summaryrefslogtreecommitdiff
path: root/sshconnect2.c
AgeCommit message (Collapse)Author
2001-10-10 - markus@cvs.openbsd.org 2001/10/06 11:18:19Damien Miller
[sshconnect1.c sshconnect2.c sshconnect.c] unify hostkey check error messages, simplify prompt.
2001-09-12 - markus@cvs.openbsd.org 2001/08/31 11:46:39Ben Lindstrom
[sshconnect2.c] disable kbd-interactive if we don't get SSH2_MSG_USERAUTH_INFO_REQUEST messages
2001-08-06 - markus@cvs.openbsd.org 2001/07/23 09:06:28Ben Lindstrom
[sshconnect2.c] reorder default sequence of userauth methods to match ssh behaviour: hostbased,publickey,keyboard-interactive,password
2001-07-04 - markus@cvs.openbsd.org 2001/06/26 20:14:11Ben Lindstrom
[key.c key.h ssh.c sshconnect1.c sshconnect2.c] add smartcard support to the client, too (now you can use both the agent and the client).
2001-07-04 - stevesk@cvs.openbsd.org 2001/06/25 20:26:37Ben Lindstrom
[auth2.c sshconnect2.c] prototype cleanup; ok markus@
2001-06-25 - markus@cvs.openbsd.org 2001/06/24 05:47:13Ben Lindstrom
[sshconnect2.c] oops, missing format string
2001-06-25 - markus@cvs.openbsd.org 2001/06/24 05:35:33Ben Lindstrom
[readpass.c readpass.h ssh-add.c sshconnect2.c ssh-keygen.c] switch to readpassphrase(3) 2.7/8-stable needs readpassphrase.[ch] from libc
2001-06-25 - itojun@cvs.openbsd.org 2001/06/23 15:12:20Ben Lindstrom
[auth1.c auth2.c auth2-chall.c authfd.c authfile.c auth-rhosts.c canohost.c channels.c cipher.c clientloop.c deattack.c dh.c hostfile.c kex.c kexdh.c kexgex.c key.c nchan.c packet.c radix.c readpass.c scp.c servconf.c serverloop.c session.c sftp.c sftp-client.c sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c sshconnect1.c sshconnect2.c sshconnect.c sshd.c ssh-keygen.c ssh-keyscan.c] more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
2001-06-25 - markus@cvs.openbsd.org 2001/06/23 02:34:33Ben Lindstrom
[kexdh.c kexgex.c kex.h pathnames.h readconf.c servconf.h ssh.1 sshconnect1.c sshconnect2.c sshconnect.c sshconnect.h sshd.8] get rid of known_hosts2, use it for hostkey lookup, but do not modify.
2001-06-05 - markus@cvs.openbsd.org 2001/05/19 16:32:16Ben Lindstrom
[ssh.1 sshconnect2.c] change preferredauthentication order to publickey,hostbased,password,keyboard-interactive document that hostbased defaults to no, document order
2001-06-05 - markus@cvs.openbsd.org 2001/05/18 14:13:29Ben Lindstrom
[auth-chall.c auth.h auth1.c auth2-chall.c auth2.c readconf.c readconf.h servconf.c servconf.h sshconnect1.c sshconnect2.c sshd.c] improved kbd-interactive support. work by per@appgate.com and me
2001-04-19 - markus@cvs.openbsd.org 2001/04/18 23:43:26Ben Lindstrom
[auth2.c compat.c sshconnect2.c] more ssh v2 hostbased-auth interop: ssh.com >= 2.1.0 works now (however the 2.1.0 server seems to work only if debug is enabled...)
2001-04-19 - markus@cvs.openbsd.org 2001/04/18 22:03:45Ben Lindstrom
[auth2.c sshconnect2.c] use FDQN with trailing dot in the hostbased auth packets, ok deraadt@
2001-04-17 - markus@cvs.openbsd.org 2001/04/17 10:53:26Ben Lindstrom
[key.c key.h readconf.c readconf.h ssh.1 sshconnect2.c] add HostKeyAlgorithms; based on patch from res@shore.net; ok provos@
2001-04-15 - markus@cvs.openbsd.org 2001/04/15 08:43:47Ben Lindstrom
[dh.c sftp-glob.c sftp-glob.h sftp-int.c sshconnect2.c sshd.c] some unused variable and typos; from tomh@po.crl.go.jp
2001-04-12 - markus@cvs.openbsd.org 2001/04/12 19:15:26Ben Lindstrom
[auth-rhosts.c auth.h auth2.c buffer.c canohost.c canohost.h compat.c compat.h hostfile.c pathnames.h readconf.c readconf.h servconf.c servconf.h ssh.c sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c sshd_config] implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2) similar to RhostRSAAuthentication unless you enable (the experimental) HostbasedUsesNameFromPacketOnly option. please test. :)
2001-04-05 - markus@cvs.openbsd.org 2001/04/05 10:42:57Ben Lindstrom
[auth-chall.c authfd.c channels.c clientloop.c kex.c kexgex.c key.c mac.c packet.c serverloop.c sftp-client.c sftp-client.h sftp-glob.c sftp-glob.h sftp-int.c sftp-server.c sftp.c ssh-keygen.c sshconnect.c sshconnect2.c sshd.c] fix whitespace: unexpand + trailing spaces.
