2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * Functions for reading the configuration files.
7 * As far as I am concerned, the code I have written for this software
8 * can be used freely for any purpose. Any derived versions of this
9 * software must be clearly marked as such, and if the derived work is
10 * incompatible with the protocol description in the RFC file, it must be
11 * called by a name other than "ssh" or "Secure Shell".
15 RCSID("$OpenBSD: readconf.c,v 1.137 2005/03/04 08:48:06 djm Exp $");
21 #include "pathnames.h"
29 /* Format of the configuration file:
31 # Configuration data is parsed as follows:
32 # 1. command line options
33 # 2. user-specific file
35 # Any configuration value is only changed the first time it is set.
36 # Thus, host-specific definitions should be at the beginning of the
37 # configuration file, and defaults at the end.
39 # Host-specific declarations. These may override anything above. A single
40 # host may match multiple declarations; these are processed in the order
41 # that they are given in.
47 HostName another.host.name.real.org
54 RemoteForward 9999 shadows.cs.hut.fi:9999
60 PasswordAuthentication no
64 ProxyCommand ssh-proxy %h %p
67 PublicKeyAuthentication no
71 PasswordAuthentication no
73 # Defaults for various options
77 PasswordAuthentication yes
79 RhostsRSAAuthentication yes
80 StrictHostKeyChecking yes
82 IdentityFile ~/.ssh/identity
92 oForwardAgent, oForwardX11, oForwardX11Trusted, oGatewayPorts,
93 oPasswordAuthentication, oRSAAuthentication,
94 oChallengeResponseAuthentication, oXAuthLocation,
95 oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
96 oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
97 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
98 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
99 oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts,
100 oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
101 oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
102 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
103 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
104 oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
105 oClearAllForwardings, oNoHostAuthenticationForLocalhost,
106 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
107 oAddressFamily, oGssAuthentication, oGssKeyEx, oGssDelegateCreds,
108 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
109 oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
110 oDeprecated, oUnsupported
113 /* Textual representations of the tokens. */
119 { "forwardagent", oForwardAgent },
120 { "forwardx11", oForwardX11 },
121 { "forwardx11trusted", oForwardX11Trusted },
122 { "xauthlocation", oXAuthLocation },
123 { "gatewayports", oGatewayPorts },
124 { "useprivilegedport", oUsePrivilegedPort },
125 { "rhostsauthentication", oDeprecated },
126 { "passwordauthentication", oPasswordAuthentication },
127 { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
128 { "kbdinteractivedevices", oKbdInteractiveDevices },
129 { "rsaauthentication", oRSAAuthentication },
130 { "pubkeyauthentication", oPubkeyAuthentication },
131 { "dsaauthentication", oPubkeyAuthentication }, /* alias */
132 { "rhostsrsaauthentication", oRhostsRSAAuthentication },
133 { "hostbasedauthentication", oHostbasedAuthentication },
134 { "challengeresponseauthentication", oChallengeResponseAuthentication },
135 { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
136 { "tisauthentication", oChallengeResponseAuthentication }, /* alias */
137 { "kerberosauthentication", oUnsupported },
138 { "kerberostgtpassing", oUnsupported },
139 { "afstokenpassing", oUnsupported },
141 { "gssapiauthentication", oGssAuthentication },
142 { "gssapikeyexchange", oGssKeyEx },
143 { "gssapidelegatecredentials", oGssDelegateCreds },
145 { "gssapiauthentication", oUnsupported },
146 { "gssapikeyexchange", oUnsupported },
147 { "gssapidelegatecredentials", oUnsupported },
149 { "fallbacktorsh", oDeprecated },
150 { "usersh", oDeprecated },
151 { "identityfile", oIdentityFile },
152 { "identityfile2", oIdentityFile }, /* alias */
153 { "identitiesonly", oIdentitiesOnly },
