2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * Functions for reading the configuration files.
7 * As far as I am concerned, the code I have written for this software
8 * can be used freely for any purpose. Any derived versions of this
9 * software must be clearly marked as such, and if the derived work is
10 * incompatible with the protocol description in the RFC file, it must be
11 * called by a name other than "ssh" or "Secure Shell".
15 RCSID("$OpenBSD: readconf.c,v 1.121 2003/09/01 18:15:50 markus Exp $");
21 #include "pathnames.h"
29 /* Format of the configuration file:
31 # Configuration data is parsed as follows:
32 # 1. command line options
33 # 2. user-specific file
35 # Any configuration value is only changed the first time it is set.
36 # Thus, host-specific definitions should be at the beginning of the
37 # configuration file, and defaults at the end.
39 # Host-specific declarations. These may override anything above. A single
40 # host may match multiple declarations; these are processed in the order
41 # that they are given in.
47 HostName another.host.name.real.org
54 RemoteForward 9999 shadows.cs.hut.fi:9999
60 PasswordAuthentication no
64 ProxyCommand ssh-proxy %h %p
67 PublicKeyAuthentication no
71 PasswordAuthentication no
73 # Defaults for various options
77 PasswordAuthentication yes
79 RhostsRSAAuthentication yes
80 StrictHostKeyChecking yes
82 IdentityFile ~/.ssh/identity
92 oForwardAgent, oForwardX11, oGatewayPorts,
93 oPasswordAuthentication, oRSAAuthentication,
94 oChallengeResponseAuthentication, oXAuthLocation,
95 oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
96 oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
97 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
98 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
99 oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts,
100 oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
101 oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
102 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
103 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
104 oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
105 oClearAllForwardings, oNoHostAuthenticationForLocalhost,
106 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
107 oAddressFamily, oGssAuthentication, oGssDelegateCreds,
108 oDeprecated, oUnsupported
111 /* Textual representations of the tokens. */
117 { "forwardagent", oForwardAgent },
118 { "forwardx11", oForwardX11 },
119 { "xauthlocation", oXAuthLocation },
120 { "gatewayports", oGatewayPorts },
121 { "useprivilegedport", oUsePrivilegedPort },
122 { "rhostsauthentication", oDeprecated },
123 { "passwordauthentication", oPasswordAuthentication },
124 { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
125 { "kbdinteractivedevices", oKbdInteractiveDevices },
126 { "rsaauthentication", oRSAAuthentication },
127 { "pubkeyauthentication", oPubkeyAuthentication },
128 { "dsaauthentication", oPubkeyAuthentication }, /* alias */
129 { "rhostsrsaauthentication", oRhostsRSAAuthentication },
130 { "hostbasedauthentication", oHostbasedAuthentication },
131 { "challengeresponseauthentication", oChallengeResponseAuthentication },
132 { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
133 { "tisauthentication", oChallengeResponseAuthentication }, /* alias */
134 { "kerberosauthentication", oUnsupported },
135 { "kerberostgtpassing", oUnsupported },
136 { "afstokenpassing", oUnsupported },
138 { "gssapiauthentication", oGssAuthentication },
139 { "gssapidelegatecredentials", oGssDelegateCreds },
141 { "gssapiauthentication", oUnsupported },
142 { "gssapidelegatecredentials", oUnsupported },
144 { "fallbacktorsh", oDeprecated },
145 { "usersh", oDeprecated },
146 { "identityfile", oIdentityFile },
147 { "identityfile2", oIdentityFile }, /* alias */
148 { "hostname", oHostName },
149 { "hostkeyalias", oHostKeyAlias },
150 { "proxycommand", oProxyCommand },
152 { "cipher", oCipher },
153 { "ciphers", oCiphers },
155 { "protocol", oProtocol },
156 { "remoteforward", oRemoteForward },
157 { "localforward", oLocalForward },