2001-04-04 - markus@cvs.openbsd.org 2001/04/04 20:25:38Ben Lindstrom
[channels.c channels.h clientloop.c kex.c kex.h serverloop.c sshconnect2.c sshd.c] more robust rekeying don't send channel data after rekeying is started.
2001-04-04 - markus@cvs.openbsd.org 2001/04/04 14:34:58Ben Lindstrom
[clientloop.c kex.c kex.h serverloop.c sshconnect2.c sshd.c] enable server side rekeying + some rekey related clientup. todo: we should not send any non-KEX messages after we send KEXINIT
2001-04-04 - markus@cvs.openbsd.org 2001/04/04 09:48:35Ben Lindstrom
[kex.c kex.h kexdh.c kexgex.c packet.c sshconnect2.c sshd.c] don't sent multiple kexinit-requests. send newkeys, block while waiting for newkeys. fix comments.
2001-04-04 - markus@cvs.openbsd.org 2001/04/04 00:06:54Ben Lindstrom
[clientloop.c sshconnect2.c] enable client rekeying (1) force rekeying with ~R, or (2) if the server requests rekeying. works against ssh-2.0.12/2.0.13/2.1.0/2.2.0/2.3.0/2.3.1/2.4.0
2001-04-04 - markus@cvs.openbsd.org 2001/04/03 23:32:12Ben Lindstrom
[kex.c kex.h packet.c sshconnect2.c sshd.c] undo parts of recent my changes: main part of keyexchange does not need dispatch-callbacks, since application data is delayed until the keyexchange completes (if i understand the drafts correctly). add some infrastructure for re-keying.
2001-04-04 - markus@cvs.openbsd.org 2001/04/03 19:53:29Ben Lindstrom
[dh.c dh.h kex.c kex.h sshconnect2.c sshd.c] move kex to kex*.c, used dispatch_set() callbacks for kex. should make rekeying easier.
2001-03-30 - OpenBSD CVS SyncDamien Miller
- stevesk@cvs.openbsd.org 2001/03/29 21:06:21 [sshconnect2.c sshd.c] need to set both STOC and CTOS for SSH_BUG_BIGENDIANAES; ok markus@
2001-03-30 - OpenBSD CVS SyncDamien Miller
- provos@cvs.openbsd.org 2001/03/29 14:24:59 [sshconnect2.c] use recommended defaults
2001-03-30 - (djm) OpenBSD CVS SyncDamien Miller
- provos@cvs.openbsd.org 2001/03/28 21:59:41 [kex.c kex.h sshconnect2.c sshd.c] forgot to include min and max params in hash, okay markus@
2001-03-29 - provos@cvs.openbsd.org 2001/03/27 17:46:50Ben Lindstrom
[compat.c compat.h dh.c dh.h ssh2.h sshconnect2.c sshd.c version.h] make dh group exchange more flexible, allow min and max group size, okay markus@, deraadt@
2001-03-26 - markus@cvs.openbsd.org 2001/03/26 08:07:09Ben Lindstrom
[authfile.c authfile.h ssh-add.c ssh-keygen.c ssh.c sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c sshd.c] simpler key load/save interface, see authfile.h
2001-03-24 - djm@cvs.openbsd.org 2001/03/23 11:04:07Ben Lindstrom
[compat.c compat.h sshconnect2.c sshd.c] Compat for OpenSSH with broken Rijndael/AES. ok markus@
2001-03-13 - OpenBSD CVS SyncBen Lindstrom
- markus@cvs.openbsd.org 2001/03/12 22:02:02 [key.c key.h ssh-add.c ssh-keygen.c sshconnect.c sshconnect2.c] remove old key_fingerprint interface, s/_ex//
2001-03-11 - markus@cvs.openbsd.org 2001/03/10 17:51:04Ben Lindstrom
[kex.c match.c match.h readconf.c readconf.h sshconnect2.c] add PreferredAuthentications
2001-03-10 - markus@cvs.openbsd.org 2001/03/10 12:48:27Ben Lindstrom
[sshconnect2.c] ignore nonexisting private keys; report rjmooney@mediaone.net
2001-03-09 - markus@cvs.openbsd.org 2001/03/08 21:42:33Ben Lindstrom
[compat.c compat.h readconf.h ssh.c sshconnect1.c sshconnect2.c] implement client side of SSH2_MSG_USERAUTH_PK_OK (test public key -> no need to do enter passphrase or do expensive sign operations if the server does not accept key).
