- markus@cvs.openbsd.org 2002/06/08 05:17:01

[readconf.c readconf.h ssh.1 ssh.c] deprecate FallBackToRsh and UseRsh; patch from djm@
2002-06-09 20:04:02 +00:00 · 2002-06-09 20:04:02 +00:00 · 4daea86fd4
parent a20715788d
commit 4daea86fd4
5 changed files with 23 additions and 132 deletions
--- a/5
+++ b/5
@ -6,6 +6,9 @@
   - markus@cvs.openbsd.org 2002/06/08 05:07:09
     [ssh-keysign.c]
     only accept 20 byte session ids
+   - markus@cvs.openbsd.org 2002/06/08 05:17:01
+     [readconf.c readconf.h ssh.1 ssh.c]
+     deprecate FallBackToRsh and UseRsh; patch from djm@

 20020607
 - (bal) Removed --{enable/disable}-suid-ssh
@ -837,4 +840,4 @@
 - (stevesk) entropy.c: typo in debug message
 - (djm) ssh-keygen -i needs seeded RNG; report from markus@

-$Id: ChangeLog,v 1.2190 2002/06/09 20:01:48 mouring Exp $
+$Id: ChangeLog,v 1.2191 2002/06/09 20:04:02 mouring Exp $
--- a/readconf.c
+++ b/readconf.c
@ -12,7 +12,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.95 2002/02/04 12:15:25 markus Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.96 2002/06/08 05:17:01 markus Exp $");

 #include "ssh.h"
 #include "xmalloc.h"
@ -41,7 +41,7 @@ RCSID("$OpenBSD: readconf.c,v 1.95 2002/02/04 12:15:25 markus Exp $");
   # that they are given in.

   Host *.ngs.fi ngs.fi
-     FallBackToRsh no
+     User foo

   Host fake.com
     HostName another.host.name.real.org
@ -65,7 +65,7 @@ RCSID("$OpenBSD: readconf.c,v 1.95 2002/02/04 12:15:25 markus Exp $");
     ProxyCommand ssh-proxy %h %p

   Host *.fr
-     UseRsh yes
+     PublicKeyAuthentication no

   Host *.su
     Cipher none
@ -79,8 +79,6 @@ RCSID("$OpenBSD: readconf.c,v 1.95 2002/02/04 12:15:25 markus Exp $");
     PasswordAuthentication yes
     RSAAuthentication yes
     RhostsRSAAuthentication yes
-     FallBackToRsh no
-     UseRsh no
     StrictHostKeyChecking yes
     KeepAlives no
     IdentityFile ~/.ssh/identity
@ -94,7 +92,7 @@ RCSID("$OpenBSD: readconf.c,v 1.95 2002/02/04 12:15:25 markus Exp $");
 typedef enum {
 	oBadOption,
 	oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication,
-	oPasswordAuthentication, oRSAAuthentication, oFallBackToRsh, oUseRsh,
+	oPasswordAuthentication, oRSAAuthentication, 
 	oChallengeResponseAuthentication, oXAuthLocation,
 #if defined(KRB4) || defined(KRB5)
 	oKerberosAuthentication,
@ -115,7 +113,8 @@ typedef enum {
 	oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
 	oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
 	oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
-	oClearAllForwardings, oNoHostAuthenticationForLocalhost
+	oClearAllForwardings, oNoHostAuthenticationForLocalhost,
+	oDeprecated
 } OpCodes;

