2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * Functions for reading the configuration files.
7 * As far as I am concerned, the code I have written for this software
8 * can be used freely for any purpose. Any derived versions of this
9 * software must be clearly marked as such, and if the derived work is
10 * incompatible with the protocol description in the RFC file, it must be
11 * called by a name other than "ssh" or "Secure Shell".
15 RCSID("$OpenBSD: readconf.c,v 1.104 2003/04/01 10:22:21 markus Exp $");
21 #include "pathnames.h"
29 /* Format of the configuration file:
31 # Configuration data is parsed as follows:
32 # 1. command line options
33 # 2. user-specific file
35 # Any configuration value is only changed the first time it is set.
36 # Thus, host-specific definitions should be at the beginning of the
37 # configuration file, and defaults at the end.
39 # Host-specific declarations. These may override anything above. A single
40 # host may match multiple declarations; these are processed in the order
41 # that they are given in.
47 HostName another.host.name.real.org
54 RemoteForward 9999 shadows.cs.hut.fi:9999
60 RhostsAuthentication no
61 PasswordAuthentication no
65 ProxyCommand ssh-proxy %h %p
68 PublicKeyAuthentication no
72 PasswordAuthentication no
74 # Defaults for various options
78 RhostsAuthentication yes
79 PasswordAuthentication yes
81 RhostsRSAAuthentication yes
82 StrictHostKeyChecking yes
84 IdentityFile ~/.ssh/identity
94 oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication,
95 oPasswordAuthentication, oRSAAuthentication,
96 oChallengeResponseAuthentication, oXAuthLocation,
97 #if defined(KRB4) || defined(KRB5)
98 oKerberosAuthentication,
100 #if defined(AFS) || defined(KRB5)
106 oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
107 oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
108 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
109 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
110 oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts,
111 oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
112 oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
113 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
114 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
115 oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
116 oClearAllForwardings, oNoHostAuthenticationForLocalhost,
121 /* Textual representations of the tokens. */
127 { "forwardagent", oForwardAgent },
128 { "forwardx11", oForwardX11 },
129 { "xauthlocation", oXAuthLocation },
130 { "gatewayports", oGatewayPorts },
131 { "useprivilegedport", oUsePrivilegedPort },
132 { "rhostsauthentication", oRhostsAuthentication },
133 { "passwordauthentication", oPasswordAuthentication },
134 { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
135 { "kbdinteractivedevices", oKbdInteractiveDevices },
136 { "rsaauthentication", oRSAAuthentication },
137 { "pubkeyauthentication", oPubkeyAuthentication },
138 { "dsaauthentication", oPubkeyAuthentication }, /* alias */
139 { "rhostsrsaauthentication", oRhostsRSAAuthentication },
140 { "hostbasedauthentication", oHostbasedAuthentication },
141 { "challengeresponseauthentication", oChallengeResponseAuthentication },
142 { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
143 { "tisauthentication", oChallengeResponseAuthentication }, /* alias */
144 #if defined(KRB4) || defined(KRB5)
145 { "kerberosauthentication", oKerberosAuthentication },
147 #if defined(AFS) || defined(KRB5)
148 { "kerberostgtpassing", oKerberosTgtPassing },
151 { "afstokenpassing", oAFSTokenPassing },
153 { "fallbacktorsh", oDeprecated },
154 { "usersh", oDeprecated },
155 { "identityfile", oIdentityFile },
156 { "identityfile2", oIdentityFile }, /* alias */
157 { "hostname", oHostName },
158 { "hostkeyalias", oHostKeyAlias },
159 { "proxycommand", oProxyCommand },
161 { "cipher", oCipher },
162 { "ciphers", oCiphers },
164 { "protocol", oProtocol },
165 { "remoteforward", oRemoteForward },
166 { "localforward", oLocalForward },