2001-03-06 - markus@cvs.openbsd.org 2001/03/05 17:17:21Ben Lindstrom
[kex.c kex.h sshconnect2.c sshd.c] generate a 2*need size (~300 instead of 1024/2048) random private exponent during the DH key agreement. according to Niels (the great german advisor) this is safe since /etc/primes contains strong primes only. References: P. C. van Oorschot and M. J. Wiener, On Diffie-Hellman key agreement with short exponents, In Advances in Cryptology - EUROCRYPT'96, LNCS 1070, Springer-Verlag, 1996, pp.332-343.
2001-03-05 - markus@cvs.openbsd.org 2001/02/28 09:57:07Ben Lindstrom
[packet.c packet.h sshconnect2.c] in ssh protocol v2 use ignore messages for padding (instead of trailing \0).
2001-02-16 - (djm) OpenBSD CVS:Damien Miller
- markus@cvs.openbsd.org 2001/02/15 16:19:59 [channels.c channels.h serverloop.c sshconnect.c sshconnect.h] [sshconnect1.c sshconnect2.c] genericize password padding function for SSH1 and SSH2. add stylized echo to 2, too. - (djm) Add roundup() macro to defines.h
2001-02-15 - markus@cvs.openbsd.org 2001/02/11 12:59:25Ben Lindstrom
[Makefile.in sshd.8 sshconnect2.c readconf.h readconf.c packet.c sshd.c ssh.c ssh.1 servconf.h servconf.c myproposal.h kex.h kex.c] 1) clean up the MAC support for SSH-2 2) allow you to specify the MAC with 'ssh -m' 3) or the 'MACs' keyword in ssh(d)_config 4) add hmac-{md5,sha1}-96 ok stevesk@, provos@
2001-02-10 - markus@cvs.openbsd.org 2001/02/06 22:26:17Ben Lindstrom
[sshconnect2.c] do not ask for passphrase in batch mode; report from ejb@ql.org - itojun@cvs.opebsd.org 2001/02/08 10:47:05 [sshconnect2.c] %.30s is too short for IPv6 numeric address. use %.128s for now. markus ok - markus@cvs.openbsd.org 2001/02/09 12:28:35 [sshconnect2.c] do not free twice, thanks to /etc/malloc.conf - markus@cvs.openbsd.org 2001/02/09 17:10:53 [sshconnect2.c] partial success: debug->log; "Permission denied" if no more auth methods - markus@cvs.openbsd.org 2001/02/10 12:09:21 [sshconnect2.c] remove some lines
2001-02-05 - markus@cvs.openbsd.org 2001/01/31 13:48:09Kevin Steves
[sshconnect2.c] unused
2001-02-05 - stevesk@cvs.openbsd.org 2001/02/04 08:32:27Kevin Steves
[many files; did this manually to our top-level source dir] unexpand and remove end-of-line whitespace; ok markus@
2001-01-23 - markus@cvs.openbsd.org 2001/01/22 23:06:39Ben Lindstrom
[auth1.c auth2.c readconf.c readconf.h servconf.c servconf.h sshconnect1.c sshconnect2.c sshd.c] rename skey -> challenge response. auto-enable kbd-interactive for ssh2 if challenge-reponse is enabled.
