Things which might need doing:

- Make options.h generated from configure perhaps?

- improved queueing of unauthed connections

- fix agent fwd problems (lock when agent request fails)

- improve channel window adjustment algorithm (circular buffering)

- check that there aren't timing issues with valid/invalid user authentication
  feedback.

- Binding to specific addresses, related to ...
- ... IP6 (binding to :: takes over ipv4 as well, sigh. If anyone wants to
  suggest a clean way (ie no V4MAPPED or setsockopt things) please let me know)

- PAM - the synchronous nature makes it ugly

- possible RSA blinding? need to check whether this is vuln to timing attacks
- check PRNG
- CTR mode, SSH_MSG_IGNORE sending to improve CBC security
- DH Group Exchange possibly, or just add group14 (see recent drafts)

- fix scp.c for IRIX