1.4alpha4 23-NOV-1999
   Fix bug in monitor.c that causes server to stop accepting new connections
   if more than max_clients simultaneous connections occur.  The code path
   handling the connect rejection failed to unlock a mutex resulting in
   deadlock.

   Inspection of the port forwarding code shows an apparent memory leak,
   modify server_session.c to cleanup the allocated buffer.

---
   (1.4alpha3 26-MAY-1999)
   Fix missing return statement in helper_com.c that caused startup
   failure on VAX.

   Fix too-long branch in build_ft_accpornam.com on VAX.

   Make sshcipher.c compatible with OpenSSL 9.3xxx
----
   Consolidate common code in helper programs into a helper_com.c
   module.  This module handles the mailbox I/O and deadman lock
   creation.  The helper programs rsa_engine.c, key_generator.c, and
   initiator.c were update to use the new module.

   Modify helper_com.c to properly handle kernel threads in an SMP environment.
   Helper programs verify sender PID for mailbox messages and this can change
   when using kernel threads.

   Added hack to have the server load the remote connect info into the
   TT_ACCPORNAM of the pseudo terminal.  The string added is of the format 
   "host: nnn.nnn.nnn.nnn port: nnnn", same as the first equivalence string 
   of the SSH_PTY_MAP logicals.  This feature entails kernel mode
   code and is disabled by default.  Two new parameter file entries
   control this feature:
	pty_accpornam      	Flag value to enable (1) or disable (0) the
				set accpornam feature.

	pty_accpornam_image	Directory specificaion for loading of
				FT_ACCPORNAM.EXE shareable image.

   The FT_ACCPORNAM hack references symbols in the OS kernel and is
   therefore closely tied to the OS version.  After an OS upgrade, you
   must use the BUILD_FT_ACCPORNAM.COM procedure to build a new
   FT_ACCPORNAM.EXE shareable image (the server should not require
   a rebuild).

---
   Rework build procedure, sshcryptoshr.exe is now linked by command
   procedure sshcryptoshr_link.com which supports both VAX and Alpha.
   Sshcryptoshr*.opt files are now embedded within sshcryptoshr_link.com

   Modified descrip.mms to provide option for building images without
   sshcryptoshr shareable image (NOSHARE and SSLCRYPTO macros).

   Add support for openssl to sshrsa_rpc.c and sshcipher.c.

1.3alpha3 17-MAR-1999
   Add vt300 terminal type to terminal_defs.dat.

   Add small optimization to wrapper completion in file completion_port.c

   Fix bug in cport_pty.c causing errors to be reported when disconnecting.

   Fix bugs in synchronization logic for QIO's when kernel threads
   present, file cport_ucx.c.  Also file bugs in timeout handling.

   Improve forwarder table cleanup in port_forwarder.c

   Fix bug in server_session.c's rundown handling.

   Modify build procedures to enable kernel threads where applicable.

1.3alpha 29-JAN-1999
   Add fwd_map_table and fwd_map_enable parameters.  If present, fwd_map_table
   will create a system logical name table by that name (default
   SSH_FWD_TABLE).  Any port forward requests with a target port number
   matching a fwd_map_enable value will add an entry to the fwd_map_table
   logical name table.  These entries use the local port number as
   the logical name and the authenticated username as the resulting
   value.

   Modified port_forwarder.c, port_fwd_dispatch.c, cport_ucx.c to support
   the new forward mapping parameters.

1.2 22-DEC-1998
   Cleanup ident setting in linker options files.
1.2alpha2 4-DEC-1998 
   Bug fix cport_x11.c deassign_client.

1.2alpha1 26-NOV-1998
   Add support for Decnet-based X11 port forwarding.  If the new
   x11_decnet_node parameter is defined, the X11 pseudo-servers will use
   DECnet transport rather than TCP/IP.  When using DECnet transport,
   the X11 client's username must match the authenticated username and
   the remote node must match a x11_decnet_node entry (which is a list type).
   Note that since the server discriminates by username, it multiplexes
   all unique usernames to the same server number (i.e. SMITH and JONES
   will both use server 1 for their first login, if JONES logs in a
   second time it will use server 2).

   Define additional bit for port_forward parameter - bit 2 is flag to
   enable hack to work arround broken port forwarding in older
   versions of SecureCRT betas.

   Modify miscellaneous cport_* driver file to ensure internal-only routines
   are declared static.

   Modify build to check for crypto libraries in different order.

1.1 16-NOV-1998
  Modifiy build to check for libcrypto.olb.

