Simon Tatham [Sat, 27 Nov 2004 15:32:45 +0000 (15:32 +0000)]
Almost _all_ of the final connection-layer loop, in both SSH1 and
SSH2, is now handled by the packet dispatch table. Dispatch table
entries are enabled as soon as possible, so that if anyone tries to
(for example) start using a forwarded port before the main shell
session setup has finished, things should work sensibly.
The SSH code is now a hybrid of coroutine-based sequential logic and
table-driven event dispatch, each where it makes the most sense. I'm
rather pleased with it.
Should fix: ext-data-at-start, portfwd-at-start.
[originally from svn r4909]
[this svn revision also touched putty-wishlist]
Simon Tatham [Sat, 27 Nov 2004 14:29:20 +0000 (14:29 +0000)]
Implement client-initiated rekeys after an hour, or after 1Gb of
data transfer in either direction (whichever comes first), or at
explicit client request (nice idea Jacob). Have tested by lowering
the limits, and it all seems solid enough; in particular, this has
also allowed me to test the behaviour when connection-level data is
received during rekey, and that looks fine too (at least it does
_now_ :-).
[originally from svn r4908]
[this svn revision also touched putty-wishlist]
Simon Tatham [Sat, 27 Nov 2004 13:20:21 +0000 (13:20 +0000)]
New timing infrastructure. There's a new function schedule_timer()
which pretty much any module can call to request a call-back in the
future. So terminal.c can do its own handling of blinking, visual
bells and deferred screen updates, without having to rely on
term_update() being called 50 times a second (fixes: pterm-timer);
and ssh.c and telnet.c both invoke a new module pinger.c which takes
care of sending keepalives, so they get sent uniformly in all front
ends (fixes: plink-keepalives, unix-keepalives).
[originally from svn r4906]
[this svn revision also touched putty-wishlist]
Simon Tatham [Wed, 24 Nov 2004 20:35:15 +0000 (20:35 +0000)]
Re-architected the top level of the SSH protocol handlers.
ssh1_protocol() and ssh2_protocol() are now high-level functions
which see _every_ SSH packet and decide which lower-level function
to pass it to. Also, they each support a dispatch table of simple
handler functions for message types which can arrive at any time.
Results are:
- ignore, debug and disconnect messages are now handled by the
dispatch table rather than being warts in the rdpkt functions
- SSH2_MSG_WINDOW_ADJUST is handled by the dispatch table, which
means that do_ssh2_authconn doesn't have to explicitly
special-case it absolutely every time it waits for a response to
its latest channel request
- the top-level SSH2 protocol function chooses whether messages get
funnelled to the transport layer or the auth/conn layer based on
the message number ranges defined in the SSH architecture draft -
so things that should go to auth/conn go there even in the middle
of a rekey (although a special case is that nothing goes to
auth/conn until initial kex has finished). This should fix the
other half of ssh2-kex-data.
Simon Tatham [Wed, 24 Nov 2004 19:23:02 +0000 (19:23 +0000)]
Now that Packet structures are dynamically allocated, it means we
can keep several of them in parallel. In particular, this allows us
to queue outgoing packets during repeat key exchange, to be actually
sent after the rekey completes.
(This doesn't fully fix ssh2-kex-data; also required is the ability
to handle _incoming_ connection-layer packets during rekey without
exploding.)
Simon Tatham [Wed, 24 Nov 2004 18:45:52 +0000 (18:45 +0000)]
Minor refactoring: the fields `pktin' and `pktout' in the Ssh
structure have been retired. Now all Packet structures are
dynamically allocated. Each rdpkt function allocates one, and it's
freed after being used; and the packet construction functions
allocate them too, and they're freed by the send functions.
`pktin' and `pktout' were ugly. They were _morally_ still global
variables; even though they were replicated per SSH session to
comply with the Mac no-globals requirement, they weren't really in
the _spirit_ of `dynamically allocate your data'.
As a side effect of this change, the `pktout_blanks' and
`pktout_nblanks' fields in the Ssh structure have been moved into
the Packet structure.
Simon Tatham [Wed, 24 Nov 2004 11:36:08 +0000 (11:36 +0000)]
RJK's OS X portability patch:
- initialise blank mbstate_t using memset rather than an ad-hoc
initialiser.
- expand the OMIT_UTMP ifdefs to enclose a load of entire functions
that would generate `static function never called' warnings if
left as empty shells.
