12 files changed, 739 insertions, 150 deletions
diff --git a/contrib/Makefile b/contrib/Makefile
new file mode 100644
index 000000000..2cef46f6c
--- /dev/null
+++ b/contrib/Makefile
@@ -0,0 +1,15 @@
+all:
+        @echo "Valid targets: gnome-ssh-askpass1 gnome-ssh-askpass2"
+gnome-ssh-askpass1: gnome-ssh-askpass1.c
+        $(CC) `gnome-config --cflags gnome gnomeui` \
+                gnome-ssh-askpass1.c -o gnome-ssh-askpass1 \
+                `gnome-config --libs gnome gnomeui`
+gnome-ssh-askpass2: gnome-ssh-askpass2.c
+        $(CC) `pkg-config --cflags gtk+-2.0` \
+                gnome-ssh-askpass2.c -o gnome-ssh-askpass2 \
+                `pkg-config --libs gtk+-2.0`
+clean:
+        rm -f *.o gnome-ssh-askpass1 gnome-ssh-askpass2 gnome-ssh-askpass
diff --git a/contrib/README b/contrib/README
index 648bb2f3a..67dbbd277 100644
--- a/contrib/README
+++ b/contrib/README
@@ -1,30 +1,39 @@
 Other patches and addons for OpenSSH. Please send submissions to 
-djm@ibs.com.au
+djm@mindrot.org
-Elsewhere
+Externally maintained
---------
+---------------------
-http://www.imasy.or.jp/~gotoh/connect.c is a Unix and Windows 
+SSH Proxy Command -- connect.c
-ProxyCommand which allows OpenSSH to make connections through a SOCKS5
-or http proxy which supports the CONNECT method (eg. Squid).
-In this directory
+Shun-ichi GOTO <gotoh@imasy.or.jp> has written a very useful ProxyCommand
-----------------
+which allows the use of outbound SSH from behind a SOCKS4, SOCKS5 or 
+https CONNECT style proxy server. His page for connect.c has extensive
+documentation on its use as well as compiled versions for Win32.
-chroot.diff: 
+http://www.taiyo.co.jp/~gotoh/ssh/connect.html
-Due to the fact the patch is never in sync with the rest of the tree.  It was
-removed. 
+X11 SSH Askpass:
+Jim Knoble <jmknoble@pobox.com> has written an excellent X11
+passphrase requester. This is highly recommended:
+http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/index.html
+In this directory
+-----------------
 ssh-copy-id:
 Phil Hands' <phil@hands.com> shell script to automate the process of adding
 your public key to a remote machine's ~/.ssh/authorized_keys file.
-gnome-ssh-askpass:
+gnome-ssh-askpass[12]:
-A GNOME passphrase requester of my own creation. Compilation instructions
+A GNOME and Gtk2 passphrase requesters. Use "make gnome-ssh-askpass1" or
-are in the top of the file.
+"make gnome-ssh-askpass2" to build.
 sshd.pam.generic:
@@ -43,19 +52,9 @@ Contributed by Mark D. Roth <roth@feep.net>
 redhat:
-RPM spec file an scripts for building Redhat packages
+RPM spec file and scripts for building Redhat packages
 suse:
-RPM spec file an scripts for building SuSE packages
+RPM spec file and scripts for building SuSE packages
-Externally maintained
---------------------
-X11 SSH Askpass:
-Jim Knoble <jmknoble@pobox.com> has written an excellent X11
-passphrase requester. This is highly recommended:
-http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/index.html
diff --git a/contrib/aix/buildbff.sh b/contrib/aix/buildbff.sh
index d531e53f4..5c09c6b75 100755
--- a/contrib/aix/buildbff.sh
+++ b/contrib/aix/buildbff.sh
@@ -18,6 +18,16 @@ X11_FORWARDING=no
 umask 022
+startdir=`pwd`
+# Path to inventory.sh: same place as buildbff.sh
+if  echo $0 | egrep '^/'
+then
+        inventory=`dirname $0`/inventory.sh             # absolute path
+else
+        inventory=`pwd`/`dirname $0`/inventory.sh       # relative path
+fi
 #
 # We still support running from contrib/aix, but this is depreciated
 #
@@ -45,14 +55,6 @@ objdir=`pwd`
 PKGNAME=openssh
 PKGDIR=package
-# Path to inventory.sh: same place as buildbff.sh
-if  echo $0 | egrep '^/'
-then
-        inventory=`dirname $0`/inventory.sh             # absolute path
-else
-        inventory=`pwd`/`dirname $0`/inventory.sh       # relative path
-fi
 #
 # Collect local configuration settings to override defaults
 #
@@ -328,15 +330,10 @@ rm -f $PKGNAME-$VERSION.bff
 ) | backup  -i -q -f ../$PKGNAME-$VERSION.bff $filelist
 #
-# Move package into final location
+# Move package into final location and clean up
 #
-if [ "$contribaix" = "1" ]
+mv ../$PKGNAME-$VERSION.bff $startdir
-then
+cd $startdir
-        mv ../$PKGNAME-$VERSION.bff $objdir/contrib/aix
-else
-        mv ../$PKGNAME-$VERSION.bff $objdir
-fi
 rm -rf $objdir/$PKGDIR
 echo $0: done.
diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec
index e7473947e..b7de22e8b 100644
--- a/contrib/caldera/openssh.spec
+++ b/contrib/caldera/openssh.spec
@@ -17,7 +17,7 @@
 #old cvs stuff.  please update before use.  may be deprecated.
