Vendor import of OpenSSH 3.8.1p1.

4 files changed, 1122 insertions, 0 deletions

diff --git a/crypto/openssh/contrib/cygwin/Makefile b/crypto/openssh/contrib/cygwin/Makefile
new file mode 100644
index 0000000..09e8ea2
--- /dev/null
+++ b/crypto/openssh/contrib/cygwin/Makefile
@@ -0,0 +1,56 @@
+srcdir=../..
+prefix=/usr
+exec_prefix=$(prefix)
+bindir=$(prefix)/bin
+datadir=$(prefix)/share
+docdir=$(datadir)/doc
+sshdocdir=$(docdir)/openssh
+cygdocdir=$(docdir)/Cygwin
+sysconfdir=/etc
+defaultsdir=$(sysconfdir)/defaults/etc
+PRIVSEP_PATH=/var/empty
+INSTALL=/usr/bin/install -c
+
+DESTDIR=
+
+all:
+	@echo
+	@echo "Use \`make cygwin-postinstall DESTDIR=[package directory]'"
+	@echo "Be sure having DESTDIR set correctly!"
+	@echo
+
+move-config-files: $(DESTDIR)$(sysconfdir)/ssh_config $(DESTDIR)$(sysconfdir)/sshd_config
+	$(srcdir)/mkinstalldirs $(DESTDIR)$(defaultsdir)
+	mv $(DESTDIR)$(sysconfdir)/ssh_config $(DESTDIR)$(defaultsdir)
+	mv $(DESTDIR)$(sysconfdir)/sshd_config $(DESTDIR)$(defaultsdir)
+
+remove-empty-dir:
+	rm -rf $(DESTDIR)$(PRIVSEP_PATH)
+
+install-sshdoc:
+	$(srcdir)/mkinstalldirs $(DESTDIR)$(sshdocdir)
+	$(INSTALL) -m 644 $(srcdir)/CREDITS $(DESTDIR)$(sshdocdir)/CREDITS
+	$(INSTALL) -m 644 $(srcdir)/ChangeLog $(DESTDIR)$(sshdocdir)/ChangeLog
+	$(INSTALL) -m 644 $(srcdir)/LICENCE $(DESTDIR)$(sshdocdir)/LICENCE
+	$(INSTALL) -m 644 $(srcdir)/OVERVIEW $(DESTDIR)$(sshdocdir)/OVERVIEW
+	$(INSTALL) -m 644 $(srcdir)/README $(DESTDIR)$(sshdocdir)/README
+	$(INSTALL) -m 644 $(srcdir)/README.dns $(DESTDIR)$(sshdocdir)/README.dns
+	$(INSTALL) -m 644 $(srcdir)/README.privsep $(DESTDIR)$(sshdocdir)/README.privsep
+	$(INSTALL) -m 644 $(srcdir)/README.smartcard $(DESTDIR)$(sshdocdir)/README.smartcard
+	$(INSTALL) -m 644 $(srcdir)/RFC.nroff $(DESTDIR)$(sshdocdir)/RFC.nroff
+	$(INSTALL) -m 644 $(srcdir)/TODO $(DESTDIR)$(sshdocdir)/TODO
+	$(INSTALL) -m 644 $(srcdir)/WARNING.RNG $(DESTDIR)$(sshdocdir)/WARNING.RNG
+
+install-cygwindoc: README
+	$(srcdir)/mkinstalldirs $(DESTDIR)$(cygdocdir)
+	$(INSTALL) -m 644 README $(DESTDIR)$(cygdocdir)/openssh.README
+
+install-doc: install-sshdoc install-cygwindoc
+
+install-scripts: ssh-host-config ssh-user-config
+	$(srcdir)/mkinstalldirs $(DESTDIR)$(bindir)
+	$(INSTALL) -m 755 ssh-host-config $(DESTDIR)$(bindir)/ssh-host-config
+	$(INSTALL) -m 755 ssh-user-config $(DESTDIR)$(bindir)/ssh-user-config
+
+cygwin-postinstall: move-config-files remove-empty-dir install-doc install-scripts
+	@echo "Cygwin specific configuration finished."
diff --git a/crypto/openssh/contrib/cygwin/README b/crypto/openssh/contrib/cygwin/README
new file mode 100644
index 0000000..fc0a2f6
--- /dev/null
+++ b/crypto/openssh/contrib/cygwin/README
@@ -0,0 +1,224 @@
+This package describes important Cygwin specific stuff concerning OpenSSH.
+
+The binary package is usually built for recent Cygwin versions and might
+not run on older versions.  Please check http://cygwin.com/ for information
+about current Cygwin releases.
+
+Build instructions are at the end of the file.
+
+===========================================================================
+Important change since 3.7.1p2-2:
+
+The ssh-host-config file doesn't create the /etc/ssh_config and
+/etc/sshd_config files from builtin here-scripts anymore, but it uses
+skeleton files installed in /etc/defaults/etc.
+
+Also it now tries hard to create appropriate permissions on files.
+Same applies for ssh-user-config.
+
+After creating the sshd service with ssh-host-config, it's advisable to
+call ssh-user-config for all affected users, also already exising user
+configurations.  In the latter case, file and directory permissions are
+checked and changed, if requireed to match the host configuration.
+
+Important note for Windows 2003 Server users:
+---------------------------------------------
+
+2003 Server has a funny new feature.  When starting services under SYSTEM
+account, these services have nearly all user rights which SYSTEM holds...
