2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * Functions for reading the configuration files.
7 * As far as I am concerned, the code I have written for this software
8 * can be used freely for any purpose. Any derived versions of this
9 * software must be clearly marked as such, and if the derived work is
10 * incompatible with the protocol description in the RFC file, it must be
11 * called by a name other than "ssh" or "Secure Shell".
15 RCSID("$OpenBSD: readconf.c,v 1.134 2004/07/11 17:48:47 deraadt Exp $");
21 #include "pathnames.h"
29 /* Format of the configuration file:
31 # Configuration data is parsed as follows:
32 # 1. command line options
33 # 2. user-specific file
35 # Any configuration value is only changed the first time it is set.
36 # Thus, host-specific definitions should be at the beginning of the
37 # configuration file, and defaults at the end.
39 # Host-specific declarations. These may override anything above. A single
40 # host may match multiple declarations; these are processed in the order
41 # that they are given in.
47 HostName another.host.name.real.org
54 RemoteForward 9999 shadows.cs.hut.fi:9999
60 PasswordAuthentication no
64 ProxyCommand ssh-proxy %h %p
67 PublicKeyAuthentication no
71 PasswordAuthentication no
73 # Defaults for various options
77 PasswordAuthentication yes
79 RhostsRSAAuthentication yes
80 StrictHostKeyChecking yes
82 IdentityFile ~/.ssh/identity
92 oForwardAgent, oForwardX11, oForwardX11Trusted, oGatewayPorts,
93 oPasswordAuthentication, oRSAAuthentication,
94 oChallengeResponseAuthentication, oXAuthLocation,
95 oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
96 oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
97 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
98 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
99 oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts,
100 oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
101 oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
102 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
103 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
104 oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
105 oClearAllForwardings, oNoHostAuthenticationForLocalhost,
106 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
107 oAddressFamily, oGssAuthentication, oGssKeyEx, oGssDelegateCreds,
108 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
109 oSendEnv, oControlPath, oControlMaster,
110 oDeprecated, oUnsupported
113 /* Textual representations of the tokens. */
119 { "forwardagent", oForwardAgent },
120 { "forwardx11", oForwardX11 },
121 { "forwardx11trusted", oForwardX11Trusted },
122 { "xauthlocation", oXAuthLocation },
123 { "gatewayports", oGatewayPorts },
124 { "useprivilegedport", oUsePrivilegedPort },
125 { "rhostsauthentication", oDeprecated },
126 { "passwordauthentication", oPasswordAuthentication },
127 { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
128 { "kbdinteractivedevices", oKbdInteractiveDevices },
129 { "rsaauthentication", oRSAAuthentication },
130 { "pubkeyauthentication", oPubkeyAuthentication },
131 { "dsaauthentication", oPubkeyAuthentication }, /* alias */
132 { "rhostsrsaauthentication", oRhostsRSAAuthentication },
133 { "hostbasedauthentication", oHostbasedAuthentication },
134 { "challengeresponseauthentication", oChallengeResponseAuthentication },
135 { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
136 { "tisauthentication", oChallengeResponseAuthentication }, /* alias */
137 { "kerberosauthentication", oUnsupported },
138 { "kerberostgtpassing", oUnsupported },
139 { "afstokenpassing", oUnsupported },
141 { "gssapiauthentication", oGssAuthentication },
142 { "gssapikeyexchange", oGssKeyEx },
143 { "gssapidelegatecredentials", oGssDelegateCreds },
145 { "gssapiauthentication", oUnsupported },
146 { "gssapikeyexchange", oUnsupported },
