----------------------------------------------------------------------------
SSH_V592P011 patch kit (revision 1.1) for TCPware 5.8/5.9	21-May-2010

Copyright (c) 2006, 2007, 2008, 2010 by Process Software

         This VMSinstallable saveset provides a new version of the
         following SSH components:

         - SSH client (SSH2.EXE)
         - SSH1 server (SSHD.EXE)
         - SSH2 server (SSHD2.EXE)
         - SSH master control program (SSHD_MASTER.EXE)
         - SSH identity agent program (SSH-AGENT2.EXE)
         - SSH key generators (SSH-KEYGEN.EXE and SSH-KEYGEN2.EXE)
         - SSH key signer (SSH-SIGNER2.EXE)
         - SSH loadable executive image (SSHLEI.EXE, LOAD_SSHLEI.EXE,
           UNLOAD_SSHLEI.EXE)
         - SSH agent identity manipulation program (SSH-ADD2.EXE)
         - SSH file copy client (SCP2.EXE)
         - SSH SFTP client (SFTP2.EXE)
         - SSH file copy servers (SFTP-SERVER2.EXE and SCP-SERVER1.EXE)
         - SSH server configuration template file (SSHD2_CONFIG.TEMPLATE)
         - SSH certificate enrollment program (SSH-CMPCLIENT.EXE)
         - SSH configuration procedure (SSH_CONTROL.COM)
	 - SSH Public Key Assistant (PUBLICKEY_ASSISTANT.EXE)
         - SSH Certificate Viewer (SSH-CERTVIEW.EXE)
         - SSH shared libraries (SSH_ZLIB.EXE, SSH_FSCLM.EXE)
	 - SSH Public Key Server (PUBLICKEY-SERVER.EXE)
         - SSH Certificate Viewer (SSH-CERTVIEW.EXE)
	 - SSH client configuration template (SSH2_CONFIG.TEMPLATE)
	 - LDAP authentication plugin using the VMS Authentication Module
	   (LDAP-PLUGIN.EXE)
	 - SecurID authentication plugin using the VMS Authentication Module
	   (SECURID-PLUGIN.EXE)
	 - SSH X.509 certificate tool (SSH-CERTTOOL.EXE)
         - SSH shareable image (SSHSHR.EXE)

         A new version of the following common TCPware utilities are 
	 provided for TCPware V5.8:

         - TCPware command definitions (TCPWARE_COMMANDS.COM and
           TCPware.CLD)

         This ECO is dependent upon the following TCPware ECOs:

         - NET_V592P020 for TCPware V5.9
         - NET_V582P010 for TCPware V5.8

         A system reboot is requred after installing this ECO, to load 
	 the new software features.

	 This kit includes the following corrections:

     	 o On Integrity systems only, fix a problem with old and 
	   incorrect copies of SSHLEI.EXE being left in 
	   SYS$SYSROOT:[SYS$LDR] after applying the SSH_V592P010 ECO.  
	   This file should only be in SYS$COMMON:[SYS$LDR].   
	   [DE 11021]

	This ECO also addresses all of the same problems from the
	SSH_V592P010 ECO:

        o Correct problems with specifying a version number on a 
   	  source file and getting the file appropriately transferred 
	  to the remote system.  [DE 9852/10242]

        o Errors from attempting to close a file that is already 
	  closed are now ignored. Don't make call to set file 
	  characteristics when there are no characteristics to be set.  
	  [DE 10829]

        o Improvements to FXP_REALPATH processing.  [DE 10832]

        o Remove hashing data structures from buffer management data
	  structures to reduce memory utilization. (TCPware SCP2 & 
	  SFTP2 do not support file hashing to check to see if a file 
	  is different before transferring.)  [DE 10937]

        o An assertion in SSHADT in the SSHD2 server could
	  fail, causing the server to abort. [10967]

        o SSH OPCOM session accept and session reject messages
	  would sometimes display garbage at the end of the
	  message. [DE 10629]

        o Corrected an ACCVIO when public key authentication
	  fails in batch mode. [DE 10675]

        o When using the VMS Authentication Module and LDAP
	  for authentication, the LDAP_ALLOW_NULL_PASSSWORD
 	  flag isn't honored properly.

        o Problems with DCL passing arguments to SSH on Integrity
	  systems when using /PARSE_STYLE=EXTENDED.  [DE 11002]

        o When connecting to an Integrity management processor, the
  	  key guess is incorrect.  [DE 10979]

        o The number of connection attempts and the timeout for each
	  attempt for the client needs to be configurable. The following
	  configuration keywords in SSH2_DIR:SSH2_CONFIG have been
	  added:

		ConnectionTimeout (default zero seconds) 
		ConnectionAttempts (default 5)

	  [DE 9175]

        o DSA host keys can't be generated.  [DE 10972]

        o VAX keys can't be generated on some versions of VAX/VMS.

        o The user group in the UAF isn't used when doing group 
	  comparisions (e.g., AllowGroups or DenyGroups).  [DE 10958]


                   *** Notes for Kerberos 5 Support ***


         Support for Kerberos 5 is based on HP Kerberos V5 for OpenVMS.

         SSH may be configured and used at any time, either with or
         without Kerberos; however, Kerberos is required to perform Kerberos 
         authentication in the SSH server.  If Kerberos is installed at some 
         later time after SSH is started, restarting SSH will allow it to 
         use Kerberos.

