summaryrefslogtreecommitdiff
path: root/usr.bin/ssh
diff options
context:
space:
mode:
authorDamien Miller <djm@cvs.openbsd.org>2017-04-30 23:11:46 +0000
committerDamien Miller <djm@cvs.openbsd.org>2017-04-30 23:11:46 +0000
commit591337e548607602b93aa632a88e549f17c3d786 (patch)
tree21e66d6db4748a825fb528ebe8463e658eccaeee /usr.bin/ssh
parentc836d45ce77214fc6c999eb2c2b45f13e08c9117 (diff)
remove options.protocol and client Protocol configuration knob
ok markus@
Diffstat (limited to 'usr.bin/ssh')
-rw-r--r--usr.bin/ssh/compat.c4
-rw-r--r--usr.bin/ssh/readconf.c57
-rw-r--r--usr.bin/ssh/readconf.h3
-rw-r--r--usr.bin/ssh/ssh.c6
-rw-r--r--usr.bin/ssh/sshconnect.c49
5 files changed, 26 insertions, 93 deletions
diff --git a/usr.bin/ssh/compat.c b/usr.bin/ssh/compat.c
index 9cc60cdebb4..d9706480046 100644
--- a/usr.bin/ssh/compat.c
+++ b/usr.bin/ssh/compat.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: compat.c,v 1.101 2017/04/30 23:10:43 djm Exp $ */
+/* $OpenBSD: compat.c,v 1.102 2017/04/30 23:11:45 djm Exp $ */
/*
* Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
*
@@ -230,8 +230,6 @@ proto_spec(const char *spec)
return ret;
for ((p = strsep(&q, SEP)); p && *p != '\0'; (p = strsep(&q, SEP))) {
switch (atoi(p)) {
- case 1:
- break;
case 2:
ret |= SSH_PROTO_2;
break;
diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c
index 7bf65ad6e19..e690d9321e7 100644
--- a/usr.bin/ssh/readconf.c
+++ b/usr.bin/ssh/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.272 2017/04/30 23:10:43 djm Exp $ */
+/* $OpenBSD: readconf.c,v 1.273 2017/04/30 23:11:45 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -137,7 +137,7 @@ typedef enum {
oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts,
- oUsePrivilegedPort, oLogFacility, oLogLevel, oCiphers, oProtocol, oMacs,
+ oUsePrivilegedPort, oLogFacility, oLogLevel, oCiphers, oMacs,
oPubkeyAuthentication,
oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
@@ -156,7 +156,7 @@ typedef enum {
oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys,
oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes,
oPubkeyAcceptedKeyTypes, oProxyJump,
- oIgnoredUnknownOption, oDeprecated, oUnsupported
+ oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported
} OpCodes;
/* Textual representations of the tokens. */
@@ -166,6 +166,7 @@ static struct {
OpCodes opcode;
} keywords[] = {
/* Deprecated options */
+ { "protocol", oIgnore }, /* NB. silently ignored */
{ "fallbacktorsh", oDeprecated },
{ "globalknownhostsfile2", oDeprecated },
{ "rhostsauthentication", oDeprecated },
@@ -227,7 +228,6 @@ static struct {
{ "cipher", oCipher },
{ "ciphers", oCiphers },
{ "macs", oMacs },
- { "protocol", oProtocol },
{ "remoteforward", oRemoteForward },
{ "localforward", oLocalForward },
{ "user", oUser },
@@ -851,6 +851,8 @@ process_config_line_depth(Options *options, struct passwd *pw, const char *host,
case oBadOption:
/* don't panic, but count bad options */
return -1;
+ case oIgnore:
+ return 0;
case oIgnoredUnknownOption:
debug("%s line %d: Ignored unknown option \"%s\"",
filename, linenum, keyword);
@@ -1221,19 +1223,6 @@ parse_keytypes:
*charptr = xstrdup(arg);
break;
- case oProtocol:
- intptr = &options->protocol;
- arg = strdelim(&s);
- if (!arg || *arg == '\0')
- fatal("%.200s line %d: Missing argument.", filename, linenum);
- value = proto_spec(arg);
- if (value == SSH_PROTO_UNKNOWN)