+except for the "Create a token object" right, which is needed to allow
+public key authentication :-(
+
+There's no way around this, except for creating a substitute account which
+has the appropriate privileges.  Basically, this account should be member
+of the administrators group, plus it should have the following user rights:
+
+	Create a token object
+	Logon as a service
+	Replace a process level token
+	Increase Quota
+
+The ssh-host-config script asks you, if it should create such an account,
+called "sshd_server".  If you say "no" here, you're on your own.  Please
+follow the instruction in ssh-host-config exactly if possible.  Note that
+ssh-user-config sets the permissions on 2003 Server machines dependent of
+whether a sshd_server account exists or not.
+===========================================================================
+
+===========================================================================
+Important change since 3.4p1-2:
+
+This version adds privilege separation as default setting, see
+/usr/doc/openssh/README.privsep.  According to that document the
+privsep feature requires a non-privileged account called 'sshd'.
+
+The new ssh-host-config file which is part of this version asks
+to create 'sshd' as local user if you want to use privilege
+separation.  If you confirm, it creates that NT user and adds
+the necessary entry to /etc/passwd.
+
+On 9x/Me systems the script just sets UsePrivilegeSeparation to "no"
+since that feature doesn't make any sense on a system which doesn't
+differ between privileged and unprivileged users.
+
+The new ssh-host-config script also adds the /var/empty directory
+needed by privilege separation.  When creating the /var/empty directory
+by yourself, please note that in contrast to the README.privsep document
+the owner sshould not be "root" but the user which is running sshd.  So,
+in the standard configuration this is SYSTEM.  The ssh-host-config script
+chowns /var/empty accordingly.
+===========================================================================
+
+===========================================================================
+Important change since 3.0.1p1-2:
+
+This version introduces the ability to register sshd as service on
+Windows 9x/Me systems.  This is done only when the options -D and/or
+-d are not given.
+===========================================================================
+
+===========================================================================
+Important change since 2.9p2:
+
+Since Cygwin is able to switch user context without password beginning
+with version 1.3.2, OpenSSH now allows to do so when it's running under
+a version >= 1.3.2. Keep in mind that `ntsec' has to be activated to
+allow that feature.
+===========================================================================
+
+===========================================================================
+Important change since 2.3.0p1:
+
+When using `ntea' or `ntsec' you now have to care for the ownership
+and permission bits of your host key files and your private key files.
+The host key files have to be owned by the NT account which starts
+sshd. The user key files have to be owned by the user. The permission
+bits of the private key files (host and user) have to be at least
+rw------- (0600)!
+
+Note that this is forced under `ntsec' only if the files are on a NTFS
+filesystem (which is recommended) due to the lack of any basic security
+features of the FAT/FAT32 filesystems.
+===========================================================================
+
+If you are installing OpenSSH the first time, you can generate global config
+files and server keys by running
+
+   /usr/bin/ssh-host-config
+
+Note that this binary archive doesn't contain default config files in /etc.
+That files are only created if ssh-host-config is started.
+
+If you are updating your installation you may run the above ssh-host-config
+as well to move your configuration files to the new location and to
+erase the files at the old location.
+
+To support testing and unattended installation ssh-host-config got
+some options:
+
+usage: ssh-host-config [OPTION]...
+Options:
+    --debug  -d            Enable shell's debug output.
+    --yes    -y            Answer all questions with "yes" automatically.
+    --no     -n            Answer all questions with "no" automatically.
+    --cygwin -c <options>  Use "options" as value for CYGWIN environment var.
+    --port   -p <n>        sshd listens on port n.
+    --pwd    -w <passwd>   Use "pwd" as password for user 'sshd_server'.
+
+Additionally ssh-host-config now asks if it should install sshd as a
+service when running under NT/W2K. This requires cygrunsrv installed.
+
+You can create the private and public keys for a user now by running
+
+  /usr/bin/ssh-user-config
+
+under the users account.
+
+To support testing and unattended installation ssh-user-config got
+some options as well:
+
+usage: ssh-user-config [OPTION]...
+Options:
+    --debug      -d        Enable shell's debug output.
+    --yes        -y        Answer all questions with "yes" automatically.
+    --no         -n        Answer all questions with "no" automatically.
+    --passphrase -p word   Use "word" as passphrase automatically.
+
+Install sshd as daemon via cygrunsrv.exe (recommended on NT/W2K), via inetd
+(results in very slow deamon startup!) or from the command line (recommended
+on 9X/ME).
+
+If you start sshd as deamon via cygrunsrv.exe you MUST give the
+"-D" option to sshd. Otherwise the service can't get started at all.
+
+If starting via inetd, copy sshd to eg. /usr/sbin/in.sshd and add the
+following line to your inetd.conf file:
+
+ssh stream tcp nowait root /usr/sbin/in.sshd sshd -i
+
+Moreover you'll have to add the following line to your
+${SYSTEMROOT}/system32/drivers/etc/services file:
+
+   ssh         22/tcp          #SSH daemon
+
+Please note that OpenSSH does never use the value of $HOME to
+search for the users configuration files! It always uses the
+value of the pw_dir field in /etc/passwd as the home directory.
+If no home diretory is set in /etc/passwd, the root directory
+is used instead!
+
+You may use all features of the CYGWIN=ntsec setting the same
+way as they are used by Cygwin's login(1) port:
+
+  The pw_gecos field may contain an additional field, that begins
+  with (upper case!) "U-", followed by the domain and the username
+  separated by a backslash.
+  CAUTION: The SID _must_ remain the _last_ field in pw_gecos!
+  BTW: The field separator in pw_gecos is the comma.
