--- a/Makefile	Thu Jul 17 22:09:05 2014 -0700
+++ b/Makefile	Thu Jul 31 16:33:38 2014 -0700
@@ -76,9 +76,9 @@
 		--indent-cases \
 		--indent-namespaces \
 		--break-blocks \
+		--unpad-paren \
 		--pad-oper \
 		--pad-header \
-		--unpad-paren \
 		--delete-empty-lines \
 		--align-pointer=type \
 		--break-closing-brackets \

--- a/TODO	Thu Jul 17 22:09:05 2014 -0700
+++ b/TODO	Thu Jul 31 16:33:38 2014 -0700
@@ -37,6 +37,12 @@
 svn checkout svn://svn.code.sf.net/p/tn5250j/code/branches/new-tabs-jse1.6 tn5250j
 
 ==================================
+
+update com.trilead.ssh2 to ganymed
+svn checkout http://ganymed-ssh-2.googlecode.com/svn/trunk/ ganymed-ssh-2-read-only
+rev 161
+
+==================================
 TODO:
 
 possible merge of irssi?

--- a/assets/help/About.html	Thu Jul 17 22:09:05 2014 -0700
+++ b/assets/help/About.html	Thu Jul 31 16:33:38 2014 -0700
@@ -38,9 +38,32 @@
 </p>
 
 <p>
-Based on the Trilead SSH2 client provided under a BSD-style
-license. Copyright &copy; 2007 Trilead
-AG <a href="http://www.trilead.com">http://www.trilead.com</a>
+Based on the Ganymed SSH2 client provided under a BSD-style
+license. Copyright &copy; 2005 - 2006 Swiss Federal Institute of
+Technology (ETH Zurich), Department of Computer
+Science <a href="http://www.inf.ethz.ch">http://www.inf.ethz.ch</a>,
+Christian Plattner.  Copyright &copy; 2006 - 2013 Christian Plattner.
+<a href="http://code.google.com/p/ganymed-ssh-2/">http://code.google.com/p/ganymed-ssh-2/</a>
+The Java implementations of the AES, Blowfish and 3DES ciphers have been
+taken (and slightly modified) from the cryptography package released by
+"The Legion Of The Bouncy Castle".
+Copyright &copy; 2000 - 2004 The Legion Of The Bouncy Castle
+<a href="http://www.bouncycastle.org">http://www.bouncycastle.org</a>
+The following disclaimer applies:
+</p>
+
+<p>
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
 </p>
 
 <p>

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/ch.ethz.ssh2.LICENSE.txt	Thu Jul 31 16:33:38 2014 -0700
@@ -0,0 +1,87 @@
+Copyright (c) 2006 - 2013 Christian Plattner. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+a.) Redistributions of source code must retain the above copyright
+    notice, this list of conditions and the following disclaimer.
+b.) Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in the
+    documentation and/or other materials provided with the distribution.
+c.) Neither the name of Christian Plattner nor the names of its contributors may
+    be used to endorse or promote products derived from this software
+    without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+
+
+This software includes work that was released under the following license:
+
+Copyright (c) 2005 - 2006 Swiss Federal Institute of Technology (ETH Zurich),
+  Department of Computer Science (http://www.inf.ethz.ch),
+  Christian Plattner. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+a.) Redistributions of source code must retain the above copyright
+    notice, this list of conditions and the following disclaimer.
+b.) Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in the
+    documentation and/or other materials provided with the distribution.
+c.) Neither the name of ETH Zurich nor the names of its contributors may
+    be used to endorse or promote products derived from this software
+    without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+
+
+The Java implementations of the AES, Blowfish and 3DES ciphers have been
+taken (and slightly modified) from the cryptography package released by
+"The Legion Of The Bouncy Castle".
+
+Their license states the following:
+
+Copyright (c) 2000 - 2004 The Legion Of The Bouncy Castle
+(http://www.bouncycastle.org)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE. 
+

--- a/res/layout/act_generatepubkey.xml	Thu Jul 17 22:09:05 2014 -0700
+++ b/res/layout/act_generatepubkey.xml	Thu Jul 31 16:33:38 2014 -0700
@@ -66,8 +66,7 @@
 					android:id="@+id/rsa"
 					android:layout_width="wrap_content"
 					android:layout_height="wrap_content"
-					android:text="RSA"
-					android:paddingRight="30dip" />
+					android:text="RSA" />
 
 				<RadioButton
 					android:id="@+id/dsa"

