upstream commit

remove ssh1 server code; ok djm@

Upstream-ID: c24c0c32c49b91740d5a94ae914fb1898ea5f534

16 files changed, 84 insertions, 2763 deletions

diff --git a/Makefile.in b/Makefile.in
index 12991cd9..62fdb09f 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -97,11 +97,11 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
 SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
 	sshconnect.o sshconnect1.o sshconnect2.o mux.o
 
-SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
+SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o \
 	audit.o audit-bsm.o audit-linux.o platform.o \
 	sshpty.o sshlogin.o servconf.o serverloop.o \
-	auth.o auth1.o auth2.o auth-options.o session.o \
-	auth-chall.o auth2-chall.o groupaccess.o \
+	auth.o auth2.o auth-options.o session.o \
+	auth2-chall.o groupaccess.o \
 	auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \
 	auth2-none.o auth2-passwd.o auth2-pubkey.o \
 	monitor_mm.o monitor.o monitor_wrap.o auth-krb5.o \
diff --git a/auth-chall.c b/auth-chall.c
deleted file mode 100644
index 60c9f14c..00000000
--- a/auth-chall.c
+++ /dev/null
@@ -1,125 +0,0 @@
-/* $OpenBSD: auth-chall.c,v 1.14 2014/06/24 01:13:21 djm Exp $ */
-/*
- * Copyright (c) 2001 Markus Friedl.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "includes.h"
-
-#include <sys/types.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <stdio.h>
-
-#include "xmalloc.h"
-#include "key.h"
-#include "hostfile.h"
-#include "auth.h"
-#include "log.h"
-#include "misc.h"
-#include "servconf.h"
-
-/* limited protocol v1 interface to kbd-interactive authentication */
-
-extern KbdintDevice *devices[];
-static KbdintDevice *device;
-extern ServerOptions options;
-
-char *
-get_challenge(Authctxt *authctxt)
-{
-	char *challenge, *name, *info, **prompts;
-	u_int i, numprompts;
-	u_int *echo_on;
-
-#ifdef USE_PAM
-	if (!options.use_pam)
-		remove_kbdint_device("pam");
-#endif
-
-	device = devices[0]; /* we always use the 1st device for protocol 1 */
-	if (device == NULL)
-		return NULL;
-	if ((authctxt->kbdintctxt = device->init_ctx(authctxt)) == NULL)
-		return NULL;
-	if (device->query(authctxt->kbdintctxt, &name, &info,
-	    &numprompts, &prompts, &echo_on)) {
-		device->free_ctx(authctxt->kbdintctxt);
-		authctxt->kbdintctxt = NULL;
-		return NULL;
-	}
-	if (numprompts < 1)
-		fatal("get_challenge: numprompts < 1");
-	challenge = xstrdup(prompts[0]);
-	for (i = 0; i < numprompts; i++)
-		free(prompts[i]);
-	free(prompts);
-	free(name);
-	free(echo_on);
-	free(info);
-
-	return (challenge);
-}
-int
-verify_response(Authctxt *authctxt, const char *response)
-{
-	char *resp[1], *name, *info, **prompts;
-	u_int i, numprompts, *echo_on;
-	int authenticated = 0;
-
-	if (device == NULL)
-		return 0;
-	if (authctxt->kbdintctxt == NULL)
-		return 0;
-	resp[0] = (char *)response;
-	switch (device->respond(authctxt->kbdintctxt, 1, resp)) {
-	case 0: /* Success */
-		authenticated = 1;
-		break;
-	case 1: /* Postponed - retry with empty query for PAM */
-		if ((device->query(authctxt->kbdintctxt, &name, &info,
-		    &numprompts, &prompts, &echo_on)) != 0)
-			break;
-		if (numprompts == 0 &&
-		    device->respond(authctxt->kbdintctxt, 0, resp) == 0)
-			authenticated = 1;
-
-		for (i = 0; i < numprompts; i++)
-			free(prompts[i]);
-		free(prompts);
-		free(name);
-		free(echo_on);
-		free(info);
-		break;
-	}
-	device->free_ctx(authctxt->kbdintctxt);
-	authctxt->kbdintctxt = NULL;
-	return authenticated;
-}
-void
-abandon_challenge_response(Authctxt *authctxt)
-{
-	if (authctxt->kbdintctxt != NULL) {
-		device->free_ctx(authctxt->kbdintctxt);
-		authctxt->kbdintctxt = NULL;
-	}
-}
diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c
