2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * Functions for reading the configuration files.
7 * As far as I am concerned, the code I have written for this software
8 * can be used freely for any purpose. Any derived versions of this
9 * software must be clearly marked as such, and if the derived work is
10 * incompatible with the protocol description in the RFC file, it must be
11 * called by a name other than "ssh" or "Secure Shell".
15 RCSID("$OpenBSD: readconf.c,v 1.104 2003/04/01 10:22:21 markus Exp $");
21 #include "pathnames.h"
29 /* Format of the configuration file:
31 # Configuration data is parsed as follows:
32 # 1. command line options
33 # 2. user-specific file
35 # Any configuration value is only changed the first time it is set.
36 # Thus, host-specific definitions should be at the beginning of the
37 # configuration file, and defaults at the end.
39 # Host-specific declarations. These may override anything above. A single
40 # host may match multiple declarations; these are processed in the order
41 # that they are given in.
47 HostName another.host.name.real.org
54 RemoteForward 9999 shadows.cs.hut.fi:9999
60 RhostsAuthentication no
61 PasswordAuthentication no
65 ProxyCommand ssh-proxy %h %p
68 PublicKeyAuthentication no
72 PasswordAuthentication no
74 # Defaults for various options
78 RhostsAuthentication yes
79 PasswordAuthentication yes
81 RhostsRSAAuthentication yes
82 StrictHostKeyChecking yes
84 IdentityFile ~/.ssh/identity
94 oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication,
95 oPasswordAuthentication, oRSAAuthentication,
96 oChallengeResponseAuthentication, oXAuthLocation,
97 #if defined(KRB4) || defined(KRB5)
98 oKerberosAuthentication,
101 oGssAuthentication, oGssKeyEx, oGssDelegateCreds,
103 oGssGlobusDelegateLimitedCreds,
106 #if defined(AFS) || defined(KRB5)
112 oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
113 oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
114 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
115 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
116 oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts,
117 oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
118 oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
119 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
120 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
121 oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
122 oClearAllForwardings, oNoHostAuthenticationForLocalhost,
127 /* Textual representations of the tokens. */
133 { "forwardagent", oForwardAgent },
134 { "forwardx11", oForwardX11 },
135 { "xauthlocation", oXAuthLocation },
136 { "gatewayports", oGatewayPorts },
137 { "useprivilegedport", oUsePrivilegedPort },
138 { "rhostsauthentication", oRhostsAuthentication },
139 { "passwordauthentication", oPasswordAuthentication },
140 { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
141 { "kbdinteractivedevices", oKbdInteractiveDevices },
142 { "rsaauthentication", oRSAAuthentication },
143 { "pubkeyauthentication", oPubkeyAuthentication },
144 { "dsaauthentication", oPubkeyAuthentication }, /* alias */
145 { "rhostsrsaauthentication", oRhostsRSAAuthentication },
146 { "hostbasedauthentication", oHostbasedAuthentication },
147 { "challengeresponseauthentication", oChallengeResponseAuthentication },
148 { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
149 { "tisauthentication", oChallengeResponseAuthentication }, /* alias */
150 #if defined(KRB4) || defined(KRB5)
151 { "kerberosauthentication", oKerberosAuthentication },
154 { "gssapiauthentication", oGssAuthentication },
155 { "gssapikeyexchange", oGssKeyEx },
156 { "gssapidelegatecredentials", oGssDelegateCreds },
158 /* For backwards compatability with old 1.2.27 client code */
159 { "forwardgssapiglobusproxy", oGssDelegateCreds }, /* alias */
160 { "forwardgssapiglobuslimitedproxy", oGssGlobusDelegateLimitedCreds },
163 #if defined(AFS) || defined(KRB5)
164 { "kerberostgtpassing", oKerberosTgtPassing },
167 { "afstokenpassing", oAFSTokenPassing },
169 { "fallbacktorsh", oDeprecated },
170 { "usersh", oDeprecated },
171 { "identityfile", oIdentityFile },
172 { "identityfile2", oIdentityFile }, /* alias */
173 { "hostname", oHostName },