 %define use_stable      1
 %if %{use_stable}
-  %define version       3.4p1
+  %define version       3.5p1
  %define cvs           %{nil}
  %define release       2
 %else
@@ -181,8 +181,6 @@ CFLAGS="$RPM_OPT_FLAGS" \
            --with-pam \
            --with-tcp-wrappers \
            --with-ipv4-default \
-            --sysconfdir=%{_sysconfdir}/ssh \
-            --libexecdir=%{_libexecdir}/openssh \
            --with-privsep-path=%{_var}/empty/sshd \
            #leave this line for easy edits.
@@ -355,4 +353,4 @@ fi
 * Mon Jan 01 1998 ...
 Template Version: 1.31
-$Id: openssh.spec,v 1.36 2002/06/26 13:57:13 djm Exp $
+$Id: openssh.spec,v 1.38 2002/10/03 01:56:59 djm Exp $
diff --git a/contrib/cygwin/README b/contrib/cygwin/README
index 9021ba2b0..71ea3455f 100644
--- a/contrib/cygwin/README
+++ b/contrib/cygwin/README
@@ -1,6 +1,30 @@
 This package is the actual port of OpenSSH to Cygwin 1.3.
 ===========================================================================
+Important change since 3.4p1-2:
+This version adds privilege separation as default setting, see
+/usr/doc/openssh/README.privsep.  According to that document the
+privsep feature requires a non-privileged account called 'sshd'.
+The new ssh-host-config file which is part of this version asks
+to create 'sshd' as local user if you want to use privilege
+separation.  If you confirm, it creates that NT user and adds
+the necessary entry to /etc/passwd.
+On 9x/Me systems the script just sets UsePrivilegeSeparation to "no"
+since that feature doesn't make any sense on a system which doesn't
+differ between privileged and unprivileged users.
+The new ssh-host-config script also adds the /var/empty directory
+needed by privilege separation.  When creating the /var/empty directory
+by yourself, please note that in contrast to the README.privsep document
+the owner sshould not be "root" but the user which is running sshd.  So,
+in the standard configuration this is SYSTEM.  The ssh-host-config script
+chowns /var/empty accordingly.
+===========================================================================
+===========================================================================
 Important change since 3.0.1p1-2:
 This version introduces the ability to register sshd as service on
diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config
index da6011267..4df5aa969 100644
--- a/contrib/cygwin/ssh-host-config
+++ b/contrib/cygwin/ssh-host-config
@@ -18,6 +18,11 @@ progname=$0
 auto_answer=""
 port_number=22
+privsep_configured=no
+privsep_used=yes
+sshd_in_passwd=no
+sshd_in_sam=no
 request()
 {
  if [ "${auto_answer}" = "yes" ]
@@ -90,6 +95,10 @@ do
  esac
 done
+# Check if running on NT
+_sys="`uname -a`"
+_nt=`expr "$_sys" : "CYGWIN_NT"`
 # Check for running ssh/sshd processes first. Refuse to do anything while
 # some ssh processes are still running
@@ -98,7 +107,7 @@ then
  echo
  echo "There are still ssh processes running. Please shut them down first."
  echo
-  #exit 1
+  exit 1
 fi
 # Check for ${SYSCONFDIR} directory
@@ -126,6 +135,39 @@ then
  fi
 fi
+# Create /var/log and /var/log/lastlog if not already existing
+if [ -f /var/log ]
+then
+  echo "Creating /var/log failed\!"
+else
+  if [ ! -d /var/log ]
+  then
+    mkdir -p /var/log
+  fi
+  if [ -d /var/log/lastlog ]
+  then
+    echo "Creating /var/log/lastlog failed\!"
+  elif [ ! -f /var/log/lastlog ]
+  then
+    cat /dev/null > /var/log/lastlog
+  fi
+fi
+# Create /var/empty file used as chroot jail for privilege separation
+if [ -f /var/empty ]
+then
+  echo "Creating /var/empty failed\!"
+else
+  mkdir -p /var/empty
+  # On NT change ownership of that dir to user "system"
+  if [ $_nt -gt 0 ]
+  then
+    chmod 755 /var/empty
+    chown system.system /var/empty
+  fi
+fi
 # Check for an old installation in ${OLDPREFIX} unless ${OLDPREFIX} isn't
 # the same as ${PREFIX}
@@ -219,9 +261,10 @@ if [ ! -f "${SYSCONFDIR}/ssh_config" ]
 then
  echo "Generating ${SYSCONFDIR}/ssh_config file"
  cat > ${SYSCONFDIR}/ssh_config << EOF
-# This is ssh client systemwide configuration file.  This file provides 
+# This is the ssh client system-wide configuration file.  See
-# defaults for users, and the values can be changed in per-user configuration
+# ssh_config(5) for more information.  This file provides defaults for
-# files or on the command line.
+# users, and the values can be changed in per-user configuration files
+# or on the command line.
 # Configuration data is parsed as follows:
 #  1. command line options
@@ -237,20 +280,19 @@ then
 #   ForwardAgent no
 #   ForwardX11 no
 #   RhostsAuthentication no
-#   RhostsRSAAuthentication yes
+#   RhostsRSAAuthentication no
 #   RSAAuthentication yes
 #   PasswordAuthentication yes
-#   FallBackToRsh no
-#   UseRsh no
 #   BatchMode no
 #   CheckHostIP yes
-#   StrictHostKeyChecking yes
+#   StrictHostKeyChecking ask
 #   IdentityFile ~/.ssh/identity
 #   IdentityFile ~/.ssh/id_dsa
 #   IdentityFile ~/.ssh/id_rsa
 #   Port 22
 #   Protocol 2,1
-#   Cipher blowfish
+#   Cipher 3des
+#   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
 #   EscapeChar ~
 EOF
  if [ "$port_number" != "22" ]
@@ -271,17 +313,75 @@ then
    then
      echo "Can't overwrite. ${SYSCONFDIR}/sshd_config is write protected."
    fi
+  else
+    grep -q UsePrivilegeSeparation ${SYSCONFDIR}/sshd_config && privsep_configured=yes
  fi
 fi
-# Create default sshd_config from here script
+# Prior to creating or modifying sshd_config, care for privilege separation
+if [ "$privsep_configured" != "yes" ]
+then
+  if [ $_nt -gt 0 ]
+  then
+    echo "Privilege separation is set to yes by default since OpenSSH 3.3."