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/ch/ethz/ssh2/AbstractSFTPClient.java	Thu Jul 31 16:33:38 2014 -0700
@@ -0,0 +1,690 @@
+package ch.ethz.ssh2;
+
+import java.io.BufferedOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.net.SocketException;
+import java.nio.charset.Charset;
+import java.nio.charset.UnsupportedCharsetException;
+import java.util.HashMap;
+import java.util.Map;
+
+import ch.ethz.ssh2.channel.Channel;
+import ch.ethz.ssh2.log.Logger;
+import ch.ethz.ssh2.packets.TypesReader;
+import ch.ethz.ssh2.packets.TypesWriter;
+import ch.ethz.ssh2.sftp.AttribFlags;
+import ch.ethz.ssh2.sftp.ErrorCodes;
+import ch.ethz.ssh2.sftp.Packet;
+import ch.ethz.ssh2.util.StringEncoder;
+
+/**
+ * @version $Id: AbstractSFTPClient.java 151 2014-04-28 10:03:39Z dkocher@sudo.ch $
+ */
+public abstract class AbstractSFTPClient implements SFTPClient {
+
+    private static final Logger log = Logger.getLogger(SFTPv3Client.class);
+
+    private Session sess;
+
+    private InputStream is;
+    private OutputStream os;
+
+    private int next_request_id = 1000;
+
+    private String charset;
+
+    /**
+     * Parallel read requests maximum size.
+     */
+    private static final int DEFAULT_MAX_PARALLELISM = 64;
+
+    /**
+     * Parallel read requests.
+     */
+    private int parallelism = DEFAULT_MAX_PARALLELISM;
+
+    public void setRequestParallelism(int parallelism) {
+        this.parallelism = Math.min(parallelism, DEFAULT_MAX_PARALLELISM);
+    }
+
+    /**
+     * Mapping request ID to request.
+     */
+    private Map<Integer, OutstandingReadRequest> pendingReadQueue
+        = new HashMap<Integer, OutstandingReadRequest>();
+
+    /**
+     * Mapping request ID to request.
+     */
+    private Map<Integer, OutstandingStatusRequest> pendingStatusQueue
+        = new HashMap<Integer, OutstandingStatusRequest>();
+
+    private PacketListener listener;
+
+    protected AbstractSFTPClient(final Connection conn, final int version, final PacketListener listener) throws IOException {
+        this.listener = listener;
+        log.debug("Opening session and starting SFTP subsystem.");
+        sess = conn.openSession();
+        sess.startSubSystem("sftp");
+        is = sess.getStdout();
+        os = new BufferedOutputStream(sess.getStdin(), 2048);
+        init(version);
+    }
+
+    private void init(final int client_version) throws IOException {
+        // Send SSH_FXP_INIT with client version
+        TypesWriter tw = new TypesWriter();
+        tw.writeUINT32(client_version);
+        sendMessage(Packet.SSH_FXP_INIT, 0, tw.getBytes());
+        /* Receive SSH_FXP_VERSION */
+        log.debug("Waiting for SSH_FXP_VERSION...");
+        TypesReader tr = new TypesReader(receiveMessage(34000)); /* Should be enough for any reasonable server */
+        int t = tr.readByte();
+        listener.read(Packet.forName(t));
+
+        if (t != Packet.SSH_FXP_VERSION) {
+            log.warning(String.format("The server did not send a SSH_FXP_VERSION but %d", t));
+            throw new PacketTypeException(t);
+        }
+
+        final int protocol_version = tr.readUINT32();
+        log.debug("SSH_FXP_VERSION: protocol_version = " + protocol_version);
+
+        if (protocol_version != client_version) {
+            throw new IOException(String.format("Server protocol version %d does not match %d",
+                                                protocol_version, client_version));
+        }
+
+        // Both parties should from then on adhere to particular version of the protocol
+
+        // Read and save extensions (if any) for later use
+        while (tr.remain() != 0) {
+            String name = tr.readString();
+            listener.read(name);
+            byte[] value = tr.readByteString();
+            log.debug(String.format("SSH_FXP_VERSION: extension: %s = '%s'", name, StringEncoder.GetString(value)));
+        }
+    }
+
+    /**
+     * Queries the channel state
+     *
+     * @return True if the underlying session is in open state
+     */
+    public boolean isConnected() {
+        return sess.getState() == Channel.STATE_OPEN;
+    }
+
+    /**
+     * Close this SFTP session. NEVER forget to call this method to free up
+     * resources - even if you got an exception from one of the other methods.
+     * Sometimes these other methods may throw an exception, saying that the
+     * underlying channel is closed (this can happen, e.g., if the other server
+     * sent a close message.) However, as long as you have not called the
+     * <code>close()</code> method, you are likely wasting resources.
+     */
+    public void close() {
+        sess.close();
+    }
+
+    /**
+     * Set the charset used to convert between Java Unicode Strings and byte encodings
+     * used by the server for paths and file names.
+     *
+     * @param charset the name of the charset to be used or <code>null</code> to use UTF-8.
+     * @throws java.io.IOException
+     * @see #getCharset()
+     */
+    public void setCharset(String charset) throws IOException {
+        if (charset == null) {
+            this.charset = null;
+            return;
+        }
+
+        try {
+            Charset.forName(charset);
+        }
+        catch (UnsupportedCharsetException e) {
+            throw new IOException("This charset is not supported", e);
+        }
+
+        this.charset = charset;
+    }
+
+    /**
+     * The currently used charset for filename encoding/decoding.
+     *
+     * @return The name of the charset (<code>null</code> if UTF-8 is used).
+     * @see #setCharset(String)
+     */
+    public String getCharset() {
+        return charset;
+    }
+
+    public abstract SFTPFileHandle openFile(String fileName, int flags, SFTPFileAttributes attr) throws IOException;
+
+    public void mkdir(String dirName, int posixPermissions) throws IOException {
+        int req_id = generateNextRequestID();
+        TypesWriter tw = new TypesWriter();
+        tw.writeString(dirName, this.getCharset());
+        tw.writeUINT32(AttribFlags.SSH_FILEXFER_ATTR_PERMISSIONS);
+        tw.writeUINT32(posixPermissions);
+        sendMessage(Packet.SSH_FXP_MKDIR, req_id, tw.getBytes());
+        expectStatusOKMessage(req_id);
+    }
+
+    public void rm(String fileName) throws IOException {
+        int req_id = generateNextRequestID();
+        TypesWriter tw = new TypesWriter();
+        tw.writeString(fileName, this.getCharset());
+        sendMessage(Packet.SSH_FXP_REMOVE, req_id, tw.getBytes());
+        expectStatusOKMessage(req_id);
+    }
+
+    public void rmdir(String dirName) throws IOException {
+        int req_id = generateNextRequestID();
+        TypesWriter tw = new TypesWriter();
+        tw.writeString(dirName, this.getCharset());
+        sendMessage(Packet.SSH_FXP_RMDIR, req_id, tw.getBytes());
+        expectStatusOKMessage(req_id);
+    }
+
+    public void mv(String oldPath, String newPath) throws IOException {
+        int req_id = generateNextRequestID();
+        TypesWriter tw = new TypesWriter();
+        tw.writeString(oldPath, this.getCharset());
+        tw.writeString(newPath, this.getCharset());
+        sendMessage(Packet.SSH_FXP_RENAME, req_id, tw.getBytes());
+        expectStatusOKMessage(req_id);
+    }
+
+    public String readLink(String path) throws IOException {
+        int req_id = generateNextRequestID();
+        TypesWriter tw = new TypesWriter();
+        tw.writeString(path, charset);
+        sendMessage(Packet.SSH_FXP_READLINK, req_id, tw.getBytes());
+        byte[] resp = receiveMessage(34000);
+        TypesReader tr = new TypesReader(resp);
+        int t = tr.readByte();
+        listener.read(Packet.forName(t));
+        int rep_id = tr.readUINT32();
+
+        if (rep_id != req_id) {
+            throw new RequestMismatchException();
+        }
+
+        if (t == Packet.SSH_FXP_NAME) {
+            int count = tr.readUINT32();
+
+            if (count != 1) {
+                throw new PacketTypeException(t);
+            }
+
+            return tr.readString(charset);
+        }
+
+        if (t != Packet.SSH_FXP_STATUS) {
+            throw new PacketTypeException(t);
+        }
+
+        int errorCode = tr.readUINT32();
+        String errorMessage = tr.readString();
+        listener.read(errorMessage);
+        throw new SFTPException(errorMessage, errorCode);
+    }
+
+    public void setstat(String path, SFTPFileAttributes attr) throws IOException {
+        int req_id = generateNextRequestID();
+        TypesWriter tw = new TypesWriter();
+        tw.writeString(path, charset);
+        tw.writeBytes(attr.toBytes());
+        sendMessage(Packet.SSH_FXP_SETSTAT, req_id, tw.getBytes());
+        expectStatusOKMessage(req_id);
+    }
+
+    public void fsetstat(SFTPFileHandle handle, SFTPFileAttributes attr) throws IOException {
+        int req_id = generateNextRequestID();
+        TypesWriter tw = new TypesWriter();
+        tw.writeString(handle.getHandle(), 0, handle.getHandle().length);
+        tw.writeBytes(attr.toBytes());
+        sendMessage(Packet.SSH_FXP_FSETSTAT, req_id, tw.getBytes());
+        expectStatusOKMessage(req_id);
+    }
+
+    public void createSymlink(String src, String target) throws IOException {
+        int req_id = generateNextRequestID();
+        TypesWriter tw = new TypesWriter();
+        tw.writeString(src, charset);
+        tw.writeString(target, charset);
+        sendMessage(Packet.SSH_FXP_SYMLINK, req_id, tw.getBytes());
+        expectStatusOKMessage(req_id);
+    }
+
+    public void createHardlink(String src, String target) throws IOException {
+        int req_id = generateNextRequestID();
+        TypesWriter tw = new TypesWriter();
+        tw.writeString("hardlink@openssh.com", charset);
+        tw.writeString(target, charset);
+        tw.writeString(src, charset);
+        sendMessage(Packet.SSH_FXP_EXTENDED, req_id, tw.getBytes());
+        expectStatusOKMessage(req_id);
+    }
+
+    public String canonicalPath(String path) throws IOException {
+        int req_id = generateNextRequestID();
+        TypesWriter tw = new TypesWriter();
+        tw.writeString(path, charset);
+        sendMessage(Packet.SSH_FXP_REALPATH, req_id, tw.getBytes());
+        byte[] resp = receiveMessage(34000);
+        TypesReader tr = new TypesReader(resp);
+        int t = tr.readByte();
+        listener.read(Packet.forName(t));
+        int rep_id = tr.readUINT32();
+
+        if (rep_id != req_id) {
+            throw new RequestMismatchException();
+        }
+
+        if (t == Packet.SSH_FXP_NAME) {
+            int count = tr.readUINT32();
+
+            if (count != 1) {
+                throw new PacketFormatException("The server sent an invalid SSH_FXP_NAME packet.");
+            }
+
+            final String name = tr.readString(charset);
+            listener.read(name);
+            return name;
+        }
+
+        if (t != Packet.SSH_FXP_STATUS) {
+            throw new PacketTypeException(t);
+        }
+
+        int errorCode = tr.readUINT32();
+        String errorMessage = tr.readString();
+        listener.read(errorMessage);
+        throw new SFTPException(errorMessage, errorCode);
+    }
+
+    private void sendMessage(int type, int requestId, byte[] msg, int off, int len) throws IOException {
+        if (log.isDebugEnabled()) {
+            log.debug(String.format("Send message of type %d with request id %d", type, requestId));
+        }
+
+        listener.write(Packet.forName(type));
+        int msglen = len + 1;
+
+        if (type != Packet.SSH_FXP_INIT) {
+            msglen += 4;
+        }
+
+        os.write(msglen >> 24);
+        os.write(msglen >> 16);
+        os.write(msglen >> 8);
+        os.write(msglen);
+        os.write(type);
+
+        if (type != Packet.SSH_FXP_INIT) {
+            os.write(requestId >> 24);
+            os.write(requestId >> 16);
+            os.write(requestId >> 8);
+            os.write(requestId);
+        }
+
+        os.write(msg, off, len);
+        os.flush();
+    }
+
+    protected void sendMessage(int type, int requestId, byte[] msg) throws IOException {
+        sendMessage(type, requestId, msg, 0, msg.length);
+    }
+
+    private void readBytes(byte[] buff, int pos, int len) throws IOException {
+        while (len > 0) {
+            int count = is.read(buff, pos, len);
+
+            if (count < 0) {
+                throw new SocketException("Unexpected end of stream.");
+            }
+
+            len -= count;
+            pos += count;
+        }
+    }
+
+    /**
+     * Read a message and guarantee that the <b>contents</b> is not larger than
+     * <code>maxlen</code> bytes.
+     * <p/>
+     * Note: receiveMessage(34000) actually means that the message may be up to 34004
+     * bytes (the length attribute preceding the contents is 4 bytes).
+     *
+     * @param maxlen
+     * @return the message contents
+     * @throws IOException
+     */
+    protected byte[] receiveMessage(int maxlen) throws IOException {
+        byte[] msglen = new byte[4];
+        readBytes(msglen, 0, 4);
+        int len = (((msglen[0] & 0xff) << 24) | ((msglen[1] & 0xff) << 16) | ((msglen[2] & 0xff) << 8) | (msglen[3] & 0xff));
+
+        if ((len > maxlen) || (len <= 0)) {
+            throw new PacketFormatException(String.format("Illegal SFTP packet length %d", len));
+        }
+
+        byte[] msg = new byte[len];
+        readBytes(msg, 0, len);
+        return msg;
+    }
+
+    protected int generateNextRequestID() {
+        synchronized (this) {
+            return next_request_id++;
+        }
+    }
+
+    protected void closeHandle(byte[] handle) throws IOException {
+        int req_id = generateNextRequestID();
+        TypesWriter tw = new TypesWriter();
+        tw.writeString(handle, 0, handle.length);
+        sendMessage(Packet.SSH_FXP_CLOSE, req_id, tw.getBytes());
+        expectStatusOKMessage(req_id);
+    }
+
+    private void readStatus() throws IOException {
+        byte[] resp = receiveMessage(34000);
+        TypesReader tr = new TypesReader(resp);
+        int t = tr.readByte();
+        listener.read(Packet.forName(t));
+        // Search the pending queue
+        OutstandingStatusRequest status = pendingStatusQueue.remove(tr.readUINT32());
+
+        if (null == status) {
+            throw new RequestMismatchException();
+        }
+
+        // Evaluate the answer
+        if (t == Packet.SSH_FXP_STATUS) {
+            // In any case, stop sending more packets
+            int code = tr.readUINT32();
+
+            if (log.isDebugEnabled()) {
+                String[] desc = ErrorCodes.getDescription(code);
+                log.debug("Got SSH_FXP_STATUS (" + status.req_id + ") (" + ((desc != null) ? desc[0] : "UNKNOWN") + ")");
+            }
+
+            if (code == ErrorCodes.SSH_FX_OK) {
+                return;
+            }
+
+            String msg = tr.readString();
+            listener.read(msg);
+            throw new SFTPException(msg, code);
+        }
+
+        throw new PacketTypeException(t);
+    }
+
+    private void readPendingReadStatus() throws IOException {
+        byte[] resp = receiveMessage(34000);
+        TypesReader tr = new TypesReader(resp);
+        int t = tr.readByte();
+        listener.read(Packet.forName(t));
+        // Search the pending queue
+        OutstandingReadRequest status = pendingReadQueue.remove(tr.readUINT32());
+
+        if (null == status) {
+            throw new RequestMismatchException();
+        }
+
+        // Evaluate the answer
+        if (t == Packet.SSH_FXP_STATUS) {
+            // In any case, stop sending more packets
+            int code = tr.readUINT32();
+
+            if (log.isDebugEnabled()) {
+                String[] desc = ErrorCodes.getDescription(code);
+                log.debug("Got SSH_FXP_STATUS (" + status.req_id + ") (" + ((desc != null) ? desc[0] : "UNKNOWN") + ")");
+            }
+
+            if (code == ErrorCodes.SSH_FX_OK) {
+                return;
+            }
+
+            if (code == ErrorCodes.SSH_FX_EOF) {
+                return;
+            }
+
+            String msg = tr.readString();
+            listener.read(msg);
+            throw new SFTPException(msg, code);
+        }
+
+        throw new PacketTypeException(t);
+    }
+
+    protected void expectStatusOKMessage(int id) throws IOException {
+        byte[] resp = receiveMessage(34000);
+        TypesReader tr = new TypesReader(resp);
+        int t = tr.readByte();
+        listener.read(Packet.forName(t));
+        int rep_id = tr.readUINT32();
+
+        if (rep_id != id) {
+            throw new RequestMismatchException();
+        }
+
+        if (t != Packet.SSH_FXP_STATUS) {
+            throw new PacketTypeException(t);
+        }
+
+        int errorCode = tr.readUINT32();
+
+        if (errorCode == ErrorCodes.SSH_FX_OK) {
+            return;
+        }
+
+        String errorMessage = tr.readString();
+        listener.read(errorMessage);
+        throw new SFTPException(errorMessage, errorCode);
+    }
+
+    public void closeFile(SFTPFileHandle handle) throws IOException {
+        while (!pendingReadQueue.isEmpty()) {
+            this.readPendingReadStatus();
+        }
+
+        while (!pendingStatusQueue.isEmpty()) {
+            this.readStatus();
+        }
+
+        closeHandle(handle.getHandle());
+    }
+
+    public int read(SFTPFileHandle handle, long fileOffset, byte[] dst, int dstoff, int len) throws IOException {
+        boolean errorOccured = false;
+        int remaining = len * parallelism;
+        //int clientOffset = dstoff;
+        long serverOffset = fileOffset;
+
+        for (OutstandingReadRequest r : pendingReadQueue.values()) {
+            // Server offset should take pending requests into account.
+            serverOffset += r.len;
+        }
+
+        while (true) {
+            // Stop if there was an error and no outstanding request
+            if ((pendingReadQueue.size() == 0) && errorOccured) {
+                break;
+            }
+
+            // Send as many requests as we are allowed to
+            while (pendingReadQueue.size() < parallelism) {
+                if (errorOccured) {
+                    break;
+                }
+
+                // Send the next read request
+                OutstandingReadRequest req = new OutstandingReadRequest();
+                req.req_id = generateNextRequestID();
+                req.serverOffset = serverOffset;
+                req.len = (remaining > len) ? len : remaining;
+                req.buffer = dst;
+                req.dstOffset = dstoff;
+                serverOffset += req.len;
+                //clientOffset += req.len;
+                remaining -= req.len;
+                sendReadRequest(req.req_id, handle, req.serverOffset, req.len);
+                pendingReadQueue.put(req.req_id, req);
+            }
+
+            if (pendingReadQueue.size() == 0) {
+                break;
+            }
+
+            // Receive a single answer
+            byte[] resp = receiveMessage(34000);
+            TypesReader tr = new TypesReader(resp);
+            int t = tr.readByte();
+            listener.read(Packet.forName(t));
+            // Search the pending queue
+            OutstandingReadRequest req = pendingReadQueue.remove(tr.readUINT32());
+
+            if (null == req) {
+                throw new RequestMismatchException();
+            }
+
+            // Evaluate the answer
+            if (t == Packet.SSH_FXP_STATUS) {
+                /* In any case, stop sending more packets */
+                int code = tr.readUINT32();
+                String msg = tr.readString();
+                listener.read(msg);
+
+                if (log.isDebugEnabled()) {
+                    String[] desc = ErrorCodes.getDescription(code);
+                    log.debug("Got SSH_FXP_STATUS (" + req.req_id + ") (" + ((desc != null) ? desc[0] : "UNKNOWN") + ")");
+                }
+
+                // Flag to read all pending requests but don't send any more.
+                errorOccured = true;
+
+                if (pendingReadQueue.isEmpty()) {
+                    if (ErrorCodes.SSH_FX_EOF == code) {
+                        return -1;
+                    }
+
+                    throw new SFTPException(msg, code);
+                }
+            }
+            else if (t == Packet.SSH_FXP_DATA) {
+                // OK, collect data
+                int readLen = tr.readUINT32();
+
+                if ((readLen < 0) || (readLen > req.len)) {
+                    throw new PacketFormatException("The server sent an invalid length field in a SSH_FXP_DATA packet.");
+                }
+
+                if (log.isDebugEnabled()) {
+                    log.debug("Got SSH_FXP_DATA (" + req.req_id + ") " + req.serverOffset + "/" + readLen
+                              + " (requested: " + req.len + ")");
+                }
+
+                // Read bytes into buffer
+                tr.readBytes(req.buffer, req.dstOffset, readLen);
+
+                if (readLen < req.len) {
+                    /* Send this request packet again to request the remaing data in this slot. */
+                    req.req_id = generateNextRequestID();
+                    req.serverOffset += readLen;
+                    req.len -= readLen;
+                    log.debug("Requesting again: " + req.serverOffset + "/" + req.len);
+                    sendReadRequest(req.req_id, handle, req.serverOffset, req.len);
+                    pendingReadQueue.put(req.req_id, req);
+                }
+
+                return readLen;
+            }
+            else {
+                throw new PacketTypeException(t);
+            }
+        }
+
+        // Should never reach here.
+        throw new SFTPException("No EOF reached", -1);
+    }
+
+    private void sendReadRequest(int id, SFTPFileHandle handle, long offset, int len) throws IOException {
+        TypesWriter tw = new TypesWriter();
+        tw.writeString(handle.getHandle(), 0, handle.getHandle().length);
+        tw.writeUINT64(offset);
+        tw.writeUINT32(len);
+        sendMessage(Packet.SSH_FXP_READ, id, tw.getBytes());
+    }
+
+    public void write(SFTPFileHandle handle, long fileOffset, byte[] src, int srcoff, int len) throws IOException {
+        while (len > 0) {
+            int writeRequestLen = len;
+
+            if (writeRequestLen > 32768) {
+                writeRequestLen = 32768;
+            }
+
+            // Send the next write request
+            OutstandingStatusRequest req = new OutstandingStatusRequest();
+            req.req_id = generateNextRequestID();
+            TypesWriter tw = new TypesWriter();
+            tw.writeString(handle.getHandle(), 0, handle.getHandle().length);
+            tw.writeUINT64(fileOffset);
+            tw.writeString(src, srcoff, writeRequestLen);
+            sendMessage(Packet.SSH_FXP_WRITE, req.req_id, tw.getBytes());
+            pendingStatusQueue.put(req.req_id, req);
+
+            // Only read next status if parallelism reached
+            while (pendingStatusQueue.size() >= parallelism) {
+                this.readStatus();
+            }
+
+            fileOffset += writeRequestLen;
+            srcoff += writeRequestLen;
+            len -= writeRequestLen;
+        }
+    }
+
+
+    /**
+     * A read  is divided into multiple requests sent sequentially before
+     * reading any status from the server
+     */
+    private static class OutstandingReadRequest {
+        int req_id;
+        /**
+         * Read offset to request on server starting at the file offset for the first request.
+         */
+        long serverOffset;
+        /**
+         * Length of requested data
+         */
+        int len;
+        /**
+         * Offset in destination buffer
+         */
+        int dstOffset;
+        /**
+         * Temporary buffer
+         */
+        byte[] buffer;
+    }
+
+    /**
+     * A read  is divided into multiple requests sent sequentially before
+     * reading any status from the server
+     */
+    private static final class OutstandingStatusRequest {
+        int req_id;
+    }
+
+}

