3 files changed, 208 insertions, 4 deletions
diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml
index 0d88cbda7a..84d5e5c86e 100644
--- a/lib/ssh/doc/src/notes.xml
+++ b/lib/ssh/doc/src/notes.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>2004</year><year>2013</year>
+      <year>2004</year><year>2014</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -29,6 +29,176 @@
     <file>notes.xml</file>
   </header>
 
+<section><title>Ssh 3.0.2</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Fixed timeout bug in ssh:connect.</p>
+          <p>
+	    Own Id: OTP-11908</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Option <c>max_sessions</c> added to
+	    <c>ssh:daemon/{2,3}</c>. This option, if set, limits the
+	    number of simultaneous connections accepted by the
+	    daemon.</p>
+          <p>
+	    Own Id: OTP-11885</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>Ssh 3.0.1</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Fixes the problem that ssh_cli in some cases could delay
+	    the prompt if a tty was not requested by the client.</p>
+          <p>
+	    Own Id: OTP-10732</p>
+        </item>
+        <item>
+          <p>
+	    The variable NewCol is now correctly calculated allowing
+	    for tab-completion of function calls even when preceded
+	    with blank space (Thanks to Alexander Demidenko)</p>
+          <p>
+	    Own Id: OTP-11566</p>
+        </item>
+        <item>
+          <p>
+	    Fix incorrect dialyzer spec and types, also enhance
+	    documentation. </p>
+          <p>
+	    Thanks to Ayaz Tuncer.</p>
+          <p>
+	    Own Id: OTP-11627</p>
+        </item>
+        <item>
+          <p>
+	    Fixed a bug when ssh:exec executes a linux command on a
+	    linux ssh daemon. If the result is sent back from
+	    standard error, the length information was not stripped
+	    off correctly.</p>
+          <p>
+	    Own Id: OTP-11667</p>
+        </item>
+        <item>
+          <p>
+	    Fixed a bug with the ssh file 'known_hosts' which made
+	    the file grow with many equal entries.</p>
+          <p>
+	    Own Id: OTP-11671</p>
+        </item>
+        <item>
+          <p>
+	    Some local implementations of removing the last element
+	    from a list are replaced by <c>lists:droplast/1</c>. Note
+	    that this requires at least <c>stdlib-2.0</c>, which is
+	    the stdlib version delivered in OTP 17.0. (Thanks to Hans
+	    Svensson)</p>
+          <p>
+	    Own Id: OTP-11678</p>
+        </item>
+        <item>
+          <p>
+	    Bug fix for <c>ssh:daemon/2,3</c> so that the failfun is
+	    called when it should.</p>
+          <p>
+	    Own Id: OTP-11680</p>
+        </item>
+        <item>
+          <p>
+	    Fixed bug which crashed ssh when SSH_MSG_KEX_DH_GEX_GROUP
+	    is received. This could cause a vm-crash for eheap_alloc
+	    during garbage collect.</p>
+          <p>
+	    Own Id: OTP-11696 Aux Id: 12547, 12532 </p>
+        </item>
+        <item>
+          <p>
+	    Fixes a bug that breaks keyboard-interactive
+	    authentication. Thanks to Simon Cornish for reporting and
+	    suggesting a fix.</p>
+          <p>
+	    Own Id: OTP-11698</p>
+        </item>
+        <item>
+          <p>
+	    dialyzer specs are now correct for <c>ssh:start/0</c>,
+	    <c>ssh:start/1</c>, <c>ssh:stop/0</c> and
+	    <c>ssh_connection_handler:open_channel/5</c>. (Thanks to
+	    Johannes Weißl )</p>
+          <p>
+	    Own Id: OTP-11705</p>
+        </item>
+        <item>
+          <p>
+	    Application upgrade (appup) files are corrected for the
+	    following applications: </p>
+          <p>
+	    <c>asn1, common_test, compiler, crypto, debugger,
+	    dialyzer, edoc, eldap, erl_docgen, et, eunit, gs, hipe,
+	    inets, observer, odbc, os_mon, otp_mibs, parsetools,
+	    percept, public_key, reltool, runtime_tools, ssh,
+	    syntax_tools, test_server, tools, typer, webtool, wx,
+	    xmerl</c></p>
+          <p>
+	    A new test utility for testing appup files is added to
+	    test_server. This is now used by most applications in
+	    OTP.</p>
+          <p>
+	    (Thanks to Tobias Schlager)</p>
+          <p>
+	    Own Id: OTP-11744</p>
+        </item>
+        <item>
+          <p>
+	    Fixed dialyzer warning for <c>ssh_connection:send</c>.</p>
+          <p>
+	    Own Id: OTP-11821</p>
+        </item>
+        <item>
+          <p>
+	    <c>ssh:daemon/2,3</c> : Added options
+	    <c>negotiation_timeout</c> and <c>parallel_login</c> to
+	    tune the authentication behaviour.</p>
+          <p>
+	    Own Id: OTP-11823</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Ssh now fully supports unicode filenames, filecontents,
+	    shell and cli. Please note that the underlying os and
