$Id: Changes,v 1.59 2001/06/04 07:17:52 btrott Exp $

Revision history for Net::SSH::Perl

1.15  2001.06.03
    - Agent authentication is now supported for both SSH-1 and
      SSH-2 (SSH-2 agent is compatible with OpenSSH ssh-agent).
    - Added Net::SSH::Perl::Agent, which provides a client
      interface to an authentication agent.
    - Added IO::Socket as a prereq (for Net::SSH::Perl::Agent).
    - Abstracted out authentication management for SSH-2 login
      to Net::SSH::Perl::AuthMgr class. Holds authentication
      context and state during authentication negotiation and
      setup, and dispatches to appropriate functions based on
      packet types.
    - KeyBoardInt auth now uses new AuthMgr::register_handler
      method.
    - pssh-keygen now changes permissions of private key file
      to 0600 on key generation.
    - Fixed bug where pssh-keygen RSA key generation was
      incompatible with OpenSSL (ie. OpenSSH); Crypt::RSA uses
      ipmq (inverse of p mod q), and OpenSSL uses iqmp
      (inverse of q mod p). So we now explicitly force
      generation of iqmp when writing private key files.
    - Key::RSA::keygen no longer forces generation of CRT
      (Chinese Remainder Theorem) members, because Crypt::RSA
      now does this itself on key generation.
    - Net::SSH::Perl::Packet::read_poll now handles IGNORE
      messages, as well as handling DISCONNECT and DEBUG messages
      more intelligently (depending on protocol version).

1.14  2001.05.24
    - Added keyboard-interactive authentication (only usable in
      an interactive session).
    - Fixed Net::SSH::Perl::Key, which was unconditionally pulling
      in MIME::Base64, Digest::SHA1, and Digest::BubbleBabble. This
      caused problems for users of SSH1 protocol, for which these
      modules shouldn't be prereqs (thanks to Jason Tolsma for
      the spot). These modules are now conditionally loaded.
    - Fixed 5.005_03 syntax error in Key::RSA (calling variable
      method w/o parens).
    - Fixed Key::RSA so that it works with version 1.42 of
      Crypt::RSA.

1.13  2001.05.14
    - Added Channel::check_window method to check the local "window"
      size of a channel object. Channels manage how much data they
      receive using the window, and the sshd refuses to send more
      data than is available in the window. We need to send an
      adjust message to increase the size of the window,
      periodically. Found this bug through working with Net::SFTP
      (thanks to Matt Good for the initial spot).

1.12  2001.05.13
    - Added ChannelMgr::register_handler to set handlers for
      specific packet types for all channels. Moved default
      handler initialization into init method.
    - Abstracted quit_pending behavior into two methods,
      break_client_loop and _quit_pending. The former can be
      used by packet handlers, buffer handlers, etc. to force
      breaking out of the client loop.
    - Added length arg to mp2bin.

1.11  2001.05.11
    - Auto-detect SSH2 private key files as identity files and read
      them accordingly. Thanks to Matt Good for the original idea
      of reading SSH2 key files, as well as the patch.

1.10  2001.05.11
    - Added Key::RSA, an SSH2 key implementation, using Crypt::RSA;
      this provides support for the 'ssh-rsa' public key
      negotiation. Also supported by pssh-keygen (even for key
      generation).
    - Added HostKeyAlgorithms as a supported config option to set
      server host key algorithms.
    - Restructured DSA/publickey-auth implementation to allow for
      multiple public key algorithms, not just DSA. Moved Auth/DSA
      => Auth/Pubkey.
    - Added support for determining PEM private key file types (eg.
      RSA vs. DSA) from the first line of the PEM file.
    - Fixed broken Rhosts-RSA support (SSH1).
    - Added support for reading/writing comments from read_private
      and write_private method for RSA1 SSH1 keys (-c option in
      pssh-keygen).
    - Renamed Key::RSA to Key::RSA1 to allow for Key::RSA as SSH2
      RSA implementation.
    - Changed Key::DSA::size to use Crypt::DSA::Key::size; removed
      redundant Key initialization from Key::DSA::init.
    - Kex::DH1 now works with any type of server public key, not
      just DSA (ie. also works with ssh-rsa in addition to ssh-dss).

1.06  2001.05.07
    - Fixed bug with Blowfish cipher in SSH1 protocol; symptom would
      be "Corrupted check bytes on input" after sending the
      RSA-encrypted session key, and turning on encryption.
      This was due to an incorrect key length when setting the
      Blowfish key. Thanks to Dan Berger (djberge@uswest.com) for
      the spot.

