git: 19261079b743 - main - openssh: update to OpenSSH v8.7p1
Ed Maste
emaste at FreeBSD.org
Wed Sep 8 01:07:52 UTC 2021
The branch main has been updated by emaste:
URL: https://cgit.FreeBSD.org/src/commit/?id=19261079b74319502c6ffa1249920079f0f69a72
commit 19261079b74319502c6ffa1249920079f0f69a72
Merge: c5128c48df3c 66719ee573ac
Author: Ed Maste <emaste at FreeBSD.org>
AuthorDate: 2021-09-08 01:05:51 +0000
Commit: Ed Maste <emaste at FreeBSD.org>
CommitDate: 2021-09-08 01:05:51 +0000
openssh: update to OpenSSH v8.7p1
Some notable changes, from upstream's release notes:
- sshd(8): Remove support for obsolete "host/port" syntax.
- ssh(1): When prompting whether to record a new host key, accept the key
fingerprint as a synonym for "yes".
- ssh-keygen(1): when acting as a CA and signing certificates with an RSA
key, default to using the rsa-sha2-512 signature algorithm.
- ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa"
(RSA/SHA1) algorithm from those accepted for certificate signatures.
- ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F
support to provide address-space isolation for token middleware
libraries (including the internal one).
- ssh(1): this release enables UpdateHostkeys by default subject to some
conservative preconditions.
- scp(1): this release changes the behaviour of remote to remote copies
(e.g. "scp host-a:/path host-b:") to transfer through the local host
by default.
- scp(1): experimental support for transfers using the SFTP protocol as
a replacement for the venerable SCP/RCP protocol that it has
traditionally used.
Additional integration work is needed to support FIDO/U2F in the base
system.
Deprecation Notice
------------------
OpenSSH will disable the ssh-rsa signature scheme by default in the
next release.
Reviewed by: imp
MFC after: 1 month
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D29985
crypto/openssh/.depend | 354 +-
crypto/openssh/.github/ci-status.md | 4 +
crypto/openssh/.github/configs | 170 +
crypto/openssh/.github/configure.sh | 6 +
crypto/openssh/.github/run_test.sh | 34 +
crypto/openssh/.github/setup_ci.sh | 115 +
crypto/openssh/.github/workflows/c-cpp.yml | 76 +
crypto/openssh/.github/workflows/selfhosted.yml | 93 +
crypto/openssh/.github/workflows/upstream.yml | 43 +
crypto/openssh/.gitignore | 8 +
crypto/openssh/.skipped-commit-ids | 18 +
crypto/openssh/CREDITS | 2 +-
crypto/openssh/ChangeLog | 16777 ++++++++++++-------
crypto/openssh/FREEBSD-vendor | 4 +-
crypto/openssh/INSTALL | 79 +-
crypto/openssh/LICENCE | 64 +-
crypto/openssh/Makefile.in | 328 +-
crypto/openssh/OVERVIEW | 7 +-
crypto/openssh/PROTOCOL | 89 +-
crypto/openssh/PROTOCOL.agent | 6 +-
crypto/openssh/PROTOCOL.certkeys | 35 +-
crypto/openssh/PROTOCOL.chacha20poly1305 | 4 +-
crypto/openssh/PROTOCOL.key | 9 +-
crypto/openssh/PROTOCOL.mux | 4 +-
crypto/openssh/PROTOCOL.sshsig | 100 +
crypto/openssh/PROTOCOL.u2f | 309 +
crypto/openssh/README | 36 +-
crypto/openssh/README.dns | 8 +-
crypto/openssh/README.md | 84 +
crypto/openssh/README.platform | 16 +-
crypto/openssh/README.privsep | 11 +-
crypto/openssh/aclocal.m4 | 193 +-
crypto/openssh/addr.c | 423 +
crypto/openssh/addr.h | 60 +
crypto/openssh/addrmatch.c | 351 +-
crypto/openssh/atomicio.c | 32 +-
crypto/openssh/atomicio.h | 4 +-
crypto/openssh/audit-bsm.c | 41 +-
crypto/openssh/audit-linux.c | 4 +-
crypto/openssh/audit.c | 2 +-
crypto/openssh/audit.h | 4 +-
crypto/openssh/auth-bsdauth.c | 2 -
crypto/openssh/auth-krb5.c | 19 +-
crypto/openssh/auth-options.c | 194 +-
crypto/openssh/auth-options.h | 13 +-
crypto/openssh/auth-pam.c | 119 +-
crypto/openssh/auth-pam.h | 2 +-
crypto/openssh/auth-passwd.c | 6 +-
crypto/openssh/auth-rhosts.c | 19 +-
crypto/openssh/auth-skey.c | 107 -
crypto/openssh/auth.c | 303 +-
crypto/openssh/auth.h | 36 +-
crypto/openssh/auth2-chall.c | 43 +-
crypto/openssh/auth2-gss.c | 29 +-
crypto/openssh/auth2-hostbased.c | 71 +-
crypto/openssh/auth2-kbdint.c | 8 +-
crypto/openssh/auth2-none.c | 4 +-
crypto/openssh/auth2-passwd.c | 9 +-
crypto/openssh/auth2-pubkey.c | 264 +-
crypto/openssh/auth2.c | 209 +-
crypto/openssh/authfd.c | 178 +-
crypto/openssh/authfd.h | 12 +-
crypto/openssh/authfile.c | 265 +-
crypto/openssh/authfile.h | 10 +-
crypto/openssh/blacklist.c | 6 +-
crypto/openssh/buildpkg.sh.in | 8 +-
crypto/openssh/canohost.c | 12 +-
crypto/openssh/chacha.h | 4 +-
crypto/openssh/channels.c | 761 +-
crypto/openssh/channels.h | 38 +-
crypto/openssh/cipher-chachapoly-libcrypto.c | 166 +
crypto/openssh/cipher-chachapoly.c | 32 +-
crypto/openssh/cipher-chachapoly.h | 13 +-
crypto/openssh/cipher.c | 48 +-
crypto/openssh/cipher.h | 5 +-
crypto/openssh/clientloop.c | 1074 +-
crypto/openssh/clientloop.h | 5 +-