deleted file mode 100644
index 057335ba..00000000
--- a/auth-rh-rsa.c
+++ /dev/null
@@ -1,109 +0,0 @@
-/* $OpenBSD: auth-rh-rsa.c,v 1.45 2016/03/07 19:02:43 djm Exp $ */
-/*
- * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
- *                    All rights reserved
- * Rhosts or /etc/hosts.equiv authentication combined with RSA host
- * authentication.
- *
- * As far as I am concerned, the code I have written for this software
- * can be used freely for any purpose.  Any derived versions of this
- * software must be clearly marked as such, and if the derived work is
- * incompatible with the protocol description in the RFC file, it must be
- * called by a name other than "ssh" or "Secure Shell".
- */
-
-#include "includes.h"
-
-#ifdef WITH_SSH1
-
-#include <sys/types.h>
-
-#include <pwd.h>
-#include <stdarg.h>
-
-#include "packet.h"
-#include "uidswap.h"
-#include "log.h"
-#include "buffer.h"
-#include "misc.h"
-#include "servconf.h"
-#include "key.h"
-#include "hostfile.h"
-#include "pathnames.h"
-#include "auth.h"
-#include "canohost.h"
-#ifdef GSSAPI
-#include "ssh-gss.h"
-#endif
-#include "monitor_wrap.h"
-
-/* import */
-extern ServerOptions options;
-
-int
-auth_rhosts_rsa_key_allowed(struct passwd *pw, const char *cuser,
-    const char *chost, Key *client_host_key)
-{
-	HostStatus host_status;
-
-	if (auth_key_is_revoked(client_host_key))
-		return 0;
-
-	/* Check if we would accept it using rhosts authentication. */
-	if (!auth_rhosts(pw, cuser))
-		return 0;
-
-	host_status = check_key_in_hostfiles(pw, client_host_key,
-	    chost, _PATH_SSH_SYSTEM_HOSTFILE,
-	    options.ignore_user_known_hosts ? NULL : _PATH_SSH_USER_HOSTFILE);
-
-	return (host_status == HOST_OK);
-}
-
-/*
- * Tries to authenticate the user using the .rhosts file and the host using
- * its host key.  Returns true if authentication succeeds.
- */
-int
-auth_rhosts_rsa(Authctxt *authctxt, char *cuser, Key *client_host_key)
-{
-	struct ssh *ssh = active_state; /* XXX */
-	const char *chost;
-	struct passwd *pw = authctxt->pw;
-
-	debug("Trying rhosts with RSA host authentication for client user %.100s",
-	    cuser);
-
-	if (!authctxt->valid || client_host_key == NULL ||
-	    client_host_key->rsa == NULL)
-		return 0;
-
-	chost = auth_get_canonical_hostname(ssh, options.use_dns);
-	debug("Rhosts RSA authentication: canonical host %.900s", chost);
-
-	if (!PRIVSEP(auth_rhosts_rsa_key_allowed(pw, cuser, chost, client_host_key))) {
-		debug("Rhosts with RSA host authentication denied: unknown or invalid host key");
-		packet_send_debug("Your host key cannot be verified: unknown or invalid host key.");
-		return 0;
-	}
-	/* A matching host key was found and is known. */
-
-	/* Perform the challenge-response dialog with the client for the host key. */
-	if (!auth_rsa_challenge_dialog(client_host_key)) {
-		logit("Client on %.800s failed to respond correctly to host authentication.",
-		    chost);
-		return 0;
-	}
-	/*
-	 * We have authenticated the user using .rhosts or /etc/hosts.equiv,
-	 * and the host using RSA. We accept the authentication.
-	 */
-
-	verbose("Rhosts with RSA host authentication accepted for %.100s, %.100s on %.700s.",
-	    pw->pw_name, cuser, chost);
-	packet_send_debug("Rhosts with RSA host authentication accepted.");
-	return 1;
-}
-
-#endif /* WITH_SSH1 */
diff --git a/auth-rhosts.c b/auth-rhosts.c
index 0ef34471..ecf956f0 100644
--- a/auth-rhosts.c
+++ b/auth-rhosts.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-rhosts.c,v 1.47 2016/03/07 19:02:43 djm Exp $ */
+/* $OpenBSD: auth-rhosts.c,v 1.48 2016/08/13 17:47:41 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -186,20 +186,8 @@ check_rhosts_file(const char *filename, const char *hostname,
