deprecate FallBackToRsh and UseRsh; patch from djm@

4 files changed, 19 insertions, 131 deletions

diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c
index 45e95d9f604..6ac971e39f0 100644
--- a/usr.bin/ssh/readconf.c
+++ b/usr.bin/ssh/readconf.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.95 2002/02/04 12:15:25 markus Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.96 2002/06/08 05:17:01 markus Exp $");
 
 #include "ssh.h"
 #include "xmalloc.h"
@@ -41,7 +41,7 @@ RCSID("$OpenBSD: readconf.c,v 1.95 2002/02/04 12:15:25 markus Exp $");
    # that they are given in.
 
    Host *.ngs.fi ngs.fi
-     FallBackToRsh no
+     User foo
 
    Host fake.com
      HostName another.host.name.real.org
@@ -65,7 +65,7 @@ RCSID("$OpenBSD: readconf.c,v 1.95 2002/02/04 12:15:25 markus Exp $");
      ProxyCommand ssh-proxy %h %p
 
    Host *.fr
-     UseRsh yes
+     PublicKeyAuthentication no
 
    Host *.su
      Cipher none
@@ -79,8 +79,6 @@ RCSID("$OpenBSD: readconf.c,v 1.95 2002/02/04 12:15:25 markus Exp $");
      PasswordAuthentication yes
      RSAAuthentication yes
      RhostsRSAAuthentication yes
-     FallBackToRsh no
-     UseRsh no
      StrictHostKeyChecking yes
      KeepAlives no
      IdentityFile ~/.ssh/identity
@@ -94,7 +92,7 @@ RCSID("$OpenBSD: readconf.c,v 1.95 2002/02/04 12:15:25 markus Exp $");
 typedef enum {
 	oBadOption,
 	oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication,
-	oPasswordAuthentication, oRSAAuthentication, oFallBackToRsh, oUseRsh,
+	oPasswordAuthentication, oRSAAuthentication, 
 	oChallengeResponseAuthentication, oXAuthLocation,
 #if defined(KRB4) || defined(KRB5)
 	oKerberosAuthentication,
@@ -115,7 +113,8 @@ typedef enum {
 	oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
 	oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
 	oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
-	oClearAllForwardings, oNoHostAuthenticationForLocalhost
+	oClearAllForwardings, oNoHostAuthenticationForLocalhost,
+	oDeprecated
 } OpCodes;
 
 /* Textual representations of the tokens. */
@@ -150,8 +149,8 @@ static struct {
 #ifdef AFS
 	{ "afstokenpassing", oAFSTokenPassing },
 #endif
-	{ "fallbacktorsh", oFallBackToRsh },
-	{ "usersh", oUseRsh },
+	{ "fallbacktorsh", oDeprecated },
+	{ "usersh", oDeprecated },
 	{ "identityfile", oIdentityFile },
 	{ "identityfile2", oIdentityFile },			/* alias */
 	{ "hostname", oHostName },
@@ -371,14 +370,6 @@ parse_flag:
 		intptr = &options->afs_token_passing;
 		goto parse_flag;
 #endif
-	case oFallBackToRsh:
-		intptr = &options->fallback_to_rsh;
-		goto parse_flag;
-
-	case oUseRsh:
-		intptr = &options->use_rsh;
-		goto parse_flag;
-
 	case oBatchMode:
 		intptr = &options->batch_mode;
 		goto parse_flag;
@@ -676,6 +667,11 @@ parse_int:
 			*intptr = value;
 		break;
 