154 { "hostname", oHostName },
155 { "hostkeyalias", oHostKeyAlias },
156 { "proxycommand", oProxyCommand },
158 { "cipher", oCipher },
159 { "ciphers", oCiphers },
161 { "protocol", oProtocol },
162 { "remoteforward", oRemoteForward },
163 { "localforward", oLocalForward },
166 { "escapechar", oEscapeChar },
167 { "globalknownhostsfile", oGlobalKnownHostsFile },
168 { "userknownhostsfile", oUserKnownHostsFile }, /* obsolete */
169 { "globalknownhostsfile2", oGlobalKnownHostsFile2 },
170 { "userknownhostsfile2", oUserKnownHostsFile2 }, /* obsolete */
171 { "connectionattempts", oConnectionAttempts },
172 { "batchmode", oBatchMode },
173 { "checkhostip", oCheckHostIP },
174 { "stricthostkeychecking", oStrictHostKeyChecking },
175 { "compression", oCompression },
176 { "compressionlevel", oCompressionLevel },
177 { "tcpkeepalive", oTCPKeepAlive },
178 { "keepalive", oTCPKeepAlive }, /* obsolete */
179 { "numberofpasswordprompts", oNumberOfPasswordPrompts },
180 { "loglevel", oLogLevel },
181 { "dynamicforward", oDynamicForward },
182 { "preferredauthentications", oPreferredAuthentications },
183 { "hostkeyalgorithms", oHostKeyAlgorithms },
184 { "bindaddress", oBindAddress },
186 { "smartcarddevice", oSmartcardDevice },
188 { "smartcarddevice", oUnsupported },
190 { "clearallforwardings", oClearAllForwardings },
191 { "enablesshkeysign", oEnableSSHKeysign },
192 { "verifyhostkeydns", oVerifyHostKeyDNS },
193 { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
194 { "rekeylimit", oRekeyLimit },
195 { "connecttimeout", oConnectTimeout },
196 { "addressfamily", oAddressFamily },
197 { "serveraliveinterval", oServerAliveInterval },
198 { "serveralivecountmax", oServerAliveCountMax },
199 { "sendenv", oSendEnv },
200 { "controlpath", oControlPath },
201 { "controlmaster", oControlMaster },
202 { "hashknownhosts", oHashKnownHosts },
207 * Adds a local TCP/IP port forward to options. Never returns if there is an
212 add_local_forward(Options *options, const Forward *newfwd)
215 #ifndef NO_IPPORT_RESERVED_CONCEPT
216 extern uid_t original_real_uid;
217 if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0)
218 fatal("Privileged ports can only be forwarded by root.");
220 if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
221 fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
222 fwd = &options->local_forwards[options->num_local_forwards++];
224 fwd->listen_host = (newfwd->listen_host == NULL) ?
225 NULL : xstrdup(newfwd->listen_host);
226 fwd->listen_port = newfwd->listen_port;
227 fwd->connect_host = xstrdup(newfwd->connect_host);
228 fwd->connect_port = newfwd->connect_port;
232 * Adds a remote TCP/IP port forward to options. Never returns if there is
237 add_remote_forward(Options *options, const Forward *newfwd)
240 if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
241 fatal("Too many remote forwards (max %d).",
242 SSH_MAX_FORWARDS_PER_DIRECTION);
243 fwd = &options->remote_forwards[options->num_remote_forwards++];
245 fwd->listen_host = (newfwd->listen_host == NULL) ?
246 NULL : xstrdup(newfwd->listen_host);
247 fwd->listen_port = newfwd->listen_port;
248 fwd->connect_host = xstrdup(newfwd->connect_host);
249 fwd->connect_port = newfwd->connect_port;
253 clear_forwardings(Options *options)
257 for (i = 0; i < options->num_local_forwards; i++) {
258 xfree(options->local_forwards[i].listen_host);
259 xfree(options->local_forwards[i].connect_host);
261 options->num_local_forwards = 0;
262 for (i = 0; i < options->num_remote_forwards; i++) {
263 xfree(options->remote_forwards[i].listen_host);
264 xfree(options->remote_forwards[i].connect_host);
266 options->num_remote_forwards = 0;
270 * Returns the number of the token pointed to by cp or oBadOption.
274 parse_token(const char *cp, const char *filename, int linenum)
278 for (i = 0; keywords[i].name; i++)
279 if (strcasecmp(cp, keywords[i].name) == 0)
280 return keywords[i].opcode;
282 error("%s: line %d: Bad configuration option: %s",
283 filename, linenum, cp);
288 * Processes a single option line as used in the configuration files. This
289 * only sets those values that have not already been set.