2001-01-23 - (bal) OpenBSD ResyncBen Lindstrom
- markus@cvs.openbsd.org 2001/01/22 8:15:00 [auth-krb4.c sshconnect1.c] only AFS needs radix.[ch] - markus@cvs.openbsd.org 2001/01/22 8:32:53 [auth2.c] no need to include; from mouring@etoh.eviladmin.org - stevesk@cvs.openbsd.org 2001/01/22 16:55:21 [key.c] free() -> xfree(); ok markus@ - stevesk@cvs.openbsd.org 2001/01/22 17:22:28 [sshconnect2.c sshd.c] fix memory leaks in SSH2 key exchange; ok markus@
2001-01-22Hopefully things did not get mixed around too much. It compiles underBen Lindstrom
Linux and works. So that is at least a good sign. =) 20010122 - (bal) OpenBSD Resync - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus [servconf.c ssh.h sshd.c] only auth-chall.c needs #ifdef SKEY - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c packet.c pathname.h readconf.c scp.c servconf.c serverloop.c session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h ssh1.h sshconnect1.c sshd.c ttymodes.c] move ssh1 definitions to ssh1.h, pathnames to pathnames.h - markus@cvs.openbsd.org 2001/01/19 16:48:14 [sshd.8] fix typo; from stevesk@ - markus@cvs.openbsd.org 2001/01/19 16:50:58 [ssh-dss.c] clear and free digest, make consistent with other code (use dlen); from stevesk@ - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus [auth-options.c auth-options.h auth-rsa.c auth2.c] pass the filename to auth_parse_options() - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001 [readconf.c] fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com - stevesk@cvs.openbsd.org 2001/01/20 18:20:29 [sshconnect2.c] dh_new_group() does not return NULL. ok markus@ - markus@cvs.openbsd.org 2001/01/20 21:33:42 [ssh-add.c] do not loop forever if askpass does not exist; from andrew@pimlott.ne.mediaone.net - djm@cvs.openbsd.org 2001/01/20 23:00:56 [servconf.c] Check for NULL return from strdelim; ok markus - djm@cvs.openbsd.org 2001/01/20 23:02:07 [readconf.c] KNF; ok markus - jakob@cvs.openbsd.org 2001/01/21 9:00:33 [ssh-keygen.1] remove -R flag; ok markus@ - markus@cvs.openbsd.org 2001/01/21 19:05:40 [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c bufaux.c bufaux.h buffer.c canahost.c canahost.h channels.c cipher.c cli.c clientloop.c clientloop.h compat.c compress.c deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c key.c key.h log-client.c log-server.c log.c log.h login.c login.h match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h ttysmodes.c uidswap.c xmalloc.c] split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch] - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve conflict when compiling for non-kerb install - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes on 1/19.
2001-01-0620010107Ben Lindstrom
- (bal) OpenBSD Sync - markus@cvs.openbsd.org 2001/01/06 11:23:27 [ssh-rsa.c] remove unused - itojun@cvs.openbsd.org 2001/01/05 08:23:29 [ssh-keyscan.1] missing .El - markus@cvs.openbsd.org 2001/01/04 22:41:03 [session.c sshconnect.c] consistent use of _PATH_BSHELL; from stevesk@pobox.com - djm@cvs.openbsd.org 2001/01/04 22:35:32 [ssh.1 sshd.8] Mention AES as available SSH2 Cipher; ok markus - markus@cvs.openbsd.org 2001/01/04 22:25:58 [sshd.c] sync usage()/man with defaults; from stevesk@pobox.com - markus@cvs.openbsd.org 2001/01/04 22:21:26 [sshconnect2.c] handle SSH2_MSG_USERAUTH_BANNER; fixes bug when connecting to a server that prints a banner (e.g. /etc/issue.net)
2000-12-28 - (bal) OpenBSD CVS UpdateBen Lindstrom
- markus@cvs.openbsd.org 2000/12/28 14:25:51 [auth.h auth2.c] count authentication failures only - markus@cvs.openbsd.org 2000/12/28 14:25:03 [sshconnect.c] fingerprint for MITM attacks, too. - markus@cvs.openbsd.org 2000/12/28 12:03:57 [sshd.8 sshd.c] document -D - markus@cvs.openbsd.org 2000/12/27 14:19:21 [serverloop.c] less chatty - markus@cvs.openbsd.org 2000/12/27 12:34 [auth1.c sshconnect2.c sshd.c] typo - markus@cvs.openbsd.org 2000/12/27 12:30:19 [readconf.c readconf.h ssh.1 sshconnect.c] new option: HostKeyAlias: allow the user to record the host key under a different name. This is useful for ssh tunneling over forwarded connections or if you run multiple sshd's on different ports on the same machine. - markus@cvs.openbsd.org 2000/12/27 11:51:53 [ssh.1 ssh.c] multiple -t force pty allocation, document ORIGINAL_COMMAND - markus@cvs.openbsd.org 2000/12/27 11:41:31 [sshd.8] update for ssh-2