+  The username in pw_name itself may be any nice name:
+
+    domuser::1104:513:John Doe,U-domain\user,S-1-5-21-...
+
+  Now you may use `domuser' as your login name with telnet!
+  This is possible additionally for local users, if you don't like
+  your NT login name ;-) You only have to leave out the domain:
+
+    locuser::1104:513:John Doe,U-user,S-1-5-21-...
+
+Note that the CYGWIN=ntsec setting is required for public key authentication.
+
+SSH2 server and user keys are generated by the `ssh-*-config' scripts
+as well.
+
+If you want to build from source, the following options to
+configure are used for the Cygwin binary distribution:
+
+	--prefix=/usr \
+	--sysconfdir=/etc \
+	--libexecdir='$(sbindir)' \
+	--localstatedir=/var \
+	--datadir='$(prefix)/share' \
+	--mandir='$(datadir)/man' \
+	--with-tcp-wrappers
+
+If you want to create a Cygwin package, equivalent to the one
+in the Cygwin binary distribution, install like this:
+
+	mkdir /tmp/cygwin-ssh
+	cd $(builddir)
+	make install DESTDIR=/tmp/cygwin-ssh
+	cd $(srcdir)/contrib/cygwin
+	make cygwin-postinstall DESTDIR=/tmp/cygwin-ssh
+	cd /tmp/cygwin-ssh
+	find * \! -type d | tar cvjfT my-openssh.tar.bz2 -
+	
+You must have installed the zlib and openssl-devel packages to be able to
+build OpenSSH!
+
+Please send requests, error reports etc. to cygwin@cygwin.com.
+
+Have fun,
+
+Corinna Vinschen
+Cygwin Developer
+Red Hat Inc.
diff --git a/crypto/openssh/contrib/cygwin/ssh-host-config b/crypto/openssh/contrib/cygwin/ssh-host-config
new file mode 100644
index 0000000..9c0dabf
--- /dev/null
+++ b/crypto/openssh/contrib/cygwin/ssh-host-config
@@ -0,0 +1,592 @@
+#!/bin/bash
+#
+# ssh-host-config, Copyright 2000, 2001, 2002, 2003 Red Hat Inc.
+#
+# This file is part of the Cygwin port of OpenSSH.
+
+# Subdirectory where the new package is being installed
+PREFIX=/usr
+
+# Directory where the config files are stored
+SYSCONFDIR=/etc
+LOCALSTATEDIR=/var
+
+progname=$0
+auto_answer=""
+port_number=22
+
+privsep_configured=no
+privsep_used=yes
+sshd_in_passwd=no
+sshd_in_sam=no
+
+request()
+{
+  if [ "${auto_answer}" = "yes" ]
+  then
+    echo "$1 (yes/no) yes"
+    return 0
+  elif [ "${auto_answer}" = "no" ]
+  then
+    echo "$1 (yes/no) no"
+    return 1
+  fi
+
+  answer=""
+  while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ]
+  do
+    echo -n "$1 (yes/no) "
+    read -e answer
+  done
+  if [ "X${answer}" = "Xyes" ]
+  then
+    return 0
+  else
+    return 1
+  fi
+}
+
+# Check options
+
+while :
+do
+  case $# in
+  0)
+    break
+    ;;
+  esac
+
+  option=$1
+  shift
+
+  case "${option}" in
+  -d | --debug )
+    set -x
+    ;;
+
+  -y | --yes )
+    auto_answer=yes
+    ;;
+
+  -n | --no )
+    auto_answer=no
+    ;;
+
+  -c | --cygwin )
+    cygwin_value="$1"
+    shift
+    ;;
+
+  -p | --port )
+    port_number=$1
+    shift
+    ;;
+
+  -w | --pwd )
+    password_value="$1"
+    shift
+    ;;
+
+  *)
+    echo "usage: ${progname} [OPTION]..."
+    echo
+    echo "This script creates an OpenSSH host configuration."
+    echo
+    echo "Options:"
+    echo "  --debug  -d            Enable shell's debug output."
+    echo "  --yes    -y            Answer all questions with \"yes\" automatically."
+    echo "  --no     -n            Answer all questions with \"no\" automatically."
+    echo "  --cygwin -c <options>  Use \"options\" as value for CYGWIN environment var."
+    echo "  --port   -p <n>        sshd listens on port n."
+    echo "  --pwd    -w <passwd>   Use \"pwd\" as password for user 'sshd_server'."
+    echo
+    exit 1
+    ;;
+
+  esac
+done
+
+# Check if running on NT
+_sys="`uname`"
+_nt=`expr "${_sys}" : "CYGWIN_NT"`
+# If running on NT, check if running under 2003 Server or later
+if [ ${_nt} -gt 0 ]
+then
+  _nt2003=`uname | awk -F- '{print ( $2 >= 5.2 ) ? 1 : 0;}'`
+fi
+
+# Check for running ssh/sshd processes first. Refuse to do anything while
+# some ssh processes are still running
+
+if ps -ef | grep -v grep | grep -q ssh
+then
+  echo
+  echo "There are still ssh processes running. Please shut them down first."
+  echo
+  exit 1
+fi
+
+# Check for ${SYSCONFDIR} directory
+
+if [ -e "${SYSCONFDIR}" -a ! -d "${SYSCONFDIR}" ]
+then
+  echo
+  echo "${SYSCONFDIR} is existant but not a directory."
+  echo "Cannot create global configuration files."