+    echo "However, this requires a non-privileged account called 'sshd'."
+    echo "For more info on privilege separation read /usr/doc/openssh/README.privsep."
+    echo
+    if request "Shall privilege separation be used?"
+    then
+      privsep_used=yes
+      grep -q '^sshd:' ${SYSCONFDIR}/passwd && sshd_in_passwd=yes
+      net user sshd >/dev/null 2>&1 && sshd_in_sam=yes
+      if [ "$sshd_in_passwd" != "yes" ]
+      then
+        if [ "$sshd_in_sam" != "yes" ]
+        then
+          echo "Warning: The following function requires administrator privileges!"
+          if request "Shall this script create a local user 'sshd' on this machine?"
+          then
+            dos_var_empty=`cygpath -w /var/empty`
+            net user sshd /add /fullname:"sshd privsep" "/homedir:$dos_var_empty" /active:no > /dev/null 2>&1 && sshd_in_sam=yes
+            if [ "$sshd_in_sam" != "yes" ]
+            then
+              echo "Warning: Creating the user 'sshd' failed!"
+            fi
+          fi
+        fi
+        if [ "$sshd_in_sam" != "yes" ]
+        then
+          echo "Warning: Can't create user 'sshd' in ${SYSCONFDIR}/passwd!"
+          echo "         Privilege separation set to 'no' again!"
+          echo "         Check your ${SYSCONFDIR}/sshd_config file!"
+          privsep_used=no
+        else
+          mkpasswd -l -u sshd | sed -e 's/bash$/false/' >> ${SYSCONFDIR}/passwd
+        fi
+      fi
+    else
+      privsep_used=no
+    fi
+  else
+    # On 9x don't use privilege separation.  Since security isn't
+    # available it just adds useless addtional processes.
+    privsep_used=no
+  fi
+fi
+# Create default sshd_config from here script or modify to add the
+# missing privsep configuration option
 if [ ! -f "${SYSCONFDIR}/sshd_config" ]
 then
  echo "Generating ${SYSCONFDIR}/sshd_config file"
  cat > ${SYSCONFDIR}/sshd_config << EOF
-# This is the sshd server system-wide configuration file.  See sshd(8)
+# This is the sshd server system-wide configuration file.  See
-# for more information.
+# sshd_config(5) for more information.
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options change a
+# default value.
 Port $port_number
 #Protocol 2,1
@@ -289,66 +389,77 @@ Port $port_number
 #ListenAddress ::
 # HostKey for protocol version 1
-HostKey /etc/ssh_host_key
+#HostKey ${SYSCONFDIR}/ssh_host_key
 # HostKeys for protocol version 2
-HostKey /etc/ssh_host_rsa_key
+#HostKey ${SYSCONFDIR}/ssh_host_rsa_key
-HostKey /etc/ssh_host_dsa_key
+#HostKey ${SYSCONFDIR}/ssh_host_dsa_key
 # Lifetime and size of ephemeral version 1 server ke
-KeyRegenerationInterval 3600
+#KeyRegenerationInterval 3600
-ServerKeyBits 768
+#ServerKeyBits 768
 # Logging
-SyslogFacility AUTH
-LogLevel INFO
 #obsoletes QuietMode and FascistLogging
+#SyslogFacility AUTH
+#LogLevel INFO
 # Authentication:
-LoginGraceTime 600
+#LoginGraceTime 600
-PermitRootLogin yes
+#PermitRootLogin yes
 # The following setting overrides permission checks on host key files
 # and directories. For security reasons set this to "yes" when running
 # NT/W2K, NTFS and CYGWIN=ntsec.
 StrictModes no
-RSAAuthentication yes
+#RSAAuthentication yes
-PubkeyAuthentication yes
+#PubkeyAuthentication yes
 #AuthorizedKeysFile     %h/.ssh/authorized_keys
 # rhosts authentication should not be used
-RhostsAuthentication no
+#RhostsAuthentication no
 # Don't read ~/.rhosts and ~/.shosts files
-IgnoreRhosts yes
+#IgnoreRhosts yes
-# For this to work you will also need host keys in /etc/ssh_known_hosts
+# For this to work you will also need host keys in ${SYSCONFDIR}/ssh_known_hosts