- couple of other fiddly things.
Simon Tatham [Wed, 24 Nov 2004 11:35:27 +0000 (11:35 +0000)]
It's probably about time I took my private path to the Halibut
binary out of the PuTTY docs Makefile. Instead, I expect to find
Halibut as simply `halibut' on the PATH, and anyone who doesn't have
it there can always do `make HALIBUT=/path/to/halibut'.
Jacob Nevins [Sat, 20 Nov 2004 18:29:58 +0000 (18:29 +0000)]
UI tweak from Malcolm Rowe: set IDM_VIEWKEYS as the default menu item and use
that mechanism to invoke it on double-click; this emboldens it in the right-
click menu.
Jacob Nevins [Sat, 20 Nov 2004 17:47:40 +0000 (17:47 +0000)]
XXX comment in the logic which sends failed password auth back to username
prompt for keyboard-interactive. I suspect we should do the same with that
method (especially given the apparent number of systems that use it for
regular password auth), but in the absence of systems to test against I've
not actually made the change. (I'm worried that the `partial success' field
might not be set correctly in a multi-stage authentication, for instance.)
Jacob Nevins [Sat, 20 Nov 2004 17:11:38 +0000 (17:11 +0000)]
As a result of the policy allowing changes of username to reset the
authentication state, a failed `password' authentication in SSH-2 was
sending us back to trying `none' and `keyboard-interactive' each time
round, which uses up OpenSSH's quota of authentication attempts rather
quickly. Added a check for `cfg.change_username' to the logic which
sends us back to the start.
Jacob Nevins [Fri, 19 Nov 2004 21:05:31 +0000 (21:05 +0000)]
console_get_line() returns failure iff console_batch_mode is set, whereas
before is would return success and the empty string. IMO this makes `-batch'
much more useful; before, utilities such as Plink in `-batch' mode would
attempt to plough on using empty strings for usernames, passwords, and so on.
Jacob Nevins [Fri, 19 Nov 2004 20:57:32 +0000 (20:57 +0000)]
Remove FLAG_INTERACTIVE test from "login as:" prompt. Kelly John Carney
pointed out that Plink would attempt to use a zero-length username iff
a remote command was specified (because the FLAG_INTERACTIVE test was
erroneously combined with the no-username test).
I don't think this will break non-interactive use; in the cases which
behave differently, Plink would be attempting to use the empty
username, which was almost certainly wrong, whereas now it will give a
prompt (which can be avoided with -batch as usual).
(Although perhaps we should attempt to use a local username as a guess for
the remote username, as PSCP does? I've not done this.)
Jacob Nevins [Thu, 18 Nov 2004 19:41:41 +0000 (19:41 +0000)]
"Software caused connection abort": a couple of people now have got rid of
this with keepalives. Also try to emphasise that this seems to be a generic
catch-all type of error.
Jacob Nevins [Thu, 18 Nov 2004 17:13:45 +0000 (17:13 +0000)]
*sigh* X11 forwarding to a local display (":0" or similar) specified in the
environment rather than the configuraton was failing as of 0.56 (introduced
in r4604). This probably only bit users of Unix PuTTY. Didn't spot in testing
as I was forwarding to already-forwarded displays. I really wasn't having a
good month that month, was I?
Simon Tatham [Thu, 18 Nov 2004 15:16:18 +0000 (15:16 +0000)]
Add an extra appendix to the manual containing PuTTY's (hitherto)
unwritten design principles, so would-be contributors won't have to
either read our minds or pay _very_ close attention to the code.
Simon Tatham [Thu, 18 Nov 2004 11:30:39 +0000 (11:30 +0000)]
Move MODULE files out of individual project directories into a
MODULES top-level directory, which is where the Tartarus website
scripts will (hopefully) start reading them from.
[originally from svn r4813]
[this svn revision also touched charset,enigma,filter,halibut,puzzles,pycee,sdlgames,timber]
Simon Tatham [Wed, 17 Nov 2004 18:27:04 +0000 (18:27 +0000)]
mkunxarc.sh was still including (mostly empty) .svn directories, and
that in turn was confusing the new doc/Makefile mechanism. Fixed the
former, and also put an additional safeguard in the latter in a
belt-and-braces sort of fashion.
