MFH (r314527,r314576,r314601,r317998): Upgrade OpenSSH to 7.3p1.

Apply upstream fix:

Skip passwords longer than 1k in length so clients can't
easily DoS sshd by sending very long passwords, causing it to spend CPU
hashing them. feedback djm@, ok markus@.

Brought to our attention by tomas.kuthan at oracle.com, shilei-c at
360.cn and coredump at autistici.org

Security: CVE-2016-6515
Security: FreeBSD-SA-17:06.openssh

Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle.
Prune svn:mergeinfo from the new branch, as nothing has been merged
here.

Additional commits post-branch will follow.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removed
upstream) and a number of security fixes which we had already backported.

MFC after: 1 week

Upgrade OpenSSH to 6.1p1.

Upgrade to OpenSSH 5.3p1.

Upgrade to OpenSSH 5.1p1.

I have worked hard to reduce diffs against the vendor branch. One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went away years ago. This may cause
some surprises, as ssh will warn about unknown host keys even for
hosts whose keys haven't changed.

MFC after: 6 weeks

Remove svn:keywords except on files that need it. This makes diffs
against the vendor branch much more readable.

Another four files without local changes. This is driving me nuts -
every time I think I got them all, another one pops up.

Consistently set svn:eol-style.

Merge conflicts.

MFC after: 1 week

Resolve conflicts.

Resolve conflicts.

Resolve conflicts

Resolve conflicts.

Resolve conflicts.

Resolve conflicts and remove obsolete files.

Sponsored by: registrar.no

Resolve conflicts.

Resolve conflicts.

Do not try to use PAM for password authentication, as it is
already (and far better) supported by the challenge/response
authentication mechanism.

Forcibly revert to mainline.

Resolve conflicts. Known issues:

- sshd fails to set TERM correctly.
- privilege separation may break PAM and is currently turned off.
- man pages have not yet been updated

I will have these issues resolved, and privilege separation turned on by
default, in time for DP2.

Sponsored by: DARPA, NAI Labs

Fix conflicts.

Fix conflicts for OpenSSH 2.9.

Add code for being compatible with ssh.com's krb5 authentication.
It is done by using the same ssh messages for v4 and v5 authentication
(since the ssh.com does not now anything about v4) and looking at the
contents after unpacking it to see if it is v4 or v5.
Based on code from Björn Grönvall <bg@sics.se>

PR: misc/20504

Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0
new features description elided in favor of checking out their
website.

Important new FreeBSD-version stuff: PAM support has been worked
in, partially from the "Unix" OpenSSH version, and a lot due to the
work of Eivind Eklend, too.

This requires at least the following in pam.conf:

sshd auth sufficient pam_skey.so
sshd auth required pam_unix.so try_first_pass
sshd session required pam_permit.so

Parts by: Eivind Eklend <eivind@FreeBSD.org>

Resolve conflicts and update for OpenSSH 2.2.0

Reviewed by: gshapiro, peter, green

Forced commit. This is to try and help folks that used the international
crypto repo and have slightly different files but with the same version.
cvsup in 'checkout mode' has no trouble with this, but cvs can get really
silly about it.

Resolve conflicts and update for FreeBSD.

1) Add kerberos5 functionality.
by Daniel Kouril <kouril@informatics.muni.cz>
2) Add full LOGIN_CAP capability
by Andrey Chernov

This commit was generated by cvs2svn to compensate for changes in r57429,
which included commits to RCS files with non-trunk default branches.

Vendor import of OpenSSH.