  * true if authentication succeeds.  If ignore_rhosts is true, only
  * /etc/hosts.equiv will be considered (.rhosts and .shosts are ignored).
  */
-
 int
-auth_rhosts(struct passwd *pw, const char *client_user)
-{
-	struct ssh *ssh = active_state;	/* XXX */
-	const char *hostname, *ipaddr;
-
-	hostname = auth_get_canonical_hostname(ssh, options.use_dns);
-	ipaddr = ssh_remote_ipaddr(ssh);
-	return auth_rhosts2(pw, client_user, hostname, ipaddr);
-}
-
-static int
-auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostname,
+auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
     const char *ipaddr)
 {
 	char buf[1024];
@@ -334,10 +322,3 @@ auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostnam
 	restore_uid();
 	return 0;
 }
-
-int
-auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
-    const char *ipaddr)
-{
-       return auth_rhosts2_raw(pw, client_user, hostname, ipaddr);
-}
diff --git a/auth-rsa.c b/auth-rsa.c
deleted file mode 100644
index cbd971be..00000000
--- a/auth-rsa.c
+++ /dev/null
@@ -1,349 +0,0 @@
-/* $OpenBSD: auth-rsa.c,v 1.90 2015/01/28 22:36:00 djm Exp $ */
-/*
- * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
- *                    All rights reserved
- * RSA-based authentication.  This code determines whether to admit a login
- * based on RSA authentication.  This file also contains functions to check
- * validity of the host key.
- *
- * As far as I am concerned, the code I have written for this software
- * can be used freely for any purpose.  Any derived versions of this
- * software must be clearly marked as such, and if the derived work is
- * incompatible with the protocol description in the RFC file, it must be
- * called by a name other than "ssh" or "Secure Shell".
- */
-
-#include "includes.h"
-
-#ifdef WITH_SSH1
-
-#include <sys/types.h>
-#include <sys/stat.h>
-
-#include <openssl/rsa.h>
-
-#include <pwd.h>
-#include <stdio.h>
-#include <stdarg.h>
-#include <string.h>
-
-#include "xmalloc.h"
-#include "rsa.h"
-#include "packet.h"
-#include "ssh1.h"
-#include "uidswap.h"
-#include "match.h"
-#include "buffer.h"
-#include "pathnames.h"
-#include "log.h"
-#include "misc.h"
-#include "servconf.h"
-#include "key.h"
-#include "auth-options.h"
-#include "hostfile.h"
-#include "auth.h"
-#ifdef GSSAPI
-#include "ssh-gss.h"
-#endif
-#include "monitor_wrap.h"
-#include "ssh.h"
-
-#include "digest.h"
-
-/* import */
-extern ServerOptions options;
-
-/*
- * Session identifier that is used to bind key exchange and authentication
- * responses to a particular session.
- */
-extern u_char session_id[16];
-
-/*
- * The .ssh/authorized_keys file contains public keys, one per line, in the
- * following format:
- *   options bits e n comment
- * where bits, e and n are decimal numbers,
- * and comment is any string of characters up to newline.  The maximum
- * length of a line is SSH_MAX_PUBKEY_BYTES characters.  See sshd(8) for a
- * description of the options.
- */
-
-BIGNUM *
-auth_rsa_generate_challenge(Key *key)
-{
-	BIGNUM *challenge;
-	BN_CTX *ctx;
-
-	if ((challenge = BN_new()) == NULL)
-		fatal("auth_rsa_generate_challenge: BN_new() failed");
-	/* Generate a random challenge. */
-	if (BN_rand(challenge, 256, 0, 0) == 0)
-		fatal("auth_rsa_generate_challenge: BN_rand failed");
-	if ((ctx = BN_CTX_new()) == NULL)
-		fatal("auth_rsa_generate_challenge: BN_CTX_new failed");
-	if (BN_mod(challenge, challenge, key->rsa->n, ctx) == 0)
-		fatal("auth_rsa_generate_challenge: BN_mod failed");
-	BN_CTX_free(ctx);
-
-	return challenge;
-}
-
-int
-auth_rsa_verify_response(Key *key, BIGNUM *challenge, u_char response[16])
-{