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/ch/ethz/ssh2/AuthAgentCallback.java	Thu Jul 31 16:33:38 2014 -0700
@@ -0,0 +1,64 @@
+package ch.ethz.ssh2;
+
+import java.security.KeyPair;
+import java.util.Map;
+
+/**
+ * AuthAgentCallback.
+ *
+ * @author Kenny Root
+ * @version $Id$
+ */
+public interface AuthAgentCallback {
+
+    /**
+     * @return array of blobs containing the OpenSSH-format encoded public keys
+     */
+    Map<String, byte[]> retrieveIdentities();
+
+    /**
+     * @param pair A <code>RSAPrivateKey</code> or <code>DSAPrivateKey</code> or <code>ECPrivateKey</code>
+     *            containing a DSA or RSA or EC private key of
+     *            the user in standard java key format.
+     * @param comment comment associated with this key
+     * @param confirmUse whether to prompt before using this key
+     * @param lifetime lifetime in seconds for key to be remembered
+     * @return success or failure
+     */
+    boolean addIdentity(KeyPair pair, String comment, boolean confirmUse, int lifetime);
+
+    /**
+     * @param publicKey byte blob containing the OpenSSH-format encoded public key
+     * @return success or failure
+     */
+    boolean removeIdentity(byte[] publicKey);
+
+    /**
+     * @return success or failure
+     */
+    boolean removeAllIdentities();
+
+    /**
+     * @param publicKey byte blob containing the OpenSSH-format encoded public key
+     * @return A <code>RSAPrivateKey</code> or <code>DSAPrivateKey</code>
+     *         containing a DSA or RSA or EC private key of
+     *         the user in standard java key format.
+     */
+    KeyPair getKeyPair(byte[] publicKey);
+
+    /**
+     * @return
+     */
+    boolean isAgentLocked();
+
+    /**
+     * @param lockPassphrase
+     */
+    boolean setAgentLock(String lockPassphrase);
+
+    /**
+     * @param unlockPassphrase
+     * @return
+     */
+    boolean requestAgentUnlock(String unlockPassphrase);
+}

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/ch/ethz/ssh2/AuthenticationResult.java	Thu Jul 31 16:33:38 2014 -0700
@@ -0,0 +1,21 @@
+
+package ch.ethz.ssh2;
+
+public enum AuthenticationResult {
+
+    /**
+     *
+     */
+    SUCCESS,
+    /**
+     * The authentication request to which this is a response was successful, however, more
+     * authentication requests are needed (multi-method authentication sequence).
+     *
+     * @see ServerAuthenticationCallback#getRemainingAuthMethods(ServerConnection)
+     */
+    PARTIAL_SUCCESS,
+    /**
+     * The server rejected the authentication request.
+     */
+    FAILURE
+}

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/ch/ethz/ssh2/ChannelCondition.java	Thu Jul 31 16:33:38 2014 -0700
@@ -0,0 +1,63 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2;
+
+/**
+ * Contains constants that can be used to specify what conditions to wait for on
+ * a SSH-2 channel (e.g., represented by a {@link Session}).
+ *
+ * @see Session#waitForCondition(int, long)
+ *
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+
+public abstract interface ChannelCondition {
+    /**
+     * A timeout has occurred, none of your requested conditions is fulfilled.
+     * However, other conditions may be true - therefore, NEVER use the "=="
+     * operator to test for this (or any other) condition. Always use
+     * something like <code>((cond &amp; ChannelCondition.CLOSED) != 0)</code>.
+     */
+    public static final int TIMEOUT = 1;
+
+    /**
+     * The underlying SSH-2 channel, however not necessarily the whole connection,
+     * has been closed. This implies <code>EOF</code>. Note that there may still
+     * be unread stdout or stderr data in the local window, i.e, <code>STDOUT_DATA</code>
+     * or/and <code>STDERR_DATA</code> may be set at the same time.
+     */
+    public static final int CLOSED = 2;
+
+    /**
+     * There is stdout data available that is ready to be consumed.
+     */
+    public static final int STDOUT_DATA = 4;
+
+    /**
+     * There is stderr data available that is ready to be consumed.
+     */
+    public static final int STDERR_DATA = 8;
+
+    /**
+     * EOF on has been reached, no more _new_ stdout or stderr data will arrive
+     * from the remote server. However, there may be unread stdout or stderr
+     * data, i.e, <code>STDOUT_DATA</code> or/and <code>STDERR_DATA</code>
+     * may be set at the same time.
+     */
+    public static final int EOF = 16;
+
+    /**
+     * The exit status of the remote process is available.
+     * Some servers never send the exist status, or occasionally "forget" to do so.
+     */
+    public static final int EXIT_STATUS = 32;
+
+    /**
+     * The exit signal of the remote process is available.
+     */
+    public static final int EXIT_SIGNAL = 64;
+
+}

