Sync remaining ChallengeResponse removal.

These were omitted from commit 88868fd131.

auth2-kbdint.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-kbdint.c,v 1.12 2020/10/18 11:32:01 djm Exp $ */
+/* $OpenBSD: auth2-kbdint.c,v 1.13 2021/07/02 05:11:20 dtucker Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -56,7 +56,7 @@ userauth_kbdint(struct ssh *ssh)
 
 	debug("keyboard-interactive devs %s", devs);
 
-	if (options.challenge_response_authentication)
+	if (options.kbd_interactive_authentication)
 		authenticated = auth2_challenge(ssh, devs);
 
 	free(devs);

monitor.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.226 2021/04/30 04:02:52 dtucker Exp $ */
+/* $OpenBSD: monitor.c,v 1.227 2021/07/02 05:11:20 dtucker Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -962,7 +962,7 @@ mm_answer_bsdauthrespond(struct ssh *ssh, int sock, struct sshbuf *m)
 
 	if ((r = sshbuf_get_cstring(m, &response, NULL)) != 0)
 		fatal_fr(r, "parse");
-	authok = options.challenge_response_authentication &&
+	authok = options.kbd_interactive_authentication &&
 	    auth_userresponse(authctxt->as, response, 0);
 	authctxt->as = NULL;
 	debug3_f("<%s> = <%d>", response, authok);

readconf.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.h,v 1.140 2021/02/15 20:43:15 markus Exp $ */
+/* $OpenBSD: readconf.h,v 1.141 2021/07/02 05:11:21 dtucker Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -38,8 +38,6 @@ typedef struct {
 	struct ForwardOptions fwd_opts;	/* forwarding options */
 	int     pubkey_authentication;	/* Try ssh2 pubkey authentication. */
 	int     hostbased_authentication;	/* ssh2's rhosts_rsa */
-	int     challenge_response_authentication;
-					/* Try S/Key or TIS, authentication. */
 	int     gss_authentication;	/* Try GSS authentication */
 	int     gss_deleg_creds;	/* Delegate GSS credentials */
 	int     password_authentication;	/* Try password

scp.1

@@ -8,9 +8,9 @@
 .\"
 .\" Created: Sun May  7 00:14:37 1995 ylo
 .\"
-.\" $OpenBSD: scp.1,v 1.95 2021/01/26 15:40:17 naddy Exp $
+.\" $OpenBSD: scp.1,v 1.96 2021/07/02 05:11:21 dtucker Exp $
 .\"
-.Dd $Mdocdate: January 26 2021 $
+.Dd $Mdocdate: July 2 2021 $
 .Dt SCP 1
 .Os
 .Sh NAME
@@ -158,7 +158,6 @@ For full details of the options listed below, and their possible values, see
 .It CanonicalizePermittedCNAMEs
 .It CASignatureAlgorithms
 .It CertificateFile
-.It ChallengeResponseAuthentication
 .It CheckHostIP
 .It Ciphers
 .It Compression

servconf.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.154 2021/04/03 06:18:40 djm Exp $ */
+/* $OpenBSD: servconf.h,v 1.155 2021/07/02 05:11:21 dtucker Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -146,7 +146,6 @@ typedef struct {
 	int     password_authentication;	/* If true, permit password
 						 * authentication. */
 	int     kbd_interactive_authentication;	/* If true, permit */
-	int     challenge_response_authentication;
 	int     permit_empty_passwd;	/* If false, do not permit empty
 					 * passwords. */
 	int     permit_user_env;	/* If true, read ~/.ssh/environment */

sftp.1

@@ -1,4 +1,4 @@
-.\" $OpenBSD: sftp.1,v 1.137 2021/02/12 03:49:09 djm Exp $
+.\" $OpenBSD: sftp.1,v 1.138 2021/07/02 05:11:21 dtucker Exp $
 .\"
 .\" Copyright (c) 2001 Damien Miller.  All rights reserved.
 .\"
@@ -22,7 +22,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: February 12 2021 $
+.Dd $Mdocdate: July 2 2021 $
 .Dt SFTP 1
 .Os
 .Sh NAME
@@ -232,7 +232,6 @@ For full details of the options listed below, and their possible values, see
 .It CanonicalizePermittedCNAMEs
 .It CASignatureAlgorithms
 .It CertificateFile
-.It ChallengeResponseAuthentication
 .It CheckHostIP
 .It Ciphers
 .It Compression