+	case oDeprecated:
+		fatal("%s line %d: Deprecated option \"%s\"",
+		    filename, linenum, keyword);
+		break;
+
 	default:
 		fatal("process_config_line: Unimplemented opcode %d", opcode);
 	}
@@ -763,8 +759,6 @@ initialize_options(Options * options)
 	options->kbd_interactive_devices = NULL;
 	options->rhosts_rsa_authentication = -1;
 	options->hostbased_authentication = -1;
-	options->fallback_to_rsh = -1;
-	options->use_rsh = -1;
 	options->batch_mode = -1;
 	options->check_host_ip = -1;
 	options->strict_host_key_checking = -1;
@@ -847,10 +841,6 @@ fill_default_options(Options * options)
 		options->rhosts_rsa_authentication = 1;
 	if (options->hostbased_authentication == -1)
 		options->hostbased_authentication = 0;
-	if (options->fallback_to_rsh == -1)
-		options->fallback_to_rsh = 0;
-	if (options->use_rsh == -1)
-		options->use_rsh = 0;
 	if (options->batch_mode == -1)
 		options->batch_mode = 0;
 	if (options->check_host_ip == -1)
diff --git a/usr.bin/ssh/readconf.h b/usr.bin/ssh/readconf.h
index 4fa9040c976..92af535d04c 100644
--- a/usr.bin/ssh/readconf.h
+++ b/usr.bin/ssh/readconf.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: readconf.h,v 1.42 2002/03/04 17:27:39 stevesk Exp $	*/
+/*	$OpenBSD: readconf.h,v 1.43 2002/06/08 05:17:01 markus Exp $	*/
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -54,8 +54,6 @@ typedef struct {
 						 * authentication. */
 	int     kbd_interactive_authentication; /* Try keyboard-interactive auth. */
 	char	*kbd_interactive_devices; /* Keyboard-interactive auth devices. */
-	int     fallback_to_rsh;/* Use rsh if cannot connect with ssh. */
-	int     use_rsh;	/* Always use rsh (don\'t try ssh). */
 	int     batch_mode;	/* Batch mode: do not ask for passwords. */
 	int     check_host_ip;	/* Also keep track of keys for IP address */
 	int     strict_host_key_checking;	/* Strict host key checking. */
diff --git a/usr.bin/ssh/ssh.1 b/usr.bin/ssh/ssh.1
index 78c2622330b..ada58e1ebe0 100644
--- a/usr.bin/ssh/ssh.1
+++ b/usr.bin/ssh/ssh.1
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.153 2002/05/29 03:06:30 stevesk Exp $
+.\" $OpenBSD: ssh.1,v 1.154 2002/06/08 05:17:01 markus Exp $
 .Dd September 25, 1999
 .Dt SSH 1
 .Os
@@ -816,8 +816,7 @@ The meaning of the values is the same as in
 .Xr gzip 1 .
 Note that this option applies to protocol version 1 only.
 .It Cm ConnectionAttempts
-Specifies the number of tries (one per second) to make before falling
-back to rsh or exiting.
+Specifies the number of tries (one per second) to make before exiting.
 The argument must be an integer.
 This may be useful in scripts if the connection sometimes fails.
 The default is 1.
@@ -844,21 +843,6 @@ followed by a letter, or
 to disable the escape
 character entirely (making the connection transparent for binary
 data).
-.It Cm FallBackToRsh
-Specifies that if connecting via
-.Nm
-fails due to a connection refused error (there is no
-.Xr sshd 8
-listening on the remote host),
-.Xr rsh 1
-should automatically be used instead (after a suitable warning about
-the session being unencrypted).
-The argument must be
-.Dq yes
-or
-.Dq no .
-The default is
-.Dq no .
 .It Cm ForwardAgent
 Specifies whether the connection to the authentication agent (if any)
 will be forwarded to the remote machine.
@@ -1200,22 +1184,6 @@ having to remember to give the user name on the command line.
 Specifies a file to use for the user
 host key database instead of
 .Pa $HOME/.ssh/known_hosts .
-.It Cm UseRsh
-Specifies that rlogin/rsh should be used for this host.
-It is possible that the host does not at all support the
-.Nm
-protocol.
-This causes
-.Nm
-to immediately execute
-.Xr rsh 1 .
-All other options (except
-.Cm HostName )
-are ignored if this has been specified.
-The argument must be
-.Dq yes
-or
-.Dq no .
 .It Cm XAuthLocation
 Specifies the location of the
 .Xr xauth 1
diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c
index b2f1b6f3bc6..8b00fb9d500 100644
--- a/usr.bin/ssh/ssh.c
+++ b/usr.bin/ssh/ssh.c
@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.175 2002/06/08 05:07:56 markus Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.176 2002/06/08 05:17:01 markus Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/err.h>
@@ -192,44 +192,6 @@ usage(void)
 	exit(1);
 }
 
-/*
- * Connects to the given host using rsh (or prints an error message and exits
- * if rsh is not available).  This function never returns.
- */
-static void
-rsh_connect(char *host, char *user, Buffer * command)
-{
-	char *args[10];
-	int i;
-
-	log("Using rsh.  WARNING: Connection will not be encrypted.");
-	/* Build argument list for rsh. */
-	i = 0;
-	args[i++] = _PATH_RSH;
-	/* host may have to come after user on some systems */
-	args[i++] = host;
-	if (user) {
-		args[i++] = "-l";
-		args[i++] = user;
-	}
-	if (buffer_len(command) > 0) {
-		buffer_append(command, "\0", 1);
-		args[i++] = buffer_ptr(command);
-	}
-	args[i++] = NULL;
-	if (debug_flag) {
-		for (i = 0; args[i]; i++) {
-			if (i != 0)
-				fprintf(stderr, " ");
-			fprintf(stderr, "%s", args[i]);
-		}
-		fprintf(stderr, "\n");
-	}
-	execv(_PATH_RSH, args);
-	perror(_PATH_RSH);
-	exit(1);
-}
-
 static int ssh_session(void);
 static int ssh_session2(void);
 static void load_public_identity_files(void);
@@ -630,24 +592,6 @@ again:
 		    "originating port will not be trusted.");
 		options.rhosts_authentication = 0;
 	}
-	/*
-	 * If using rsh has been selected, exec it now (without trying
-	 * anything else).  Note that we must release privileges first.
-	 */
-	if (options.use_rsh) {
-		/*
-		 * Restore our superuser privileges.  This must be done
-		 * before permanently setting the uid.
-		 */
-		restore_uid();
-
-		/* Switch to the original uid permanently. */
-		permanently_set_uid(pw);
-
-		/* Execute rsh. */
-		rsh_connect(host, options.user, &command);
-		fatal("rsh_connect returned");
-	}
 	/* Restore our superuser privileges. */
 	restore_uid();
 
@@ -708,21 +652,9 @@ again:
 		if (mkdir(buf, 0700) < 0)
 			error("Could not create directory '%.200s'.", buf);
 
-	/* Check if the connection failed, and try "rsh" if appropriate. */
-	if (cerr) {
-		if (!options.fallback_to_rsh)
-			exit(1);
-		if (options.port != 0)
-			log("Secure connection to %.100s on port %hu refused; "
-			    "reverting to insecure method",
-			    host, options.port);
-		else
-			log("Secure connection to %.100s refused; "
-			    "reverting to insecure method.", host);
+	if (cerr)
+		exit(1);
 
-		rsh_connect(host, options.user, &command);
-		fatal("rsh_connect returned");
-	}
 	/* load options.identity_files */
 	load_public_identity_files();