160 { "escapechar", oEscapeChar },
161 { "globalknownhostsfile", oGlobalKnownHostsFile },
162 { "userknownhostsfile", oUserKnownHostsFile }, /* obsolete */
163 { "globalknownhostsfile2", oGlobalKnownHostsFile2 },
164 { "userknownhostsfile2", oUserKnownHostsFile2 }, /* obsolete */
165 { "connectionattempts", oConnectionAttempts },
166 { "batchmode", oBatchMode },
167 { "checkhostip", oCheckHostIP },
168 { "stricthostkeychecking", oStrictHostKeyChecking },
169 { "compression", oCompression },
170 { "compressionlevel", oCompressionLevel },
171 { "keepalive", oKeepAlives },
172 { "numberofpasswordprompts", oNumberOfPasswordPrompts },
173 { "loglevel", oLogLevel },
174 { "dynamicforward", oDynamicForward },
175 { "preferredauthentications", oPreferredAuthentications },
176 { "hostkeyalgorithms", oHostKeyAlgorithms },
177 { "bindaddress", oBindAddress },
179 { "smartcarddevice", oSmartcardDevice },
181 { "smartcarddevice", oUnsupported },
183 { "clearallforwardings", oClearAllForwardings },
184 { "enablesshkeysign", oEnableSSHKeysign },
186 { "verifyhostkeydns", oVerifyHostKeyDNS },
188 { "verifyhostkeydns", oUnsupported },
190 { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
191 { "rekeylimit", oRekeyLimit },
192 { "connecttimeout", oConnectTimeout },
193 { "addressfamily", oAddressFamily },
198 * Adds a local TCP/IP port forward to options. Never returns if there is an
203 add_local_forward(Options *options, u_short port, const char *host,
207 #ifndef NO_IPPORT_RESERVED_CONCEPT
208 extern uid_t original_real_uid;
209 if (port < IPPORT_RESERVED && original_real_uid != 0)
210 fatal("Privileged ports can only be forwarded by root.");
212 if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
213 fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
214 fwd = &options->local_forwards[options->num_local_forwards++];
216 fwd->host = xstrdup(host);
217 fwd->host_port = host_port;
221 * Adds a remote TCP/IP port forward to options. Never returns if there is
226 add_remote_forward(Options *options, u_short port, const char *host,
230 if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
231 fatal("Too many remote forwards (max %d).",
232 SSH_MAX_FORWARDS_PER_DIRECTION);
233 fwd = &options->remote_forwards[options->num_remote_forwards++];
235 fwd->host = xstrdup(host);
236 fwd->host_port = host_port;
240 clear_forwardings(Options *options)
244 for (i = 0; i < options->num_local_forwards; i++)
245 xfree(options->local_forwards[i].host);
246 options->num_local_forwards = 0;
247 for (i = 0; i < options->num_remote_forwards; i++)
248 xfree(options->remote_forwards[i].host);
249 options->num_remote_forwards = 0;
253 * Returns the number of the token pointed to by cp or oBadOption.
257 parse_token(const char *cp, const char *filename, int linenum)
261 for (i = 0; keywords[i].name; i++)
262 if (strcasecmp(cp, keywords[i].name) == 0)
263 return keywords[i].opcode;
265 error("%s: line %d: Bad configuration option: %s",
266 filename, linenum, cp);
271 * Processes a single option line as used in the configuration files. This
272 * only sets those values that have not already been set.
274 #define WHITESPACE " \t\r\n"
277 process_config_line(Options *options, const char *host,
278 char *line, const char *filename, int linenum,
281 char buf[256], *s, **charptr, *endofnumber, *keyword, *arg;
282 int opcode, *intptr, value;
284 u_short fwd_port, fwd_host_port;
285 char sfwd_host_port[6];
287 /* Strip trailing whitespace */
288 for(len = strlen(line) - 1; len > 0; len--) {
289 if (strchr(WHITESPACE, line[len]) == NULL)
295 /* Get the keyword. (Each line is supposed to begin with a keyword). */
296 keyword = strdelim(&s);
297 /* Ignore leading whitespace. */
298 if (*keyword == '\0')
299 keyword = strdelim(&s);
300 if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
303 opcode = parse_token(keyword, filename, linenum);
307 /* don't panic, but count bad options */
310 case oConnectTimeout:
311 intptr = &options->connection_timeout;
314 if (!arg || *arg == '\0')
315 fatal("%s line %d: missing time value.",
317 if ((value = convtime(arg)) == -1)