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/ch/ethz/ssh2/Connection.java	Thu Jul 31 16:33:38 2014 -0700
@@ -0,0 +1,1444 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+
+package ch.ethz.ssh2;
+
+import java.io.CharArrayWriter;
+import java.io.File;
+import java.io.FileReader;
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.net.Socket;
+import java.net.SocketTimeoutException;
+import java.security.KeyPair;
+import java.security.SecureRandom;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Set;
+
+import ch.ethz.ssh2.auth.AgentProxy;
+import ch.ethz.ssh2.auth.AuthenticationManager;
+import ch.ethz.ssh2.channel.ChannelManager;
+import ch.ethz.ssh2.compression.CompressionFactory;
+import ch.ethz.ssh2.crypto.CryptoWishList;
+import ch.ethz.ssh2.crypto.cipher.BlockCipherFactory;
+import ch.ethz.ssh2.crypto.digest.MAC;
+import ch.ethz.ssh2.packets.PacketIgnore;
+import ch.ethz.ssh2.transport.ClientTransportManager;
+import ch.ethz.ssh2.transport.HTTPProxyClientTransportManager;
+import ch.ethz.ssh2.transport.KexManager;
+import ch.ethz.ssh2.util.TimeoutService;
+import ch.ethz.ssh2.util.TimeoutService.TimeoutToken;
+
+/**
+ * A <code>Connection</code> is used to establish an encrypted TCP/IP
+ * connection to a SSH-2 server.
+ * <p/>
+ * Typically, one
+ * <ol>
+ * <li>creates a {@link #Connection(String) Connection} object.</li>
+ * <li>calls the {@link #connect() connect()} method.</li>
+ * <li>calls some of the authentication methods (e.g., {@link #authenticateWithPublicKey(String, File, String) authenticateWithPublicKey()}).</li>
+ * <li>calls one or several times the {@link #openSession() openSession()} method.</li>
+ * <li>finally, one must close the connection and release resources with the {@link #close() close()} method.</li>
+ * </ol>
+ *
+ * @author Christian Plattner
+ * @version $Id: Connection.java 160 2014-05-01 14:30:26Z dkocher@sudo.ch $
+ */
+
+public class Connection {
+    /**
+     * The identifier presented to the SSH-2 server. This is the same
+     * as the "softwareversion" defined in RFC 4253.
+     * <p/>
+     * <b>NOTE: As per the RFC, the "softwareversion" string MUST consist of printable
+     * US-ASCII characters, with the exception of whitespace characters and the minus sign (-).</b>
+     */
+    private String softwareversion
+        = String.format("Ganymed_%s", Version.getSpecification());
+
+    /* Will be used to generate all random data needed for the current connection.
+     * Note: SecureRandom.nextBytes() is thread safe.
+     */
+
+    private SecureRandom generator;
+
+    /**
+     * Unless you know what you are doing, you will never need this.
+     *
+     * @return The list of supported cipher algorithms by this implementation.
+     */
+
+    public static synchronized String[] getAvailableCiphers() {
+        return BlockCipherFactory.getDefaultCipherList();
+    }
+
+    /**
+     * Unless you know what you are doing, you will never need this.
+     *
+     * @return The list of supported MAC algorthims by this implementation.
+     */
+
+    public static synchronized String[] getAvailableMACs() {
+        return MAC.getMacList();
+    }
+
+    /**
+     * Unless you know what you are doing, you will never need this.
+     *
+     * @return The list of supported server host key algorthims by this implementation.
+     */
+
+    public static synchronized String[] getAvailableServerHostKeyAlgorithms() {
+        return KexManager.getDefaultServerHostkeyAlgorithmList();
+    }
+
+    private AuthenticationManager am;
+
+    private boolean authenticated;
+    private ChannelManager cm;
+
+    private CryptoWishList cryptoWishList
+        = new CryptoWishList();
+
+    private DHGexParameters dhgexpara
+        = new DHGexParameters();
+
+    private final String hostname;
+
+    private final int port;
+
+    private ClientTransportManager tm;
+
+    private boolean tcpNoDelay = false;
+
+    private HTTPProxyData proxy;
+
+    private List<ConnectionMonitor> connectionMonitors
+        = new ArrayList<ConnectionMonitor>();
+
+    /**
+     * Prepares a fresh <code>Connection</code> object which can then be used
+     * to establish a connection to the specified SSH-2 server.
+     * <p/>
+     * Same as {@link #Connection(String, int) Connection(hostname, 22)}.
+     *
+     * @param hostname the hostname of the SSH-2 server.
+     */
+    public Connection(String hostname) {
+        this(hostname, 22);
+    }
+
+    /**
+     * Prepares a fresh <code>Connection</code> object which can then be used
+     * to establish a connection to the specified SSH-2 server.
+     *
+     * @param hostname the host where we later want to connect to.
+     * @param port     port on the server, normally 22.
+     */
+    public Connection(String hostname, int port) {
+        this.hostname = hostname;
+        this.port = port;
+    }
+
+    /**
+     * Prepares a fresh <code>Connection</code> object which can then be used
+     * to establish a connection to the specified SSH-2 server.
+     *
+     * @param hostname        the host where we later want to connect to.
+     * @param port            port on the server, normally 22.
+     * @param softwareversion Allows you to set a custom "softwareversion" string as defined in RFC 4253.
+     *                        <b>NOTE: As per the RFC, the "softwareversion" string MUST consist of printable
+     *                        US-ASCII characters, with the exception of whitespace characters and the minus sign (-).</b>
+     */
+    public Connection(String hostname, int port, String softwareversion) {
+        this.hostname = hostname;
+        this.port = port;
+        this.softwareversion = softwareversion;
+    }
+
+    public Connection(String hostname, int port, final HTTPProxyData proxy) {
+        this.hostname = hostname;
+        this.port = port;
+        this.proxy = proxy;
+    }
+
+    public Connection(String hostname, int port, String softwareversion, final HTTPProxyData proxy) {
+        this.hostname = hostname;
+        this.port = port;
+        this.softwareversion = softwareversion;
+        this.proxy = proxy;
+    }
+
+    /**
+     * After a successful connect, one has to authenticate oneself. This method
+     * is based on DSA (it uses DSA to sign a challenge sent by the server).
+     * <p/>
+     * If the authentication phase is complete, <code>true</code> will be
+     * returned. If the server does not accept the request (or if further
+     * authentication steps are needed), <code>false</code> is returned and
+     * one can retry either by using this or any other authentication method
+     * (use the <code>getRemainingAuthMethods</code> method to get a list of
+     * the remaining possible methods).
+     *
+     * @param user     A <code>String</code> holding the username.
+     * @param pem      A <code>String</code> containing the DSA private key of the
+     *                 user in OpenSSH key format (PEM, you can't miss the
+     *                 "-----BEGIN DSA PRIVATE KEY-----" tag). The string may contain
+     *                 linefeeds.
+     * @param password If the PEM string is 3DES encrypted ("DES-EDE3-CBC"), then you
+     *                 must specify the password. Otherwise, this argument will be
+     *                 ignored and can be set to <code>null</code>.
+     * @return whether the connection is now authenticated.
+     * @throws IOException
+     * @deprecated You should use one of the {@link #authenticateWithPublicKey(String, File, String) authenticateWithPublicKey()}
+     * methods, this method is just a wrapper for it and will
+     * disappear in future builds.
+     */
+    @Deprecated
+
+    public synchronized boolean authenticateWithDSA(String user, String pem, String password) throws IOException {
+        if (tm == null) {
+            throw new IllegalStateException("Connection is not established!");
+        }
+
+        if (authenticated) {
+            throw new IllegalStateException("Connection is already authenticated!");
+        }
+
+        if (am == null) {
+            am = new AuthenticationManager(tm);
+        }
+
+        if (cm == null) {
+            cm = new ChannelManager(tm);
+        }
+
+        if (user == null) {
+            throw new IllegalArgumentException("user argument is null");
+        }
+
+        if (pem == null) {
+            throw new IllegalArgumentException("pem argument is null");
+        }
+
+        authenticated = am.authenticatePublicKey(user, pem.toCharArray(), password, getOrCreateSecureRND());
+        return authenticated;
+    }
+
+    /**
+     * A wrapper that calls {@link #authenticateWithKeyboardInteractive(String, String[], InteractiveCallback)
+     * authenticateWithKeyboardInteractivewith} a <code>null</code> submethod list.
+     *
+     * @param user A <code>String</code> holding the username.
+     * @param cb   An <code>InteractiveCallback</code> which will be used to
+     *             determine the responses to the questions asked by the server.
+     * @return whether the connection is now authenticated.
+     * @throws IOException
+     */
+
+    public synchronized boolean authenticateWithKeyboardInteractive(String user, InteractiveCallback cb)
+    throws IOException {
+        return authenticateWithKeyboardInteractive(user, null, cb);
+    }
+
+    /**
+     * After a successful connect, one has to authenticate oneself. This method
+     * is based on "keyboard-interactive", specified in
+     * draft-ietf-secsh-auth-kbdinteract-XX. Basically, you have to define a
+     * callback object which will be feeded with challenges generated by the
+     * server. Answers are then sent back to the server. It is possible that the
+     * callback will be called several times during the invocation of this
+     * method (e.g., if the server replies to the callback's answer(s) with
+     * another challenge...)
+     * <p/>
+     * If the authentication phase is complete, <code>true</code> will be
+     * returned. If the server does not accept the request (or if further
+     * authentication steps are needed), <code>false</code> is returned and
+     * one can retry either by using this or any other authentication method
+     * (use the <code>getRemainingAuthMethods</code> method to get a list of
+     * the remaining possible methods).
+     * <p/>
+     * Note: some SSH servers advertise "keyboard-interactive", however, any
+     * interactive request will be denied (without having sent any challenge to
+     * the client).
+     *
+     * @param user       A <code>String</code> holding the username.
+     * @param submethods An array of submethod names, see
+     *                   draft-ietf-secsh-auth-kbdinteract-XX. May be <code>null</code>
+     *                   to indicate an empty list.
+     * @param cb         An <code>InteractiveCallback</code> which will be used to
+     *                   determine the responses to the questions asked by the server.
+     * @return whether the connection is now authenticated.
+     * @throws IOException
+     */
+
+    public synchronized boolean authenticateWithKeyboardInteractive(String user, String[] submethods,
+            InteractiveCallback cb) throws IOException {
+        if (cb == null) {
+            throw new IllegalArgumentException("Callback may not ne NULL!");
+        }
+
+        if (tm == null) {
+            throw new IllegalStateException("Connection is not established!");
+        }
+
+        if (authenticated) {
+            throw new IllegalStateException("Connection is already authenticated!");
+        }
+
+        if (am == null) {
+            am = new AuthenticationManager(tm);
+        }
+
+        if (cm == null) {
+            cm = new ChannelManager(tm);
+        }
+
+        if (user == null) {
+            throw new IllegalArgumentException("user argument is null");
+        }
+
+        authenticated = am.authenticateInteractive(user, submethods, cb);
+        return authenticated;
+    }
+
+    public synchronized boolean authenticateWithAgent(String user, AgentProxy proxy) throws IOException {
+        if (tm == null) {
+            throw new IllegalStateException("Connection is not established!");
+        }
+
+        if (authenticated) {
+            throw new IllegalStateException("Connection is already authenticated!");
+        }
+
+        if (am == null) {
+            am = new AuthenticationManager(tm);
+        }
+
+        if (cm == null) {
+            cm = new ChannelManager(tm);
+        }
+
+        if (user == null) {
+            throw new IllegalArgumentException("user argument is null");
+        }
+
+        authenticated = am.authenticatePublicKey(user, proxy);
+        return authenticated;
+    }
+
+    /**
+     * After a successful connect, one has to authenticate oneself. This method
+     * sends username and password to the server.
+     * <p/>
+     * If the authentication phase is complete, <code>true</code> will be
+     * returned. If the server does not accept the request (or if further
+     * authentication steps are needed), <code>false</code> is returned and
+     * one can retry either by using this or any other authentication method
+     * (use the <code>getRemainingAuthMethods</code> method to get a list of
+     * the remaining possible methods).
+     * <p/>
+     * Note: if this method fails, then please double-check that it is actually
+     * offered by the server (use {@link #getRemainingAuthMethods(String) getRemainingAuthMethods()}.
+     * <p/>
+     * Often, password authentication is disabled, but users are not aware of it.
+     * Many servers only offer "publickey" and "keyboard-interactive". However,
+     * even though "keyboard-interactive" *feels* like password authentication
+     * (e.g., when using the putty or openssh clients) it is *not* the same mechanism.
+     *
+     * @param user
+     * @param password
+     * @return if the connection is now authenticated.
+     * @throws IOException
+     */
+
+    public synchronized boolean authenticateWithPassword(String user, String password) throws IOException {
+        if (tm == null) {
+            throw new IllegalStateException("Connection is not established!");
+        }
+
+        if (authenticated) {
+            throw new IllegalStateException("Connection is already authenticated!");
+        }
+
+        if (am == null) {
+            am = new AuthenticationManager(tm);
+        }
+
+        if (cm == null) {
+            cm = new ChannelManager(tm);
+        }
+
+        if (user == null) {
+            throw new IllegalArgumentException("user argument is null");
+        }
+
+        if (password == null) {
+            throw new IllegalArgumentException("password argument is null");
+        }
+
+        authenticated = am.authenticatePassword(user, password);
+        return authenticated;
+    }
+
+    /**
+     * After a successful connect, one has to authenticate oneself.
+     * This method can be used to explicitly use the special "none"
+     * authentication method (where only a username has to be specified).
+     * <p/>
+     * Note 1: The "none" method may always be tried by clients, however as by
+     * the specs, the server will not explicitly announce it. In other words,
+     * the "none" token will never show up in the list returned by
+     * {@link #getRemainingAuthMethods(String)}.
+     * <p/>
+     * Note 2: no matter which one of the authenticateWithXXX() methods
+     * you call, the library will always issue exactly one initial "none"
+     * authentication request to retrieve the initially allowed list of
+     * authentication methods by the server. Please read RFC 4252 for the
+     * details.
+     * <p/>
+     * If the authentication phase is complete, <code>true</code> will be
+     * returned. If further authentication steps are needed, <code>false</code>
+     * is returned and one can retry by any other authentication method
+     * (use the <code>getRemainingAuthMethods</code> method to get a list of
+     * the remaining possible methods).
+     *
+     * @param user
+     * @return if the connection is now authenticated.
+     * @throws IOException
+     */
+
+    public synchronized boolean authenticateWithNone(String user) throws IOException {
+        if (tm == null) {
+            throw new IllegalStateException("Connection is not established!");
+        }
+
+        if (authenticated) {
+            throw new IllegalStateException("Connection is already authenticated!");
+        }
+
+        if (am == null) {
+            am = new AuthenticationManager(tm);
+        }
+
+        if (cm == null) {
+            cm = new ChannelManager(tm);
+        }
+
+        if (user == null) {
+            throw new IllegalArgumentException("user argument is null");
+        }
+
+        /* Trigger the sending of the PacketUserauthRequestNone packet */
+        /* (if not already done)                                       */
+        authenticated = am.authenticateNone(user);
+        return authenticated;
+    }
+
+    /**
+     * After a successful connect, one has to authenticate oneself.
+     * The authentication method "publickey" works by signing a challenge
+     * sent by the server. The signature is either DSA or RSA based - it
+     * just depends on the type of private key you specify, either a DSA
+     * or RSA private key in PEM format. And yes, this is may seem to be a
+     * little confusing, the method is called "publickey" in the SSH-2 protocol
+     * specification, however since we need to generate a signature, you
+     * actually have to supply a private key =).
+     * <p/>
+     * The private key contained in the PEM file may also be encrypted ("Proc-Type: 4,ENCRYPTED").
+     * The library supports DES-CBC and DES-EDE3-CBC encryption, as well
+     * as the more exotic PEM encrpytions AES-128-CBC, AES-192-CBC and AES-256-CBC.
+     * <p/>
+     * If the authentication phase is complete, <code>true</code> will be
+     * returned. If the server does not accept the request (or if further
+     * authentication steps are needed), <code>false</code> is returned and
+     * one can retry either by using this or any other authentication method
+     * (use the <code>getRemainingAuthMethods</code> method to get a list of
+     * the remaining possible methods).
+     * <p/>
+     * NOTE PUTTY USERS: Event though your key file may start with "-----BEGIN..."
+     * it is not in the expected format. You have to convert it to the OpenSSH
+     * key format by using the "puttygen" tool (can be downloaded from the Putty
+     * website). Simply load your key and then use the "Conversions/Export OpenSSH key"
+     * functionality to get a proper PEM file.
+     *
+     * @param user          A <code>String</code> holding the username.
+     * @param pemPrivateKey A <code>char[]</code> containing a DSA or RSA private key of the
+     *                      user in OpenSSH key format (PEM, you can't miss the
+     *                      "-----BEGIN DSA PRIVATE KEY-----" or "-----BEGIN RSA PRIVATE KEY-----"
+     *                      tag). The char array may contain linebreaks/linefeeds.
+     * @param password      If the PEM structure is encrypted ("Proc-Type: 4,ENCRYPTED") then
+     *                      you must specify a password. Otherwise, this argument will be ignored
+     *                      and can be set to <code>null</code>.
+     * @return whether the connection is now authenticated.
+     * @throws IOException
+     */
+
+    public synchronized boolean authenticateWithPublicKey(String user, char[] pemPrivateKey, String password)
+    throws IOException {
+        if (tm == null) {
+            throw new IllegalStateException("Connection is not established!");
+        }
+
+        if (authenticated) {
+            throw new IllegalStateException("Connection is already authenticated!");
+        }
+
+        if (am == null) {
+            am = new AuthenticationManager(tm);
+        }
+
+        if (cm == null) {
+            cm = new ChannelManager(tm);
+        }
+
+        if (user == null) {
+            throw new IllegalArgumentException("user argument is null");
+        }
+
+        if (pemPrivateKey == null) {
+            throw new IllegalArgumentException("pemPrivateKey argument is null");
+        }
+
+        authenticated = am.authenticatePublicKey(user, pemPrivateKey, password, getOrCreateSecureRND());
+        return authenticated;
+    }
+
+    /**
+     * After a successful connect, one has to authenticate oneself. The
+     * authentication method "publickey" works by signing a challenge sent by
+     * the server. The signature is either DSA or RSA based - it just depends on
+     * the type of private key you specify, either a DSA or RSA private key in
+     * PEM format. And yes, this is may seem to be a little confusing, the
+     * method is called "publickey" in the SSH-2 protocol specification, however
+     * since we need to generate a signature, you actually have to supply a
+     * private key =).
+     * <p>
+     * If the authentication phase is complete, <code>true</code> will be
+     * returned. If the server does not accept the request (or if further
+     * authentication steps are needed), <code>false</code> is returned and
+     * one can retry either by using this or any other authentication method
+     * (use the <code>getRemainingAuthMethods</code> method to get a list of
+     * the remaining possible methods).
+     *
+     * @param user
+     *            A <code>String</code> holding the username.
+     * @param pair
+     *            A <code>RSAPrivateKey</code> or <code>DSAPrivateKey</code>
+     *            containing a DSA or RSA private key of
+     *            the user in Trilead object format.
+     *
+     * @return whether the connection is now authenticated.
+     * @throws IOException
+     */
+
+    public synchronized boolean authenticateWithPublicKey(String user, KeyPair pair)
+    throws IOException {
+        if (tm == null)
+            throw new IllegalStateException("Connection is not established!");
+
+        if (authenticated)
+            throw new IllegalStateException("Connection is already authenticated!");
+
+        if (am == null)
+            am = new AuthenticationManager(tm);
+
+        if (cm == null)
+            cm = new ChannelManager(tm);
+
+        if (user == null)
+            throw new IllegalArgumentException("user argument is null");
+
+        if (pair == null)
+            throw new IllegalArgumentException("Key pair argument is null");
+
+        authenticated = am.authenticatePublicKey(user, pair, getOrCreateSecureRND());
+        return authenticated;
+    }
+
+    /**
+     * A convenience wrapper function which reads in a private key (PEM format, either DSA or RSA)
+     * and then calls <code>authenticateWithPublicKey(String, char[], String)</code>.
+     * <p/>
+     * NOTE PUTTY USERS: Event though your key file may start with "-----BEGIN..."
+     * it is not in the expected format. You have to convert it to the OpenSSH
+     * key format by using the "puttygen" tool (can be downloaded from the Putty
+     * website). Simply load your key and then use the "Conversions/Export OpenSSH key"
+     * functionality to get a proper PEM file.
+     *
+     * @param user     A <code>String</code> holding the username.
+     * @param pemFile  A <code>File</code> object pointing to a file containing a DSA or RSA
+     *                 private key of the user in OpenSSH key format (PEM, you can't miss the
+     *                 "-----BEGIN DSA PRIVATE KEY-----" or "-----BEGIN RSA PRIVATE KEY-----"
+     *                 tag).
+     * @param password If the PEM file is encrypted then you must specify the password.
+     *                 Otherwise, this argument will be ignored and can be set to <code>null</code>.
+     * @return whether the connection is now authenticated.
+     * @throws IOException
+     */
+
+    public synchronized boolean authenticateWithPublicKey(String user, File pemFile, String password)
+    throws IOException {
+        if (pemFile == null) {
+            throw new IllegalArgumentException("pemFile argument is null");
+        }
+
+        char[] buff = new char[256];
+        CharArrayWriter cw = new CharArrayWriter();
+        FileReader fr = new FileReader(pemFile);
+
+        while (true) {
+            int len = fr.read(buff);
+
+            if (len < 0) {
+                break;
+            }
+
+            cw.write(buff, 0, len);
+        }
+
+        fr.close();
+        return authenticateWithPublicKey(user, cw.toCharArray(), password);
+    }
+
+    /**
+     * Add a {@link ConnectionMonitor} to this connection. Can be invoked at any time,
+     * but it is best to add connection monitors before invoking
+     * <code>connect()</code> to avoid glitches (e.g., you add a connection monitor after
+     * a successful connect(), but the connection has died in the mean time. Then,
+     * your connection monitor won't be notified.)
+     * <p/>
+     * You can add as many monitors as you like. If a monitor has already been added, then
+     * this method does nothing.
+     *
+     * @param cmon An object implementing the {@link ConnectionMonitor} interface.
+     * @see ConnectionMonitor
+     */
+
+    public synchronized void addConnectionMonitor(ConnectionMonitor cmon) {
+        if (!connectionMonitors.contains(cmon)) {
+            connectionMonitors.add(cmon);
+
+            if (tm != null) {
+                tm.setConnectionMonitors(connectionMonitors);
+            }
+        }
+    }
+
+    /**
+     * Remove a {@link ConnectionMonitor} from this connection.
+     *
+     * @param cmon
+     * @return whether the monitor could be removed
+     */
+
+    public synchronized boolean removeConnectionMonitor(ConnectionMonitor cmon) {
+        boolean existed = connectionMonitors.remove(cmon);
+
+        if (tm != null) {
+            tm.setConnectionMonitors(connectionMonitors);
+        }
+
+        return existed;
+    }
+
+    /**
+     * Controls whether compression is used on the link or not.
+     * <p>
+     * Note: This can only be called before connect()
+     * @param enabled whether to enable compression
+     * @throws IOException
+     */
+
+    public synchronized void setCompression(boolean enabled) throws IOException {
+        if (tm != null)
+            throw new IOException("Connection to " + hostname + " is already in connected state!");
+
+        if (enabled) enableCompression();
+        else         disableCompression();
+    }
+
+    /**
+     * Close the connection to the SSH-2 server. All assigned sessions will be
+     * closed, too. Can be called at any time. Don't forget to call this once
+     * you don't need a connection anymore - otherwise the receiver thread may
+     * run forever.
+     */
+
+    public synchronized void close() {
+        Throwable t = new Throwable("Closed due to user request.");
+        close(t, false);
+    }
+
+    public synchronized void close(Throwable t, boolean hard) {
+        if (cm != null) {
+            cm.closeAllChannels();
+        }
+
+        if (tm != null) {
+            tm.close(t, hard == false);
+            tm = null;
+        }
+
+        am = null;
+        cm = null;
+        authenticated = false;
+    }
+
+    /**
+     * Same as {@link #connect(ServerHostKeyVerifier, int, int) connect(null, 0, 0)}.
+     *
+     * @return see comments for the {@link #connect(ServerHostKeyVerifier, int, int) connect(ServerHostKeyVerifier, int, int)} method.
+     * @throws IOException
+     */
+
+    public synchronized ConnectionInfo connect() throws IOException {
+        return connect(null, 0, 0);
+    }
+
+    /**
+     * Same as {@link #connect(ServerHostKeyVerifier, int, int) connect(verifier, 0, 0)}.
+     *
+     * @return see comments for the {@link #connect(ServerHostKeyVerifier, int, int) connect(ServerHostKeyVerifier, int, int)} method.
+     * @throws IOException
+     */
+
+    public synchronized ConnectionInfo connect(ServerHostKeyVerifier verifier) throws IOException {
+        return connect(verifier, 0, 0);
+    }
+
+    /**
+     * Connect to the SSH-2 server and, as soon as the server has presented its
+     * host key, use the {@link ServerHostKeyVerifier#verifyServerHostKey(String,
+     * int, String, byte[]) ServerHostKeyVerifier.verifyServerHostKey()}
+     * method of the <code>verifier</code> to ask for permission to proceed.
+     * If <code>verifier</code> is <code>null</code>, then any host key will be
+     * accepted - this is NOT recommended, since it makes man-in-the-middle attackes
+     * VERY easy (somebody could put a proxy SSH server between you and the real server).
+     * <p/>
+     * Note: The verifier will be called before doing any crypto calculations
+     * (i.e., diffie-hellman). Therefore, if you don't like the presented host key then
+     * no CPU cycles are wasted (and the evil server has less information about us).