2000-12-22One way to massive patch. <sigh> It compiles and works under Linux..Ben Lindstrom
And I think I have all the bits right from the OpenBSD tree. 20001222 - Updated RCSID for pty.c - (bal) OpenBSD CVS Updates: - markus@cvs.openbsd.org 2000/12/21 15:10:16 [auth-rh-rsa.c hostfile.c hostfile.h sshconnect.c] print keyfile:line for changed hostkeys, for deraadt@, ok deraadt@ - markus@cvs.openbsd.org 2000/12/20 19:26:56 [authfile.c] allow ssh -i userkey for root - markus@cvs.openbsd.org 2000/12/20 19:37:21 [authfd.c authfd.h kex.c sshconnect2.c sshd.c uidswap.c uidswap.h] fix prototypes; from stevesk@pobox.com - markus@cvs.openbsd.org 2000/12/20 19:32:08 [sshd.c] init pointer to NULL; report from Jan.Ivan@cern.ch - markus@cvs.openbsd.org 2000/12/19 23:17:54 [auth-krb4.c auth-options.c auth-options.h auth-rhosts.c auth-rsa.c auth1.c auth2-skey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufaux.h buffer.c canohost.c channels.c clientloop.c compress.c crc32.c deattack.c getput.h hmac.c hmac.h hostfile.c kex.c kex.h key.c key.h log.c login.c match.c match.h mpaux.c mpaux.h packet.c packet.h radix.c readconf.c rsa.c scp.c servconf.c servconf.h serverloop.c session.c sftp-server.c ssh-agent.c ssh-dss.c ssh-dss.h ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh-rsa.h ssh.c ssh.h uuencode.c uuencode.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c] replace 'unsigned bla' with 'u_bla' everywhere. also replace 'char unsigned' with u_char.
2000-12-15 - provos@cvs.openbsd.org 2000/12/15 10:30:15Kevin Steves
[kex.c kex.h sshconnect2.c sshd.c] compute diffie-hellman in parallel between server and client. okay markus@
2000-12-0320001204Ben Lindstrom
- (bal) More C functions defined in NeXT that are unaccessable without defining -POSIX. - (bal) OpenBSD CVS updates: - markus@cvs.openbsd.org 2000/12/03 11:29:04 [compat.c] remove fallback to SSH_BUG_HMAC now that the drafts are updated - markus@cvs.openbsd.org 2000/12/03 11:27:55 [compat.c] correctly match "2.1.0.pl2 SSH" etc; from pekkas@netcore.fi/bugzilla.redhat - markus@cvs.openbsd.org 2000/12/03 11:15:03 [auth2.c compat.c compat.h sshconnect2.c] support f-secure/ssh.com 2.0.12; ok niels@
2000-11-29 - (djm) OpenBSD CVS updates:Damien Miller
- provos@cvs.openbsd.org 2000/11/22 08:38:31 [sshd.8] talk about /etc/primes, okay markus@ - markus@cvs.openbsd.org 2000/11/23 14:03:48 [ssh.c sshconnect1.c sshconnect2.c] complain about invalid ciphers for ssh1/ssh2, fall back to reasonable defaults - markus@cvs.openbsd.org 2000/11/25 09:42:53 [sshconnect1.c] reorder check for illegal ciphers, bugreport from espie@ - markus@cvs.openbsd.org 2000/11/25 10:19:34 [ssh-keygen.c ssh.h] print keytype when generating a key. reasonable defaults for RSA1/RSA/DSA keys.
2000-11-13 - (djm) Merge OpenBSD changes:Damien Miller
- markus@cvs.openbsd.org 2000/11/06 16:04:56 [channels.c channels.h clientloop.c nchan.c serverloop.c] [session.c ssh.c] agent forwarding and -R for ssh2, based on work from jhuuskon@messi.uku.fi - markus@cvs.openbsd.org 2000/11/06 16:13:27 [ssh.c sshconnect.c sshd.c] do not disabled rhosts(rsa) if server port > 1024; from pekkas@netcore.fi - markus@cvs.openbsd.org 2000/11/06 16:16:35 [sshconnect.c] downgrade client to 1.3 if server is 1.4; help from mdb@juniper.net - markus@cvs.openbsd.org 2000/11/09 18:04:40 [auth1.c] typo; from mouring@pconline.com - markus@cvs.openbsd.org 2000/11/12 12:03:28 [ssh-agent.c] off-by-one when removing a key from the agent - markus@cvs.openbsd.org 2000/11/12 12:50:39 [auth-rh-rsa.c auth2.c authfd.c authfd.h] [authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h] [readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c] [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config] [sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c] [ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h] add support for RSA to SSH2. please test. there are now 3 types of keys: RSA1 is used by ssh-1 only, RSA and DSA are used by SSH2. you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA keys for SSH2 and use the RSA keys for hostkeys or for user keys. SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before. - (djm) Fix up Makefile and Redhat init script to create RSA host keys - (djm) Change to interim version