-RhostsRSAAuthentication no
+#RhostsRSAAuthentication no
 # similar for protocol version 2
-HostbasedAuthentication no
+#HostbasedAuthentication no
-# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
+# Change to yes if you don't trust ~/.ssh/known_hosts for
-#IgnoreUserKnownHosts yes
+# RhostsRSAAuthentication and HostbasedAuthentication
+#IgnoreUserKnownHosts no
 # To disable tunneled clear text passwords, change to no here!
-PasswordAuthentication yes
+#PasswordAuthentication yes
-PermitEmptyPasswords no
+#PermitEmptyPasswords no
-X11Forwarding no
+# Change to no to disable s/key passwords
-X11DisplayOffset 10
+#ChallengeResponseAuthentication yes
-PrintMotd yes
-#PrintLastLog no
+#X11Forwarding no
-KeepAlive yes
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PrintMotd yes
+#PrintLastLog yes
+#KeepAlive yes
 #UseLogin no
+UsePrivilegeSeparation $privsep_used
+#Compression yes
-#MaxStartups 10:30:60
+#MaxStartups 10
-#Banner /etc/issue.net
+# no default banner path
-#ReverseMappingCheck yes
+#Banner /some/path
+#VerifyReverseMapping no
+# override default of no subsystems
 Subsystem      sftp    /usr/sbin/sftp-server
 EOF
+elif [ "$privsep_configured" != "yes" ]
+then
+  echo >> ${SYSCONFDIR}/sshd_config
+  echo "UsePrivilegeSeparation $privsep_used" >> ${SYSCONFDIR}/sshd_config
 fi
 # Care for services file
-_sys="`uname -a`"
-_nt=`expr "$_sys" : "CYGWIN_NT"`
 if [ $_nt -gt 0 ]
 then
  _wservices="${SYSTEMROOT}\\system32\\drivers\\etc\\services"
@@ -403,8 +514,8 @@ umount "${_services}"
 umount "${_serv_tmp}"
 # Care for inetd.conf file
-_inetcnf="/etc/inetd.conf"
+_inetcnf="${SYSCONFDIR}/inetd.conf"
-_inetcnf_tmp="/etc/inetd.conf.$$"
+_inetcnf_tmp="${SYSCONFDIR}/inetd.conf.$$"
 if [ -f "${_inetcnf}" ]
 then
@@ -442,25 +553,6 @@ then
  fi
 fi
-# Create /var/log and /var/log/lastlog if not already existing
-if [ -f /var/log ]
-then
-  echo "Creating /var/log failed\!"
-else
-  if [ ! -d /var/log ]
-  then
-    mkdir /var/log
-  fi
-  if [ -d /var/log/lastlog ]
-  then
-    echo "Creating /var/log/lastlog failed\!"
-  elif [ ! -f /var/log/lastlog ]
-  then
-    cat /dev/null > /var/log/lastlog
-  fi
-fi
 # On NT ask if sshd should be installed as service
 if [ $_nt -gt 0 ]
 then
@@ -477,7 +569,7 @@ then
    [ -z "${_cygwin}" ] && _cygwin="binmode ntsec tty"
    if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=${_cygwin}"
    then
-      chown system /etc/ssh*
+      chown system ${SYSCONFDIR}/ssh*
      echo
      echo "The service has been installed under LocalSystem account."
    fi
diff --git a/contrib/gnome-ssh-askpass1.c b/contrib/gnome-ssh-askpass1.c
new file mode 100644
index 000000000..b6b342b84
--- /dev/null
+++ b/contrib/gnome-ssh-askpass1.c
@@ -0,0 +1,171 @@
+/*
+ * Copyright (c) 2000-2002 Damien Miller.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+/*
+ * This is a simple GNOME SSH passphrase grabber. To use it, set the 
+ * environment variable SSH_ASKPASS to point to the location of 
+ * gnome-ssh-askpass before calling "ssh-add < /dev/null". 
+ *
+ * There is only two run-time options: if you set the environment variable
+ * "GNOME_SSH_ASKPASS_GRAB_SERVER=true" then gnome-ssh-askpass will grab
+ * the X server. If you set "GNOME_SSH_ASKPASS_GRAB_POINTER=true", then the 
+ * pointer will be grabbed too. These may have some benefit to security if 
+ * you don't trust your X server. We grab the keyboard always.
+ */
+/*
+ * Compile with:
+ *
+ * cc `gnome-config --cflags gnome gnomeui` \
+ *    gnome-ssh-askpass1.c -o gnome-ssh-askpass \
+ *    `gnome-config --libs gnome gnomeui`
+ *
+ */
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <gnome.h>
+#include <X11/Xlib.h>
+#include <gdk/gdkx.h>
+void
+report_failed_grab (void)
+{
+        GtkWidget *err;
+        err = gnome_message_box_new("Could not grab keyboard or mouse.\n"
+                "A malicious client may be eavesdropping on your session.",
+                                    GNOME_MESSAGE_BOX_ERROR, "EXIT", NULL);
+        gtk_window_set_position(GTK_WINDOW(err), GTK_WIN_POS_CENTER);
+        gtk_object_set(GTK_OBJECT(err), "type", GTK_WINDOW_POPUP, NULL);
+        gnome_dialog_run_and_close(GNOME_DIALOG(err));
+}
+int
+passphrase_dialog(char *message)
+{
+        char *passphrase;
+        char **messages;
+        int result, i, grab_server, grab_pointer;
+        GtkWidget *dialog, *entry, *label;