147 { "gssapidelegatecredentials", oUnsupported },
149 { "fallbacktorsh", oDeprecated },
150 { "usersh", oDeprecated },
151 { "identityfile", oIdentityFile },
152 { "identityfile2", oIdentityFile }, /* alias */
153 { "identitiesonly", oIdentitiesOnly },
154 { "hostname", oHostName },
155 { "hostkeyalias", oHostKeyAlias },
156 { "proxycommand", oProxyCommand },
158 { "cipher", oCipher },
159 { "ciphers", oCiphers },
161 { "protocol", oProtocol },
162 { "remoteforward", oRemoteForward },
163 { "localforward", oLocalForward },
166 { "escapechar", oEscapeChar },
167 { "globalknownhostsfile", oGlobalKnownHostsFile },
168 { "userknownhostsfile", oUserKnownHostsFile }, /* obsolete */
169 { "globalknownhostsfile2", oGlobalKnownHostsFile2 },
170 { "userknownhostsfile2", oUserKnownHostsFile2 }, /* obsolete */
171 { "connectionattempts", oConnectionAttempts },
172 { "batchmode", oBatchMode },
173 { "checkhostip", oCheckHostIP },
174 { "stricthostkeychecking", oStrictHostKeyChecking },
175 { "compression", oCompression },
176 { "compressionlevel", oCompressionLevel },
177 { "tcpkeepalive", oTCPKeepAlive },
178 { "keepalive", oTCPKeepAlive }, /* obsolete */
179 { "numberofpasswordprompts", oNumberOfPasswordPrompts },
180 { "loglevel", oLogLevel },
181 { "dynamicforward", oDynamicForward },
182 { "preferredauthentications", oPreferredAuthentications },
183 { "hostkeyalgorithms", oHostKeyAlgorithms },
184 { "bindaddress", oBindAddress },
186 { "smartcarddevice", oSmartcardDevice },
188 { "smartcarddevice", oUnsupported },
190 { "clearallforwardings", oClearAllForwardings },
191 { "enablesshkeysign", oEnableSSHKeysign },
192 { "verifyhostkeydns", oVerifyHostKeyDNS },
193 { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
194 { "rekeylimit", oRekeyLimit },
195 { "connecttimeout", oConnectTimeout },
196 { "addressfamily", oAddressFamily },
197 { "serveraliveinterval", oServerAliveInterval },
198 { "serveralivecountmax", oServerAliveCountMax },
199 { "sendenv", oSendEnv },
200 { "controlpath", oControlPath },
201 { "controlmaster", oControlMaster },
206 * Adds a local TCP/IP port forward to options. Never returns if there is an
211 add_local_forward(Options *options, u_short port, const char *host,
215 #ifndef NO_IPPORT_RESERVED_CONCEPT
216 extern uid_t original_real_uid;
217 if (port < IPPORT_RESERVED && original_real_uid != 0)
218 fatal("Privileged ports can only be forwarded by root.");
220 if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
221 fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
222 fwd = &options->local_forwards[options->num_local_forwards++];
224 fwd->host = xstrdup(host);
225 fwd->host_port = host_port;
229 * Adds a remote TCP/IP port forward to options. Never returns if there is
234 add_remote_forward(Options *options, u_short port, const char *host,
238 if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
239 fatal("Too many remote forwards (max %d).",
240 SSH_MAX_FORWARDS_PER_DIRECTION);
241 fwd = &options->remote_forwards[options->num_remote_forwards++];
243 fwd->host = xstrdup(host);
244 fwd->host_port = host_port;
248 clear_forwardings(Options *options)
252 for (i = 0; i < options->num_local_forwards; i++)
253 xfree(options->local_forwards[i].host);
254 options->num_local_forwards = 0;
255 for (i = 0; i < options->num_remote_forwards; i++)
256 xfree(options->remote_forwards[i].host);
257 options->num_remote_forwards = 0;
261 * Returns the number of the token pointed to by cp or oBadOption.
265 parse_token(const char *cp, const char *filename, int linenum)
269 for (i = 0; keywords[i].name; i++)
270 if (strcasecmp(cp, keywords[i].name) == 0)
271 return keywords[i].opcode;
273 error("%s: line %d: Bad configuration option: %s",
274 filename, linenum, cp);
279 * Processes a single option line as used in the configuration files. This
280 * only sets those values that have not already been set.