291 #define WHITESPACE " \t\r\n"
294 process_config_line(Options *options, const char *host,
295 char *line, const char *filename, int linenum,
298 char *s, **charptr, *endofnumber, *keyword, *arg, *arg2, fwdarg[256];
299 int opcode, *intptr, value;
303 /* Strip trailing whitespace */
304 for(len = strlen(line) - 1; len > 0; len--) {
305 if (strchr(WHITESPACE, line[len]) == NULL)
311 /* Get the keyword. (Each line is supposed to begin with a keyword). */
312 keyword = strdelim(&s);
313 /* Ignore leading whitespace. */
314 if (*keyword == '\0')
315 keyword = strdelim(&s);
316 if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
319 opcode = parse_token(keyword, filename, linenum);
323 /* don't panic, but count bad options */
326 case oConnectTimeout:
327 intptr = &options->connection_timeout;
330 if (!arg || *arg == '\0')
331 fatal("%s line %d: missing time value.",
333 if ((value = convtime(arg)) == -1)
334 fatal("%s line %d: invalid time value.",
341 intptr = &options->forward_agent;
344 if (!arg || *arg == '\0')
345 fatal("%.200s line %d: Missing yes/no argument.", filename, linenum);
346 value = 0; /* To avoid compiler warning... */
347 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
349 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
352 fatal("%.200s line %d: Bad yes/no argument.", filename, linenum);
353 if (*activep && *intptr == -1)
358 intptr = &options->forward_x11;
361 case oForwardX11Trusted:
362 intptr = &options->forward_x11_trusted;
366 intptr = &options->gateway_ports;
369 case oUsePrivilegedPort:
370 intptr = &options->use_privileged_port;
373 case oPasswordAuthentication:
374 intptr = &options->password_authentication;
377 case oKbdInteractiveAuthentication:
378 intptr = &options->kbd_interactive_authentication;
381 case oKbdInteractiveDevices:
382 charptr = &options->kbd_interactive_devices;
385 case oPubkeyAuthentication:
386 intptr = &options->pubkey_authentication;
389 case oRSAAuthentication:
390 intptr = &options->rsa_authentication;
393 case oRhostsRSAAuthentication:
394 intptr = &options->rhosts_rsa_authentication;
397 case oHostbasedAuthentication:
398 intptr = &options->hostbased_authentication;
401 case oChallengeResponseAuthentication:
402 intptr = &options->challenge_response_authentication;
405 case oGssAuthentication:
406 intptr = &options->gss_authentication;
410 intptr = &options->gss_keyex;
413 case oGssDelegateCreds:
414 intptr = &options->gss_deleg_creds;
418 intptr = &options->batch_mode;
422 intptr = &options->check_host_ip;
425 case oVerifyHostKeyDNS:
426 intptr = &options->verify_host_key_dns;
429 case oStrictHostKeyChecking:
430 intptr = &options->strict_host_key_checking;
433 if (!arg || *arg == '\0')
434 fatal("%.200s line %d: Missing yes/no/ask argument.",
436 value = 0; /* To avoid compiler warning... */
437 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
439 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
441 else if (strcmp(arg, "ask") == 0)
444 fatal("%.200s line %d: Bad yes/no/ask argument.", filename, linenum);
445 if (*activep && *intptr == -1)
450 intptr = &options->compression;
454 intptr = &options->tcp_keep_alive;
457 case oNoHostAuthenticationForLocalhost:
458 intptr = &options->no_host_authentication_for_localhost;
461 case oNumberOfPasswordPrompts:
462 intptr = &options->number_of_password_prompts;
465 case oCompressionLevel:
466 intptr = &options->compression_level;
470 intptr = &options->rekey_limit;
472 if (!arg || *arg == '\0')
473 fatal("%.200s line %d: Missing argument.", filename, linenum);
474 if (arg[0] < '0' || arg[0] > '9')
475 fatal("%.200s line %d: Bad number.", filename, linenum);
476 value = strtol(arg, &endofnumber, 10);
477 if (arg == endofnumber)
478 fatal("%.200s line %d: Bad number.", filename, linenum);