169 { "escapechar", oEscapeChar },
170 { "globalknownhostsfile", oGlobalKnownHostsFile },
171 { "userknownhostsfile", oUserKnownHostsFile }, /* obsolete */
172 { "globalknownhostsfile2", oGlobalKnownHostsFile2 },
173 { "userknownhostsfile2", oUserKnownHostsFile2 }, /* obsolete */
174 { "connectionattempts", oConnectionAttempts },
175 { "batchmode", oBatchMode },
176 { "checkhostip", oCheckHostIP },
177 { "stricthostkeychecking", oStrictHostKeyChecking },
178 { "compression", oCompression },
179 { "compressionlevel", oCompressionLevel },
180 { "keepalive", oKeepAlives },
181 { "numberofpasswordprompts", oNumberOfPasswordPrompts },
182 { "loglevel", oLogLevel },
183 { "dynamicforward", oDynamicForward },
184 { "preferredauthentications", oPreferredAuthentications },
185 { "hostkeyalgorithms", oHostKeyAlgorithms },
186 { "bindaddress", oBindAddress },
187 { "smartcarddevice", oSmartcardDevice },
188 { "clearallforwardings", oClearAllForwardings },
189 { "enablesshkeysign", oEnableSSHKeysign },
190 { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
195 * Adds a local TCP/IP port forward to options. Never returns if there is an
200 add_local_forward(Options *options, u_short port, const char *host,
204 #ifndef NO_IPPORT_RESERVED_CONCEPT
205 extern uid_t original_real_uid;
206 if (port < IPPORT_RESERVED && original_real_uid != 0)
207 fatal("Privileged ports can only be forwarded by root.");
209 if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
210 fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
211 fwd = &options->local_forwards[options->num_local_forwards++];
213 fwd->host = xstrdup(host);
214 fwd->host_port = host_port;
218 * Adds a remote TCP/IP port forward to options. Never returns if there is
223 add_remote_forward(Options *options, u_short port, const char *host,
227 if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
228 fatal("Too many remote forwards (max %d).",
229 SSH_MAX_FORWARDS_PER_DIRECTION);
230 fwd = &options->remote_forwards[options->num_remote_forwards++];
232 fwd->host = xstrdup(host);
233 fwd->host_port = host_port;
237 clear_forwardings(Options *options)
241 for (i = 0; i < options->num_local_forwards; i++)
242 xfree(options->local_forwards[i].host);
243 options->num_local_forwards = 0;
244 for (i = 0; i < options->num_remote_forwards; i++)
245 xfree(options->remote_forwards[i].host);
246 options->num_remote_forwards = 0;
250 * Returns the number of the token pointed to by cp or oBadOption.
254 parse_token(const char *cp, const char *filename, int linenum)
258 for (i = 0; keywords[i].name; i++)
259 if (strcasecmp(cp, keywords[i].name) == 0)
260 return keywords[i].opcode;
262 error("%s: line %d: Bad configuration option: %s",
263 filename, linenum, cp);
268 * Processes a single option line as used in the configuration files. This
269 * only sets those values that have not already been set.
271 #define WHITESPACE " \t\r\n"
274 process_config_line(Options *options, const char *host,
275 char *line, const char *filename, int linenum,
278 char buf[256], *s, **charptr, *endofnumber, *keyword, *arg;
279 int opcode, *intptr, value;
281 u_short fwd_port, fwd_host_port;
282 char sfwd_host_port[6];
285 /* Get the keyword. (Each line is supposed to begin with a keyword). */
286 keyword = strdelim(&s);
287 /* Ignore leading whitespace. */
288 if (*keyword == '\0')
289 keyword = strdelim(&s);
290 if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
293 opcode = parse_token(keyword, filename, linenum);
297 /* don't panic, but count bad options */
301 intptr = &options->forward_agent;
304 if (!arg || *arg == '\0')
305 fatal("%.200s line %d: Missing yes/no argument.", filename, linenum);
306 value = 0; /* To avoid compiler warning... */
307 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
309 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
312 fatal("%.200s line %d: Bad yes/no argument.", filename, linenum);
313 if (*activep && *intptr == -1)
318 intptr = &options->forward_x11;
322 intptr = &options->gateway_ports;
325 case oUsePrivilegedPort:
326 intptr = &options->use_privileged_port;
329 case oRhostsAuthentication:
330 intptr = &options->rhosts_authentication;
333 case oPasswordAuthentication:
334 intptr = &options->password_authentication;
337 case oKbdInteractiveAuthentication:
338 intptr = &options->kbd_interactive_authentication;
341 case oKbdInteractiveDevices:
342 charptr = &options->kbd_interactive_devices;
345 case oPubkeyAuthentication:
346 intptr = &options->pubkey_authentication;
349 case oRSAAuthentication:
350 intptr = &options->rsa_authentication;
353 case oRhostsRSAAuthentication:
354 intptr = &options->rhosts_rsa_authentication;
357 case oHostbasedAuthentication:
358 intptr = &options->hostbased_authentication;
361 case oChallengeResponseAuthentication:
362 intptr = &options->challenge_response_authentication;
364 #if defined(KRB4) || defined(KRB5)
365 case oKerberosAuthentication:
366 intptr = &options->kerberos_authentication;
369 #if defined(AFS) || defined(KRB5)
370 case oKerberosTgtPassing:
371 intptr = &options->kerberos_tgt_passing;
375 case oAFSTokenPassing:
376 intptr = &options->afs_token_passing;
380 intptr = &options->batch_mode;
384 intptr = &options->check_host_ip;
387 case oStrictHostKeyChecking:
388 intptr = &options->strict_host_key_checking;
390 if (!arg || *arg == '\0')
391 fatal("%.200s line %d: Missing yes/no/ask argument.",
393 value = 0; /* To avoid compiler warning... */
394 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
396 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
398 else if (strcmp(arg, "ask") == 0)
401 fatal("%.200s line %d: Bad yes/no/ask argument.", filename, linenum);
402 if (*activep && *intptr == -1)
407 intptr = &options->compression;
411 intptr = &options->keepalives;
414 case oNoHostAuthenticationForLocalhost:
415 intptr = &options->no_host_authentication_for_localhost;
418 case oNumberOfPasswordPrompts:
419 intptr = &options->number_of_password_prompts;
422 case oCompressionLevel:
423 intptr = &options->compression_level;
428 if (!arg || *arg == '\0')
429 fatal("%.200s line %d: Missing argument.", filename, linenum);
431 intptr = &options->num_identity_files;
432 if (*intptr >= SSH_MAX_IDENTITY_FILES)
433 fatal("%.200s line %d: Too many identity files specified (max %d).",
434 filename, linenum, SSH_MAX_IDENTITY_FILES);
435 charptr = &options->identity_files[*intptr];
436 *charptr = xstrdup(arg);
437 *intptr = *intptr + 1;
442 charptr=&options->xauth_location;
446 charptr = &options->user;
449 if (!arg || *arg == '\0')
450 fatal("%.200s line %d: Missing argument.", filename, linenum);
451 if (*activep && *charptr == NULL)
452 *charptr = xstrdup(arg);
455 case oGlobalKnownHostsFile:
456 charptr = &options->system_hostfile;
459 case oUserKnownHostsFile:
460 charptr = &options->user_hostfile;
463 case oGlobalKnownHostsFile2:
464 charptr = &options->system_hostfile2;
467 case oUserKnownHostsFile2:
468 charptr = &options->user_hostfile2;
472 charptr = &options->hostname;
476 charptr = &options->host_key_alias;
479 case oPreferredAuthentications:
480 charptr = &options->preferred_authentications;
484 charptr = &options->bind_address;
487 case oSmartcardDevice:
488 charptr = &options->smartcard_device;
492 charptr = &options->proxy_command;
493 len = strspn(s, WHITESPACE "=");
494 if (*activep && *charptr == NULL)
495 *charptr = xstrdup(s + len);
499 intptr = &options->port;
502 if (!arg || *arg == '\0')
503 fatal("%.200s line %d: Missing argument.", filename, linenum);
504 if (arg[0] < '0' || arg[0] > '9')
505 fatal("%.200s line %d: Bad number.", filename, linenum);
507 /* Octal, decimal, or hex format? */
508 value = strtol(arg, &endofnumber, 0);
509 if (arg == endofnumber)
510 fatal("%.200s line %d: Bad number.", filename, linenum);
511 if (*activep && *intptr == -1)
515 case oConnectionAttempts:
516 intptr = &options->connection_attempts;
520 intptr = &options->cipher;
522 if (!arg || *arg == '\0')
523 fatal("%.200s line %d: Missing argument.", filename, linenum);
524 value = cipher_number(arg);
526 fatal("%.200s line %d: Bad cipher '%s'.",
527 filename, linenum, arg ? arg : "<NONE>");