Simon Tatham [Wed, 17 Nov 2004 18:16:59 +0000 (18:16 +0000)]
Now we use Subversion, it seems excessive to have an individual $Id$
line for every single .but file at the bottom of each page of the
HTML PuTTY docs. However, we can't _always_ replace that with a
single SVN revision, because there isn't always one available (SVN
still allows mixed working copies in which some files are
deliberately checked out against a different revision).
Hence, here's a mechanism for doing better. It uses `svnversion .'
to determine _whether_ a single revision number adequately describes
the current directory, and replaces all the version IDs with that if
so. If it can't do that, it uses the version IDs as before.
Also, this allows an explicit version string to be passed on the
make command line which will override _both_ these possibilities, so
that release documentation can be clearly labelled with the release
version number.
Simon Tatham [Tue, 16 Nov 2004 23:26:22 +0000 (23:26 +0000)]
Fix Windows installer script: the paths were wrong after the
directory reorganisation, and also the EOL style needs to be CRLF or
Inno Setup gets upset.
Simon Tatham [Tue, 16 Nov 2004 22:14:56 +0000 (22:14 +0000)]
Now that we have Subversion's file renaming ability, it's time at
long last to move all the Windows-specific source files down into a
`windows' subdirectory. Only platform-specific files remain at the
top level. With any luck this will act as a hint to anyone still
contemplating sending us a Windows-centric patch...
Simon Tatham [Tue, 16 Nov 2004 15:29:14 +0000 (15:29 +0000)]
Remove .cvsignore files on all active branches.
[originally from svn r4788]
[this svn revision also touched bmbm,caltrap,charset,enigma,filter,fonts,golem,grunge,halibut,html,lj,local,misc,polyhedra,putty-website,putty-wishlist,puzzles,pycee,sdlgames,svn-tools,timber,tweak]
Jacob Nevins [Mon, 15 Nov 2004 15:57:28 +0000 (15:57 +0000)]
Mention that comp.terminals may also be a useful newsgroup.
I've done this by centralising information about newsgroups in feedback.but
and linking to that from elsewhere; I've also put in a link to Google Groups.
Simon Tatham [Mon, 15 Nov 2004 11:10:36 +0000 (11:10 +0000)]
Miloslav Cempirek Ing points out that we should return from
sessionsaver_handler after processing a one-click saved session
launch, to protect against accidentally calling dlg_end twice on the
same dialog.
Simon Tatham [Thu, 11 Nov 2004 09:40:50 +0000 (09:40 +0000)]
I masked off LATTR_WRAPPED et al in do_text_internal(), but forgot
to do the same in do_cursor(). Bet that's the cause of Andrey
Borzenkov's cursor positioning bug.
Jacob Nevins [Tue, 2 Nov 2004 23:06:20 +0000 (23:06 +0000)]
Go back to using intervals of 16 for the saved session identifiers for the
system menu, but expand from 256 entries to 1024 as there seems to be plenty
of space.
Jacob Nevins [Tue, 2 Nov 2004 22:30:24 +0000 (22:30 +0000)]
Simon has reminded me _why_ menu identifiers were spaced every sixteen, so
let's add a comment so that we don't forget again. Source:
<http://msdn.microsoft.com/library/default.asp?url=/library/en-us/winui/winui/windowsuserinterface/userinput/keyboardaccelerators/keyboardacceleratorreference/keyboardacceleratormessages/wm_syscommand.asp>
Jacob Nevins [Tue, 2 Nov 2004 17:44:06 +0000 (17:44 +0000)]
Since neither I nor Owen know why the IDM_ values for the saved-sessions
submenu were going up in steps of 16, I've changed to steps of 1, thus
increasing the possible number of sessions from ~256 to 4096, since a
recent report seemed to indicate that the previous limit might not be
enough for someone (!)
I can't find any documentation that puts an upper limit on the number of
menu items, and it seems to work on Win98, which is where I'd expect it to
break if anywhere.
Also a number of other tweaks to this code.
Jacob Nevins [Mon, 1 Nov 2004 00:47:37 +0000 (00:47 +0000)]
Ahem, let's not try initialising a static with a non-constant initialiser.
Also, I'm pretty sure that adding a source address to a remote SSH-2 forwarding
can never have worked, since we added an address string to the packet twice in
that case. OpenSSH 3.4p1 certainly doesn't like it (`Server has disabled port
forwarding' debug message). Fixed (and OpenSSH is happier now).