crypto/openssh/compat.c | 92 +-
crypto/openssh/compat.h | 20 +-
crypto/openssh/config.guess | 882 +-
crypto/openssh/config.h | 241 +-
crypto/openssh/config.sub | 2528 ++-
crypto/openssh/configure.ac | 970 +-
crypto/openssh/contrib/Makefile | 6 +-
crypto/openssh/contrib/cygwin/README | 4 +-
crypto/openssh/contrib/cygwin/ssh-host-config | 59 +-
crypto/openssh/contrib/findssl.sh | 0
crypto/openssh/contrib/gnome-ssh-askpass1.c | 7 +-
crypto/openssh/contrib/gnome-ssh-askpass2.c | 210 +-
crypto/openssh/contrib/gnome-ssh-askpass3.c | 305 +
crypto/openssh/contrib/redhat/gnome-ssh-askpass.sh | 0
crypto/openssh/contrib/redhat/openssh.spec | 55 +-
crypto/openssh/contrib/solaris/README | 0
crypto/openssh/contrib/ssh-copy-id | 303 +-
crypto/openssh/contrib/ssh-copy-id.1 | 11 +-
crypto/openssh/contrib/suse/openssh.spec | 6 +-
crypto/openssh/crc32.c | 105 -
crypto/openssh/crc32.h | 30 -
crypto/openssh/crypto_api.h | 20 +-
crypto/openssh/defines.h | 54 +-
crypto/openssh/dh.c | 39 +-
crypto/openssh/dh.h | 10 +-
crypto/openssh/digest-libc.c | 33 +-
crypto/openssh/digest-openssl.c | 19 +-
crypto/openssh/dispatch.c | 6 +-
crypto/openssh/dispatch.h | 9 +-
crypto/openssh/dns.c | 72 +-
crypto/openssh/dns.h | 3 +-
crypto/openssh/entropy.c | 175 +-
crypto/openssh/fatal.c | 7 +-
crypto/openssh/groupaccess.c | 5 +-
crypto/openssh/gss-genr.c | 19 +-
crypto/openssh/gss-serv.c | 4 +-
crypto/openssh/hash.c | 36 +-
crypto/openssh/hmac.c | 7 +-
crypto/openssh/hostfile.c | 269 +-
crypto/openssh/hostfile.h | 27 +-
crypto/openssh/int32_minmax.inc | 0
crypto/openssh/kex.c | 490 +-
crypto/openssh/kex.h | 92 +-
crypto/openssh/kexc25519.c | 182 +-
crypto/openssh/kexc25519c.c | 169 -
crypto/openssh/kexc25519s.c | 158 -
crypto/openssh/kexdh.c | 205 +-
crypto/openssh/kexdhc.c | 224 -
crypto/openssh/kexdhs.c | 222 -
crypto/openssh/kexecdh.c | 239 +-
crypto/openssh/kexecdhc.c | 222 -
crypto/openssh/kexecdhs.c | 203 -
crypto/openssh/kexgen.c | 346 +
crypto/openssh/kexgex.c | 30 +-
crypto/openssh/kexgexc.c | 123 +-
crypto/openssh/kexgexs.c | 119 +-
crypto/openssh/kexsntrup761x25519.c | 251 +
crypto/openssh/krl.c | 223 +-
crypto/openssh/krl.h | 5 +-
crypto/openssh/log.c | 219 +-
crypto/openssh/log.h | 93 +-
crypto/openssh/loginrec.c | 13 +-
crypto/openssh/loginrec.h | 7 +-
crypto/openssh/logintest.c | 60 +-
crypto/openssh/m4/openssh.m4 | 200 +
crypto/openssh/mac.c | 7 +-
crypto/openssh/match.c | 34 +-
crypto/openssh/match.h | 7 +-
crypto/openssh/misc.c | 962 +-
crypto/openssh/misc.h | 75 +-
crypto/openssh/moduli | 876 +-
crypto/openssh/moduli.c | 29 +-
crypto/openssh/monitor.c | 708 +-
crypto/openssh/monitor.h | 13 +-
crypto/openssh/monitor_fdpass.c | 24 +-
crypto/openssh/monitor_wrap.c | 305 +-
crypto/openssh/monitor_wrap.h | 26 +-
crypto/openssh/msg.c | 18 +-
crypto/openssh/mux.c | 640 +-
crypto/openssh/myproposal.h | 144 +-
crypto/openssh/nchan.c | 77 +-
crypto/openssh/opacket.c | 320 -
crypto/openssh/opacket.h | 154 -
crypto/openssh/openbsd-compat/Makefile.in | 11 +-
crypto/openssh/openbsd-compat/arc4random.c | 12 +-
crypto/openssh/openbsd-compat/base64.c | 2 +-
crypto/openssh/openbsd-compat/bcrypt_pbkdf.c | 4 +-
crypto/openssh/openbsd-compat/bsd-closefrom.c | 88 +-
crypto/openssh/openbsd-compat/bsd-cygwin_util.c | 149 +
crypto/openssh/openbsd-compat/bsd-cygwin_util.h | 1 +
crypto/openssh/openbsd-compat/bsd-misc.c | 113 +
crypto/openssh/openbsd-compat/bsd-misc.h | 41 +-
crypto/openssh/openbsd-compat/bsd-openpty.c | 17 +-
crypto/openssh/openbsd-compat/bsd-poll.h | 2 +-
crypto/openssh/openbsd-compat/bsd-pselect.c | 205 +
crypto/openssh/openbsd-compat/bsd-setres_id.c | 12 +-
crypto/openssh/openbsd-compat/bsd-signal.c | 29 +-
crypto/openssh/openbsd-compat/bsd-signal.h | 7 +-
crypto/openssh/openbsd-compat/bsd-snprintf.c | 18 +-
crypto/openssh/openbsd-compat/bsd-statvfs.c | 10 +-
crypto/openssh/openbsd-compat/bsd-waitpid.h | 2 +-
crypto/openssh/openbsd-compat/explicit_bzero.c | 10 +-
crypto/openssh/openbsd-compat/fnmatch.c | 495 +
crypto/openssh/openbsd-compat/fnmatch.h | 66 +
crypto/openssh/openbsd-compat/getopt_long.c | 2 +-
crypto/openssh/openbsd-compat/glob.c | 157 +-
crypto/openssh/openbsd-compat/glob.h | 9 +-
.../openssh/openbsd-compat/libressl-api-compat.c | 6 +-
crypto/openssh/openbsd-compat/memmem.c | 196 +
crypto/openssh/openbsd-compat/mktemp.c | 4 +-
crypto/openssh/openbsd-compat/openbsd-compat.h | 42 +-
crypto/openssh/openbsd-compat/openssl-compat.c | 22 +-
crypto/openssh/openbsd-compat/openssl-compat.h | 59 +-
crypto/openssh/openbsd-compat/port-aix.c | 25 +-
crypto/openssh/openbsd-compat/port-aix.h | 7 +-
crypto/openssh/openbsd-compat/port-irix.c | 2 +
crypto/openssh/openbsd-compat/port-linux.c | 25 +-
