5 files changed, 155 insertions, 13 deletions

diff --git a/lib/ssh/doc/src/introduction.xml b/lib/ssh/doc/src/introduction.xml
index ca84528f3d..b7a73e2597 100644
--- a/lib/ssh/doc/src/introduction.xml
+++ b/lib/ssh/doc/src/introduction.xml
@@ -195,8 +195,6 @@
       Transport Layer Protocol</item>
       <item><url href="http://www.ietf.org/rfc/rfc4254.txt">RFC 4254</url> -
       Connection Protocol</item>
-      <item><url href="http://www.ietf.org/rfc/rfc4255.txt">RFC 4255</url> -
-      Key Fingerprints</item>
       <item><url href="http://www.ietf.org/rfc/rfc4344.txt">RFC 4344</url> -
       Transport Layer Encryption Modes</item>
       <item><url href="http://www.ietf.org/rfc/rfc4716.txt">RFC 4716</url> -
diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml
index b990c18e9a..1837350284 100644
--- a/lib/ssh/doc/src/notes.xml
+++ b/lib/ssh/doc/src/notes.xml
@@ -30,6 +30,116 @@
     <file>notes.xml</file>
   </header>
 
+<section><title>Ssh 4.4</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    A file read with an sftp client could loose data if the
+	    packet_size is set to larger than 64k. This is corrected
+	    now in such a way that the packet_size is silently
+	    lowered if there is a risk for data loss.</p>
+          <p>
+	    Own Id: OTP-13857 Aux Id: ERL-238, OTP-13858 </p>
+        </item>
+        <item>
+          <p>
+	    When user defined SSH shell REPL process exits with
+	    reason normal, the SSH channel callback module should
+	    report successful exit status to the SSH client. This
+	    provides simple way for SSH clients to check for
+	    successful completion of executed commands. (Thanks to
+	    isvilen)</p>
+          <p>
+	    Own Id: OTP-13905 Aux Id: PR-1173 </p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Extended the option <c>silently_accept_hosts</c> for
+	    <c>ssh:connect</c> to make it possible for the client to
+	    check the SSH host key fingerprint string. Se the
+	    reference manual for SSH.</p>
+          <p>
+	    Own Id: OTP-13887 Aux Id: OTP-13888 </p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>Ssh 4.3.6</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Re-negotiation problems with OpenSSH client solved.</p>
+          <p>
+	    Own Id: OTP-13972</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>Ssh 4.3.5</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    If a client illegaly sends an info-line and then
+	    immediatly closes the TCP-connection, a badmatch
+	    exception was raised.</p>
+          <p>
+	    Own Id: OTP-13966</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>Ssh 4.3.4</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Intermittent ssh ERROR REPORT mentioning
+	    nonblocking_sender</p>
+          <p>
+	    Own Id: OTP-13953 Aux Id: seq13199 </p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>Ssh 4.3.3</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Handle all possible exit values that should be
+	    interpreted as {error, closed}. Failing to do so could
+	    lead to unexpected crashes for users of the ssh
+	    application.</p>
+          <p>
+	    Own Id: OTP-13932 Aux Id: seq13189 </p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Ssh 4.3.2</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml
index ef9f7cbd9b..f6e26f5ee8 100644
--- a/lib/ssh/doc/src/ssh.xml
+++ b/lib/ssh/doc/src/ssh.xml
@@ -153,7 +153,7 @@
 	  <item>
 	  <p>IP version to use.</p>
 	  </item>
-          <tag><c><![CDATA[{user_dir, string()}]]></c></tag>
+          <tag><marker id="opt_user_dir"></marker><c><![CDATA[{user_dir, string()}]]></c></tag>
 	  <item>
 	    <p>Sets the user directory, that is, the directory containing
 	    <c>ssh</c> configuration files for the user, such as
@@ -175,12 +175,48 @@
 	    supplied with this option.
 	    </p>
 	  </item>
-          <tag><c><![CDATA[{silently_accept_hosts, boolean()}]]></c></tag>
+          <tag>
+            <c><![CDATA[{silently_accept_hosts, boolean()}]]></c> <br/>
+            <c><![CDATA[{silently_accept_hosts, CallbackFun}]]></c> <br/>
+            <c><![CDATA[{silently_accept_hosts, {HashAlgoSpec, CallbackFun} }]]></c> <br/>
+            <br/>
+	    <c><![CDATA[HashAlgoSpec = crypto:digest_type() | [ crypto:digest_type() ] ]]></c><br/>
+	    <c><![CDATA[CallbackFun = fun(PeerName, FingerPrint) -> boolean()]]></c><br/>
+	    <c><![CDATA[PeerName = string()]]></c><br/>
+	    <c><![CDATA[FingerPrint = string() | [ string() ] ]]></c>
+	  </tag>
 	  <item>
-	    <p>When <c>true</c>, hosts are added to the
-	    file <c><![CDATA[known_hosts]]></c> without asking the user.
-	    Defaults to <c>false</c>.
-	    </p>
+            <p>This option guides the <c>connect</c> function how to act when the connected server presents a Host 
+            Key that the client has not seen before. The default is to ask the user with a question on stdio of whether to
+            accept or reject the new Host Key.
+            See also the option <seealso marker="#opt_user_dir"><c>user_dir</c></seealso>
+            for the path to the file <c>known_hosts</c> where previously accepted Host Keys are recorded.
+            </p>
+            <p>The option can be given in three different forms as seen above:</p>
+	    <list>
+	      <item>The value is a <c>boolean()</c>.  The value <c>true</c> will make the client accept any unknown
+              Host Key without any user interaction.  The value <c>false</c> keeps the default behaviour of asking the
+              the user on stdio.
+              </item>
+              <item>A <c>CallbackFun</c> will be called and the boolean return value <c>true</c> will make the client
+              accept the Host Key. A return value of <c>false</c> will make the client to reject the Host Key and therefore
+              also the connection will be closed. The arguments to the fun are:
+              <list type="bulleted">
+	        <item><c>PeerName</c> - a string with the name or address of the remote host.</item>
+                <item><c>FingerPrint</c> - the fingerprint of the Host Key as 
+                <seealso marker="public_key:public_key#ssh_hostkey_fingerprint-1">public_key:ssh_hostkey_fingerprint/1</seealso>
+                calculates it.
+                </item>
+              </list>
+              </item>
+              <item>A tuple <c>{HashAlgoSpec, CallbackFun}</c>. The <c>HashAlgoSpec</c> specifies which hash algorithm
+                shall be used to calculate the fingerprint used in the call of the <c>CallbackFun</c>. The <c>HashALgoSpec</c>
+                is either an atom or a list of atoms as the first argument in
+                <seealso marker="public_key:public_key#ssh_hostkey_fingerprint-2">public_key:ssh_hostkey_fingerprint/2</seealso>.
+                If it is a list of hash algorithm names, the <c>FingerPrint</c> argument in the <c>CallbackFun</c> will be 
+                a list of fingerprints in the same order as the corresponding name in the <c>HashAlgoSpec</c> list.
+              </item>
+            </list>
 	  </item>
 	  <tag><c><![CDATA[{user_interaction, boolean()}]]></c></tag>
 	  <item>
@@ -190,7 +226,7 @@
 	    supplying a password. Defaults to <c>true</c>.
 	    Even if user interaction is allowed it can be
 	    suppressed by other options, such as <c>silently_accept_hosts</c>
-	    and <c>password</c>. However, those optins are not always desirable
+	    and <c>password</c>. However, those options are not always desirable
 	    to use from a security point of view.</p>
 	  </item>
 