479 switch (toupper(*endofnumber)) {
490 if (*activep && *intptr == -1)
496 if (!arg || *arg == '\0')
497 fatal("%.200s line %d: Missing argument.", filename, linenum);
499 intptr = &options->num_identity_files;
500 if (*intptr >= SSH_MAX_IDENTITY_FILES)
501 fatal("%.200s line %d: Too many identity files specified (max %d).",
502 filename, linenum, SSH_MAX_IDENTITY_FILES);
503 charptr = &options->identity_files[*intptr];
504 *charptr = xstrdup(arg);
505 *intptr = *intptr + 1;
510 charptr=&options->xauth_location;
514 charptr = &options->user;
517 if (!arg || *arg == '\0')
518 fatal("%.200s line %d: Missing argument.", filename, linenum);
519 if (*activep && *charptr == NULL)
520 *charptr = xstrdup(arg);
523 case oGlobalKnownHostsFile:
524 charptr = &options->system_hostfile;
527 case oUserKnownHostsFile:
528 charptr = &options->user_hostfile;
531 case oGlobalKnownHostsFile2:
532 charptr = &options->system_hostfile2;
535 case oUserKnownHostsFile2:
536 charptr = &options->user_hostfile2;
540 charptr = &options->hostname;
544 charptr = &options->host_key_alias;
547 case oPreferredAuthentications:
548 charptr = &options->preferred_authentications;
552 charptr = &options->bind_address;
555 case oSmartcardDevice:
556 charptr = &options->smartcard_device;
561 fatal("%.200s line %d: Missing argument.", filename, linenum);
562 charptr = &options->proxy_command;
563 len = strspn(s, WHITESPACE "=");
564 if (*activep && *charptr == NULL)
565 *charptr = xstrdup(s + len);
569 intptr = &options->port;
572 if (!arg || *arg == '\0')
573 fatal("%.200s line %d: Missing argument.", filename, linenum);
574 if (arg[0] < '0' || arg[0] > '9')
575 fatal("%.200s line %d: Bad number.", filename, linenum);
577 /* Octal, decimal, or hex format? */
578 value = strtol(arg, &endofnumber, 0);
579 if (arg == endofnumber)
580 fatal("%.200s line %d: Bad number.", filename, linenum);
581 if (*activep && *intptr == -1)
585 case oConnectionAttempts:
586 intptr = &options->connection_attempts;
590 intptr = &options->cipher;
592 if (!arg || *arg == '\0')
593 fatal("%.200s line %d: Missing argument.", filename, linenum);
594 value = cipher_number(arg);
596 fatal("%.200s line %d: Bad cipher '%s'.",
597 filename, linenum, arg ? arg : "<NONE>");
598 if (*activep && *intptr == -1)
604 if (!arg || *arg == '\0')
605 fatal("%.200s line %d: Missing argument.", filename, linenum);
606 if (!ciphers_valid(arg))
607 fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
608 filename, linenum, arg ? arg : "<NONE>");
609 if (*activep && options->ciphers == NULL)
610 options->ciphers = xstrdup(arg);
615 if (!arg || *arg == '\0')
616 fatal("%.200s line %d: Missing argument.", filename, linenum);
618 fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
619 filename, linenum, arg ? arg : "<NONE>");
620 if (*activep && options->macs == NULL)
621 options->macs = xstrdup(arg);
624 case oHostKeyAlgorithms:
626 if (!arg || *arg == '\0')
627 fatal("%.200s line %d: Missing argument.", filename, linenum);
628 if (!key_names_valid2(arg))
629 fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.",
630 filename, linenum, arg ? arg : "<NONE>");
631 if (*activep && options->hostkeyalgorithms == NULL)
632 options->hostkeyalgorithms = xstrdup(arg);
636 intptr = &options->protocol;
638 if (!arg || *arg == '\0')
639 fatal("%.200s line %d: Missing argument.", filename, linenum);
640 value = proto_spec(arg);
641 if (value == SSH_PROTO_UNKNOWN)
642 fatal("%.200s line %d: Bad protocol spec '%s'.",
643 filename, linenum, arg ? arg : "<NONE>");
644 if (*activep && *intptr == SSH_PROTO_UNKNOWN)
649 intptr = (int *) &options->log_level;
651 value = log_level_number(arg);
652 if (value == SYSLOG_LEVEL_NOT_SET)
653 fatal("%.200s line %d: unsupported log level '%s'",