-	u_char buf[32], mdbuf[16];
-	struct ssh_digest_ctx *md;
-	int len;
-
-	/* don't allow short keys */
-	if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
-		error("%s: RSA modulus too small: %d < minimum %d bits",
-		    __func__,
-		    BN_num_bits(key->rsa->n), SSH_RSA_MINIMUM_MODULUS_SIZE);
-		return (0);
-	}
-
-	/* The response is MD5 of decrypted challenge plus session id. */
-	len = BN_num_bytes(challenge);
-	if (len <= 0 || len > 32)
-		fatal("%s: bad challenge length %d", __func__, len);
-	memset(buf, 0, 32);
-	BN_bn2bin(challenge, buf + 32 - len);
-	if ((md = ssh_digest_start(SSH_DIGEST_MD5)) == NULL ||
-	    ssh_digest_update(md, buf, 32) < 0 ||
-	    ssh_digest_update(md, session_id, 16) < 0 ||
-	    ssh_digest_final(md, mdbuf, sizeof(mdbuf)) < 0)
-		fatal("%s: md5 failed", __func__);
-	ssh_digest_free(md);
-
-	/* Verify that the response is the original challenge. */
-	if (timingsafe_bcmp(response, mdbuf, 16) != 0) {
-		/* Wrong answer. */
-		return (0);
-	}
-	/* Correct answer. */
-	return (1);
-}
-
-/*
- * Performs the RSA authentication challenge-response dialog with the client,
- * and returns true (non-zero) if the client gave the correct answer to
- * our challenge; returns zero if the client gives a wrong answer.
- */
-
-int
-auth_rsa_challenge_dialog(Key *key)
-{
-	BIGNUM *challenge, *encrypted_challenge;
-	u_char response[16];
-	int i, success;
-
-	if ((encrypted_challenge = BN_new()) == NULL)
-		fatal("auth_rsa_challenge_dialog: BN_new() failed");
-
-	challenge = PRIVSEP(auth_rsa_generate_challenge(key));
-
-	/* Encrypt the challenge with the public key. */
-	if (rsa_public_encrypt(encrypted_challenge, challenge, key->rsa) != 0)
-		fatal("%s: rsa_public_encrypt failed", __func__);
-
-	/* Send the encrypted challenge to the client. */
-	packet_start(SSH_SMSG_AUTH_RSA_CHALLENGE);
-	packet_put_bignum(encrypted_challenge);
-	packet_send();
-	BN_clear_free(encrypted_challenge);
-	packet_write_wait();
-
-	/* Wait for a response. */
-	packet_read_expect(SSH_CMSG_AUTH_RSA_RESPONSE);
-	for (i = 0; i < 16; i++)
-		response[i] = (u_char)packet_get_char();
-	packet_check_eom();
-
-	success = PRIVSEP(auth_rsa_verify_response(key, challenge, response));
-	BN_clear_free(challenge);
-	return (success);
-}
-
-static int
-rsa_key_allowed_in_file(struct passwd *pw, char *file,
-    const BIGNUM *client_n, Key **rkey)
-{
-	char *fp, line[SSH_MAX_PUBKEY_BYTES];
-	int allowed = 0, bits;
-	FILE *f;
-	u_long linenum = 0;
-	Key *key;
-
-	debug("trying public RSA key file %s", file);
-	if ((f = auth_openkeyfile(file, pw, options.strict_modes)) == NULL)
-		return 0;
-
-	/*
-	 * Go though the accepted keys, looking for the current key.  If
-	 * found, perform a challenge-response dialog to verify that the
-	 * user really has the corresponding private key.
-	 */
-	key = key_new(KEY_RSA1);
-	while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
-		char *cp;
-		char *key_options;
-		int keybits;
-
-		/* Skip leading whitespace, empty and comment lines. */
-		for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
-			;
-		if (!*cp || *cp == '\n' || *cp == '#')
-			continue;
-
-		/*
-		 * Check if there are options for this key, and if so,
-		 * save their starting address and skip the option part
-		 * for now.  If there are no options, set the starting
-		 * address to NULL.
-		 */
-		if (*cp < '0' || *cp > '9') {
-			int quoted = 0;
-			key_options = cp;
-			for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
-				if (*cp == '\\' && cp[1] == '"')
-					cp++;	/* Skip both */
-				else if (*cp == '"')
-					quoted = !quoted;
-			}
-		} else
-			key_options = NULL;
-
-		/* Parse the key from the line. */
