Index: readconf.c
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/readconf.c,v
retrieving revision 1.12
diff -u -r1.12 readconf.c
--- readconf.c	2001/05/04 04:14:22	1.12
+++ readconf.c	2001/07/15 18:50:24
@@ -848,7 +848,7 @@
 	if (options->port == -1)
 		options->port = 0;	/* Filled in ssh_connect. */
 	if (options->connection_attempts == -1)
-		options->connection_attempts = 4;
+		options->connection_attempts = 1;
 	if (options->number_of_password_prompts == -1)
 		options->number_of_password_prompts = 3;
 	/* Selected in ssh_login(). */
Index: ssh.c
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/ssh.c,v
retrieving revision 1.14
diff -u -r1.14 ssh.c
--- ssh.c	2001/05/04 04:14:23	1.14
+++ ssh.c	2001/07/15 18:53:51
@@ -238,7 +238,7 @@
 int
 main(int ac, char **av)
 {
-	int i, opt, optind, exit_status, ok;
+	int i, opt, optind, exit_status, cerr;
 	u_short fwd_port, fwd_host_port;
 	char *optarg, *cp, buf[256];
 	struct stat st;
@@ -635,7 +635,7 @@
 
 	/* Open a connection to the remote host. */
 
-	ok = ssh_connect(host, &hostaddr, options.port,
+	cerr = ssh_connect(host, &hostaddr, options.port,
 	    options.connection_attempts,
 	    original_effective_uid != 0 || !options.use_privileged_port,
 	    pw, options.proxy_command);
@@ -648,7 +648,7 @@
 	 */
 	sensitive_data.nkeys = 0;
 	sensitive_data.keys = NULL;
-	if (ok && (options.rhosts_rsa_authentication ||
+	if (!cerr && (options.rhosts_rsa_authentication ||
 	    options.hostbased_authentication)) {
 		sensitive_data.nkeys = 3;
 		sensitive_data.keys = xmalloc(sensitive_data.nkeys*sizeof(Key));
@@ -686,20 +686,19 @@
 			error("Could not create directory '%.200s'.", buf);
 
 	/* Check if the connection failed, and try "rsh" if appropriate. */
-	if (!ok) {
+	if (cerr) {
+		if (!options.fallback_to_rsh)
+			exit(1);
 		if (options.port != 0)
-			log("Secure connection to %.100s on port %hu refused%.100s.",
-			    host, options.port,
-			    options.fallback_to_rsh ? "; reverting to insecure method" : "");
+			log(
+"Secure connection to %.100s on port %hu refused; reverting to insecure method",
+			    host, options.port);
 		else
-			log("Secure connection to %.100s refused%.100s.", host,
-			    options.fallback_to_rsh ? "; reverting to insecure method" : "");
+			log(
+"Secure connection to %.100s refused; reverting to insecure method.", host);
 
-		if (options.fallback_to_rsh) {
-			rsh_connect(host, options.user, &command);
-			fatal("rsh_connect returned");
-		}
-		exit(1);
+		rsh_connect(host, options.user, &command);
+		fatal("rsh_connect returned");
 	}
 	/* load options.identity_files */
 	load_public_identity_files();
Index: sshconnect.c
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/sshconnect.c,v
retrieving revision 1.17
diff -u -r1.17 sshconnect.c
--- sshconnect.c	2001/05/04 04:37:49	1.17
+++ sshconnect.c	2001/07/15 19:17:16
@@ -45,6 +45,28 @@
 /* AF_UNSPEC or AF_INET or AF_INET6 */
 extern int IPv4or6;
 
