1 files changed, 0 insertions, 132 deletions
diff --git a/UPGRADING b/UPGRADING
deleted file mode 100644
index df3a23e17..000000000
--- a/UPGRADING
+++ /dev/null
@@ -1,132 +0,0 @@
-[ A Japanese translation of this document is available at
-[ http://www.unixuser.org/%7Eharuyama/security/openssh/index.html
-[ Thanks to HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
-OpenSSH is almost completely compatible with the commercial SSH 1.2.x.
-There are, however, a few exceptions that you will need to bear in
-mind while upgrading:
-1. OpenSSH does not support any patented transport algorithms.
-Only 3DES and Blowfish can be selected. This difference may manifest
-itself in the ssh command refusing to read its config files.
-Solution: Edit /etc/ssh/ssh_config and select a different "Cipher"
-option ("3des" or "blowfish").
-2. Old versions of commercial SSH encrypt host keys with IDEA
-The old versions of SSH used a patented algorithm to encrypt their
-/etc/ssh/ssh_host_key
-This problem will manifest as sshd not being able to read its host
-key.
-Solution: You will need to run the *commercial* version of ssh-keygen
-on the host's private key:
-ssh-keygen -u -f /etc/ssh/ssh_host_key
-3. Incompatible changes to sshd_config format.
-OpenSSH extends the sshd_config file format in a number of ways. There
-is currently one change which is incompatible with the old.
-Commercial SSH controlled logging using the "QuietMode" and
-"FascistLogging" directives. OpenSSH introduces a more general set of
-logging options "SyslogFacility" and "LogLevel". See the sshd manual
-page for details.
-4. Warning messages about key lengths
-Commercial SSH's ssh-keygen program contained a bug which caused it to
-occasionally generate RSA keys which had their Most Significant Bit
-(MSB) unset. Such keys were advertised as being full-length, but are
-actually only half as secure.
-OpenSSH will print warning messages when it encounters such keys. To
-rid yourself of these message, edit you known_hosts files and replace
-the incorrect key length (usually "1024") with the correct key length
-(usually "1023").
-5. Spurious PAM authentication messages in logfiles
-OpenSSH will generate spurious authentication failures at every login, 
-similar to "authentication failure; (uid=0) -> root for sshd service".
-These are generated because OpenSSH first tries to determine whether a
-user needs authentication to login (e.g. empty password). Unfortunatly
-PAM likes to log all authentication events, this one included.
-If it annoys you too much, set "PermitEmptyPasswords no" in 
-sshd_config. This will quiet the error message at the expense of
-disabling logins to accounts with no password set. This is the 
-default if you use the supplied sshd_config file.
-6. Empty passwords not allowed with PAM authentication
-To enable empty passwords with a version of OpenSSH built with PAM you
-must add the flag "nullok" to the end of the password checking module
-in the /etc/pam.d/sshd file. For example:
-auth required/lib/security/pam_unix.so shadow nodelay nullok
-This must be done in addtion to setting "PermitEmptyPasswords yes"
-in the sshd_config file.
-There is one caveat when using empty passwords with PAM
-authentication: PAM will allow _any_ password when authenticating
-an account with an empty password. This breaks the check that sshd
-uses to determined whether an account has no password set and grant
-users access to the account regardless of the policy specified by
-"PermitEmptyPasswords". For this reason, it is recommended that you do
-not add the "nullok" directive to your PAM configuration file unless
-you specifically wish to allow empty passwords.
-7. X11 and/or agent forwarding does not work
-Check your ssh_config and sshd_config. The default configuration files
-disable authentication agent and X11 forwarding.
-8. ssh takes a long time to connect with Linux/glibc 2.1
-The glibc shipped with Redhat 6.1 appears to take a long time to resolve
-"IPv6 or IPv4" addresses from domain names. This can be kludged around 
-with the --with-ipv4-default configure option. This instructs OpenSSH to
-use IPv4-only address resolution. (IPv6 lookups may still be made by 
-specifying the -6 option).
-9. Logins from commercial ssh generate the error "Selected cipher type 
-    idea not supported by server"
-This error is generated when a commercial ssh which has been configured to
-use the 'idea' cipher attempts to connect to an OpenSSH server. To rectify 
-this, select a different cipher in ssh_config or ~/.ssh/config (3des for 
-security or blowfish for speed).
-10. "can't locate module net-pf-10" messages in log under Linux
-The Linux kernel is looking (via modprobe) for protocol family 10 (IPv6).
-Either 1. load the appropriate kernel module, 2. enter the correct alias
-in /etc/modules.conf or 3. disable IPv6 in /etc/modules.conf.
-For some silly reason /etc/modules.conf may also be named /etc/conf.modules
-11. Password authentication doesn't work on Slackware 7.0
-Configure OpenSSH with --with-md5-passwords
-12. ./configure or sshd complain about lack of RSA support
-Ensure that your OpenSSL libraries have been built to include RSA support
-either internally or through RSAref.
-13. "scp: command not found" errors
-scp must be in the default PATH on both the client and the server. You may
-need to use the --with-default-path option to specify a custom path to
-search on the server. This option replaces the default path, so you need
-to specify all the current directories on your path as well as where you
-have installed scp. For example: 
-./configure --with-default-path=/bin:/usr/bin:/usr/local/bin:/path/to/scp

diff --git a/UPGRADING b/UPGRADING deleted file mode 100644 index df3a23e17..000000000 --- a/UPGRADING +++ /dev/null
@@ -1,132 +0,0 @@
1	[ A Japanese translation of this document is available at
2	[ http://www.unixuser.org/%7Eharuyama/security/openssh/index.html
3	[ Thanks to HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
4
5	OpenSSH is almost completely compatible with the commercial SSH 1.2.x.
6	There are, however, a few exceptions that you will need to bear in
7	mind while upgrading:
8
9	1. OpenSSH does not support any patented transport algorithms.