+  echo
+  exit 1
+fi
+
+# Create it if necessary
+
+if [ ! -e "${SYSCONFDIR}" ]
+then
+  mkdir "${SYSCONFDIR}"
+  if [ ! -e "${SYSCONFDIR}" ]
+  then
+    echo
+    echo "Creating ${SYSCONFDIR} directory failed"
+    echo
+    exit 1
+  fi
+fi
+
+# Create /var/log and /var/log/lastlog if not already existing
+
+if [ -f ${LOCALSTATEDIR}/log ]
+then
+  echo "Creating ${LOCALSTATEDIR}/log failed!"
+else
+  if [ ! -d ${LOCALSTATEDIR}/log ]
+  then
+    mkdir -p ${LOCALSTATEDIR}/log
+  fi
+  if [ -d ${LOCALSTATEDIR}/log/lastlog ]
+  then
+    chmod 777 ${LOCALSTATEDIR}/log/lastlog
+  elif [ ! -f ${LOCALSTATEDIR}/log/lastlog ]
+  then
+    cat /dev/null > ${LOCALSTATEDIR}/log/lastlog
+    chmod 666 ${LOCALSTATEDIR}/log/lastlog
+  fi
+fi
+
+# Create /var/empty file used as chroot jail for privilege separation
+if [ -f ${LOCALSTATEDIR}/empty ]
+then
+  echo "Creating ${LOCALSTATEDIR}/empty failed!"
+else
+  mkdir -p ${LOCALSTATEDIR}/empty
+  if [ ${_nt} -gt 0 ]
+  then
+    chmod 755 ${LOCALSTATEDIR}/empty
+  fi
+fi
+
+# First generate host keys if not already existing
+
+if [ ! -f "${SYSCONFDIR}/ssh_host_key" ]
+then
+  echo "Generating ${SYSCONFDIR}/ssh_host_key"
+  ssh-keygen -t rsa1 -f ${SYSCONFDIR}/ssh_host_key -N '' > /dev/null
+fi
+
+if [ ! -f "${SYSCONFDIR}/ssh_host_rsa_key" ]
+then
+  echo "Generating ${SYSCONFDIR}/ssh_host_rsa_key"
+  ssh-keygen -t rsa -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' > /dev/null
+fi
+
+if [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ]
+then
+  echo "Generating ${SYSCONFDIR}/ssh_host_dsa_key"
+  ssh-keygen -t dsa -f ${SYSCONFDIR}/ssh_host_dsa_key -N '' > /dev/null
+fi
+
+# Check if ssh_config exists. If yes, ask for overwriting
+
+if [ -f "${SYSCONFDIR}/ssh_config" ]
+then
+  if request "Overwrite existing ${SYSCONFDIR}/ssh_config file?"
+  then
+    rm -f "${SYSCONFDIR}/ssh_config"
+    if [ -f "${SYSCONFDIR}/ssh_config" ]
+    then
+      echo "Can't overwrite. ${SYSCONFDIR}/ssh_config is write protected."
+    fi
+  fi
+fi
+
+# Create default ssh_config from skeleton file in /etc/defaults/etc
+
+if [ ! -f "${SYSCONFDIR}/ssh_config" ]
+then
+  echo "Generating ${SYSCONFDIR}/ssh_config file"
+  cp ${SYSCONFDIR}/defaults/etc/ssh_config ${SYSCONFDIR}/ssh_config
+  if [ "${port_number}" != "22" ]
+  then
+    echo "Host localhost" >> ${SYSCONFDIR}/ssh_config
+    echo "    Port ${port_number}" >> ${SYSCONFDIR}/ssh_config
+  fi
+fi
+
+# Check if sshd_config exists. If yes, ask for overwriting
+
+if [ -f "${SYSCONFDIR}/sshd_config" ]
+then
+  if request "Overwrite existing ${SYSCONFDIR}/sshd_config file?"
+  then
+    rm -f "${SYSCONFDIR}/sshd_config"
+    if [ -f "${SYSCONFDIR}/sshd_config" ]
+    then
+      echo "Can't overwrite. ${SYSCONFDIR}/sshd_config is write protected."
+    fi
+  else
+    grep -q UsePrivilegeSeparation ${SYSCONFDIR}/sshd_config && privsep_configured=yes
+  fi
+fi
+
+# Prior to creating or modifying sshd_config, care for privilege separation
+
+if [ "${privsep_configured}" != "yes" ]
+then
+  if [ ${_nt} -gt 0 ]
+  then
+    echo "Privilege separation is set to yes by default since OpenSSH 3.3."
+    echo "However, this requires a non-privileged account called 'sshd'."
+    echo "For more info on privilege separation read /usr/share/doc/openssh/README.privsep."
+    echo
+    if request "Should privilege separation be used?"
+    then
+      privsep_used=yes
+      grep -q '^sshd:' ${SYSCONFDIR}/passwd && sshd_in_passwd=yes
+      net user sshd >/dev/null 2>&1 && sshd_in_sam=yes
+      if [ "${sshd_in_passwd}" != "yes" ]
+      then
+	if [ "${sshd_in_sam}" != "yes" ]
+	then
+	  echo "Warning: The following function requires administrator privileges!"
+	  if request "Should this script create a local user 'sshd' on this machine?"
+	  then
+	    dos_var_empty=`cygpath -w ${LOCALSTATEDIR}/empty`
+	    net user sshd /add /fullname:"sshd privsep" "/homedir:${dos_var_empty}" /active:no > /dev/null 2>&1 && sshd_in_sam=yes
+	    if [ "${sshd_in_sam}" != "yes" ]
+	    then
+	      echo "Warning: Creating the user 'sshd' failed!"