+        grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL);
+        grab_pointer = (getenv("GNOME_SSH_ASKPASS_GRAB_POINTER") != NULL);
+        dialog = gnome_dialog_new("OpenSSH", GNOME_STOCK_BUTTON_OK,
+            GNOME_STOCK_BUTTON_CANCEL, NULL);
+        messages = g_strsplit(message, "\\n", 0);
+        if (messages)
+                for(i = 0; messages[i]; i++) {
+                        label = gtk_label_new(messages[i]);
+                        gtk_box_pack_start(GTK_BOX(GNOME_DIALOG(dialog)->vbox),
+                            label, FALSE, FALSE, 0);
+                }
+        entry = gtk_entry_new();
+        gtk_box_pack_start(GTK_BOX(GNOME_DIALOG(dialog)->vbox), entry, FALSE, 
+            FALSE, 0);
+        gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE);
+        gtk_widget_grab_focus(entry);
+        /* Center window and prepare for grab */
+        gtk_object_set(GTK_OBJECT(dialog), "type", GTK_WINDOW_POPUP, NULL);
+        gnome_dialog_set_default(GNOME_DIALOG(dialog), 0);
+        gtk_window_set_position (GTK_WINDOW(dialog), GTK_WIN_POS_CENTER);
+        gtk_window_set_policy(GTK_WINDOW(dialog), FALSE, FALSE, TRUE);
+        gnome_dialog_close_hides(GNOME_DIALOG(dialog), TRUE);
+        gtk_container_set_border_width(GTK_CONTAINER(GNOME_DIALOG(dialog)->vbox),
+            GNOME_PAD);
+        gtk_widget_show_all(dialog);
+        /* Grab focus */
+        if (grab_server)
+                XGrabServer(GDK_DISPLAY());
+        if (grab_pointer && gdk_pointer_grab(dialog->window, TRUE, 0, 
+            NULL, NULL, GDK_CURRENT_TIME))
+                goto nograb;
+        if (gdk_keyboard_grab(dialog->window, FALSE, GDK_CURRENT_TIME))
+                goto nograbkb;
+        /* Make <enter> close dialog */
+        gnome_dialog_editable_enters(GNOME_DIALOG(dialog), GTK_EDITABLE(entry));
+        /* Run dialog */
+        result = gnome_dialog_run(GNOME_DIALOG(dialog));
+        /* Ungrab */
+        if (grab_server)
+                XUngrabServer(GDK_DISPLAY());
+        if (grab_pointer)
+                gdk_pointer_ungrab(GDK_CURRENT_TIME);
+        gdk_keyboard_ungrab(GDK_CURRENT_TIME);
+        gdk_flush();
+        /* Report passphrase if user selected OK */
+        passphrase = gtk_entry_get_text(GTK_ENTRY(entry));
+        if (result == 0)
+                puts(passphrase);
+                
+        /* Zero passphrase in memory */
+        memset(passphrase, '\0', strlen(passphrase));
+        gtk_entry_set_text(GTK_ENTRY(entry), passphrase);
+                        
+        gnome_dialog_close(GNOME_DIALOG(dialog));
+        return (result == 0 ? 0 : -1);
+        /* At least one grab failed - ungrab what we got, and report
+           the failure to the user.  Note that XGrabServer() cannot
+           fail.  */
+ nograbkb:
+        gdk_pointer_ungrab(GDK_CURRENT_TIME);
+ nograb:
+        if (grab_server)
+                XUngrabServer(GDK_DISPLAY());
+        gnome_dialog_close(GNOME_DIALOG(dialog));
+        
+        report_failed_grab();
+        return (-1);
+}
+int
+main(int argc, char **argv)
+{
+        char *message;
+        int result;
+        gnome_init("GNOME ssh-askpass", "0.1", argc, argv);
+        if (argc == 2)
+                message = argv[1];
+        else
+                message = "Enter your OpenSSH passphrase:";
+        setvbuf(stdout, 0, _IONBF, 0);
+        result = passphrase_dialog(message);
+        return (result);
+}
diff --git a/contrib/gnome-ssh-askpass2.c b/contrib/gnome-ssh-askpass2.c
new file mode 100644
index 000000000..89a412aa8
--- /dev/null
+++ b/contrib/gnome-ssh-askpass2.c
@@ -0,0 +1,204 @@
+/*
+ * Copyright (c) 2000-2002 Damien Miller.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+/* GTK2 support by Nalin Dahyabhai <nalin@redhat.com> */
+/*
+ * This is a simple GNOME SSH passphrase grabber. To use it, set the 
+ * environment variable SSH_ASKPASS to point to the location of 
+ * gnome-ssh-askpass before calling "ssh-add < /dev/null". 
+ *
+ * There is only two run-time options: if you set the environment variable
+ * "GNOME_SSH_ASKPASS_GRAB_SERVER=true" then gnome-ssh-askpass will grab
+ * the X server. If you set "GNOME_SSH_ASKPASS_GRAB_POINTER=true", then the 
+ * pointer will be grabbed too. These may have some benefit to security if 
+ * you don't trust your X server. We grab the keyboard always.
