MFH (r322052): Upgrade OpenSSH to 7.5p1.

MFH (r314306,r314720): Upgrade OpenSSH to 7.4p1.

MFH (r314527,r314576,r314601,r317998): Upgrade OpenSSH to 7.3p1.

MFC r318242: Refine and update blacklist support in sshd

Adjust notification points slightly to catch all auth failures, rather
than just the ones caused by bad usernames. Modify notification point
for bad usernames to send new type of BLACKLIST_BAD_USER. (Support in
libblacklist will be forthcoming soon.) Add guards to allow library
headers to expose the enum of action values.

Reviewed by: des
Relnotes: yes
Sponsored by: The FreeBSD Foundation

MFC r305065: Add refactored blacklist support to sshd

Change the calls to of blacklist_init() and blacklist_notify to be
macros defined in the blacklist_client.h file. This avoids
the need for #ifdef USE_BLACKLIST / #endif except in the
blacklist.c file.

Remove redundent initialization attempts from within
blacklist_notify - everything always goes through
blacklistd_init().

Added UseBlacklist option to sshd, which defaults to off.
To enable the functionality, use '-o UseBlacklist=yes' on
the command line, or uncomment in the sshd_config file.

Approved by: des
Sponsored by: The FreeBSD Foundation

Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle.
Prune svn:mergeinfo from the new branch, as nothing has been merged
here.

Additional commits post-branch will follow.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Revert r301551, which added blacklistd(8) to sshd(8).

This change has functional impact, and other concerns raised
by the OpenSSH maintainer.

Requested by: des
PR: 210479 (related)
Approved by: re (marius)
Sponsored by: The FreeBSD Foundation

Add blacklist support to sshd

Reviewed by: rpaulo
Approved by: rpaulo (earlier version of changes)
Relnotes: YES
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D5915

Upgrade to OpenSSH 7.2p2.

Upgrade to OpenSSH 7.1p2.

Upgrade to OpenSSH 7.0p1.

Upgrade to OpenSSH 6.9p1.

Upgrade to OpenSSH 6.8p1.

Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removed
upstream) and a number of security fixes which we had already backported.

MFC after: 1 week

Retire the NONE cipher option.

Remove /* $FreeBSD$ */ from files that already have __RCSID("$FreeBSD$").

Upgrade to OpenSSH 6.6p1.

Add a pre-merge script which reverts mechanical changes such as added
$FreeBSD$ tags and man page dates.

Add a post-merge script which reapplies these changes.

Run both scripts to normalize the existing code base. As a result, many
files which should have had $FreeBSD$ tags but didn't now have them.

Partly rewrite the upgrade instructions and remove the now outdated
list of tricks.

Upgrade to OpenSSH 6.5p1.

MFV r257952:

Upgrade to OpenSSH 6.4p1.

Bump VersionAddendum.

Approved by: des

Upgrade to 6.3p1.

Approved by: re (gjb)

Upgrade to OpenSSH 6.2p2. Mostly a no-op since I had already patched
the issues that affected us.

Silence "received disconnect" in the common case.

Upgrade to OpenSSH 6.2p1. The most important new features are support
for a key revocation list and more fine-grained authentication control.

Upgrade OpenSSH to 6.1p1.

Upgrade to OpenSSH 5.9p1.

MFC after: 3 months

Enable keyword expansion for $FreeBSD$ on files where it was added it
r224638.

Submitted by: bz
Approved by: re (implicit)
Point hat to: brooks

Add support for dynamically adjusted buffers to allow the full use of
the bandwidth of long fat pipes (i.e. 100Mbps+ trans-oceanic or
trans-continental links). Bandwidth-delay products up to 64MB are
supported.

Also add support (not compiled by default) for the None cypher. The
None cypher can only be enabled on non-interactive sessions (those
without a pty where -T was not used) and must be enabled in both
the client and server configuration files and on the client command
line. Additionally, the None cypher will only be activated after
authentication is complete. To enable the None cypher you must add
-DNONE_CIPHER_ENABLED to CFLAGS via the make command line or in
/etc/make.conf.

This code is a style(9) compliant version of these features extracted
from the patches published at:

http://www.psc.edu/networking/projects/hpn-ssh/

Merging this patch has been a collaboration between me and Bjoern.

Reviewed by: bz
Approved by: re (kib), des (maintainer)

Upgrade to OpenSSH 5.8p2.

Upgrade to OpenSSH 5.6p1.

Upgrade to OpenSSH 5.3p1.

Upgrade to OpenSSH 5.2p1.

MFC after: 3 months

Upgrade to OpenSSH 5.1p1.

I have worked hard to reduce diffs against the vendor branch. One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went away years ago. This may cause
some surprises, as ssh will warn about unknown host keys even for
hosts whose keys haven't changed.

MFC after: 6 weeks

Remove svn:keywords except on files that need it. This makes diffs
against the vendor branch much more readable.

Consistently set svn:eol-style.

This commit was generated by cvs2svn to compensate for changes in r162852,
which included commits to RCS files with non-trunk default branches.

Vendor import of OpenSSH 4.4p1.

Vendor import of OpenSSH 4.3p1.

Vendor import of OpenSSH 4.2p1.

Vendor import of OpenSSH 4.0p1.

Vendor import of OpenSSH 3.9p1.

Vendor import of OpenSSH 3.8p1.

Vendor import of OpenSSH 3.7.1p2.

Add a "return" that was missing from 3.6.1p1. Since it's been fixed in
the OpenSSH-portable CVS repo, I'm committing this on the vendor branch.

Vendor import of OpenSSH-portable 3.6.1p1.

Vendor import of OpenSSH-portable 3.5p1.

Vendor import of OpenSSH 3.4p1.

Vendor import of OpenSSH 3.3p1.

Vendor import of OpenSSH 3.3.

Vendor import of OpenSSH 3.1

Say "hi" to the latest in the OpenSSH series, version 2.9!

Happy birthday to: rwatson

Import of OpenSSH 2.3.0 (virgin OpenBSD source release).

Initial import of OpenSSH post-2.2.0 snapshot dated 2000-09-09

Initial import of OpenSSH v2.1.

Vendor import of OpenSSH.