summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBen Lindstrom <mouring@eviladmin.org>2002-06-09 20:04:02 +0000
committerBen Lindstrom <mouring@eviladmin.org>2002-06-09 20:04:02 +0000
commit4daea86fd45a588acdb1036f8458e88dccffcdd3 (patch)
tree367f4ac6f277efd2cc1197db6e39a6153d8f3b57
parenta20715788dc44ed629e4320d7e9af4e285a559ab (diff)
- markus@cvs.openbsd.org 2002/06/08 05:17:01
[readconf.c readconf.h ssh.1 ssh.c] deprecate FallBackToRsh and UseRsh; patch from djm@
-rw-r--r--ChangeLog5
-rw-r--r--readconf.c36
-rw-r--r--readconf.h4
-rw-r--r--ssh.136
-rw-r--r--ssh.c74
5 files changed, 23 insertions, 132 deletions
diff --git a/ChangeLog b/ChangeLog
index d2250d37..cdc48612 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,9 @@
- markus@cvs.openbsd.org 2002/06/08 05:07:09
[ssh-keysign.c]
only accept 20 byte session ids
+ - markus@cvs.openbsd.org 2002/06/08 05:17:01
+ [readconf.c readconf.h ssh.1 ssh.c]
+ deprecate FallBackToRsh and UseRsh; patch from djm@
20020607
- (bal) Removed --{enable/disable}-suid-ssh
@@ -837,4 +840,4 @@
- (stevesk) entropy.c: typo in debug message
- (djm) ssh-keygen -i needs seeded RNG; report from markus@
-$Id: ChangeLog,v 1.2190 2002/06/09 20:01:48 mouring Exp $
+$Id: ChangeLog,v 1.2191 2002/06/09 20:04:02 mouring Exp $
diff --git a/readconf.c b/readconf.c
index 7920ac86..c32a225e 100644
--- a/readconf.c
+++ b/readconf.c
@@ -12,7 +12,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.95 2002/02/04 12:15:25 markus Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.96 2002/06/08 05:17:01 markus Exp $");
#include "ssh.h"
#include "xmalloc.h"
@@ -41,7 +41,7 @@ RCSID("$OpenBSD: readconf.c,v 1.95 2002/02/04 12:15:25 markus Exp $");
# that they are given in.
Host *.ngs.fi ngs.fi
- FallBackToRsh no
+ User foo
Host fake.com
HostName another.host.name.real.org
@@ -65,7 +65,7 @@ RCSID("$OpenBSD: readconf.c,v 1.95 2002/02/04 12:15:25 markus Exp $");
ProxyCommand ssh-proxy %h %p
Host *.fr
- UseRsh yes
+ PublicKeyAuthentication no
Host *.su
Cipher none
@@ -79,8 +79,6 @@ RCSID("$OpenBSD: readconf.c,v 1.95 2002/02/04 12:15:25 markus Exp $");
PasswordAuthentication yes
RSAAuthentication yes
RhostsRSAAuthentication yes
- FallBackToRsh no
- UseRsh no
StrictHostKeyChecking yes
KeepAlives no
IdentityFile ~/.ssh/identity
@@ -94,7 +92,7 @@ RCSID("$OpenBSD: readconf.c,v 1.95 2002/02/04 12:15:25 markus Exp $");
typedef enum {
oBadOption,
oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication,
- oPasswordAuthentication, oRSAAuthentication, oFallBackToRsh, oUseRsh,
+ oPasswordAuthentication, oRSAAuthentication,
oChallengeResponseAuthentication, oXAuthLocation,
#if defined(KRB4) || defined(KRB5)
oKerberosAuthentication,
@@ -115,7 +113,8 @@ typedef enum {
oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
- oClearAllForwardings, oNoHostAuthenticationForLocalhost
+ oClearAllForwardings, oNoHostAuthenticationForLocalhost,
+ oDeprecated
} OpCodes;
/* Textual representations of the tokens. */
@@ -150,8 +149,8 @@ static struct {
#ifdef AFS
{ "afstokenpassing", oAFSTokenPassing },
#endif
- { "fallbacktorsh", oFallBackToRsh },