654 filename, linenum, arg ? arg : "<NONE>");
655 if (*activep && (LogLevel) *intptr == SYSLOG_LEVEL_NOT_SET)
656 *intptr = (LogLevel) value;
662 if (arg == NULL || *arg == '\0')
663 fatal("%.200s line %d: Missing port argument.",
666 if (arg2 == NULL || *arg2 == '\0')
667 fatal("%.200s line %d: Missing target argument.",
670 /* construct a string for parse_forward */
671 snprintf(fwdarg, sizeof(fwdarg), "%s:%s", arg, arg2);
673 if (parse_forward(&fwd, fwdarg) == 0)
674 fatal("%.200s line %d: Bad forwarding specification.",
678 if (opcode == oLocalForward)
679 add_local_forward(options, &fwd);
680 else if (opcode == oRemoteForward)
681 add_remote_forward(options, &fwd);
685 case oDynamicForward:
687 if (!arg || *arg == '\0')
688 fatal("%.200s line %d: Missing port argument.",
690 memset(&fwd, '\0', sizeof(fwd));
691 fwd.connect_host = "socks";
692 fwd.listen_host = hpdelim(&arg);
693 if (fwd.listen_host == NULL ||
694 strlen(fwd.listen_host) >= NI_MAXHOST)
695 fatal("%.200s line %d: Bad forwarding specification.",
698 fwd.listen_port = a2port(arg);
699 fwd.listen_host = cleanhostname(fwd.listen_host);
701 fwd.listen_port = a2port(fwd.listen_host);
702 fwd.listen_host = "";
704 if (fwd.listen_port == 0)
705 fatal("%.200s line %d: Badly formatted port number.",
708 add_local_forward(options, &fwd);
711 case oClearAllForwardings:
712 intptr = &options->clear_forwardings;
717 while ((arg = strdelim(&s)) != NULL && *arg != '\0')
718 if (match_pattern(host, arg)) {
719 debug("Applying options for %.100s", arg);
723 /* Avoid garbage check below, as strdelim is done. */
727 intptr = &options->escape_char;
729 if (!arg || *arg == '\0')
730 fatal("%.200s line %d: Missing argument.", filename, linenum);
731 if (arg[0] == '^' && arg[2] == 0 &&
732 (u_char) arg[1] >= 64 && (u_char) arg[1] < 128)
733 value = (u_char) arg[1] & 31;
734 else if (strlen(arg) == 1)
735 value = (u_char) arg[0];
736 else if (strcmp(arg, "none") == 0)
737 value = SSH_ESCAPECHAR_NONE;
739 fatal("%.200s line %d: Bad escape character.",
742 value = 0; /* Avoid compiler warning. */
744 if (*activep && *intptr == -1)
750 intptr = &options->address_family;
751 if (strcasecmp(arg, "inet") == 0)
753 else if (strcasecmp(arg, "inet6") == 0)
755 else if (strcasecmp(arg, "any") == 0)
758 fatal("Unsupported AddressFamily \"%s\"", arg);
759 if (*activep && *intptr == -1)
763 case oEnableSSHKeysign:
764 intptr = &options->enable_ssh_keysign;
767 case oIdentitiesOnly:
768 intptr = &options->identities_only;
771 case oServerAliveInterval:
772 intptr = &options->server_alive_interval;
775 case oServerAliveCountMax:
776 intptr = &options->server_alive_count_max;
780 while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
781 if (strchr(arg, '=') != NULL)
782 fatal("%s line %d: Invalid environment name.",
786 if (options->num_send_env >= MAX_SEND_ENV)
787 fatal("%s line %d: too many send env.",
789 options->send_env[options->num_send_env++] =
795 charptr = &options->control_path;
799 intptr = &options->control_master;
802 case oHashKnownHosts:
803 intptr = &options->hash_known_hosts;
807 debug("%s line %d: Deprecated option \"%s\"",
808 filename, linenum, keyword);
812 error("%s line %d: Unsupported option \"%s\"",
813 filename, linenum, keyword);
817 fatal("process_config_line: Unimplemented opcode %d", opcode);
820 /* Check that there is no garbage at end of line. */
821 if ((arg = strdelim(&s)) != NULL && *arg != '\0') {
822 fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
823 filename, linenum, arg);
830 * Reads the config file and modifies the options accordingly. Options
831 * should already be initialized before this call. This never returns if
832 * there is an error. If the file does not exist, this returns 0.