174 { "hostkeyalias", oHostKeyAlias },
175 { "proxycommand", oProxyCommand },
177 { "cipher", oCipher },
178 { "ciphers", oCiphers },
180 { "protocol", oProtocol },
181 { "remoteforward", oRemoteForward },
182 { "localforward", oLocalForward },
185 { "escapechar", oEscapeChar },
186 { "globalknownhostsfile", oGlobalKnownHostsFile },
187 { "userknownhostsfile", oUserKnownHostsFile }, /* obsolete */
188 { "globalknownhostsfile2", oGlobalKnownHostsFile2 },
189 { "userknownhostsfile2", oUserKnownHostsFile2 }, /* obsolete */
190 { "connectionattempts", oConnectionAttempts },
191 { "batchmode", oBatchMode },
192 { "checkhostip", oCheckHostIP },
193 { "stricthostkeychecking", oStrictHostKeyChecking },
194 { "compression", oCompression },
195 { "compressionlevel", oCompressionLevel },
196 { "keepalive", oKeepAlives },
197 { "numberofpasswordprompts", oNumberOfPasswordPrompts },
198 { "loglevel", oLogLevel },
199 { "dynamicforward", oDynamicForward },
200 { "preferredauthentications", oPreferredAuthentications },
201 { "hostkeyalgorithms", oHostKeyAlgorithms },
202 { "bindaddress", oBindAddress },
203 { "smartcarddevice", oSmartcardDevice },
204 { "clearallforwardings", oClearAllForwardings },
205 { "enablesshkeysign", oEnableSSHKeysign },
206 { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
211 * Adds a local TCP/IP port forward to options. Never returns if there is an
216 add_local_forward(Options *options, u_short port, const char *host,
220 #ifndef NO_IPPORT_RESERVED_CONCEPT
221 extern uid_t original_real_uid;
222 if (port < IPPORT_RESERVED && original_real_uid != 0)
223 fatal("Privileged ports can only be forwarded by root.");
225 if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
226 fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
227 fwd = &options->local_forwards[options->num_local_forwards++];
229 fwd->host = xstrdup(host);
230 fwd->host_port = host_port;
234 * Adds a remote TCP/IP port forward to options. Never returns if there is
239 add_remote_forward(Options *options, u_short port, const char *host,
243 if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
244 fatal("Too many remote forwards (max %d).",
245 SSH_MAX_FORWARDS_PER_DIRECTION);
246 fwd = &options->remote_forwards[options->num_remote_forwards++];
248 fwd->host = xstrdup(host);
249 fwd->host_port = host_port;
253 clear_forwardings(Options *options)
257 for (i = 0; i < options->num_local_forwards; i++)
258 xfree(options->local_forwards[i].host);
259 options->num_local_forwards = 0;
260 for (i = 0; i < options->num_remote_forwards; i++)
261 xfree(options->remote_forwards[i].host);
262 options->num_remote_forwards = 0;
266 * Returns the number of the token pointed to by cp or oBadOption.
270 parse_token(const char *cp, const char *filename, int linenum)
274 for (i = 0; keywords[i].name; i++)
275 if (strcasecmp(cp, keywords[i].name) == 0)
276 return keywords[i].opcode;
278 error("%s: line %d: Bad configuration option: %s",
279 filename, linenum, cp);
284 * Processes a single option line as used in the configuration files. This
285 * only sets those values that have not already been set.
287 #define WHITESPACE " \t\r\n"
290 process_config_line(Options *options, const char *host,
291 char *line, const char *filename, int linenum,
294 char buf[256], *s, **charptr, *endofnumber, *keyword, *arg;
295 int opcode, *intptr, value;
297 u_short fwd_port, fwd_host_port;
298 char sfwd_host_port[6];
301 /* Get the keyword. (Each line is supposed to begin with a keyword). */
302 keyword = strdelim(&s);
303 /* Ignore leading whitespace. */
304 if (*keyword == '\0')
305 keyword = strdelim(&s);
306 if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
309 opcode = parse_token(keyword, filename, linenum);
313 /* don't panic, but count bad options */
317 intptr = &options->forward_agent;
320 if (!arg || *arg == '\0')
321 fatal("%.200s line %d: Missing yes/no argument.", filename, linenum);
322 value = 0; /* To avoid compiler warning... */
323 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
325 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
328 fatal("%.200s line %d: Bad yes/no argument.", filename, linenum);
329 if (*activep && *intptr == -1)
334 intptr = &options->forward_x11;