10
11	Only 3DES and Blowfish can be selected. This difference may manifest
12	itself in the ssh command refusing to read its config files.
13
14	Solution: Edit /etc/ssh/ssh_config and select a different "Cipher"
15	option ("3des" or "blowfish").
16
17	2. Old versions of commercial SSH encrypt host keys with IDEA
18
19	The old versions of SSH used a patented algorithm to encrypt their
20	/etc/ssh/ssh_host_key
21
22	This problem will manifest as sshd not being able to read its host
23	key.
24
25	Solution: You will need to run the commercial version of ssh-keygen
26	on the host's private key:
27
28	ssh-keygen -u -f /etc/ssh/ssh_host_key
29
30	3. Incompatible changes to sshd_config format.
31
32	OpenSSH extends the sshd_config file format in a number of ways. There
33	is currently one change which is incompatible with the old.
34
35	Commercial SSH controlled logging using the "QuietMode" and
36	"FascistLogging" directives. OpenSSH introduces a more general set of
37	logging options "SyslogFacility" and "LogLevel". See the sshd manual
38	page for details.
39
40	4. Warning messages about key lengths
41
42	Commercial SSH's ssh-keygen program contained a bug which caused it to
43	occasionally generate RSA keys which had their Most Significant Bit
44	(MSB) unset. Such keys were advertised as being full-length, but are
45	actually only half as secure.
46
47	OpenSSH will print warning messages when it encounters such keys. To
48	rid yourself of these message, edit you known_hosts files and replace
49	the incorrect key length (usually "1024") with the correct key length
50	(usually "1023").
51
52	5. Spurious PAM authentication messages in logfiles
53
54	OpenSSH will generate spurious authentication failures at every login,
55	similar to "authentication failure; (uid=0) -> root for sshd service".
56	These are generated because OpenSSH first tries to determine whether a
57	user needs authentication to login (e.g. empty password). Unfortunatly
58	PAM likes to log all authentication events, this one included.
59
60	If it annoys you too much, set "PermitEmptyPasswords no" in
61	sshd_config. This will quiet the error message at the expense of
62	disabling logins to accounts with no password set. This is the
63	default if you use the supplied sshd_config file.
64
65	6. Empty passwords not allowed with PAM authentication
66
67	To enable empty passwords with a version of OpenSSH built with PAM you
68	must add the flag "nullok" to the end of the password checking module
69	in the /etc/pam.d/sshd file. For example:
70
71	auth required/lib/security/pam_unix.so shadow nodelay nullok
72
73	This must be done in addtion to setting "PermitEmptyPasswords yes"
74	in the sshd_config file.
75
76	There is one caveat when using empty passwords with PAM
77	authentication: PAM will allow _any_ password when authenticating
78	an account with an empty password. This breaks the check that sshd
79	uses to determined whether an account has no password set and grant
80	users access to the account regardless of the policy specified by
81	"PermitEmptyPasswords". For this reason, it is recommended that you do
82	not add the "nullok" directive to your PAM configuration file unless
83	you specifically wish to allow empty passwords.
84
85	7. X11 and/or agent forwarding does not work
86
87	Check your ssh_config and sshd_config. The default configuration files
88	disable authentication agent and X11 forwarding.
89
90	8. ssh takes a long time to connect with Linux/glibc 2.1
91
92	The glibc shipped with Redhat 6.1 appears to take a long time to resolve
93	"IPv6 or IPv4" addresses from domain names. This can be kludged around
94	with the --with-ipv4-default configure option. This instructs OpenSSH to
95	use IPv4-only address resolution. (IPv6 lookups may still be made by
96	specifying the -6 option).
97
98	9. Logins from commercial ssh generate the error "Selected cipher type
99	idea not supported by server"
100
101	This error is generated when a commercial ssh which has been configured to
102	use the 'idea' cipher attempts to connect to an OpenSSH server. To rectify
103	this, select a different cipher in ssh_config or ~/.ssh/config (3des for
104	security or blowfish for speed).
105
106	10. "can't locate module net-pf-10" messages in log under Linux
107
108	The Linux kernel is looking (via modprobe) for protocol family 10 (IPv6).
109	Either 1. load the appropriate kernel module, 2. enter the correct alias
110	in /etc/modules.conf or 3. disable IPv6 in /etc/modules.conf.
111
112	For some silly reason /etc/modules.conf may also be named /etc/conf.modules
113
114	11. Password authentication doesn't work on Slackware 7.0
115
116	Configure OpenSSH with --with-md5-passwords
117
118	12. ./configure or sshd complain about lack of RSA support
119
120	Ensure that your OpenSSL libraries have been built to include RSA support
121	either internally or through RSAref.
122
123	13. "scp: command not found" errors
124
125	scp must be in the default PATH on both the client and the server. You may
126	need to use the --with-default-path option to specify a custom path to
127	search on the server. This option replaces the default path, so you need
128	to specify all the current directories on your path as well as where you
129	have installed scp. For example:
130
131	./configure --with-default-path=/bin:/usr/bin:/usr/local/bin:/path/to/scp
132