diff --git a/src/etc/changelist b/src/etc/changelist
index fd689fe6..afb0cd4c 100644
--- a/src/etc/changelist
+++ b/src/etc/changelist
@@ -1,4 +1,4 @@
-#	$OpenBSD: changelist,v 1.22 2001/10/14 02:17:05 millert Exp $
+#	$OpenBSD: changelist,v 1.23 2002/02/09 17:37:34 deraadt Exp $
 #
 # List of files which the security script backs up and checks
 # for modifications.
@@ -77,14 +77,14 @@
 /etc/shosts.equiv
 /etc/slip.hosts
 /etc/slip.login
-/etc/ssh_config
-+/etc/ssh_host_dsa_key
-/etc/ssh_host_dsa_key.pub
-+/etc/ssh_host_rsa_key
-/etc/ssh_host_rsa_key.pub
-+/etc/ssh_host_key
-/etc/ssh_host_key.pub
-/etc/sshd_config
+/etc/ssh/ssh_config
++/etc/ssh/ssh_host_dsa_key
+/etc/ssh/ssh_host_dsa_key.pub
++/etc/ssh/ssh_host_rsa_key
+/etc/ssh/ssh_host_rsa_key.pub
++/etc/ssh/ssh_host_key
+/etc/ssh/ssh_host_key.pub
+/etc/ssh/sshd_config
 /etc/sudoers
 /etc/syslog.conf
 /etc/sysctl.conf
diff --git a/src/etc/mtree/4.4BSD.dist b/src/etc/mtree/4.4BSD.dist
index 98dbb5f4..945aabd0 100644
--- a/src/etc/mtree/4.4BSD.dist
+++ b/src/etc/mtree/4.4BSD.dist
@@ -1,4 +1,4 @@
-#	$OpenBSD: 4.4BSD.dist,v 1.118 2002/02/07 23:12:33 art Exp $
+#	$OpenBSD: 4.4BSD.dist,v 1.119 2002/02/09 17:37:34 deraadt Exp $
 
 /set type=dir uname=root gname=wheel mode=0755
 # .
@@ -104,6 +104,11 @@ sliphome
 # ./etc/sliphome
 ..
 
+# ./etc/ssh
+ssh
+# ./etc/ssh
+..
+
 # ./etc/ssl
 ssl
 
diff --git a/src/etc/mtree/4.4BSD.root b/src/etc/mtree/4.4BSD.root
index 1e54d45c..4ab9e9d8 100644
--- a/src/etc/mtree/4.4BSD.root
+++ b/src/etc/mtree/4.4BSD.root
@@ -1,4 +1,4 @@
-#	$OpenBSD: 4.4BSD.root,v 1.7 2001/09/21 22:14:03 deraadt Exp $
+#	$OpenBSD: 4.4BSD.root,v 1.8 2002/02/09 17:37:34 deraadt Exp $
 #	$NetBSD: 4.4BSD.root,v 1.2 1996/05/12 23:30:32 thorpej Exp $
 #
 #	   user: bostic
@@ -115,6 +115,12 @@ sliphome        type=dir
 # ./etc/sliphome
 ..
 
+# ./etc/ssh
+/set type=file gname=wheel uname=root mode=0755
+ssh		type=dir
+# ./etc/ssh
+..
+
 # ./etc
 ..
 
diff --git a/src/etc/mtree/special b/src/etc/mtree/special
index 09fab85f..1f9f8d60 100644
--- a/src/etc/mtree/special
+++ b/src/etc/mtree/special
@@ -1,4 +1,4 @@
-#	$OpenBSD: special,v 1.38 2001/09/11 19:03:55 millert Exp $
+#	$OpenBSD: special,v 1.39 2002/02/09 17:37:34 deraadt Exp $
 #	$NetBSD: special,v 1.4 1996/05/08 21:30:18 pk Exp $
 #	@(#)special	8.2 (Berkeley) 1/23/94
 #
@@ -70,6 +70,7 @@ security	type=file mode=0644 uname=root gname=wheel
 shells		type=file mode=0644 uname=root gname=wheel
 skeykeys	type=file mode=0600 uname=root gname=wheel optional
 spwd.db		type=file mode=0600 uname=root gname=wheel
+ssh		type=dir mode=0755 uname=root gname=wheel optional ignore
 ssh_config	type=file mode=0644 uname=root gname=wheel
 ssh_host_dsa_key	type=file mode=0600 uname=root gname=wheel optional
 ssh_host_dsa_key.pub	type=file mode=0644 uname=root gname=wheel optional
@@ -78,6 +79,7 @@ ssh_host_key.pub	type=file mode=0644 uname=root gname=wheel optional
 ssh_host_rsa_key	type=file mode=0600 uname=root gname=wheel optional
 ssh_host_rsa_key.pub	type=file mode=0644 uname=root gname=wheel optional
 sshd_config	type=file mode=0644 uname=root gname=wheel
+..	#ssh
 syslog.conf	type=file mode=0644 uname=root gname=wheel
 ttys		type=file mode=0644 uname=root gname=wheel
 weekly		type=file mode=0644 uname=root gname=wheel
diff --git a/src/etc/rc b/src/etc/rc
index 045f5584..436dadde 100644
--- a/src/etc/rc
+++ b/src/etc/rc
@@ -1,4 +1,4 @@
-#	$OpenBSD: rc,v 1.188 2002/01/08 12:04:43 tholo Exp $
+#	$OpenBSD: rc,v 1.189 2002/02/09 17:37:34 deraadt Exp $
 
 # System startup script run by init on autoboot
 # or after single-user.
@@ -382,25 +382,25 @@ if [ -f /sbin/ldconfig ]; then
 	ldconfig $shlib_dirs
 fi
 
-if [ ! -f /etc/ssh_host_dsa_key ]; then
+if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
 	echo -n "ssh-keygen: generating new DSA host key... "
-	if /usr/bin/ssh-keygen -q -t dsa -f /etc/ssh_host_dsa_key -N ''; then
+	if /usr/bin/ssh-keygen -q -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''; then
 		echo done.
 	else
 		echo failed.
 	fi
 fi
-if [ ! -f /etc/ssh_host_rsa_key ]; then
+if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
 	echo -n "ssh-keygen: generating new RSA host key... "
-	if /usr/bin/ssh-keygen -q -t rsa -f /etc/ssh_host_rsa_key -N ''; then
+	if /usr/bin/ssh-keygen -q -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''; then
 		echo done.
 	else
 		echo failed.
 	fi
 fi
-if [ ! -f /etc/ssh_host_key ]; then
+if [ ! -f /etc/ssh/ssh_host_key ]; then
 	echo -n "ssh-keygen: generating new RSA1 host key... "
-	if /usr/bin/ssh-keygen -q -t rsa1 -f /etc/ssh_host_key -N ''; then
+	if /usr/bin/ssh-keygen -q -t rsa1 -f /etc/ssh/ssh_host_key -N ''; then
 		echo done.
 	else
 		echo failed.