2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * Functions for reading the configuration files.
7 * As far as I am concerned, the code I have written for this software
8 * can be used freely for any purpose. Any derived versions of this
9 * software must be clearly marked as such, and if the derived work is
10 * incompatible with the protocol description in the RFC file, it must be
11 * called by a name other than "ssh" or "Secure Shell".
15 RCSID("$OpenBSD: readconf.c,v 1.127 2003/12/16 15:49:51 markus Exp $");
21 #include "pathnames.h"
29 /* Format of the configuration file:
31 # Configuration data is parsed as follows:
32 # 1. command line options
33 # 2. user-specific file
35 # Any configuration value is only changed the first time it is set.
36 # Thus, host-specific definitions should be at the beginning of the
37 # configuration file, and defaults at the end.
39 # Host-specific declarations. These may override anything above. A single
40 # host may match multiple declarations; these are processed in the order
41 # that they are given in.
47 HostName another.host.name.real.org
54 RemoteForward 9999 shadows.cs.hut.fi:9999
60 PasswordAuthentication no
64 ProxyCommand ssh-proxy %h %p
67 PublicKeyAuthentication no
71 PasswordAuthentication no
73 # Defaults for various options
77 PasswordAuthentication yes
79 RhostsRSAAuthentication yes
80 StrictHostKeyChecking yes
82 IdentityFile ~/.ssh/identity
92 oForwardAgent, oForwardX11, oForwardX11Trusted, oGatewayPorts,
93 oPasswordAuthentication, oRSAAuthentication,
94 oChallengeResponseAuthentication, oXAuthLocation,
95 oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
96 oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
97 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
98 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
99 oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts,
100 oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
101 oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
102 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
103 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
104 oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
105 oClearAllForwardings, oNoHostAuthenticationForLocalhost,
106 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
107 oAddressFamily, oGssAuthentication, oGssKeyEx, oGssDelegateCreds,
108 oServerAliveInterval, oServerAliveCountMax,
109 oDeprecated, oUnsupported
112 /* Textual representations of the tokens. */
118 { "forwardagent", oForwardAgent },
119 { "forwardx11", oForwardX11 },
120 { "forwardx11trusted", oForwardX11Trusted },
121 { "xauthlocation", oXAuthLocation },
122 { "gatewayports", oGatewayPorts },
123 { "useprivilegedport", oUsePrivilegedPort },
124 { "rhostsauthentication", oDeprecated },
125 { "passwordauthentication", oPasswordAuthentication },
126 { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
127 { "kbdinteractivedevices", oKbdInteractiveDevices },
128 { "rsaauthentication", oRSAAuthentication },
129 { "pubkeyauthentication", oPubkeyAuthentication },
130 { "dsaauthentication", oPubkeyAuthentication }, /* alias */
131 { "rhostsrsaauthentication", oRhostsRSAAuthentication },
132 { "hostbasedauthentication", oHostbasedAuthentication },
133 { "challengeresponseauthentication", oChallengeResponseAuthentication },
134 { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
135 { "tisauthentication", oChallengeResponseAuthentication }, /* alias */
136 { "kerberosauthentication", oUnsupported },
137 { "kerberostgtpassing", oUnsupported },
138 { "afstokenpassing", oUnsupported },
140 { "gssapiauthentication", oGssAuthentication },
141 { "gssapikeyexchange", oGssKeyEx },
142 { "gssapidelegatecredentials", oGssDelegateCreds },
144 { "gssapiauthentication", oUnsupported },