282 #define WHITESPACE " \t\r\n"
285 process_config_line(Options *options, const char *host,
286 char *line, const char *filename, int linenum,
289 char buf[256], *s, **charptr, *endofnumber, *keyword, *arg;
290 int opcode, *intptr, value;
292 u_short fwd_port, fwd_host_port;
293 char sfwd_host_port[6];
295 /* Strip trailing whitespace */
296 for(len = strlen(line) - 1; len > 0; len--) {
297 if (strchr(WHITESPACE, line[len]) == NULL)
303 /* Get the keyword. (Each line is supposed to begin with a keyword). */
304 keyword = strdelim(&s);
305 /* Ignore leading whitespace. */
306 if (*keyword == '\0')
307 keyword = strdelim(&s);
308 if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
311 opcode = parse_token(keyword, filename, linenum);
315 /* don't panic, but count bad options */
318 case oConnectTimeout:
319 intptr = &options->connection_timeout;
322 if (!arg || *arg == '\0')
323 fatal("%s line %d: missing time value.",
325 if ((value = convtime(arg)) == -1)
326 fatal("%s line %d: invalid time value.",
333 intptr = &options->forward_agent;
336 if (!arg || *arg == '\0')
337 fatal("%.200s line %d: Missing yes/no argument.", filename, linenum);
338 value = 0; /* To avoid compiler warning... */
339 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
341 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
344 fatal("%.200s line %d: Bad yes/no argument.", filename, linenum);
345 if (*activep && *intptr == -1)
350 intptr = &options->forward_x11;
353 case oForwardX11Trusted:
354 intptr = &options->forward_x11_trusted;
358 intptr = &options->gateway_ports;
361 case oUsePrivilegedPort:
362 intptr = &options->use_privileged_port;
365 case oPasswordAuthentication:
366 intptr = &options->password_authentication;
369 case oKbdInteractiveAuthentication:
370 intptr = &options->kbd_interactive_authentication;
373 case oKbdInteractiveDevices:
374 charptr = &options->kbd_interactive_devices;
377 case oPubkeyAuthentication:
378 intptr = &options->pubkey_authentication;
381 case oRSAAuthentication:
382 intptr = &options->rsa_authentication;
385 case oRhostsRSAAuthentication:
386 intptr = &options->rhosts_rsa_authentication;
389 case oHostbasedAuthentication:
390 intptr = &options->hostbased_authentication;
393 case oChallengeResponseAuthentication:
394 intptr = &options->challenge_response_authentication;
397 case oGssAuthentication:
398 intptr = &options->gss_authentication;
402 intptr = &options->gss_keyex;
405 case oGssDelegateCreds:
406 intptr = &options->gss_deleg_creds;
410 intptr = &options->batch_mode;
414 intptr = &options->check_host_ip;
417 case oVerifyHostKeyDNS:
418 intptr = &options->verify_host_key_dns;
421 case oStrictHostKeyChecking:
422 intptr = &options->strict_host_key_checking;
425 if (!arg || *arg == '\0')
426 fatal("%.200s line %d: Missing yes/no/ask argument.",
428 value = 0; /* To avoid compiler warning... */
429 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
431 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
433 else if (strcmp(arg, "ask") == 0)
436 fatal("%.200s line %d: Bad yes/no/ask argument.", filename, linenum);
437 if (*activep && *intptr == -1)
442 intptr = &options->compression;
446 intptr = &options->tcp_keep_alive;
449 case oNoHostAuthenticationForLocalhost:
450 intptr = &options->no_host_authentication_for_localhost;
453 case oNumberOfPasswordPrompts:
454 intptr = &options->number_of_password_prompts;
457 case oCompressionLevel:
458 intptr = &options->compression_level;
462 intptr = &options->rekey_limit;
464 if (!arg || *arg == '\0')
465 fatal("%.200s line %d: Missing argument.", filename, linenum);
466 if (arg[0] < '0' || arg[0] > '9')
467 fatal("%.200s line %d: Bad number.", filename, linenum);
468 value = strtol(arg, &endofnumber, 10);
469 if (arg == endofnumber)
470 fatal("%.200s line %d: Bad number.", filename, linenum);
471 switch (toupper(*endofnumber)) {
