SSH 2.0.12
==============

        Timo J. Rinne <tri@ssh.fi>
	Sami Lehtinen <sjl@ssh.fi>
        28 January 1999
	
	See file LICENSING for licensing terms.

	See file SSH2.QUICKSTART for Mr. Yamamoto's guide on
	installing and using ssh2 and ssh1 in compatibility mode.

	See file FAQ for Frequently Asked Questions.

   What has changed since ssh 1 ?
   ------------------------------

      - ssh has been 98% rewritten

      - support other key-exchange methods besides double-encrypting
        rsa key exchange. The current distribution comes with Diffie-Hellman
        key exchange.

      - support for DSA and other public key algorithms besides RSA.

      - the protocol is more secure and allows future integration into
        public key infrastructures

      - the protocol complies with upcoming `secsh' internet standard.

      - support for "subsystems", platform-independent modules that
        implement particular functions such as file transfers

      - built-in SOCKS support

      - new feature: sftp, the secure file transfer protocol (name will
        probably change)


   Feedback
   --------

      bugs:   www-form: http://www.ssh.fi/support/bug-report.html
              email:    ssh2-bugs@ssh.fi

      other: ssh2@ssh.fi

      feature-requests can also be submitted via
      http://www.ssh.fi/support/feature-request.html

   Commercial Inquries
   -------------------

      If you have questions about the commercial version, for example
      about availability, versions, etc. direct them to
      DataFellows. SSH Communications Security only distributes the
      non-commercial version.

SSH2 Binaries
=============

      ssh2            ssh2 client.

      sshd2           ssh2 daemon.

      sftp2           sftp client (needs ssh2). Type "?" in the command line
                      for help.

      sftp-server2    sftp server (executed by sshd2).

      scp2            scp client

      ssh-keygen2     utility for generating keys. -h for help.

      ssh-add2        add identities to the authentication agent.

      ssh-agent2      the authentication agent

      ssh-askpass2    X11 utility for querying passwords.



Installation
============

   1. uncompress the distribution
   ------------------------------

      > zcat ssh-2.0.x.tar.gz | tar xf -

      This should create a subdirectory ssh-2.0.x.

      > cd ssh-2.0.x


   2. compile ssh2
   ---------------

      Read the NOTES-section found in the end of this file.

      > ./configure
      > make

      If this fails, find and fix the problem. Report it to ssh2-bugs@ssh.fi.
      Try again :-)

   3. run the install script
   -------------------------

      Get a root shell and change to the ssh-2.0.x directory.

      # make install

      This should set everything up and create the host key.

      The old files are moved to *.old names. If you don't want them
      around, goto apps/ssh and run 

      # make clean-up-old

      which will delete them.

      NOTE: This host key has relatively little entropy. We'll have
            to actually stir in more randomness to create strong
            keys. We'll fix this later..

   4. configure sshd2
   ------------------

      Set up the following files:


ssh 2 files
===========

      Public keys have a .pub suffix, private keys have none. Example:

         id_dsa_1024_a        A 1024-bit DSA private key
         id_dsa_1024_a.pub    Corresponding public key

      There is no "known_hosts", as in ssh1. The host keys are stored
      in separate files in ~/.ssh2/hostkeys .


   ~/.ssh2/hostkeys/key_xxxx_yyyy.pub
   -----------------------------

      would be the public host key of the ssh2 daemon running in port xxxx
      of the host yyyy.


   /etc/ssh2/hostkey.pub  and  /etc/ssh2/hostkey
   -----------------------------------------

      Public and private hostkeys for sshd2. Created by "make install".


   ~/.ssh2/identification
   ----------------------

      Lists the private keys that can be used for authentication.

         # identification
         IdKey  id_dsa_1024_a

      This means that the private key in the file ~/.ssh2/id_dsa_1024_a
      is used for public key authentication.


   ~/.ssh2/authorization
   ---------------------

      Lists the public keys that are accepted for authentication on this
      host.

         # authorization
         Key     id_dsa_1024_a.pub

      This means that anyone, who holds the matching private key to the
      public key in the file $USER/.ssh2/id_dsa_1024_a.pub can log in as
      $USER.


   /etc/ssh2/sshd2_config
   --------------------

      Server configuration file. Copied here by "make install". See man
      page for details.