+     * <p/>
+     * However, it is still possible that the server presented a fake host key: the server
+     * cheated (typically a sign for a man-in-the-middle attack) and is not able to generate
+     * a signature that matches its host key. Don't worry, the library will detect such
+     * a scenario later when checking the signature (the signature cannot be checked before
+     * having completed the diffie-hellman exchange).
+     * <p/>
+     * Note 2: The  {@link ServerHostKeyVerifier#verifyServerHostKey(String,
+     * int, String, byte[]) ServerHostKeyVerifier.verifyServerHostKey()} method
+     * will *NOT* be called from the current thread, the call is being made from a
+     * background thread (there is a background dispatcher thread for every
+     * established connection).
+     * <p/>
+     * Note 3: This method will block as long as the key exchange of the underlying connection
+     * has not been completed (and you have not specified any timeouts).
+     * <p/>
+     * Note 4: If you want to re-use a connection object that was successfully connected,
+     * then you must call the {@link #close()} method before invoking <code>connect()</code> again.
+     *
+     * @param verifier       An object that implements the
+     *                       {@link ServerHostKeyVerifier} interface. Pass <code>null</code>
+     *                       to accept any server host key - NOT recommended.
+     * @param connectTimeout Connect the underlying TCP socket to the server with the given timeout
+     *                       value (non-negative, in milliseconds). Zero means no timeout.
+     * @param kexTimeout     Timeout for complete connection establishment (non-negative,
+     *                       in milliseconds). Zero means no timeout. The timeout counts from the
+     *                       moment you invoke the connect() method and is cancelled as soon as the
+     *                       first key-exchange round has finished. It is possible that
+     *                       the timeout event will be fired during the invocation of the
+     *                       <code>verifier</code> callback, but it will only have an effect after
+     *                       the <code>verifier</code> returns.
+     * @return A {@link ConnectionInfo} object containing the details of
+     * the established connection.
+     * @throws IOException If any problem occurs, e.g., the server's host key is not
+     *                     accepted by the <code>verifier</code> or there is problem during
+     *                     the initial crypto setup (e.g., the signature sent by the server is wrong).
+     *                     <p/>
+     *                     In case of a timeout (either connectTimeout or kexTimeout)
+     *                     a SocketTimeoutException is thrown.
+     *                     <p/>
+     *                     An exception may also be thrown if the connection was already successfully
+     *                     connected (no matter if the connection broke in the mean time) and you invoke
+     *                     <code>connect()</code> again without having called {@link #close()} first.
+     *                     <p/>
+     *                     If a HTTP proxy is being used and the proxy refuses the connection,
+     *                     then a {@link HTTPProxyException} may be thrown, which
+     *                     contains the details returned by the proxy. If the proxy is buggy and does
+     *                     not return a proper HTTP response, then a normal IOException is thrown instead.
+     */
+
+    public synchronized ConnectionInfo connect(ServerHostKeyVerifier verifier, int connectTimeout, int kexTimeout)
+    throws IOException {
+        final class TimeoutState {
+            boolean isCancelled = false;
+            boolean timeoutSocketClosed = false;
+        }
+
+        if (tm != null) {
+            throw new IllegalStateException(String.format("Connection to %s is already in connected state", hostname));
+        }
+
+        if (connectTimeout < 0) {
+            throw new IllegalArgumentException("connectTimeout must be non-negative!");
+        }
+
+        if (kexTimeout < 0) {
+            throw new IllegalArgumentException("kexTimeout must be non-negative!");
+        }
+
+        final TimeoutState state = new TimeoutState();
+
+        if (null == proxy) {
+            tm = new ClientTransportManager(new Socket());
+        }
+        else {
+            tm = new HTTPProxyClientTransportManager(new Socket(), proxy);
+        }
+
+        tm.setSoTimeout(connectTimeout);
+        tm.setTcpNoDelay(tcpNoDelay);
+        tm.setConnectionMonitors(connectionMonitors);
+
+        try {
+            TimeoutToken token = null;
+
+            if (kexTimeout > 0) {
+                final Runnable timeoutHandler = new Runnable() {
+                    public void run() {
+                        synchronized (state) {
+                            if (state.isCancelled) {
+                                return;
+                            }
+
+                            state.timeoutSocketClosed = true;
+                            tm.close(new SocketTimeoutException("The connect timeout expired"), false);
+                        }
+                    }
+                };
+                long timeoutHorizont = System.currentTimeMillis() + kexTimeout;
+                token = TimeoutService.addTimeoutHandler(timeoutHorizont, timeoutHandler);
+            }
+
+            tm.connect(hostname, port, softwareversion, cryptoWishList, verifier, dhgexpara, connectTimeout,
+                       getOrCreateSecureRND());
+            /* Wait until first KEX has finished */
+            ConnectionInfo ci = tm.getConnectionInfo(1);
+
+            /* Now try to cancel the timeout, if needed */
+
+            if (token != null) {
+                TimeoutService.cancelTimeoutHandler(token);
+
+                /* Were we too late? */
+
+                synchronized (state) {
+                    if (state.timeoutSocketClosed) {
+                        throw new IOException("This exception will be replaced by the one below =)");
+                    }
+
+                    /* Just in case the "cancelTimeoutHandler" invocation came just a little bit
+                     * too late but the handler did not enter the semaphore yet - we can
+                     * still stop it.
+                     */
+                    state.isCancelled = true;
+                }
+            }
+
+            return ci;
+        }
+        catch (SocketTimeoutException e) {
+            throw e;
+        }
+        catch (HTTPProxyException e) {
+            throw e;
+        }
+        catch (IOException e) {
+            // This will also invoke any registered connection monitors
+            close(e, false);
+
+            synchronized (state) {
+                /* Show a clean exception, not something like "the socket is closed!?!" */
+                if (state.timeoutSocketClosed) {
+                    throw new SocketTimeoutException(String.format("The kexTimeout (%d ms) expired.", kexTimeout));
+                }
+            }
+
+            throw e;
+        }
+    }
+
+    /**
+     * Creates a new {@link LocalPortForwarder}.
+     * A <code>LocalPortForwarder</code> forwards TCP/IP connections that arrive at a local
+     * port via the secure tunnel to another host (which may or may not be
+     * identical to the remote SSH-2 server).
+     * <p/>
+     * This method must only be called after one has passed successfully the authentication step.
+     * There is no limit on the number of concurrent forwardings.
+     *
+     * @param local_port      the local port the LocalPortForwarder shall bind to.
+     * @param host_to_connect target address (IP or hostname)
+     * @param port_to_connect target port
+     * @return A {@link LocalPortForwarder} object.
+     * @throws IOException
+     */
+
+    public synchronized LocalPortForwarder createLocalPortForwarder(int local_port, String host_to_connect,
+            int port_to_connect) throws IOException {
+        this.checkConnection();
+        return new LocalPortForwarder(cm, local_port, host_to_connect, port_to_connect);
+    }
+
+    /**
+     * Creates a new {@link LocalPortForwarder}.
+     * A <code>LocalPortForwarder</code> forwards TCP/IP connections that arrive at a local
+     * port via the secure tunnel to another host (which may or may not be
+     * identical to the remote SSH-2 server).
+     * <p/>
+     * This method must only be called after one has passed successfully the authentication step.
+     * There is no limit on the number of concurrent forwardings.
+     *
+     * @param addr            specifies the InetSocketAddress where the local socket shall be bound to.
+     * @param host_to_connect target address (IP or hostname)
+     * @param port_to_connect target port
+     * @return A {@link LocalPortForwarder} object.
+     * @throws IOException
+     */
+
+    public synchronized LocalPortForwarder createLocalPortForwarder(InetSocketAddress addr, String host_to_connect,
+            int port_to_connect) throws IOException {
+        this.checkConnection();
+        return new LocalPortForwarder(cm, addr, host_to_connect, port_to_connect);
+    }
+
+    /**
+     * Creates a new {@link LocalStreamForwarder}.
+     * A <code>LocalStreamForwarder</code> manages an Input/Outputstream pair
+     * that is being forwarded via the secure tunnel into a TCP/IP connection to another host
+     * (which may or may not be identical to the remote SSH-2 server).
+     *
+     * @param host_to_connect
+     * @param port_to_connect
+     * @return A {@link LocalStreamForwarder} object.
+     * @throws IOException
+     */
+
+    public synchronized LocalStreamForwarder createLocalStreamForwarder(String host_to_connect, int port_to_connect)
+    throws IOException {
+        this.checkConnection();
+        return new LocalStreamForwarder(cm, host_to_connect, port_to_connect);
+    }
+
+    /**
+     * Creates a new {@link DynamicPortForwarder}. A
+     * <code>DynamicPortForwarder</code> forwards TCP/IP connections that arrive
+     * at a local port via the secure tunnel to another host that is chosen via
+     * the SOCKS protocol.
+     * <p>
+     * This method must only be called after one has passed successfully the
+     * authentication step. There is no limit on the number of concurrent
+     * forwardings.
+     *
+     * @param local_port
+     * @return A {@link DynamicPortForwarder} object.
+     * @throws IOException
+     */
+
+    public synchronized DynamicPortForwarder createDynamicPortForwarder(int local_port) throws IOException {
+        if (tm == null)
+            throw new IllegalStateException("Cannot forward ports, you need to establish a connection first.");
+
+        if (!authenticated)
+            throw new IllegalStateException("Cannot forward ports, connection is not authenticated.");
+
+        return new DynamicPortForwarder(cm, local_port);
+    }
+
+    /**
+     * Creates a new {@link DynamicPortForwarder}. A
+     * <code>DynamicPortForwarder</code> forwards TCP/IP connections that arrive
+     * at a local port via the secure tunnel to another host that is chosen via
+     * the SOCKS protocol.
+     * <p>
+     * This method must only be called after one has passed successfully the
+     * authentication step. There is no limit on the number of concurrent
+     * forwardings.
+     *
+     * @param addr
+     *            specifies the InetSocketAddress where the local socket shall
+     *            be bound to.
+     * @return A {@link DynamicPortForwarder} object.
+     * @throws IOException
+     */
+
+    public synchronized DynamicPortForwarder createDynamicPortForwarder(InetSocketAddress addr) throws IOException {
+        if (tm == null)
+            throw new IllegalStateException("Cannot forward ports, you need to establish a connection first.");
+
+        if (!authenticated)
+            throw new IllegalStateException("Cannot forward ports, connection is not authenticated.");
+
+        return new DynamicPortForwarder(cm, addr);
+    }
+
+    /**
+     * Create a very basic {@link SCPClient} that can be used to copy
+     * files from/to the SSH-2 server.
+     * <p/>
+     * Works only after one has passed successfully the authentication step.
+     * There is no limit on the number of concurrent SCP clients.
+     * <p/>
+     * Note: This factory method will probably disappear in the future.
+     *
+     * @return A {@link SCPClient} object.
+     * @throws IOException
+     */
+
+    public synchronized SCPClient createSCPClient() throws IOException {
+        this.checkConnection();
+        return new SCPClient(this);
+    }
+
+    /**
+     * Force an asynchronous key re-exchange (the call does not block). The
+     * latest values set for MAC, Cipher and DH group exchange parameters will
+     * be used. If a key exchange is currently in progress, then this method has
+     * the only effect that the so far specified parameters will be used for the
+     * next (server driven) key exchange.
+     * <p/>
+     * Note: This implementation will never start a key exchange (other than the initial one)
+     * unless you or the SSH-2 server ask for it.
+     *
+     * @throws IOException In case of any failure behind the scenes.
+     */
+
+    public synchronized void forceKeyExchange() throws IOException {
+        this.checkConnection();
+        tm.forceKeyExchange(cryptoWishList, dhgexpara, null, null, null);
+    }
+
+    /**
+     * Returns the hostname that was passed to the constructor.
+     *
+     * @return the hostname
+     */
+
+    public synchronized String getHostname() {
+        return hostname;
+    }
+
+    /**
+     * Returns the port that was passed to the constructor.
+     *
+     * @return the TCP port
+     */
+
+    public synchronized int getPort() {
+        return port;
+    }
+
+    /**
+     * Returns a {@link ConnectionInfo} object containing the details of
+     * the connection. Can be called as soon as the connection has been
+     * established (successfully connected).
+     *
+     * @return A {@link ConnectionInfo} object.
+     * @throws IOException In case of any failure behind the scenes.
+     */
+
+    public synchronized ConnectionInfo getConnectionInfo() throws IOException {
+        this.checkConnection();
+        return tm.getConnectionInfo(1);
+    }
+
+    /**
+     * After a successful connect, one has to authenticate oneself. This method
+     * can be used to tell which authentication methods are supported by the
+     * server at a certain stage of the authentication process (for the given
+     * username).
+     * <p/>
+     * Note 1: the username will only be used if no authentication step was done
+     * so far (it will be used to ask the server for a list of possible
+     * authentication methods by sending the initial "none" request). Otherwise,
+     * this method ignores the user name and returns a cached method list
+     * (which is based on the information contained in the last negative server response).
+     * <p/>
+     * Note 2: the server may return method names that are not supported by this
+     * implementation.
+     * <p/>
+     * After a successful authentication, this method must not be called
+     * anymore.
+     *
+     * @param user A <code>String</code> holding the username.
+     * @return a (possibly emtpy) array holding authentication method names.
+     * @throws IOException
+     */
+
+    public synchronized String[] getRemainingAuthMethods(String user) throws IOException {
+        if (user == null) {
+            throw new IllegalArgumentException("user argument may not be NULL!");
+        }
+
+        if (tm == null) {
+            throw new IllegalStateException("Connection is not established!");
+        }
+
+        if (authenticated) {
+            throw new IllegalStateException("Connection is already authenticated!");
+        }
+
+        if (am == null) {
+            am = new AuthenticationManager(tm);
+        }
+
+        if (cm == null) {
+            cm = new ChannelManager(tm);
+        }
+
+        final Set<String> remainingMethods = am.getRemainingMethods(user);
+        return remainingMethods.toArray(new String[remainingMethods.size()]);
+    }
+
+    /**
+     * Determines if the authentication phase is complete. Can be called at any
+     * time.
+     *
+     * @return <code>true</code> if no further authentication steps are
+     * needed.
+     */
+
+    public synchronized boolean isAuthenticationComplete() {
+        return authenticated;
+    }
+
+    /**
+     * Returns true if there was at least one failed authentication request and
+     * the last failed authentication request was marked with "partial success"
+     * by the server. This is only needed in the rare case of SSH-2 server setups
+     * that cannot be satisfied with a single successful authentication request
+     * (i.e., multiple authentication steps are needed.)
+     * <p/>
+     * If you are interested in the details, then have a look at RFC4252.
+     *
+     * @return if the there was a failed authentication step and the last one
+     * was marked as a "partial success".
+     */
+
+    public synchronized boolean isAuthenticationPartialSuccess() {
+        if (am == null) {
+            return false;
+        }
+
+        return am.getPartialSuccess();
+    }
+
+    /**
+     * Checks if a specified authentication method is available. This method is
+     * actually just a wrapper for {@link #getRemainingAuthMethods(String)
+     * getRemainingAuthMethods()}.
+     *
+     * @param user   A <code>String</code> holding the username.
+     * @param method An authentication method name (e.g., "publickey", "password",
+     *               "keyboard-interactive") as specified by the SSH-2 standard.
+     * @return if the specified authentication method is currently available.
+     * @throws IOException
+     */
+
+    public synchronized boolean isAuthMethodAvailable(String user, String method) throws IOException {
+        String methods[] = getRemainingAuthMethods(user);
+
+        for (final String m : methods) {
+            if (m.compareTo(method) == 0) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    private SecureRandom getOrCreateSecureRND() {
+        if (generator == null) {
+            generator = new SecureRandom();
+        }
+
+        return generator;
+    }
+
+    /**
+     * Open a new {@link Session} on this connection. Works only after one has passed
+     * successfully the authentication step. There is no limit on the number of
+     * concurrent sessions.
+     *
+     * @return A {@link Session} object.
+     * @throws IOException
+     */
+
+    public synchronized Session openSession() throws IOException {
+        this.checkConnection();
+        return new Session(cm, getOrCreateSecureRND());
+    }
+
+    /**
+     * Send an SSH_MSG_IGNORE packet. This method will generate a random data attribute
+     * (length between 0 (invlusive) and 16 (exclusive) bytes, contents are random bytes).
+     * <p/>
+     * This method must only be called once the connection is established.
+     *
+     * @throws IOException
+     */
+
+    public synchronized void sendIgnorePacket() throws IOException {
+        SecureRandom rnd = getOrCreateSecureRND();
+        byte[] data = new byte[rnd.nextInt(16)];
+        rnd.nextBytes(data);
+        sendIgnorePacket(data);
+    }
+
+    /**
+     * Send an SSH_MSG_IGNORE packet with the given data attribute.
+     * <p/>
+     * This method must only be called once the connection is established.
+     *
+     * @throws IOException
+     */
+
+    public synchronized void sendIgnorePacket(byte[] data) throws IOException {
+        this.checkConnection();
+        PacketIgnore pi = new PacketIgnore(data);
+        tm.sendMessage(pi.getPayload());
+    }
+
+    /**
+     * Controls whether compression is used on the link or not.
+     */
+
+    public synchronized void setCompression(String[] algorithms) {
+        CompressionFactory.checkCompressorList(algorithms);
+        cryptoWishList.c2s_comp_algos = algorithms;
+    }
+
+    public synchronized void enableCompression() {
+        cryptoWishList.c2s_comp_algos = CompressionFactory.getDefaultCompressorList();
+        cryptoWishList.s2c_comp_algos = CompressionFactory.getDefaultCompressorList();
+    }
+
+    public synchronized void disableCompression() {
+        cryptoWishList.c2s_comp_algos = new String[] {"none"};
+        cryptoWishList.s2c_comp_algos = new String[] {"none"};
+    }
+
+    /**
+     * Unless you know what you are doing, you will never need this.
+     */
+
+    public synchronized void setClient2ServerCiphers(final String[] ciphers) {
+        if ((ciphers == null) || (ciphers.length == 0)) {
+            throw new IllegalArgumentException();
+        }
+
+        BlockCipherFactory.checkCipherList(ciphers);
+        cryptoWishList.c2s_enc_algos = ciphers;
+    }
+
+    /**
+     * Unless you know what you are doing, you will never need this.
+     */
+
+    public synchronized void setClient2ServerMACs(final String[] macs) {
+        MAC.checkMacList(macs);
+        cryptoWishList.c2s_mac_algos = macs;
+    }
+
+    /**
+     * Sets the parameters for the diffie-hellman group exchange. Unless you
+     * know what you are doing, you will never need this. Default values are
+     * defined in the {@link DHGexParameters} class.
+     *
+     * @param dgp {@link DHGexParameters}, non null.
+     */
+
+    public synchronized void setDHGexParameters(DHGexParameters dgp) {
+        if (dgp == null) {
+            throw new IllegalArgumentException();
+        }
+
+        dhgexpara = dgp;
+    }
+
+    /**
+     * Unless you know what you are doing, you will never need this.
+     */
+
+    public synchronized void setServer2ClientCiphers(final String[] ciphers) {
+        BlockCipherFactory.checkCipherList(ciphers);
+        cryptoWishList.s2c_enc_algos = ciphers;
+    }
+
+    /**
+     * Unless you know what you are doing, you will never need this.
+     */
+
+    public synchronized void setServer2ClientMACs(final String[] macs) {
+        MAC.checkMacList(macs);
+        cryptoWishList.s2c_mac_algos = macs;
+    }
+
+    /**
+     * Define the set of allowed server host key algorithms to be used for
+     * the following key exchange operations.
+     * <p/>
+     * Unless you know what you are doing, you will never need this.
+     *
+     * @param algos An array of allowed server host key algorithms.
+     *              SSH-2 defines <code>ssh-dss</code> and <code>ssh-rsa</code>.
+     *              The entries of the array must be ordered after preference, i.e.,
+     *              the entry at index 0 is the most preferred one. You must specify
+     *              at least one entry.
+     */
+
+    public synchronized void setServerHostKeyAlgorithms(final String[] algos) {
+        KexManager.checkServerHostkeyAlgorithmsList(algos);
+        cryptoWishList.serverHostKeyAlgorithms = algos;
+    }
+
+    /**
+     * Enable/disable TCP_NODELAY (disable/enable Nagle's algorithm) on the underlying socket.
+     * <p/>
+     * Can be called at any time. If the connection has not yet been established
+     * then the passed value will be stored and set after the socket has been set up.
+     * The default value that will be used is <code>false</code>.
+     *
+     * @param enable the argument passed to the <code>Socket.setTCPNoDelay()</code> method.
+     * @throws IOException
+     */
+
+    public synchronized void setTCPNoDelay(boolean enable) throws IOException {
+        tcpNoDelay = enable;
+
+        if (tm != null) {
+            tm.setTcpNoDelay(enable);
+        }
+    }
+
+    /**
+     * Used to tell the library that the connection shall be established through
+     * a proxy server. It only makes sense to call this method before calling
+     * the {@link #connect() connect()} method.
+     * <p>
+     * At the moment, only HTTP proxies are supported.
+     * <p>
+     * Note: This method can be called any number of times. The
+     * {@link #connect() connect()} method will use the value set in the last
+     * preceding invocation of this method.
+     *
+     * @see HTTPProxyData
+     *
+     * @param proxy
+     *            Connection information about the proxy. If <code>null</code>,
+     *            then no proxy will be used (non surprisingly, this is also the
+     *            default).
+     */
+
+    public synchronized void setProxyData(HTTPProxyData proxy) {
+        this.proxy = proxy;
+    }
+
+    /**
+     * Request a remote port forwarding.
+     * If successful, then forwarded connections will be redirected to the given target address.
+     * You can cancle a requested remote port forwarding by calling
+     * {@link #cancelRemotePortForwarding(int) cancelRemotePortForwarding()}.
+     * <p/>
+     * A call of this method will block until the peer either agreed or disagreed to your request-
+     * <p/>
+     * Note 1: this method typically fails if you
+     * <ul>
+     * <li>pass a port number for which the used remote user has not enough permissions (i.e., port
+     * &lt; 1024)</li>
+     * <li>or pass a port number that is already in use on the remote server</li>
+     * <li>or if remote port forwarding is disabled on the server.</li>
+     * </ul>
+     * <p/>
+     * Note 2: (from the openssh man page): By default, the listening socket on the server will be
+     * bound to the loopback interface only. This may be overriden by specifying a bind address.
+     * Specifying a remote bind address will only succeed if the server's <b>GatewayPorts</b> option
+     * is enabled (see sshd_config(5)).
+     *
+     * @param bindAddress   address to bind to on the server:
+     *                      <ul>
+     *                      <li>"" means that connections are to be accepted on all protocol families
+     *                      supported by the SSH implementation</li>
+     *                      <li>"0.0.0.0" means to listen on all IPv4 addresses</li>
+     *                      <li>"::" means to listen on all IPv6 addresses</li>
+     *                      <li>"localhost" means to listen on all protocol families supported by the SSH
+     *                      implementation on loopback addresses only, [RFC3330] and RFC3513]</li>
+     *                      <li>"127.0.0.1" and "::1" indicate listening on the loopback interfaces for
+     *                      IPv4 and IPv6 respectively</li>
+     *                      </ul>
+     * @param bindPort      port number to bind on the server (must be &gt; 0)
+     * @param targetAddress the target address (IP or hostname)
+     * @param targetPort    the target port
+     * @throws IOException
+     */
+
+    public synchronized void requestRemotePortForwarding(String bindAddress, int bindPort, String targetAddress,
+            int targetPort) throws IOException {
+        this.checkConnection();
+
+        if ((bindAddress == null) || (targetAddress == null) || (bindPort <= 0) || (targetPort <= 0)) {
+            throw new IllegalArgumentException();
+        }
+
+        cm.requestGlobalForward(bindAddress, bindPort, targetAddress, targetPort);
+    }
+
+    /**
+     * Cancel an earlier requested remote port forwarding.
+     * Currently active forwardings will not be affected (e.g., disrupted).
+     * Note that further connection forwarding requests may be received until
+     * this method has returned.
+     *
+     * @param bindPort the allocated port number on the server
+     * @throws IOException if the remote side refuses the cancel request or another low
+     *                     level error occurs (e.g., the underlying connection is closed)
+     */
+
+    public synchronized void cancelRemotePortForwarding(int bindPort) throws IOException {
+        this.checkConnection();
+        cm.requestCancelGlobalForward(bindPort);
+    }
+
+    /**
+     * Provide your own instance of SecureRandom. Can be used, e.g., if you
+     * want to seed the used SecureRandom generator manually.
+     * <p/>
+     * The SecureRandom instance is used during key exchanges, public key authentication,
+     * x11 cookie generation and the like.
+     *
+     * @param rnd a SecureRandom instance
+     */
+
+    public synchronized void setSecureRandom(SecureRandom rnd) {
+        if (rnd == null) {
+            throw new IllegalArgumentException();
+        }
+
+        this.generator = rnd;
+    }
+
+    private void checkConnection() throws IllegalStateException {
+        if (tm == null) {
+            throw new IllegalStateException("You need to establish a connection first.");
+        }
+
+        if (!authenticated) {
+            throw new IllegalStateException("The connection is not authenticated.");
+        }
+    }
+}