+static const char *
+sockaddr_ntop(sa)
+	struct sockaddr *sa;
+{
+	void *addr;
+	static char addrbuf[INET6_ADDRSTRLEN];
+
+	switch (sa->sa_family) {
+		case AF_INET:
+			addr = &((struct sockaddr_in *)sa)->sin_addr;
+			break;
+		case AF_INET6:
+			addr = &((struct sockaddr_in6 *)sa)->sin6_addr;
+			break;
+		default:
+			/* This case should be protected against elsewhere */
+			abort();
+	}
+	inet_ntop(sa->sa_family, addr, addrbuf, sizeof(addrbuf));
+	return addrbuf;
+}
+
 /*
  * Connect to the given ssh server using a proxy command.
  */
@@ -142,7 +164,8 @@
 	/* Set the connection file descriptors. */
 	packet_set_connection(pout[0], pin[1]);
 
-	return 1;
+	/* Indicate OK return */
+	return 0;
 }
 
 /*
@@ -188,6 +211,12 @@
  * second).  If proxy_command is non-NULL, it specifies the command (with %h
  * and %p substituted for host and port, respectively) to use to contact
  * the daemon.
+ * Return values:
+ *    0 for OK
+ *    ECONNREFUSED if we got a "Connection Refused" by the peer on any address
+ *    ECONNABORTED if we failed without a "Connection refused"
+ * Suitable error messages for the connection failure will already have been
+ * printed.
  */
 int
 ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
@@ -202,6 +231,13 @@
 	struct addrinfo hints, *ai, *aitop;
 	struct linger linger;
 	struct servent *sp;
+	int port_set_locally;
+	/*
+	 * Did we get only other errors than "Connection refused" (which
+	 * should block fallback to rsh and similar), or did we get at least
+	 * one "Connection refused"?
+	 */
+	int full_failure = 1;
 
 	debug("ssh_connect: getuid %u geteuid %u anon %d",
 	      (u_int) getuid(), (u_int) geteuid(), anonymous);
@@ -213,7 +249,9 @@
 			port = ntohs(sp->s_port);
 		else
 			port = SSH_DEFAULT_PORT;
-	}
+		port_set_locally = 1;
+	} else
+		port_set_locally = 0;
 	/* If a proxy command is given, connect using it. */
 	if (proxy_command != NULL)
 		return ssh_proxy_connect(host, port, pw, proxy_command);
@@ -233,7 +271,7 @@
 	 * will sometimes fail.  In general socket code appears to behave
 	 * quite magically on many machines.
 	 */
-	for (attempt = 0; attempt < connection_attempts; attempt++) {
+	for (attempt = 0; ;) {
 		if (attempt > 0)
 			debug("Trying again...");
 
@@ -256,6 +294,7 @@
 			    !anonymous && geteuid() == 0,
 			    ai->ai_family);
 			if (sock < 0)
+				/* Any error is already output */
 				continue;
 
 			/* Connect to the host.  We use the user's uid in the
@@ -269,7 +308,17 @@
 				restore_uid();
 				break;
 			} else {
-				debug("connect: %.100s", strerror(errno));
+				if (errno == ECONNREFUSED)
+					full_failure = 0;
+				if (port_set_locally)
+					log("ssh: connect to address %s: %s",
+					    sockaddr_ntop(ai->ai_addr),
+					    strerror(errno));
+				else
+					log(
+"ssh: connect to address %s port %s: %s",
+					    sockaddr_ntop(ai->ai_addr), strport,
+					    strerror(errno));
 				restore_uid();
 				/*
 				 * Close the failed socket; there appear to
@@ -284,6 +333,9 @@
 		if (ai)
 			break;	/* Successful connection. */
 
+		attempt++;
+		if (attempt >= connection_attempts)
+			break;
 		/* Sleep a moment before retrying. */
 		sleep(1);
 	}
@@ -292,7 +344,7 @@
 
 	/* Return failure if we didn't get a successful connection. */
 	if (attempt >= connection_attempts)
-		return 0;
+		return full_failure ? ECONNABORTED : ECONNREFUSED;
 
 	debug("Connection established.");
 
@@ -314,7 +366,7 @@
 	/* Set the connection. */
 	packet_set_connection(sock, sock);
 
-	return 1;
+	return 0;
 }
 
 /*