Consistently use a single notation to refer to SSH protocol versions, as

discussed. Use Barrett and Silverman's convention of "SSH-1" for SSH protocol
version 1 and "SSH-2" for protocol 2 ("SSH1"/"SSH2" refer to ssh.com
implementations in this scheme). <http://www.snailbook.com/terms.html>

[originally from svn r5480]

cmdgen.c

@@ -523,7 +523,7 @@ int main(int argc, char **argv)
 
 	  case SSH_KEYTYPE_SSH1:
 	    if (sshver == 2) {
-		fprintf(stderr, "puttygen: conversion from SSH1 to SSH2 keys"
+		fprintf(stderr, "puttygen: conversion from SSH-1 to SSH-2 keys"
 			" not supported\n");
 		return 1;
 	    }
@@ -534,7 +534,7 @@ int main(int argc, char **argv)
 	  case SSH_KEYTYPE_OPENSSH:
 	  case SSH_KEYTYPE_SSHCOM:
 	    if (sshver == 1) {
-		fprintf(stderr, "puttygen: conversion from SSH2 to SSH1 keys"
+		fprintf(stderr, "puttygen: conversion from SSH-2 to SSH-1 keys"
 			" not supported\n");
 		return 1;
 	    }
@@ -694,13 +694,13 @@ int main(int argc, char **argv)
 		l = ssh1_read_bignum(blob + n, bloblen - n,
 				     &ssh1key->exponent);
 		if (l < 0) {
-		    error = "SSH1 public key blob was too short";
+		    error = "SSH-1 public key blob was too short";
 		} else {
 		    n += l;
 		    l = ssh1_read_bignum(blob + n, bloblen - n,
 					 &ssh1key->modulus);
 		    if (l < 0) {
-			error = "SSH1 public key blob was too short";
+			error = "SSH-1 public key blob was too short";
 		    } else
 			n += l;
 		}
@@ -829,14 +829,14 @@ int main(int argc, char **argv)
 	    assert(ssh1key);
 	    ret = saversakey(&outfilename, ssh1key, passphrase);
 	    if (!ret) {
-		fprintf(stderr, "puttygen: unable to save SSH1 private key\n");
+		fprintf(stderr, "puttygen: unable to save SSH-1 private key\n");
 		return 1;
 	    }
 	} else {
 	    assert(ssh2key);
 	    ret = ssh2_save_userkey(&outfilename, ssh2key, passphrase);
  	    if (!ret) {
-		fprintf(stderr, "puttygen: unable to save SSH2 private key\n");
+		fprintf(stderr, "puttygen: unable to save SSH-2 private key\n");
 		return 1;
 	    }
 	}
@@ -1215,10 +1215,10 @@ int main(int argc, char **argv)
 	 * Change the comment of the key; this _does_ require a
 	 * passphrase owing to the tamperproofing.
 	 * 
-	 * NOTE: In SSH1, this only requires a passphrase because
+	 * NOTE: In SSH-1, this only requires a passphrase because
 	 * of inadequacies of the loading and saving mechanisms. In
 	 * _principle_, it should be perfectly possible to modify
-	 * the comment on an SSH1 key without requiring a
+	 * the comment on an SSH-1 key without requiring a
 	 * passphrase; the only reason I can't do it is because my
 	 * loading and saving mechanisms don't include a method of
 	 * loading all the key data without also trying to decrypt
@@ -1226,7 +1226,7 @@ int main(int argc, char **argv)
 	 * 
 	 * I don't consider this to be a problem worth solving,
 	 * because (a) to fix it would probably end up bloating
-	 * PuTTY proper, and (b) SSH1 is on the way out anyway so
+	 * PuTTY proper, and (b) SSH-1 is on the way out anyway so
 	 * it shouldn't be highly significant. If it seriously
 	 * bothers anyone then perhaps I _might_ be persuadable.
 	 */

config.c

@@ -92,7 +92,7 @@ static void cipherlist_handler(union control *ctrl, void *dlg,
 	    { "3DES",			CIPHER_3DES },
 	    { "Blowfish",		CIPHER_BLOWFISH },
 	    { "DES",			CIPHER_DES },
-	    { "AES (SSH 2 only)",	CIPHER_AES },
+	    { "AES (SSH-2 only)",	CIPHER_AES },
 	    { "-- warn below here --",	CIPHER_WARN }
 	};
 
@@ -1647,7 +1647,7 @@ void setup_config_box(struct controlbox *b, struct sesslist *sesslist,
 			      cipherlist_handler, P(NULL));
 	    c->listbox.height = 6;
 
-	    ctrl_checkbox(s, "Enable legacy use of single-DES in SSH 2", 'i',
+	    ctrl_checkbox(s, "Enable legacy use of single-DES in SSH-2", 'i',
 			  HELPCTX(ssh_ciphers),
 			  dlg_stdcheckbox_handler,
 			  I(offsetof(Config,ssh2_des_cbc)));
@@ -1656,7 +1656,7 @@ void setup_config_box(struct controlbox *b, struct sesslist *sesslist,
 	/*
 	 * The Connection/SSH/Kex panel. (Owing to repeat key
 	 * exchange, this is all meaningful in mid-session _if_
-	 * we're using SSH2 or haven't decided yet.)
+	 * we're using SSH-2 or haven't decided yet.)
 	 */
 	if (protcfginfo != 1) {
 	    ctrl_settitle(b, "Connection/SSH/Kex",
@@ -1696,11 +1696,11 @@ void setup_config_box(struct controlbox *b, struct sesslist *sesslist,
 
 	    s = ctrl_getset(b, "Connection/SSH/Auth", "methods",
 			    "Authentication methods");
-	    ctrl_checkbox(s, "Attempt TIS or CryptoCard auth (SSH1)", 'm',
+	    ctrl_checkbox(s, "Attempt TIS or CryptoCard auth (SSH-1)", 'm',
 			  HELPCTX(ssh_auth_tis),
 			  dlg_stdcheckbox_handler,
 			  I(offsetof(Config,try_tis_auth)));
-	    ctrl_checkbox(s, "Attempt \"keyboard-interactive\" auth (SSH2)",
+	    ctrl_checkbox(s, "Attempt \"keyboard-interactive\" auth (SSH-2)",
 			  'i', HELPCTX(ssh_auth_ki),
 			  dlg_stdcheckbox_handler,
 			  I(offsetof(Config,try_ki_auth)));
@@ -1710,7 +1710,7 @@ void setup_config_box(struct controlbox *b, struct sesslist *sesslist,
 	    ctrl_checkbox(s, "Allow agent forwarding", 'f',
 			  HELPCTX(ssh_auth_agentfwd),
 			  dlg_stdcheckbox_handler, I(offsetof(Config,agentfwd)));
-	    ctrl_checkbox(s, "Allow attempted changes of username in SSH2", 'u',
+	    ctrl_checkbox(s, "Allow attempted changes of username in SSH-2", 'u',
 			  HELPCTX(ssh_auth_changeuser),
 			  dlg_stdcheckbox_handler,
 			  I(offsetof(Config,change_username)));
@@ -1755,7 +1755,7 @@ void setup_config_box(struct controlbox *b, struct sesslist *sesslist,
 		      HELPCTX(ssh_tunnels_portfwd_localhost),
 		      dlg_stdcheckbox_handler,
 		      I(offsetof(Config,lport_acceptall)));
-	ctrl_checkbox(s, "Remote ports do the same (SSH v2 only)", 'p',
+	ctrl_checkbox(s, "Remote ports do the same (SSH-2 only)", 'p',
 		      HELPCTX(ssh_tunnels_portfwd_localhost),
 		      dlg_stdcheckbox_handler,
 		      I(offsetof(Config,rport_acceptall)));
@@ -1824,22 +1824,22 @@ void setup_config_box(struct controlbox *b, struct sesslist *sesslist,
 
 	    s = ctrl_getset(b, "Connection/SSH/Bugs", "main",
 			    "Detection of known bugs in SSH servers");
-	    ctrl_droplist(s, "Chokes on SSH1 ignore messages", 'i', 20,
+	    ctrl_droplist(s, "Chokes on SSH-1 ignore messages", 'i', 20,
 			  HELPCTX(ssh_bugs_ignore1),
 			  sshbug_handler, I(offsetof(Config,sshbug_ignore1)));
-	    ctrl_droplist(s, "Refuses all SSH1 password camouflage", 's', 20,
+	    ctrl_droplist(s, "Refuses all SSH-1 password camouflage", 's', 20,
 			  HELPCTX(ssh_bugs_plainpw1),
 			  sshbug_handler, I(offsetof(Config,sshbug_plainpw1)));
-	    ctrl_droplist(s, "Chokes on SSH1 RSA authentication", 'r', 20,
+	    ctrl_droplist(s, "Chokes on SSH-1 RSA authentication", 'r', 20,
 			  HELPCTX(ssh_bugs_rsa1),
 			  sshbug_handler, I(offsetof(Config,sshbug_rsa1)));
-	    ctrl_droplist(s, "Miscomputes SSH2 HMAC keys", 'm', 20,
+	    ctrl_droplist(s, "Miscomputes SSH-2 HMAC keys", 'm', 20,
 			  HELPCTX(ssh_bugs_hmac2),
 			  sshbug_handler, I(offsetof(Config,sshbug_hmac2)));
-	    ctrl_droplist(s, "Miscomputes SSH2 encryption keys", 'e', 20,
+	    ctrl_droplist(s, "Miscomputes SSH-2 encryption keys", 'e', 20,
 			  HELPCTX(ssh_bugs_derivekey2),
 			  sshbug_handler, I(offsetof(Config,sshbug_derivekey2)));
-	    ctrl_droplist(s, "Requires padding on SSH2 RSA signatures", 'p', 20,
+	    ctrl_droplist(s, "Requires padding on SSH-2 RSA signatures", 'p', 20,
 			  HELPCTX(ssh_bugs_rsapad2),
 			  sshbug_handler, I(offsetof(Config,sshbug_rsapad2)));
 	    ctrl_droplist(s, "Misuses the session ID in PK auth", 'n', 20,

contrib/kh2reg.py

@@ -1,6 +1,6 @@
 #! /usr/bin/env python
 
-# $Id: kh2reg.py,v 1.3 2003/10/21 13:26:12 jacob Exp $
+# $Id$
 # Convert OpenSSH known_hosts and known_hosts2 files to "new format" PuTTY
 # host keys.
 #   usage:
@@ -87,7 +87,7 @@ for line in fileinput.input(args):
         # is second field entirely decimal digits?
         if re.match (r"\d*$", fields[1]):
 
-            # Treat as SSH1-type host key.
+            # Treat as SSH-1-type host key.
             # Format: hostpat bits10 exp10 mod10 comment...
             # (PuTTY doesn't store the number of bits.)
             magicnumbers = map (long, fields[2:4])
@@ -95,7 +95,7 @@ for line in fileinput.input(args):
 
         else:
 
-            # Treat as SSH2-type host key.
+            # Treat as SSH-2-type host key.
             # Format: hostpat keytype keyblob64 comment...
             sshkeytype, blob = fields[1], base64.decodestring (fields[2])
 

doc/config.but

@@ -1563,8 +1563,8 @@ Keepalives are only supported in Telnet and SSH; the Rlogin and Raw
 protocols offer no way of implementing them. (For an alternative, see
 \k{config-tcp-keepalives}.)
 
-Note that if you are using SSH1 and the server has a bug that makes
+Note that if you are using SSH-1 and the server has a bug that makes
-it unable to deal with SSH1 ignore messages (see
+it unable to deal with SSH-1 ignore messages (see
 \k{config-ssh-bug-ignore1}), enabling keepalives will have no effect.
 