338 intptr = &options->gateway_ports;
341 case oUsePrivilegedPort:
342 intptr = &options->use_privileged_port;
345 case oRhostsAuthentication:
346 intptr = &options->rhosts_authentication;
349 case oPasswordAuthentication:
350 intptr = &options->password_authentication;
353 case oKbdInteractiveAuthentication:
354 intptr = &options->kbd_interactive_authentication;
357 case oKbdInteractiveDevices:
358 charptr = &options->kbd_interactive_devices;
361 case oPubkeyAuthentication:
362 intptr = &options->pubkey_authentication;
365 case oRSAAuthentication:
366 intptr = &options->rsa_authentication;
369 case oRhostsRSAAuthentication:
370 intptr = &options->rhosts_rsa_authentication;
373 case oHostbasedAuthentication:
374 intptr = &options->hostbased_authentication;
377 case oChallengeResponseAuthentication:
378 intptr = &options->challenge_response_authentication;
380 #if defined(KRB4) || defined(KRB5)
381 case oKerberosAuthentication:
382 intptr = &options->kerberos_authentication;
386 case oGssAuthentication:
387 intptr = &options->gss_authentication;
391 intptr = &options->gss_keyex;
394 case oGssDelegateCreds:
395 intptr = &options->gss_deleg_creds;
399 case oGssGlobusDelegateLimitedCreds:
400 intptr = &options->gss_globus_deleg_limited_proxy;
406 #if defined(AFS) || defined(KRB5)
407 case oKerberosTgtPassing:
408 intptr = &options->kerberos_tgt_passing;
412 case oAFSTokenPassing:
413 intptr = &options->afs_token_passing;
417 intptr = &options->batch_mode;
421 intptr = &options->check_host_ip;
424 case oStrictHostKeyChecking:
425 intptr = &options->strict_host_key_checking;
427 if (!arg || *arg == '\0')
428 fatal("%.200s line %d: Missing yes/no/ask argument.",
430 value = 0; /* To avoid compiler warning... */
431 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
433 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
435 else if (strcmp(arg, "ask") == 0)
438 fatal("%.200s line %d: Bad yes/no/ask argument.", filename, linenum);
439 if (*activep && *intptr == -1)
444 intptr = &options->compression;
448 intptr = &options->keepalives;
451 case oNoHostAuthenticationForLocalhost:
452 intptr = &options->no_host_authentication_for_localhost;
455 case oNumberOfPasswordPrompts:
456 intptr = &options->number_of_password_prompts;
459 case oCompressionLevel:
460 intptr = &options->compression_level;
465 if (!arg || *arg == '\0')
466 fatal("%.200s line %d: Missing argument.", filename, linenum);
468 intptr = &options->num_identity_files;
469 if (*intptr >= SSH_MAX_IDENTITY_FILES)
470 fatal("%.200s line %d: Too many identity files specified (max %d).",
471 filename, linenum, SSH_MAX_IDENTITY_FILES);
472 charptr = &options->identity_files[*intptr];
473 *charptr = xstrdup(arg);
474 *intptr = *intptr + 1;
479 charptr=&options->xauth_location;
483 charptr = &options->user;
486 if (!arg || *arg == '\0')
487 fatal("%.200s line %d: Missing argument.", filename, linenum);
488 if (*activep && *charptr == NULL)
489 *charptr = xstrdup(arg);
492 case oGlobalKnownHostsFile:
493 charptr = &options->system_hostfile;
496 case oUserKnownHostsFile:
497 charptr = &options->user_hostfile;
500 case oGlobalKnownHostsFile2:
501 charptr = &options->system_hostfile2;
504 case oUserKnownHostsFile2:
505 charptr = &options->user_hostfile2;
509 charptr = &options->hostname;
513 charptr = &options->host_key_alias;
516 case oPreferredAuthentications:
517 charptr = &options->preferred_authentications;
521 charptr = &options->bind_address;
524 case oSmartcardDevice:
525 charptr = &options->smartcard_device;
529 charptr = &options->proxy_command;
530 len = strspn(s, WHITESPACE "=");
531 if (*activep && *charptr == NULL)
532 *charptr = xstrdup(s + len);
536 intptr = &options->port;
539 if (!arg || *arg == '\0')
540 fatal("%.200s line %d: Missing argument.", filename, linenum);
541 if (arg[0] < '0' || arg[0] > '9')
542 fatal("%.200s line %d: Bad number.", filename, linenum);
544 /* Octal, decimal, or hex format? */
545 value = strtol(arg, &endofnumber, 0);
546 if (arg == endofnumber)
547 fatal("%.200s line %d: Bad number.", filename, linenum);
548 if (*activep && *intptr == -1)
552 case oConnectionAttempts:
553 intptr = &options->connection_attempts;
557 intptr = &options->cipher;
559 if (!arg || *arg == '\0')