ssh.1

@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.420 2021/06/25 06:20:39 dtucker Exp $
+.\" $OpenBSD: ssh.1,v 1.421 2021/07/02 05:11:21 dtucker Exp $
-.Dd $Mdocdate: June 25 2021 $
+.Dd $Mdocdate: July 2 2021 $
 .Dt SSH 1
 .Os
 .Sh NAME
@@ -485,7 +485,6 @@ For full details of the options listed below, and their possible values, see
 .It CanonicalizePermittedCNAMEs
 .It CASignatureAlgorithms
 .It CertificateFile
-.It ChallengeResponseAuthentication
 .It CheckHostIP
 .It Ciphers
 .It ClearAllForwardings
@@ -833,7 +832,7 @@ The methods available for authentication are:
 GSSAPI-based authentication,
 host-based authentication,
 public key authentication,
-challenge-response authentication,
+keyboard-interactive authentication,
 and password authentication.
 Authentication methods are tried in the order specified above,
 though
@@ -971,11 +970,11 @@ directive in
 .Xr ssh_config 5
 for more information.
 .Pp
-Challenge-response authentication works as follows:
+Keyboard-interactive authentication works as follows:
 The server sends an arbitrary
 .Qq challenge
-text, and prompts for a response.
+text and prompts for a response, possibly multiple times.
-Examples of challenge-response authentication include
+Examples of keyboard-interactive authentication include
 .Bx
 Authentication (see
 .Xr login.conf 5 )

ssh_config.5

@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.354 2021/06/04 05:10:03 djm Exp $
+.\" $OpenBSD: ssh_config.5,v 1.355 2021/07/02 05:11:21 dtucker Exp $
-.Dd $Mdocdate: June 4 2021 $
+.Dd $Mdocdate: July 2 2021 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -412,13 +412,6 @@ Multiple
 .Cm CertificateFile
 directives will add to the list of certificates used for
 authentication.
-.It Cm ChallengeResponseAuthentication
-Specifies whether to use challenge-response authentication.
-The argument to this keyword must be
-.Cm yes
-(the default)
-or
-.Cm no .
 .It Cm CheckHostIP
 If set to
 .Cm yes
@@ -1085,6 +1078,8 @@ The argument to this keyword must be
 (the default)
 or
 .Cm no .
+.Cm ChallengeResponseAuthentication
+is a deprecated alias for this.
 .It Cm KbdInteractiveDevices
 Specifies the list of methods to use in keyboard-interactive authentication.
 Multiple method names must be comma-separated.

sshconnect.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.354 2021/06/25 06:20:39 dtucker Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.355 2021/07/02 05:11:21 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1298,13 +1298,6 @@ check_host_key(char *hostname, const struct ssh_conn_info *cinfo,
 			error("Keyboard-interactive authentication is disabled"
 			    " to avoid man-in-the-middle attacks.");
 			options.kbd_interactive_authentication = 0;
-			options.challenge_response_authentication = 0;
-			cancelled_forwarding = 1;
-		}
-		if (options.challenge_response_authentication) {
-			error("Challenge/response authentication is disabled"
-			    " to avoid man-in-the-middle attacks.");
-			options.challenge_response_authentication = 0;
 			cancelled_forwarding = 1;
 		}
 		if (options.forward_agent) {

sshconnect2.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.349 2021/06/07 03:38:38 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.350 2021/07/02 05:11:21 dtucker Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -442,8 +442,6 @@ ssh_userauth2(struct ssh *ssh, const char *local_user,
 	Authctxt authctxt;
 	int r;
 
-	if (options.challenge_response_authentication)
-		options.kbd_interactive_authentication = 1;
 	if (options.preferred_authentications == NULL)
 		options.preferred_authentications = authmethods_get();
 

sshd.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.576 2021/06/10 03:14:14 dtucker Exp $ */
+/* $OpenBSD: sshd.c,v 1.577 2021/07/02 05:11:21 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1753,10 +1753,6 @@ main(int ac, char **av)
 	/* Fill in default values for those options not explicitly set. */
 	fill_default_server_options(&options);
 
-	/* challenge-response is implemented via keyboard interactive */
-	if (options.challenge_response_authentication)
-		options.kbd_interactive_authentication = 1;
-
 	/* Check that options are sensible */
 	if (options.authorized_keys_command_user == NULL &&
 	    (options.authorized_keys_command != NULL &&