528 if (*activep && *intptr == -1)
534 if (!arg || *arg == '\0')
535 fatal("%.200s line %d: Missing argument.", filename, linenum);
536 if (!ciphers_valid(arg))
537 fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
538 filename, linenum, arg ? arg : "<NONE>");
539 if (*activep && options->ciphers == NULL)
540 options->ciphers = xstrdup(arg);
545 if (!arg || *arg == '\0')
546 fatal("%.200s line %d: Missing argument.", filename, linenum);
548 fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
549 filename, linenum, arg ? arg : "<NONE>");
550 if (*activep && options->macs == NULL)
551 options->macs = xstrdup(arg);
554 case oHostKeyAlgorithms:
556 if (!arg || *arg == '\0')
557 fatal("%.200s line %d: Missing argument.", filename, linenum);
558 if (!key_names_valid2(arg))
559 fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.",
560 filename, linenum, arg ? arg : "<NONE>");
561 if (*activep && options->hostkeyalgorithms == NULL)
562 options->hostkeyalgorithms = xstrdup(arg);
566 intptr = &options->protocol;
568 if (!arg || *arg == '\0')
569 fatal("%.200s line %d: Missing argument.", filename, linenum);
570 value = proto_spec(arg);
571 if (value == SSH_PROTO_UNKNOWN)
572 fatal("%.200s line %d: Bad protocol spec '%s'.",
573 filename, linenum, arg ? arg : "<NONE>");
574 if (*activep && *intptr == SSH_PROTO_UNKNOWN)
579 intptr = (int *) &options->log_level;
581 value = log_level_number(arg);
582 if (value == SYSLOG_LEVEL_NOT_SET)
583 fatal("%.200s line %d: unsupported log level '%s'",
584 filename, linenum, arg ? arg : "<NONE>");
585 if (*activep && (LogLevel) *intptr == SYSLOG_LEVEL_NOT_SET)
586 *intptr = (LogLevel) value;
592 if (!arg || *arg == '\0')
593 fatal("%.200s line %d: Missing port argument.",
595 if ((fwd_port = a2port(arg)) == 0)
596 fatal("%.200s line %d: Bad listen port.",
599 if (!arg || *arg == '\0')
600 fatal("%.200s line %d: Missing second argument.",
602 if (sscanf(arg, "%255[^:]:%5[0-9]", buf, sfwd_host_port) != 2 &&
603 sscanf(arg, "%255[^/]/%5[0-9]", buf, sfwd_host_port) != 2)
604 fatal("%.200s line %d: Bad forwarding specification.",
606 if ((fwd_host_port = a2port(sfwd_host_port)) == 0)
607 fatal("%.200s line %d: Bad forwarding port.",
610 if (opcode == oLocalForward)
611 add_local_forward(options, fwd_port, buf,
613 else if (opcode == oRemoteForward)
614 add_remote_forward(options, fwd_port, buf,
619 case oDynamicForward:
621 if (!arg || *arg == '\0')
622 fatal("%.200s line %d: Missing port argument.",
624 fwd_port = a2port(arg);
626 fatal("%.200s line %d: Badly formatted port number.",
629 add_local_forward(options, fwd_port, "socks4", 0);
632 case oClearAllForwardings:
633 intptr = &options->clear_forwardings;
638 while ((arg = strdelim(&s)) != NULL && *arg != '\0')
639 if (match_pattern(host, arg)) {
640 debug("Applying options for %.100s", arg);
644 /* Avoid garbage check below, as strdelim is done. */
648 intptr = &options->escape_char;
650 if (!arg || *arg == '\0')
651 fatal("%.200s line %d: Missing argument.", filename, linenum);
652 if (arg[0] == '^' && arg[2] == 0 &&
653 (u_char) arg[1] >= 64 && (u_char) arg[1] < 128)
654 value = (u_char) arg[1] & 31;
655 else if (strlen(arg) == 1)
656 value = (u_char) arg[0];
657 else if (strcmp(arg, "none") == 0)
658 value = SSH_ESCAPECHAR_NONE;
660 fatal("%.200s line %d: Bad escape character.",
663 value = 0; /* Avoid compiler warning. */
665 if (*activep && *intptr == -1)
669 case oEnableSSHKeysign:
670 intptr = &options->enable_ssh_keysign;
674 debug("%s line %d: Deprecated option \"%s\"",
675 filename, linenum, keyword);
679 fatal("process_config_line: Unimplemented opcode %d", opcode);
682 /* Check that there is no garbage at end of line. */
683 if ((arg = strdelim(&s)) != NULL && *arg != '\0') {
684 fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
685 filename, linenum, arg);
692 * Reads the config file and modifies the options accordingly. Options
693 * should already be initialized before this call. This never returns if
694 * there is an error. If the file does not exist, this returns 0.
