SunOS has utmp problems (slot 0?).

The first part of README is too long.

Merge rdist into the ssh distribution. -> ssh-1.3.1
  - patch for stdin/stdout
  - -P arguments
  - configure/makefile

Check TIS FWTK/authsrv (and FWTK authentication in general).  Message
from rsnyder@mobster.cit.ge.com.  ftp://ftp.tis.com/pub/firewalls/toolkit.
Patches from Jacob Schripsema <J.Schripsema@hdxx05.unix.telecom.ptt.nl>.
Merge into 1.2.14.

Update protocol to send information about the accepted authentication
methods for the particular user after the user has been identified.
-> ssh-1.3.1

Update protocol to send real client host name.  Add server
configuration options to specify firewall names, and disable Rhosts
authentication and trust the supplied name (with RSA, of course) if
the connection appears to be coming from the firewall.
-> ssh-1.3.1

Update protocol to include session id to both sides of session key.
Change all encryption methods to use different keys for each direction.
-> protocol version 2?

Update protocol to use stronger MACs.
-> protocol version 2?

Extend protocol to easily permit ip-forwarding only servers without
authentication.

Update protocol to negotiate 16-bit packet size fields and string size fields.
-> 1.3.1

Some kind of access control for forwarded sockets (e.g., localhost only).

Check X11 authentication sometimes fails (particularly on HPUX).

npasswd-style checking for passphrases. mcduff@physics.uq.oz.au.

Check whether Kocher's timing attack is applicable to ssh.
Should ssh sleep a random time after each RSA computation?
--> should blind, in 1.3.1?

Add escape ~% to print out compression statistics.  Also, show
information about encryption status.

Host key fingerprints (ssh-keygen, shown when mismatch or new).
Thomas.Koenig@ciw.uni-karlsruhe.de.

Add "tags" target in Makefile.in.

Consider using snprintf instead of sprintf.

debug() should append \r\n when in raw mode.

servconf.c: log an error if unrecognized option/argument (but don't exit).

Some kind of "ftp" on top of ssh.

Add client option Verbose (same as -v option).

Provide option to use system login(1) instead of ssh builtin login.

scp sometimes gives Z_DATA_ERROR in inflate (alpha?).  (bortzmeyer@pasteur.fr)

Fix (note not always the suggested fix):
> rfc-pg.c:56:exit used without including <stdlib.h>
> osfc2.c:76:log used without including <math.h>
> remove.c:5:unlink used without including <unistd.h>
> scp.c:265:tolocal begins with to, which is reserved for <ctype.h>
> scp.c:266:toremote begins with to, which is reserved for <ctype.h>
> authfd.c:130:sin used without including <math.h>
> ssh-agent.c:142:log used without including <math.h>
> ssh-agent.c:428:sin used without including <math.h>
> check-fds.c:38:fcntl used without including <unistd.h>
> check-fds.c:48:ttyname used without including <unistd.h>
> check-fds.c:52:exit used without including <stdlib.h>

ssh pilarista tranceen -> Received Signal 13

Store IP-address in utmp if host name too long?
From: Holger Trapp <Holger.Trapp@Informatik.TU-Chemnitz.DE>

Makefile.in: Warn if installing as non-root

Document ListenAddress in sshd.8.in.

RSAPrivateDecrypt sometimes fails on Alpha (keys < 1024 bytes).
Brad Karp <karp@eecs.harvard.edu>

/etc/issue or equivalent.

check account expirations and such immediately at the beginning of
authentication.

Should somehow process password changes...

Client should prompt for password multiple times.

Client should show e.g. "kivinen's password: " when prompting for password.

Check operation with RSAREF on alpha.

Test compiling with Solaris 2.4 native compiler (v 3.0).

Provide step-by-step instructions for using RSA authentication.

Check all uses of getpwuid, and see if they could be replaced by
getpwnam.  Now ssh may check the wrong home directory when there are
several accounts with the same uid.

Check that log messages from tcp_wrappers with ssh get logged.

Put similar permission checks for authorized_keys that now exist for rhosts.