      The line:

         subsystem-sftp                  sftp-server

      means that when when a subsystem "sftp" is requested, the
      command "sftp-server" is started. For example, if our sshd2_config
      read:

         subsystem-quux                  echo "fiu poks pam"

      the command "ssh2 host -s quux" would simply print the text
      "fiu poks pam".


   ~/.ssh2/ssh2_config
   -------------------

       Client configuration file. See the global client config file
       ssh2_config in /etc/ssh2.


Platforms
=========

	Ssh 2.0 has been reportedly successfully compiled and
	run on the following platforms.

	Processor	OS		OS-Versions
	-------------------------------------------------------------
	ix86,m68k	NetBSD		1.2, 1.3
	ix86		FreeBSD		2.2.x, 3.0-current
	ix86		Linux		2.0.3x
	sparc		Solaris		2.6, 2.5.1
	PowerPC		AIX		4.1, 4.2.x
	hppa1.1		HPUX		10.20
	mips		IRIX		6.5, 6.3, 6.2, 5.3 (with SGI cc)
	

NOTES ON INSTALLATION AND USE
=============================

	* Use 'scp2 -1' to enable compatibility with scp1.

	* If your system doesn't support, or has a broken version of
	  non-blocking connect, run ./configure with
	  -enable-blocking-connect .

	* If you get errors when compiling assembler files, configure
	  with --disable-asm and recompile.

	* compatibility with ssh1 works correctly ONLY IF your ssh1-version
	  is 1.2.26 or better (1.2.26 is the latest). So be sure you have
	  that!

	* If your Sun boots during a connect to sshd2, do the following.
	  Fetch the latest patches from Sun, generate a new hostkey with the
	  patched version, and try again (also, you might want to try
	  --enable-blocking-connect etc).

	* if configure complains 'configure: error: configuring with X
	  but xauth not found - aborting', try ./configure --without-x .

	* Use 'ssh-keygen -P' to create keys without passphrases (for
	  use with rsync etc.).

	* configure option --disable-crypt-asm no longer exists (use
	  --disable-asm instead).

KNOWN BUGS
==========

	* When using the '-p' option together with '-r' option,
	  directory modification times are not properly set. 

	* Assembler-optimizations don't compile on BSDI. configure
	  with --disable-asm.

	* Reportedly sshd2 child process can sometimes end up in a
	  busy loop on the server side, consuming CPU-time. (this has been
	  reported mainly on Solaris, and some other systems as well). Haven't
	  been able to reproduce this, so no fix is currently available.

	* Reportedly sshd2 doesn't fork correctly to background on some
	  AIX systems. We haven't been able to reproduce this.
	
	* ssh-keygen2 dumps core on Linux/PowerPC environments. This
	  is probably due to egcs's different arg_list. Matter is
	  being investigated, and a patch/release will be released as
	  soon as this bug is found and fixed.

	* With C2 security package, all the C2 characteristics are not
	  properly used.

	* If gcc complains about undefined references to tgetent and
	  tgetstr etc., configure didn't find your libtermcap
	  library. Either it isn't in a standard place, or you don't
	  have it.

REMEMBER
========

* Ssh compilation success/failure web-page. You can fill in the reply
  form about your compilation at
  <URL:http://www.ssh.fi/tech/ssh_form.html>. You can query about the
  success/failure database from
  <URL:http://www.ssh.fi/tech/ssh_query.html>.

* Latest news about ssh can be found in
  <URL:http://www.ssh.fi/sshprotocols2/>

THANKS
======	
	...to everyone who contributed to ssh2. If you feel that your
	name should be in this list, write mail to ssh2@ssh.fi. These
	are in no particular order.

	Dug Song
	Andreas Ley
	Troy Barbee
	Simon Burge
	Luigi Pugnetti
	Youki Kadobayashi
	Georgi Kuzmanov
	Hirotaka Yamamoto
	Martin Buchholz
	John David Anglin
	David Mansfield
	Goran Gajic
	Niko Tyni
	Eugene Krainov
	William C. Ray
	Andrew Libby
	Alexander Savelyev
	Aldo Ramos
	Sigurdur Asgeirsson

	... and everyone else who submitted bug-reports,
	feature-requests and patches.