 \S{config-nodelay} \q{Disable Nagle's algorithm}
@@ -1701,10 +1701,10 @@ other ways around the security problems than just disabling the
 whole mechanism.
 
 Version 2 of the SSH protocol also provides a similar mechanism,
-which is easier to implement without security flaws. Newer SSH2
+which is easier to implement without security flaws. Newer SSH-2
 servers are more likely to support it than older ones.
 
-This configuration data is not used in the SSHv1, rlogin or raw
+This configuration data is not used in the SSH-1, rlogin or raw
 protocols.
 
 To add an environment variable to the list transmitted down the
@@ -2126,11 +2126,11 @@ separate configuration of the preference orders. As a result you may
 get two warnings similar to the one above, possibly with different
 encryptions.
 
-Single-DES is not recommended in the SSH 2 draft protocol
+Single-DES is not recommended in the SSH-2 draft protocol
 standards, but one or two server implementations do support it.
 PuTTY can use single-DES to interoperate with
 these servers if you enable the \q{Enable legacy use of single-DES in
-SSH 2} option; by default this is disabled and PuTTY will stick to
+SSH-2} option; by default this is disabled and PuTTY will stick to
 recommended ciphers.
 
 \H{config-ssh-kex} The Kex panel
@@ -2283,7 +2283,7 @@ responses take.
 
 \cfg{winhelp-topic}{ssh.auth.ki}
 
-The SSH 2 equivalent of TIS authentication is called
+The SSH-2 equivalent of TIS authentication is called
 \q{keyboard-interactive}. It is a flexible authentication method
 using an arbitrary sequence of requests and responses; so it is not
 only useful for challenge/response mechanisms such as S/Key, but it
@@ -2306,17 +2306,17 @@ See \k{pageant} for general information on Pageant, and
 there is a security risk involved with enabling this option; see
 \k{pageant-security} for details.
 
-\S{config-ssh-changeuser} \q{Allow attempted changes of username in SSH2}
+\S{config-ssh-changeuser} \q{Allow attempted changes of username in SSH-2}
 
 \cfg{winhelp-topic}{ssh.auth.changeuser}
 
-In the SSH 1 protocol, it is impossible to change username after
+In the SSH-1 protocol, it is impossible to change username after
 failing to authenticate. So if you mis-type your username at the
 PuTTY \q{login as:} prompt, you will not be able to change it except
 by restarting PuTTY.
 
-The SSH 2 protocol \e{does} allow changes of username, in principle,
+The SSH-2 protocol \e{does} allow changes of username, in principle,
-but does not make it mandatory for SSH 2 servers to accept them. In
+but does not make it mandatory for SSH-2 servers to accept them. In
 particular, OpenSSH does not accept a change of username; once you
 have sent one username, it will reject attempts to try to
 authenticate as another user. (Depending on the version of OpenSSH,
@@ -2391,7 +2391,7 @@ experimental feature, and may encounter several problems:
 \cw{XDM-AUTHORIZATION-1}, so they will not know what to do with the
 data PuTTY has provided.
 
-\b This authentication mechanism will only work in SSH v2. In SSH
+\b This authentication mechanism will only work in SSH-2. In SSH
 v1, the SSH server does not tell the client the source address of
 a forwarded connection in a machine-readable format, so it's
 impossible to verify the \cw{XDM-AUTHORIZATION-1} data.
@@ -2465,10 +2465,10 @@ If you delete a local or dynamic port forwarding in mid-session, PuTTY
 will stop listening for connections on that port, so it can be re-used
 by another program. If you delete a remote port forwarding, note that:
 
-\b The SSHv1 protocol contains no mechanism for asking the server to
+\b The SSH-1 protocol contains no mechanism for asking the server to
 stop listening on a remote port.
 
-\b The SSHv2 protocol does contain such a mechanism, but not all SSH
+\b The SSH-2 protocol does contain such a mechanism, but not all SSH
 servers support it. (In particular, OpenSSH does not support it in
 any version earlier than 3.9.)
 
@@ -2502,8 +2502,8 @@ port. (This also applies to dynamic SOCKS forwarding.)
 \b The \q{Remote ports do the same} option does the same thing for
 remote-to-local port forwardings (so that machines other than the
 SSH server machine can connect to the forwarded port.) Note that
-this feature is only available in the SSH 2 protocol, and not all
+this feature is only available in the SSH-2 protocol, and not all
-SSH 2 servers support it (OpenSSH 3.0 does not, for example).
+SSH-2 servers support it (OpenSSH 3.0 does not, for example).
 
 \S{config-ssh-portfwd-address-family} Selecting Internet protocol
 version for forwarded ports
@@ -2555,7 +2555,7 @@ states:
 \b \q{Auto}: PuTTY will use the server's version number announcement
 to try to guess whether or not the server has the bug.
 
-\S{config-ssh-bug-ignore1} \q{Chokes on SSH1 ignore messages}
+\S{config-ssh-bug-ignore1} \q{Chokes on SSH-1 ignore messages}
 
 \cfg{winhelp-topic}{ssh.bugs.ignore1}
 
@@ -2563,30 +2563,30 @@ An ignore message (SSH_MSG_IGNORE) is a message in the SSH protocol
 which can be sent from the client to the server, or from the server
 to the client, at any time. Either side is required to ignore the
 message whenever it receives it. PuTTY uses ignore messages to hide
-the password packet in SSH1, so that a listener cannot tell the
+the password packet in SSH-1, so that a listener cannot tell the
 length of the user's password; it also uses ignore messages for
 connection keepalives (see \k{config-keepalive}).
 
 If this bug is detected, PuTTY will stop using ignore messages. This
 means that keepalives will stop working, and PuTTY will have to fall
-back to a secondary defence against SSH1 password-length
+back to a secondary defence against SSH-1 password-length
 eavesdropping. See \k{config-ssh-bug-plainpw1}. If this bug is
 enabled when talking to a correct server, the session will succeed,
 but keepalives will not work and the session might be more
 vulnerable to eavesdroppers than it could be.
 
-This is an SSH1-specific bug. No known SSH2 server fails to deal
+This is an SSH-1-specific bug. No known SSH-2 server fails to deal
-with SSH2 ignore messages.
+with SSH-2 ignore messages.
 
-\S{config-ssh-bug-plainpw1} \q{Refuses all SSH1 password camouflage}
+\S{config-ssh-bug-plainpw1} \q{Refuses all SSH-1 password camouflage}
 
 \cfg{winhelp-topic}{ssh.bugs.plainpw1}
 
-When talking to an SSH1 server which cannot deal with ignore
+When talking to an SSH-1 server which cannot deal with ignore
 messages (see \k{config-ssh-bug-ignore1}), PuTTY will attempt to
 disguise the length of the user's password by sending additional
 padding \e{within} the password packet. This is technically a
-violation of the SSH1 specification, and so PuTTY will only do it
+violation of the SSH-1 specification, and so PuTTY will only do it
 when it cannot use standards-compliant ignore messages as
 camouflage. In this sense, for a server to refuse to accept a padded
 password packet is not really a bug, but it does make life
@@ -2599,15 +2599,15 @@ of the password. If this bug is enabled when talking to a correct
 server, the session will succeed, but will be more vulnerable to
 eavesdroppers than it could be.
 
-This is an SSH1-specific bug. SSH2 is secure against this type of
+This is an SSH-1-specific bug. SSH-2 is secure against this type of
 attack.
 
-\S{config-ssh-bug-rsa1} \q{Chokes on SSH1 RSA authentication}
+\S{config-ssh-bug-rsa1} \q{Chokes on SSH-1 RSA authentication}
 
 \cfg{winhelp-topic}{ssh.bugs.rsa1}
 
-Some SSH1 servers cannot deal with RSA authentication messages at
+Some SSH-1 servers cannot deal with RSA authentication messages at
-all. If Pageant is running and contains any SSH1 keys, PuTTY will
+all. If Pageant is running and contains any SSH-1 keys, PuTTY will
 normally automatically try RSA authentication before falling back to
 passwords, so these servers will crash when they see the RSA attempt.
 
@@ -2616,9 +2616,9 @@ authentication. If this bug is enabled when talking to a correct
 server, the session will succeed, but of course RSA authentication
 will be impossible.
 
-This is an SSH1-specific bug.
+This is an SSH-1-specific bug.
 
-\S{config-ssh-bug-hmac2} \q{Miscomputes SSH2 HMAC keys}
+\S{config-ssh-bug-hmac2} \q{Miscomputes SSH-2 HMAC keys}
 
 \cfg{winhelp-topic}{ssh.bugs.hmac2}
 
@@ -2633,9 +2633,9 @@ same way as the buggy server, so that communication will still be
 possible. If this bug is enabled when talking to a correct server,
 communication will fail.
 
-This is an SSH2-specific bug.
+This is an SSH-2-specific bug.
 
-\S{config-ssh-bug-derivekey2} \q{Miscomputes SSH2 encryption keys}
+\S{config-ssh-bug-derivekey2} \q{Miscomputes SSH-2 encryption keys}
 
 \cfg{winhelp-topic}{ssh.bugs.derivekey2}
 
@@ -2649,15 +2649,15 @@ the same way as the buggy server, so that communication will still
 be possible. If this bug is enabled when talking to a correct
 server, communication will fail.
 
-This is an SSH2-specific bug.
+This is an SSH-2-specific bug.
 
-\S{config-ssh-bug-sig} \q{Requires padding on SSH2 RSA signatures}
+\S{config-ssh-bug-sig} \q{Requires padding on SSH-2 RSA signatures}
 
 \cfg{winhelp-topic}{ssh.bugs.rsapad2}
 
-Versions below 3.3 of OpenSSH require SSH2 RSA signatures to be
+Versions below 3.3 of OpenSSH require SSH-2 RSA signatures to be
 padded with zero bytes to the same length as the RSA key modulus.
-The SSH2 draft specification says that an unpadded signature MUST be
+The SSH-2 draft specification says that an unpadded signature MUST be
 accepted, so this is a bug. A typical symptom of this problem is
 that PuTTY mysteriously fails RSA authentication once in every few
 hundred attempts, and falls back to passwords.
@@ -2668,13 +2668,13 @@ server, it is likely that no damage will be done, since correct
 servers usually still accept padded signatures because they're used
 to talking to OpenSSH.
 
-This is an SSH2-specific bug.
+This is an SSH-2-specific bug.
 
 \S{config-ssh-bug-pksessid2} \q{Misuses the session ID in PK auth}
 
 \cfg{winhelp-topic}{ssh.bugs.pksessid2}
 
-Versions below 2.3 of OpenSSH require SSH2 public-key authentication
+Versions below 2.3 of OpenSSH require SSH-2 public-key authentication
 to be done slightly differently: the data to be signed by the client
 contains the session ID formatted in a different way. If public-key
 authentication mysteriously does not work but the Event Log (see
@@ -2684,9 +2684,9 @@ helps.
 
 If this bug is detected, PuTTY will sign data in the way OpenSSH
 expects. If this bug is enabled when talking to a correct server,
-SSH2 public-key authentication will fail.
+SSH-2 public-key authentication will fail.
 
-This is an SSH2-specific bug.
+This is an SSH-2-specific bug.
 
 \S{config-ssh-bug-rekey} \q{Handles key re-exchange badly}
 
@@ -2706,7 +2706,7 @@ exchange. If this bug is enabled when talking to a correct server,
 the session should still function, but may be less secure than you
 would expect.
 