         Some chapters of the TCPware documentation having to do with SSH
         have been updated for TCPware V5.8.  New PDF files of these 
         are supplied in this ECO for those versions of TCPware, and are 
         copied to the TCPWARE_COMMON:[TCPWARE] directory.  

         These are:

             TW_MANAGEMENT_SSH1_SERVER_CH25.PDF
             TW_MANAGEMENT_SSH2_SERVER_CH26.PDF
             TW_USER_GUIDE_SSH_CLIENT_CH16.PDF
             TW_USER_GUIDE_FILE_XFER_CH17.PDF

---------------------------------------------------------------------------

         This kit also includes the following changes from previous
         ECO kits for TCPware V5.8-2: 

	 SSH-V582P020
         ------------

         o SSH sessions could occasionally encounter a fatal error of
           "Assertion failed: iorec != ((void *) 0)".  This has been 
           corrected.  [DE 10716]

         o When executing SSH sessions in a batch job that executes a 
           script on a UNIX system, the SSH client could hang in a loop, 
           consuming system resources.  This has been corrected.   However, 
           a timing issue may remain that can be cured with the addition
           of a "sleep 1" statement at the end of the UNIX script.  

         o For ODS-5 devices SFTP will only put carets in file names if 
           the logical MULTINET_SFTP_ADD_ODS5_CARETS is defined to be 
           True, Yes, or 1.  In all other cases the name will be used as-is.

         o The PWD_EXPIRED UAF flag wasn't being handled correctly.
   
	 SSH-V582P010
         ------------

         o When executing SSH in a command procedure or batch job, and 
           SSH executes a remote command on some UNIX systems where output
           is done to STDERR on the UNIX system, the SSH client on the
           VMS side may hang.  This has been corrected such that now the
           message "input device is not a terminal" may be seen, and at
           the end of some sessions, the fatal error "Assertion failed:
           iorec != ((void *) 0)" may be seen.  This error occurs after
           all remote processing has been completed, and can be safely
           ignored.  Process Software will work to remove this error in
           a future ECO or release.  [DE 10716]
     
         o Problems which caused SFTP>LS directory_specification to list
           the directory file instead of the contents of the directory on Alpha
           processors have been corrected.  [DE 10717]
     
         o Improvements in SFTP access controls (directory and operation
           restrictions).  [DE 10701]
     
         o Improvements in handling SFTP realpath operations. [DE 10700, 10656]
     
         o Corrected an ACCVIO when public key authentication fails in batch 
           mode.  [DE 10675]
     
         o Corrected errors in processing when attempting to disable SRI
           encoding on ODS2 disks by defining the logical:
     
                   MULTINET_SFTP_ODS2_SRI_ENCODING 
     
           to FALSE.  [DE 10671]
     
         o Carats (^) are now added where necessary in ODS5 file specifications.
           [DE 10654]
     
         o Problems with SCP-SERVER1 on Alpha have been corrected.  [DE 10651]
     
         o Removed code that attempts to resolve the proper setting of the 
           "execute" bit on files as this has a very different meaning on VMS
           than it does on Unix.  [DE 10622]
     
         o Changed "Unexpected error" message when there are no files in a
           directory to "No matching files".  [DE 10727]
     
         o Corrected problems with large file transfers and directory of files
           larger than 4GB.  [DE 10735]

---------------------------------------------------------------------------
			Post Installation Notes

    The old version of the replaced SSH components will be renamed to

             TCPWARE_COMMON:[TCPWARE]SSH2.EXE_OLD
             TCPWARE_COMMON:[TCPWARE]SSHD.EXE_OLD
             TCPWARE_COMMON:[TCPWARE]SSHD2.EXE_OLD
             TCPWARE_COMMON:[TCPWARE]SSHD_MASTER.EXE_OLD
             TCPWARE_COMMON:[TCPWARE]SSH-ADD2.EXE_OLD
             TCPWARE_COMMON:[TCPWARE]SSH-AGENT2.EXE_OLD
             TCPWARE_COMMON:[TCPWARE]SCP2.EXE_OLD
             TCPWARE_COMMON:[TCPWARE]SSH-KEYGEN.EXE_OLD
             TCPWARE_COMMON:[TCPWARE]SSH-KEYGEN2.EXE_OLD
             TCPWARE_COMMON:[TCPWARE]SSH-SIGNER2.EXE_OLD
             TCPWARE_COMMON:[TCPWARE]SCP-SERVER1.EXE_OLD
             TCPWARE_COMMON:[TCPWARE]SFTP-SERVER2.EXE_OLD
             TCPWARE_COMMON:[TCPWARE]SSHD2_CONFIG.TEMPLATE_OLD
             TCPWARE_COMMON:[TCPWARE]SSHLEI.EXE_OLD
             TCPWARE_COMMON:[TCPWARE]LOAD_SSHLEI.EXE_OLD
             TCPWARE_COMMON:[TCPWARE]UNLOAD_SSHLEI.EXE_OLD
             TCPWARE_COMMON:[TCPWARE]NETCU.EXE_OLD
             TCPWARE_COMMON:[TCPWARE]SSH_CONTROL.COM_OLD
             TCPWARE_COMMON:[TCPWARE]TCPWARE_COMMANDS.COM_OLD

    Once installed, you may undo this patch by renaming the files
    back to their original names, and restarting the SSH component.

    NOTE: You must reboot your system after installing this ECO,
          to load the new software features.