145 { "gssapikeyexchange", oUnsupported },
146 { "gssapidelegatecredentials", oUnsupported },
148 { "fallbacktorsh", oDeprecated },
149 { "usersh", oDeprecated },
150 { "identityfile", oIdentityFile },
151 { "identityfile2", oIdentityFile }, /* alias */
152 { "hostname", oHostName },
153 { "hostkeyalias", oHostKeyAlias },
154 { "proxycommand", oProxyCommand },
156 { "cipher", oCipher },
157 { "ciphers", oCiphers },
159 { "protocol", oProtocol },
160 { "remoteforward", oRemoteForward },
161 { "localforward", oLocalForward },
164 { "escapechar", oEscapeChar },
165 { "globalknownhostsfile", oGlobalKnownHostsFile },
166 { "userknownhostsfile", oUserKnownHostsFile }, /* obsolete */
167 { "globalknownhostsfile2", oGlobalKnownHostsFile2 },
168 { "userknownhostsfile2", oUserKnownHostsFile2 }, /* obsolete */
169 { "connectionattempts", oConnectionAttempts },
170 { "batchmode", oBatchMode },
171 { "checkhostip", oCheckHostIP },
172 { "stricthostkeychecking", oStrictHostKeyChecking },
173 { "compression", oCompression },
174 { "compressionlevel", oCompressionLevel },
175 { "tcpkeepalive", oTCPKeepAlive },
176 { "keepalive", oTCPKeepAlive }, /* obsolete */
177 { "numberofpasswordprompts", oNumberOfPasswordPrompts },
178 { "loglevel", oLogLevel },
179 { "dynamicforward", oDynamicForward },
180 { "preferredauthentications", oPreferredAuthentications },
181 { "hostkeyalgorithms", oHostKeyAlgorithms },
182 { "bindaddress", oBindAddress },
184 { "smartcarddevice", oSmartcardDevice },
186 { "smartcarddevice", oUnsupported },
188 { "clearallforwardings", oClearAllForwardings },
189 { "enablesshkeysign", oEnableSSHKeysign },
190 { "verifyhostkeydns", oVerifyHostKeyDNS },
191 { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
192 { "rekeylimit", oRekeyLimit },
193 { "connecttimeout", oConnectTimeout },
194 { "addressfamily", oAddressFamily },
195 { "serveraliveinterval", oServerAliveInterval },
196 { "serveralivecountmax", oServerAliveCountMax },
201 * Adds a local TCP/IP port forward to options. Never returns if there is an
206 add_local_forward(Options *options, u_short port, const char *host,
210 #ifndef NO_IPPORT_RESERVED_CONCEPT
211 extern uid_t original_real_uid;
212 if (port < IPPORT_RESERVED && original_real_uid != 0)
213 fatal("Privileged ports can only be forwarded by root.");
215 if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
216 fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
217 fwd = &options->local_forwards[options->num_local_forwards++];
219 fwd->host = xstrdup(host);
220 fwd->host_port = host_port;
224 * Adds a remote TCP/IP port forward to options. Never returns if there is
229 add_remote_forward(Options *options, u_short port, const char *host,
233 if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
234 fatal("Too many remote forwards (max %d).",
235 SSH_MAX_FORWARDS_PER_DIRECTION);
236 fwd = &options->remote_forwards[options->num_remote_forwards++];
238 fwd->host = xstrdup(host);
239 fwd->host_port = host_port;
243 clear_forwardings(Options *options)
247 for (i = 0; i < options->num_local_forwards; i++)
248 xfree(options->local_forwards[i].host);
249 options->num_local_forwards = 0;
250 for (i = 0; i < options->num_remote_forwards; i++)
251 xfree(options->remote_forwards[i].host);
252 options->num_remote_forwards = 0;
256 * Returns the number of the token pointed to by cp or oBadOption.
260 parse_token(const char *cp, const char *filename, int linenum)
264 for (i = 0; keywords[i].name; i++)
265 if (strcasecmp(cp, keywords[i].name) == 0)
266 return keywords[i].opcode;
268 error("%s: line %d: Bad configuration option: %s",
269 filename, linenum, cp);
274 * Processes a single option line as used in the configuration files. This
275 * only sets those values that have not already been set.
