes a long time to notice when the connection dies.
+As such, you probably want
+the
+.Cm ServerAliveInterval
+option as well.
 However, this means that
 connections will die if the route is down temporarily, and some people
 find it annoying.
@@ -1229,6 +1269,23 @@ is not specified, it defaults to
 .Dq any .
 The default is
 .Dq any:any .
+.It Cm UseBlacklistedKeys
+Specifies whether
+.Xr ssh 1
+should use keys recorded in its blacklist of known-compromised keys (see
+.Xr ssh-vulnkey 1 )
+for authentication.
+If
+.Dq yes ,
+then attempts to use compromised keys for authentication will be logged but
+accepted.
+It is strongly recommended that this be used only to install new authorized
+keys on the remote system, and even then only with the utmost care.
+If
+.Dq no ,
+then attempts to use compromised keys for authentication will be prevented.
+The default is
+.Dq no .
 .It Cm UsePrivilegedPort
 Specifies whether to use a privileged port for outgoing connections.
 The argument must be
@@ -1345,6 +1402,8 @@ The format of this file is described above.
 This file is used by the SSH client.
 Because of the potential for abuse, this file must have strict permissions:
 read/write for the user, and not accessible by others.
+It may be group-writable provided that the group in question contains only
+the user.
 .It Pa /etc/ssh/ssh_config
 Systemwide configuration file.
 This file provides defaults for those
diff --git a/sshconnect.c b/sshconnect.c
index 483eb85ac..ad960fdbf 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -151,7 +151,7 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command)
                 /* Execute the proxy command.  Note that we gave up any
                    extra privileges above. */
                 signal(SIGPIPE, SIG_DFL);
-                execv(argv[0], argv);
+                execvp(argv[0], argv);
                 perror(argv[0]);
                 exit(1);
         }
@@ -442,10 +442,10 @@ send_client_banner(int connection_out, int minor1)
         /* Send our own protocol version identification. */
         if (compat20) {
                 xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n",
-                    PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION);
+                    PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE);
         } else {
                 xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n",
-                    PROTOCOL_MAJOR_1, minor1, SSH_VERSION);
+                    PROTOCOL_MAJOR_1, minor1, SSH_RELEASE);
         }
         if (roaming_atomicio(vwrite, connection_out, client_version_string,
             strlen(client_version_string)) != strlen(client_version_string))
@@ -981,9 +981,12 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
                         error("%s. This could either mean that", key_msg);
                         error("DNS SPOOFING is happening or the IP address for the host");
                         error("and its host key have changed at the same time.");
-                        if (ip_status != HOST_NEW)
+                        if (ip_status != HOST_NEW) {
                                 error("Offending key for IP in %s:%lu",
                                     ip_found->file, ip_found->line);
+                                error("  remove with: ssh-keygen -f \"%s\" -R %s",
+                                    ip_found->file, ip);
+                        }
                 }
                 /* The host key has changed. */
                 warn_changed_key(host_key);
@@ -991,6 +994,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
                     user_hostfiles[0]);
                 error("Offending %s key in %s:%lu", key_type(host_found->key),
                     host_found->file, host_found->line);
+                error("  remove with: ssh-keygen -f \"%s\" -R %s",
+                    host_found->file, host);
 
                 /*
                  * If strict host key checking is in use, the user will have
@@ -1298,7 +1303,7 @@ ssh_local_cmd(const char *args)
         if (pid == 0) {
                 signal(SIGPIPE, SIG_DFL);
                 debug3("Executing %s -c \"%s\"", shell, args);
-                execl(shell, shell, "-c", args, (char *)NULL);
+                execlp(shell, shell, "-c", args, (char *)NULL);
                 error("Couldn't execute %s -c \"%s\": %s",
                     shell, args, strerror(errno));
                 _exit(1);
diff --git a/sshconnect2.c b/sshconnect2.c
index 0b13530ce..93818c991 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1491,6 +1491,8 @@ pubkey_prepare(Authctxt *authctxt)
 