Jacob Nevins [Mon, 1 Nov 2004 00:17:31 +0000 (00:17 +0000)]
Argh. Failure to make a variable static to get round coroutine
mechanics means that each SSH-2 remote tunnel will sfree() something
random and thus have a chance of crashing or doing something else
bad, although it won't otherwise affect execution. Introduced in
1.319 [r4529] (some of my improved diagnostics). One day I'll make a
checkin to ssh.c without forgetting about the coroutines...
Jacob Nevins [Thu, 28 Oct 2004 00:23:44 +0000 (00:23 +0000)]
Malcolm Rowe spotted that we broke display of SSH2_MSG_DEBUG messages while
fixing `vuln-ssh2-debug', by missing out a field. In most cases
(always_display = 0) we would log a zero-length or truncated message.
Jacob Nevins [Sun, 24 Oct 2004 22:57:36 +0000 (22:57 +0000)]
Add a note about documentation of the Unix port (i.e., we don't, specifically).
This is mainly intended to make the documentation suitable for including in
distributions such as the Debian package, but won't be amiss on the web site
docs. It will look a bit out of place in the .HLP, but never mind.
Jacob Nevins [Sun, 24 Oct 2004 18:26:00 +0000 (18:26 +0000)]
Random tweaks:
- change click-by-click advice on modifying saved sessions
- add `Restart Session' as another reason you might not want to close the
window on exit; other tweaks to this language
- mention Shift-Backspace action
- the window resizing configuration documentation was completely out of
date; rewrite
- add a note about Default Bold Background since it's caused confusion
- "remote terminal" -> "remote system" in terminal-type doc
Jacob Nevins [Sun, 24 Oct 2004 16:24:58 +0000 (16:24 +0000)]
Freshness tweaks:
- soften language around changing-username-during-login section; with SSH-2
this is a misfeature of implementations rather than the protocol itself
- tweak new-host-key dialog text
Jacob Nevins [Sun, 24 Oct 2004 15:58:31 +0000 (15:58 +0000)]
Differences between protocols: remove the entire paragraph about environment
variables. It was no longer true (given that we support them in SSH-2 now),
and the new situation was probably too complex to explain in an introductory
chapter. And the utility of setting them seems to be marginal these days given
the lack of server support.
Simon Tatham [Thu, 21 Oct 2004 10:59:53 +0000 (10:59 +0000)]
I just had a need to decode a piece of Zlib data from out of the
middle of a PDF. So here's a modification to sshzlib.c which enables
it to be compiled into a standalone Zlib decoder if you define
ZLIB_STANDALONE. As an added bonus, it (both standalone and in
PuTTY) also validates the Zlib header, just to make sure someone
hasn't defined a new compression format.
Jacob Nevins [Tue, 19 Oct 2004 13:54:50 +0000 (13:54 +0000)]
Munge line-drawing description to match current naming and order of options
(in the Windows version), and hopefully to clarify distinction between line
charset and local font, which has occasionally foxed me.
Cross-reference the Translation panel reference section from the intro
section in using.but and mention line-drawing characters there also.
Jacob Nevins [Mon, 18 Oct 2004 00:41:48 +0000 (00:41 +0000)]
Add support for logging "exit-signal", why not.
This is disgustingly huge because old versions of OpenSSH got the message
format wrong, so we have to infer which format is in use. Tested with
Debian stable OpenSSH (3.4p1), with `uint32' packet, and lshd, which uses
the correct `string' packet, and also let me test "core dumped" and the
explanatory message.
Jacob Nevins [Sun, 17 Oct 2004 21:22:22 +0000 (21:22 +0000)]
Support the SSH-2 mechanism for sending signals to a running session. Neither
of the SSH servers I conveniently have access to (Debian stable OpenSSH --
3.4p1 -- and lshd) seem to take a blind bit of notice, but the channel
requests look fine to me in the packet log.
I've included all the signals explicitly defined by
draft-ietf-secsh-connect-19, but I've put the more obscure ones in a submenu
of the specials menu; there's therefore been some minor upheaval to support
such submenus.
Jacob Nevins [Sun, 17 Oct 2004 15:32:42 +0000 (15:32 +0000)]
We shouldn't offer the Break special when we don't have a session to send it
down. (A side effect of fixing this is that ssh->mainchain is set to NULL
when it closes, which might avoid other sorts of trouble.)