crypto/openssh/openbsd-compat/port-net.c | 18 +-
crypto/openssh/openbsd-compat/port-prngd.c | 164 +
crypto/openssh/openbsd-compat/port-solaris.c | 14 +-
crypto/openssh/openbsd-compat/port-uw.c | 2 +-
crypto/openssh/openbsd-compat/pwcache.c | 4 +-
crypto/openssh/openbsd-compat/regress/Makefile.in | 4 +-
.../openssh/openbsd-compat/regress/closefromtest.c | 4 +-
.../openbsd-compat/regress/opensslvertest.c | 2 +
.../openssh/openbsd-compat/regress/snprintftest.c | 5 +-
crypto/openssh/openbsd-compat/regress/strduptest.c | 2 +
.../openssh/openbsd-compat/regress/strtonumtest.c | 2 +
.../openssh/openbsd-compat/regress/utimensattest.c | 120 +
crypto/openssh/openbsd-compat/rmd160.c | 378 -
crypto/openssh/openbsd-compat/rmd160.h | 61 -
crypto/openssh/openbsd-compat/setenv.c | 2 +
crypto/openssh/openbsd-compat/setproctitle.c | 1 +
crypto/openssh/openbsd-compat/sha1.c | 13 +-
crypto/openssh/openbsd-compat/sha2.c | 336 +-
crypto/openssh/openbsd-compat/sha2.h | 138 +-
crypto/openssh/openbsd-compat/strtonum.c | 6 +-
crypto/openssh/openbsd-compat/sys-queue.h | 376 +-
crypto/openssh/packet.c | 264 +-
crypto/openssh/packet.h | 14 +-
crypto/openssh/pathnames.h | 9 +-
crypto/openssh/platform.c | 1 +
crypto/openssh/progressmeter.c | 60 +-
crypto/openssh/progressmeter.h | 3 +-
crypto/openssh/readconf.c | 1338 +-
crypto/openssh/readconf.h | 37 +-
crypto/openssh/readpass.c | 191 +-
crypto/openssh/regress/Makefile | 75 +-
crypto/openssh/regress/README.regress | 80 +-
crypto/openssh/regress/addrmatch.sh | 16 +-
crypto/openssh/regress/agent-getpeereid.sh | 6 +-
crypto/openssh/regress/agent-pkcs11.sh | 99 +-
crypto/openssh/regress/agent-ptrace.sh | 2 +-
crypto/openssh/regress/agent-subprocess.sh | 22 +
crypto/openssh/regress/agent-timeout.sh | 12 +-
crypto/openssh/regress/agent.sh | 124 +-
crypto/openssh/regress/allow-deny-users.sh | 8 +-
crypto/openssh/regress/banner.sh | 6 +-
crypto/openssh/regress/cert-file.sh | 4 +-
crypto/openssh/regress/cert-hostkey.sh | 36 +-
crypto/openssh/regress/cert-userkey.sh | 53 +-
crypto/openssh/regress/cfginclude.sh | 24 +-
crypto/openssh/regress/cfgmatch.sh | 55 +-
crypto/openssh/regress/cfgparse.sh | 0
crypto/openssh/regress/conch-ciphers.sh | 4 +-
crypto/openssh/regress/connect-privsep.sh | 5 +-
crypto/openssh/regress/connect.sh | 11 +-
crypto/openssh/regress/dhgex.sh | 14 +-
crypto/openssh/regress/ed25519_openssh.prv | 7 +
crypto/openssh/regress/ed25519_openssh.pub | 1 +
crypto/openssh/regress/forward-control.sh | 6 +-
crypto/openssh/regress/forwarding.sh | 44 +-
crypto/openssh/regress/host-expand.sh | 0
crypto/openssh/regress/hostkey-agent.sh | 10 +-
crypto/openssh/regress/hostkey-rotate.sh | 80 +-
crypto/openssh/regress/integrity.sh | 8 +-
crypto/openssh/regress/kextype.sh | 0
crypto/openssh/regress/key-options.sh | 10 +-
crypto/openssh/regress/keygen-change.sh | 7 +-
crypto/openssh/regress/keygen-comment.sh | 52 +
crypto/openssh/regress/keygen-convert.sh | 54 +-
crypto/openssh/regress/keygen-knownhosts.sh | 0
crypto/openssh/regress/keygen-moduli.sh | 17 +-
crypto/openssh/regress/keygen-sshfp.sh | 29 +
crypto/openssh/regress/keys-command.sh | 11 +-
crypto/openssh/regress/keyscan.sh | 17 +-
crypto/openssh/regress/keytype.sh | 57 +-
crypto/openssh/regress/knownhosts-command.sh | 53 +
crypto/openssh/regress/krl.sh | 41 +-
crypto/openssh/regress/limit-keytype.sh | 69 +-
crypto/openssh/regress/localcommand.sh | 0
crypto/openssh/regress/misc/Makefile | 2 +-
crypto/openssh/regress/misc/fuzz-harness/Makefile | 51 +-
.../regress/misc/fuzz-harness/agent_fuzz.cc | 15 +
.../regress/misc/fuzz-harness/agent_fuzz_helper.c | 177 +
.../openssh/regress/misc/fuzz-harness/fixed-keys.h | 119 +
.../openssh/regress/misc/fuzz-harness/kex_fuzz.cc | 461 +
.../regress/misc/fuzz-harness/privkey_fuzz.cc | 21 +
.../openssh/regress/misc/fuzz-harness/sig_fuzz.cc | 24 +-
.../regress/misc/fuzz-harness/ssh-sk-null.cc | 51 +
.../regress/misc/fuzz-harness/sshsig_fuzz.cc | 37 +
.../regress/misc/fuzz-harness/sshsigopt_fuzz.cc | 29 +
.../regress/misc/fuzz-harness/testdata/README | 4 +
.../fuzz-harness/testdata/create-agent-corpus.sh | 44 +
.../regress/misc/fuzz-harness/testdata/id_dsa | 21 +
.../misc/fuzz-harness/testdata/id_dsa-cert.pub | 1 +
.../regress/misc/fuzz-harness/testdata/id_dsa.pub | 1 +
.../regress/misc/fuzz-harness/testdata/id_ecdsa | 8 +
.../misc/fuzz-harness/testdata/id_ecdsa-cert.pub | 1 +
.../misc/fuzz-harness/testdata/id_ecdsa.pub | 1 +
.../regress/misc/fuzz-harness/testdata/id_ecdsa_sk | 14 +
.../fuzz-harness/testdata/id_ecdsa_sk-cert.pub | 1 +
.../misc/fuzz-harness/testdata/id_ecdsa_sk.pub | 1 +
.../regress/misc/fuzz-harness/testdata/id_ed25519 | 7 +
.../misc/fuzz-harness/testdata/id_ed25519-cert.pub | 1 +