+	    fi
+	  fi
+	fi
+	if [ "${sshd_in_sam}" != "yes" ]
+	then
+	  echo "Warning: Can't create user 'sshd' in ${SYSCONFDIR}/passwd!"
+	  echo "         Privilege separation set to 'no' again!"
+	  echo "         Check your ${SYSCONFDIR}/sshd_config file!"
+	  privsep_used=no
+	else
+	  mkpasswd -l -u sshd | sed -e 's/bash$/false/' >> ${SYSCONFDIR}/passwd
+	fi
+      fi
+    else
+      privsep_used=no
+    fi
+  else
+    # On 9x don't use privilege separation.  Since security isn't
+    # available it just adds useless additional processes.
+    privsep_used=no
+  fi
+fi
+
+# Create default sshd_config from skeleton files in /etc/defaults/etc or
+# modify to add the missing privsep configuration option
+
+if [ ! -f "${SYSCONFDIR}/sshd_config" ]
+then
+  echo "Generating ${SYSCONFDIR}/sshd_config file"
+  sed -e "s/^#UsePrivilegeSeparation yes/UsePrivilegeSeparation ${privsep_used}/
+	  s/^#Port 22/Port ${port_number}/
+	  s/^#StrictModes yes/StrictModes no/" \
+      < ${SYSCONFDIR}/defaults/etc/sshd_config \
+      > ${SYSCONFDIR}/sshd_config
+elif [ "${privsep_configured}" != "yes" ]
+then
+  echo >> ${SYSCONFDIR}/sshd_config
+  echo "UsePrivilegeSeparation ${privsep_used}" >> ${SYSCONFDIR}/sshd_config
+fi
+
+# Care for services file
+_my_etcdir="/ssh-host-config.$$"
+if [ ${_nt} -gt 0 ]
+then
+  _win_etcdir="${SYSTEMROOT}\\system32\\drivers\\etc"
+  _services="${_my_etcdir}/services"
+  # On NT, 27 spaces, no space after the hash
+  _spaces="                           #"
+else
+  _win_etcdir="${WINDIR}"
+  _services="${_my_etcdir}/SERVICES"
+  # On 9x, 18 spaces (95 is very touchy), a space after the hash
+  _spaces="                  # "
+fi
+_serv_tmp="${_my_etcdir}/srv.out.$$"
+
+mount -t -f "${_win_etcdir}" "${_my_etcdir}"
+
+# Depends on the above mount
+_wservices=`cygpath -w "${_services}"`
+
+# Remove sshd 22/port from services
+if [ `grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -eq 0 ]
+then
+  grep -v 'sshd[ \t][ \t]*22' "${_services}" > "${_serv_tmp}"
+  if [ -f "${_serv_tmp}" ]
+  then
+    if mv "${_serv_tmp}" "${_services}"
+    then
+      echo "Removing sshd from ${_wservices}"
+    else
+      echo "Removing sshd from ${_wservices} failed!"
+    fi
+    rm -f "${_serv_tmp}"
+  else
+    echo "Removing sshd from ${_wservices} failed!"
+  fi
+fi
+
+# Add ssh 22/tcp  and ssh 22/udp to services
+if [ `grep -q 'ssh[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ]
+then
+  if awk '{ if ( $2 ~ /^23\/tcp/ ) print "ssh                22/tcp'"${_spaces}"'SSH Remote Login Protocol\nssh                22/udp'"${_spaces}"'SSH Remote Login Protocol"; print $0; }' < "${_services}" > "${_serv_tmp}"
+  then
+    if mv "${_serv_tmp}" "${_services}"
+    then
+      echo "Added ssh to ${_wservices}"
+    else
+      echo "Adding ssh to ${_wservices} failed!"
+    fi
+    rm -f "${_serv_tmp}"
+  else
+    echo "WARNING: Adding ssh to ${_wservices} failed!"
+  fi
+fi
+
+umount "${_my_etcdir}"
+
+# Care for inetd.conf file
+_inetcnf="${SYSCONFDIR}/inetd.conf"
+_inetcnf_tmp="${SYSCONFDIR}/inetd.conf.$$"
+
+if [ -f "${_inetcnf}" ]
+then
+  # Check if ssh service is already in use as sshd
+  with_comment=1
+  grep -q '^[ \t]*sshd' "${_inetcnf}" && with_comment=0
+  # Remove sshd line from inetd.conf
+  if [ `grep -q '^[# \t]*sshd' "${_inetcnf}"; echo $?` -eq 0 ]
+  then
+    grep -v '^[# \t]*sshd' "${_inetcnf}" >> "${_inetcnf_tmp}"
+    if [ -f "${_inetcnf_tmp}" ]
+    then
+      if mv "${_inetcnf_tmp}" "${_inetcnf}"
+      then
+	echo "Removed sshd from ${_inetcnf}"
+      else
+	echo "Removing sshd from ${_inetcnf} failed!"
+      fi
+      rm -f "${_inetcnf_tmp}"
+    else
+      echo "Removing sshd from ${_inetcnf} failed!"
+    fi
+  fi
+
+  # Add ssh line to inetd.conf
+  if [ `grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -ne 0 ]
+  then
+    if [ "${with_comment}" -eq 0 ]
+    then
+      echo 'ssh  stream  tcp     nowait  root    /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
+    else
+      echo '# ssh  stream  tcp     nowait  root    /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
+    fi
+    echo "Added ssh to ${_inetcnf}"
+  fi
+fi
+
+# On NT ask if sshd should be installed as service
+if [ ${_nt} -gt 0 ]
+then
+  # But only if it is not already installed
+  if ! cygrunsrv -Q sshd > /dev/null 2>&1
+  then
+    echo
+    echo
+    echo "Warning: The following functions require administrator privileges!"