318 fatal("%s line %d: invalid time value.",
325 intptr = &options->forward_agent;
328 if (!arg || *arg == '\0')
329 fatal("%.200s line %d: Missing yes/no argument.", filename, linenum);
330 value = 0; /* To avoid compiler warning... */
331 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
333 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
336 fatal("%.200s line %d: Bad yes/no argument.", filename, linenum);
337 if (*activep && *intptr == -1)
342 intptr = &options->forward_x11;
346 intptr = &options->gateway_ports;
349 case oUsePrivilegedPort:
350 intptr = &options->use_privileged_port;
353 case oPasswordAuthentication:
354 intptr = &options->password_authentication;
357 case oKbdInteractiveAuthentication:
358 intptr = &options->kbd_interactive_authentication;
361 case oKbdInteractiveDevices:
362 charptr = &options->kbd_interactive_devices;
365 case oPubkeyAuthentication:
366 intptr = &options->pubkey_authentication;
369 case oRSAAuthentication:
370 intptr = &options->rsa_authentication;
373 case oRhostsRSAAuthentication:
374 intptr = &options->rhosts_rsa_authentication;
377 case oHostbasedAuthentication:
378 intptr = &options->hostbased_authentication;
381 case oChallengeResponseAuthentication:
382 intptr = &options->challenge_response_authentication;
385 case oGssAuthentication:
386 intptr = &options->gss_authentication;
389 case oGssDelegateCreds:
390 intptr = &options->gss_deleg_creds;
394 intptr = &options->batch_mode;
398 intptr = &options->check_host_ip;
401 case oVerifyHostKeyDNS:
402 intptr = &options->verify_host_key_dns;
405 case oStrictHostKeyChecking:
406 intptr = &options->strict_host_key_checking;
408 if (!arg || *arg == '\0')
409 fatal("%.200s line %d: Missing yes/no/ask argument.",
411 value = 0; /* To avoid compiler warning... */
412 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
414 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
416 else if (strcmp(arg, "ask") == 0)
419 fatal("%.200s line %d: Bad yes/no/ask argument.", filename, linenum);
420 if (*activep && *intptr == -1)
425 intptr = &options->compression;
429 intptr = &options->keepalives;
432 case oNoHostAuthenticationForLocalhost:
433 intptr = &options->no_host_authentication_for_localhost;
436 case oNumberOfPasswordPrompts:
437 intptr = &options->number_of_password_prompts;
440 case oCompressionLevel:
441 intptr = &options->compression_level;
445 intptr = &options->rekey_limit;
447 if (!arg || *arg == '\0')
448 fatal("%.200s line %d: Missing argument.", filename, linenum);
449 if (arg[0] < '0' || arg[0] > '9')
450 fatal("%.200s line %d: Bad number.", filename, linenum);
451 value = strtol(arg, &endofnumber, 10);
452 if (arg == endofnumber)
453 fatal("%.200s line %d: Bad number.", filename, linenum);
454 switch (toupper(*endofnumber)) {
465 if (*activep && *intptr == -1)
471 if (!arg || *arg == '\0')
472 fatal("%.200s line %d: Missing argument.", filename, linenum);
474 intptr = &options->num_identity_files;
475 if (*intptr >= SSH_MAX_IDENTITY_FILES)
476 fatal("%.200s line %d: Too many identity files specified (max %d).",
477 filename, linenum, SSH_MAX_IDENTITY_FILES);
478 charptr = &options->identity_files[*intptr];
479 *charptr = xstrdup(arg);
480 *intptr = *intptr + 1;
485 charptr=&options->xauth_location;
489 charptr = &options->user;
492 if (!arg || *arg == '\0')
493 fatal("%.200s line %d: Missing argument.", filename, linenum);
494 if (*activep && *charptr == NULL)
495 *charptr = xstrdup(arg);
498 case oGlobalKnownHostsFile:
499 charptr = &options->system_hostfile;
502 case oUserKnownHostsFile:
503 charptr = &options->user_hostfile;
506 case oGlobalKnownHostsFile2:
507 charptr = &options->system_hostfile2;
510 case oUserKnownHostsFile2:
511 charptr = &options->user_hostfile2;
515 charptr = &options->hostname;
519 charptr = &options->host_key_alias;
522 case oPreferredAuthentications:
523 charptr = &options->preferred_authentications;
527 charptr = &options->bind_address;
530 case oSmartcardDevice:
531 charptr = &options->smartcard_device;
536 fatal("%.200s line %d: Missing argument.", filename, linenum);
537 charptr = &options->proxy_command;