-This is an SSH2-specific bug.
+This is an SSH-2-specific bug.
 
 \H{config-file} Storing configuration in a file
 

doc/errors.but

@@ -30,8 +30,8 @@ asking the machine's administrator.
 If you see this message and you know that your installation of PuTTY
 \e{has} connected to the same server before, it may have been
 recently upgraded to SSH protocol version 2. SSH protocols 1 and 2
-use separate host keys, so when you first use SSH 2 with a server
+use separate host keys, so when you first use SSH-2 with a server
-you have only used SSH 1 with before, you will see this message
+you have only used SSH-1 with before, you will see this message
 again. You should verify the correctness of the key as before.
 
 See \k{gs-hostkey} for more information on host keys.
@@ -100,7 +100,7 @@ PuTTY is not able to recover from running out of memory; it will
 terminate immediately after giving this error.
 
 However, this error can also occur when memory is not running out at
-all, because PuTTY receives data in the wrong format. In SSH 2 and
+all, because PuTTY receives data in the wrong format. In SSH-2 and
 also in SFTP, the server sends the length of each message before the
 message itself; so PuTTY will receive the length, try to allocate
 space for the message, and then receive the rest of the message. If
@@ -108,7 +108,7 @@ the length PuTTY receives is garbage, it will try to allocate a
 ridiculous amount of memory, and will terminate with an \q{Out of
 memory} error.
 
-This can happen in SSH 2, if PuTTY and the server have not enabled
+This can happen in SSH-2, if PuTTY and the server have not enabled
 encryption in the same way (see \k{faq-outofmem} in the FAQ). Some
 versions of OpenSSH have a known problem with this: see
 \k{faq-openssh-bad-openssl}.
@@ -213,7 +213,7 @@ to tell from this error message whether the problem is in the client,
 in the server, or in between.
 
 If you get this error, one thing you could try would be to fiddle
-with the setting of \q{Miscomputes SSH2 encryption keys} on the Bugs
+with the setting of \q{Miscomputes SSH-2 encryption keys} on the Bugs
 panel (see \k{config-ssh-bug-derivekey2}).
 
 Another known server problem which can cause this error is described

doc/faq.but

@@ -45,23 +45,23 @@ page}, and see if you can find the feature there. If it's on there,
 and not in the \q{Recently fixed} section, it probably \e{hasn't} been
 implemented.
 
-\S{faq-ssh2}{Question} Does PuTTY support SSH v2?
+\S{faq-ssh2}{Question} Does PuTTY support SSH-2?
 
-Yes. SSH v2 support has been available in PuTTY since version 0.50.
+Yes. SSH-2 support has been available in PuTTY since version 0.50.
 
-Public key authentication (both RSA and DSA) in SSH v2 is new in
+Public key authentication (both RSA and DSA) in SSH-2 is new in
 version 0.52.
 
 \S{faq-ssh2-keyfmt}{Question} Does PuTTY support reading OpenSSH or
-\cw{ssh.com} SSHv2 private key files?
+\cw{ssh.com} SSH-2 private key files?
 
 PuTTY doesn't support this natively, but as of 0.53
 PuTTYgen can convert both OpenSSH and \cw{ssh.com} private key
 files into PuTTY's format.
 
-\S{faq-ssh1}{Question} Does PuTTY support SSH v1?
+\S{faq-ssh1}{Question} Does PuTTY support SSH-1?
 
-Yes. SSH 1 support has always been available in PuTTY.
+Yes. SSH-1 support has always been available in PuTTY.
 
 \S{faq-localecho}{Question} Does PuTTY support local echo?
 
@@ -534,9 +534,9 @@ of quotes in the obvious way:
 received on packet}?
 
 One possible cause of this that used to be common is a bug in old
-SSH 2 servers distributed by \cw{ssh.com}. (This is not the only
+SSH-2 servers distributed by \cw{ssh.com}. (This is not the only
 possible cause; see \k{errors-crc} in the documentation.)
-Version 2.3.0 and below of their SSH 2 server
+Version 2.3.0 and below of their SSH-2 server
 constructs Message Authentication Codes in the wrong way, and
 expects the client to construct them in the same wrong way. PuTTY
 constructs the MACs correctly by default, and hence these old
@@ -550,7 +550,7 @@ to work with them.
 
 If you are using PuTTY version 0.51 or below, you can enable the
 workaround by going to the SSH panel and ticking the box labelled
-\q{Imitate SSH 2 MAC bug}. It's possible that you might have to do
+\q{Imitate SSH-2 MAC bug}. It's possible that you might have to do
 this with 0.52 as well, if a buggy server exists that PuTTY doesn't
 know about.
 
@@ -608,7 +608,7 @@ the
 \c http://www.microsoft.com/windows95/downloads/contents/
 \c   wuadmintools/s_wunetworkingtools/w95sockets2/
 
-\S{faq-outofmem}{Question} After trying to establish an SSH 2
+\S{faq-outofmem}{Question} After trying to establish an SSH-2
 connection, PuTTY says \q{Out of memory} and dies.
 
 If this happens just while the connection is starting up, this often
@@ -838,17 +838,17 @@ default cipher differs from many other clients.)
 
 \e{OpenSSH 3.1p1:} configurations known to be broken (and symptoms):
 
-\b SSH 2 with AES cipher (PuTTY says "Assertion failed! Expression:
+\b SSH-2 with AES cipher (PuTTY says "Assertion failed! Expression:
 (len & 15) == 0" in sshaes.c, or "Out of memory", or crashes)
 
-\b SSH 2 with 3DES (PuTTY says "Incorrect MAC received on packet")
+\b SSH-2 with 3DES (PuTTY says "Incorrect MAC received on packet")
 
-\b SSH 1 with Blowfish (PuTTY says "Incorrect CRC received on
+\b SSH-1 with Blowfish (PuTTY says "Incorrect CRC received on
 packet")
 
-\b SSH 1 with 3DES
+\b SSH-1 with 3DES
 
-\e{OpenSSH 3.4p1:} as of 3.4p1, only the problem with SSH 1 and
+\e{OpenSSH 3.4p1:} as of 3.4p1, only the problem with SSH-1 and
 Blowfish remains. Rebuild your server, apply the patch linked to from
 bug 138 above, or use another cipher (e.g., 3DES) instead.
 
@@ -860,11 +860,11 @@ clear the underlying cause is the same.
 key from ..."? Why can PuTTYgen load my key but not PuTTY?
 
 It's likely that you've generated an SSH protocol 2 key with PuTTYgen,
-but you're trying to use it in an SSH 1 connection. SSH1 and SSH2 keys
+but you're trying to use it in an SSH-1 connection. SSH-1 and SSH-2 keys
 have different formats, and (at least in 0.52) PuTTY's reporting of a
 key in the wrong format isn't optimal.
 
-To connect using SSH 2 to a server that supports both versions, you
+To connect using SSH-2 to a server that supports both versions, you
 need to change the configuration from the default (see \k{faq-ssh2}).
 
 \S{faq-rh8-utf8}{Question} When I'm connected to a Red Hat Linux 8.0
@@ -1177,7 +1177,7 @@ OpenSSH?
 
 No, it isn't. PuTTY is almost completely composed of code written
 from scratch for PuTTY. The only code we share with OpenSSH is the
-detector for SSH1 CRC compensation attacks, written by CORE SDI S.A.
+detector for SSH-1 CRC compensation attacks, written by CORE SDI S.A.
 
 \S{faq-sillyputty}{Question} Where can I buy silly putty?
 

doc/man-pg.but

@@ -42,15 +42,15 @@ The options to control this are:
 \dt \e{keyfile}
 
 \dd Specify a private key file to be loaded. This private key file can
-be in the (de facto standard) SSH1 key format, or in PuTTY's SSH2
+be in the (de facto standard) SSH-1 key format, or in PuTTY's SSH-2
-key format, or in either of the SSH2 private key formats used by
+key format, or in either of the SSH-2 private key formats used by
 OpenSSH and ssh.com's implementation.
 
 \dt \cw{\-t} \e{keytype}
 
 \dd Specify a type of key to generate. The acceptable values here are
-\c{rsa} and \c{dsa} (to generate SSH2 keys), and \c{rsa1} (to
+\c{rsa} and \c{dsa} (to generate SSH-2 keys), and \c{rsa1} (to
-generate SSH1 keys).
+generate SSH-1 keys).
 
 \dt \cw{\-b} \e{bits}
 
@@ -85,21 +85,21 @@ Acceptable options are:
 \dt \cw{private}
 
 \dd Save the private key in a format usable by PuTTY. This will either
-be the standard SSH1 key format, or PuTTY's own SSH2 key format.
+be the standard SSH-1 key format, or PuTTY's own SSH-2 key format.
 
 \dt \cw{public}
 
-\dd Save the public key only. For SSH1 keys, the standard public key
+\dd Save the public key only. For SSH-1 keys, the standard public key
-format will be used (\q{\cw{1024 37 5698745}...}). For SSH2 keys, the
+format will be used (\q{\cw{1024 37 5698745}...}). For SSH-2 keys, the
 public key will be output in the format specified in the IETF
 drafts, which is a multi-line text file beginning with the line
 \q{\cw{---- BEGIN SSH2 PUBLIC KEY ----}}.
 
 \dt \cw{public-openssh}
 
-\dd Save the public key only, in a format usable by OpenSSH. For SSH1
+\dd Save the public key only, in a format usable by OpenSSH. For SSH-1
 keys, this output format behaves identically to \c{public}. For
-SSH2 keys, the public key will be output in the OpenSSH format,
+SSH-2 keys, the public key will be output in the OpenSSH format,
 which is a single line (\q{\cw{ssh-rsa AAAAB3NzaC1yc2}...}).
 
 \dt \cw{fingerprint}
@@ -109,13 +109,13 @@ algorithms are believed compatible with OpenSSH.
 
 \dt \cw{private-openssh}
 
-\dd Save an SSH2 private key in OpenSSH's format. This option is not
+\dd Save an SSH-2 private key in OpenSSH's format. This option is not
-permitted for SSH1 keys.
+permitted for SSH-1 keys.
 
 \dt \cw{private-sshcom}
 
-\dd Save an SSH2 private key in ssh.com's format. This option is not
+\dd Save an SSH-2 private key in ssh.com's format. This option is not
-permitted for SSH1 keys.
+permitted for SSH-1 keys.
 
 If no output type is specified, the default is \c{private}.
 
@@ -144,7 +144,7 @@ fingerprint. Otherwise, the \c{\-o} option is required.
 
 \S{puttygen-manpage-examples} EXAMPLES
 
-To generate an SSH2 RSA key pair and save it in PuTTY's own format
+To generate an SSH-2 RSA key pair and save it in PuTTY's own format
 (you will be prompted for the passphrase):
 
 \c puttygen -t rsa -C "my home key" -o mykey.ppk

doc/man-putt.but

@@ -193,7 +193,7 @@ tunnel all their connections. Only works in SSH.
 \dt \cw{\-A}, \cw{\-a}
 
 \dd Enable (\cw{\-A}) or disable (\cw{\-a}) SSH agent forwarding.
-Currently this only works with OpenSSH and SSH1.
+Currently this only works with OpenSSH and SSH-1.
 
 \dt \cw{\-X}, \cw{\-x}
 
@@ -214,7 +214,7 @@ pseudo-terminal at the server end.
 
