To install the patch, do the following:

To install the patch, do the following:

# cd /usr/src/usr.bin (or elsewhere)
# tar xvfz .../openssh-3.0.1.tgz
# cd ssh
# patch -p0 < openbsd28_3.0.1.patch
# make obj
# make cleandir
# make depend
# make
# make install
# cp ssh_config sshd_config /etc

diff -Nur key.c key.c
--- key.c 4 Oct 2001 14:34:16 -0000 1.33
+++ key.c 16 Nov 2001 15:17:47 -0000
@@ -354,7 +354,7 @@
return 0;
}
fprintf(f, " %s", buf);
- OPENSSL_free(buf);
+ free(buf);
return 1;
}

diff -Nur lib/Makefile lib/Makefile
--- lib/Makefile Tue Jun 26 19:52:41 2001
+++ lib/Makefile Tue Oct 16 13:29:54 2001
@@ -11,6 +11,8 @@
rijndael.c ssh-dss.c ssh-rsa.c dh.c kexdh.c kexgex.c \
scard.c

+SRCS+= readpassphrase.c
+
NOPROFILE= yes
NOPIC= yes

diff -Nur readpassphrase.c readpassphrase.c
--- readpassphrase.c Thu Jan 1 01:00:00 1970
+++ readpassphrase.c Tue Oct 16 13:31:03 2001
@@ -0,0 +1,132 @@
+/*
+ * Copyright (c) 2000 Todd C. Miller <[email protected]>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+ * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static const char rcsid[] = "$OpenBSD: readpassphrase.c,v 1.7 2001/08/07 19:34:11 millert Exp $";
+#endif /* LIBC_SCCS and not lint */
+
+#include <ctype.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <paths.h>
+#include <pwd.h>
+#include <signal.h>
+#include <string.h>
+#include <termios.h>
+#include <unistd.h>
+#include <readpassphrase.h>
+
+char *
+readpassphrase(prompt, buf, bufsiz, flags)
+ const char *prompt;
+ char *buf;
+ size_t bufsiz;
+ int flags;
+{
+ struct termios term, oterm;
+ char ch, *p, *end;
+ int input, output;
+ sigset_t oset, nset;
+
+ /* I suppose we could alloc on demand in this case (XXX). */
+ if (bufsiz == 0) {
+ errno = EINVAL;
+ return(NULL);
+ }
+
+ /*
+ * Read and write to /dev/tty if available. If not, read from
+ * stdin and write to stderr unless a tty is required.
+ */
+ if ((input = output = open(_PATH_TTY, O_RDWR)) == -1) {
+ if (flags & RPP_REQUIRE_TTY) {
+ errno = ENOTTY;
+ return(NULL);
+ }
+ input = STDIN_FILENO;
+ output = STDERR_FILENO;
+ }
+
+ /*
+ * We block SIGINT and SIGTSTP so the terminal is not left
+ * in an inconsistent state (ie: no echo). It would probably
+ * be better to simply catch these though.
+ */
+ sigemptyset(&nset);
+ sigaddset(&nset, SIGINT);
+ sigaddset(&nset, SIGTSTP);
+ (void)sigprocmask(SIG_BLOCK, &nset, &oset);
+
+ /* Turn off echo if possible. */
+ if (tcgetattr(input, &oterm) == 0) {
+ memcpy(&term, &oterm, sizeof(term));
+ if (!(flags & RPP_ECHO_ON) && (term.c_lflag & ECHO))
+ term.c_lflag &= ~ECHO;
+ if (term.c_cc[VSTATUS] != _POSIX_VDISABLE)
+ term.c_cc[VSTATUS] = _POSIX_VDISABLE;
+ (void)tcsetattr(input, TCSAFLUSH|TCSASOFT, &term);
+ } else {
+ memset(&term, 0, sizeof(term));
+ memset(&oterm, 0, sizeof(oterm));
+ }
+
+ (void)write(output, prompt, strlen(prompt));
+ end = buf + bufsiz - 1;
+ for (p = buf; read(input, &ch, 1) == 1 && ch != '\n' && ch != '\r';) {
+ if (p < end) {
+ if ((flags & RPP_SEVENBIT))
+ ch &= 0x7f;
+ if (isalpha(ch)) {
+ if ((flags & RPP_FORCELOWER))
+ ch = tolower(ch);
+ if ((flags & RPP_FORCEUPPER))
+ ch = toupper(ch);
+ }
+ *p++ = ch;
+ }
+ }
+ *p = '\0';
+ if (!(term.c_lflag & ECHO))
+ (void)write(output, "\n", 1);
+
+ /* Restore old terminal settings and signal mask. */
+ if (memcmp(&term, &oterm, sizeof(term)) != 0)
+ (void)tcsetattr(input, TCSAFLUSH|TCSASOFT, &oterm);
+ (void)sigprocmask(SIG_SETMASK, &oset, NULL);
+ if (input != STDIN_FILENO)
+ (void)close(input);
+ return(buf);
+}
+
+char *
+getpass(prompt)
+ const char *prompt;
+{
+ static char buf[_PASSWORD_LEN + 1];
+
+ return(readpassphrase(prompt, buf, sizeof(buf), RPP_ECHO_OFF));
+}
diff -Nur readpassphrase.h readpassphrase.h
--- readpassphrase.h Thu Jan 1 01:00:00 1970
+++ readpassphrase.h Tue Oct 16 13:31:03 2001
@@ -0,0 +1,46 @@
+/* $OpenBSD: readpassphrase.h,v 1.1 2000/11/21 00:48:38 millert Exp $ */
+
+/*
+ * Copyright (c) 2000 Todd C. Miller <[email protected]>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+ * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef _READPASSPHRASE_H_
+#define _READPASSPHRASE_H_
+
+#define RPP_ECHO_OFF 0x00 /* Turn off echo (default). */
+#define RPP_ECHO_ON 0x01 /* Leave echo on. */
+#define RPP_REQUIRE_TTY 0x02 /* Fail if there is no tty. */
+#define RPP_FORCELOWER 0x04 /* Force input to lower case. */
+#define RPP_FORCEUPPER 0x08 /* Force input to upper case. */
+#define RPP_SEVENBIT 0x10 /* Strip the high bit from input. */
+
+#include <sys/cdefs.h>
+
+__BEGIN_DECLS
+char * readpassphrase __P((const char *, char *, size_t, int));
+__END_DECLS
+
+#endif /* !_READPASSPHRASE_H_ */
diff -Nur sshd/Makefile sshd/Makefile
--- sshd/Makefile Sun Oct 7 20:14:20 2001
+++ sshd/Makefile Tue Oct 16 13:31:53 2001
@@ -7,7 +7,8 @@
BINMODE=555
BINDIR= /usr/sbin
MAN= sshd.8
-CFLAGS+=-DHAVE_LOGIN_CAP -DBSD_AUTH
+CFLAGS+=-DHAVE_LOGIN_CAP
+#CFLAGS+=-DBSD_AUTH

SRCS= sshd.c auth-rhosts.c auth-passwd.c auth-rsa.c auth-rh-rsa.c \
sshpty.c sshlogin.c servconf.c serverloop.c \
@@ -47,8 +48,8 @@
DPADD+= ${LIBWRAP}
.endif

-#.if (${SKEY:L} == "yes")
-#CFLAGS+= -DSKEY
-#LDADD+= -lskey
-#DPADD+= ${SKEY}
-#.endif
+.if (${SKEY:L} == "yes")
+CFLAGS+= -DSKEY
+LDADD+= -lskey
+DPADD+= ${SKEY}
+.endif