482 if (*activep && *intptr == -1)
488 if (!arg || *arg == '\0')
489 fatal("%.200s line %d: Missing argument.", filename, linenum);
491 intptr = &options->num_identity_files;
492 if (*intptr >= SSH_MAX_IDENTITY_FILES)
493 fatal("%.200s line %d: Too many identity files specified (max %d).",
494 filename, linenum, SSH_MAX_IDENTITY_FILES);
495 charptr = &options->identity_files[*intptr];
496 *charptr = xstrdup(arg);
497 *intptr = *intptr + 1;
502 charptr=&options->xauth_location;
506 charptr = &options->user;
509 if (!arg || *arg == '\0')
510 fatal("%.200s line %d: Missing argument.", filename, linenum);
511 if (*activep && *charptr == NULL)
512 *charptr = xstrdup(arg);
515 case oGlobalKnownHostsFile:
516 charptr = &options->system_hostfile;
519 case oUserKnownHostsFile:
520 charptr = &options->user_hostfile;
523 case oGlobalKnownHostsFile2:
524 charptr = &options->system_hostfile2;
527 case oUserKnownHostsFile2:
528 charptr = &options->user_hostfile2;
532 charptr = &options->hostname;
536 charptr = &options->host_key_alias;
539 case oPreferredAuthentications:
540 charptr = &options->preferred_authentications;
544 charptr = &options->bind_address;
547 case oSmartcardDevice:
548 charptr = &options->smartcard_device;
553 fatal("%.200s line %d: Missing argument.", filename, linenum);
554 charptr = &options->proxy_command;
555 len = strspn(s, WHITESPACE "=");
556 if (*activep && *charptr == NULL)
557 *charptr = xstrdup(s + len);
561 intptr = &options->port;
564 if (!arg || *arg == '\0')
565 fatal("%.200s line %d: Missing argument.", filename, linenum);
566 if (arg[0] < '0' || arg[0] > '9')
567 fatal("%.200s line %d: Bad number.", filename, linenum);
569 /* Octal, decimal, or hex format? */
570 value = strtol(arg, &endofnumber, 0);
571 if (arg == endofnumber)
572 fatal("%.200s line %d: Bad number.", filename, linenum);
573 if (*activep && *intptr == -1)
577 case oConnectionAttempts:
578 intptr = &options->connection_attempts;
582 intptr = &options->cipher;
584 if (!arg || *arg == '\0')
585 fatal("%.200s line %d: Missing argument.", filename, linenum);
586 value = cipher_number(arg);
588 fatal("%.200s line %d: Bad cipher '%s'.",
589 filename, linenum, arg ? arg : "<NONE>");
590 if (*activep && *intptr == -1)
596 if (!arg || *arg == '\0')
597 fatal("%.200s line %d: Missing argument.", filename, linenum);
598 if (!ciphers_valid(arg))
599 fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
600 filename, linenum, arg ? arg : "<NONE>");
601 if (*activep && options->ciphers == NULL)
602 options->ciphers = xstrdup(arg);
607 if (!arg || *arg == '\0')
608 fatal("%.200s line %d: Missing argument.", filename, linenum);
610 fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
611 filename, linenum, arg ? arg : "<NONE>");
612 if (*activep && options->macs == NULL)
613 options->macs = xstrdup(arg);
616 case oHostKeyAlgorithms:
618 if (!arg || *arg == '\0')
619 fatal("%.200s line %d: Missing argument.", filename, linenum);
620 if (!key_names_valid2(arg))
621 fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.",
622 filename, linenum, arg ? arg : "<NONE>");
623 if (*activep && options->hostkeyalgorithms == NULL)
624 options->hostkeyalgorithms = xstrdup(arg);
628 intptr = &options->protocol;
630 if (!arg || *arg == '\0')
631 fatal("%.200s line %d: Missing argument.", filename, linenum);
632 value = proto_spec(arg);
633 if (value == SSH_PROTO_UNKNOWN)
634 fatal("%.200s line %d: Bad protocol spec '%s'.",
635 filename, linenum, arg ? arg : "<NONE>");
636 if (*activep && *intptr == SSH_PROTO_UNKNOWN)
641 intptr = (int *) &options->log_level;
643 value = log_level_number(arg);
644 if (value == SYSLOG_LEVEL_NOT_SET)
645 fatal("%.200s line %d: unsupported log level '%s'",
646 filename, linenum, arg ? arg : "<NONE>");
647 if (*activep && (LogLevel) *intptr == SYSLOG_LEVEL_NOT_SET)