1.05  2001.05.04
    - Fixed bug when entering password at prompt; entering an
      incorrect password more than three times would cause the
      authentication to hang. Thanks to Matt Good (mgood@nextdoor.com)
      for the spot and a fix.

1.04  2001.05.04
    - Fixed bug in version/protocol exchange that was causing a DSA
      signature verification error. I was cutting off just a newline,
      and some versions of ssh2 were sending ctrl-M characters as
      well that should be cut off. This caused errors like "DSA
      verification failed for server host key" during key exchange.
      Thanks to Matt Good (mgood@nextdoor.com) for the spot.
    - Fixed host wildcard matching in Net::SSH::Perl::Config so that
      the directive 'Host foo' no longer matches the host 'foobar';
      this was incorrect behavior and inconsistent with ssh.
    - Added more documentation for Key::DSA and Key::RSA.

1.03  2001.05.03
    - Fixed error with Net::SSH::Perl::Key::DSA and MIME::Base64.
    - Added better docs for Key classes.

1.02  2001.05.03
    - Fixed some doc errors, both syntax and content.
    - Reworked Makefile.PL to give more feedback about what's
      happening w/r/t testing prerequisite modules. Added
      Digest::BubbleBabble as optional prereq, and made Convert::PEM
      optional as well.
    - Added support for bubble-babble fingerprints, both in
      Key libraries (restructured to work with multiple types
      of fingerprinting) and in pssh-keygen (-B option).

1.01  2001.05.02
    - Added SSH2 support.
    - Added Channel, ChannelMgr classes to manage open SSH2
      channels.
    - Added Key and subclasses Key::DSA, Key::RSA; managed
      access to keys and keyfiles.
    - Split Util functions into sub-modules that are loaded
      on demand. Added more utility functions for SSH2 bigints,
      etc. Deprecated _load_private_key, _save_private_key,
      _load_public_key, in favor of usage of Net::SSH::Perl::Key
      classes.
    - Changed Constants implementation; don't use 'constant'
      module, just keep constants in hash, then export them
      in custom import method.
    - Added eg/pssh-keygen, which has *almost* all of the
      functionality in the OpenSSH ssh-keygen.
    - Added Mac classes for MAC packet integrity.
    - Added Cipher/RC4, an arcfour implementation (only for
      SSH2).
    - Added Kex and subclass for Diffie-Hellman Group 1.
    - Buffer now works for both SSH1 and SSH2; different
      mp_int representations.
    - SSH1 implementation: now uses Net::SSH::Perl::Comp for
      compression; uses Net::SSH::Perl::Key::RSA to hold RSA
      keys; now lives in Net::SSH::Perl::SSH1 and is loaded on
      demand; etc.

0.67  2001.04.20
    - now use _mp_linearize in _rsa_private_decrypt.
    - fixed bug with sending large STDIN packets. The symptom was
      that, when trying to send STDIN packets larger than MAX_PACKET_SIZE,
      you'd get an error and the packet wouldn't be sent. Thanks to
      Chris Beatson (chris@neonova.net) for the spot and a patch.
    - fixed odd bug with _mp_linearize. Aaron Paetznick
      (aaronp@critd.com) pointed this out, and I could only
      reproduce it on his system. The symptoms were that encryption
      would not work, resulting in "Corrupted check bytes on input"
      messages after encryption was turned on. This was due to a
      problem generating the session ID. Fixed by using a whole new
      version of _mp_linearize.

0.66  2001.03.22
    - fixed bug where calling 'cmd' more than once wouldn't get
      anything in returned stdout, stderr, or exit status. Thanks
      to John Tyrrell (tyrrell@verio.net) for the spot.

0.65  2001.03.21
    - fixed bug with "Cipher <name>" in config file or 'options'
      param. This wasn't mapping ssh cipher names to Net::SSH::Perl
      cipher names (ie. should map 'idea' => 'IDEA'). Thanks to
      Edward Vopata (vopata@pulsar.itg.ti.com) for the spot and
      a patch.
    - made it clearer that Net::SSH::Perl currently supports only
      SSH1 protocol.
    - better error checking for getservbyname lookup of ssh
      service (to get default port).
    - added eg/remoteinteract.pl, which demonstrates how to interact
      with a remote (interactive) command.