560 fatal("%.200s line %d: Missing argument.", filename, linenum);
561 value = cipher_number(arg);
563 fatal("%.200s line %d: Bad cipher '%s'.",
564 filename, linenum, arg ? arg : "<NONE>");
565 if (*activep && *intptr == -1)
571 if (!arg || *arg == '\0')
572 fatal("%.200s line %d: Missing argument.", filename, linenum);
573 if (!ciphers_valid(arg))
574 fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
575 filename, linenum, arg ? arg : "<NONE>");
576 if (*activep && options->ciphers == NULL)
577 options->ciphers = xstrdup(arg);
582 if (!arg || *arg == '\0')
583 fatal("%.200s line %d: Missing argument.", filename, linenum);
585 fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
586 filename, linenum, arg ? arg : "<NONE>");
587 if (*activep && options->macs == NULL)
588 options->macs = xstrdup(arg);
591 case oHostKeyAlgorithms:
593 if (!arg || *arg == '\0')
594 fatal("%.200s line %d: Missing argument.", filename, linenum);
595 if (!key_names_valid2(arg))
596 fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.",
597 filename, linenum, arg ? arg : "<NONE>");
598 if (*activep && options->hostkeyalgorithms == NULL)
599 options->hostkeyalgorithms = xstrdup(arg);
603 intptr = &options->protocol;
605 if (!arg || *arg == '\0')
606 fatal("%.200s line %d: Missing argument.", filename, linenum);
607 value = proto_spec(arg);
608 if (value == SSH_PROTO_UNKNOWN)
609 fatal("%.200s line %d: Bad protocol spec '%s'.",
610 filename, linenum, arg ? arg : "<NONE>");
611 if (*activep && *intptr == SSH_PROTO_UNKNOWN)
616 intptr = (int *) &options->log_level;
618 value = log_level_number(arg);
619 if (value == SYSLOG_LEVEL_NOT_SET)
620 fatal("%.200s line %d: unsupported log level '%s'",
621 filename, linenum, arg ? arg : "<NONE>");
622 if (*activep && (LogLevel) *intptr == SYSLOG_LEVEL_NOT_SET)
623 *intptr = (LogLevel) value;
629 if (!arg || *arg == '\0')
630 fatal("%.200s line %d: Missing port argument.",
632 if ((fwd_port = a2port(arg)) == 0)
633 fatal("%.200s line %d: Bad listen port.",
636 if (!arg || *arg == '\0')
637 fatal("%.200s line %d: Missing second argument.",
639 if (sscanf(arg, "%255[^:]:%5[0-9]", buf, sfwd_host_port) != 2 &&
640 sscanf(arg, "%255[^/]/%5[0-9]", buf, sfwd_host_port) != 2)
641 fatal("%.200s line %d: Bad forwarding specification.",
643 if ((fwd_host_port = a2port(sfwd_host_port)) == 0)
644 fatal("%.200s line %d: Bad forwarding port.",
647 if (opcode == oLocalForward)
648 add_local_forward(options, fwd_port, buf,
650 else if (opcode == oRemoteForward)
651 add_remote_forward(options, fwd_port, buf,
656 case oDynamicForward:
658 if (!arg || *arg == '\0')
659 fatal("%.200s line %d: Missing port argument.",
661 fwd_port = a2port(arg);
663 fatal("%.200s line %d: Badly formatted port number.",
666 add_local_forward(options, fwd_port, "socks4", 0);
669 case oClearAllForwardings:
670 intptr = &options->clear_forwardings;
675 while ((arg = strdelim(&s)) != NULL && *arg != '\0')
676 if (match_pattern(host, arg)) {
677 debug("Applying options for %.100s", arg);
681 /* Avoid garbage check below, as strdelim is done. */
685 intptr = &options->escape_char;
687 if (!arg || *arg == '\0')
688 fatal("%.200s line %d: Missing argument.", filename, linenum);
689 if (arg[0] == '^' && arg[2] == 0 &&
690 (u_char) arg[1] >= 64 && (u_char) arg[1] < 128)
691 value = (u_char) arg[1] & 31;
692 else if (strlen(arg) == 1)
693 value = (u_char) arg[0];
694 else if (strcmp(arg, "none") == 0)
695 value = SSH_ESCAPECHAR_NONE;
697 fatal("%.200s line %d: Bad escape character.",
700 value = 0; /* Avoid compiler warning. */
702 if (*activep && *intptr == -1)
706 case oEnableSSHKeysign:
707 intptr = &options->enable_ssh_keysign;
711 debug("%s line %d: Deprecated option \"%s\"",
712 filename, linenum, keyword);
716 fatal("process_config_line: Unimplemented opcode %d", opcode);
719 /* Check that there is no garbage at end of line. */
720 if ((arg = strdelim(&s)) != NULL && *arg != '\0') {
721 fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
722 filename, linenum, arg);
729 * Reads the config file and modifies the options accordingly. Options
730 * should already be initialized before this call. This never returns if
731 * there is an error. If the file does not exist, this returns 0.