While we're here, don't bother offering SSH1_MSG_IGNORE if we believe the
remote will barf on it.
Jacob Nevins [Sun, 17 Oct 2004 14:44:27 +0000 (14:44 +0000)]
Telnet specials menu was not being reinstated after a session was restarted in
the same window (Windows version only).
Policy change: it's now the backend's responsibility to call
update_specials_menu() at the start of a session (or whenever it feels ready),
if it has any special commands. Otherwise the menu won't be displayed.
Simon Tatham [Sat, 16 Oct 2004 14:17:58 +0000 (14:17 +0000)]
Markus Kuhn's UTF-8 page
http://www.cl.cam.ac.uk/~mgk25/unicode.html#activate
feels strongly that it should be easy to make _all_ your
applications work in UTF-8 mode, without having to remember a switch
for each one. Every application should simply note a UTF-8 locale
setting and switch into UTF-8 mode automatically.
Therefore, for the Unix port only, there's now a checkbox, enabled
by default, which causes the drop-down Translation box to be
overridden if the locale indicates UTF-8. Anyone who doesn't like
this, or doesn't like MGK, is welcome to turn it straight back off.
I'm not _completely_ convinced by MGK's argument myself; for
xterm/pterm to do _useful_ UTF-8 you also need to specify a decently
Unicode-capable font, and there's no way _that_ can be automagically
done on noticing a locale setting. But it's a de facto standard
(i.e. xterm does it :-) so I might as well at least be _able_ to
support it.
Simon Tatham [Sat, 16 Oct 2004 10:56:54 +0000 (10:56 +0000)]
Moved the environment variables config block out of the Telnet panel
into the Connection panel, and implemented support for the SSH2
"env" request. (I haven't yet found a server which accepts this
request, so although I've visually checked the packet log and it
looks OK, I haven't yet been able to do a full end-to-end test.)
Also, the `pty' backend reads this data and does a series of
`putenv' commands before launching the shell or application.
This is mostly because in last week's UTF-8 faffings I got
thoroughly sick of typing `export LANG=en_GB.UTF-8' every time I
started a new testing pterm, and it suddenly occurred to me that
this would be precisely the sort of thing you'd want to have pterm
set up for you, particularly since you can configure it alongside
the translation settings and so you can ensure they match up
properly.
Simon Tatham [Fri, 15 Oct 2004 12:37:44 +0000 (12:37 +0000)]
Fix two memory leaks in the new code. (There's no point compressing
the scrollback if you then leak away all the memory you saved!) One
of the leaks - by far the bigger of the two - was in my temporary
diagnostic function cc_check(), which is particularly embarrassing :-)
Simon Tatham [Fri, 15 Oct 2004 11:14:42 +0000 (11:14 +0000)]
Don't forget to flush the bidi cache when the user enables or
disables bidi or shaping, otherwise they'll have to do a manual
screen refresh to see any difference.
Simon Tatham [Fri, 15 Oct 2004 09:16:58 +0000 (09:16 +0000)]
Fix Windows redraw problem on RH half of wrapped lines. (term_paint
was checking whether lattr == LATTR_NORM, where it should have been
checking (lattr & LATTR_MODE) to mask off LATTR_WRAPPED et al.
Simon Tatham [Fri, 15 Oct 2004 08:22:49 +0000 (08:22 +0000)]
Mark cc_check() and all calls to it with the new
XXX-REMOVE-BEFORE-RELEASE tag, since they're performance-intensive.
And now that I'm reasonably confident of remembering to remove them
before the next release, I feel less guilty about adding them willy-
nilly all over the place, so I've shoved in a couple more for now :-)
Simon Tatham [Fri, 15 Oct 2004 08:16:29 +0000 (08:16 +0000)]
I'm instituting a policy that before every release I will grep the
PuTTY source for the word XXX-REMOVE-BEFORE-RELEASE, and not release
until I've got rid of all of them. Hence, here's an addition to the
release checklist which will remind me to do so.
I don't want this mechanism to seriously inhibit a release by being
a placeholder for a large piece of work we might never get round to.
It should be used only in cases where it's _simple_ to change the
offending code: for example, a performance-impacting diagnostic
might be invaluable while testing nightly snapshots but wouldn't
want to slow down everyone's next release, and it's easy to get rid
of on release day.