277 #define WHITESPACE " \t\r\n"
280 process_config_line(Options *options, const char *host,
281 char *line, const char *filename, int linenum,
284 char buf[256], *s, **charptr, *endofnumber, *keyword, *arg;
285 int opcode, *intptr, value;
287 u_short fwd_port, fwd_host_port;
288 char sfwd_host_port[6];
290 /* Strip trailing whitespace */
291 for(len = strlen(line) - 1; len > 0; len--) {
292 if (strchr(WHITESPACE, line[len]) == NULL)
298 /* Get the keyword. (Each line is supposed to begin with a keyword). */
299 keyword = strdelim(&s);
300 /* Ignore leading whitespace. */
301 if (*keyword == '\0')
302 keyword = strdelim(&s);
303 if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
306 opcode = parse_token(keyword, filename, linenum);
310 /* don't panic, but count bad options */
313 case oConnectTimeout:
314 intptr = &options->connection_timeout;
317 if (!arg || *arg == '\0')
318 fatal("%s line %d: missing time value.",
320 if ((value = convtime(arg)) == -1)
321 fatal("%s line %d: invalid time value.",
328 intptr = &options->forward_agent;
331 if (!arg || *arg == '\0')
332 fatal("%.200s line %d: Missing yes/no argument.", filename, linenum);
333 value = 0; /* To avoid compiler warning... */
334 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
336 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
339 fatal("%.200s line %d: Bad yes/no argument.", filename, linenum);
340 if (*activep && *intptr == -1)
345 intptr = &options->forward_x11;
348 case oForwardX11Trusted:
349 intptr = &options->forward_x11_trusted;
353 intptr = &options->gateway_ports;
356 case oUsePrivilegedPort:
357 intptr = &options->use_privileged_port;
360 case oPasswordAuthentication:
361 intptr = &options->password_authentication;
364 case oKbdInteractiveAuthentication:
365 intptr = &options->kbd_interactive_authentication;
368 case oKbdInteractiveDevices:
369 charptr = &options->kbd_interactive_devices;
372 case oPubkeyAuthentication:
373 intptr = &options->pubkey_authentication;
376 case oRSAAuthentication:
377 intptr = &options->rsa_authentication;
380 case oRhostsRSAAuthentication:
381 intptr = &options->rhosts_rsa_authentication;
384 case oHostbasedAuthentication:
385 intptr = &options->hostbased_authentication;
388 case oChallengeResponseAuthentication:
389 intptr = &options->challenge_response_authentication;
392 case oGssAuthentication:
393 intptr = &options->gss_authentication;
397 intptr = &options->gss_keyex;
400 case oGssDelegateCreds:
401 intptr = &options->gss_deleg_creds;
405 intptr = &options->batch_mode;
409 intptr = &options->check_host_ip;
412 case oVerifyHostKeyDNS:
413 intptr = &options->verify_host_key_dns;
416 case oStrictHostKeyChecking:
417 intptr = &options->strict_host_key_checking;
420 if (!arg || *arg == '\0')
421 fatal("%.200s line %d: Missing yes/no/ask argument.",
423 value = 0; /* To avoid compiler warning... */
424 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
426 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
428 else if (strcmp(arg, "ask") == 0)
431 fatal("%.200s line %d: Bad yes/no/ask argument.", filename, linenum);
432 if (*activep && *intptr == -1)
437 intptr = &options->compression;
441 intptr = &options->tcp_keep_alive;
444 case oNoHostAuthenticationForLocalhost:
445 intptr = &options->no_host_authentication_for_localhost;
448 case oNumberOfPasswordPrompts:
449 intptr = &options->number_of_password_prompts;
452 case oCompressionLevel:
453 intptr = &options->compression_level;
457 intptr = &options->rekey_limit;
459 if (!arg || *arg == '\0')
