5 files changed, 26 insertions, 93 deletions

diff --git a/compat.c b/compat.c
index aa50d2ce8..945fd349b 100644
--- a/compat.c
+++ b/compat.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: compat.c,v 1.101 2017/04/30 23:10:43 djm Exp $ */
+/* $OpenBSD: compat.c,v 1.102 2017/04/30 23:11:45 djm Exp $ */
 /*
  * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl.  All rights reserved.
  *
@@ -232,8 +232,6 @@ proto_spec(const char *spec)
                 return ret;
         for ((p = strsep(&q, SEP)); p && *p != '\0'; (p = strsep(&q, SEP))) {
                 switch (atoi(p)) {
-                case 1:
-                        break;
                 case 2:
                         ret |= SSH_PROTO_2;
                         break;
diff --git a/readconf.c b/readconf.c
index 975f00ff4..963c648b9 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.272 2017/04/30 23:10:43 djm Exp $ */
+/* $OpenBSD: readconf.c,v 1.273 2017/04/30 23:11:45 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -152,7 +152,7 @@ typedef enum {
         oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
         oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
         oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts,
-        oUsePrivilegedPort, oLogFacility, oLogLevel, oCiphers, oProtocol, oMacs,
+        oUsePrivilegedPort, oLogFacility, oLogLevel, oCiphers, oMacs,
         oPubkeyAuthentication,
         oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
         oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
@@ -171,7 +171,7 @@ typedef enum {
         oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys,
         oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes,
         oPubkeyAcceptedKeyTypes, oProxyJump,
-        oIgnoredUnknownOption, oDeprecated, oUnsupported
+        oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported
 } OpCodes;
 
 /* Textual representations of the tokens. */
@@ -181,6 +181,7 @@ static struct {
         OpCodes opcode;
 } keywords[] = {
         /* Deprecated options */
+        { "protocol", oIgnore }, /* NB. silently ignored */
         { "fallbacktorsh", oDeprecated },
         { "globalknownhostsfile2", oDeprecated },
         { "rhostsauthentication", oDeprecated },
@@ -242,7 +243,6 @@ static struct {
         { "cipher", oCipher },
         { "ciphers", oCiphers },
         { "macs", oMacs },
-        { "protocol", oProtocol },
         { "remoteforward", oRemoteForward },
         { "localforward", oLocalForward },
         { "user", oUser },
@@ -866,6 +866,8 @@ process_config_line_depth(Options *options, struct passwd *pw, const char *host,
         case oBadOption:
                 /* don't panic, but count bad options */
                 return -1;
+        case oIgnore:
+                return 0;
         case oIgnoredUnknownOption:
                 debug("%s line %d: Ignored unknown option \"%s\"",
                     filename, linenum, keyword);
@@ -1236,19 +1238,6 @@ parse_keytypes:
                         *charptr = xstrdup(arg);
                 break;
 