+    echo
+    echo "Do you want to install sshd as service?"
+    if request "(Say \"no\" if it's already installed as service)"
+    then
+      if [ $_nt2003 -gt 0 ]
+      then
+	grep -q '^sshd_server:' ${SYSCONFDIR}/passwd && sshd_server_in_passwd=yes
+	if [ "${sshd_server_in_passwd}" = "yes" ]
+	then
+	  # Drop sshd_server from passwd since it could have wrong settings
+	  grep -v '^sshd_server:' ${SYSCONFDIR}/passwd > ${SYSCONFDIR}/passwd.$$
+	  rm -f ${SYSCONFDIR}/passwd
+	  mv ${SYSCONFDIR}/passwd.$$ ${SYSCONFDIR}/passwd
+	  chmod g-w,o-w ${SYSCONFDIR}/passwd
+	fi
+	net user sshd_server >/dev/null 2>&1 && sshd_server_in_sam=yes
+	if [ "${sshd_server_in_sam}" != "yes" ]
+	then
+	  echo
+	  echo "You appear to be running Windows 2003 Server or later.  On 2003 and"
+	  echo "later systems, it's not possible to use the LocalSystem account"
+	  echo "if sshd should allow passwordless logon (e. g. public key authentication)."
+	  echo "If you want to enable that functionality, it's required to create a new"
+	  echo "account 'sshd_server' with special privileges, which is then used to run"
+	  echo "the sshd service under."
+	  echo
+	  echo "Should this script create a new local account 'sshd_server' which has"
+	  if request "the required privileges?"
+	  then
+	    _admingroup=`awk -F: '{if ( $2 == "S-1-5-32-544" ) print $1;}' ${SYSCONFDIR}/group`
+	    if [ -z "${_admingroup}" ]
+	    then
+	      echo "There's no group with SID S-1-5-32-544 (Local administrators group) in"
+	      echo "your ${SYSCONFDIR}/group file.  Please regenerate this entry using 'mkgroup -l'"
+	      echo "and restart this script."
+	      exit 1
+	    fi
+	    dos_var_empty=`cygpath -w ${LOCALSTATEDIR}/empty`
+	    while [ "${sshd_server_in_sam}" != "yes" ]
+	    do
+	      if [ -n "${password_value}" ]
+	      then
+		_password="${password_value}"
+		# Allow to ask for password if first try fails
+		password_value=""
+	      else
+		echo
+		echo "Please enter a password for new user 'sshd_server'.  Please be sure that"
+		echo "this password matches the password rules given on your system."
+		echo -n "Entering no password will exit the configuration.  PASSWORD="
+		read -e _password
+		if [ -z "${_password}" ]
+		then
+		  echo
+		  echo "Exiting configuration.  No user sshd_server has been created,"
+		  echo "no sshd service installed."
+		  exit 1
+		fi
+	      fi
+	      net user sshd_server "${_password}" /add /fullname:"sshd server account" "/homedir:${dos_var_empty}" /yes > /tmp/nu.$$ 2>&1 && sshd_server_in_sam=yes
+	      if [ "${sshd_server_in_sam}" != "yes" ]
+	      then
+		echo "Creating the user 'sshd_server' failed!  Reason:"
+		cat /tmp/nu.$$
+		rm /tmp/nu.$$
+	      fi
+	    done
+	    net localgroup "${_admingroup}" sshd_server /add > /dev/null 2>&1 && sshd_server_in_admingroup=yes
+	    if [ "${sshd_server_in_admingroup}" != "yes" ]
+	    then
+	      echo "WARNING: Adding user sshd_server to local group ${_admingroup} failed!"
+	      echo "Please add sshd_server to local group ${_admingroup} before"
+	      echo "starting the sshd service!"
+	      echo
+	    fi
+	    passwd_has_expiry_flags=`passwd -v | awk '/^passwd /{print ( $3 >= 1.5 ) ? "yes" : "no";}'`
+	    if [ "${passwd_has_expiry_flags}" != "yes" ]
+	    then
+	      echo
+	      echo "WARNING: User sshd_server has password expiry set to system default."
+	      echo "Please check that password never expires or set it to your needs."
+	    elif ! passwd -e sshd_server
+	    then
+	      echo
+	      echo "WARNING: Setting password expiry for user sshd_server failed!"
+	      echo "Please check that password never expires or set it to your needs."
+	    fi
+	    editrights -a SeAssignPrimaryTokenPrivilege -u sshd_server &&
+	    editrights -a SeCreateTokenPrivilege -u sshd_server &&
+	    editrights -a SeDenyInteractiveLogonRight -u sshd_server &&
+	    editrights -a SeDenyNetworkLogonRight -u sshd_server &&
+	    editrights -a SeDenyRemoteInteractiveLogonRight -u sshd_server &&
+	    editrights -a SeIncreaseQuotaPrivilege -u sshd_server &&
+	    editrights -a SeServiceLogonRight -u sshd_server &&
+	    sshd_server_got_all_rights="yes"
+	    if [ "${sshd_server_got_all_rights}" != "yes" ]
+	    then
+	      echo
+	      echo "Assigning the appropriate privileges to user 'sshd_server' failed!"
+	      echo "Can't create sshd service!"
+	      exit 1
+	    fi
+	    echo
+	    echo "User 'sshd_server' has been created with password '${_password}'."