460 fatal("%.200s line %d: Missing argument.", filename, linenum);
461 if (arg[0] < '0' || arg[0] > '9')
462 fatal("%.200s line %d: Bad number.", filename, linenum);
463 value = strtol(arg, &endofnumber, 10);
464 if (arg == endofnumber)
465 fatal("%.200s line %d: Bad number.", filename, linenum);
466 switch (toupper(*endofnumber)) {
477 if (*activep && *intptr == -1)
483 if (!arg || *arg == '\0')
484 fatal("%.200s line %d: Missing argument.", filename, linenum);
486 intptr = &options->num_identity_files;
487 if (*intptr >= SSH_MAX_IDENTITY_FILES)
488 fatal("%.200s line %d: Too many identity files specified (max %d).",
489 filename, linenum, SSH_MAX_IDENTITY_FILES);
490 charptr = &options->identity_files[*intptr];
491 *charptr = xstrdup(arg);
492 *intptr = *intptr + 1;
497 charptr=&options->xauth_location;
501 charptr = &options->user;
504 if (!arg || *arg == '\0')
505 fatal("%.200s line %d: Missing argument.", filename, linenum);
506 if (*activep && *charptr == NULL)
507 *charptr = xstrdup(arg);
510 case oGlobalKnownHostsFile:
511 charptr = &options->system_hostfile;
514 case oUserKnownHostsFile:
515 charptr = &options->user_hostfile;
518 case oGlobalKnownHostsFile2:
519 charptr = &options->system_hostfile2;
522 case oUserKnownHostsFile2:
523 charptr = &options->user_hostfile2;
527 charptr = &options->hostname;
531 charptr = &options->host_key_alias;
534 case oPreferredAuthentications:
535 charptr = &options->preferred_authentications;
539 charptr = &options->bind_address;
542 case oSmartcardDevice:
543 charptr = &options->smartcard_device;
548 fatal("%.200s line %d: Missing argument.", filename, linenum);
549 charptr = &options->proxy_command;
550 len = strspn(s, WHITESPACE "=");
551 if (*activep && *charptr == NULL)
552 *charptr = xstrdup(s + len);
556 intptr = &options->port;
559 if (!arg || *arg == '\0')
560 fatal("%.200s line %d: Missing argument.", filename, linenum);
561 if (arg[0] < '0' || arg[0] > '9')
562 fatal("%.200s line %d: Bad number.", filename, linenum);
564 /* Octal, decimal, or hex format? */
565 value = strtol(arg, &endofnumber, 0);
566 if (arg == endofnumber)
567 fatal("%.200s line %d: Bad number.", filename, linenum);
568 if (*activep && *intptr == -1)
572 case oConnectionAttempts:
573 intptr = &options->connection_attempts;
577 intptr = &options->cipher;
579 if (!arg || *arg == '\0')
580 fatal("%.200s line %d: Missing argument.", filename, linenum);
581 value = cipher_number(arg);
583 fatal("%.200s line %d: Bad cipher '%s'.",
584 filename, linenum, arg ? arg : "<NONE>");
585 if (*activep && *intptr == -1)
591 if (!arg || *arg == '\0')
592 fatal("%.200s line %d: Missing argument.", filename, linenum);
593 if (!ciphers_valid(arg))
594 fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
595 filename, linenum, arg ? arg : "<NONE>");
596 if (*activep && options->ciphers == NULL)
597 options->ciphers = xstrdup(arg);
602 if (!arg || *arg == '\0')
603 fatal("%.200s line %d: Missing argument.", filename, linenum);
605 fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
606 filename, linenum, arg ? arg : "<NONE>");
607 if (*activep && options->macs == NULL)
608 options->macs = xstrdup(arg);
611 case oHostKeyAlgorithms:
613 if (!arg || *arg == '\0')
614 fatal("%.200s line %d: Missing argument.", filename, linenum);
615 if (!key_names_valid2(arg))
616 fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.",
617 filename, linenum, arg ? arg : "<NONE>");
618 if (*activep && options->hostkeyalgorithms == NULL)
619 options->hostkeyalgorithms = xstrdup(arg);
