1 files changed, 40 insertions, 2 deletions
diff --git a/README.md b/README.md
index 4e2624161..5b73d24c0 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,40 @@
+Portable OpenSSH with GSSAPI Key Exchange patches
+=================================================
+Currently, there are two branches with gssapi key exchange related
+patches:
+ * fedora/master: Changes that are shipped in Fedora
+ * debian/master: Changes that are shipped in Debian
+The target is to converge to a shared repository with single master
+branch from where we could build releases for both OSes.
+What is in:
+ * The original patch implementing missing parts of RFC4462 by Simon Wilkinson
+   adapted to the current OpenSSH versions and with several fixes
+ * New methods for GSSAPI Kex from IETF draft [1] from Jakub Jelen
+Missing kerberos-related parts:
+ * .k5login and .kusers support available in Fedora [2] [3].
+ * Improved handling of kerberos ccache location [4]
+[1] https://tools.ietf.org/html/draft-ietf-curdle-gss-keyex-sha2-08
+[2] https://src.fedoraproject.org/rpms/openssh/blob/master/f/openssh-6.6p1-kuserok.patch
+[3] https://src.fedoraproject.org/rpms/openssh/blob/master/f/openssh-6.6p1-GSSAPIEnablek5users.patch
+[4] https://bugzilla.mindrot.org/show_bug.cgi?id=2775
+-------------------------------------------------------------------------------
 # Portable OpenSSH
+[![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/openssh.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh)
 OpenSSH is a complete implementation of the SSH protocol (version 2) for secure remote login, command execution and file transfer. It includes a client ``ssh`` and server ``sshd``, file transfer utilities ``scp`` and ``sftp`` as well as tools for key generation (``ssh-keygen``), run-time key storage (``ssh-agent``) and a number of supporting programs.
 This is a port of OpenBSD's [OpenSSH](https://openssh.com) to most Unix-like operating systems, including Linux, OS X and Cygwin. Portable OpenSSH polyfills OpenBSD APIs that are not available elsewhere, adds sshd sandboxing for more operating systems and includes support for OS-native authentication and auditing (e.g. using PAM).
@@ -25,14 +60,16 @@ Stable release tarballs are available from a number of [download mirrors](https:
 ### Dependencies
-Portable OpenSSH is built using autoconf and make. It requires a working C compiler, standard library and headers, as well as [zlib](https://www.zlib.net/) and ``libcrypto`` from either [LibreSSL](https://www.libressl.org/) or [OpenSSL](https://www.openssl.org) to build. Certain platforms and build-time options may require additional dependencies.
+Portable OpenSSH is built using autoconf and make. It requires a working C compiler, standard library and headers, and [zlib](https://www.zlib.net/). ``libcrypto`` from either [LibreSSL](https://www.libressl.org/) or [OpenSSL](https://www.openssl.org) may also be used, but OpenSSH may be built without it supporting a subset of crypto algorithms.
+FIDO security token support need [libfido2](https://github.com/Yubico/libfido2) and its dependencies. Also, certain platforms and build-time options may require additional dependencies, see README.platform for details.
 ### Building a release
 Releases include a pre-built copy of the ``configure`` script and may be built using:
 ```
-tar zxvf openssh-X.Y.tar.gz
+tar zxvf openssh-X.YpZ.tar.gz
 cd openssh
 ./configure # [options]
 make && make tests
@@ -64,6 +101,7 @@ Flag | Meaning
 ``--with-libedit`` | Enable [libedit](https://www.thrysoee.dk/editline/) support for sftp.
 ``--with-kerberos5`` | Enable Kerberos/GSSAPI support. Both [Heimdal](https://www.h5l.org/) and [MIT](https://web.mit.edu/kerberos/) Kerberos implementations are supported.
 ``--with-selinux`` | Enable [SELinux](https://en.wikipedia.org/wiki/Security-Enhanced_Linux) support.
+``--with-security-key-builtin`` | Include built-in support for U2F/FIDO2 security keys. This requires [libfido2](https://github.com/Yubico/libfido2) be installed.
 ## Development

diff --git a/README.md b/README.md index 4e2624161..5b73d24c0 100644 --- a/README.md +++ b/README.md
@@ -1,5 +1,40 @@
		1	Portable OpenSSH with GSSAPI Key Exchange patches
		2	=================================================
		3
		4	Currently, there are two branches with gssapi key exchange related
		5	patches:
		6
		7	* fedora/master: Changes that are shipped in Fedora
		8	* debian/master: Changes that are shipped in Debian
		9
		10	The target is to converge to a shared repository with single master
		11	branch from where we could build releases for both OSes.
		12
		13
		14	What is in:
		15
		16	* The original patch implementing missing parts of RFC4462 by Simon Wilkinson
		17	adapted to the current OpenSSH versions and with several fixes
		18	* New methods for GSSAPI Kex from IETF draft [1] from Jakub Jelen
		19
		20
		21	Missing kerberos-related parts:
		22
		23	* .k5login and .kusers support available in Fedora [2] [3].