 \dt \cw{\-i} \e{keyfile}
 
-\dd Specify a private key file to use for authentication. For SSH2
+\dd Specify a private key file to use for authentication. For SSH-2
 keys, this key file must be in PuTTY's format, not OpenSSH's or
 anyone else's.
 

doc/pageant.but

@@ -68,9 +68,9 @@ something like this:
 For each key, the list box will tell you:
 
 \b The type of the key. Currently, this can be \c{ssh1} (an RSA key
-for use with the SSH v1 protocol), \c{ssh-rsa} (an RSA key for use
+for use with the SSH-1 protocol), \c{ssh-rsa} (an RSA key for use
-with the SSH v2 protocol), or \c{ssh-dss} (a DSA key for use with
+with the SSH-2 protocol), or \c{ssh-dss} (a DSA key for use with
-the SSH v2 protocol).
+the SSH-2 protocol).
 
 \b The size (in bits) of the key.
 
@@ -152,7 +152,7 @@ like this:
 Agent forwarding is a mechanism that allows applications on your SSH
 server machine to talk to the agent on your client machine.
 
-Note that at present, agent forwarding in SSH2 is only available
+Note that at present, agent forwarding in SSH-2 is only available
 when your SSH server is OpenSSH. The \cw{ssh.com} server uses a
 different agent protocol, which PuTTY does not yet support.
 

doc/pscp.but

@@ -7,8 +7,8 @@
 \i{PSCP}, the PuTTY Secure Copy client, is a tool for transferring files
 securely between computers using an SSH connection.
 
-If you have an SSH 2 server, you might prefer PSFTP (see \k{psftp})
+If you have an SSH-2 server, you might prefer PSFTP (see \k{psftp})
-for interactive use. PSFTP does not in general work with SSH 1
+for interactive use. PSFTP does not in general work with SSH-1
 servers, however.
 
 \H{pscp-starting} Starting PSCP
@@ -98,7 +98,7 @@ However, in the second case (using a wildcard for multiple remote
 files) you may see a warning saying something like \q{warning:
 remote host tried to write to a file called \cq{terminal.c} when we
 requested a file called \cq{*.c}. If this is a wildcard, consider
-upgrading to SSH 2 or using the \cq{-unsafe} option. Renaming of
+upgrading to SSH-2 or using the \cq{-unsafe} option. Renaming of
 this file has been disallowed}.
 
 This is due to a fundamental insecurity in the old-style SCP
@@ -112,13 +112,13 @@ the wildcard matching rules are decided by the server, the client
 cannot reliably verify that the filenames sent back match the
 pattern.
 
-PSCP will attempt to use the newer SFTP protocol (part of SSH 2)
+PSCP will attempt to use the newer SFTP protocol (part of SSH-2)
 where possible, which does not suffer from this security flaw. If
-you are talking to an SSH 2 server which supports SFTP, you will
+you are talking to an SSH-2 server which supports SFTP, you will
 never see this warning. (You can force use of the SFTP protocol,
 if available, with \c{-sftp} - see \k{pscp-usage-options-backend}.)
 
-If you really need to use a server-side wildcard with an SSH 1
+If you really need to use a server-side wildcard with an SSH-1
 server, you can use the \c{-unsafe} command line option with PSCP:
 
 \c pscp -unsafe fred@example.com:source/*.c c:\source
@@ -244,7 +244,7 @@ used, but also leads to interoperability issues such as with filename
 quoting (for instance, where filenames contain spaces), and also the
 security issue described in \k{pscp-usage-basics}.
 
-The newer SFTP protocol, which is usually associated with SSH 2
+The newer SFTP protocol, which is usually associated with SSH-2
 servers, is specified in a more platform independent way, and leaves
 issues such as wildcard syntax up to the client. (PuTTY's SFTP
 wildcard syntax is described in \k{psftp-wildcards}.) This makes it
@@ -258,7 +258,7 @@ The \c{-scp} option forces PSCP to use the SCP protocol or quit.
 
 The \c{-sftp} option forces PSCP to use the SFTP protocol or quit.
 When this option is specified, PSCP looks harder for an SFTP server,
-which may allow use of SFTP with SSH 1 depending on server setup.
+which may allow use of SFTP with SSH-1 depending on server setup.
 
 \S{pscp-retval} Return value
 

doc/psftp.but

@@ -8,8 +8,8 @@ securely between computers using an SSH connection.
 PSFTP differs from PSCP in the following ways:
 
 \b PSCP should work on virtually every SSH server. PSFTP uses the
-new SFTP protocol, which is a feature of SSH 2 only. (PSCP will also
+new SFTP protocol, which is a feature of SSH-2 only. (PSCP will also
-use this protocol if it can, but there is an SSH 1 equivalent it can
+use this protocol if it can, but there is an SSH-1 equivalent it can
 fall back to if it cannot.)
 
 \b PSFTP allows you to run an interactive file transfer session,

doc/pubkey.but

@@ -114,17 +114,17 @@ Before generating a key pair using PuTTYgen, you need to select
 which type of key you need. PuTTYgen currently supports three types
 of key:
 
-\b An RSA key for use with the SSH 1 protocol.
+\b An RSA key for use with the SSH-1 protocol.
 
-\b An RSA key for use with the SSH 2 protocol.
+\b An RSA key for use with the SSH-2 protocol.
 
-\b A DSA key for use with the SSH 2 protocol.
+\b A DSA key for use with the SSH-2 protocol.
 
-The SSH 1 protocol only supports RSA keys; if you will be connecting
+The SSH-1 protocol only supports RSA keys; if you will be connecting
-using the SSH 1 protocol, you must select the first key type or your
+using the SSH-1 protocol, you must select the first key type or your
 key will be completely useless.
 
-The SSH 2 protocol supports more than one key type. The two types
+The SSH-2 protocol supports more than one key type. The two types
 supported by PuTTY are RSA and DSA.
 
 The PuTTY developers \e{strongly} recommend you use RSA. DSA has an
@@ -289,13 +289,13 @@ will need to tell PuTTY to use for authentication (see
 
 \cfg{winhelp-topic}{puttygen.savepub}
 
-The SSH 2 protocol drafts specify a standard format for storing
+The SSH-2 protocol drafts specify a standard format for storing
 public keys on disk. Some SSH servers (such as \cw{ssh.com}'s)
 require a public key in this format in order to accept
 authentication with the corresponding private key. (Others, such as
 OpenSSH, use a different format; see \k{puttygen-pastekey}.)
 
-To save your public key in the SSH 2 standard format, press the
+To save your public key in the SSH-2 standard format, press the
 \q{Save public key} button in PuTTYgen. PuTTYgen will put up a
 dialog box asking you where to save the file. Select a directory,
 type in a file name, and press \q{Save}.
@@ -305,9 +305,9 @@ server machine. See \k{pubkey-gettingready} for general instructions
 on configuring public-key authentication once you have generated a
 key.
 
-If you use this option with an SSH 1 key, the file PuTTYgen saves
+If you use this option with an SSH-1 key, the file PuTTYgen saves
 will contain exactly the same text that appears in the \q{Public key
-for pasting} box. This is the only existing standard for SSH 1
+for pasting} box. This is the only existing standard for SSH-1
 public keys.
 
 \S{puttygen-pastekey} \q{Public key for pasting into authorized_keys
@@ -315,9 +315,9 @@ file}
 
 \cfg{winhelp-topic}{puttygen.pastekey}
 
-All SSH 1 servers require your public key to be given to it in a
+All SSH-1 servers require your public key to be given to it in a
 one-line format before it will accept authentication with your
-private key. The OpenSSH server also requires this for SSH 2.
+private key. The OpenSSH server also requires this for SSH-2.
 
 The \q{Public key for pasting into authorized_keys file} gives the
 public-key data in the correct one-line format. Typically you will
@@ -352,23 +352,23 @@ for information about importing foreign key formats.
 
 \cfg{winhelp-topic}{puttygen.conversions}
 
-Most SSH1 clients use a standard format for storing private keys on
+Most SSH-1 clients use a standard format for storing private keys on
 disk. PuTTY uses this format as well; so if you have generated an
-SSH1 private key using OpenSSH or \cw{ssh.com}'s client, you can use
+SSH-1 private key using OpenSSH or \cw{ssh.com}'s client, you can use
 it with PuTTY, and vice versa.
 
-However, SSH2 private keys have no standard format. OpenSSH and
+However, SSH-2 private keys have no standard format. OpenSSH and
 \cw{ssh.com} have different formats, and PuTTY's is different again.
 So a key generated with one client cannot immediately be used with
 another.
 
 Using the \q{Import} command from the \q{Conversions} menu, PuTTYgen
-can load SSH2 private keys in OpenSSH's format and \cw{ssh.com}'s
+can load SSH-2 private keys in OpenSSH's format and \cw{ssh.com}'s
 format. Once you have loaded one of these key types, you can then
 save it back out as a PuTTY-format key (\c{*.PPK}) so that you can use
 it with the PuTTY suite. The passphrase will be unchanged by this
 process (unless you deliberately change it). You may want to change
-the key comment before you save the key, since OpenSSH's SSH2 key
+the key comment before you save the key, since OpenSSH's SSH-2 key
 format contains no space for a comment and \cw{ssh.com}'s default
 comment format is long and verbose.
 
@@ -379,8 +379,8 @@ saving it (see \k{puttygen-savepriv}) - you need to have typed your
 passphrase in beforehand, and you will be warned if you are about to
 save a key without a passphrase.
 
-Note that since only SSH2 keys come in different formats, the export
+Note that since only SSH-2 keys come in different formats, the export
-options are not available if you have generated an SSH1 key.
+options are not available if you have generated an SSH-1 key.
 
 \H{pubkey-gettingready} Getting ready for public key authentication
 
@@ -389,7 +389,7 @@ connection succeeds you will be prompted for your user name and
 password to login. Once logged in, you must configure the server to
 accept your public key for authentication:
 
-\b If your server is using the SSH 1 protocol, you should change
+\b If your server is using the SSH-1 protocol, you should change
 into the \c{.ssh} directory and open the file \c{authorized_keys}
 with your favourite editor. (You may have to create this file if
 this is the first key you have put in it). Then switch to the
@@ -399,11 +399,11 @@ and copy it to the clipboard (\c{Ctrl+C}). Then, switch back to the
 PuTTY window and insert the data into the open file, making sure it
 ends up all on one line. Save the file.
 
-\b If your server is OpenSSH and is using the SSH 2 protocol, you
+\b If your server is OpenSSH and is using the SSH-2 protocol, you
 should follow the same instructions, except that in earlier versions
 of OpenSSH 2 the file might be called \c{authorized_keys2}. (In
 modern versions the same \c{authorized_keys} file is used for both
-SSH 1 and SSH 2 keys.)
+SSH-1 and SSH-2 keys.)
 
 \b If your server is \cw{ssh.com}'s SSH 2 product, you need to save
 a \e{public} key file from PuTTYgen (see \k{puttygen-savepub}), and

doc/using.but

@@ -431,8 +431,8 @@ your client PC can connect to the forwarded port.
 \b The \q{Remote ports do the same} option does the same thing for
 remote-to-local port forwardings (so that machines other than the
 SSH server machine can connect to the forwarded port.) Note that
-this feature is only available in the SSH 2 protocol, and not all
+this feature is only available in the SSH-2 protocol, and not all
-SSH 2 servers honour it (in OpenSSH, for example, it's usually
+SSH-2 servers honour it (in OpenSSH, for example, it's usually
 disabled by default).
 