+	    echo "If you change the password, please keep in mind to change the password"
+	    echo "for the sshd service, too."
+	    echo
+	    echo "Also keep in mind that the user sshd_server needs read permissions on all"
+	    echo "users' .ssh/authorized_keys file to allow public key authentication for"
+	    echo "these users!.  (Re-)running ssh-user-config for each user will set the"
+	    echo "required permissions correctly."
+	    echo
+	  fi
+	fi
+	if [ "${sshd_server_in_sam}" = "yes" ]
+	then
+	  mkpasswd -l -u sshd_server | sed -e 's/bash$/false/' >> ${SYSCONFDIR}/passwd
+	fi
+      fi
+      if [ -n "${cygwin_value}" ]
+      then
+	_cygwin="${cygwin_value}"
+      else
+	echo
+	echo "Which value should the environment variable CYGWIN have when"
+	echo "sshd starts? It's recommended to set at least \"ntsec\" to be"
+	echo "able to change user context without password."
+	echo -n "Default is \"ntsec\".  CYGWIN="
+	read -e _cygwin
+      fi
+      [ -z "${_cygwin}" ] && _cygwin="ntsec"
+      if [ $_nt2003 -gt 0 -a "${sshd_server_in_sam}" = "yes" ]
+      then
+	if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -u sshd_server -w "${_password}" -e "CYGWIN=${_cygwin}"
+	then
+	  echo
+	  echo "The service has been installed under sshd_server account."
+	  echo "To start the service, call \`net start sshd' or \`cygrunsrv -S sshd'."
+	fi
+      else
+	if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=${_cygwin}"
+	then
+	  echo
+	  echo "The service has been installed under LocalSystem account."
+	  echo "To start the service, call \`net start sshd' or \`cygrunsrv -S sshd'."
+	fi
+      fi
+    fi
+    # Now check if sshd has been successfully installed.  This allows to
+    # set the ownership of the affected files correctly.
+    if cygrunsrv -Q sshd > /dev/null 2>&1
+    then
+      if [ $_nt2003 -gt 0 -a "${sshd_server_in_sam}" = "yes" ]
+      then
+	_user="sshd_server"
+      else
+	_user="system"
+      fi
+      chown "${_user}" ${SYSCONFDIR}/ssh*
+      chown "${_user}".544 ${LOCALSTATEDIR}/empty
+      if [ -f ${LOCALSTATEDIR}/log/sshd.log ]
+      then
+	chown "${_user}".544 ${LOCALSTATEDIR}/log/sshd.log
+      fi
+    fi
+  fi
+fi
+
+echo
+echo "Host configuration finished. Have fun!"
diff --git a/crypto/openssh/contrib/cygwin/ssh-user-config b/crypto/openssh/contrib/cygwin/ssh-user-config
new file mode 100644
index 0000000..fe07ce3
--- /dev/null
+++ b/crypto/openssh/contrib/cygwin/ssh-user-config
@@ -0,0 +1,250 @@
+#!/bin/sh
+#
+# ssh-user-config, Copyright 2000, 2001, 2002, 2003, Red Hat Inc.
+#
+# This file is part of the Cygwin port of OpenSSH.
+
+# Directory where the config files are stored
+SYSCONFDIR=/etc
+
+progname=$0
+auto_answer=""
+auto_passphrase="no"
+passphrase=""
+
+request()
+{
+  if [ "${auto_answer}" = "yes" ]
+  then
+    return 0
+  elif [ "${auto_answer}" = "no" ]
+  then
+    return 1
+  fi
+
+  answer=""
+  while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ]
+  do
+    echo -n "$1 (yes/no) "
+    read answer
+  done
+  if [ "X${answer}" = "Xyes" ]
+  then
+    return 0
+  else
+    return 1
+  fi
+}
+
+# Check if running on NT
+_sys="`uname -a`"
+_nt=`expr "$_sys" : "CYGWIN_NT"`
+# If running on NT, check if running under 2003 Server or later
+if [ $_nt -gt 0 ]
+then
+  _nt2003=`uname | awk -F- '{print ( $2 >= 5.2 ) ? 1 : 0;}'`
+fi
+
+# Check options
+
+while :
+do
+  case $# in
+  0)
+    break
+    ;;
+  esac
+
+  option=$1
+  shift
+
+  case "$option" in
+  -d | --debug )
+    set -x
+    ;;
+
+  -y | --yes )
+    auto_answer=yes
+    ;;
+
+  -n | --no )
+    auto_answer=no
+    ;;
+
+  -p | --passphrase )
+    with_passphrase="yes"
+    passphrase=$1
+    shift
+    ;;
+
+  *)
+    echo "usage: ${progname} [OPTION]..."
+    echo
+    echo "This script creates an OpenSSH user configuration."
+    echo
+    echo "Options:"
+    echo "    --debug      -d        Enable shell's debug output."
+    echo "    --yes        -y        Answer all questions with \"yes\" automatically."
+    echo "    --no         -n        Answer all questions with \"no\" automatically."
+    echo "    --passphrase -p word   Use \"word\" as passphrase automatically."
+    echo
+    exit 1
+    ;;
+
+  esac
+done
+
+# Ask user if user identity should be generated
+
+if [ ! -f ${SYSCONFDIR}/passwd ]
+then
+  echo "${SYSCONFDIR}/passwd is nonexistant. Please generate an ${SYSCONFDIR}/passwd file"
+  echo 'first using mkpasswd. Check if it contains an entry for you and'
+  echo 'please care for the home directory in your entry as well.'