		24	* Improved handling of kerberos ccache location [4]
		25
		26
		27	[1] https://tools.ietf.org/html/draft-ietf-curdle-gss-keyex-sha2-08
		28	[2] https://src.fedoraproject.org/rpms/openssh/blob/master/f/openssh-6.6p1-kuserok.patch
		29	[3] https://src.fedoraproject.org/rpms/openssh/blob/master/f/openssh-6.6p1-GSSAPIEnablek5users.patch
		30	[4] https://bugzilla.mindrot.org/show_bug.cgi?id=2775
		31
		32	-------------------------------------------------------------------------------
		33
1	# Portable OpenSSH	34	# Portable OpenSSH
2		35
		36	[![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/openssh.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh)
		37
3	OpenSSH is a complete implementation of the SSH protocol (version 2) for secure remote login, command execution and file transfer. It includes a client ``ssh`` and server ``sshd``, file transfer utilities ``scp`` and ``sftp`` as well as tools for key generation (``ssh-keygen``), run-time key storage (``ssh-agent``) and a number of supporting programs.	38	OpenSSH is a complete implementation of the SSH protocol (version 2) for secure remote login, command execution and file transfer. It includes a client ``ssh`` and server ``sshd``, file transfer utilities ``scp`` and ``sftp`` as well as tools for key generation (``ssh-keygen``), run-time key storage (``ssh-agent``) and a number of supporting programs.
4		39
5	This is a port of OpenBSD's [OpenSSH](https://openssh.com) to most Unix-like operating systems, including Linux, OS X and Cygwin. Portable OpenSSH polyfills OpenBSD APIs that are not available elsewhere, adds sshd sandboxing for more operating systems and includes support for OS-native authentication and auditing (e.g. using PAM).	40	This is a port of OpenBSD's [OpenSSH](https://openssh.com) to most Unix-like operating systems, including Linux, OS X and Cygwin. Portable OpenSSH polyfills OpenBSD APIs that are not available elsewhere, adds sshd sandboxing for more operating systems and includes support for OS-native authentication and auditing (e.g. using PAM).
@@ -25,14 +60,16 @@ Stable release tarballs are available from a number of [download mirrors](https:
25		60
26	### Dependencies	61	### Dependencies
27		62
28	Portable OpenSSH is built using autoconf and make. It requires a working C compiler, standard library and headers, as well as [zlib](https://www.zlib.net/) and ``libcrypto`` from either [LibreSSL](https://www.libressl.org/) or [OpenSSL](https://www.openssl.org) to build. Certain platforms and build-time options may require additional dependencies.	63	Portable OpenSSH is built using autoconf and make. It requires a working C compiler, standard library and headers, and [zlib](https://www.zlib.net/). ``libcrypto`` from either [LibreSSL](https://www.libressl.org/) or [OpenSSL](https://www.openssl.org) may also be used, but OpenSSH may be built without it supporting a subset of crypto algorithms.
		64
		65	FIDO security token support need [libfido2](https://github.com/Yubico/libfido2) and its dependencies. Also, certain platforms and build-time options may require additional dependencies, see README.platform for details.
29		66
30	### Building a release	67	### Building a release
31		68
32	Releases include a pre-built copy of the ``configure`` script and may be built using:	69	Releases include a pre-built copy of the ``configure`` script and may be built using:
33		70
34	```	71	```
35	tar zxvf openssh-X.Y.tar.gz	72	tar zxvf openssh-X.YpZ.tar.gz
36	cd openssh	73	cd openssh
37	./configure # [options]	74	./configure # [options]
38	make && make tests	75	make && make tests
@@ -64,6 +101,7 @@ Flag \| Meaning
64	``--with-libedit`` \| Enable [libedit](https://www.thrysoee.dk/editline/) support for sftp.	101	``--with-libedit`` \| Enable [libedit](https://www.thrysoee.dk/editline/) support for sftp.
65	``--with-kerberos5`` \| Enable Kerberos/GSSAPI support. Both [Heimdal](https://www.h5l.org/) and [MIT](https://web.mit.edu/kerberos/) Kerberos implementations are supported.	102	``--with-kerberos5`` \| Enable Kerberos/GSSAPI support. Both [Heimdal](https://www.h5l.org/) and [MIT](https://web.mit.edu/kerberos/) Kerberos implementations are supported.
66	``--with-selinux`` \| Enable [SELinux](https://en.wikipedia.org/wiki/Security-Enhanced_Linux) support.	103	``--with-selinux`` \| Enable [SELinux](https://en.wikipedia.org/wiki/Security-Enhanced_Linux) support.
		104	``--with-security-key-builtin`` \| Include built-in support for U2F/FIDO2 security keys. This requires [libfido2](https://github.com/Yubico/libfido2) be installed.
67		105
68	## Development	106	## Development
69		107