538 len = strspn(s, WHITESPACE "=");
539 if (*activep && *charptr == NULL)
540 *charptr = xstrdup(s + len);
544 intptr = &options->port;
547 if (!arg || *arg == '\0')
548 fatal("%.200s line %d: Missing argument.", filename, linenum);
549 if (arg[0] < '0' || arg[0] > '9')
550 fatal("%.200s line %d: Bad number.", filename, linenum);
552 /* Octal, decimal, or hex format? */
553 value = strtol(arg, &endofnumber, 0);
554 if (arg == endofnumber)
555 fatal("%.200s line %d: Bad number.", filename, linenum);
556 if (*activep && *intptr == -1)
560 case oConnectionAttempts:
561 intptr = &options->connection_attempts;
565 intptr = &options->cipher;
567 if (!arg || *arg == '\0')
568 fatal("%.200s line %d: Missing argument.", filename, linenum);
569 value = cipher_number(arg);
571 fatal("%.200s line %d: Bad cipher '%s'.",
572 filename, linenum, arg ? arg : "<NONE>");
573 if (*activep && *intptr == -1)
579 if (!arg || *arg == '\0')
580 fatal("%.200s line %d: Missing argument.", filename, linenum);
581 if (!ciphers_valid(arg))
582 fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
583 filename, linenum, arg ? arg : "<NONE>");
584 if (*activep && options->ciphers == NULL)
585 options->ciphers = xstrdup(arg);
590 if (!arg || *arg == '\0')
591 fatal("%.200s line %d: Missing argument.", filename, linenum);
593 fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
594 filename, linenum, arg ? arg : "<NONE>");
595 if (*activep && options->macs == NULL)
596 options->macs = xstrdup(arg);
599 case oHostKeyAlgorithms:
601 if (!arg || *arg == '\0')
602 fatal("%.200s line %d: Missing argument.", filename, linenum);
603 if (!key_names_valid2(arg))
604 fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.",
605 filename, linenum, arg ? arg : "<NONE>");
606 if (*activep && options->hostkeyalgorithms == NULL)
607 options->hostkeyalgorithms = xstrdup(arg);
611 intptr = &options->protocol;
613 if (!arg || *arg == '\0')
614 fatal("%.200s line %d: Missing argument.", filename, linenum);
615 value = proto_spec(arg);
616 if (value == SSH_PROTO_UNKNOWN)
617 fatal("%.200s line %d: Bad protocol spec '%s'.",
618 filename, linenum, arg ? arg : "<NONE>");
619 if (*activep && *intptr == SSH_PROTO_UNKNOWN)
624 intptr = (int *) &options->log_level;
626 value = log_level_number(arg);
627 if (value == SYSLOG_LEVEL_NOT_SET)
628 fatal("%.200s line %d: unsupported log level '%s'",
629 filename, linenum, arg ? arg : "<NONE>");
630 if (*activep && (LogLevel) *intptr == SYSLOG_LEVEL_NOT_SET)
631 *intptr = (LogLevel) value;
637 if (!arg || *arg == '\0')
638 fatal("%.200s line %d: Missing port argument.",
640 if ((fwd_port = a2port(arg)) == 0)
641 fatal("%.200s line %d: Bad listen port.",
644 if (!arg || *arg == '\0')
645 fatal("%.200s line %d: Missing second argument.",
647 if (sscanf(arg, "%255[^:]:%5[0-9]", buf, sfwd_host_port) != 2 &&
648 sscanf(arg, "%255[^/]/%5[0-9]", buf, sfwd_host_port) != 2)
649 fatal("%.200s line %d: Bad forwarding specification.",
651 if ((fwd_host_port = a2port(sfwd_host_port)) == 0)
652 fatal("%.200s line %d: Bad forwarding port.",
655 if (opcode == oLocalForward)
656 add_local_forward(options, fwd_port, buf,
658 else if (opcode == oRemoteForward)
659 add_remote_forward(options, fwd_port, buf,
664 case oDynamicForward:
666 if (!arg || *arg == '\0')
667 fatal("%.200s line %d: Missing port argument.",
669 fwd_port = a2port(arg);
671 fatal("%.200s line %d: Badly formatted port number.",
674 add_local_forward(options, fwd_port, "socks", 0);
677 case oClearAllForwardings:
678 intptr = &options->clear_forwardings;
683 while ((arg = strdelim(&s)) != NULL && *arg != '\0')
684 if (match_pattern(host, arg)) {
685 debug("Applying options for %.100s", arg);
689 /* Avoid garbage check below, as strdelim is done. */
693 intptr = &options->escape_char;
695 if (!arg || *arg == '\0')
696 fatal("%.200s line %d: Missing argument.", filename, linenum);
697 if (arg[0] == '^' && arg[2] == 0 &&
698 (u_char) arg[1] >= 64 && (u_char) arg[1] < 128)
699 value = (u_char) arg[1] & 31;
700 else if (strlen(arg) == 1)
701 value = (u_char) arg[0];
702 else if (strcmp(arg, "none") == 0)