- { "usersh", oUseRsh },
+ { "fallbacktorsh", oDeprecated },
+ { "usersh", oDeprecated },
{ "identityfile", oIdentityFile },
{ "identityfile2", oIdentityFile }, /* alias */
{ "hostname", oHostName },
@@ -373,14 +372,6 @@ parse_flag:
intptr = &options->afs_token_passing;
goto parse_flag;
#endif
- case oFallBackToRsh:
- intptr = &options->fallback_to_rsh;
- goto parse_flag;
-
- case oUseRsh:
- intptr = &options->use_rsh;
- goto parse_flag;
-
case oBatchMode:
intptr = &options->batch_mode;
goto parse_flag;
@@ -678,6 +669,11 @@ parse_int:
*intptr = value;
break;
+ case oDeprecated:
+ fatal("%s line %d: Deprecated option \"%s\"",
+ filename, linenum, keyword);
+ break;
+
default:
fatal("process_config_line: Unimplemented opcode %d", opcode);
}
@@ -765,8 +761,6 @@ initialize_options(Options * options)
options->kbd_interactive_devices = NULL;
options->rhosts_rsa_authentication = -1;
options->hostbased_authentication = -1;
- options->fallback_to_rsh = -1;
- options->use_rsh = -1;
options->batch_mode = -1;
options->check_host_ip = -1;
options->strict_host_key_checking = -1;
@@ -849,10 +843,6 @@ fill_default_options(Options * options)
options->rhosts_rsa_authentication = 1;
if (options->hostbased_authentication == -1)
options->hostbased_authentication = 0;
- if (options->fallback_to_rsh == -1)
- options->fallback_to_rsh = 0;
- if (options->use_rsh == -1)
- options->use_rsh = 0;
if (options->batch_mode == -1)
options->batch_mode = 0;
if (options->check_host_ip == -1)
diff --git a/readconf.h b/readconf.h
index 4fa9040c..92af535d 100644
--- a/readconf.h
+++ b/readconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.h,v 1.42 2002/03/04 17:27:39 stevesk Exp $ */
+/* $OpenBSD: readconf.h,v 1.43 2002/06/08 05:17:01 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -54,8 +54,6 @@ typedef struct {
* authentication. */
int kbd_interactive_authentication; /* Try keyboard-interactive auth. */
char *kbd_interactive_devices; /* Keyboard-interactive auth devices. */
- int fallback_to_rsh;/* Use rsh if cannot connect with ssh. */
- int use_rsh; /* Always use rsh (don\'t try ssh). */
int batch_mode; /* Batch mode: do not ask for passwords. */
int check_host_ip; /* Also keep track of keys for IP address */
int strict_host_key_checking; /* Strict host key checking. */
diff --git a/ssh.1 b/ssh.1
index 78c26223..ada58e1e 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.153 2002/05/29 03:06:30 stevesk Exp $
+.\" $OpenBSD: ssh.1,v 1.154 2002/06/08 05:17:01 markus Exp $
.Dd September 25, 1999
.Dt SSH 1
.Os
@@ -816,8 +816,7 @@ The meaning of the values is the same as in
.Xr gzip 1 .
Note that this option applies to protocol version 1 only.
.It Cm ConnectionAttempts
-Specifies the number of tries (one per second) to make before falling
-back to rsh or exiting.
+Specifies the number of tries (one per second) to make before exiting.
The argument must be an integer.
This may be useful in scripts if the connection sometimes fails.
The default is 1.
@@ -844,21 +843,6 @@ followed by a letter, or
to disable the escape
character entirely (making the connection transparent for binary
data).