Simon Tatham [Thu, 14 Oct 2004 16:42:43 +0000 (16:42 +0000)]
First-stage support for Unicode combining characters. The `chars'
array of each `termline' structure now contains optional additional
entries after the normal number of columns, which are used to chain
a linked list of combining characters off any primary termchar that
needs it. This means we support arbitrarily many combining
characters per cell (unlike xterm's hard limit of 2).
Cut and paste works correctly (selecting a character cell containing
multiple code points causes all those code points to be cut and
pasted). Display works by simply overlaying all the relevant
characters on top of one another; this is good enough for Unix
(xterm does the same thing), and mostly seems OK for Windows except
that the Windows Unicode fonts have a nasty habit of not containing
most of the combining characters and thus overlaying an
unknown-code-point box on your perfectly good base glyph.
I had no idea how to add support in the Mac do_text(), so I've
simply stuck in an assertion that will trigger the first time a
combining character is displayed, and hopefully this will bite
someone with the clue to fix it.
Simon Tatham [Wed, 13 Oct 2004 13:43:11 +0000 (13:43 +0000)]
Implement part of `ssh2-generality': introduce the ability to tell
PuTTY / Plink not to run a remote shell/command at all. Supported in
the GUI configuration and via the (OpenSSH-like) -N command-line
option.
No effort is currently made to arrange `nice' UI properties. If you
do this in GUI PuTTY, a full-size terminal window will still be
created, and will sit there with almost nothing in it throughout
your session. If you do it in Plink, Plink will not accept any kind
of request to terminate gracefully; you'll have to ^C or kill it.
Nonetheless, even this little will be useful to some people...
Simon Tatham [Wed, 13 Oct 2004 12:29:50 +0000 (12:29 +0000)]
I think we've been told before that you're not supposed to
CloseHandle() the thing returned from MonitorFromPoint. Certainly MS
Visual Studio's debugger complained about it just now. CloseHandle()
call removed.
Simon Tatham [Wed, 13 Oct 2004 11:50:16 +0000 (11:50 +0000)]
Re-engineering of terminal emulator, phase 1.
The active terminal screen is no longer an array of `unsigned long'
encoding 16-bit Unicode plus 16 attribute bits. Now it's an array of
`termchar' structures, which currently have 32-bit Unicode and 32
attribute bits but which will probably expand further in future.
To prevent bloat of the memory footprint, I've introduced a mostly
RLE-like compression scheme for storing scrollback: each line is
compressed into a compact (but hard to modify) form when it moves
into the term->scrollback tree, and is temporarily decompressed when
the user wants to scroll back over it. My initial tests suggest that
this compression averages about 1/4 of the previous (32 bits per
character cell) data size in typical output, which means this is an
improvement even without counting the new ability to extend the
information stored in each character cell.
Another beneficial side effect is that the insane format in which
Unicode was passed to front ends through do_text() has now been
rendered sane.
Testing is incomplete; this _may_ still have instabilities. Windows
and Unix front ends both seem to work as far as I've looked, but I
haven't yet looked very hard. The Mac front end I've edited (it
seemed obvious how to change it) but I can't compile or test it.
As an immediate functional effect, the terminal emulator now
supports full 32-bit Unicode to whatever extent the host platform
allows it to. For example, if you output a 4-or-more-byte UTF-8
character in Unix pterm, it will not display it properly, but it
will correctly paste it back out in a UTF8_STRING selection. Windows
is more restricted, sadly.
Jacob Nevins [Wed, 6 Oct 2004 22:31:07 +0000 (22:31 +0000)]
X forwarding changes:
- new function platform_get_x_display() to find a sensible local display.
On Unix, the Gtk apps weren't taking account of --display when
determining where to send forwarded X traffic.
- explicitly document that leaving X display location blank in config tries
to do something sensible (and that it's now blank by default)
- don't override X11Display setting in plink, since that's more properly
done later
Jacob Nevins [Sat, 2 Oct 2004 00:33:27 +0000 (00:33 +0000)]
`ssh-log-pw-blank': known password fields are now omitted from SSH packet logs
by default (although they can be included). There's also an option to remove
session data, which is good both for privacy and for reducing the size of
logfiles.
Jacob Nevins [Wed, 29 Sep 2004 23:57:03 +0000 (23:57 +0000)]
Mention the negotiated SSH-2 MAC algorithm(s) in the Event Log.
(It should be possible to at least see what MAC is in use without going to a
SSH packet log.)