623 intptr = &options->protocol;
625 if (!arg || *arg == '\0')
626 fatal("%.200s line %d: Missing argument.", filename, linenum);
627 value = proto_spec(arg);
628 if (value == SSH_PROTO_UNKNOWN)
629 fatal("%.200s line %d: Bad protocol spec '%s'.",
630 filename, linenum, arg ? arg : "<NONE>");
631 if (*activep && *intptr == SSH_PROTO_UNKNOWN)
636 intptr = (int *) &options->log_level;
638 value = log_level_number(arg);
639 if (value == SYSLOG_LEVEL_NOT_SET)
640 fatal("%.200s line %d: unsupported log level '%s'",
641 filename, linenum, arg ? arg : "<NONE>");
642 if (*activep && (LogLevel) *intptr == SYSLOG_LEVEL_NOT_SET)
643 *intptr = (LogLevel) value;
649 if (!arg || *arg == '\0')
650 fatal("%.200s line %d: Missing port argument.",
652 if ((fwd_port = a2port(arg)) == 0)
653 fatal("%.200s line %d: Bad listen port.",
656 if (!arg || *arg == '\0')
657 fatal("%.200s line %d: Missing second argument.",
659 if (sscanf(arg, "%255[^:]:%5[0-9]", buf, sfwd_host_port) != 2 &&
660 sscanf(arg, "%255[^/]/%5[0-9]", buf, sfwd_host_port) != 2)
661 fatal("%.200s line %d: Bad forwarding specification.",
663 if ((fwd_host_port = a2port(sfwd_host_port)) == 0)
664 fatal("%.200s line %d: Bad forwarding port.",
667 if (opcode == oLocalForward)
668 add_local_forward(options, fwd_port, buf,
670 else if (opcode == oRemoteForward)
671 add_remote_forward(options, fwd_port, buf,
676 case oDynamicForward:
678 if (!arg || *arg == '\0')
679 fatal("%.200s line %d: Missing port argument.",
681 fwd_port = a2port(arg);
683 fatal("%.200s line %d: Badly formatted port number.",
686 add_local_forward(options, fwd_port, "socks", 0);
689 case oClearAllForwardings:
690 intptr = &options->clear_forwardings;
695 while ((arg = strdelim(&s)) != NULL && *arg != '\0')
696 if (match_pattern(host, arg)) {
697 debug("Applying options for %.100s", arg);
701 /* Avoid garbage check below, as strdelim is done. */
705 intptr = &options->escape_char;
707 if (!arg || *arg == '\0')
708 fatal("%.200s line %d: Missing argument.", filename, linenum);
709 if (arg[0] == '^' && arg[2] == 0 &&
710 (u_char) arg[1] >= 64 && (u_char) arg[1] < 128)
711 value = (u_char) arg[1] & 31;
712 else if (strlen(arg) == 1)
713 value = (u_char) arg[0];
714 else if (strcmp(arg, "none") == 0)
715 value = SSH_ESCAPECHAR_NONE;
717 fatal("%.200s line %d: Bad escape character.",
720 value = 0; /* Avoid compiler warning. */
722 if (*activep && *intptr == -1)
728 intptr = &options->address_family;
729 if (strcasecmp(arg, "inet") == 0)
731 else if (strcasecmp(arg, "inet6") == 0)
733 else if (strcasecmp(arg, "any") == 0)
736 fatal("Unsupported AddressFamily \"%s\"", arg);
737 if (*activep && *intptr == -1)
741 case oEnableSSHKeysign:
742 intptr = &options->enable_ssh_keysign;
745 case oServerAliveInterval:
746 intptr = &options->server_alive_interval;
749 case oServerAliveCountMax:
750 intptr = &options->server_alive_count_max;
754 debug("%s line %d: Deprecated option \"%s\"",
755 filename, linenum, keyword);
759 error("%s line %d: Unsupported option \"%s\"",
760 filename, linenum, keyword);
764 fatal("process_config_line: Unimplemented opcode %d", opcode);
767 /* Check that there is no garbage at end of line. */
768 if ((arg = strdelim(&s)) != NULL && *arg != '\0') {
769 fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
770 filename, linenum, arg);
777 * Reads the config file and modifies the options accordingly. Options
778 * should already be initialized before this call. This never returns if
779 * there is an error. If the file does not exist, this returns 0.
