SunOS has utmp problems (slot 0?).

The first part of README is too long.

Merge rdist into the ssh distribution. -> ssh-1.3.1
  - patch for stdin/stdout
  - -P arguments
  - configure/makefile

Check TIS FWTK/authsrv (and FWTK authentication in general).  Message
from rsnyder@mobster.cit.ge.com.  ftp://ftp.tis.com/pub/firewalls/toolkit.
Patches from Jacob Schripsema <J.Schripsema@hdxx05.unix.telecom.ptt.nl>.
Merge into 1.2.14.

Update protocol to send information about the accepted authentication
methods for the particular user after the user has been identified.
-> ssh-1.3.1

Update protocol to send real client host name.  Add server
configuration options to specify firewall names, and disable Rhosts
authentication and trust the supplied name (with RSA, of course) if
the connection appears to be coming from the firewall.
-> ssh-1.3.1

Update protocol to include session id to both sides of session key.
Change all encryption methods to use different keys for each direction.
-> protocol version 2?

Update protocol to use stronger MACs.
-> protocol version 2?

Extend protocol to easily permit ip-forwarding only servers without
authentication.

Update protocol to negotiate 16-bit packet size fields and string size fields.
-> 1.3.1

Some kind of access control for forwarded sockets (e.g., localhost only).

Check X11 authentication sometimes fails (particularly on HPUX).

npasswd-style checking for passphrases. mcduff@physics.uq.oz.au.

Check whether Kocher's timing attack is applicable to ssh.
Should ssh sleep a random time after each RSA computation?
--> should blind, in 1.3.1?

Add escape ~% to print out compression statistics.  Also, show
information about encryption status.

Host key fingerprints (ssh-keygen, shown when mismatch or new).
Thomas.Koenig@ciw.uni-karlsruhe.de.

When automatically adding host name, add all names.

Add "tags" target in Makefile.in.

Consider using snprintf instead of sprintf.

Add blowfish as an encryption method.
  -> 1.3.1 (note: new blowfish)

debug() should append \r\n when in raw mode.

servconf.c: log an error if unrecognized option/argument (but don't exit).

Some kind of "ftp" on top of ssh.

Add client option Verbose (same as -v option).

OSF/1 may need some more system calls at login (e.g., passwd does not
work under ssh).


Provide option to use system login(1) instead of ssh builtin login.

scp sometimes gives Z_DATA_ERROR in inflate (alpha?).  (bortzmeyer@pasteur.fr)

Fix (note not always the suggested fix):
> rfc-pg.c:56:exit used without including <stdlib.h>
> osfc2.c:76:log used without including <math.h>
> remove.c:5:unlink used without including <unistd.h>
> scp.c:265:tolocal begins with to, which is reserved for <ctype.h>
> scp.c:266:toremote begins with to, which is reserved for <ctype.h>
> authfd.c:130:sin used without including <math.h>
> ssh-agent.c:142:log used without including <math.h>
> ssh-agent.c:428:sin used without including <math.h>
> check-fds.c:38:fcntl used without including <unistd.h>
> check-fds.c:48:ttyname used without including <unistd.h>
> check-fds.c:52:exit used without including <stdlib.h>