 You can also specify an \i{IP address} to listen on. Typically a
@@ -443,8 +443,8 @@ available only to the local machine. So if you forward (for example)
 should be able to run commands such as \c{finger fred@127.0.0.5}.
 This can be useful if the program connecting to the forwarded port
 doesn't allow you to change the port number it uses. This feature is
-available for local-to-remote forwarded ports; SSH1 is unable to
+available for local-to-remote forwarded ports; SSH-1 is unable to
-support it for remote-to-local ports, while SSH2 can support it in
+support it for remote-to-local ports, while SSH-2 can support it in
 theory but servers will not necessarily cooperate.
 
 (Note that if you're using Windows XP Service Pack 2, you may need
@@ -752,8 +752,8 @@ the SSH panel of the PuTTY configuration box (see
 \S2{using-cmdline-sshprot} \i\c{-1} and \i\c{-2}: specify an \i{SSH
 protocol version}
 
-The \c{-1} and \c{-2} options force PuTTY to use version \I{SSH1}1
+The \c{-1} and \c{-2} options force PuTTY to use version \I{SSH-1}1
-or version \I{SSH2}2 of the SSH protocol. These options are only
+or version \I{SSH-2}2 of the SSH protocol. These options are only
 meaningful if you are using SSH.
 
 These options are equivalent to selecting your preferred SSH

import.c

@@ -56,7 +56,7 @@ int import_possible(int type)
 int import_target_type(int type)
 {
     /*
-     * There are no known foreign SSH1 key formats.
+     * There are no known foreign SSH-1 key formats.
      */
     return SSH_KEYTYPE_SSH2;
 }
@@ -78,7 +78,7 @@ int import_encrypted(const Filename *filename, int type, char **comment)
 }
 
 /*
- * Import an SSH1 key.
+ * Import an SSH-1 key.
  */
 int import_ssh1(const Filename *filename, int type,
 		struct RSAKey *key, char *passphrase, const char **errmsg_p)
@@ -87,7 +87,7 @@ int import_ssh1(const Filename *filename, int type,
 }
 
 /*
- * Import an SSH2 key.
+ * Import an SSH-2 key.
  */
 struct ssh2_userkey *import_ssh2(const Filename *filename, int type,
 				 char *passphrase, const char **errmsg_p)
@@ -100,7 +100,7 @@ struct ssh2_userkey *import_ssh2(const Filename *filename, int type,
 }
 
 /*
- * Export an SSH1 key.
+ * Export an SSH-1 key.
  */
 int export_ssh1(const Filename *filename, int type, struct RSAKey *key,
 		char *passphrase)
@@ -109,7 +109,7 @@ int export_ssh1(const Filename *filename, int type, struct RSAKey *key,
 }
 
 /*
- * Export an SSH2 key.
+ * Export an SSH-2 key.
  */
 int export_ssh2(const Filename *filename, int type,
                 struct ssh2_userkey *key, char *passphrase)
@@ -918,9 +918,9 @@ int openssh_write(const Filename *filename, struct ssh2_userkey *key,
  */
 
 /*
- * The format of the base64 blob is largely ssh2-packet-formatted,
+ * The format of the base64 blob is largely SSH-2-packet-formatted,
  * except that mpints are a bit different: they're more like the
- * old ssh1 mpint. You have a 32-bit bit count N, followed by
+ * old SSH-1 mpint. You have a 32-bit bit count N, followed by
  * (N+7)/8 bytes of data.
  * 
  * So. The blob contains:
@@ -932,7 +932,7 @@ int openssh_write(const Filename *filename, struct ssh2_userkey *key,
  *  - string encrypted-blob
  * 
  * (The first size field includes the size field itself and the
- * magic number before it. All other size fields are ordinary ssh2
+ * magic number before it. All other size fields are ordinary SSH-2
  * strings, so the size field indicates how much data is to
  * _follow_.)
  * 
@@ -977,7 +977,7 @@ int openssh_write(const Filename *filename, struct ssh2_userkey *key,
  * `dl-modp{sign{dsa' prefixes.
  * 
  * Finally, the encryption. The cipher-type string appears to be
- * either `none' or `3des-cbc'. Looks as if this is SSH2-style
+ * either `none' or `3des-cbc'. Looks as if this is SSH-2-style
  * 3des-cbc (i.e. outer cbc rather than inner). The key is created
  * from the passphrase by means of yet another hashing faff:
  * 

pscp.c

@@ -1827,7 +1827,7 @@ static void sink(char *targ, char *src)
 		    tell_user(stderr, "         when we requested a file "
 			      "called '%s'.", stripsrc);
 		    tell_user(stderr, "         If this is a wildcard, "
-			      "consider upgrading to SSH 2 or using");
+			      "consider upgrading to SSH-2 or using");
 		    tell_user(stderr, "         the '-unsafe' option. Renaming"
 			      " of this file has been disallowed.");
 		    /* Override the name the server provided with our own. */

psftp.c

@@ -2743,7 +2743,7 @@ static int psftp_connect(char *userhost, char *user, int portnumber)
     cfg.nopty = TRUE;
 
     /*
-     * Set up fallback option, for SSH1 servers or servers with the
+     * Set up fallback option, for SSH-1 servers or servers with the
      * sftp subsystem not enabled but the server binary installed
      * in the usual place. We only support fallback on Unix
      * systems, and we use a kludgy piece of shellery which should

putty.h

@@ -245,12 +245,12 @@ enum {
 
 enum {
     /*
-     * SSH ciphers (both SSH1 and SSH2)
+     * SSH ciphers (both SSH-1 and SSH-2)
      */
     CIPHER_WARN,		       /* pseudo 'cipher' */
     CIPHER_3DES,
     CIPHER_BLOWFISH,
-    CIPHER_AES,			       /* (SSH 2 only) */
+    CIPHER_AES,			       /* (SSH-2 only) */
     CIPHER_DES,
     CIPHER_MAX			       /* no. ciphers (inc warn) */
 };
@@ -415,11 +415,11 @@ struct config_tag {
     int ssh_rekey_time;		       /* in minutes */
     char ssh_rekey_data[16];
     int agentfwd;
-    int change_username;	       /* allow username switching in SSH2 */
+    int change_username;	       /* allow username switching in SSH-2 */
     int ssh_cipherlist[CIPHER_MAX];
     Filename keyfile;
     int sshprot;		       /* use v1 or v2 when both available */
-    int ssh2_des_cbc;		       /* "des-cbc" nonstandard SSH2 cipher */
+    int ssh2_des_cbc;		       /* "des-cbc" unrecommended SSH-2 cipher */
     int try_tis_auth;
     int try_ki_auth;
     int ssh_subsys;		       /* run a subsystem rather than a command */
@@ -524,7 +524,7 @@ struct config_tag {
     int x11_auth;
     /* port forwarding */
     int lport_acceptall; /* accept conns from hosts other than localhost */
-    int rport_acceptall; /* same for remote forwarded ports (SSH2 only) */
+    int rport_acceptall; /* same for remote forwarded ports (SSH-2 only) */
     /*
      * The port forwarding string contains a number of
      * NUL-terminated substrings, terminated in turn by an empty

ssh.c

@@ -342,18 +342,18 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
  * 
  *  - SSH1_BUFFER_LIMIT is the amount of backlog that must build up
  *    on a local data stream before we throttle the whole SSH
- *    connection (in SSH1 only). Throttling the whole connection is
+ *    connection (in SSH-1 only). Throttling the whole connection is
  *    pretty drastic so we set this high in the hope it won't
  *    happen very often.
  * 
  *  - SSH_MAX_BACKLOG is the amount of backlog that must build up
  *    on the SSH connection itself before we defensively throttle
  *    _all_ local data streams. This is pretty drastic too (though
- *    thankfully unlikely in SSH2 since the window mechanism should
+ *    thankfully unlikely in SSH-2 since the window mechanism should
  *    ensure that the server never has any need to throttle its end
  *    of the connection), so we set this high as well.
  * 
- *  - OUR_V2_WINSIZE is the maximum window size we present on SSH2
+ *  - OUR_V2_WINSIZE is the maximum window size we present on SSH-2
  *    channels.
  */
 
@@ -439,7 +439,7 @@ struct ssh_channel {
     /* True if we opened this channel but server hasn't confirmed. */
     int halfopen;
     /*
-     * In SSH1, this value contains four bits:
+     * In SSH-1, this value contains four bits:
      * 
      *   1   We have sent SSH1_MSG_CHANNEL_CLOSE.
      *   2   We have sent SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION.
@@ -475,11 +475,11 @@ struct ssh_channel {
 };
 
 /*
- * 2-3-4 tree storing remote->local port forwardings. SSH 1 and SSH
+ * 2-3-4 tree storing remote->local port forwardings. SSH-1 and SSH-2
- * 2 use this structure in different ways, reflecting SSH 2's
+ * use this structure in different ways, reflecting SSH-2's
  * altogether saner approach to port forwarding.
  * 
- * In SSH 1, you arrange a remote forwarding by sending the server
+ * In SSH-1, you arrange a remote forwarding by sending the server
  * the remote port number, and the local destination host:port.
  * When a connection comes in, the server sends you back that
  * host:port pair, and you connect to it. This is a ready-made
@@ -491,15 +491,15 @@ struct ssh_channel {
  * host:port pairs we _are_ trying to forward to, and reject a
  * connection request from the server if it's not in the list.
  * 
- * In SSH 2, each side of the connection minds its own business and
+ * In SSH-2, each side of the connection minds its own business and
  * doesn't send unnecessary information to the other. You arrange a
  * remote forwarding by sending the server just the remote port
  * number. When a connection comes in, the server tells you which
  * of its ports was connected to; and _you_ have to remember what
  * local host:port pair went with that port number.
  * 
- * Hence, in SSH 1 this structure is indexed by destination
+ * Hence, in SSH-1 this structure is indexed by destination
- * host:port pair, whereas in SSH 2 it is indexed by source port.
+ * host:port pair, whereas in SSH-2 it is indexed by source port.
  */
 struct ssh_portfwd; /* forward declaration */
 
@@ -542,7 +542,7 @@ struct Packet {
     unsigned char *body;
     long savedpos;
     long maxlen;
-    long encrypted_len;		       /* for SSH2 total-size counting */
+    long encrypted_len;		       /* for SSH-2 total-size counting */
 
     /*
      * State associated with packet logging
@@ -710,7 +710,7 @@ struct ssh_tag {
     struct rdpkt1_state_tag rdpkt1_state;
     struct rdpkt2_state_tag rdpkt2_state;
 
-    /* ssh1 and ssh2 use this for different things, but both use it */
+    /* SSH-1 and SSH-2 use this for different things, but both use it */
     int protocol_initial_phase_done;
 
     void (*protocol) (Ssh ssh, void *vin, int inlen,
@@ -1558,7 +1558,7 @@ static void sha_uint32(SHA_State * s, unsigned i)
 }
 
 /*
- * SSH2 packet construction functions.
+ * SSH-2 packet construction functions.
  */
 static void ssh2_pkt_ensure(struct Packet *pkt, int length)
 {
@@ -1650,7 +1650,7 @@ static void ssh2_pkt_addmp(struct Packet *pkt, Bignum b)
 }
 
 /*
- * Construct an SSH2 final-form packet: compress it, encrypt it,
+ * Construct an SSH-2 final-form packet: compress it, encrypt it,
  * put the MAC on it. Final packet, ready to be sent, is stored in
  * pkt->data. Total length is returned.
  */
@@ -1748,7 +1748,7 @@ static int ssh2_pkt_construct(Ssh ssh, struct Packet *pkt)
  */
 