648 *intptr = (LogLevel) value;
654 if (!arg || *arg == '\0')
655 fatal("%.200s line %d: Missing port argument.",
657 if ((fwd_port = a2port(arg)) == 0)
658 fatal("%.200s line %d: Bad listen port.",
661 if (!arg || *arg == '\0')
662 fatal("%.200s line %d: Missing second argument.",
664 if (sscanf(arg, "%255[^:]:%5[0-9]", buf, sfwd_host_port) != 2 &&
665 sscanf(arg, "%255[^/]/%5[0-9]", buf, sfwd_host_port) != 2)
666 fatal("%.200s line %d: Bad forwarding specification.",
668 if ((fwd_host_port = a2port(sfwd_host_port)) == 0)
669 fatal("%.200s line %d: Bad forwarding port.",
672 if (opcode == oLocalForward)
673 add_local_forward(options, fwd_port, buf,
675 else if (opcode == oRemoteForward)
676 add_remote_forward(options, fwd_port, buf,
681 case oDynamicForward:
683 if (!arg || *arg == '\0')
684 fatal("%.200s line %d: Missing port argument.",
686 fwd_port = a2port(arg);
688 fatal("%.200s line %d: Badly formatted port number.",
691 add_local_forward(options, fwd_port, "socks", 0);
694 case oClearAllForwardings:
695 intptr = &options->clear_forwardings;
700 while ((arg = strdelim(&s)) != NULL && *arg != '\0')
701 if (match_pattern(host, arg)) {
702 debug("Applying options for %.100s", arg);
706 /* Avoid garbage check below, as strdelim is done. */
710 intptr = &options->escape_char;
712 if (!arg || *arg == '\0')
713 fatal("%.200s line %d: Missing argument.", filename, linenum);
714 if (arg[0] == '^' && arg[2] == 0 &&
715 (u_char) arg[1] >= 64 && (u_char) arg[1] < 128)
716 value = (u_char) arg[1] & 31;
717 else if (strlen(arg) == 1)
718 value = (u_char) arg[0];
719 else if (strcmp(arg, "none") == 0)
720 value = SSH_ESCAPECHAR_NONE;
722 fatal("%.200s line %d: Bad escape character.",
725 value = 0; /* Avoid compiler warning. */
727 if (*activep && *intptr == -1)
733 intptr = &options->address_family;
734 if (strcasecmp(arg, "inet") == 0)
736 else if (strcasecmp(arg, "inet6") == 0)
738 else if (strcasecmp(arg, "any") == 0)
741 fatal("Unsupported AddressFamily \"%s\"", arg);
742 if (*activep && *intptr == -1)
746 case oEnableSSHKeysign:
747 intptr = &options->enable_ssh_keysign;
750 case oIdentitiesOnly:
751 intptr = &options->identities_only;
754 case oServerAliveInterval:
755 intptr = &options->server_alive_interval;
758 case oServerAliveCountMax:
759 intptr = &options->server_alive_count_max;
763 while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
764 if (strchr(arg, '=') != NULL)
765 fatal("%s line %d: Invalid environment name.",
767 if (options->num_send_env >= MAX_SEND_ENV)
768 fatal("%s line %d: too many send env.",
770 options->send_env[options->num_send_env++] =
776 charptr = &options->control_path;
780 intptr = &options->control_master;
784 debug("%s line %d: Deprecated option \"%s\"",
785 filename, linenum, keyword);
789 error("%s line %d: Unsupported option \"%s\"",
790 filename, linenum, keyword);
794 fatal("process_config_line: Unimplemented opcode %d", opcode);
797 /* Check that there is no garbage at end of line. */
798 if ((arg = strdelim(&s)) != NULL && *arg != '\0') {
799 fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
800 filename, linenum, arg);
807 * Reads the config file and modifies the options accordingly. Options
808 * should already be initialized before this call. This never returns if
809 * there is an error. If the file does not exist, this returns 0.
813 read_config_file(const char *filename, const char *host, Options *options,
822 if ((f = fopen(filename, "r")) == NULL)
828 if (fstat(fileno(f), &sb) == -1)
829 fatal("fstat %s: %s", filename, strerror(errno));
830 if (((sb.st_uid != 0 && sb.st_uid != getuid()) ||
831 (sb.st_mode & 022) != 0))
832 fatal("Bad owner or permissions on %s", filename);
835 debug("Reading configuration data %.200s", filename);
838 * Mark that we are now processing the options. This flag is turned
839 * on/off by Host specifications.