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/ch/ethz/ssh2/ConnectionInfo.java	Thu Jul 31 16:33:38 2014 -0700
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2;
+
+/**
+ * In most cases you probably do not need the information contained in here.
+ *
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class ConnectionInfo {
+    /**
+     * The used key exchange (KEX) algorithm in the latest key exchange.
+     */
+    public String keyExchangeAlgorithm;
+
+    /**
+     * The currently used crypto algorithm for packets from to the client to the
+     * server.
+     */
+    public String clientToServerCryptoAlgorithm;
+    /**
+     * The currently used crypto algorithm for packets from to the server to the
+     * client.
+     */
+    public String serverToClientCryptoAlgorithm;
+
+    /**
+     * The currently used MAC algorithm for packets from to the client to the
+     * server.
+     */
+    public String clientToServerMACAlgorithm;
+    /**
+     * The currently used MAC algorithm for packets from to the server to the
+     * client.
+     */
+    public String serverToClientMACAlgorithm;
+
+    /**
+     * The type of the server host key (currently either "ssh-dss" or
+     * "ssh-rsa").
+     */
+    public String serverHostKeyAlgorithm;
+
+    /**
+     * The server host key that was sent during the latest key exchange.
+     */
+    public byte[] serverHostKey;
+
+    /**
+     * Number of kex exchanges performed on this connection so far.
+     */
+    public int keyExchangeCounter = 0;
+}