.../misc/fuzz-harness/testdata/id_ed25519.pub | 2 +
.../misc/fuzz-harness/testdata/id_ed25519_sk | 8 +
.../fuzz-harness/testdata/id_ed25519_sk-cert.pub | 1 +
.../misc/fuzz-harness/testdata/id_ed25519_sk.pub | 1 +
.../regress/misc/fuzz-harness/testdata/id_rsa | 27 +
.../misc/fuzz-harness/testdata/id_rsa-cert.pub | 1 +
.../regress/misc/fuzz-harness/testdata/id_rsa.pub | 1 +
crypto/openssh/regress/misc/kexfuzz/Makefile | 88 -
crypto/openssh/regress/misc/kexfuzz/README | 34 -
crypto/openssh/regress/misc/kexfuzz/kexfuzz.c | 459 -
crypto/openssh/regress/misc/sk-dummy/fatal.c | 27 +
crypto/openssh/regress/misc/sk-dummy/sk-dummy.c | 539 +
crypto/openssh/regress/modpipe.c | 0
crypto/openssh/regress/multiplex.sh | 32 +-
crypto/openssh/regress/multipubkey.sh | 19 +-
crypto/openssh/regress/netcat.c | 46 +-
crypto/openssh/regress/percent.sh | 119 +
crypto/openssh/regress/portnum.sh | 0
crypto/openssh/regress/principals-command.sh | 16 +-
crypto/openssh/regress/proxy-connect.sh | 10 +-
crypto/openssh/regress/putty-ciphers.sh | 4 +-
crypto/openssh/regress/putty-kex.sh | 4 +-
crypto/openssh/regress/putty-transfer.sh | 10 +-
crypto/openssh/regress/reconfigure.sh | 24 +-
crypto/openssh/regress/reexec.sh | 5 +-
crypto/openssh/regress/rekey.sh | 8 +-
crypto/openssh/regress/scp-ssh-wrapper.sh | 14 +-
crypto/openssh/regress/scp-uri.sh | 81 +-
crypto/openssh/regress/scp.sh | 183 +-
crypto/openssh/regress/scp3.sh | 60 +
crypto/openssh/regress/servcfginclude.sh | 188 +
crypto/openssh/regress/sftp-badcmds.sh | 4 +-
crypto/openssh/regress/sftp-chroot.sh | 7 +-
crypto/openssh/regress/sftp-cmds.sh | 4 -
crypto/openssh/regress/sftp-perm.sh | 18 +-
crypto/openssh/regress/ssh2putty.sh | 8 +-
crypto/openssh/regress/sshcfgparse.sh | 68 +-
crypto/openssh/regress/sshfp-connect.sh | 66 +
crypto/openssh/regress/sshsig.sh | 236 +
crypto/openssh/regress/test-exec.sh | 280 +-
crypto/openssh/regress/unittests/Makefile | 4 +-
crypto/openssh/regress/unittests/Makefile.inc | 38 +-
crypto/openssh/regress/unittests/authopt/tests.c | 10 +-
crypto/openssh/regress/unittests/bitmap/tests.c | 4 +
.../openssh/regress/unittests/conversion/Makefile | 3 +-
.../openssh/regress/unittests/conversion/tests.c | 32 +-
crypto/openssh/regress/unittests/hostkeys/Makefile | 12 +-
.../regress/unittests/hostkeys/mktestdata.sh | 0
.../regress/unittests/hostkeys/test_iterate.c | 119 +-
crypto/openssh/regress/unittests/kex/Makefile | 31 +-
crypto/openssh/regress/unittests/kex/test_kex.c | 29 +-
crypto/openssh/regress/unittests/match/Makefile | 4 +-
crypto/openssh/regress/unittests/match/tests.c | 4 +-
crypto/openssh/regress/unittests/misc/test_argv.c | 187 +
.../openssh/regress/unittests/misc/test_convtime.c | 59 +
.../openssh/regress/unittests/misc/test_expand.c | 90 +
crypto/openssh/regress/unittests/misc/test_parse.c | 86 +
.../openssh/regress/unittests/misc/test_strdelim.c | 202 +
crypto/openssh/regress/unittests/misc/tests.c | 38 +
crypto/openssh/regress/unittests/sshbuf/Makefile | 10 +-
.../regress/unittests/sshbuf/test_sshbuf_fuzz.c | 9 +-
.../unittests/sshbuf/test_sshbuf_getput_basic.c | 231 +-
.../unittests/sshbuf/test_sshbuf_getput_crypto.c | 160 +-
.../unittests/sshbuf/test_sshbuf_getput_fuzz.c | 31 +-
.../regress/unittests/sshbuf/test_sshbuf_misc.c | 71 +-
crypto/openssh/regress/unittests/sshbuf/tests.c | 2 +
crypto/openssh/regress/unittests/sshkey/Makefile | 14 +-
crypto/openssh/regress/unittests/sshkey/common.c | 17 +-
.../openssh/regress/unittests/sshkey/mktestdata.sh | 85 +-
.../openssh/regress/unittests/sshkey/test_file.c | 141 +-
.../openssh/regress/unittests/sshkey/test_fuzz.c | 78 +-
.../openssh/regress/unittests/sshkey/test_sshkey.c | 55 +-
.../regress/unittests/sshkey/testdata/dsa_n | 33 +-
.../regress/unittests/sshkey/testdata/ecdsa_n | 13 +-
.../regress/unittests/sshkey/testdata/ecdsa_sk1 | 13 +
.../unittests/sshkey/testdata/ecdsa_sk1-cert.fp | 1 +
.../unittests/sshkey/testdata/ecdsa_sk1-cert.pub | 1 +
.../regress/unittests/sshkey/testdata/ecdsa_sk1.fp | 1 +
.../unittests/sshkey/testdata/ecdsa_sk1.fp.bb | 1 +
.../unittests/sshkey/testdata/ecdsa_sk1.pub | 1 +
.../regress/unittests/sshkey/testdata/ecdsa_sk1_pw | 14 +
.../regress/unittests/sshkey/testdata/ecdsa_sk2 | 13 +
.../regress/unittests/sshkey/testdata/ecdsa_sk2.fp | 1 +
.../unittests/sshkey/testdata/ecdsa_sk2.fp.bb | 1 +
.../unittests/sshkey/testdata/ecdsa_sk2.pub | 1 +
.../regress/unittests/sshkey/testdata/ed25519_1_pw | 12 +-
.../regress/unittests/sshkey/testdata/ed25519_sk1 | 8 +
.../unittests/sshkey/testdata/ed25519_sk1-cert.fp | 1 +
.../unittests/sshkey/testdata/ed25519_sk1-cert.pub | 1 +
.../unittests/sshkey/testdata/ed25519_sk1.fp | 1 +