-		if (hostfile_read_key(&cp, &bits, key) == 0) {
-			debug("%.100s, line %lu: non ssh1 key syntax",
-			    file, linenum);
-			continue;
-		}
-		/* cp now points to the comment part. */
-
-		/*
-		 * Check if the we have found the desired key (identified
-		 * by its modulus).
-		 */
-		if (BN_cmp(key->rsa->n, client_n) != 0)
-			continue;
-
-		/* check the real bits  */
-		keybits = BN_num_bits(key->rsa->n);
-		if (keybits < 0 || bits != keybits)
-			logit("Warning: %s, line %lu: keysize mismatch: "
-			    "actual %d vs. announced %d.",
-			    file, linenum, BN_num_bits(key->rsa->n), bits);
-
-		if ((fp = sshkey_fingerprint(key, options.fingerprint_hash,
-		    SSH_FP_DEFAULT)) == NULL)
-			continue;
-		debug("matching key found: file %s, line %lu %s %s",
-		    file, linenum, key_type(key), fp);
-		free(fp);
-
-		/* Never accept a revoked key */
-		if (auth_key_is_revoked(key))
-			break;
-
-		/* We have found the desired key. */
-		/*
-		 * If our options do not allow this key to be used,
-		 * do not send challenge.
-		 */
-		if (!auth_parse_options(pw, key_options, file, linenum))
-			continue;
-		if (key_is_cert_authority)
-			continue;
-		/* break out, this key is allowed */
-		allowed = 1;
-		break;
-	}
-
-	/* Close the file. */
-	fclose(f);
-
-	/* return key if allowed */
-	if (allowed && rkey != NULL)
-		*rkey = key;
-	else
-		key_free(key);
-
-	return allowed;
-}
-
-/*
- * check if there's user key matching client_n,
- * return key if login is allowed, NULL otherwise
- */
-
-int
-auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
-{
-	char *file;
-	u_int i, allowed = 0;
-
-	temporarily_use_uid(pw);
-
-	for (i = 0; !allowed && i < options.num_authkeys_files; i++) {
-		if (strcasecmp(options.authorized_keys_files[i], "none") == 0)
-			continue;
-		file = expand_authorized_keys(
-		    options.authorized_keys_files[i], pw);
-		allowed = rsa_key_allowed_in_file(pw, file, client_n, rkey);
-		free(file);
-	}
-
-	restore_uid();
-
-	return allowed;
-}
-
-/*
- * Performs the RSA authentication dialog with the client.  This returns
- * 0 if the client could not be authenticated, and 1 if authentication was
- * successful.  This may exit if there is a serious protocol violation.
- */
-int
-auth_rsa(Authctxt *authctxt, BIGNUM *client_n)
-{
-	Key *key;
-	struct passwd *pw = authctxt->pw;
-
-	/* no user given */
-	if (!authctxt->valid)
-		return 0;
-
-	if (!PRIVSEP(auth_rsa_key_allowed(pw, client_n, &key))) {
-		auth_clear_options();
-		return (0);
-	}
-
-	/* Perform the challenge-response dialog for this key. */
-	if (!auth_rsa_challenge_dialog(key)) {
-		/* Wrong response. */
-		verbose("Wrong response to RSA authentication challenge.");
-		packet_send_debug("Wrong response to RSA authentication challenge.");
-		/*
-		 * Break out of the loop. Otherwise we might send
-		 * another challenge and break the protocol.
-		 */
-		key_free(key);
-		return (0);
-	}
-	/*
-	 * Correct response.  The client has been successfully
-	 * authenticated. Note that we have not yet processed the
-	 * options; this will be reset if the options cause the
-	 * authentication to be rejected.
-	 */
-	pubkey_auth_info(authctxt, key, NULL);
-
-	packet_send_debug("RSA authentication accepted.");
-	return (1);
-}
-
-#endif /* WITH_SSH1 */
diff --git a/auth.c b/auth.c
index 24527dd7..b6a44021 100644
--- a/auth.c
+++ b/auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.115 2016/06/15 00:40:40 dtucker Exp $ */
+/* $OpenBSD: auth.c,v 1.116 2016/08/13 17:47:41 markus Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -298,7 +298,7 @@ auth_log(Authctxt *authctxt, int authenticated, int partial,
 	else
 		authmsg = authenticated ? "Accepted" : "Failed";
 