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/ch/ethz/ssh2/ConnectionMonitor.java	Thu Jul 31 16:33:38 2014 -0700
@@ -0,0 +1,36 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2;
+
+/**
+ * A <code>ConnectionMonitor</code> is used to get notified when the
+ * underlying socket of a connection is closed.
+ *
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+
+public interface ConnectionMonitor {
+    /**
+     * This method is called after the connection's underlying
+     * socket has been closed. E.g., due to the {@link Connection#close()} request of the
+     * user, if the peer closed the connection, due to a fatal error during connect()
+     * (also if the socket cannot be established) or if a fatal error occured on
+     * an established connection.
+     * <p>
+     * This is an experimental feature.
+     * <p>
+     * You MUST NOT make any assumption about the thread that invokes this method.
+     * <p>
+     * <b>Please note: if the connection is not connected (e.g., there was no successful
+     * connect() call), then the invocation of {@link Connection#close()} will NOT trigger
+     * this method.</b>
+     *
+     * @see Connection#addConnectionMonitor(ConnectionMonitor)
+     *
+     * @param reason Includes an indication why the socket was closed.
+     */
+    public void connectionLost(Throwable reason);
+}
\ No newline at end of file

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/ch/ethz/ssh2/DHGexParameters.java	Thu Jul 31 16:33:38 2014 -0700
@@ -0,0 +1,117 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2;
+
+/**
+ * A <code>DHGexParameters</code> object can be used to specify parameters for
+ * the diffie-hellman group exchange.
+ * <p>
+ * Depending on which constructor is used, either the use of a
+ * <code>SSH_MSG_KEX_DH_GEX_REQUEST</code> or <code>SSH_MSG_KEX_DH_GEX_REQUEST_OLD</code>
+ * can be forced.
+ *
+ * @see Connection#setDHGexParameters(DHGexParameters)
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+
+public class DHGexParameters {
+    private final int min_group_len;
+    private final int pref_group_len;
+    private final int max_group_len;
+
+    private static final int MIN_ALLOWED = 1024;
+    private static final int MAX_ALLOWED = 8192;
+
+    /**
+     * Same as calling {@link #DHGexParameters(int, int, int) DHGexParameters(1024, 1024, 4096)}.
+     * This is also the default used by the Connection class.
+     *
+     */
+    public DHGexParameters() {
+        this(1024, 1024, 4096);
+    }
+
+    /**
+     * This constructor can be used to force the sending of a
+     * <code>SSH_MSG_KEX_DH_GEX_REQUEST_OLD</code> request.
+     * Internally, the minimum and maximum group lengths will
+     * be set to zero.
+     *
+     * @param pref_group_len has to be &gt= 1024 and &lt;= 8192
+     */
+    public DHGexParameters(int pref_group_len) {
+        if ((pref_group_len < MIN_ALLOWED) || (pref_group_len > MAX_ALLOWED))
+            throw new IllegalArgumentException("pref_group_len out of range!");
+
+        this.pref_group_len = pref_group_len;
+        this.min_group_len = 0;
+        this.max_group_len = 0;
+    }
+
+    /**
+     * This constructor can be used to force the sending of a
+     * <code>SSH_MSG_KEX_DH_GEX_REQUEST</code> request.
+     * <p>
+     * Note: older OpenSSH servers don't understand this request, in which
+     * case you should use the {@link #DHGexParameters(int)} constructor.
+     * <p>
+     * All values have to be &gt= 1024 and &lt;= 8192. Furthermore,
+     * min_group_len &lt;= pref_group_len &lt;= max_group_len.
+     *
+     * @param min_group_len
+     * @param pref_group_len
+     * @param max_group_len
+     */
+    public DHGexParameters(int min_group_len, int pref_group_len, int max_group_len) {
+        if ((min_group_len < MIN_ALLOWED) || (min_group_len > MAX_ALLOWED))
+            throw new IllegalArgumentException("min_group_len out of range!");
+
+        if ((pref_group_len < MIN_ALLOWED) || (pref_group_len > MAX_ALLOWED))
+            throw new IllegalArgumentException("pref_group_len out of range!");
+
+        if ((max_group_len < MIN_ALLOWED) || (max_group_len > MAX_ALLOWED))
+            throw new IllegalArgumentException("max_group_len out of range!");
+
+        if ((pref_group_len < min_group_len) || (pref_group_len > max_group_len))
+            throw new IllegalArgumentException("pref_group_len is incompatible with min and max!");
+
+        if (max_group_len < min_group_len)
+            throw new IllegalArgumentException("max_group_len must not be smaller than min_group_len!");
+
+        this.min_group_len = min_group_len;
+        this.pref_group_len = pref_group_len;
+        this.max_group_len = max_group_len;
+    }
+
+    /**
+     * Get the maximum group length.
+     *
+     * @return the maximum group length, may be <code>zero</code> if
+     *         SSH_MSG_KEX_DH_GEX_REQUEST_OLD should be requested
+     */
+    public int getMax_group_len() {
+        return max_group_len;
+    }
+
+    /**
+     * Get the minimum group length.
+     *
+     * @return minimum group length, may be <code>zero</code> if
+     *         SSH_MSG_KEX_DH_GEX_REQUEST_OLD should be requested
+     */
+    public int getMin_group_len() {
+        return min_group_len;
+    }
+
+    /**
+     * Get the preferred group length.
+     *
+     * @return the preferred group length
+     */
+    public int getPref_group_len() {
+        return pref_group_len;
+    }
+}