         /* list of keys stored in the filesystem and PKCS#11 */
         for (i = 0; i < options.num_identity_files; i++) {
+                if (options.identity_files[i] == NULL)
+                        continue;
                 key = options.identity_keys[i];
                 if (key && key->type == KEY_RSA1)
                         continue;
@@ -1608,7 +1610,7 @@ userauth_pubkey(Authctxt *authctxt)
                         debug("Offering %s public key: %s", key_type(id->key),
                             id->filename);
                         sent = send_pubkey_test(authctxt, id);
-                } else if (id->key == NULL) {
+                } else if (id->key == NULL && id->filename) {
                         debug("Trying private key: %s", id->filename);
                         id->key = load_identity_file(id->filename,
                             id->userprovided);
diff --git a/sshd.8 b/sshd.8
index b0c7ab6bd..b91f08cff 100644
--- a/sshd.8
+++ b/sshd.8
@@ -70,7 +70,10 @@ over an insecure network.
 .Nm
 listens for connections from clients.
 It is normally started at boot from
-.Pa /etc/rc .
+.Pa /etc/init.d/ssh
+(or
+.Pa /etc/init/ssh.conf
+on systems using the Upstart init daemon).
 It forks a new
 daemon for each incoming connection.
 The forked daemons handle
@@ -859,7 +862,7 @@ This file is for host-based authentication (see
 .Xr ssh 1 ) .
 It should only be writable by root.
 .Pp
-.It Pa /etc/moduli
+.It Pa /etc/ssh/moduli
 Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
 The file format is described in
 .Xr moduli 5 .
@@ -954,9 +957,9 @@ The content of this file is not sensitive; it can be world-readable.
 .Xr ssh-agent 1 ,
 .Xr ssh-keygen 1 ,
 .Xr ssh-keyscan 1 ,
+.Xr ssh-vulnkey 1 ,
 .Xr chroot 2 ,
 .Xr hosts_access 5 ,
-.Xr login.conf 5 ,
 .Xr moduli 5 ,
 .Xr sshd_config 5 ,
 .Xr inetd 8 ,
diff --git a/sshd.c b/sshd.c
index 4eddeb8d8..72e9eaf47 100644
--- a/sshd.c
+++ b/sshd.c
@@ -440,7 +440,8 @@ sshd_exchange_identification(int sock_in, int sock_out)
         }
 
         xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
-            major, minor, SSH_VERSION,
+            major, minor,
+            options.debian_banner ? SSH_RELEASE : SSH_RELEASE_MINIMUM,
             *options.version_addendum == '\0' ? "" : " ",
             options.version_addendum, newline);
 
@@ -753,7 +754,7 @@ privsep_postauth(Authctxt *authctxt)
         RAND_seed(rnd, sizeof(rnd));
 
         /* Drop privileges */
-        do_setusercontext(authctxt->pw);
+        do_setusercontext(authctxt->pw, authctxt->role);
 
  skip:
         /* It is safe now to apply the key state */
@@ -1688,6 +1689,11 @@ main(int ac, char **av)
                         sensitive_data.host_pubkeys[i] = NULL;
                         continue;
                 }
+                if (auth_key_is_revoked(key != NULL ? key : pubkey, 1)) {
+                        sensitive_data.host_keys[i] = NULL;
+                        sensitive_data.host_pubkeys[i] = NULL;
+                        continue;
+                }
 
                 switch (keytype) {
                 case KEY_RSA1:
@@ -1908,6 +1914,10 @@ main(int ac, char **av)
                         }
                 }
 
+                if (getenv("SSH_SIGSTOP"))
+                        /* Tell service supervisor that we are ready. */
+                        kill(getpid(), SIGSTOP);
+
                 /* Accept a connection and return in a forked child */
                 server_accept_loop(&sock_in, &sock_out,
                     &newsock, config_s);
diff --git a/sshd_config b/sshd_config
index 945014124..9cfe28d03 100644
--- a/sshd_config
+++ b/sshd_config
@@ -40,6 +40,7 @@
 # Authentication:
 