783 read_config_file(const char *filename, const char *host, Options *options)
791 f = fopen(filename, "r");
795 debug("Reading configuration data %.200s", filename);
798 * Mark that we are now processing the options. This flag is turned
799 * on/off by Host specifications.
803 while (fgets(line, sizeof(line), f)) {
804 /* Update line number counter. */
806 if (process_config_line(options, host, line, filename, linenum, &active) != 0)
811 fatal("%s: terminating, %d bad configuration options",
812 filename, bad_options);
817 * Initializes options to special values that indicate that they have not yet
818 * been set. Read_config_file will only set options with this value. Options
819 * are processed in the following order: command line, user config file,
820 * system config file. Last, fill_default_options is called.
824 initialize_options(Options * options)
826 memset(options, 'X', sizeof(*options));
827 options->forward_agent = -1;
828 options->forward_x11 = -1;
829 options->forward_x11_trusted = -1;
830 options->xauth_location = NULL;
831 options->gateway_ports = -1;
832 options->use_privileged_port = -1;
833 options->rsa_authentication = -1;
834 options->pubkey_authentication = -1;
835 options->challenge_response_authentication = -1;
836 options->gss_authentication = -1;
837 options->gss_keyex = -1;
838 options->gss_deleg_creds = -1;
839 options->password_authentication = -1;
840 options->kbd_interactive_authentication = -1;
841 options->kbd_interactive_devices = NULL;
842 options->rhosts_rsa_authentication = -1;
843 options->hostbased_authentication = -1;
844 options->batch_mode = -1;
845 options->check_host_ip = -1;
846 options->strict_host_key_checking = -1;
847 options->compression = -1;
848 options->tcp_keep_alive = -1;
849 options->compression_level = -1;
851 options->address_family = -1;
852 options->connection_attempts = -1;
853 options->connection_timeout = -1;
854 options->number_of_password_prompts = -1;
855 options->cipher = -1;
856 options->ciphers = NULL;
857 options->macs = NULL;
858 options->hostkeyalgorithms = NULL;
859 options->protocol = SSH_PROTO_UNKNOWN;
860 options->num_identity_files = 0;
861 options->hostname = NULL;
862 options->host_key_alias = NULL;
863 options->proxy_command = NULL;
864 options->user = NULL;
865 options->escape_char = -1;
866 options->system_hostfile = NULL;
867 options->user_hostfile = NULL;
868 options->system_hostfile2 = NULL;
869 options->user_hostfile2 = NULL;
870 options->num_local_forwards = 0;
871 options->num_remote_forwards = 0;
872 options->clear_forwardings = -1;
873 options->log_level = SYSLOG_LEVEL_NOT_SET;
874 options->preferred_authentications = NULL;
875 options->bind_address = NULL;
876 options->smartcard_device = NULL;
877 options->enable_ssh_keysign = - 1;
878 options->no_host_authentication_for_localhost = - 1;
879 options->rekey_limit = - 1;
880 options->verify_host_key_dns = -1;
881 options->server_alive_interval = -1;
882 options->server_alive_count_max = -1;
886 * Called after processing other sources of option data, this fills those
887 * options for which no value has been specified with their default values.