.../unittests/sshkey/testdata/ed25519_sk1.fp.bb | 1 +
.../unittests/sshkey/testdata/ed25519_sk1.pub | 1 +
.../unittests/sshkey/testdata/ed25519_sk1_pw | 9 +
.../regress/unittests/sshkey/testdata/ed25519_sk2 | 8 +
.../unittests/sshkey/testdata/ed25519_sk2.fp | 1 +
.../unittests/sshkey/testdata/ed25519_sk2.fp.bb | 1 +
.../unittests/sshkey/testdata/ed25519_sk2.pub | 1 +
.../regress/unittests/sshkey/testdata/rsa1_1 | Bin 533 -> 0 bytes
.../regress/unittests/sshkey/testdata/rsa1_1.fp | 1 -
.../regress/unittests/sshkey/testdata/rsa1_1.fp.bb | 1 -
.../unittests/sshkey/testdata/rsa1_1.param.n | 1 -
.../regress/unittests/sshkey/testdata/rsa1_1.pub | 1 -
.../regress/unittests/sshkey/testdata/rsa1_1_pw | Bin 533 -> 0 bytes
.../regress/unittests/sshkey/testdata/rsa1_2 | Bin 981 -> 0 bytes
.../regress/unittests/sshkey/testdata/rsa1_2.fp | 1 -
.../regress/unittests/sshkey/testdata/rsa1_2.fp.bb | 1 -
.../unittests/sshkey/testdata/rsa1_2.param.n | 1 -
.../regress/unittests/sshkey/testdata/rsa1_2.pub | 1 -
.../regress/unittests/sshkey/testdata/rsa_n | 31 +-
crypto/openssh/regress/unittests/sshkey/tests.c | 5 -
crypto/openssh/regress/unittests/sshsig/Makefile | 25 +
.../openssh/regress/unittests/sshsig/mktestdata.sh | 42 +
.../openssh/regress/unittests/sshsig/testdata/dsa | 12 +
.../regress/unittests/sshsig/testdata/dsa.pub | 1 +
.../regress/unittests/sshsig/testdata/dsa.sig | 13 +
.../regress/unittests/sshsig/testdata/ecdsa | 5 +
.../regress/unittests/sshsig/testdata/ecdsa.pub | 1 +
.../regress/unittests/sshsig/testdata/ecdsa.sig | 7 +
.../regress/unittests/sshsig/testdata/ecdsa_sk | 13 +
.../regress/unittests/sshsig/testdata/ecdsa_sk.pub | 1 +
.../regress/unittests/sshsig/testdata/ecdsa_sk.sig | 8 +
.../sshsig/testdata/ecdsa_sk_webauthn.pub | 1 +
.../sshsig/testdata/ecdsa_sk_webauthn.sig | 13 +
.../regress/unittests/sshsig/testdata/ed25519 | 7 +
.../regress/unittests/sshsig/testdata/ed25519.pub | 1 +
.../regress/unittests/sshsig/testdata/ed25519.sig | 6 +
.../regress/unittests/sshsig/testdata/ed25519_sk | 8 +
.../unittests/sshsig/testdata/ed25519_sk.pub | 1 +
.../unittests/sshsig/testdata/ed25519_sk.sig | 7 +
.../regress/unittests/sshsig/testdata/namespace | 1 +
.../openssh/regress/unittests/sshsig/testdata/rsa | 39 +
.../regress/unittests/sshsig/testdata/rsa.pub | 1 +
.../regress/unittests/sshsig/testdata/rsa.sig | 19 +
.../regress/unittests/sshsig/testdata/signed-data | 1 +
crypto/openssh/regress/unittests/sshsig/tests.c | 139 +
.../openssh/regress/unittests/sshsig/webauthn.html | 766 +
.../regress/unittests/test_helper/test_helper.c | 60 +-
.../regress/unittests/test_helper/test_helper.h | 8 +-
crypto/openssh/regress/unittests/utf8/tests.c | 2 +
crypto/openssh/regress/valgrind-unit.sh | 2 +
crypto/openssh/sandbox-darwin.c | 2 +-
crypto/openssh/sandbox-pledge.c | 8 +-
crypto/openssh/sandbox-rlimit.c | 18 +-
crypto/openssh/sandbox-seccomp-filter.c | 76 +-
crypto/openssh/sandbox-systrace.c | 7 +-
crypto/openssh/scp.1 | 87 +-
crypto/openssh/scp.c | 679 +-
crypto/openssh/servconf.c | 1165 +-
crypto/openssh/servconf.h | 63 +-
crypto/openssh/serverloop.c | 566 +-
crypto/openssh/session.c | 461 +-
crypto/openssh/sftp-client.c | 1162 +-
crypto/openssh/sftp-client.h | 64 +-
crypto/openssh/sftp-common.c | 5 +-
crypto/openssh/sftp-glob.c | 4 +-
.../{openbsd-compat/realpath.c => sftp-realpath.c} | 13 +-
crypto/openssh/sftp-server-main.c | 5 +-
crypto/openssh/sftp-server.8 | 32 +-
crypto/openssh/sftp-server.c | 491 +-
crypto/openssh/sftp.1 | 126 +-
crypto/openssh/sftp.c | 304 +-
crypto/openssh/sk-api.h | 98 +
crypto/openssh/sk-usbhid.c | 1267 ++
crypto/openssh/sntrup761.c | 1273 ++
crypto/openssh/sntrup761.sh | 85 +
crypto/openssh/srclimit.c | 140 +
crypto/openssh/srclimit.h | 18 +
crypto/openssh/ssh-add.1 | 81 +-
crypto/openssh/ssh-add.c | 315 +-
crypto/openssh/ssh-agent.1 | 178 +-
crypto/openssh/ssh-agent.c | 697 +-
crypto/openssh/ssh-dss.c | 8 +-
crypto/openssh/ssh-ecdsa-sk.c | 324 +
crypto/openssh/ssh-ecdsa.c | 14 +-
crypto/openssh/ssh-ed25519-sk.c | 163 +
crypto/openssh/ssh-ed25519.c | 23 +-
crypto/openssh/ssh-gss.h | 4 +-
crypto/openssh/ssh-keygen.1 | 717 +-
crypto/openssh/ssh-keygen.c | 2111 ++-
crypto/openssh/ssh-keyscan.1 | 6 +-
crypto/openssh/ssh-keyscan.c | 105 +-
crypto/openssh/ssh-keysign.8 | 6 +-
crypto/openssh/ssh-keysign.c | 77 +-
crypto/openssh/ssh-pkcs11-client.c | 212 +-
crypto/openssh/ssh-pkcs11-helper.8 | 29 +-
crypto/openssh/ssh-pkcs11-helper.c | 210 +-
crypto/openssh/ssh-pkcs11.c | 1774 +-
crypto/openssh/ssh-pkcs11.h | 20 +-
crypto/openssh/ssh-sk-client.c | 448 +
crypto/openssh/ssh-sk-helper.8 | 66 +
crypto/openssh/ssh-sk-helper.c | 364 +
crypto/openssh/ssh-sk.c | 826 +
crypto/openssh/ssh-sk.h | 69 +