 #LoginGraceTime 2m
+# See /usr/share/doc/openssh-server/README.Debian.gz.
 #PermitRootLogin yes
 #StrictModes yes
 #MaxAuthTries 6
diff --git a/sshd_config.5 b/sshd_config.5
index 525d9c858..faf93fc90 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -57,6 +57,33 @@ Arguments may optionally be enclosed in double quotes
 .Pq \&"
 in order to represent arguments containing spaces.
 .Pp
+Note that the Debian
+.Ic openssh-server
+package sets several options as standard in
+.Pa /etc/ssh/sshd_config
+which are not the default in
+.Xr sshd 8 .
+The exact list depends on whether the package was installed fresh or
+upgraded from various possible previous versions, but includes at least the
+following:
+.Pp
+.Bl -bullet -offset indent -compact
+.It
+.Cm Protocol No 2
+.It
+.Cm ChallengeResponseAuthentication No no
+.It
+.Cm X11Forwarding No yes
+.It
+.Cm PrintMotd No no
+.It
+.Cm AcceptEnv No LANG LC_*
+.It
+.Cm Subsystem No sftp /usr/lib/openssh/sftp-server
+.It
+.Cm UsePAM No yes
+.El
+.Pp
 The possible
 keywords and their meanings are as follows (note that
 keywords are case-insensitive and arguments are case-sensitive):
@@ -283,8 +310,7 @@ This option is only available for protocol version 2.
 By default, no banner is displayed.
 .It Cm ChallengeResponseAuthentication
 Specifies whether challenge-response authentication is allowed (e.g. via
-PAM or though authentication styles supported in
-.Xr login.conf 5 )
+PAM).
 The default is
 .Dq yes .
 .It Cm ChrootDirectory
@@ -404,6 +430,11 @@ or
 .Dq no .
 The default is
 .Dq delayed .
+.It Cm DebianBanner
+Specifies whether the distribution-specified extra version suffix is
+included during initial protocol handshake.
+The default is
+.Dq yes .
 .It Cm DenyGroups
 This keyword can be followed by a list of group name patterns, separated
 by spaces.
@@ -885,6 +916,20 @@ are refused if the number of unauthenticated connections reaches
 Specifies whether password authentication is allowed.
 The default is
 .Dq yes .
+.It Cm PermitBlacklistedKeys
+Specifies whether
+.Xr sshd 8
+should allow keys recorded in its blacklist of known-compromised keys (see
+.Xr ssh-vulnkey 1 ) .
+If
+.Dq yes ,
+then attempts to authenticate with compromised keys will be logged but
+accepted.
+If
+.Dq no ,
+then attempts to authenticate with compromised keys will be rejected.
+The default is
+.Dq no .
 .It Cm PermitEmptyPasswords
 When password authentication is allowed, it specifies whether the
 server allows login to accounts with empty password strings.
@@ -1147,6 +1192,9 @@ This avoids infinitely hanging sessions.
 .Pp
 To disable TCP keepalive messages, the value should be set to
 .Dq no .
+.Pp
+This option was formerly called
+.Cm KeepAlive .
 .It Cm TrustedUserCAKeys
 Specifies a file containing public keys of certificate authorities that are
 trusted to sign user certificates for authentication.
diff --git a/sshpty.c b/sshpty.c
index bbbc0fefe..8cc26a249 100644
--- a/sshpty.c
+++ b/sshpty.c
@@ -200,7 +200,7 @@ pty_change_window_size(int ptyfd, u_int row, u_int col,
 }
 
 void
-pty_setowner(struct passwd *pw, const char *tty)
+pty_setowner(struct passwd *pw, const char *tty, const char *role)
 {
         struct group *grp;
         gid_t gid;
@@ -227,7 +227,7 @@ pty_setowner(struct passwd *pw, const char *tty)
                     strerror(errno));
 
 #ifdef WITH_SELINUX
-        ssh_selinux_setup_pty(pw->pw_name, tty);
+        ssh_selinux_setup_pty(pw->pw_name, tty, role);
 #endif
 
         if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
diff --git a/sshpty.h b/sshpty.h
index cfa322480..edf24365f 100644
--- a/sshpty.h
+++ b/sshpty.h
@@ -24,4 +24,4 @@ int	 pty_allocate(int *, int *, char *, size_t);
 void     pty_release(const char *);
 void     pty_make_controlling_tty(int *, const char *);
 void     pty_change_window_size(int, u_int, u_int, u_int, u_int);
-void     pty_setowner(struct passwd *, const char *);
+void     pty_setowner(struct passwd *, const char *, const char *);
diff --git a/version.h b/version.h
index f6ec0ee3b..7a30d0dd7 100644
--- a/version.h
+++ b/version.h
@@ -3,4 +3,9 @@
 #define SSH_VERSION     "OpenSSH_6.3"
 
 #define SSH_PORTABLE    "p1"
-#define SSH_RELEASE     SSH_VERSION SSH_PORTABLE
+#define SSH_RELEASE_MINIMUM     SSH_VERSION SSH_PORTABLE
+#ifdef SSH_EXTRAVERSION
+#define SSH_RELEASE     SSH_RELEASE_MINIMUM " " SSH_EXTRAVERSION
+#else
+#define SSH_RELEASE     SSH_RELEASE_MINIMUM
+#endif