-.It Cm FallBackToRsh
-Specifies that if connecting via
-.Nm
-fails due to a connection refused error (there is no
-.Xr sshd 8
-listening on the remote host),
-.Xr rsh 1
-should automatically be used instead (after a suitable warning about
-the session being unencrypted).
-The argument must be
-.Dq yes
-or
-.Dq no .
-The default is
-.Dq no .
.It Cm ForwardAgent
Specifies whether the connection to the authentication agent (if any)
will be forwarded to the remote machine.
@@ -1200,22 +1184,6 @@ having to remember to give the user name on the command line.
Specifies a file to use for the user
host key database instead of
.Pa $HOME/.ssh/known_hosts .
-.It Cm UseRsh
-Specifies that rlogin/rsh should be used for this host.
-It is possible that the host does not at all support the
-.Nm
-protocol.
-This causes
-.Nm
-to immediately execute
-.Xr rsh 1 .
-All other options (except
-.Cm HostName )
-are ignored if this has been specified.
-The argument must be
-.Dq yes
-or
-.Dq no .
.It Cm XAuthLocation
Specifies the location of the
.Xr xauth 1
diff --git a/ssh.c b/ssh.c
index 8b77a810..7cadc187 100644
--- a/ssh.c
+++ b/ssh.c
@@ -40,7 +40,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.175 2002/06/08 05:07:56 markus Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.176 2002/06/08 05:17:01 markus Exp $");
#include <openssl/evp.h>
#include <openssl/err.h>
@@ -200,44 +200,6 @@ usage(void)
exit(1);
}
-/*
- * Connects to the given host using rsh (or prints an error message and exits
- * if rsh is not available). This function never returns.
- */
-static void
-rsh_connect(char *host, char *user, Buffer * command)
-{
- char *args[10];
- int i;
-
- log("Using rsh. WARNING: Connection will not be encrypted.");
- /* Build argument list for rsh. */
- i = 0;
- args[i++] = _PATH_RSH;
- /* host may have to come after user on some systems */
- args[i++] = host;
- if (user) {
- args[i++] = "-l";
- args[i++] = user;
- }
- if (buffer_len(command) > 0) {
- buffer_append(command, "\0", 1);
- args[i++] = buffer_ptr(command);
- }
- args[i++] = NULL;
- if (debug_flag) {
- for (i = 0; args[i]; i++) {
- if (i != 0)
- fprintf(stderr, " ");
- fprintf(stderr, "%s", args[i]);
- }
- fprintf(stderr, "\n");
- }
- execv(_PATH_RSH, args);
- perror(_PATH_RSH);
- exit(1);
-}
-
static int ssh_session(void);
static int ssh_session2(void);
static void load_public_identity_files(void);
@@ -650,24 +612,6 @@ again:
"originating port will not be trusted.");
options.rhosts_authentication = 0;
}
- /*
- * If using rsh has been selected, exec it now (without trying
- * anything else). Note that we must release privileges first.
- */
- if (options.use_rsh) {
- /*
- * Restore our superuser privileges. This must be done
- * before permanently setting the uid.
- */
- restore_uid();
-
- /* Switch to the original uid permanently. */
- permanently_set_uid(pw);
-
- /* Execute rsh. */
- rsh_connect(host, options.user, &command);
- fatal("rsh_connect returned");
- }
/* Restore our superuser privileges. */
restore_uid();
@@ -728,21 +672,9 @@ again:
if (mkdir(buf, 0700) < 0)
error("Could not create directory '%.200s'.", buf);
- /* Check if the connection failed, and try "rsh" if appropriate. */
- if (cerr) {
- if (!options.fallback_to_rsh)
- exit(1);
- if (options.port != 0)
- log("Secure connection to %.100s on port %hu refused; "
- "reverting to insecure method",
- host, options.port);
- else
- log("Secure connection to %.100s refused; "
- "reverting to insecure method.", host);
+ if (cerr)
+ exit(1);
- rsh_connect(host, options.user, &command);
- fatal("rsh_connect returned");
- }
/* load options.identity_files */
load_public_identity_files();