843 while (fgets(line, sizeof(line), f)) {
844 /* Update line number counter. */
846 if (process_config_line(options, host, line, filename, linenum, &active) != 0)
851 fatal("%s: terminating, %d bad configuration options",
852 filename, bad_options);
857 * Initializes options to special values that indicate that they have not yet
858 * been set. Read_config_file will only set options with this value. Options
859 * are processed in the following order: command line, user config file,
860 * system config file. Last, fill_default_options is called.
864 initialize_options(Options * options)
866 memset(options, 'X', sizeof(*options));
867 options->forward_agent = -1;
868 options->forward_x11 = -1;
869 options->forward_x11_trusted = -1;
870 options->xauth_location = NULL;
871 options->gateway_ports = -1;
872 options->use_privileged_port = -1;
873 options->rsa_authentication = -1;
874 options->pubkey_authentication = -1;
875 options->challenge_response_authentication = -1;
876 options->gss_authentication = -1;
877 options->gss_keyex = -1;
878 options->gss_deleg_creds = -1;
879 options->password_authentication = -1;
880 options->kbd_interactive_authentication = -1;
881 options->kbd_interactive_devices = NULL;
882 options->rhosts_rsa_authentication = -1;
883 options->hostbased_authentication = -1;
884 options->batch_mode = -1;
885 options->check_host_ip = -1;
886 options->strict_host_key_checking = -1;
887 options->compression = -1;
888 options->tcp_keep_alive = -1;
889 options->compression_level = -1;
891 options->address_family = -1;
892 options->connection_attempts = -1;
893 options->connection_timeout = -1;
894 options->number_of_password_prompts = -1;
895 options->cipher = -1;
896 options->ciphers = NULL;
897 options->macs = NULL;
898 options->hostkeyalgorithms = NULL;
899 options->protocol = SSH_PROTO_UNKNOWN;
900 options->num_identity_files = 0;
901 options->hostname = NULL;
902 options->host_key_alias = NULL;
903 options->proxy_command = NULL;
904 options->user = NULL;
905 options->escape_char = -1;
906 options->system_hostfile = NULL;
907 options->user_hostfile = NULL;
908 options->system_hostfile2 = NULL;
909 options->user_hostfile2 = NULL;
910 options->num_local_forwards = 0;
911 options->num_remote_forwards = 0;
912 options->clear_forwardings = -1;
913 options->log_level = SYSLOG_LEVEL_NOT_SET;
914 options->preferred_authentications = NULL;
915 options->bind_address = NULL;
916 options->smartcard_device = NULL;
917 options->enable_ssh_keysign = - 1;
918 options->no_host_authentication_for_localhost = - 1;
919 options->identities_only = - 1;
920 options->rekey_limit = - 1;
921 options->verify_host_key_dns = -1;
922 options->server_alive_interval = -1;
923 options->server_alive_count_max = -1;
924 options->num_send_env = 0;
925 options->control_path = NULL;
926 options->control_master = -1;
930 * Called after processing other sources of option data, this fills those
931 * options for which no value has been specified with their default values.