+ */
+/*
+ * Compile with:
+ *
+ * cc `pkg-config --cflags gtk+-2.0` \
+ *    gnome-ssh-askpass2.c -o gnome-ssh-askpass \
+ *    `pkg-config --libs gtk+-2.0`
+ *
+ */
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <X11/Xlib.h>
+#include <gtk/gtk.h>
+#include <gdk/gdkx.h>
+static void
+report_failed_grab (const char *what)
+{
+        GtkWidget *err;
+        err = gtk_message_dialog_new(NULL, 0,
+                                     GTK_MESSAGE_ERROR,
+                                     GTK_BUTTONS_CLOSE,
+                                     "Could not grab %s. "
+                                     "A malicious client may be eavesdropping "
+                                     "on your session.", what);
+        gtk_window_set_position(GTK_WINDOW(err), GTK_WIN_POS_CENTER);
+        gtk_label_set_line_wrap(GTK_LABEL((GTK_MESSAGE_DIALOG(err))->label),
+                                TRUE);
+        gtk_dialog_run(GTK_DIALOG(err));
+        gtk_widget_destroy(err);
+}
+static void
+ok_dialog(GtkWidget *entry, gpointer dialog)
+{
+        g_return_if_fail(GTK_IS_DIALOG(dialog));
+        gtk_dialog_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK);
+}
+static int
+passphrase_dialog(char *message)
+{
+        const char *failed;
+        char *passphrase, *local;
+        char **messages;
+        int result, i, grab_server, grab_pointer;
+        GtkWidget *dialog, *entry, *label;
+        GdkGrabStatus status;
+        grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL);
+        grab_pointer = (getenv("GNOME_SSH_ASKPASS_GRAB_POINTER") != NULL);
+        dialog = gtk_message_dialog_new(NULL, 0,
+                                        GTK_MESSAGE_QUESTION,
+                                        GTK_BUTTONS_OK_CANCEL,
+                                        "%s",
+                                        message);
+        entry = gtk_entry_new();
+        gtk_box_pack_start(GTK_BOX(GTK_DIALOG(dialog)->vbox), entry, FALSE, 
+            FALSE, 0);
+        gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE);
+        gtk_widget_grab_focus(entry);
+        gtk_widget_show(entry);
+        gtk_window_set_title(GTK_WINDOW(dialog), "OpenSSH");
+        gtk_window_set_position (GTK_WINDOW(dialog), GTK_WIN_POS_CENTER);
+        gtk_label_set_line_wrap(GTK_LABEL((GTK_MESSAGE_DIALOG(dialog))->label),
+                                TRUE);
+        /* Make <enter> close dialog */
+        gtk_dialog_set_default_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK);
+        g_signal_connect(G_OBJECT(entry), "activate",
+                         G_CALLBACK(ok_dialog), dialog);
+        /* Grab focus */
+        gtk_widget_show_now(dialog);
+        if (grab_server) {
+                gdk_x11_grab_server();
+        }
+        if (grab_pointer) {
+                status =  gdk_pointer_grab((GTK_WIDGET(dialog))->window, TRUE,
+                                           0, NULL, NULL, GDK_CURRENT_TIME);
+                if (status != GDK_GRAB_SUCCESS) {
+                        failed = "mouse";
+                        goto nograb;
+                }
+        }
+        status = gdk_keyboard_grab((GTK_WIDGET(dialog))->window, FALSE,
+                                   GDK_CURRENT_TIME);
+        if (status != GDK_GRAB_SUCCESS) {
+                failed = "keyboard";
+                goto nograbkb;
+        }
+        result = gtk_dialog_run(GTK_DIALOG(dialog));
+        /* Ungrab */
+        if (grab_server)
+                XUngrabServer(GDK_DISPLAY());
+        if (grab_pointer)
+                gdk_pointer_ungrab(GDK_CURRENT_TIME);
+        gdk_keyboard_ungrab(GDK_CURRENT_TIME);
+        gdk_flush();
+        /* Report passphrase if user selected OK */
+        passphrase = g_strdup(gtk_entry_get_text(GTK_ENTRY(entry)));
+        if (result == GTK_RESPONSE_OK) {
+                local = g_locale_from_utf8(passphrase, strlen(passphrase),
+                                           NULL, NULL, NULL);
+                if (local != NULL) {
+                        puts(local);
+                        memset(local, '\0', strlen(local));
+                        g_free(local);
+                } else {
+                        puts(passphrase);
+                }
+        }
+                
+        /* Zero passphrase in memory */
+        memset(passphrase, '\b', strlen(passphrase));
+        gtk_entry_set_text(GTK_ENTRY(entry), passphrase);
+        memset(passphrase, '\0', strlen(passphrase));
+        g_free(passphrase);
+                        
+        gtk_widget_destroy(dialog);
+        return (result == GTK_RESPONSE_OK ? 0 : -1);
+        /* At least one grab failed - ungrab what we got, and report
+           the failure to the user.  Note that XGrabServer() cannot
+           fail.  */
+ nograbkb:
+        gdk_pointer_ungrab(GDK_CURRENT_TIME);
+ nograb:
+        if (grab_server)
+                XUngrabServer(GDK_DISPLAY());
+        gtk_widget_destroy(dialog);
+        
+        report_failed_grab(failed);
+        return (-1);
+}
+int
+main(int argc, char **argv)
+{
+        char *message;
+        int result;
+        gtk_init(&argc, &argv);
+        if (argc > 1) {
+                message = g_strjoinv(" ", argv + 1);
+        } else {
+                message = g_strdup("Enter your OpenSSH passphrase:");
+        }
+        setvbuf(stdout, 0, _IONBF, 0);
+        result = passphrase_dialog(message);
+        g_free(message);
+        return (result);
+}
diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec
index b73fb929f..e7005064d 100644
--- a/contrib/redhat/openssh.spec
+++ b/contrib/redhat/openssh.spec
@@ -1,4 +1,4 @@
-%define ver 3.4p1
+%define ver 3.5p1
 %define rel 1
 # OpenSSH privilege separation requires a user & group ID
@@ -20,6 +20,9 @@
 # Do we want smartcard support (1=yes 0=no)
 %define scard 0
+# Use GTK2 instead of GNOME in gnome-ssh-askpass
+%define gtk2 0
 # Is this build for RHL 6.x?
 %define build6x 0
@@ -86,7 +89,7 @@ PreReq: initscripts >= 5.20
 %endif
 BuildPreReq: perl, openssl-devel, sharutils, tcp_wrappers
 BuildPreReq: /bin/login
-%if %{build6x}
+%if ! %{build6x}
 BuildPreReq: glibc-devel, pam
 %else
 BuildPreReq: db1-devel, /usr/include/security/pam_appl.h
@@ -95,7 +98,7 @@ BuildPreReq: db1-devel, /usr/include/security/pam_appl.h
 BuildPreReq: XFree86-devel
 %endif
 %if ! %{no_gnome_askpass}
-BuildPreReq: gnome-libs-devel
+BuildPreReq: pkgconfig
 %endif
 %if %{kerberos5}
 BuildPreReq: krb5-devel
@@ -220,11 +223,23 @@ make
 popd
 %endif
+# Define a variable to toggle gnome1/gtk2 building.  This is necessary
+# because RPM doesn't handle nested %if statements.