+	    emulator must also give support for unicode. You may want
+	    to start the emulator with "<c>erl +fnu</c>" on Linux.</p>
+          <p>
+	    Own Id: OTP-10953</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Ssh 3.0</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml
index eaf96d0230..876eba598a 100644
--- a/lib/ssh/doc/src/ssh.xml
+++ b/lib/ssh/doc/src/ssh.xml
@@ -4,7 +4,7 @@
 <erlref>
   <header>
     <copyright>
-      <year>2004</year><year>2013</year>
+      <year>2004</year><year>2014</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -97,6 +97,8 @@
 	<seealso marker="ssh_connection#session_channel/2">ssh_connection:session_channel/[2, 4]</seealso>.</p>
 	<p>Options are:</p>
 	<taglist>
+	  <tag><c><![CDATA[{inet, inet | inet6}]]></c></tag>
+	  <item> IP version to use.</item>
           <tag><c><![CDATA[{user_dir, string()}]]></c></tag>
 	  <item>
 	    <p>Sets the user directory i.e. the directory containing
@@ -230,6 +232,8 @@
         port.</p>
 	<p>Options are:</p>
         <taglist>
+	  <tag><c><![CDATA[{inet, inet | inet6}]]></c></tag>
+	  <item> IP version to use when the host address is specified as <c>any</c>. </item>
 	  <tag><c><![CDATA[{subsystems, [subsystem_spec()]]]></c></tag>
 	  <item>
 	    Provides specifications for handling of subsystems. The
@@ -304,6 +308,36 @@
 	      <c><![CDATA[true]]></c> if the password is valid and
 	      <c><![CDATA[false]]></c> otherwise.</p>
 	  </item>
+
+	  <tag><c><![CDATA[{negotiation_timeout, integer()}]]></c></tag>
+	  <item>
+	    <p>Max time in milliseconds for the authentication negotiation.  The default value is 2 minutes. If the client fails to login within this time, the connection is closed.
+	    </p>
+	  </item>
+
+	  <tag><c><![CDATA[{max_sessions, pos_integer()}]]></c></tag>
+	  <item>
+	    <p>The maximum number of simultaneous sessions that are accepted at any time for this daemon.  This includes sessions that are being authorized.  So if set to <c>N</c>, and <c>N</c> clients have connected but not started the login process, the <c>N+1</c> connection attempt will be aborted.  If <c>N</c> connections are authenticated and still logged in, no more loggins will be accepted until one of the existing ones log out.
+	    </p>
+	    <p>The counter is per listening port, so if two daemons are started, one with <c>{max_sessions,N}</c> and the other with <c>{max_sessions,M}</c> there will be in total <c>N+M</c> connections accepted for the whole ssh application.
+	    </p>
+	    <p>Note that if <c>parallel_login</c> is <c>false</c>, only one client at a time may be in the authentication phase.
+	    </p>
+	    <p>As default, the option is not set. This means that the number is not limited.
+	    </p>
+	  </item>
+
+	  <tag><c><![CDATA[{parallel_login, boolean()}]]></c></tag>
+	  <item>
+	    <p>If set to false (the default value), only one login is handled a time.  If set to true, an unlimited number of login attempts will be allowed simultanously.
+	    </p>
+	    <p>If the <c>max_sessions</c> option is set to <c>N</c> and <c>parallel_login</c> is set to <c>true</c>, the max number of simultaneous login attempts at any time is limited to <c>N-K</c> where <c>K</c> is the number of authenticated connections present at this daemon.
+	    </p>
+	    <warning>
+	      <p>Do not enable <c>parallel_logins</c> without protecting the server by other means, for example the <c>max_sessions</c> option or a firewall configuration. If set to <c>true</c>, there is no protection against DOS attacks.</p>
+	    </warning>
+	  </item>
+
 	  <tag><c><![CDATA[{key_cb, atom()}]]></c></tag>
 	  <item>
 	    <p>Module implementing the behaviour <seealso marker="ssh_server_key_api">ssh_server_key_api</seealso>.
diff --git a/lib/ssh/doc/src/using_ssh.xml b/lib/ssh/doc/src/using_ssh.xml
index 4d73366f5e..9ab71260d3 100644
--- a/lib/ssh/doc/src/using_ssh.xml
+++ b/lib/ssh/doc/src/using_ssh.xml
@@ -33,7 +33,7 @@
     all needed applications (crypto, public_key and ssh). All examples
     are run in an Erlang shell, or in a bash shell using openssh to
     illustrate how the erlang ssh application can be used.  The
-    exampels are run as the user otptest on a local network where the
+    examples are run as the user otptest on a local network where the
     user is authorized to login in over ssh to the host "tarlop". If
     nothing else is stated it is persumed that the otptest user has an
     entry in tarlop's authorized_keys file (may log in via ssh without
@@ -88,7 +88,7 @@
       [...]
     </code>
 
-    <p>Create the file /tmp/otptest_user/.ssh/authrized_keys and add the content
+    <p>Create the file /tmp/otptest_user/.ssh/authorized_keys and add the content
     of /tmp/otptest_user/.ssh/id_rsa.pub  Now we can do</p>
 
     <code type="erl">