crypto/openssh/ssh-xmss.c | 27 +-
crypto/openssh/ssh.1 | 166 +-
crypto/openssh/ssh.c | 925 +-
crypto/openssh/ssh.h | 11 +-
crypto/openssh/ssh2.h | 4 +-
crypto/openssh/ssh_api.c | 234 +-
crypto/openssh/ssh_config | 6 +-
crypto/openssh/ssh_config.5 | 651 +-
crypto/openssh/ssh_namespace.h | 223 +-
crypto/openssh/sshbuf-getput-basic.c | 171 +-
crypto/openssh/sshbuf-getput-crypto.c | 76 +-
crypto/openssh/sshbuf-io.c | 117 +
crypto/openssh/sshbuf-misc.c | 152 +-
crypto/openssh/sshbuf.c | 22 +-
crypto/openssh/sshbuf.h | 79 +-
crypto/openssh/sshconnect.c | 882 +-
crypto/openssh/sshconnect.h | 63 +-
crypto/openssh/sshconnect2.c | 942 +-
crypto/openssh/sshd.8 | 115 +-
crypto/openssh/sshd.c | 975 +-
crypto/openssh/sshd_config | 12 +-
crypto/openssh/sshd_config.5 | 351 +-
crypto/openssh/ssherr.c | 6 +-
crypto/openssh/ssherr.h | 4 +-
crypto/openssh/sshkey-xmss.c | 160 +-
crypto/openssh/sshkey-xmss.h | 16 +-
crypto/openssh/sshkey.c | 1516 +-
crypto/openssh/sshkey.h | 103 +-
crypto/openssh/sshlogin.c | 9 +-
crypto/openssh/sshpty.c | 23 +-
crypto/openssh/sshsig.c | 1098 ++
crypto/openssh/sshsig.h | 107 +
crypto/openssh/ttymodes.c | 44 +-
crypto/openssh/uidswap.c | 40 +-
crypto/openssh/umac.c | 10 +-
crypto/openssh/umac.h | 6 +-
crypto/openssh/utf8.c | 27 +-
crypto/openssh/utf8.h | 11 +-
crypto/openssh/uuencode.c | 95 -
crypto/openssh/uuencode.h | 29 -
crypto/openssh/version.h | 6 +-
crypto/openssh/xmalloc.c | 31 +-
crypto/openssh/xmalloc.h | 8 +-
crypto/openssh/xmss_commons.c | 2 +-
crypto/openssh/xmss_fast.c | 2 +-
crypto/openssh/xmss_hash.c | 2 +-
crypto/openssh/xmss_hash_address.c | 2 +-
crypto/openssh/xmss_wots.c | 2 +-
lib/libpam/modules/pam_ssh/pam_ssh.c | 2 +-
secure/lib/libssh/Makefile | 19 +-
secure/usr.bin/scp/Makefile | 2 +-
secure/usr.bin/ssh-add/Makefile | 2 +-
secure/usr.bin/ssh-keygen/Makefile | 3 +-
secure/usr.sbin/sshd/Makefile | 2 +-
539 files changed, 54039 insertions(+), 25574 deletions(-)
diff --cc crypto/openssh/.github/ci-status.md
index 000000000000,0ad8bf5aaf44..0ad8bf5aaf44
mode 000000,100644..100644
--- a/crypto/openssh/.github/ci-status.md
+++ b/crypto/openssh/.github/ci-status.md
diff --cc crypto/openssh/.github/configs
index 000000000000,12578c067348..12578c067348
mode 000000,100755..100755
--- a/crypto/openssh/.github/configs
+++ b/crypto/openssh/.github/configs
diff --cc crypto/openssh/.github/configure.sh
index 000000000000,e098730f02d6..e098730f02d6
mode 000000,100755..100755
--- a/crypto/openssh/.github/configure.sh
+++ b/crypto/openssh/.github/configure.sh
diff --cc crypto/openssh/.github/run_test.sh
index 000000000000,adf2568ad1e2..adf2568ad1e2
mode 000000,100755..100755
--- a/crypto/openssh/.github/run_test.sh
+++ b/crypto/openssh/.github/run_test.sh
diff --cc crypto/openssh/.github/setup_ci.sh
index 000000000000,70a444e4eff4..70a444e4eff4
mode 000000,100755..100755
--- a/crypto/openssh/.github/setup_ci.sh
+++ b/crypto/openssh/.github/setup_ci.sh
diff --cc crypto/openssh/.github/workflows/c-cpp.yml
index 000000000000,289b18b7f621..289b18b7f621
mode 000000,100644..100644
--- a/crypto/openssh/.github/workflows/c-cpp.yml
+++ b/crypto/openssh/.github/workflows/c-cpp.yml
diff --cc crypto/openssh/.github/workflows/selfhosted.yml
index 000000000000,df6eca714fb5..df6eca714fb5
mode 000000,100644..100644
--- a/crypto/openssh/.github/workflows/selfhosted.yml
+++ b/crypto/openssh/.github/workflows/selfhosted.yml
diff --cc crypto/openssh/.github/workflows/upstream.yml
index 000000000000,f0493c12d7d5..f0493c12d7d5
mode 000000,100644..100644
--- a/crypto/openssh/.github/workflows/upstream.yml
+++ b/crypto/openssh/.github/workflows/upstream.yml
diff --cc crypto/openssh/.gitignore
index 650eb3c3c90c,000000000000..5e4ae5a60d06
mode 100644,000000..100644
--- a/crypto/openssh/.gitignore
+++ b/crypto/openssh/.gitignore
@@@ -1,28 -1,0 +1,36 @@@
+Makefile
+buildpkg.sh
+config.h
+config.h.in
++config.h.in~
++config.log
+config.status
+configure
++aclocal.m4
+openbsd-compat/Makefile
+openbsd-compat/regress/Makefile
+openssh.xml
+opensshd.init
+survey.sh
+**/*.0
+**/*.o
++**/*.lo
++**/*.so
+**/*.out
+**/*.a
+autom4te.cache/
+scp
+sftp
+sftp-server
+ssh
+ssh-add
+ssh-agent
+ssh-keygen
+ssh-keyscan
+ssh-keysign
+ssh-pkcs11-helper
++ssh-sk-helper
+sshd
+!regress/misc/fuzz-harness/Makefile
++!regress/unittests/sshsig/Makefile
++tags
diff --cc crypto/openssh/FREEBSD-vendor
index f48cbb6c3079,000000000000..c7f6462985a2
mode 100644,000000..100644
--- a/crypto/openssh/FREEBSD-vendor
+++ b/crypto/openssh/FREEBSD-vendor
@@@ -1,6 -1,0 +1,6 @@@
+# $FreeBSD$
+Project: Portable OpenSSH
+ProjectURL: http://www.openssh.com/portable.html
- Version: 7.9p1
++Version: 8.7p1
+License: BSD
- Maintainer: des