-	authlog("%s %s%s%s for %s%.100s from %.200s port %d %s%s%s",
+	authlog("%s %s%s%s for %s%.100s from %.200s port %d ssh2%s%s",
 	    authmsg,
 	    method,
 	    submethod != NULL ? "/" : "", submethod == NULL ? "" : submethod,
@@ -306,7 +306,6 @@ auth_log(Authctxt *authctxt, int authenticated, int partial,
 	    authctxt->user,
 	    ssh_remote_ipaddr(ssh),
 	    ssh_remote_port(ssh),
-	    compat20 ? "ssh2" : "ssh1",
 	    authctxt->info != NULL ? ": " : "",
 	    authctxt->info != NULL ? authctxt->info : "");
 	free(authctxt->info);
@@ -339,12 +338,11 @@ auth_maxtries_exceeded(Authctxt *authctxt)
 	struct ssh *ssh = active_state; /* XXX */
 
 	error("maximum authentication attempts exceeded for "
-	    "%s%.100s from %.200s port %d %s",
+	    "%s%.100s from %.200s port %d ssh2",
 	    authctxt->valid ? "" : "invalid user ",
 	    authctxt->user,
 	    ssh_remote_ipaddr(ssh),
-	    ssh_remote_port(ssh),
-	    compat20 ? "ssh2" : "ssh1");
+	    ssh_remote_port(ssh));
 	packet_disconnect("Too many authentication failures");
 	/* NOTREACHED */
 }
diff --git a/auth.h b/auth.h
index 55170af5..338a62da 100644
--- a/auth.h
+++ b/auth.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.h,v 1.88 2016/05/04 14:04:40 markus Exp $ */
+/* $OpenBSD: auth.h,v 1.89 2016/08/13 17:47:41 markus Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -112,20 +112,11 @@ struct KbdintDevice
 	void	(*free_ctx)(void *ctx);
 };
 