0.64  2001.03.13
    - fixed bug in Net::SSH::Perl::Cipher::new_from_key_str;
      empty key string (passphrase) was broken. This never
      cropped up in regular usage, only in testing.
    - added _save_private_key function to Net::SSH::Perl::Util,
      used to save private key files.
    - added cipher tests (05-cipher.t).
    - PasswordPromptLogin and PasswordPromptHost config options
      are now supported (on by default).
    - added untainting code for all places where data is read
      from external sources (ie. socket, key files, etc.),
      which should fix the "Corrupted check bytes" errors when
      using -T. It was breaking because substr replacement
      doesn't work on tainted values. See this p5p thread:
      http://www.xray.mpe.mpg.de/mailing-lists/perl5-porters/2000-09/msg00799.html

0.63  2001.03.09
    - added documentation to pssh (eg/pssh), as well as a -V
      option.
    - fixed bug where User specified in config file would be
      overridden by lack of user in login method.
    - return value of buffer->dump method no longer contains
      extra space at the end.

0.62  2001.03.08
    - fixed test bug with StringThing package by adding FILENO
      method. Should fix problem with 5.6 test suite.
    - added merge_directive method to Net::SSH::Perl::Config,
      and 'options' arg to Net::SSH::Perl constructor.

0.61  2001.03.07
    - changed in_leftover implementation and name. The method
      is now named incoming_data, and the implementation is
      a Net::SSH::Perl::Buffer object.
    - changed to using non-blocking sockets. Net::SSH::Perl::Packet
      added a read_poll method, which doesn't block; read still
      blocks (using select).
    - added shell connection functionality, and abstracted out
      interactive session code a bit better. Added pty support.
      In the future 'shell' could conceivably be used to execute
      multiple commands over the same ssh connection.
    - added 3DES as fallback cipher if IDEA isn't supported.
    - _check_host_in_hostfile now returns HOST_NEW if the hostfile
      can't be opened, consistent with how ssh and openssh work.

0.60  2001.03.02
    - added compression support, along with Compression and
      CompressionLevel config directives, and docs
    - added ability to register handlers for specific packet
      types read during the client loop

0.53  2001.02.28
    - added Net::SSH::Perl::Config; reads ssh config files
      and merges constructor options with config options
    - updated DESCRIPTION for Net::SSH::Perl

0.52  2001.02.21
    - added ability to specify RSA identity files; defaults
      to "$ENV{HOME}/.ssh/identity"
    - Blowfish cipher will try to use Crypt::Blowfish_PP if
      it can't use Crypt::Blowfish
    - added lots of POD
    - fixed bug where unknown hosts wouldn't be added to
      hostfile
    - sorted out common sections between Net::SSH::Perl POD
      and README

0.51  2001.02.20
    - Blowfish support has now been added.

0.50  2001.02.19
    - moved my Net::SSH libraries into the Net::SSH::Perl
      namespace; hooked up the main Net::SSH interface lib.
    - added ssh and issh wrappers around OO methods.
    - added configure method to Net::SSH interface; used to
      set up connection params when using procedural
      interface.
    - added RSA authentication.
    - ripped out IO::Socket usage, replaced with manual
      socket creation and connection so we can try to bind to
      ports 1023 down through 512, if the user wants to
      connect on a privileged port.
    - added Rhosts-RSA and Rhosts authentication, with the
      caveat that they only work when running as root
      and on a privileged port.

0.03  2001.01.19
    - integrated modified CBC and CFB ciphers into distribution;
      no more reliance on Crypt::CFB and Crypt::CBC
    - improved cipher checking; added list of ciphers supported
      by client, based on which cipher drivers can be loaded
    - fixed rsa_private_decrypt bug (occurred when session key
      int was 255 chars long as hex string, rather than 256).
    - Chip Turner, author of Math::GMP, added my patch to his
      distribution, thus making installation much easier. Thanks
      Chip.
    - added cipher support to installation process.
    - abstracted the auth plugins into Auth modules; this will
      allow the addition of other authentication modules in
      the future.
    - moved utility routines into Net::SSH::Util.
    - changed Net::SSH::Constants to use Exporter.

0.02  2001.01.18
    - added DES and 3DES ciphers
    - more host key support: adds new host keys to user host key file
    - checked for unsupported Net::SSH::Buffer methods in AUTOLOAD
    - added example script, eg/cmd.pl
    - can now specify cipher via new method
    - checks against server's supported cipher list

0.01  2001.01.10
    - original version; created by h2xs 1.19