This change was made upstream between 7.9p1 and 8.0p1. We've made local
changes in the same places for handling the version_addendum; apply the
SSLeay_version to OpenSSL_version change in advance of importing 8.0p1.
This should have been part of r363225.
Obtained from: OpenSSH-portable a65784c9f9c5
MFC with: r363225
Sponsored by: The FreeBSD Foundation
This change was made upstream between 7.9p1 and 8.0p1. We've made local
changes in the same places for handling the version_addendum; apply the
SSLeay_version to OpenSSL_version change in advance of importing 8.0p1.
Obtained from: OpenSSH-portable a65784c9f9c5
Sponsored by: The FreeBSD Foundation
Local changes introduced an OPENSSH_VERSION macro, but this conflicts
with a macro of the same name introduced with OepnsSL 1.1.1
Reviewed by: des
Approved by: re (gjb)
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
This completely removes client-side support for the SSH 1 protocol,
which was already disabled in 12 but is still enabled in 11. For that
reason, we will not be able to merge 7.6p1 or newer back to 11.
Prior to this, setting VersionAddendum will be a no-op: one will
always have BASE_VERSION + " " + VERSION_HPN for VersionAddendum
set in the config and a bare BASE_VERSION + VERSION_HPN when there
is no VersionAddendum is set.
HPN patch requires both parties to have the "hpn" inside their
advertized versions, so we add VERSION_HPN to the VERSION_BASE
if HPN is enabled and omitting it if HPN is disabled.
VersionAddendum now uses the following logics:
* unset (default value): append " " and VERSION_ADDENDUM;
* VersionAddendum is set and isn't empty: append " "
and VersionAddendum;
* VersionAddendum is set and empty: don't append anything.
Approved by: des
Reviewed by: bz
MFC after: 3 days
- Revert unneeded whitespace changes.
- Revert modifications to loginrec.c, as the upstream version already
does the right thing.
- Fix indentation and whitespace of local changes.
Approved by: des
MFC after: 1 month
the bandwidth of long fat pipes (i.e. 100Mbps+ trans-oceanic or
trans-continental links). Bandwidth-delay products up to 64MB are
supported.
Also add support (not compiled by default) for the None cypher. The
None cypher can only be enabled on non-interactive sessions (those
without a pty where -T was not used) and must be enabled in both
the client and server configuration files and on the client command
line. Additionally, the None cypher will only be activated after
authentication is complete. To enable the None cypher you must add
-DNONE_CIPHER_ENABLED to CFLAGS via the make command line or in
/etc/make.conf.
This code is a style(9) compliant version of these features extracted
from the patches published at:
http://www.psc.edu/networking/projects/hpn-ssh/
Merging this patch has been a collaboration between me and Bjoern.
Reviewed by: bz
Approved by: re (kib), des (maintainer)
I have worked hard to reduce diffs against the vendor branch. One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went away years ago. This may cause
some surprises, as ssh will warn about unknown host keys even for
hosts whose keys haven't changed.
MFC after: 6 weeks