diff --git a/lib/ssh/doc/src/ssh_protocol.xml b/lib/ssh/doc/src/ssh_protocol.xml
index 7288266cf7..a0032ab449 100644
--- a/lib/ssh/doc/src/ssh_protocol.xml
+++ b/lib/ssh/doc/src/ssh_protocol.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>2013</year><year>2013</year>
+      <year>2013</year><year>2016</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -138,8 +138,6 @@
       Transport Layer Protocol.</item>
       <item><url href="http://www.ietf.org/rfc/rfc4254.txt">RFC 4254</url> -
       Connection Protocol.</item>
-      <item><url href="http://www.ietf.org/rfc/rfc4255.txt">RFC 4255</url> -
-      Key Fingerprints.</item>
       <item><url href="http://www.ietf.org/rfc/rfc4344.txt">RFC 4344</url> -
       Transport Layer Encryption Modes.</item>
       <item><url href="http://www.ietf.org/rfc/rfc4716.txt">RFC 4716</url> -
diff --git a/lib/ssh/doc/src/using_ssh.xml b/lib/ssh/doc/src/using_ssh.xml
index 0861c641c7..864378b640 100644
--- a/lib/ssh/doc/src/using_ssh.xml
+++ b/lib/ssh/doc/src/using_ssh.xml
@@ -305,7 +305,7 @@ ok = erl_tar:close(HandleRead),
 
     <code type="erl" >
 -module(ssh_echo_server).
--behaviour(ssh_subsystem).
+-behaviour(ssh_daemon_channel).
 -record(state, {
 	  n,
 	  id,