-int      auth_rhosts(struct passwd *, const char *);
 int
 auth_rhosts2(struct passwd *, const char *, const char *, const char *);
 
-int	 auth_rhosts_rsa(Authctxt *, char *, Key *);
 int      auth_password(Authctxt *, const char *);
-int      auth_rsa(Authctxt *, BIGNUM *);
-int      auth_rsa_challenge_dialog(Key *);
-BIGNUM	*auth_rsa_generate_challenge(Key *);
-int	 auth_rsa_verify_response(Key *, BIGNUM *, u_char[]);
-int	 auth_rsa_key_allowed(struct passwd *, BIGNUM *, Key **);
-
-int	 auth_rhosts_rsa_key_allowed(struct passwd *, const char *,
-    const char *, Key *);
+
 int	 hostbased_key_allowed(struct passwd *, const char *, char *, Key *);
 int	 user_key_allowed(struct passwd *, Key *, int);
 void	 pubkey_auth_info(Authctxt *, const Key *, const char *, ...)
@@ -156,7 +147,6 @@ void remove_kbdint_device(const char *);
 
 void disable_forwarding(void);
 
-void	do_authentication(Authctxt *);
 void	do_authentication2(Authctxt *);
 
 void	auth_info(Authctxt *authctxt, const char *, ...)
@@ -187,10 +177,6 @@ int	skey_respond(void *, u_int, char **);
 int	allowed_user(struct passwd *);
 struct passwd * getpwnamallow(const char *user);
 
-char	*get_challenge(Authctxt *);
-int	verify_response(Authctxt *, const char *);
-void	abandon_challenge_response(Authctxt *);
-
 char	*expand_authorized_keys(const char *, struct passwd *pw);
 char	*authorized_principals_file(struct passwd *);
 
@@ -210,7 +196,6 @@ Key	*get_hostkey_public_by_index(int, struct ssh *);
 Key	*get_hostkey_public_by_type(int, int, struct ssh *);
 Key	*get_hostkey_private_by_type(int, int, struct ssh *);
 int	 get_hostkey_index(Key *, int, struct ssh *);
-int	 ssh1_session_key(BIGNUM *);
 int	 sshd_hostkey_sign(Key *, Key *, u_char **, size_t *,
 	     const u_char *, size_t, const char *, u_int);
 