735 read_config_file(const char *filename, const char *host, Options *options)
743 f = fopen(filename, "r");
747 debug("Reading configuration data %.200s", filename);
750 * Mark that we are now processing the options. This flag is turned
751 * on/off by Host specifications.
755 while (fgets(line, sizeof(line), f)) {
756 /* Update line number counter. */
758 if (process_config_line(options, host, line, filename, linenum, &active) != 0)
763 fatal("%s: terminating, %d bad configuration options",
764 filename, bad_options);
769 * Initializes options to special values that indicate that they have not yet
770 * been set. Read_config_file will only set options with this value. Options
771 * are processed in the following order: command line, user config file,
772 * system config file. Last, fill_default_options is called.
776 initialize_options(Options * options)
778 memset(options, 'X', sizeof(*options));
779 options->forward_agent = -1;
780 options->forward_x11 = -1;
781 options->xauth_location = NULL;
782 options->gateway_ports = -1;
783 options->use_privileged_port = -1;
784 options->rhosts_authentication = -1;
785 options->rsa_authentication = -1;
786 options->pubkey_authentication = -1;
787 options->challenge_response_authentication = -1;
789 options->gss_authentication = -1;
790 options->gss_keyex = -1;
791 options->gss_deleg_creds = -1;
793 options->gss_globus_deleg_limited_proxy = -1;
797 #if defined(KRB4) || defined(KRB5)
798 options->kerberos_authentication = -1;
800 #if defined(AFS) || defined(KRB5)
801 options->kerberos_tgt_passing = -1;
804 options->afs_token_passing = -1;
806 options->password_authentication = -1;
807 options->kbd_interactive_authentication = -1;
808 options->kbd_interactive_devices = NULL;
809 options->rhosts_rsa_authentication = -1;
810 options->hostbased_authentication = -1;
811 options->batch_mode = -1;
812 options->check_host_ip = -1;
813 options->strict_host_key_checking = -1;
814 options->compression = -1;
815 options->keepalives = -1;
816 options->compression_level = -1;
818 options->connection_attempts = -1;
819 options->number_of_password_prompts = -1;
820 options->cipher = -1;
821 options->ciphers = NULL;
822 options->macs = NULL;
823 options->hostkeyalgorithms = NULL;
824 options->protocol = SSH_PROTO_UNKNOWN;
825 options->num_identity_files = 0;
826 options->hostname = NULL;
827 options->host_key_alias = NULL;
828 options->proxy_command = NULL;
829 options->user = NULL;
830 options->escape_char = -1;
831 options->system_hostfile = NULL;
832 options->user_hostfile = NULL;
833 options->system_hostfile2 = NULL;
834 options->user_hostfile2 = NULL;
835 options->num_local_forwards = 0;
836 options->num_remote_forwards = 0;
837 options->clear_forwardings = -1;
838 options->log_level = SYSLOG_LEVEL_NOT_SET;
839 options->preferred_authentications = NULL;
840 options->bind_address = NULL;
841 options->smartcard_device = NULL;
842 options->enable_ssh_keysign = - 1;
843 options->no_host_authentication_for_localhost = - 1;
847 * Called after processing other sources of option data, this fills those
848 * options for which no value has been specified with their default values.