698 read_config_file(const char *filename, const char *host, Options *options)
706 f = fopen(filename, "r");
710 debug("Reading configuration data %.200s", filename);
713 * Mark that we are now processing the options. This flag is turned
714 * on/off by Host specifications.
718 while (fgets(line, sizeof(line), f)) {
719 /* Update line number counter. */
721 if (process_config_line(options, host, line, filename, linenum, &active) != 0)
726 fatal("%s: terminating, %d bad configuration options",
727 filename, bad_options);
732 * Initializes options to special values that indicate that they have not yet
733 * been set. Read_config_file will only set options with this value. Options
734 * are processed in the following order: command line, user config file,
735 * system config file. Last, fill_default_options is called.
739 initialize_options(Options * options)
741 memset(options, 'X', sizeof(*options));
742 options->forward_agent = -1;
743 options->forward_x11 = -1;
744 options->xauth_location = NULL;
745 options->gateway_ports = -1;
746 options->use_privileged_port = -1;
747 options->rhosts_authentication = -1;
748 options->rsa_authentication = -1;
749 options->pubkey_authentication = -1;
750 options->challenge_response_authentication = -1;
751 #if defined(KRB4) || defined(KRB5)
752 options->kerberos_authentication = -1;
754 #if defined(AFS) || defined(KRB5)
755 options->kerberos_tgt_passing = -1;
758 options->afs_token_passing = -1;
760 options->password_authentication = -1;
761 options->kbd_interactive_authentication = -1;
762 options->kbd_interactive_devices = NULL;
763 options->rhosts_rsa_authentication = -1;
764 options->hostbased_authentication = -1;
765 options->batch_mode = -1;
766 options->check_host_ip = -1;
767 options->strict_host_key_checking = -1;
768 options->compression = -1;
769 options->keepalives = -1;
770 options->compression_level = -1;
772 options->connection_attempts = -1;
773 options->number_of_password_prompts = -1;
774 options->cipher = -1;
775 options->ciphers = NULL;
776 options->macs = NULL;
777 options->hostkeyalgorithms = NULL;
778 options->protocol = SSH_PROTO_UNKNOWN;
779 options->num_identity_files = 0;
780 options->hostname = NULL;
781 options->host_key_alias = NULL;
782 options->proxy_command = NULL;
783 options->user = NULL;
784 options->escape_char = -1;
785 options->system_hostfile = NULL;
786 options->user_hostfile = NULL;
787 options->system_hostfile2 = NULL;
788 options->user_hostfile2 = NULL;
789 options->num_local_forwards = 0;
790 options->num_remote_forwards = 0;
791 options->clear_forwardings = -1;
792 options->log_level = SYSLOG_LEVEL_NOT_SET;
793 options->preferred_authentications = NULL;
794 options->bind_address = NULL;
795 options->smartcard_device = NULL;
796 options->enable_ssh_keysign = - 1;
797 options->no_host_authentication_for_localhost = - 1;
801 * Called after processing other sources of option data, this fills those
802 * options for which no value has been specified with their default values.