 /*
- * Send an SSH2 packet immediately, without queuing or deferring.
+ * Send an SSH-2 packet immediately, without queuing or deferring.
  */
 static void ssh2_pkt_send_noqueue(Ssh ssh, struct Packet *pkt)
 {
@@ -1769,7 +1769,7 @@ static void ssh2_pkt_send_noqueue(Ssh ssh, struct Packet *pkt)
 }
 
 /*
- * Defer an SSH2 packet.
+ * Defer an SSH-2 packet.
  */
 static void ssh2_pkt_defer_noqueue(Ssh ssh, struct Packet *pkt)
 {
@@ -1787,7 +1787,7 @@ static void ssh2_pkt_defer_noqueue(Ssh ssh, struct Packet *pkt)
 }
 
 /*
- * Queue an SSH2 packet.
+ * Queue an SSH-2 packet.
  */
 static void ssh2_pkt_queue(Ssh ssh, struct Packet *pkt)
 {
@@ -1829,7 +1829,7 @@ static void ssh2_pkt_defer(Ssh ssh, struct Packet *pkt)
 
 /*
  * Send the whole deferred data block constructed by
- * ssh2_pkt_defer() or SSH1's defer_packet().
+ * ssh2_pkt_defer() or SSH-1's defer_packet().
  * 
  * The expected use of the defer mechanism is that you call
  * ssh2_pkt_defer() a few times, then call ssh_pkt_defersend(). If
@@ -1860,7 +1860,7 @@ static void ssh_pkt_defersend(Ssh ssh)
 }
 
 /*
- * Send all queued SSH2 packets. We send them by means of
+ * Send all queued SSH-2 packets. We send them by means of
  * ssh2_pkt_defer_noqueue(), in case they included a pair of
  * packets that needed to be lumped together.
  */
@@ -1901,7 +1901,7 @@ static void sha_mpint(SHA_State * s, Bignum b)
 }
 
 /*
- * Packet decode functions for both SSH1 and SSH2.
+ * Packet decode functions for both SSH-1 and SSH-2.
  */
 static unsigned long ssh_pkt_getuint32(struct Packet *pkt)
 {
@@ -1992,7 +1992,7 @@ static Bignum ssh2_pkt_getmp(struct Packet *pkt)
 }
 
 /*
- * Helper function to add an SSH2 signature blob to a packet.
+ * Helper function to add an SSH-2 signature blob to a packet.
  * Expects to be shown the public key blob as well as the signature
  * blob. Normally works just like ssh2_pkt_addstring, but will
  * fiddle with the signature packet if necessary for
@@ -2088,7 +2088,7 @@ static void ssh_detect_bugs(Ssh ssh, char *vstring)
 	 * sniffing.
 	 */
 	ssh->remote_bugs |= BUG_CHOKES_ON_SSH1_IGNORE;
-	logevent("We believe remote version has SSH1 ignore bug");
+	logevent("We believe remote version has SSH-1 ignore bug");
     }
 
     if (ssh->cfg.sshbug_plainpw1 == FORCE_ON ||
@@ -2100,7 +2100,7 @@ static void ssh_detect_bugs(Ssh ssh, char *vstring)
 	 * the password.
 	 */
 	ssh->remote_bugs |= BUG_NEEDS_SSH1_PLAIN_PASSWORD;
-	logevent("We believe remote version needs a plain SSH1 password");
+	logevent("We believe remote version needs a plain SSH-1 password");
     }
 
     if (ssh->cfg.sshbug_rsa1 == FORCE_ON ||
@@ -2125,7 +2125,7 @@ static void ssh_detect_bugs(Ssh ssh, char *vstring)
 	 * These versions have the HMAC bug.
 	 */
 	ssh->remote_bugs |= BUG_SSH2_HMAC;
-	logevent("We believe remote version has SSH2 HMAC bug");
+	logevent("We believe remote version has SSH-2 HMAC bug");
     }
 
     if (ssh->cfg.sshbug_derivekey2 == FORCE_ON ||
@@ -2138,7 +2138,7 @@ static void ssh_detect_bugs(Ssh ssh, char *vstring)
 	 * generate the keys).
 	 */
 	ssh->remote_bugs |= BUG_SSH2_DERIVEKEY;
-	logevent("We believe remote version has SSH2 key-derivation bug");
+	logevent("We believe remote version has SSH-2 key-derivation bug");
     }
 
     if (ssh->cfg.sshbug_rsapad2 == FORCE_ON ||
@@ -2146,21 +2146,21 @@ static void ssh_detect_bugs(Ssh ssh, char *vstring)
 	 (wc_match("OpenSSH_2.[5-9]*", imp) ||
 	  wc_match("OpenSSH_3.[0-2]*", imp)))) {
 	/*
-	 * These versions have the SSH2 RSA padding bug.
+	 * These versions have the SSH-2 RSA padding bug.
 	 */
 	ssh->remote_bugs |= BUG_SSH2_RSA_PADDING;
-	logevent("We believe remote version has SSH2 RSA padding bug");
+	logevent("We believe remote version has SSH-2 RSA padding bug");
     }
 
     if (ssh->cfg.sshbug_pksessid2 == FORCE_ON ||
 	(ssh->cfg.sshbug_pksessid2 == AUTO &&
 	 wc_match("OpenSSH_2.[0-2]*", imp))) {
 	/*
-	 * These versions have the SSH2 session-ID bug in
+	 * These versions have the SSH-2 session-ID bug in
 	 * public-key authentication.
 	 */
 	ssh->remote_bugs |= BUG_SSH2_PK_SESSIONID;
-	logevent("We believe remote version has SSH2 public-key-session-ID bug");
+	logevent("We believe remote version has SSH-2 public-key-session-ID bug");
     }
 
     if (ssh->cfg.sshbug_rekey2 == FORCE_ON ||
@@ -2170,10 +2170,10 @@ static void ssh_detect_bugs(Ssh ssh, char *vstring)
 	  wc_match("Sun_SSH_1.0", imp) ||
 	  wc_match("Sun_SSH_1.0.1", imp)))) {
 	/*
-	 * These versions have the SSH2 rekey bug.
+	 * These versions have the SSH-2 rekey bug.
 	 */
 	ssh->remote_bugs |= BUG_SSH2_REKEY;
-	logevent("We believe remote version has SSH2 rekey bug");
+	logevent("We believe remote version has SSH-2 rekey bug");
     }
 }
 
@@ -2314,14 +2314,14 @@ static int do_ssh_init(Ssh ssh, unsigned char c)
                        strcspn(s->vstring, "\015\012"));
 
             /*
-             * Initialise SSHv2 protocol.
+             * Initialise SSH-2 protocol.
              */
             ssh->protocol = ssh2_protocol;
             ssh2_protocol_setup(ssh);
             ssh->s_rdpkt = ssh2_rdpkt;
         } else {
             /*
-             * Initialise SSHv1 protocol.
+             * Initialise SSH-1 protocol.
              */
             ssh->protocol = ssh1_protocol;
             ssh1_protocol_setup(ssh);
@@ -2661,7 +2661,7 @@ static void ssh_throttle_all(Ssh ssh, int enable, int bufsize)
 
 /*
  * Username and password input, abstracted off into routines
- * reusable in several places - even between SSH1 and SSH2.
+ * reusable in several places - even between SSH-1 and SSH-2.
  */
 
 /* Set up a username or password input loop on a given buffer. */
@@ -2841,14 +2841,14 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
 
     ptr = ssh_pkt_getdata(pktin, 8);
     if (!ptr) {
-	bombout(("SSH1 public key packet stopped before random cookie"));
+	bombout(("SSH-1 public key packet stopped before random cookie"));
 	crStop(0);
     }
     memcpy(cookie, ptr, 8);
 
     if (!ssh1_pkt_getrsakey(pktin, &servkey, &s->keystr1) ||
 	!ssh1_pkt_getrsakey(pktin, &hostkey, &s->keystr2)) {	
-	bombout(("Failed to read SSH1 public keys from public key packet"));
+	bombout(("Failed to read SSH-1 public keys from public key packet"));
 	crStop(0);
     }
 
@@ -2887,7 +2887,7 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
      */
     if (hostkey.bits > hostkey.bytes * 8 ||
 	servkey.bits > servkey.bytes * 8) {
-	bombout(("SSH1 public keys were badly formatted"));
+	bombout(("SSH-1 public keys were badly formatted"));
 	crStop(0);
     }
 
@@ -2954,7 +2954,7 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
 	    ret = rsaencrypt(s->rsabuf, hostkey.bytes, &servkey);
     }
     if (!ret) {
-	bombout(("SSH1 public key encryptions failed due to bad formatting"));
+	bombout(("SSH-1 public key encryptions failed due to bad formatting"));
 	crStop(0);	
     }
 
@@ -2971,7 +2971,7 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
 		warn = 1;
 	    } else if (next_cipher == CIPHER_AES) {
 		/* XXX Probably don't need to mention this. */
-		logevent("AES not supported in SSH1, skipping");
+		logevent("AES not supported in SSH-1, skipping");
 	    } else {
 		switch (next_cipher) {
 		  case CIPHER_3DES:     s->cipher_type = SSH_CIPHER_3DES;
@@ -2987,7 +2987,7 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
 	}
 	if (!cipher_chosen) {
 	    if ((s->supported_ciphers_mask & (1 << SSH_CIPHER_3DES)) == 0)
-		bombout(("Server violates SSH 1 protocol by not "
+		bombout(("Server violates SSH-1 protocol by not "
 			 "supporting 3DES encryption"));
 	    else
 		/* shouldn't happen */
@@ -3177,7 +3177,7 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
 		s->p = s->response + 5;
 		s->nkeys = GET_32BIT(s->p);
 		s->p += 4;
-		logeventf(ssh, "Pageant has %d SSH1 keys", s->nkeys);
+		logeventf(ssh, "Pageant has %d SSH-1 keys", s->nkeys);
 		for (s->keyi = 0; s->keyi < s->nkeys; s->keyi++) {
 		    logeventf(ssh, "Trying Pageant key #%d", s->keyi);
 		    if (s->publickey_blob &&
@@ -3732,7 +3732,7 @@ int sshfwd_write(struct ssh_channel *c, char *buf, int len)
 		    PKT_INT, len, PKT_DATA, buf, len,
 		    PKTT_OTHER, PKT_END);
 	/*
-	 * In SSH1 we can return 0 here - implying that forwarded
+	 * In SSH-1 we can return 0 here - implying that forwarded
 	 * connections are never individually throttled - because
 	 * the only circumstance that can cause throttling will be
 	 * the whole SSH connection backing up, in which case
@@ -3902,7 +3902,7 @@ static void ssh_setup_portfwd(Ssh ssh, const Config *cfg)
 		portfwd_strptr++;
 		sports[n] = '\0';
 		if (ssh->version == 1 && type == 'R') {
-		    logeventf(ssh, "SSH1 cannot handle remote source address "
+		    logeventf(ssh, "SSH-1 cannot handle remote source address "
 			      "spec \"%s\"; ignoring", sports);
 		} else
 		    strcpy(saddr, sports);
@@ -4023,7 +4023,7 @@ static void ssh_setup_portfwd(Ssh ssh, const Config *cfg)
 		if (ssh->version == 1) {
 		    /*
 		     * We cannot cancel listening ports on the
-		     * server side in SSH1! There's no message
+		     * server side in SSH-1! There's no message
 		     * to support it. Instead, we simply remove
 		     * the rportfwd record from the local end
 		     * so that any connections the server tries
@@ -4612,7 +4612,7 @@ static void do_ssh1_connection(Ssh ssh, unsigned char *in, int inlen,
     /*
      * Start the shell or command.
      * 
-     * Special case: if the first-choice command is an SSH2
+     * Special case: if the first-choice command is an SSH-2
      * subsystem (hence not usable here) and the second choice
      * exists, we fall straight back to that.
      */
@@ -4677,7 +4677,7 @@ static void do_ssh1_connection(Ssh ssh, unsigned char *in, int inlen,
 }
 