+%if %{gtk2}
+        gtk2=yes
+%else
+        gtk2=no
+%endif
 %if ! %{no_gnome_askpass}
 pushd contrib
-gcc $RPM_OPT_FLAGS `gnome-config --cflags gnome gnomeui` \
+if [ $gtk2 = yes ] ; then
-        gnome-ssh-askpass.c -o gnome-ssh-askpass \
+        make gnome-ssh-askpass2
-        `gnome-config --libs gnome gnomeui`
+        mv gnome-ssh-askpass2 gnome-ssh-askpass
+else
+        make gnome-ssh-askpass1
+        mv gnome-ssh-askpass1 gnome-ssh-askpass
+fi
 popd
 %endif
@@ -255,6 +270,10 @@ ln -s x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/ssh-askpass
 install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass
 %endif
+%if ! %{scard}
+         rm -f $RPM_BUILD_ROOT/usr/share/openssh/Ssh.bin
+%endif
 install -m 755 -d $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
 install -m 755 contrib/redhat/gnome-ssh-askpass.csh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
 install -m 755 contrib/redhat/gnome-ssh-askpass.sh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
@@ -338,7 +357,7 @@ fi
 %attr(-,root,root) %{_bindir}/slogin
 %attr(-,root,root) %{_mandir}/man1/slogin.1*
 %if ! %{rescue}
-%attr(0755,root,root) %{_bindir}/ssh-agent
+%attr(2755,root,nobody) %{_bindir}/ssh-agent
 %attr(0755,root,root) %{_bindir}/ssh-add
 %attr(0755,root,root) %{_bindir}/ssh-keyscan
 %attr(0755,root,root) %{_bindir}/sftp
@@ -381,6 +400,12 @@ fi
 %endif
 %changelog
+* Wed Oct 01 2002 Damien Miller <djm@mindrot.org>
+- Install ssh-agent setgid nobody to prevent ptrace() key theft attacks
+* Mon Sep 30 2002 Damien Miller <djm@mindrot.org>
+- Use contrib/ Makefile for building askpass programs
 * Fri Jun 21 2002 Damien Miller <djm@mindrot.org>
 - Merge in spec changes from seba@iq.pl (Sebastian Pachuta)
 - Add new {ssh,sshd}_config.5 manpages
diff --git a/contrib/solaris/buildpkg.sh b/contrib/solaris/buildpkg.sh
index 1be6ed8d1..c41b3f963 100755
--- a/contrib/solaris/buildpkg.sh
+++ b/contrib/solaris/buildpkg.sh
@@ -11,13 +11,18 @@ umask 022
 # Options for building the package
 # You can create a config.local with your customized options
 #
-# uncommenting TEST_DIR and using configure--prefix=/var/tmp and 
+# uncommenting TEST_DIR and using
+# configure --prefix=/var/tmp --with-privsep-path=/var/tmp/empty
+# and 
 # PKGNAME=tOpenSSH should allow testing a package without interfering
-# with a real OpenSSH package on a system.
+# with a real OpenSSH package on a system. This is not needed on systems
+# that support the -R option to pkgadd.
 #TEST_DIR=/var/tmp      # leave commented out for production build
 PKGNAME=OpenSSH
 SYSVINIT_NAME=opensshd
 MAKE=${MAKE:="make"}
+SSHDUID=67      # Default privsep uid
+SSHDGID=67      # Default privsep gid
 # uncomment these next two as needed
 #PERMIT_ROOT_LOGIN=no
 #X11_FORWARDING=yes
@@ -55,7 +60,7 @@ SYSTEM_DIR="/etc	\
 /var/tmp                \
 /tmp"
-# We may need to buiild as root so we make sure PATH is set up
+# We may need to build as root so we make sure PATH is set up
 # only set the path if it's not set already
 [ -d /usr/local/bin ]  &&  {
        echo $PATH | grep ":/usr/local/bin"  > /dev/null 2>&1
@@ -96,6 +101,19 @@ do
        eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2`
 done
+## Collect value of privsep user
+for confvar in SSH_PRIVSEP_USER
+do
+        eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' config.h`
+done
+## Set privsep defaults if not defined
+if [ -z "$SSH_PRIVSEP_USER" ]
+then
+        SSH_PRIVSEP_USER=sshd
+fi
 ## Extract common info requires for the 'info' part of the package.
 VERSION=`./ssh -V 2>&1 | sed -e 's/,.*//'`
@@ -106,7 +124,8 @@ case ${UNAME_S} in
                RCS_D=yes
                DEF_MSG="(default: n)"
                ;;
-        *)      ARCH=`uname -m` ;;
+        *)      ARCH=`uname -m`
+                DEF_MSG="\n" ;;
 esac
 ## Setup our run level stuff while we are at it.
@@ -171,13 +190,16 @@ echo "Building postinstall file..."