 /* Textual representations of the tokens. */
@ -150,8 +149,8 @@ static struct {
 #ifdef AFS
 	{ "afstokenpassing", oAFSTokenPassing },
 #endif
-	{ "fallbacktorsh", oFallBackToRsh },
-	{ "usersh", oUseRsh },
+	{ "fallbacktorsh", oDeprecated },
+	{ "usersh", oDeprecated },
 	{ "identityfile", oIdentityFile },
 	{ "identityfile2", oIdentityFile },			/* alias */
 	{ "hostname", oHostName },
@ -373,14 +372,6 @@ parse_flag:
 		intptr = &options->afs_token_passing;
 		goto parse_flag;
 #endif
-	case oFallBackToRsh:
-		intptr = &options->fallback_to_rsh;
-		goto parse_flag;
-
-	case oUseRsh:
-		intptr = &options->use_rsh;
-		goto parse_flag;
-
 	case oBatchMode:
 		intptr = &options->batch_mode;
 		goto parse_flag;
@ -678,6 +669,11 @@ parse_int:
 			*intptr = value;
 		break;

+	case oDeprecated:
+		fatal("%s line %d: Deprecated option \"%s\"",
+		    filename, linenum, keyword);
+		break;
+
 	default:
 		fatal("process_config_line: Unimplemented opcode %d", opcode);
 	}
@ -765,8 +761,6 @@ initialize_options(Options * options)
 	options->kbd_interactive_devices = NULL;
 	options->rhosts_rsa_authentication = -1;
 	options->hostbased_authentication = -1;
-	options->fallback_to_rsh = -1;
-	options->use_rsh = -1;
 	options->batch_mode = -1;
 	options->check_host_ip = -1;
 	options->strict_host_key_checking = -1;
@ -849,10 +843,6 @@ fill_default_options(Options * options)
 		options->rhosts_rsa_authentication = 1;
 	if (options->hostbased_authentication == -1)
 		options->hostbased_authentication = 0;
-	if (options->fallback_to_rsh == -1)
-		options->fallback_to_rsh = 0;
-	if (options->use_rsh == -1)
-		options->use_rsh = 0;
 	if (options->batch_mode == -1)
 		options->batch_mode = 0;
 	if (options->check_host_ip == -1)
--- a/readconf.h
+++ b/readconf.h
@ -1,4 +1,4 @@
-/*	$OpenBSD: readconf.h,v 1.42 2002/03/04 17:27:39 stevesk Exp $	*/
+/*	$OpenBSD: readconf.h,v 1.43 2002/06/08 05:17:01 markus Exp $	*/

 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -54,8 +54,6 @@ typedef struct {
 						 * authentication. */
 	int     kbd_interactive_authentication; /* Try keyboard-interactive auth. */
 	char	*kbd_interactive_devices; /* Keyboard-interactive auth devices. */
-	int     fallback_to_rsh;/* Use rsh if cannot connect with ssh. */
-	int     use_rsh;	/* Always use rsh (don\'t try ssh). */
 	int     batch_mode;	/* Batch mode: do not ask for passwords. */
 	int     check_host_ip;	/* Also keep track of keys for IP address */
 	int     strict_host_key_checking;	/* Strict host key checking. */
--- a/ssh.1
+++ b/ssh.1
@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.153 2002/05/29 03:06:30 stevesk Exp $
+.\" $OpenBSD: ssh.1,v 1.154 2002/06/08 05:17:01 markus Exp $
 .Dd September 25, 1999
 .Dt SSH 1
 .Os
@ -816,8 +816,7 @@ The meaning of the values is the same as in
 .Xr gzip 1 .
 Note that this option applies to protocol version 1 only.
 .It Cm ConnectionAttempts
-Specifies the number of tries (one per second) to make before falling
-back to rsh or exiting.
+Specifies the number of tries (one per second) to make before exiting.
 The argument must be an integer.
 This may be useful in scripts if the connection sometimes fails.
 The default is 1.
@ -844,21 +843,6 @@ followed by a letter, or
 to disable the escape
 character entirely (making the connection transparent for binary
 data).
-.It Cm FallBackToRsh
-Specifies that if connecting via
-.Nm
-fails due to a connection refused error (there is no
-.Xr sshd 8
-listening on the remote host),
-.Xr rsh 1
-should automatically be used instead (after a suitable warning about
-the session being unencrypted).
-The argument must be
-.Dq yes
-or
-.Dq no .
-The default is
-.Dq no .
 .It Cm ForwardAgent
 Specifies whether the connection to the authentication agent (if any)
 will be forwarded to the remote machine.
@ -1200,22 +1184,6 @@ having to remember to give the user name on the command line.
 Specifies a file to use for the user
 host key database instead of
 .Pa $HOME/.ssh/known_hosts .
-.It Cm UseRsh
-Specifies that rlogin/rsh should be used for this host.
-It is possible that the host does not at all support the
-.Nm
-protocol.
-This causes
-.Nm
-to immediately execute
-.Xr rsh 1 .
-All other options (except
-.Cm HostName )
-are ignored if this has been specified.
-The argument must be
-.Dq yes
-or
-.Dq no .
 .It Cm XAuthLocation
 Specifies the location of the
 .Xr xauth 1
--- a/ssh.c
+++ b/ssh.c
@ -40,7 +40,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.175 2002/06/08 05:07:56 markus Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.176 2002/06/08 05:17:01 markus Exp $");