 /*
- * Handle the top-level SSH2 protocol.
+ * Handle the top-level SSH-2 protocol.
  */
 static void ssh1_msg_debug(Ssh ssh, struct Packet *pktin)
 {
@@ -4797,7 +4797,7 @@ static int first_in_commasep_string(char *needle, char *haystack, int haylen)
 
 
 /*
- * SSH2 key creation method.
+ * SSH-2 key creation method.
  */
 static void ssh2_mkkey(Ssh ssh, Bignum K, unsigned char *H,
 		       unsigned char *sessid, char chr,
@@ -4822,7 +4822,7 @@ static void ssh2_mkkey(Ssh ssh, Bignum K, unsigned char *H,
 }
 
 /*
- * Handle the SSH2 transport layer.
+ * Handle the SSH-2 transport layer.
  */
 static int do_ssh2_transport(Ssh ssh, void *vin, int inlen,
 			     struct Packet *pktin)
@@ -5635,7 +5635,7 @@ static int do_ssh2_transport(Ssh ssh, void *vin, int inlen,
 }
 
 /*
- * Add data to an SSH2 channel output buffer.
+ * Add data to an SSH-2 channel output buffer.
  */
 static void ssh2_add_channel_data(struct ssh_channel *c, char *buf,
 				  int len)
@@ -5644,7 +5644,7 @@ static void ssh2_add_channel_data(struct ssh_channel *c, char *buf,
 }
 
 /*
- * Attempt to send data on an SSH2 channel.
+ * Attempt to send data on an SSH-2 channel.
  */
 static int ssh2_try_send(struct ssh_channel *c)
 {
@@ -5678,7 +5678,7 @@ static int ssh2_try_send(struct ssh_channel *c)
 }
 
 /*
- * Potentially enlarge the window on an SSH2 channel.
+ * Potentially enlarge the window on an SSH-2 channel.
  */
 static void ssh2_set_window(struct ssh_channel *c, unsigned newwin)
 {
@@ -5875,7 +5875,7 @@ static void ssh2_msg_channel_close(Ssh ssh, struct Packet *pktin)
 	/*
 	 * We used to send SSH_MSG_DISCONNECT here,
 	 * because I'd believed that _every_ conforming
-	 * SSH2 connection had to end with a disconnect
+	 * SSH-2 connection had to end with a disconnect
 	 * being sent by at least one side; apparently
 	 * I was wrong and it's perfectly OK to
 	 * unceremoniously slam the connection shut
@@ -6238,7 +6238,7 @@ static void ssh2_msg_channel_open(Ssh ssh, struct Packet *pktin)
 }
 
 /*
- * Handle the SSH2 userauth and connection layers.
+ * Handle the SSH-2 userauth and connection layers.
  */
 static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
 			     struct Packet *pktin)
@@ -6585,7 +6585,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
 		    s->p = s->response + 5;
 		    s->nkeys = GET_32BIT(s->p);
 		    s->p += 4;
-		    logeventf(ssh, "Pageant has %d SSH2 keys", s->nkeys);
+		    logeventf(ssh, "Pageant has %d SSH-2 keys", s->nkeys);
 		    for (s->keyi = 0; s->keyi < s->nkeys; s->keyi++) {
 			void *vret;
 
@@ -7445,7 +7445,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
 }
 
 /*
- * Handlers for SSH2 messages that might arrive at any moment.
+ * Handlers for SSH-2 messages that might arrive at any moment.
  */
 static void ssh2_msg_disconnect(Ssh ssh, struct Packet *pktin)
 {
@@ -7503,7 +7503,7 @@ static void ssh2_msg_something_unimplemented(Ssh ssh, struct Packet *pktin)
 }
 
 /*
- * Handle the top-level SSH2 protocol.
+ * Handle the top-level SSH-2 protocol.
  */
 static void ssh2_protocol_setup(Ssh ssh)
 {
@@ -7557,7 +7557,7 @@ static void ssh2_protocol_setup(Ssh ssh)
      * These special message types we install handlers for.
      */
     ssh->packet_dispatch[SSH2_MSG_DISCONNECT] = ssh2_msg_disconnect;
-    ssh->packet_dispatch[SSH2_MSG_IGNORE] = ssh_msg_ignore; /* shared with ssh1 */
+    ssh->packet_dispatch[SSH2_MSG_IGNORE] = ssh_msg_ignore; /* shared with SSH-1 */
     ssh->packet_dispatch[SSH2_MSG_DEBUG] = ssh2_msg_debug;
 }
 
@@ -8070,7 +8070,7 @@ static void ssh_special(void *handle, Telnet_Special code)
 	if (ssh->state == SSH_STATE_CLOSED
 	    || ssh->state == SSH_STATE_PREPACKET) return;
 	if (ssh->version == 1) {
-	    logevent("Unable to send BREAK signal in SSH1");
+	    logevent("Unable to send BREAK signal in SSH-1");
 	} else if (ssh->mainchan) {
 	    pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
 	    ssh2_pkt_adduint32(pktout, ssh->mainchan->remoteid);

ssh.h

@@ -137,7 +137,7 @@ void SHA512_Simple(const void *p, int len, unsigned char *output);
 struct ssh_cipher {
     void *(*make_context)(void);
     void (*free_context)(void *);
-    void (*sesskey) (void *, unsigned char *key);	/* for ssh 1 */
+    void (*sesskey) (void *, unsigned char *key);	/* for SSH-1 */
     void (*encrypt) (void *, unsigned char *blk, int len);
     void (*decrypt) (void *, unsigned char *blk, int len);
     int blksize;
@@ -147,8 +147,8 @@ struct ssh_cipher {
 struct ssh2_cipher {
     void *(*make_context)(void);
     void (*free_context)(void *);
-    void (*setiv) (void *, unsigned char *key);	/* for ssh 2 */
+    void (*setiv) (void *, unsigned char *key);	/* for SSH-2 */
-    void (*setkey) (void *, unsigned char *key);/* for ssh 2 */
+    void (*setkey) (void *, unsigned char *key);/* for SSH-2 */
     void (*encrypt) (void *, unsigned char *blk, int len);
     void (*decrypt) (void *, unsigned char *blk, int len);
     char *name;
@@ -441,7 +441,7 @@ int zlib_decompress_block(void *, unsigned char *block, int len,
 			  unsigned char **outblock, int *outlen);
 
 /*
- * SSH1 agent messages.
+ * SSH-1 agent messages.
  */
 #define SSH1_AGENTC_REQUEST_RSA_IDENTITIES    1
 #define SSH1_AGENT_RSA_IDENTITIES_ANSWER      2
@@ -452,13 +452,13 @@ int zlib_decompress_block(void *, unsigned char *block, int len,
 #define SSH1_AGENTC_REMOVE_ALL_RSA_IDENTITIES 9	/* openssh private? */
 
 /*
- * Messages common to SSH1 and OpenSSH's SSH2.
+ * Messages common to SSH-1 and OpenSSH's SSH-2.
  */
 #define SSH_AGENT_FAILURE                    5
 #define SSH_AGENT_SUCCESS                    6
 
 /*
- * OpenSSH's SSH2 agent messages.
+ * OpenSSH's SSH-2 agent messages.
  */
 #define SSH2_AGENTC_REQUEST_IDENTITIES          11
 #define SSH2_AGENT_IDENTITIES_ANSWER            12
@@ -469,7 +469,7 @@ int zlib_decompress_block(void *, unsigned char *block, int len,
 #define SSH2_AGENTC_REMOVE_ALL_IDENTITIES       19
 
 /*
- * Need this to warn about support for the original SSH2 keyfile
+ * Need this to warn about support for the original SSH-2 keyfile
  * format.
  */
 void old_keyfile_warning(void);

sshblowf.c

@@ -483,7 +483,7 @@ static void *blowfish_make_context(void)
 
 static void *blowfish_ssh1_make_context(void)
 {
-    /* In SSH1, need one key for each direction */
+    /* In SSH-1, need one key for each direction */
     return snewn(2, BlowfishContext);
 }
 

sshbn.c

@@ -558,7 +558,7 @@ Bignum bignum_from_bytes(const unsigned char *data, int nbytes)
 }
 
 /*
- * Read an ssh1-format bignum from a data buffer. Return the number
+ * Read an SSH-1-format bignum from a data buffer. Return the number
  * of bytes consumed, or -1 if there wasn't enough data.
  */
 int ssh1_read_bignum(const unsigned char *data, int len, Bignum * result)
@@ -587,7 +587,7 @@ int ssh1_read_bignum(const unsigned char *data, int len, Bignum * result)
 }
 
 /*
- * Return the bit count of a bignum, for ssh1 encoding.
+ * Return the bit count of a bignum, for SSH-1 encoding.
  */
 int bignum_bitcount(Bignum bn)
 {
@@ -598,7 +598,7 @@ int bignum_bitcount(Bignum bn)
 }
 
 /*
- * Return the byte length of a bignum when ssh1 encoded.
+ * Return the byte length of a bignum when SSH-1 encoded.
  */
 int ssh1_bignum_length(Bignum bn)
 {
@@ -606,7 +606,7 @@ int ssh1_bignum_length(Bignum bn)
 }
 
 /*
- * Return the byte length of a bignum when ssh2 encoded.
+ * Return the byte length of a bignum when SSH-2 encoded.
  */
 int ssh2_bignum_length(Bignum bn)
 {
@@ -654,7 +654,7 @@ void bignum_set_bit(Bignum bn, int bitnum, int value)
 }
 
 /*
- * Write a ssh1-format bignum into a buffer. It is assumed the
+ * Write a SSH-1-format bignum into a buffer. It is assumed the
  * buffer is big enough. Returns the number of bytes used.
  */
 int ssh1_write_bignum(void *data, Bignum bn)

sshdes.c

@@ -751,7 +751,7 @@ static void *des3_make_context(void)
 
 static void *des3_ssh1_make_context(void)
 {
-    /* Need 3 keys for each direction, in SSH1 */
+    /* Need 3 keys for each direction, in SSH-1 */
     return snewn(6, DESContext);
 }
 
@@ -762,7 +762,7 @@ static void *des_make_context(void)
 
 static void *des_ssh1_make_context(void)
 {
-    /* Need one key for each direction, in SSH1 */
+    /* Need one key for each direction, in SSH-1 */
     return snewn(2, DESContext);
 }
 
@@ -942,7 +942,7 @@ static const struct ssh2_cipher ssh_3des_ssh2 = {
 };
 
 /*
- * Single DES in ssh2. "des-cbc" is marked as HISTORIC in
+ * Single DES in SSH-2. "des-cbc" is marked as HISTORIC in
  * draft-ietf-secsh-assignednumbers-04.txt, referring to
  * FIPS-46-3.  ("Single DES (i.e., DES) will be permitted 
  * for legacy systems only.") , but ssh.com support it and 

sshpubk.c

@@ -1,7 +1,7 @@
 /*
  * Generic SSH public-key handling operations. In particular,
  * reading of SSH public-key files, and also the generic `sign'
- * operation for ssh2 (which checks the type of the key and
+ * operation for SSH-2 (which checks the type of the key and
  * dispatches to the appropriate key-type specific function).
  */
 