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/ch/ethz/ssh2/DynamicPortForwarder.java	Thu Jul 31 16:33:38 2014 -0700
@@ -0,0 +1,63 @@
+/*
+ * ConnectBot: simple, powerful, open-source SSH client for Android
+ * Copyright 2007 Kenny Root, Jeffrey Sharkey
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package ch.ethz.ssh2;
+
+import java.io.IOException;
+import java.net.InetSocketAddress;
+
+import ch.ethz.ssh2.channel.ChannelManager;
+import ch.ethz.ssh2.channel.DynamicAcceptThread;
+
+/**
+ * A <code>DynamicPortForwarder</code> forwards TCP/IP connections to a local
+ * port via the secure tunnel to another host which is selected via the
+ * SOCKS protocol. Checkout {@link Connection#createDynamicPortForwarder(int)}
+ * on how to create one.
+ *
+ * @author Kenny Root
+ * @version $Id: $
+ */
+public class DynamicPortForwarder {
+    ChannelManager cm;
+
+    DynamicAcceptThread dat;
+
+    DynamicPortForwarder(ChannelManager cm, int local_port)
+    throws IOException {
+        this.cm = cm;
+        dat = new DynamicAcceptThread(cm, local_port);
+        dat.setDaemon(true);
+        dat.start();
+    }
+
+    DynamicPortForwarder(ChannelManager cm, InetSocketAddress addr) throws IOException {
+        this.cm = cm;
+        dat = new DynamicAcceptThread(cm, addr);
+        dat.setDaemon(true);
+        dat.start();
+    }
+
+    /**
+     * Stop TCP/IP forwarding of newly arriving connections.
+     *
+     * @throws IOException
+     */
+    public void close() throws IOException {
+        dat.stopWorking();
+    }
+}

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/ch/ethz/ssh2/HTTPProxyData.java	Thu Jul 31 16:33:38 2014 -0700
@@ -0,0 +1,82 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2;
+
+/**
+ * A <code>HTTPProxyData</code> object is used to specify the needed connection data
+ * to connect through a HTTP proxy.
+ *
+ * @see Connection#setProxyData(ProxyData)
+ *
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+
+public class HTTPProxyData implements ProxyData {
+    public final String proxyHost;
+    public final int proxyPort;
+    public final String proxyUser;
+    public final String proxyPass;
+    public final String[] requestHeaderLines;
+
+    /**
+     * Same as calling {@link #HTTPProxyData(String, int, String, String) HTTPProxyData(proxyHost, proxyPort, <code>null</code>, <code>null</code>)}
+     *
+     * @param proxyHost Proxy hostname.
+     * @param proxyPort Proxy port.
+     */
+    public HTTPProxyData(String proxyHost, int proxyPort) {
+        this(proxyHost, proxyPort, null, null);
+    }
+
+    /**
+     * Same as calling {@link #HTTPProxyData(String, int, String, String, String[]) HTTPProxyData(proxyHost, proxyPort, <code>null</code>, <code>null</code>, <code>null</code>)}
+     *
+     * @param proxyHost Proxy hostname.
+     * @param proxyPort Proxy port.
+     * @param proxyUser Username for basic authentication (<code>null</code> if no authentication is needed).
+     * @param proxyPass Password for basic authentication (<code>null</code> if no authentication is needed).
+     */
+    public HTTPProxyData(String proxyHost, int proxyPort, String proxyUser, String proxyPass) {
+        this(proxyHost, proxyPort, proxyUser, proxyPass, null);
+    }
+
+    /**
+     * Connection data for a HTTP proxy. It is possible to specify a username and password
+     * if the proxy requires basic authentication. Also, additional request header lines can
+     * be specified (e.g., "User-Agent: CERN-LineMode/2.15 libwww/2.17b3").
+     * <p>
+     * Please note: if you want to use basic authentication, then both <code>proxyUser</code>
+     * and <code>proxyPass</code> must be non-null.
+     * <p>
+     * Here is an example:
+     * <p>
+     * <code>
+     * new HTTPProxyData("192.168.1.1", "3128", "proxyuser", "secret", new String[] {"User-Agent: GanymedBasedClient/1.0", "X-My-Proxy-Option: something"});
+     * </code>
+     *
+     * @param proxyHost Proxy hostname.
+     * @param proxyPort Proxy port.
+     * @param proxyUser Username for basic authentication (<code>null</code> if no authentication is needed).
+     * @param proxyPass Password for basic authentication (<code>null</code> if no authentication is needed).
+     * @param requestHeaderLines An array with additional request header lines (without end-of-line markers)
+     *        that have to be sent to the server. May be <code>null</code>.
+     */
+
+    public HTTPProxyData(String proxyHost, int proxyPort, String proxyUser, String proxyPass,
+                         String[] requestHeaderLines) {
+        if (proxyHost == null)
+            throw new IllegalArgumentException("proxyHost must be non-null");
+
+        if (proxyPort < 0)
+            throw new IllegalArgumentException("proxyPort must be non-negative");
+
+        this.proxyHost = proxyHost;
+        this.proxyPort = proxyPort;
+        this.proxyUser = proxyUser;
+        this.proxyPass = proxyPass;
+        this.requestHeaderLines = requestHeaderLines;
+    }
+}