diff --git a/auth1.c b/auth1.c
deleted file mode 100644
index 5073c49b..00000000
--- a/auth1.c
+++ /dev/null
@@ -1,444 +0,0 @@
-/* $OpenBSD: auth1.c,v 1.82 2014/07/15 15:54:14 millert Exp $ */
-/*
- * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
- *                    All rights reserved
- *
- * As far as I am concerned, the code I have written for this software
- * can be used freely for any purpose.  Any derived versions of this
- * software must be clearly marked as such, and if the derived work is
- * incompatible with the protocol description in the RFC file, it must be
- * called by a name other than "ssh" or "Secure Shell".
- */
-
-#include "includes.h"
-
-#ifdef WITH_SSH1
-
-#include <sys/types.h>
-
-#include <stdarg.h>
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-#include <pwd.h>
-
-#include "openbsd-compat/sys-queue.h"
-#include "xmalloc.h"
-#include "rsa.h"
-#include "ssh1.h"
-#include "packet.h"
-#include "buffer.h"
-#include "log.h"
-#include "misc.h"
-#include "servconf.h"
-#include "compat.h"
-#include "key.h"
-#include "hostfile.h"
-#include "auth.h"
-#include "channels.h"
-#include "session.h"
-#include "uidswap.h"
-#ifdef GSSAPI
-#include "ssh-gss.h"
-#endif
-#include "monitor_wrap.h"
-#include "buffer.h"
-
-/* import */
-extern ServerOptions options;
-extern Buffer loginmsg;
-
-static int auth1_process_password(Authctxt *);
-static int auth1_process_rsa(Authctxt *);
-static int auth1_process_rhosts_rsa(Authctxt *);
-static int auth1_process_tis_challenge(Authctxt *);
-static int auth1_process_tis_response(Authctxt *);
-
-static char *client_user = NULL;    /* Used to fill in remote user for PAM */
-
-struct AuthMethod1 {
-	int type;
-	char *name;
-	int *enabled;
-	int (*method)(Authctxt *);
-};
-
-const struct AuthMethod1 auth1_methods[] = {
-	{
-		SSH_CMSG_AUTH_PASSWORD, "password",
-		&options.password_authentication, auth1_process_password
-	},
-	{
-		SSH_CMSG_AUTH_RSA, "rsa",
-		&options.rsa_authentication, auth1_process_rsa
-	},
-	{
-		SSH_CMSG_AUTH_RHOSTS_RSA, "rhosts-rsa",
-		&options.rhosts_rsa_authentication, auth1_process_rhosts_rsa
-	},
-	{
-		SSH_CMSG_AUTH_TIS, "challenge-response",
-		&options.challenge_response_authentication,
-		auth1_process_tis_challenge
-	},
-	{
-		SSH_CMSG_AUTH_TIS_RESPONSE, "challenge-response",
-		&options.challenge_response_authentication,
-		auth1_process_tis_response
-	},
-	{ -1, NULL, NULL, NULL}
-};
-
-static const struct AuthMethod1
-*lookup_authmethod1(int type)
-{
-	int i;
-
-	for (i = 0; auth1_methods[i].name != NULL; i++)
-		if (auth1_methods[i].type == type)
-			return (&(auth1_methods[i]));
-
-	return (NULL);
-}
-
-static char *
-get_authname(int type)
-{
-	const struct AuthMethod1 *a;
-	static char buf[64];
-
-	if ((a = lookup_authmethod1(type)) != NULL)
-		return (a->name);
-	snprintf(buf, sizeof(buf), "bad-auth-msg-%d", type);
-	return (buf);
-}
-
-/*ARGSUSED*/
-static int
-auth1_process_password(Authctxt *authctxt)
-{
-	int authenticated = 0;
-	char *password;
-	u_int dlen;
-
-	/*
-	 * Read user password.  It is in plain text, but was
-	 * transmitted over the encrypted channel so it is
-	 * not visible to an outside observer.
-	 */
-	password = packet_get_string(&dlen);
-	packet_check_eom();
-
-	/* Try authentication with the password. */
-	authenticated = PRIVSEP(auth_password(authctxt, password));
-
-	explicit_bzero(password, dlen);
-	free(password);
-
-	return (authenticated);
-}
-
-/*ARGSUSED*/
-static int
-auth1_process_rsa(Authctxt *authctxt)
-{
-	int authenticated = 0;
-	BIGNUM *n;
-
-	/* RSA authentication requested. */
-	if ((n = BN_new()) == NULL)
-		fatal("do_authloop: BN_new failed");
-	packet_get_bignum(n);
-	packet_check_eom();
-	authenticated = auth_rsa(authctxt, n);
-	BN_clear_free(n);
-
-	return (authenticated);
-}
-
-/*ARGSUSED*/
-static int
-auth1_process_rhosts_rsa(Authctxt *authctxt)
-{
-	int keybits, authenticated = 0;
-	u_int bits;
-	Key *client_host_key;
-	u_int ulen;
-
-	/*
-	 * Get client user name.  Note that we just have to
-	 * trust the client; root on the client machine can
-	 * claim to be any user.
-	 */
-	client_user = packet_get_cstring(&ulen);
-
-	/* Get the client host key. */
-	client_host_key = key_new(KEY_RSA1);
-	bits = packet_get_int();
-	packet_get_bignum(client_host_key->rsa->e);
-	packet_get_bignum(client_host_key->rsa->n);
-
-	keybits = BN_num_bits(client_host_key->rsa->n);
-	if (keybits < 0 || bits != (u_int)keybits) {
-		verbose("Warning: keysize mismatch for client_host_key: "
-		    "actual %d, announced %d",
-		    BN_num_bits(client_host_key->rsa->n), bits);
-	}
-	packet_check_eom();
-
-	authenticated = auth_rhosts_rsa(authctxt, client_user,
-	    client_host_key);
-	key_free(client_host_key);
-
-	auth_info(authctxt, "ruser %.100s", client_user);
-
-	return (authenticated);
-}
-
-/*ARGSUSED*/
-static int
-auth1_process_tis_challenge(Authctxt *authctxt)
-{
-	char *challenge;
-
-	if ((challenge = get_challenge(authctxt)) == NULL)
-		return (0);
-
-	debug("sending challenge '%s'", challenge);
-	packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE);
-	packet_put_cstring(challenge);
-	free(