SSH 2.0.11
==============

        Timo J. Rinne <tri@ssh.fi>
	Sami Lehtinen <sjl@ssh.fi>
        16 November 1998
	
	See file LICENSING for licensing terms.

	See file SSH2.QUICKSTART for Mr. Yamamoto's guide on
	installing and using ssh2 and ssh1 in compatibility mode.

   What has changed since ssh 1 ?
   ------------------------------

      - ssh has been 98% rewritten

      - support other key-exchange methods besides double-encrypting
        rsa key exchange. The current distribution comes with Diffie-Hellman
        key exchange.

      - support for DSA and other public key algorithms besides RSA.

      - the protocol is more secure and allows future integration into
        public key infrastructures

      - the protocol complies with upcoming `secsh' internet standard.

      - support for "subsystems", platform-independent modules that
        implement particular functions such as file transfers

      - built-in SOCKS support

      - new feature: sftp, the secure file transfer protocol (name will
        probably change)


   Feedback
   --------

      bugs:   www-form: http://www.ssh.fi/support/bug-report.html
              email:    ssh2-bugs@ssh.fi

      other: ssh2@ssh.fi

      feature-requests can also be submitted via
      http://www.ssh.fi/support/feature-request.html

SSH2 Binaries
=============

      ssh2            ssh2 client.

      sshd2           ssh2 daemon.

      sftp2           sftp client (needs ssh2). Type "?" in the command line
                      for help.

      sftp-server2    sftp server (executed by sshd2).

      scp2            scp client

      ssh-keygen2     utility for generating keys. -h for help.

      ssh-add2        add identities to the authentication agent.

      ssh-agent2      the authentication agent

      ssh-askpass2    X11 utility for querying passwords.



Installation
============

   1. uncompress the distribution
   ------------------------------

      > zcat ssh-2.0.x.tar.gz | tar xf -

      This should create a subdirectory ssh-2.0.x.

      > cd ssh-2.0.x


   2. compile ssh2
   ---------------

      Read the NOTES-section found in the end of this file.

      > ./configure
      > make

      If this fails, find and fix the problem. Report it to ssh2-bugs@ssh.fi.
      Try again :-)

   3. run the install script
   -------------------------

      Get a root shell and change to the ssh-2.0.x directory.

      # make install

      This should set everything up and create the host key.

      The old files are moved to *.old names. If you don't want them
      around, goto apps/ssh and run 

      # make clean-up-old

      which will delete them.

      NOTE: This host key has relatively little entropy. We'll have
            to actually stir in more randomness to create strong
            keys. We'll fix this later..

   4. configure sshd2
   ------------------

      Set up the following files:


ssh 2 files
===========

      Public keys have a .pub suffix, private keys have none. Example:

         id_dsa_1024_a        A 1024-bit DSA private key
         id_dsa_1024_a.pub    Corresponding public key

      There is no "known_hosts", as in ssh1. The host keys are stored
      in separate files in ~/.ssh2/hostkeys .


   ~/.ssh2/hostkeys/key_xxxx_yyyy.pub
   -----------------------------

      would be the public host key of the ssh2 daemon running in port xxxx
      of the host yyyy.


   /etc/ssh2/hostkey.pub  and  /etc/ssh2/hostkey
   -----------------------------------------

      Public and private hostkeys for sshd2. Created by "make install".


   ~/.ssh2/identification
   ----------------------

      Lists the private keys that can be used for authentication.

         # identification
         IdKey  id_dsa_1024_a

      This means that the private key in the file ~/.ssh2/id_dsa_1024_a
      is used for public key authentication.


   ~/.ssh2/authorization
   ---------------------

      Lists the public keys that are accepted for authentication on this
      host.

         # authorization
         Key     id_dsa_1024_a.pub

      This means that anyone, who holds the matching private key to the
      public key in the file $USER/.ssh2/id_dsa_1024_a.pub can log in as
      $USER.


   /etc/ssh2/sshd2_config
   --------------------

      Server configuration file. Copied here by "make install". See man
      page for details.

      The line:

         subsystem-sftp                  sftp-server

      means that when when a subsystem "sftp" is requested, the
      command "sftp-server" is started. For example, if our sshd2_config
      read:

         subsystem-quux                  echo "fiu poks pam"

      the command "ssh2 host -s quux" would simply print the text
      "fiu poks pam".


   ~/.ssh2/ssh2_config
   -------------------

       Client configuration file. See the global client config file
       ssh2_config in /etc/ssh2.


Platforms
=========

	Ssh 2.0 has been reportedly succesfully compiled and
	run on the following platforms.

	Processor	OS		OS-Versions
	-------------------------------------------------------------
	ix86		NetBSD		1.2, 1.3
	ix86		FreeBSD		2.2.x, 3.0-current
	ix86		Linux		2.0.34
	sparc		Solaris		2.6, 2.5.1
	PowerPC		AIX		4.1, 4.2.x
	hppa1.1		HPUX		10.20
	mips		IRIX		6.2

NOTES ON INSTALLATION AND USE
=============================

	* Use 'scp2 -1' to enable compatibility with scp1.

	* If your system doesn't support, or has a broken version of
	  non-blocking connect, run ./configure with
	  -enable-blocking-connect .

	* If you get errors when compiling assembler files, configure
	  with --disable-asm and recompile.

	* compability with ssh1 works correctly ONLY IF your ssh1-version
	  is 1.2.26 or better (1.2.26 is the latest). So be sure you have
	  that!

	* If your Sun boots during a connect to sshd2, do the following.
	  Fetch the latest patches from Sun, generate a new hostkey with the
	  patched version, and try again (also, you might want to try
	  --enable-blocking-connect etc).

	* if configure complains 'configure: error: configuring with X
	  but xauth not found - aborting', try ./configure --without-x .

	* Use 'ssh-keygen -P' to create keys without passphrases (for
	  use with rsync etc.).

	* configure option --disable-crypt-asm no longer exists.

KNOWN BUGS
==========

	* When using the '-p' option together with '-r' option,
	  directory modification times are not properly set. 

	* Assembler-optimizations don't compile on BSDI. configure
	  with --disable-asm.

	* Reportedly sshd2 child process can sometimes end up in a
	  busy loop on the server side, consuming CPU-time. (this has been
	  reported mainly on Solaris, and some other systems as well). Haven't
	  been able to reproduce this, so no fix is currently available.

	* Reportedly sshd2 doesn't for correctly to background on some
	  AIX systems. We haven't been able to reproduce this.
	
	* ssh-keygen2 dumps core on Linux/PowerPC environments. This
	  is probably due to egcs's different arg_list. Matter is
	  being investigated, and a patch/release will be released as
	  soon as this bug is found and fixed.

	* With C2 security package, all the C2 charasteristics are not
	  properly used.

REMEMBER
========

* Ssh compilation success/failure web-page. You can fill in the reply
  form about your compilation at
  <URL:http://www.ssh.fi/tech/ssh_form.html>. You can query about the
  success/failure database from
  <URL:http://www.ssh.fi/tech/ssh_query.html>.

* Latest news about ssh can be found in
  <URL:http://www.ssh.fi/sshprotocols2/>

THANKS
======	
	...to everyone who contributed to ssh2. If you feel that your
	name should be in this list, write mail to ssh2@ssh.fi. These
	are in no particular order.

	Dug Song
	Andreas Ley
	Troy Barbee
	Simon Burge
	Luigi Pugnetti
	Youki Kadobayashi
	Georgi Kuzmanov
	Hirotaka Yamamoto

	... and everyone else who submitted bug-reports,
	feature-requests and patches.