 cat > postinstall << _EOF
 #! /sbin/sh
 #
-[ -f ${sysconfdir}/ssh_config ]  ||  \\
+[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config ]  ||  \\
-        cp -p ${sysconfdir}/ssh_config.default ${sysconfdir}/ssh_config
+        cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config.default \\
-[ -f ${sysconfdir}/sshd_config ]  ||  \\
+                \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config
-        cp -p ${sysconfdir}/sshd_config.default ${sysconfdir}/sshd_config
+[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config ]  ||  \\
-[ -f ${sysconfdir}/ssh_prng_cmds.default ]  &&  {
+        cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config.default \\
-        [ -f ${sysconfdir}/ssh_prng_cmds ]  ||  \\
+                \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config
-        cp -p ${sysconfdir}/ssh_prng_cmds.default ${sysconfdir}/ssh_prng_cmds
+[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default ]  &&  {
+        [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds ]  ||  \\
+        cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default \\
+                \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds
 }
 # make rc?.d dirs only if we are doing a test install
@@ -191,23 +213,75 @@ cat > postinstall << _EOF
 if [ "\${USE_SYM_LINKS}" = yes ]
 then
        [ "$RCS_D" = yes ]  &&  \
-installf ${PKGNAME} $TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
+installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
-        installf ${PKGNAME} $TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
+        installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
-        installf ${PKGNAME} $TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
+        installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
-        installf ${PKGNAME} $TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
+        installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
 else
        [ "$RCS_D" = yes ]  &&  \
-installf ${PKGNAME} $TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
+installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
-        installf ${PKGNAME} $TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
+        installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
-        installf ${PKGNAME} $TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
+        installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
-        installf ${PKGNAME} $TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
+        installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
 fi
 # If piddir doesn't exist we add it. (Ie. --with-pid-dir=/var/opt/ssh)
-[ -d $piddir ]  ||  installf ${PKGNAME} $TEST_DIR$piddir d 755 root sys
+[ -d $piddir ]  ||  installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR$piddir d 755 root sys
 installf -f ${PKGNAME}
+# Use chroot to handle PKG_INSTALL_ROOT
+if [ ! -z "\${PKG_INSTALL_ROOT}" ]
+then
+        chroot="chroot \${PKG_INSTALL_ROOT}"
+fi
+# If this is a test build, we will skip the groupadd/useradd/passwd commands
+if [ ! -z "${TEST_DIR}" ]
+then
+        chroot=echo
+fi
+if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' \${PKG_INSTALL_ROOT}/$sysconfdir/sshd_config >/dev/null
+then
+        echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user"
+        echo "or group."
+else
+        echo "UsePrivilegeSeparation enabled in config (or defaulting to on)."
+        # create group if required
+        if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
+        then
+                echo "PrivSep group $SSH_PRIVSEP_USER already exists."
+        else
+                # Use gid of 67 if possible
+                if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSHDGID'\$' >/dev/null
+                then
+                        :
+                else
+                        sshdgid="-g $SSHDGID"
+                fi
+                echo "Creating PrivSep group $SSH_PRIVSEP_USER."
+                \$chroot /usr/sbin/groupadd \$sshdgid $SSH_PRIVSEP_USER
+        fi
+        # Create user if required
+        if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
+        then
+                echo "PrivSep user $SSH_PRIVSEP_USER already exists."
+        else
+                # Use uid of 67 if possible
+                if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSHDGID'\$' >/dev/null
+                then
+                        :
+                else
+                        sshduid="-u $SSHDUID"
+                fi
+                echo "Creating PrivSep user $SSH_PRIVSEP_USER."
+                \$chroot /usr/sbin/useradd -c 'SSHD PrivSep User' -s /bin/false -g $SSH_PRIVSEP_USER \$sshduid $SSH_PRIVSEP_USER
+                \$chroot /usr/bin/passwd -l $SSH_PRIVSEP_USER
+        fi
+fi
 [ "\${POST_INS_START}" = "yes" ]  &&  ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start
 exit 0
 _EOF
diff --git a/contrib/solaris/opensshd.in b/contrib/solaris/opensshd.in
index 212254dc8..e7ca2489f 100755
--- a/contrib/solaris/opensshd.in
+++ b/contrib/solaris/opensshd.in
@@ -3,11 +3,8 @@
 #
 # Stripped PRNGd out of it for the time being.
-AWK=/usr/bin/awk
 CAT=/usr/bin/cat
 KILL=/usr/bin/kill
-PS=/usr/bin/ps
-XARGS=/usr/bin/xargs
 prefix=%%openSSHDir%%
 etcdir=%%configDir%%
@@ -20,12 +17,6 @@ HOST_KEY_RSA1=$etcdir/ssh_host_key
 HOST_KEY_DSA=$etcdir/ssh_host_dsa_key
 HOST_KEY_RSA=$etcdir/ssh_host_rsa_key
-killproc() {
-   _procname=$1
-   _signal=$2
-   ${PS} -u root | ${AWK} '/'"$_procname"'$/ {print $1}' | ${XARGS} ${KILL}
-}
 checkkeys() {
    if [ ! -f $HOST_KEY_RSA1 ]; then
@@ -46,8 +37,7 @@ stop_service() {
    if [  ${PID:=0} -gt 1 -a  ! "X$PID" = "X "  ]; then
        ${KILL} ${PID}
    else
-        echo "Unable to read PID file, killing using alternate method"
+        echo "Unable to read PID file"
-        killproc sshd TERM
    fi
 }
diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec
index 126dac335..3ae1dfc80 100644
--- a/contrib/suse/openssh.spec
+++ b/contrib/suse/openssh.spec
@@ -1,6 +1,6 @@
 Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
 Name: openssh
-Version: 3.4p1
+Version: 3.5p1
 URL: http://www.openssh.com/
 Release: 1
 Source0: openssh-%{version}.tar.gz