703 value = SSH_ESCAPECHAR_NONE;
705 fatal("%.200s line %d: Bad escape character.",
708 value = 0; /* Avoid compiler warning. */
710 if (*activep && *intptr == -1)
716 intptr = &options->address_family;
717 if (strcasecmp(arg, "inet") == 0)
719 else if (strcasecmp(arg, "inet6") == 0)
721 else if (strcasecmp(arg, "any") == 0)
724 fatal("Unsupported AddressFamily \"%s\"", arg);
725 if (*activep && *intptr == -1)
729 case oEnableSSHKeysign:
730 intptr = &options->enable_ssh_keysign;
734 debug("%s line %d: Deprecated option \"%s\"",
735 filename, linenum, keyword);
739 error("%s line %d: Unsupported option \"%s\"",
740 filename, linenum, keyword);
744 fatal("process_config_line: Unimplemented opcode %d", opcode);
747 /* Check that there is no garbage at end of line. */
748 if ((arg = strdelim(&s)) != NULL && *arg != '\0') {
749 fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
750 filename, linenum, arg);
757 * Reads the config file and modifies the options accordingly. Options
758 * should already be initialized before this call. This never returns if
759 * there is an error. If the file does not exist, this returns 0.
763 read_config_file(const char *filename, const char *host, Options *options)
771 f = fopen(filename, "r");
775 debug("Reading configuration data %.200s", filename);
778 * Mark that we are now processing the options. This flag is turned
779 * on/off by Host specifications.
783 while (fgets(line, sizeof(line), f)) {
784 /* Update line number counter. */
786 if (process_config_line(options, host, line, filename, linenum, &active) != 0)
791 fatal("%s: terminating, %d bad configuration options",
792 filename, bad_options);
797 * Initializes options to special values that indicate that they have not yet
798 * been set. Read_config_file will only set options with this value. Options
799 * are processed in the following order: command line, user config file,
800 * system config file. Last, fill_default_options is called.
804 initialize_options(Options * options)
806 memset(options, 'X', sizeof(*options));
807 options->forward_agent = -1;
808 options->forward_x11 = -1;
809 options->xauth_location = NULL;
810 options->gateway_ports = -1;
811 options->use_privileged_port = -1;
812 options->rsa_authentication = -1;
813 options->pubkey_authentication = -1;
814 options->challenge_response_authentication = -1;
815 options->gss_authentication = -1;
816 options->gss_deleg_creds = -1;
817 options->password_authentication = -1;
818 options->kbd_interactive_authentication = -1;
819 options->kbd_interactive_devices = NULL;
820 options->rhosts_rsa_authentication = -1;
821 options->hostbased_authentication = -1;
822 options->batch_mode = -1;
823 options->check_host_ip = -1;
824 options->strict_host_key_checking = -1;
825 options->compression = -1;
826 options->keepalives = -1;
827 options->compression_level = -1;
829 options->address_family = -1;
830 options->connection_attempts = -1;
831 options->connection_timeout = -1;
832 options->number_of_password_prompts = -1;
833 options->cipher = -1;
834 options->ciphers = NULL;
835 options->macs = NULL;
836 options->hostkeyalgorithms = NULL;
837 options->protocol = SSH_PROTO_UNKNOWN;
838 options->num_identity_files = 0;
839 options->hostname = NULL;
840 options->host_key_alias = NULL;
841 options->proxy_command = NULL;
842 options->user = NULL;
843 options->escape_char = -1;
844 options->system_hostfile = NULL;
845 options->user_hostfile = NULL;
846 options->system_hostfile2 = NULL;
847 options->user_hostfile2 = NULL;
848 options->num_local_forwards = 0;
849 options->num_remote_forwards = 0;
850 options->clear_forwardings = -1;
851 options->log_level = SYSLOG_LEVEL_NOT_SET;
852 options->preferred_authentications = NULL;
853 options->bind_address = NULL;
854 options->smartcard_device = NULL;
855 options->enable_ssh_keysign = - 1;
856 options->no_host_authentication_for_localhost = - 1;
857 options->rekey_limit = - 1;
858 options->verify_host_key_dns = -1;
862 * Called after processing other sources of option data, this fills those
863 * options for which no value has been specified with their default values.