++Maintainer: emaste
diff --cc crypto/openssh/INSTALL
index 775eb6c05342,000000000000..8ab8a403a4e2
mode 100644,000000..100644
--- a/crypto/openssh/INSTALL
+++ b/crypto/openssh/INSTALL
@@@ -1,276 -1,0 +1,301 @@@
+1. Prerequisites
+----------------
+
+A C compiler. Any C89 or better compiler should work. Where supported,
+configure will attempt to enable the compiler's run-time integrity checking
+options. Some notes about specific compilers:
+ - clang: -ftrapv and -sanitize=integer require the compiler-rt runtime
+ (CC=clang LDFLAGS=--rtlib=compiler-rt ./configure)
+
- You will need working installations of Zlib and libcrypto (LibreSSL /
- OpenSSL)
++To support Privilege Separation (which is now required) you will need
++to create the user, group and directory used by sshd for privilege
++separation. See README.privsep for details.
+
++
++The remaining items are optional.
++
++A working installation of zlib:
+Zlib 1.1.4 or 1.2.1.2 or greater (earlier 1.2.x versions have problems):
+http://www.gzip.org/zlib/
+
- libcrypto (LibreSSL or OpenSSL >= 1.0.1 < 1.1.0)
- LibreSSL http://www.libressl.org/ ; or
- OpenSSL http://www.openssl.org/
++libcrypto from either of LibreSSL or OpenSSL. Building without libcrypto
++is supported but severely restricts the available ciphers and algorithms.
++ - LibreSSL (https://www.libressl.org/)
++ - OpenSSL (https://www.openssl.org) with any of the following versions:
++ - 1.0.x >= 1.0.1 or 1.1.0 >= 1.1.0g or any 1.1.1
++
++Note that due to a bug in EVP_CipherInit OpenSSL 1.1 versions prior to
++1.1.0g can't be used.
+
+LibreSSL/OpenSSL should be compiled as a position-independent library
- (i.e. with -fPIC) otherwise OpenSSH will not be able to link with it.
- If you must use a non-position-independent libcrypto, then you may need
- to configure OpenSSH --without-pie. Note that because of API changes,
- OpenSSL 1.1.x is not currently supported.
++(i.e. -fPIC, eg by configuring OpenSSL as "./config [options] -fPIC"
++or LibreSSL as "CFLAGS=-fPIC ./configure") otherwise OpenSSH will not
++be able to link with it. If you must use a non-position-independent
++libcrypto, then you may need to configure OpenSSH --without-pie.
+
- The remaining items are optional.
++If you build either from source, running the OpenSSL self-test ("make
++tests") or the LibreSSL equivalent ("make check") and ensuring that all
++tests pass is strongly recommended.
+
+NB. If you operating system supports /dev/random, you should configure
+libcrypto (LibreSSL/OpenSSL) to use it. OpenSSH relies on libcrypto's
- direct support of /dev/random, or failing that, either prngd or egd
++direct support of /dev/random, or failing that, either prngd or egd.
+
+PRNGD:
+
+If your system lacks kernel-based random collection, the use of Lutz
- Jaenicke's PRNGd is recommended.
++Jaenicke's PRNGd is recommended. It requires that libcrypto be configured
++to support it.
+
+http://prngd.sourceforge.net/
+
+EGD:
+
- If the kernel lacks /dev/random the Entropy Gathering Daemon (EGD) is
- supported only if libcrypto supports it.
++The Entropy Gathering Daemon (EGD) supports the same interface as prngd.
++It also supported only if libcrypto is configured to support it.
+
+http://egd.sourceforge.net/
+
+PAM:
+
+OpenSSH can utilise Pluggable Authentication Modules (PAM) if your
+system supports it. PAM is standard most Linux distributions, Solaris,
- HP-UX 11, AIX >= 5.2, FreeBSD and NetBSD.
++HP-UX 11, AIX >= 5.2, FreeBSD, NetBSD and Mac OS X.
+
+Information about the various PAM implementations are available:
+
+Solaris PAM: http://www.sun.com/software/solaris/pam/
+Linux PAM: http://www.kernel.org/pub/linux/libs/pam/
+OpenPAM: http://www.openpam.org/
+
+If you wish to build the GNOME passphrase requester, you will need the GNOME
+libraries and headers.
+
+GNOME:
+http://www.gnome.org/
+
+Alternatively, Jim Knoble <jmknoble at pobox.com> has written an excellent X11
+passphrase requester. This is maintained separately at:
+
+http://www.jmknoble.net/software/x11-ssh-askpass/
+
+TCP Wrappers:
+
+If you wish to use the TCP wrappers functionality you will need at least
+tcpd.h and libwrap.a, either in the standard include and library paths,
+or in the directory specified by --with-tcp-wrappers. Version 7.6 is
+known to work.
+
+http://ftp.porcupine.org/pub/security/index.html
+
+LibEdit:
+
+sftp supports command-line editing via NetBSD's libedit. If your platform
+has it available natively you can use that, alternatively you might try
+these multi-platform ports:
+
+http://www.thrysoee.dk/editline/
+http://sourceforge.net/projects/libedit/
+
+LDNS:
+
+LDNS is a DNS BSD-licensed resolver library which supports DNSSEC.