@@ -78,7 +78,7 @@ static int loadrsakey_main(FILE * fp, struct RSAKey *key, int pub_only,
 	|| buf[i + 3] != 0) goto end;  /* reserved field nonzero, panic! */
     i += 4;
 
-    /* Now the serious stuff. An ordinary SSH 1 public key. */
+    /* Now the serious stuff. An ordinary SSH-1 public key. */
     i += makekey(buf + i, len, key, NULL, 1);
     if (i < 0)
 	goto end;		       /* overran */
@@ -307,7 +307,7 @@ int saversakey(const Filename *filename, struct RSAKey *key, char *passphrase)
     p += 4;
 
     /*
-     * An ordinary SSH 1 public key consists of: a uint32
+     * An ordinary SSH-1 public key consists of: a uint32
      * containing the bit count, then two bignums containing the
      * modulus and exponent respectively.
      */
@@ -384,11 +384,11 @@ int saversakey(const Filename *filename, struct RSAKey *key, char *passphrase)
 }
 
 /* ----------------------------------------------------------------------
- * SSH2 private key load/store functions.
+ * SSH-2 private key load/store functions.
  */
 
 /*
- * PuTTY's own format for SSH2 keys is as follows:
+ * PuTTY's own format for SSH-2 keys is as follows:
  *
  * The file is text. Lines are terminated by CRLF, although CR-only
  * and LF-only are tolerated on input.
@@ -404,7 +404,7 @@ int saversakey(const Filename *filename, struct RSAKey *key, char *passphrase)
  *
  * Next there is a line saying "Public-Lines: " plus a number N.
  * The following N lines contain a base64 encoding of the public
- * part of the key. This is encoded as the standard SSH2 public key
+ * part of the key. This is encoded as the standard SSH-2 public key
  * blob (with no initial length): so for RSA, for example, it will
  * read
  *
@@ -1213,10 +1213,10 @@ char *key_type_to_str(int type)
     switch (type) {
       case SSH_KEYTYPE_UNOPENABLE: return "unable to open file"; break;
       case SSH_KEYTYPE_UNKNOWN: return "not a private key"; break;
-      case SSH_KEYTYPE_SSH1: return "SSH1 private key"; break;
+      case SSH_KEYTYPE_SSH1: return "SSH-1 private key"; break;
-      case SSH_KEYTYPE_SSH2: return "PuTTY SSH2 private key"; break;
+      case SSH_KEYTYPE_SSH2: return "PuTTY SSH-2 private key"; break;
-      case SSH_KEYTYPE_OPENSSH: return "OpenSSH SSH2 private key"; break;
+      case SSH_KEYTYPE_OPENSSH: return "OpenSSH SSH-2 private key"; break;
-      case SSH_KEYTYPE_SSHCOM: return "ssh.com SSH2 private key"; break;
+      case SSH_KEYTYPE_SSHCOM: return "ssh.com SSH-2 private key"; break;
       default: return "INTERNAL ERROR"; break;
     }
 }

sshsha.c

@@ -1,5 +1,5 @@
 /*
- * SHA1 hash algorithm. Used in SSH2 as a MAC, and the transform is
+ * SHA1 hash algorithm. Used in SSH-2 as a MAC, and the transform is
  * also used as a `stirring' function for the PuTTY random number
  * pool. Implemented directly from the specification by Simon
  * Tatham.

terminal.c

@@ -6231,13 +6231,13 @@ int term_data(Terminal *term, int is_stderr, const char *data, int len)
      * the remote side needing to wait until term_out() has cleared
      * a backlog.
      *
-     * This is a slightly suboptimal way to deal with SSH2 - in
+     * This is a slightly suboptimal way to deal with SSH-2 - in
      * principle, the window mechanism would allow us to continue
      * to accept data on forwarded ports and X connections even
      * while the terminal processing was going slowly - but we
      * can't do the 100% right thing without moving the terminal
      * processing into a separate thread, and that might hurt
-     * portability. So we manage stdout buffering the old SSH1 way:
+     * portability. So we manage stdout buffering the old SSH-1 way:
      * if the terminal processing goes slowly, the whole SSH
      * connection stops accepting data until it's ready.
      *

unix/uxcons.c

@@ -256,7 +256,7 @@ int askappend(void *frontend, Filename filename,
 void old_keyfile_warning(void)
 {
     static const char message[] =
-	"You are loading an SSH 2 private key which has an\n"
+	"You are loading an SSH-2 private key which has an\n"
 	"old version of the file format. This means your key\n"
 	"file is not fully tamperproof. Future versions of\n"
 	"PuTTY may stop supporting this private key format,\n"

windows/wincons.c

@@ -258,7 +258,7 @@ int askappend(void *frontend, Filename filename,
 void old_keyfile_warning(void)
 {
     static const char message[] =
-	"You are loading an SSH 2 private key which has an\n"
+	"You are loading an SSH-2 private key which has an\n"
 	"old version of the file format. This means your key\n"
 	"file is not fully tamperproof. Future versions of\n"
 	"PuTTY may stop supporting this private key format,\n"

windows/windlg.c

@@ -909,7 +909,7 @@ void old_keyfile_warning(void)
 {
     static const char mbtitle[] = "%s Key File Warning";
     static const char message[] =
-	"You are loading an SSH 2 private key which has an\n"
+	"You are loading an SSH-2 private key which has an\n"
 	"old version of the file format. This means your key\n"
 	"file is not fully tamperproof. Future versions of\n"
 	"%s may stop supporting this private key format,\n"

windows/winpgen.c

@@ -425,7 +425,7 @@ void old_keyfile_warning(void)
 {
     static const char mbtitle[] = "PuTTY Key File Warning";
     static const char message[] =
-	"You are loading an SSH 2 private key which has an\n"
+	"You are loading an SSH-2 private key which has an\n"
 	"old version of the file format. This means your key\n"
 	"file is not fully tamperproof. Future versions of\n"
 	"PuTTY may stop supporting this private key format,\n"
@@ -836,9 +836,9 @@ static int CALLBACK MainDlgProc(HWND hwnd, UINT msg,
 	    menu1 = CreateMenu();
 	    AppendMenu(menu1, MF_ENABLED, IDC_GENERATE, "&Generate key pair");
 	    AppendMenu(menu1, MF_SEPARATOR, 0, 0);
-	    AppendMenu(menu1, MF_ENABLED, IDC_KEYSSH1, "SSH&1 key (RSA)");
+	    AppendMenu(menu1, MF_ENABLED, IDC_KEYSSH1, "SSH-&1 key (RSA)");
-	    AppendMenu(menu1, MF_ENABLED, IDC_KEYSSH2RSA, "SSH2 &RSA key");
+	    AppendMenu(menu1, MF_ENABLED, IDC_KEYSSH2RSA, "SSH-2 &RSA key");
-	    AppendMenu(menu1, MF_ENABLED, IDC_KEYSSH2DSA, "SSH2 &DSA key");
+	    AppendMenu(menu1, MF_ENABLED, IDC_KEYSSH2DSA, "SSH-2 &DSA key");
 	    AppendMenu(menu, MF_POPUP | MF_ENABLED, (UINT) menu1, "&Key");
 	    state->keymenu = menu1;
 
@@ -915,9 +915,9 @@ static int CALLBACK MainDlgProc(HWND hwnd, UINT msg,
 	    endbox(&cp);
 	    beginbox(&cp, "Parameters", IDC_BOX_PARAMS);
 	    radioline(&cp, "Type of key to generate:", IDC_TYPESTATIC, 3,
-		      "SSH&1 (RSA)", IDC_KEYSSH1,
+		      "SSH-&1 (RSA)", IDC_KEYSSH1,
-		      "SSH2 &RSA", IDC_KEYSSH2RSA,
+		      "SSH-2 &RSA", IDC_KEYSSH2RSA,
-		      "SSH2 &DSA", IDC_KEYSSH2DSA, NULL);
+		      "SSH-2 &DSA", IDC_KEYSSH2DSA, NULL);
 	    staticedit(&cp, "Number of &bits in a generated key:",
 		       IDC_BITSSTATIC, IDC_BITS, 20);
 	    endbox(&cp);
@@ -1125,7 +1125,7 @@ static int CALLBACK MainDlgProc(HWND hwnd, UINT msg,
                 if (type != realtype &&
                     import_target_type(type) != realtype) {
                     char msg[256];
-                    sprintf(msg, "Cannot export an SSH%d key in an SSH%d"
+                    sprintf(msg, "Cannot export an SSH-%d key in an SSH-%d"
                             " format", (state->ssh2 ? 2 : 1),
                             (state->ssh2 ? 1 : 2));
 		    MessageBox(hwnd, msg,

windows/winpgnt.c

@@ -147,7 +147,7 @@ int random_byte(void)
 }
 
 /*
- * Blob structure for passing to the asymmetric SSH2 key compare
+ * Blob structure for passing to the asymmetric SSH-2 key compare
  * function, prototyped here.
  */
 struct blob {
@@ -321,7 +321,7 @@ void old_keyfile_warning(void)
 {
     static const char mbtitle[] = "PuTTY Key File Warning";
     static const char message[] =
-	"You are loading an SSH 2 private key which has an\n"
+	"You are loading an SSH-2 private key which has an\n"
 	"old version of the file format. This means your key\n"
 	"file is not fully tamperproof. Future versions of\n"
 	"PuTTY may stop supporting this private key format,\n"
@@ -692,7 +692,7 @@ static void add_keyfile(Filename filename)
 }
 
 /*
- * Create an SSH1 key list in a malloc'ed buffer; return its
+ * Create an SSH-1 key list in a malloc'ed buffer; return its
  * length.
  */
 static void *make_keylist1(int *length)
@@ -736,7 +736,7 @@ static void *make_keylist1(int *length)
 }
 
 /*
- * Create an SSH2 key list in a malloc'ed buffer; return its
+ * Create an SSH-2 key list in a malloc'ed buffer; return its
  * length.
  */
 static void *make_keylist2(int *length)
@@ -1246,7 +1246,7 @@ static void answer_msg(void *msg)
 	break;
       case SSH1_AGENTC_REMOVE_ALL_RSA_IDENTITIES:
 	/*
-	 * Remove all SSH1 keys. Always returns success.
+	 * Remove all SSH-1 keys. Always returns success.
 	 */
 	{
 	    struct RSAKey *rkey;
@@ -1264,7 +1264,7 @@ static void answer_msg(void *msg)
 	break;
       case SSH2_AGENTC_REMOVE_ALL_IDENTITIES:
 	/*
-	 * Remove all SSH2 keys. Always returns success.
+	 * Remove all SSH-2 keys. Always returns success.
 	 */
 	{
 	    struct ssh2_userkey *skey;
@@ -1332,7 +1332,7 @@ static int cmpkeys_rsa(void *av, void *bv)
 }
 
 /*
- * Key comparison function for the 2-3-4 tree of SSH2 keys.
+ * Key comparison function for the 2-3-4 tree of SSH-2 keys.
  */
 static int cmpkeys_ssh2(void *av, void *bv)
 {
@@ -1372,7 +1372,7 @@ static int cmpkeys_ssh2(void *av, void *bv)
 
 /*
  * Key comparison function for looking up a blob in the 2-3-4 tree
- * of SSH2 keys.
+ * of SSH-2 keys.
  */
 static int cmpkeys_ssh2_asymm(void *av, void *bv)
 {