867 fill_default_options(Options * options)
871 if (options->forward_agent == -1)
872 options->forward_agent = 0;
873 if (options->forward_x11 == -1)
874 options->forward_x11 = 0;
875 if (options->xauth_location == NULL)
876 options->xauth_location = _PATH_XAUTH;
877 if (options->gateway_ports == -1)
878 options->gateway_ports = 0;
879 if (options->use_privileged_port == -1)
880 options->use_privileged_port = 0;
881 if (options->rsa_authentication == -1)
882 options->rsa_authentication = 1;
883 if (options->pubkey_authentication == -1)
884 options->pubkey_authentication = 1;
885 if (options->challenge_response_authentication == -1)
886 options->challenge_response_authentication = 1;
887 if (options->gss_authentication == -1)
888 options->gss_authentication = 1;
889 if (options->gss_deleg_creds == -1)
890 options->gss_deleg_creds = 0;
891 if (options->password_authentication == -1)
892 options->password_authentication = 1;
893 if (options->kbd_interactive_authentication == -1)
894 options->kbd_interactive_authentication = 1;
895 if (options->rhosts_rsa_authentication == -1)
896 options->rhosts_rsa_authentication = 0;
897 if (options->hostbased_authentication == -1)
898 options->hostbased_authentication = 0;
899 if (options->batch_mode == -1)
900 options->batch_mode = 0;
901 if (options->check_host_ip == -1)
902 options->check_host_ip = 1;
903 if (options->strict_host_key_checking == -1)
904 options->strict_host_key_checking = 2; /* 2 is default */
905 if (options->compression == -1)
906 options->compression = 0;
907 if (options->keepalives == -1)
908 options->keepalives = 1;
909 if (options->compression_level == -1)
910 options->compression_level = 6;
911 if (options->port == -1)
912 options->port = 0; /* Filled in ssh_connect. */
913 if (options->address_family == -1)
914 options->address_family = AF_UNSPEC;
915 if (options->connection_attempts == -1)
916 options->connection_attempts = 1;
917 if (options->number_of_password_prompts == -1)
918 options->number_of_password_prompts = 3;
919 /* Selected in ssh_login(). */
920 if (options->cipher == -1)
921 options->cipher = SSH_CIPHER_NOT_SET;
922 /* options->ciphers, default set in myproposals.h */
923 /* options->macs, default set in myproposals.h */
924 /* options->hostkeyalgorithms, default set in myproposals.h */
925 if (options->protocol == SSH_PROTO_UNKNOWN)
926 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
927 if (options->num_identity_files == 0) {
928 if (options->protocol & SSH_PROTO_1) {
929 len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;
930 options->identity_files[options->num_identity_files] =
932 snprintf(options->identity_files[options->num_identity_files++],
933 len, "~/%.100s", _PATH_SSH_CLIENT_IDENTITY);
935 if (options->protocol & SSH_PROTO_2) {
936 len = 2 + strlen(_PATH_SSH_CLIENT_ID_RSA) + 1;
937 options->identity_files[options->num_identity_files] =
939 snprintf(options->identity_files[options->num_identity_files++],
940 len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA);
942 len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1;
943 options->identity_files[options->num_identity_files] =
945 snprintf(options->identity_files[options->num_identity_files++],
946 len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
949 if (options->escape_char == -1)
950 options->escape_char = '~';
951 if (options->system_hostfile == NULL)
952 options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE;
953 if (options->user_hostfile == NULL)
954 options->user_hostfile = _PATH_SSH_USER_HOSTFILE;
955 if (options->system_hostfile2 == NULL)
956 options->system_hostfile2 = _PATH_SSH_SYSTEM_HOSTFILE2;
957 if (options->user_hostfile2 == NULL)
958 options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2;
959 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
960 options->log_level = SYSLOG_LEVEL_INFO;
961 if (options->clear_forwardings == 1)
962 clear_forwardings(options);
963 if (options->no_host_authentication_for_localhost == - 1)
964 options->no_host_authentication_for_localhost = 0;
965 if (options->enable_ssh_keysign == -1)
966 options->enable_ssh_keysign = 0;
967 if (options->rekey_limit == -1)
968 options->rekey_limit = 0;
969 if (options->verify_host_key_dns == -1)
970 options->verify_host_key_dns = 0;
971 /* options->proxy_command should not be set by default */
972 /* options->user will be set in the main program if appropriate */
973 /* options->hostname will be set in the main program if appropriate */
974 /* options->host_key_alias should not be set by default */
975 /* options->preferred_authentications will be set in ssh */