  Bug fix in ssh_server_startup.com, define logical for INITIAL_KEY mode.

1.1alpha3 11-NOV-1998
   Modify cport_ucx.c to restart blocked writes at 512 bytes maximum rather 
   than the full request length to reduce thrashing by the server.

   Add interactive mode option to key_generator.exe to permit creation of
   new keys.  Modified ssh_server_startup.com to generate new keys if P1
   is specified as INITIAL_KEY.  Also modified readme file.

   Fix bug in parameters.c, symbol substitution now correctly terminates
   strings.

   Fix bug in port_fwd_dispatch that was causing accvio's due to read
   attempts on closed TCP channels.

1.1alpha2 3-NOV-1998
   Fix bugs in port forwarding, module port_fwd_dispatch.c.  Allocation failure
   now returns correct remote channel number to SSH client.  Continue properly
   from open failure.  Keep TCP open failure from killing forwarder thread.

   Change /noprocess mode examine input and kill thread on control-Z
   (allows SSH client to gracefully close connection).

1.1alpha1 1-NOV-1998
   Added new parameters:
      pty_mode		enable/disable pseudo terminals + set auth. options
      pty_map_table	Name of logical name table to hold pty mapping info.
      required_id	Control access to SSH login based on VMS rights ident.
      port_forward	Enable/disable port forwarding, bit mask (def=3).
   (see ssh_parameters.dat for more information).

   Support generic port forwarding (SSH_MSG_PORT_OPEN and
   SSH_CMSG_PORT_FORWARD_REQUEST).  Originator string is not supported.

   Modified SSH_SERVER_STARTUP.COM to read parameters from ssh_parameters.dat
   initially rather than embedding it in the command procedure.

   Added restart option to /administrate commands CLOSE and SHUTDOWN
   (e.g. mcr sethost_ssh -l system/admin localhost close restart).
   Restart does not work in TEST mode (logical name collisions), and
   you must update start server using SSH_SERVER_STARTUP.COM included
   with 1.1.

   Added support for /noprocess login mode.  If '/noprocess' is appended
   to the username specified by the SSH client, a special connection is
   created that stays open until close by the client but does not have
   a process associated with it.  This hack is to get around sub-optimal
   operation of SecureCRT's port forwarding (SecureCRT creates a new
   SSH connection for each port forward open).

   To better support disconnectable terminals, a new logical name table
   is updated when a pseudo-terminal is created (name set by pty_map_table
   parameter, default: SSH_PTY_MAP).  The names in the pty_map_table are
   the FTAxx device names created and the equivalences names are the
   connect info, SSH-authenticated username, and X11 info (if present).
   The login_map and login_info tables are still updated as well if the 
   initiator is used to create the process.

   Recoginize SSH_CMSG_MAX_PACKET_SIZE and acknowlege, allows server to
   interoperate with SecureCRT 2.3b2.

1.0 19-OCT-1998
   Changed parameters.c to use LIB$GET_SYMBOL for substitution of quoted names
   instead (e.g. port 'test_port') of getenv().  The problem with getenv is
   it takes logical names or DCL symbols with logical names taking precedence.
   Changed ssh_server_startup.com to reflect change.

   Fixed bug in port_fwd_dispatch.c which resulted in connection slots for
   X11 connections being incorrectly marked allocated.

   Change cport_cmd.c to close input mailbox after closing

   Tweak to cport_pty.c to improve memory locality on attributes table.

1.0alpha4 26-SEP-1998
   Added new 'mlist' parameter type, which allows build 2-level heirarchies
   of parameter lists.

   Added special .include directive to parameter file, allowing parameter
   file to include other files.

   Added tt_type parameter and changed tt_char parameter to the mlist type,
   allowing terminal settings for incoming PTY connections to be set based
   upon remote terminal type.

   Changed cport_pipe.c to treat 'master' thread reads differently than
   partner thread reads (if no partner streams assigned, master will block).
   This change eliminates looping condition incurred by admin interface.

   Change cport_cmd.c to explicitly kill process on disconnected sessions.

   Fix bug in port_fwd_dispatch.c related to handling of listen socket create
   failure.
   
1.0alpha2 21-SEP-1998
   Modified ssh_loginout.c to set display for 'command mode' connections.

   Modified cport_ucx.c to deassign accept channels on stream destroy.

   Fix numerous bugs in port forwarder modules.

   Fix bugs in cport_pipe.c related to stream rundown.

1.0alpha 17-SEP-1998 

   Fix bug in cport_sshmsg.c, failing to initialize allocated structures
   properly.