-        case oProtocol:
-                intptr = &options->protocol;
-                arg = strdelim(&s);
-                if (!arg || *arg == '\0')
-                        fatal("%.200s line %d: Missing argument.", filename, linenum);
-                value = proto_spec(arg);
-                if (value == SSH_PROTO_UNKNOWN)
-                        fatal("%.200s line %d: Bad protocol spec '%s'.",
-                            filename, linenum, arg ? arg : "<NONE>");
-                if (*activep && *intptr == SSH_PROTO_UNKNOWN)
-                        *intptr = value;
-                break;
-
         case oLogLevel:
                 log_level_ptr = &options->log_level;
                 arg = strdelim(&s);
@@ -1827,7 +1816,6 @@ initialize_options(Options * options)
         options->macs = NULL;
         options->kex_algorithms = NULL;
         options->hostkeyalgorithms = NULL;
-        options->protocol = SSH_PROTO_UNKNOWN;
         options->num_identity_files = 0;
         options->num_certificate_files = 0;
         options->hostname = NULL;
@@ -1984,27 +1972,16 @@ fill_default_options(Options * options)
         if (options->cipher == -1)
                 options->cipher = SSH_CIPHER_NOT_SET;
         /* options->hostkeyalgorithms, default set in myproposals.h */
-        if (options->protocol == SSH_PROTO_UNKNOWN)
-                options->protocol = SSH_PROTO_2;
         if (options->add_keys_to_agent == -1)
                 options->add_keys_to_agent = 0;
         if (options->num_identity_files == 0) {
-                if (options->protocol & SSH_PROTO_1) {
-                        add_identity_file(options, "~/",
-                            _PATH_SSH_CLIENT_IDENTITY, 0);
-                }
-                if (options->protocol & SSH_PROTO_2) {
-                        add_identity_file(options, "~/",
-                            _PATH_SSH_CLIENT_ID_RSA, 0);
-                        add_identity_file(options, "~/",
-                            _PATH_SSH_CLIENT_ID_DSA, 0);
+                add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_RSA, 0);
+                add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_DSA, 0);
 #ifdef OPENSSL_HAS_ECC
-                        add_identity_file(options, "~/",
-                            _PATH_SSH_CLIENT_ID_ECDSA, 0);
+                add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ECDSA, 0);
 #endif
-                        add_identity_file(options, "~/",
-                            _PATH_SSH_CLIENT_ID_ED25519, 0);
-                }
+                add_identity_file(options, "~/",
+                    _PATH_SSH_CLIENT_ID_ED25519, 0);
         }
         if (options->escape_char == -1)
                 options->escape_char = '~';
@@ -2395,17 +2372,6 @@ fmt_intarg(OpCodes code, int val)
                 return fmt_multistate_int(val, multistate_canonicalizehostname);
         case oFingerprintHash:
                 return ssh_digest_alg_name(val);
-        case oProtocol:
-                switch (val) {
-                case SSH_PROTO_1:
-                        return "1";
-                case SSH_PROTO_2:
-                        return "2";
-                case (SSH_PROTO_1|SSH_PROTO_2):
-                        return "2,1";
-                default:
-                        return "UNKNOWN";
-                }
         default:
                 switch (val) {
                 case 0:
@@ -2550,7 +2516,6 @@ dump_client_config(Options *o, const char *host)
         dump_cfg_fmtint(oNoHostAuthenticationForLocalhost, o->no_host_authentication_for_localhost);
         dump_cfg_fmtint(oPasswordAuthentication, o->password_authentication);
         dump_cfg_fmtint(oPermitLocalCommand, o->permit_local_command);
-        dump_cfg_fmtint(oProtocol, o->protocol);
         dump_cfg_fmtint(oProxyUseFdpass, o->proxy_use_fdpass);
         dump_cfg_fmtint(oPubkeyAuthentication, o->pubkey_authentication);
         dump_cfg_fmtint(oRequestTTY, o->request_tty);
diff --git a/readconf.h b/readconf.h
index d62428101..f53864854 100644
--- a/readconf.h
+++ b/readconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.h,v 1.118 2017/04/28 03:20:27 dtucker Exp $ */
+/* $OpenBSD: readconf.h,v 1.119 2017/04/30 23:11:45 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -75,7 +75,6 @@ typedef struct {
         char   *macs;           /* SSH2 macs in order of preference. */
         char   *hostkeyalgorithms;      /* SSH2 server key types in order of preference. */
         char   *kex_algorithms; /* SSH2 kex methods in order of preference. */
-        int     protocol;       /* Protocol in order of preference. */
         char   *hostname;       /* Real host to connect. */
         char   *host_key_alias; /* hostname alias for .ssh/known_hosts */
         char   *proxy_command;  /* Proxy command for connecting the host. */
diff --git a/ssh.c b/ssh.c
index 38c8e837f..766a1790d 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.453 2017/04/30 23:10:43 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.454 2017/04/30 23:11:45 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -609,10 +609,10 @@ main(int ac, char **av)
             "ACD:E:F:GI:J:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
                 switch (opt) {
                 case '1':
-                        options.protocol = SSH_PROTO_1;
+                        fatal("SSH protocol v.1 is no longer supported");
                         break;
                 case '2':
-                        options.protocol = SSH_PROTO_2;
+                        /* Ignored */
                         break;
                 case '4':
                         options.address_family = AF_INET;
diff --git a/sshconnect.c b/sshconnect.c
index 26ffbc802..d48f2e06c 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.274 2017/04/30 23:10:43 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.275 2017/04/30 23:11:45 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -549,7 +549,7 @@ ssh_exchange_identification(int timeout_ms)
         int remote_major, remote_minor, mismatch;
         int connection_in = packet_get_connection_in();
         int connection_out = packet_get_connection_out();
-        int minor1 = PROTOCOL_MINOR_1, client_banner_sent = 0;
+        int client_banner_sent = 0;
         u_int i, n;
         size_t len;
         int fdsetsz, remaining, rc;
@@ -559,15 +559,9 @@ ssh_exchange_identification(int timeout_ms)
         fdsetsz = howmany(connection_in + 1, NFDBITS) * sizeof(fd_mask);
         fdset = xcalloc(1, fdsetsz);
 
-        /*
-         * If we are SSH2-only then we can send the banner immediately and
-         * save a round-trip.
-         */
-        if (options.protocol == SSH_PROTO_2) {
-                enable_compat20();
-                send_client_banner(connection_out, 0);
-                client_banner_sent = 1;
-        }
+        enable_compat20();
+        send_client_banner(connection_out, 0);
+        client_banner_sent = 1;
 
         /* Read other side's version identification. */
         remaining = timeout_ms;
@@ -635,50 +629,27 @@ ssh_exchange_identification(int timeout_ms)
 
         switch (remote_major) {
         case 1:
-                if (remote_minor == 99 &&
-                    (options.protocol & SSH_PROTO_2) &&
-                    !(options.protocol & SSH_PROTO_1_PREFERRED)) {
+                if (remote_minor == 99)
                         enable_compat20();
-                        break;
-                }
-                if (!(options.protocol & SSH_PROTO_1)) {
+                else
                         mismatch = 1;
-                        break;
-                }
-                if (remote_minor < 3) {
-                        fatal("Remote machine has too old SSH software version.");
-                } else if (remote_minor == 3 || remote_minor == 4) {
-                        /* We speak 1.3, too. */
-                        enable_compat13();
-                        minor1 = 3;
-                        if (options.forward_agent) {
-                                logit("Agent forwarding disabled for protocol 1.3");
-                                options.forward_agent = 0;
-                        }
-                }
                 break;
         case 2:
-                if (options.protocol & SSH_PROTO_2) {
-                        enable_compat20();
-                        break;
-                }
-                /* FALLTHROUGH */
+                enable_compat20();
+                break;
         default:
                 mismatch = 1;
                 break;
         }
         if (mismatch)
                 fatal("Protocol major versions differ: %d vs. %d",
-                    (options.protocol & SSH_PROTO_2) ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1,
-                    remote_major);
+                    PROTOCOL_MAJOR_2, remote_major);
         if ((datafellows & SSH_BUG_DERIVEKEY) != 0)
                 fatal("Server version \"%.100s\" uses unsafe key agreement; "
                     "refusing connection", remote_version);
         if ((datafellows & SSH_BUG_RSASIGMD5) != 0)
                 logit("Server version \"%.100s\" uses unsafe RSA signature "
                     "scheme; disabling use of RSA keys", remote_version);
-        if (!client_banner_sent)
-                send_client_banner(connection_out, minor1);
         chop(server_version_string);
 }