+
+http://nlnetlabs.nl/projects/ldns/
+
+Autoconf:
+
+If you modify configure.ac or configure doesn't exist (eg if you checked
- the code out of git yourself) then you will need autoconf-2.69 to rebuild
- the automatically generated files by running "autoreconf". Earlier
- versions may also work but this is not guaranteed.
++the code out of git yourself) then you will need autoconf-2.69 and
++automake-1.16.1 to rebuild the automatically generated files by running
++"autoreconf". Earlier versions may also work but this is not guaranteed.
+
+http://www.gnu.org/software/autoconf/
++http://www.gnu.org/software/automake/
+
+Basic Security Module (BSM):
+
+Native BSM support is known to exist in Solaris from at least 2.5.1,
+FreeBSD 6.1 and OS X. Alternatively, you may use the OpenBSM
+implementation (http://www.openbsm.org).
+
+makedepend:
+
+https://www.x.org/archive/individual/util/
+
+If you are making significant changes to the code you may need to rebuild
+the dependency (.depend) file using "make depend", which requires the
+"makedepend" tool from the X11 distribution.
+
++libfido2:
++
++libfido2 allows the use of hardware security keys over USB. libfido2
++in turn depends on libcbor. libfido2 >= 1.5.0 is strongly recommended.
++Limited functionality is possible with earlier libfido2 versions.
++
++https://github.com/Yubico/libfido2
++https://github.com/pjk/libcbor
++
++
+2. Building / Installation
+--------------------------
+
+To install OpenSSH with default options:
+
+./configure
+make
+make install
+
+This will install the OpenSSH binaries in /usr/local/bin, configuration files
+in /usr/local/etc, the server in /usr/local/sbin, etc. To specify a different
+installation prefix, use the --prefix option to configure:
+
+./configure --prefix=/opt
+make
+make install
+
+Will install OpenSSH in /opt/{bin,etc,lib,sbin}. You can also override
+specific paths, for example:
+
+./configure --prefix=/opt --sysconfdir=/etc/ssh
+make
+make install
+
+This will install the binaries in /opt/{bin,lib,sbin}, but will place the
+configuration files in /etc/ssh.
+
- If you are using Privilege Separation (which is enabled by default)
- then you will also need to create the user, group and directory used by
- sshd for privilege separation. See README.privsep for details.
-
+If you are using PAM, you may need to manually install a PAM control
+file as "/etc/pam.d/sshd" (or wherever your system prefers to keep
+them). Note that the service name used to start PAM is __progname,
+which is the basename of the path of your sshd (e.g., the service name
+for /usr/sbin/osshd will be osshd). If you have renamed your sshd
+executable, your PAM configuration may need to be modified.
+
+A generic PAM configuration is included as "contrib/sshd.pam.generic",
+you may need to edit it before using it on your system. If you are
+using a recent version of Red Hat Linux, the config file in
+contrib/redhat/sshd.pam should be more useful. Failure to install a
+valid PAM file may result in an inability to use password
+authentication. On HP-UX 11 and Solaris, the standard /etc/pam.conf
+configuration will work with sshd (sshd will match the other service
+name).
+
+There are a few other options to the configure script:
+
+--with-audit=[module] enable additional auditing via the specified module.
+Currently, drivers for "debug" (additional info via syslog) and "bsm"
+(Sun's Basic Security Module) are supported.
+
+--with-pam enables PAM support. If PAM support is compiled in, it must
+also be enabled in sshd_config (refer to the UsePAM directive).
+
+--with-prngd-socket=/some/file allows you to enable EGD or PRNGD
+support and to specify a PRNGd socket. Use this if your Unix lacks
+/dev/random.
+
+--with-prngd-port=portnum allows you to enable EGD or PRNGD support
+and to specify a EGD localhost TCP port. Use this if your Unix lacks
+/dev/random.
+
+--with-lastlog=FILE will specify the location of the lastlog file.
+./configure searches a few locations for lastlog, but may not find
+it if lastlog is installed in a different place.
+
+--without-lastlog will disable lastlog support entirely.
+
+--with-osfsia, --without-osfsia will enable or disable OSF1's Security
+Integration Architecture. The default for OSF1 machines is enable.
+
+--with-tcp-wrappers will enable TCP Wrappers (/etc/hosts.allow|deny)
+support.
+
+--with-md5-passwords will enable the use of MD5 passwords. Enable this
+if your operating system uses MD5 passwords and the system crypt() does
+not support them directly (see the crypt(3/3c) man page). If enabled, the
+resulting binary will support both MD5 and traditional crypt passwords.
+
+--with-utmpx enables utmpx support. utmpx support is automatic for
+some platforms.
+
+--without-shadow disables shadow password support.
+
+--with-ipaddr-display forces the use of a numeric IP address in the
+$DISPLAY environment variable. Some broken systems need this.
+
+--with-default-path=PATH allows you to specify a default $PATH for sessions
+started by sshd. This replaces the standard path entirely.
+
+--with-pid-dir=PATH specifies the directory in which the sshd.pid file is
+created.
+
+--with-xauth=PATH specifies the location of the xauth binary
+
+--with-ssl-dir=DIR allows you to specify where your Libre/OpenSSL
+libraries are installed.
+
+--with-ssl-engine enables Libre/OpenSSL's (hardware) ENGINE support
+
++--without-openssl builds without using OpenSSL. Only a subset of ciphers
++and algorithms are supported in this configuration.
++
++--without-zlib builds without zlib. This disables the Compression option.
++
+--with-4in6 Check for IPv4 in IPv6 mapped addresses and convert them to
+real (AF_INET) IPv4 addresses. Works around some quirks on Linux.
+
+If you need to pass special options to the compiler or linker, you
+can specify these as environment variables before running ./configure.
+For example:
+
+CC="/usr/foo/cc" CFLAGS="-O" LDFLAGS="-s" LIBS="-lrubbish" ./configure
+
+3. Configuration
+----------------
+
+The runtime configuration files are installed by in ${prefix}/etc or
+whatever you specified as your --sysconfdir (/usr/local/etc by default).
+
+The default configuration should be instantly usable, though you should
+review it to ensure that it matches your security requirements.
+
+To generate a host key, run "make host-key". Alternately you can do so
+manually using the following commands:
+
+ ssh-keygen -t [type] -f /etc/ssh/ssh_host_key -N ""
+
+for each of the types you wish to generate (rsa, dsa or ecdsa) or
+
+ ssh-keygen -A
+
+to generate keys for all supported types.
+
+Replacing /etc/ssh with the correct path to the configuration directory.
+(${prefix}/etc or whatever you specified with --sysconfdir during
*** 20555 LINES SKIPPED ***
More information about the dev-commits-src-all
mailing list