+  exit 1
+fi
+
+uid=`id -u`
+pwdhome=`awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < ${SYSCONFDIR}/passwd`
+
+if [ "X${pwdhome}" = "X" ]
+then
+  echo "There is no home directory set for you in ${SYSCONFDIR}/passwd."
+  echo 'Setting $HOME is not sufficient!'
+  exit 1
+fi
+
+if [ ! -d "${pwdhome}" ]
+then
+  echo "${pwdhome} is set in ${SYSCONFDIR}/passwd as your home directory"
+  echo 'but it is not a valid directory. Cannot create user identity files.'
+  exit 1
+fi
+
+# If home is the root dir, set home to empty string to avoid error messages
+# in subsequent parts of that script.
+if [ "X${pwdhome}" = "X/" ]
+then
+  # But first raise a warning!
+  echo "Your home directory in ${SYSCONFDIR}/passwd is set to root (/). This is not recommended!"
+  if request "Would you like to proceed anyway?"
+  then
+    pwdhome=''
+  else
+    exit 1
+  fi
+fi
+
+if [ -d "${pwdhome}" -a $_nt -gt 0 -a -n "`chmod -c g-w,o-w "${pwdhome}"`" ]
+then
+  echo
+  echo 'WARNING: group and other have been revoked write permission to your home'
+  echo "         directory ${pwdhome}."
+  echo '         This is required by OpenSSH to allow public key authentication using'
+  echo '         the key files stored in your .ssh subdirectory.'
+  echo '         Revert this change ONLY if you know what you are doing!'
+  echo
+fi
+
+if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ]
+then
+  echo "${pwdhome}/.ssh is existant but not a directory. Cannot create user identity files."
+  exit 1
+fi
+
+if [ ! -e "${pwdhome}/.ssh" ]
+then
+  mkdir "${pwdhome}/.ssh"
+  if [ ! -e "${pwdhome}/.ssh" ]
+  then
+    echo "Creating users ${pwdhome}/.ssh directory failed"
+    exit 1
+  fi
+fi
+
+if [ $_nt -gt 0 ]
+then
+  _user="system"
+  if [ $_nt2003 -gt 0 ]
+  then
+    grep -q '^sshd_server:' ${SYSCONFDIR}/passwd && _user="sshd_server"
+  fi
+  if ! setfacl -m "u::rwx,u:${_user}:r--,g::---,o::---" "${pwdhome}/.ssh"
+  then
+    echo "${pwdhome}/.ssh couldn't be given the correct permissions."
+    echo "Please try to solve this problem first."
+    exit 1
+  fi
+fi
+
+if [ ! -f "${pwdhome}/.ssh/identity" ]
+then
+  if request "Shall I create an SSH1 RSA identity file for you?"
+  then
+    echo "Generating ${pwdhome}/.ssh/identity"
+    if [ "${with_passphrase}" = "yes" ]
+    then
+      ssh-keygen -t rsa1 -N "${passphrase}" -f "${pwdhome}/.ssh/identity" > /dev/null
+    else
+      ssh-keygen -t rsa1 -f "${pwdhome}/.ssh/identity" > /dev/null
+    fi
+    if request "Do you want to use this identity to login to this machine?"
+    then
+      echo "Adding to ${pwdhome}/.ssh/authorized_keys"
+      cat "${pwdhome}/.ssh/identity.pub" >> "${pwdhome}/.ssh/authorized_keys"
+    fi
+  fi
+fi
+
+if [ ! -f "${pwdhome}/.ssh/id_rsa" ]
+then
+  if request "Shall I create an SSH2 RSA identity file for you? (yes/no) "
+  then
+    echo "Generating ${pwdhome}/.ssh/id_rsa"
+    if [ "${with_passphrase}" = "yes" ]
+    then
+      ssh-keygen -t rsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_rsa" > /dev/null
+    else
+      ssh-keygen -t rsa -f "${pwdhome}/.ssh/id_rsa" > /dev/null
+    fi
+    if request "Do you want to use this identity to login to this machine?"
+    then
+      echo "Adding to ${pwdhome}/.ssh/authorized_keys"
+      cat "${pwdhome}/.ssh/id_rsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
+    fi
+  fi
+fi
+
+if [ ! -f "${pwdhome}/.ssh/id_dsa" ]
+then
+  if request "Shall I create an SSH2 DSA identity file for you? (yes/no) "
+  then
+    echo "Generating ${pwdhome}/.ssh/id_dsa"
+    if [ "${with_passphrase}" = "yes" ]
+    then
+      ssh-keygen -t dsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_dsa" > /dev/null
+    else
+      ssh-keygen -t dsa -f "${pwdhome}/.ssh/id_dsa" > /dev/null
+    fi
+    if request "Do you want to use this identity to login to this machine?"
+    then
+      echo "Adding to ${pwdhome}/.ssh/authorized_keys"
+      cat "${pwdhome}/.ssh/id_dsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
+    fi
+  fi
+fi
+
+if [ $_nt -gt 0 -a -e "${pwdhome}/.ssh/authorized_keys" ]
+then
+  if ! setfacl -m "u::rw-,u:${_user}:r--,g::---,o::---" "${pwdhome}/.ssh/authorized_keys"
+  then
+    echo
+    echo "WARNING: Setting correct permissions to ${pwdhome}/.ssh/authorized_keys"
+    echo "failed.  Please care for the correct permissions.  The minimum requirement"
+    echo "is, the owner and ${_user} both need read permissions."
+    echo
+  fi
+fi
+
+echo
+echo "Configuration finished. Have fun!"