   Added initial support for X11 forwarding.  Note that since VMS DECwindows
   apps do not support non-host-based authentication on TCP connections,
   use of X11 forwarding presents a security risk.  See the description
   of the x11_* parameters in ssh_server_startup.com for more information.

   The X11 support work was done against the SSH-1.2.25 client, and may
   have interoperability problems with previous SSH versions (untested).

   Added special 'admin' interface for managing the server via an
   ssh login.  The parameter file designates users that send administrative
   commands to the server by appending "/admininistrate" to the username,
   (e.g. unix-host> ssh -l system/administrate hostname help).  Commands
   initially present are:
	HELP      Show available commands
	CLOSE     Stop accepting new connections (active connections continue).
	SHOW xxx  Show:
                 SESSIONS	List current SSH clients.
	SHUTDOWN  Stop the server.

0.9c 5-SEP-1998
   Fix bug in cport_sshlogin so that lookup failures on RSA authenticates
   are not fatal errors.

   Modified cport_pty.c to handle window change messages from client.
   Caveats:
      If a read or write is pending on the terminal, the set terminal does not
      occur until that operation completes.

      Currently running applications do not get notification of the
      size change and will continue as if the original size was in effect.
      Further, these applications often reset the terminal characteristics
      on exit back to what they where when the program started.

   Removed stray printf from cport_ucx.c

   Modified key generator to support optional 'initial delay' parameter
   on the command line, which is number of minutes to wait before
   the firt key is generated.

0.9b 8-AUG-1998
   Fix bug in event_report.c in handling %x directives.

   Modify user_info.c and cport_sshlogin.c to update user's logfails field
   on authentication failure.

    Modify ssh_server.c and parameters.h/.c to make the port parameter
    a list instead of a single integer.  The server will listen on all
    the ports in the list.

    Modify parameters.c to support environment variables in the parameters
    file.  A parameter value surrounded by single quotes is assumed to
    be an environment variable name and the parameter is set to the
    value of this environment variable or "**UNDEFINED**" if unknown.

    Add routine cport_copy_timeout to completion_port.c for use by stream 
    handlers to propagate timeout settings for a stream to an internal stream.
    Modify cport_sshpad.c and cport_sshmsg.c to use the new function.

    Fix bug in completion_port.c causing cancel operation on stream to
    hang (deadlock on mutex).

0.9a 25-JUL-1998
   Optimize cport_sshpad.c to use fewer I/O calls, reading data into larger
   buffers and saving the excess.

   Fix bug in server_session call to the initiator.

   Verify file owner of authorized keys file being read is the target user.

   Extend writing of SSH_LOGIN_MAP logicals by initiator_client to include
   terminal name and remote host/port info.

   Add ssh_login.com as a template for modifying sys$sylogin, added new
   program ssh_loginout.exe to be run by this procedure.

0.9 16-JUL-1998
   Fix memory leak in cport_sshsess.

   Added allow_authtype parameter to parameters file, the 2 recognized
   types are "password" and "rsa".

   Add support for RSA authentication (SSH_AUTH_RSA).  User_keyfile parameter
   specifies an SSH-1.2.xx style authorized_keys file that lists the
   public keys known to the user.  A new function was added to sshcryptoshr,
   therefore the GSMATCH version has been increased.

   Client processes are now created via an initiator process that logs in
   processes without an explicit password (required to support RSA authtype).
   Set the initiator parameter to a null string ("") to revert to the
   previous behaviour.  DECnet is still used for 'command' mode unless
   new parameter 'decnet_cmd' is set to 0.

   A side effect of creating processes via the initiator is that it
   the PRC$M_NOPASSWORD flag supresses display of SYS$WELCOME, newmail,
   last login, and log fails messages.  Nor will loginout prompt for
   virtual terminal reconnect.

0.8a 10-JUL-1998
   Added tt_char parameter to parameter file, which allows explicit
   enable/disable of terminal characteristics.  Note the characteristic
   names are derived from the $TTDEF/$TT2DEF macro names and not
   "SET TERMINAL" qualifier names.

   Do more consistency checks on received packets (cport_sshmsg.c).

   Test for invalid key length combinations, server key and host key
   must differ by at least 256 bits.

   Fix RC4 support in sshcipher.c, it now works correctly.

   Modified build procedure to search for both ssleaylib-axp.olb
   or crypto-axp.olb reference the first found via logical name.

   Preserve case in received password (fixes problem with Pathworks V6
   external authentication).

   Bug fix in check_files.coms - properly initialize CRC table.

   Fix miscellaneous compile problems.

   Fix typo in aaareadme.txt.