 #include <openssl/evp.h>
 #include <openssl/err.h>
@ -200,44 +200,6 @@ usage(void)
 	exit(1);
 }

-/*
- * Connects to the given host using rsh (or prints an error message and exits
- * if rsh is not available).  This function never returns.
- */
-static void
-rsh_connect(char *host, char *user, Buffer * command)
-{
-	char *args[10];
-	int i;
-
-	log("Using rsh.  WARNING: Connection will not be encrypted.");
-	/* Build argument list for rsh. */
-	i = 0;
-	args[i++] = _PATH_RSH;
-	/* host may have to come after user on some systems */
-	args[i++] = host;
-	if (user) {
-		args[i++] = "-l";
-		args[i++] = user;
-	}
-	if (buffer_len(command) > 0) {
-		buffer_append(command, "\0", 1);
-		args[i++] = buffer_ptr(command);
-	}
-	args[i++] = NULL;
-	if (debug_flag) {
-		for (i = 0; args[i]; i++) {
-			if (i != 0)
-				fprintf(stderr, " ");
-			fprintf(stderr, "%s", args[i]);
-		}
-		fprintf(stderr, "\n");
-	}
-	execv(_PATH_RSH, args);
-	perror(_PATH_RSH);
-	exit(1);
-}
-
 static int ssh_session(void);
 static int ssh_session2(void);
 static void load_public_identity_files(void);
@ -650,24 +612,6 @@ again:
 		    "originating port will not be trusted.");
 		options.rhosts_authentication = 0;
 	}
-	/*
-	 * If using rsh has been selected, exec it now (without trying
-	 * anything else).  Note that we must release privileges first.
-	 */
-	if (options.use_rsh) {
-		/*
-		 * Restore our superuser privileges.  This must be done
-		 * before permanently setting the uid.
-		 */
-		restore_uid();
-
-		/* Switch to the original uid permanently. */
-		permanently_set_uid(pw);
-
-		/* Execute rsh. */
-		rsh_connect(host, options.user, &command);
-		fatal("rsh_connect returned");
-	}
 	/* Restore our superuser privileges. */
 	restore_uid();

@ -728,21 +672,9 @@ again:
 		if (mkdir(buf, 0700) < 0)
 			error("Could not create directory '%.200s'.", buf);

-	/* Check if the connection failed, and try "rsh" if appropriate. */
-	if (cerr) {
-		if (!options.fallback_to_rsh)
-			exit(1);
-		if (options.port != 0)
-			log("Secure connection to %.100s on port %hu refused; "
-			    "reverting to insecure method",
-			    host, options.port);
-		else
-			log("Secure connection to %.100s refused; "
-			    "reverting to insecure method.", host);
+	if (cerr)
+		exit(1);

-		rsh_connect(host, options.user, &command);
-		fatal("rsh_connect returned");
-	}
 	/* load options.identity_files */
 	load_public_identity_files();