935 fill_default_options(Options * options)
939 if (options->forward_agent == -1)
940 options->forward_agent = 0;
941 if (options->forward_x11 == -1)
942 options->forward_x11 = 0;
943 if (options->forward_x11_trusted == -1)
944 options->forward_x11_trusted = 0;
945 if (options->xauth_location == NULL)
946 options->xauth_location = _PATH_XAUTH;
947 if (options->gateway_ports == -1)
948 options->gateway_ports = 0;
949 if (options->use_privileged_port == -1)
950 options->use_privileged_port = 0;
951 if (options->rsa_authentication == -1)
952 options->rsa_authentication = 1;
953 if (options->pubkey_authentication == -1)
954 options->pubkey_authentication = 1;
955 if (options->challenge_response_authentication == -1)
956 options->challenge_response_authentication = 1;
957 if (options->gss_authentication == -1)
958 options->gss_authentication = 1;
959 if (options->gss_keyex == -1)
960 options->gss_keyex = 1;
961 if (options->gss_deleg_creds == -1)
962 options->gss_deleg_creds = 1;
963 if (options->password_authentication == -1)
964 options->password_authentication = 1;
965 if (options->kbd_interactive_authentication == -1)
966 options->kbd_interactive_authentication = 1;
967 if (options->rhosts_rsa_authentication == -1)
968 options->rhosts_rsa_authentication = 0;
969 if (options->hostbased_authentication == -1)
970 options->hostbased_authentication = 0;
971 if (options->batch_mode == -1)
972 options->batch_mode = 0;
973 if (options->check_host_ip == -1)
974 options->check_host_ip = 1;
975 if (options->strict_host_key_checking == -1)
976 options->strict_host_key_checking = 2; /* 2 is default */
977 if (options->compression == -1)
978 options->compression = 0;
979 if (options->tcp_keep_alive == -1)
980 options->tcp_keep_alive = 1;
981 if (options->compression_level == -1)
982 options->compression_level = 6;
983 if (options->port == -1)
984 options->port = 0; /* Filled in ssh_connect. */
985 if (options->address_family == -1)
986 options->address_family = AF_UNSPEC;
987 if (options->connection_attempts == -1)
988 options->connection_attempts = 1;
989 if (options->number_of_password_prompts == -1)
990 options->number_of_password_prompts = 3;
991 /* Selected in ssh_login(). */
992 if (options->cipher == -1)
993 options->cipher = SSH_CIPHER_NOT_SET;
994 /* options->ciphers, default set in myproposals.h */
995 /* options->macs, default set in myproposals.h */
996 /* options->hostkeyalgorithms, default set in myproposals.h */
997 if (options->protocol == SSH_PROTO_UNKNOWN)
998 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
999 if (options->num_identity_files == 0) {
1000 if (options->protocol & SSH_PROTO_1) {
1001 len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;
1002 options->identity_files[options->num_identity_files] =
1004 snprintf(options->identity_files[options->num_identity_files++],
1005 len, "~/%.100s", _PATH_SSH_CLIENT_IDENTITY);
1007 if (options->protocol & SSH_PROTO_2) {
1008 len = 2 + strlen(_PATH_SSH_CLIENT_ID_RSA) + 1;
1009 options->identity_files[options->num_identity_files] =
1011 snprintf(options->identity_files[options->num_identity_files++],
1012 len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA);
1014 len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1;
1015 options->identity_files[options->num_identity_files] =
1017 snprintf(options->identity_files[options->num_identity_files++],
1018 len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
1021 if (options->escape_char == -1)
1022 options->escape_char = '~';
1023 if (options->system_hostfile == NULL)
1024 options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE;
1025 if (options->user_hostfile == NULL)
1026 options->user_hostfile = _PATH_SSH_USER_HOSTFILE;
1027 if (options->system_hostfile2 == NULL)
1028 options->system_hostfile2 = _PATH_SSH_SYSTEM_HOSTFILE2;
1029 if (options->user_hostfile2 == NULL)
1030 options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2;
1031 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
1032 options->log_level = SYSLOG_LEVEL_INFO;
1033 if (options->clear_forwardings == 1)
1034 clear_forwardings(options);
1035 if (options->no_host_authentication_for_localhost == - 1)
1036 options->no_host_authentication_for_localhost = 0;
1037 if (options->identities_only == -1)
1038 options->identities_only = 0;
1039 if (options->enable_ssh_keysign == -1)
1040 options->enable_ssh_keysign = 0;
1041 if (options->rekey_limit == -1)
1042 options->rekey_limit = 0;
1043 if (options->verify_host_key_dns == -1)
1044 options->verify_host_key_dns = 0;
1045 if (options->server_alive_interval == -1)
1046 options->server_alive_interval = 0;
1047 if (options->server_alive_count_max == -1)
1048 options->server_alive_count_max = 3;
1049 if (options->control_master == -1)
1050 options->control_master = 0;
1051 /* options->proxy_command should not be set by default */
1052 /* options->user will be set in the main program if appropriate */
1053 /* options->hostname will be set in the main program if appropriate */
1054 /* options->host_key_alias should not be set by default */
1055 /* options->preferred_authentications will be set in ssh */