852 fill_default_options(Options * options)
856 if (options->forward_agent == -1)
857 options->forward_agent = 0;
858 if (options->forward_x11 == -1)
859 options->forward_x11 = 0;
860 if (options->xauth_location == NULL)
861 options->xauth_location = _PATH_XAUTH;
862 if (options->gateway_ports == -1)
863 options->gateway_ports = 0;
864 if (options->use_privileged_port == -1)
865 options->use_privileged_port = 0;
866 if (options->rhosts_authentication == -1)
867 options->rhosts_authentication = 0;
868 if (options->rsa_authentication == -1)
869 options->rsa_authentication = 1;
870 if (options->pubkey_authentication == -1)
871 options->pubkey_authentication = 1;
872 if (options->challenge_response_authentication == -1)
873 options->challenge_response_authentication = 1;
875 if (options->gss_authentication == -1)
876 options->gss_authentication = 1;
877 if (options->gss_keyex == -1)
878 options->gss_keyex = 1;
879 if (options->gss_deleg_creds == -1)
880 options->gss_deleg_creds = 1;
882 if (options->gss_globus_deleg_limited_proxy == -1)
883 options->gss_globus_deleg_limited_proxy = 0;
886 #if defined(KRB4) || defined(KRB5)
887 if (options->kerberos_authentication == -1)
888 options->kerberos_authentication = 1;
890 #if defined(AFS) || defined(KRB5)
891 if (options->kerberos_tgt_passing == -1)
892 options->kerberos_tgt_passing = 1;
895 if (options->afs_token_passing == -1)
896 options->afs_token_passing = 1;
898 if (options->password_authentication == -1)
899 options->password_authentication = 1;
900 if (options->kbd_interactive_authentication == -1)
901 options->kbd_interactive_authentication = 1;
902 if (options->rhosts_rsa_authentication == -1)
903 options->rhosts_rsa_authentication = 0;
904 if (options->hostbased_authentication == -1)
905 options->hostbased_authentication = 0;
906 if (options->batch_mode == -1)
907 options->batch_mode = 0;
908 if (options->check_host_ip == -1)
909 options->check_host_ip = 1;
910 if (options->strict_host_key_checking == -1)
911 options->strict_host_key_checking = 2; /* 2 is default */
912 if (options->compression == -1)
913 options->compression = 0;
914 if (options->keepalives == -1)
915 options->keepalives = 1;
916 if (options->compression_level == -1)
917 options->compression_level = 6;
918 if (options->port == -1)
919 options->port = 0; /* Filled in ssh_connect. */
920 if (options->connection_attempts == -1)
921 options->connection_attempts = 1;
922 if (options->number_of_password_prompts == -1)
923 options->number_of_password_prompts = 3;
924 /* Selected in ssh_login(). */
925 if (options->cipher == -1)
926 options->cipher = SSH_CIPHER_NOT_SET;
927 /* options->ciphers, default set in myproposals.h */
928 /* options->macs, default set in myproposals.h */
929 /* options->hostkeyalgorithms, default set in myproposals.h */
930 if (options->protocol == SSH_PROTO_UNKNOWN)
931 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
932 if (options->num_identity_files == 0) {
933 if (options->protocol & SSH_PROTO_1) {
934 len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;
935 options->identity_files[options->num_identity_files] =
937 snprintf(options->identity_files[options->num_identity_files++],
938 len, "~/%.100s", _PATH_SSH_CLIENT_IDENTITY);
940 if (options->protocol & SSH_PROTO_2) {
941 len = 2 + strlen(_PATH_SSH_CLIENT_ID_RSA) + 1;
942 options->identity_files[options->num_identity_files] =
944 snprintf(options->identity_files[options->num_identity_files++],
945 len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA);
947 len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1;
948 options->identity_files[options->num_identity_files] =
950 snprintf(options->identity_files[options->num_identity_files++],
951 len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
954 if (options->escape_char == -1)
955 options->escape_char = '~';
956 if (options->system_hostfile == NULL)
957 options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE;
958 if (options->user_hostfile == NULL)
959 options->user_hostfile = _PATH_SSH_USER_HOSTFILE;
960 if (options->system_hostfile2 == NULL)
961 options->system_hostfile2 = _PATH_SSH_SYSTEM_HOSTFILE2;
962 if (options->user_hostfile2 == NULL)
963 options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2;
964 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
965 options->log_level = SYSLOG_LEVEL_INFO;
966 if (options->clear_forwardings == 1)
967 clear_forwardings(options);
968 if (options->no_host_authentication_for_localhost == - 1)
969 options->no_host_authentication_for_localhost = 0;
970 if (options->enable_ssh_keysign == -1)
971 options->enable_ssh_keysign = 0;
972 /* options->proxy_command should not be set by default */
973 /* options->user will be set in the main program if appropriate */
974 /* options->hostname will be set in the main program if appropriate */
975 /* options->host_key_alias should not be set by default */
976 /* options->preferred_authentications will be set in ssh */