891 fill_default_options(Options * options)
895 if (options->forward_agent == -1)
896 options->forward_agent = 0;
897 if (options->forward_x11 == -1)
898 options->forward_x11 = 0;
899 if (options->forward_x11_trusted == -1)
900 options->forward_x11_trusted = 0;
901 if (options->xauth_location == NULL)
902 options->xauth_location = _PATH_XAUTH;
903 if (options->gateway_ports == -1)
904 options->gateway_ports = 0;
905 if (options->use_privileged_port == -1)
906 options->use_privileged_port = 0;
907 if (options->rsa_authentication == -1)
908 options->rsa_authentication = 1;
909 if (options->pubkey_authentication == -1)
910 options->pubkey_authentication = 1;
911 if (options->challenge_response_authentication == -1)
912 options->challenge_response_authentication = 1;
913 if (options->gss_authentication == -1)
914 options->gss_authentication = 1;
915 if (options->gss_keyex == -1)
916 options->gss_keyex = 1;
917 if (options->gss_deleg_creds == -1)
918 options->gss_deleg_creds = 1;
919 if (options->password_authentication == -1)
920 options->password_authentication = 1;
921 if (options->kbd_interactive_authentication == -1)
922 options->kbd_interactive_authentication = 1;
923 if (options->rhosts_rsa_authentication == -1)
924 options->rhosts_rsa_authentication = 0;
925 if (options->hostbased_authentication == -1)
926 options->hostbased_authentication = 0;
927 if (options->batch_mode == -1)
928 options->batch_mode = 0;
929 if (options->check_host_ip == -1)
930 options->check_host_ip = 1;
931 if (options->strict_host_key_checking == -1)
932 options->strict_host_key_checking = 2; /* 2 is default */
933 if (options->compression == -1)
934 options->compression = 0;
935 if (options->tcp_keep_alive == -1)
936 options->tcp_keep_alive = 1;
937 if (options->compression_level == -1)
938 options->compression_level = 6;
939 if (options->port == -1)
940 options->port = 0; /* Filled in ssh_connect. */
941 if (options->address_family == -1)
942 options->address_family = AF_UNSPEC;
943 if (options->connection_attempts == -1)
944 options->connection_attempts = 1;
945 if (options->number_of_password_prompts == -1)
946 options->number_of_password_prompts = 3;
947 /* Selected in ssh_login(). */
948 if (options->cipher == -1)
949 options->cipher = SSH_CIPHER_NOT_SET;
950 /* options->ciphers, default set in myproposals.h */
951 /* options->macs, default set in myproposals.h */
952 /* options->hostkeyalgorithms, default set in myproposals.h */
953 if (options->protocol == SSH_PROTO_UNKNOWN)
954 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
955 if (options->num_identity_files == 0) {
956 if (options->protocol & SSH_PROTO_1) {
957 len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;
958 options->identity_files[options->num_identity_files] =
960 snprintf(options->identity_files[options->num_identity_files++],
961 len, "~/%.100s", _PATH_SSH_CLIENT_IDENTITY);
963 if (options->protocol & SSH_PROTO_2) {
964 len = 2 + strlen(_PATH_SSH_CLIENT_ID_RSA) + 1;
965 options->identity_files[options->num_identity_files] =
967 snprintf(options->identity_files[options->num_identity_files++],
968 len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA);
970 len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1;
971 options->identity_files[options->num_identity_files] =
973 snprintf(options->identity_files[options->num_identity_files++],
974 len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
977 if (options->escape_char == -1)
978 options->escape_char = '~';
979 if (options->system_hostfile == NULL)
980 options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE;
981 if (options->user_hostfile == NULL)
982 options->user_hostfile = _PATH_SSH_USER_HOSTFILE;
983 if (options->system_hostfile2 == NULL)
984 options->system_hostfile2 = _PATH_SSH_SYSTEM_HOSTFILE2;
985 if (options->user_hostfile2 == NULL)
986 options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2;
987 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
988 options->log_level = SYSLOG_LEVEL_INFO;
989 if (options->clear_forwardings == 1)
990 clear_forwardings(options);
991 if (options->no_host_authentication_for_localhost == - 1)
992 options->no_host_authentication_for_localhost = 0;
993 if (options->enable_ssh_keysign == -1)
994 options->enable_ssh_keysign = 0;
995 if (options->rekey_limit == -1)
996 options->rekey_limit = 0;
997 if (options->verify_host_key_dns == -1)
998 options->verify_host_key_dns = 0;
999 if (options->server_alive_interval == -1)
1000 options->server_alive_interval = 0;
1001 if (options->server_alive_count_max == -1)
1002 options->server_alive_count_max = 3;
1003 /* options->proxy_command should not be set by default */
1004 /* options->user will be set in the main program if appropriate */
1005 /* options->hostname will be set in the main program if appropriate */
1006 /* options->host_key_alias should not be set by default */
1007 /* options->preferred_authentications will be set in ssh */