806 fill_default_options(Options * options)
810 if (options->forward_agent == -1)
811 options->forward_agent = 0;
812 if (options->forward_x11 == -1)
813 options->forward_x11 = 0;
814 if (options->xauth_location == NULL)
815 options->xauth_location = _PATH_XAUTH;
816 if (options->gateway_ports == -1)
817 options->gateway_ports = 0;
818 if (options->use_privileged_port == -1)
819 options->use_privileged_port = 0;
820 if (options->rhosts_authentication == -1)
821 options->rhosts_authentication = 0;
822 if (options->rsa_authentication == -1)
823 options->rsa_authentication = 1;
824 if (options->pubkey_authentication == -1)
825 options->pubkey_authentication = 1;
826 if (options->challenge_response_authentication == -1)
827 options->challenge_response_authentication = 1;
828 #if defined(KRB4) || defined(KRB5)
829 if (options->kerberos_authentication == -1)
830 options->kerberos_authentication = 1;
832 #if defined(AFS) || defined(KRB5)
833 if (options->kerberos_tgt_passing == -1)
834 options->kerberos_tgt_passing = 1;
837 if (options->afs_token_passing == -1)
838 options->afs_token_passing = 1;
840 if (options->password_authentication == -1)
841 options->password_authentication = 1;
842 if (options->kbd_interactive_authentication == -1)
843 options->kbd_interactive_authentication = 1;
844 if (options->rhosts_rsa_authentication == -1)
845 options->rhosts_rsa_authentication = 0;
846 if (options->hostbased_authentication == -1)
847 options->hostbased_authentication = 0;
848 if (options->batch_mode == -1)
849 options->batch_mode = 0;
850 if (options->check_host_ip == -1)
851 options->check_host_ip = 1;
852 if (options->strict_host_key_checking == -1)
853 options->strict_host_key_checking = 2; /* 2 is default */
854 if (options->compression == -1)
855 options->compression = 0;
856 if (options->keepalives == -1)
857 options->keepalives = 1;
858 if (options->compression_level == -1)
859 options->compression_level = 6;
860 if (options->port == -1)
861 options->port = 0; /* Filled in ssh_connect. */
862 if (options->connection_attempts == -1)
863 options->connection_attempts = 1;
864 if (options->number_of_password_prompts == -1)
865 options->number_of_password_prompts = 3;
866 /* Selected in ssh_login(). */
867 if (options->cipher == -1)
868 options->cipher = SSH_CIPHER_NOT_SET;
869 /* options->ciphers, default set in myproposals.h */
870 /* options->macs, default set in myproposals.h */
871 /* options->hostkeyalgorithms, default set in myproposals.h */
872 if (options->protocol == SSH_PROTO_UNKNOWN)
873 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
874 if (options->num_identity_files == 0) {
875 if (options->protocol & SSH_PROTO_1) {
876 len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;
877 options->identity_files[options->num_identity_files] =
879 snprintf(options->identity_files[options->num_identity_files++],
880 len, "~/%.100s", _PATH_SSH_CLIENT_IDENTITY);
882 if (options->protocol & SSH_PROTO_2) {
883 len = 2 + strlen(_PATH_SSH_CLIENT_ID_RSA) + 1;
884 options->identity_files[options->num_identity_files] =
886 snprintf(options->identity_files[options->num_identity_files++],
887 len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA);
889 len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1;
890 options->identity_files[options->num_identity_files] =
892 snprintf(options->identity_files[options->num_identity_files++],
893 len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
896 if (options->escape_char == -1)
897 options->escape_char = '~';
898 if (options->system_hostfile == NULL)
899 options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE;
900 if (options->user_hostfile == NULL)
901 options->user_hostfile = _PATH_SSH_USER_HOSTFILE;
902 if (options->system_hostfile2 == NULL)
903 options->system_hostfile2 = _PATH_SSH_SYSTEM_HOSTFILE2;
904 if (options->user_hostfile2 == NULL)
905 options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2;
906 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
907 options->log_level = SYSLOG_LEVEL_INFO;
908 if (options->clear_forwardings == 1)
909 clear_forwardings(options);
910 if (options->no_host_authentication_for_localhost == - 1)
911 options->no_host_authentication_for_localhost = 0;
912 if (options->enable_ssh_keysign == -1)
913 options->enable_ssh_keysign = 0;
914 /* options->proxy_command should not be set by default */
915 /* options->user will be set in the main program if appropriate */
916 /* options->hostname will be set in the main program if appropriate */
917 /* options->host_key_alias should not be set by default */
918 /* options->preferred_authentications will be set in ssh */