- fatal("%.200s line %d: Bad protocol spec '%s'.",
- filename, linenum, arg ? arg : "<NONE>");
- if (*activep && *intptr == SSH_PROTO_UNKNOWN)
- *intptr = value;
- break;
-
case oLogLevel:
log_level_ptr = &options->log_level;
arg = strdelim(&s);
@@ -1812,7 +1801,6 @@ initialize_options(Options * options)
options->macs = NULL;
options->kex_algorithms = NULL;
options->hostkeyalgorithms = NULL;
- options->protocol = SSH_PROTO_UNKNOWN;
options->num_identity_files = 0;
options->num_certificate_files = 0;
options->hostname = NULL;
@@ -1969,25 +1957,14 @@ fill_default_options(Options * options)
if (options->cipher == -1)
options->cipher = SSH_CIPHER_NOT_SET;
/* options->hostkeyalgorithms, default set in myproposals.h */
- if (options->protocol == SSH_PROTO_UNKNOWN)
- options->protocol = SSH_PROTO_2;
if (options->add_keys_to_agent == -1)
options->add_keys_to_agent = 0;
if (options->num_identity_files == 0) {
- if (options->protocol & SSH_PROTO_1) {
- add_identity_file(options, "~/",
- _PATH_SSH_CLIENT_IDENTITY, 0);
- }
- if (options->protocol & SSH_PROTO_2) {
- add_identity_file(options, "~/",
- _PATH_SSH_CLIENT_ID_RSA, 0);
- add_identity_file(options, "~/",
- _PATH_SSH_CLIENT_ID_DSA, 0);
- add_identity_file(options, "~/",
- _PATH_SSH_CLIENT_ID_ECDSA, 0);
- add_identity_file(options, "~/",
- _PATH_SSH_CLIENT_ID_ED25519, 0);
- }
+ add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_RSA, 0);
+ add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_DSA, 0);
+ add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ECDSA, 0);
+ add_identity_file(options, "~/",
+ _PATH_SSH_CLIENT_ID_ED25519, 0);
}
if (options->escape_char == -1)
options->escape_char = '~';
@@ -2378,17 +2355,6 @@ fmt_intarg(OpCodes code, int val)
return fmt_multistate_int(val, multistate_canonicalizehostname);
case oFingerprintHash:
return ssh_digest_alg_name(val);
- case oProtocol:
- switch (val) {
- case SSH_PROTO_1:
- return "1";
- case SSH_PROTO_2:
- return "2";
- case (SSH_PROTO_1|SSH_PROTO_2):
- return "2,1";
- default:
- return "UNKNOWN";
- }
default:
switch (val) {
case 0:
@@ -2533,7 +2499,6 @@ dump_client_config(Options *o, const char *host)
dump_cfg_fmtint(oNoHostAuthenticationForLocalhost, o->no_host_authentication_for_localhost);
dump_cfg_fmtint(oPasswordAuthentication, o->password_authentication);
dump_cfg_fmtint(oPermitLocalCommand, o->permit_local_command);
- dump_cfg_fmtint(oProtocol, o->protocol);
dump_cfg_fmtint(oProxyUseFdpass, o->proxy_use_fdpass);
dump_cfg_fmtint(oPubkeyAuthentication, o->pubkey_authentication);
dump_cfg_fmtint(oRequestTTY, o->request_tty);
diff --git a/usr.bin/ssh/readconf.h b/usr.bin/ssh/readconf.h
index d6242810139..f53864854b6 100644
--- a/usr.bin/ssh/readconf.h
+++ b/usr.bin/ssh/readconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.h,v 1.118 2017/04/28 03:20:27 dtucker Exp $ */
+/* $OpenBSD: readconf.h,v 1.119 2017/04/30 23:11:45 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -75,7 +75,6 @@ typedef struct {
char *macs; /* SSH2 macs in order of preference. */
char *hostkeyalgorithms; /* SSH2 server key types in order of preference. */
char *kex_algorithms; /* SSH2 kex methods in order of preference. */
- int protocol; /* Protocol in order of preference. */
char *hostname; /* Real host to connect. */
char *host_key_alias; /* hostname alias for .ssh/known_hosts */
char *proxy_command; /* Proxy command for connecting the host. */
diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c
index 8cfc35fb939..fb6cadf38c9 100644
--- a/usr.bin/ssh/ssh.c
+++ b/usr.bin/ssh/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.453 2017/04/30 23:10:43 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.454 2017/04/30 23:11:45 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -578,10 +578,10 @@ main(int ac, char **av)
"ACD:E:F:GI:J:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
switch (opt) {
case '1':
- options.protocol = SSH_PROTO_1;
+ fatal("SSH protocol v.1 is no longer supported");
break;
case '2':
- options.protocol = SSH_PROTO_2;
+ /* Ignored */
break;
case '4':
options.address_family = AF_INET;
diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c
index 80b2691b3c8..c2257a961b4 100644
--- a/usr.bin/ssh/sshconnect.c
+++ b/usr.bin/ssh/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.274 2017/04/30 23:10:43 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.275 2017/04/30 23:11:45 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -539,7 +539,7 @@ ssh_exchange_identification(int timeout_ms)
int remote_major, remote_minor, mismatch;
int connection_in = packet_get_connection_in();
int connection_out = packet_get_connection_out();
- int minor1 = PROTOCOL_MINOR_1, client_banner_sent = 0;
+ int client_banner_sent = 0;
u_int i, n;
size_t len;
int fdsetsz, remaining, rc;
@@ -549,15 +549,9 @@ ssh_exchange_identification(int timeout_ms)
fdsetsz = howmany(connection_in + 1, NFDBITS) * sizeof(fd_mask);
fdset = xcalloc(1, fdsetsz);
- /*
- * If we are SSH2-only then we can send the banner immediately and
- * save a round-trip.
- */
- if (options.protocol == SSH_PROTO_2) {
- enable_compat20();
- send_client_banner(connection_out, 0);
- client_banner_sent = 1;
- }
+ enable_compat20();
+ send_client_banner(connection_out, 0);
+ client_banner_sent = 1;
/* Read other side's version identification. */
remaining = timeout_ms;
@@ -625,50 +619,27 @@ ssh_exchange_identification(int timeout_ms)
switch (remote_major) {
case 1:
- if (remote_minor == 99 &&
- (options.protocol & SSH_PROTO_2) &&
- !(options.protocol & SSH_PROTO_1_PREFERRED)) {
+ if (remote_minor == 99)
enable_compat20();
- break;
- }
- if (!(options.protocol & SSH_PROTO_1)) {
+ else
mismatch = 1;
- break;
- }
- if (remote_minor < 3) {
- fatal("Remote machine has too old SSH software version.");
- } else if (remote_minor == 3 || remote_minor == 4) {
- /* We speak 1.3, too. */
- enable_compat13();
- minor1 = 3;
- if (options.forward_agent) {
- logit("Agent forwarding disabled for protocol 1.3");
- options.forward_agent = 0;
- }
- }
break;
case 2:
- if (options.protocol & SSH_PROTO_2) {
- enable_compat20();
- break;
- }
- /* FALLTHROUGH */
+ enable_compat20();
+ break;
default:
mismatch = 1;
break;
}
if (mismatch)
fatal("Protocol major versions differ: %d vs. %d",
- (options.protocol & SSH_PROTO_2) ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1,
- remote_major);
+ PROTOCOL_MAJOR_2, remote_major);
if ((datafellows & SSH_BUG_DERIVEKEY) != 0)
fatal("Server version \"%.100s\" uses unsafe key agreement; "
"refusing connection", remote_version);
if ((datafellows & SSH_BUG_RSASIGMD5) != 0)
logit("Server version \"%.100s\" uses unsafe RSA signature "
"scheme; disabling use of RSA keys", remote_version);
- if (!client_banner_sent)
- send_client_banner(connection_out, minor1);
chop(server_version_string);
}