836 read_config_file(const char *filename, const char *host, Options *options,
845 if ((f = fopen(filename, "r")) == NULL)
851 if (fstat(fileno(f), &sb) == -1)
852 fatal("fstat %s: %s", filename, strerror(errno));
853 if (((sb.st_uid != 0 && sb.st_uid != getuid()) ||
854 (sb.st_mode & 022) != 0))
855 fatal("Bad owner or permissions on %s", filename);
858 debug("Reading configuration data %.200s", filename);
861 * Mark that we are now processing the options. This flag is turned
862 * on/off by Host specifications.
866 while (fgets(line, sizeof(line), f)) {
867 /* Update line number counter. */
869 if (process_config_line(options, host, line, filename, linenum, &active) != 0)
874 fatal("%s: terminating, %d bad configuration options",
875 filename, bad_options);
880 * Initializes options to special values that indicate that they have not yet
881 * been set. Read_config_file will only set options with this value. Options
882 * are processed in the following order: command line, user config file,
883 * system config file. Last, fill_default_options is called.
887 initialize_options(Options * options)
889 memset(options, 'X', sizeof(*options));
890 options->forward_agent = -1;
891 options->forward_x11 = -1;
892 options->forward_x11_trusted = -1;
893 options->xauth_location = NULL;
894 options->gateway_ports = -1;
895 options->use_privileged_port = -1;
896 options->rsa_authentication = -1;
897 options->pubkey_authentication = -1;
898 options->challenge_response_authentication = -1;
899 options->gss_authentication = -1;
900 options->gss_keyex = -1;
901 options->gss_deleg_creds = -1;
902 options->password_authentication = -1;
903 options->kbd_interactive_authentication = -1;
904 options->kbd_interactive_devices = NULL;
905 options->rhosts_rsa_authentication = -1;
906 options->hostbased_authentication = -1;
907 options->batch_mode = -1;
908 options->check_host_ip = -1;
909 options->strict_host_key_checking = -1;
910 options->compression = -1;
911 options->tcp_keep_alive = -1;
912 options->compression_level = -1;
914 options->address_family = -1;
915 options->connection_attempts = -1;
916 options->connection_timeout = -1;
917 options->number_of_password_prompts = -1;
918 options->cipher = -1;
919 options->ciphers = NULL;
920 options->macs = NULL;
921 options->hostkeyalgorithms = NULL;
922 options->protocol = SSH_PROTO_UNKNOWN;
923 options->num_identity_files = 0;
924 options->hostname = NULL;
925 options->host_key_alias = NULL;
926 options->proxy_command = NULL;
927 options->user = NULL;
928 options->escape_char = -1;
929 options->system_hostfile = NULL;
930 options->user_hostfile = NULL;
931 options->system_hostfile2 = NULL;
932 options->user_hostfile2 = NULL;
933 options->num_local_forwards = 0;
934 options->num_remote_forwards = 0;
935 options->clear_forwardings = -1;
936 options->log_level = SYSLOG_LEVEL_NOT_SET;
937 options->preferred_authentications = NULL;
938 options->bind_address = NULL;
939 options->smartcard_device = NULL;
940 options->enable_ssh_keysign = - 1;
941 options->no_host_authentication_for_localhost = - 1;
942 options->identities_only = - 1;
943 options->rekey_limit = - 1;
944 options->verify_host_key_dns = -1;
945 options->server_alive_interval = -1;
946 options->server_alive_count_max = -1;
947 options->num_send_env = 0;
948 options->control_path = NULL;
949 options->control_master = -1;
950 options->hash_known_hosts = -1;
954 * Called after processing other sources of option data, this fills those
955 * options for which no value has been specified with their default values.
959 fill_default_options(Options * options)
963 if (options->forward_agent == -1)
964 options->forward_agent = 0;
965 if (options->forward_x11 == -1)
966 options->forward_x11 = 0;
967 if (options->forward_x11_trusted == -1)
968 options->forward_x11_trusted = 0;
969 if (options->xauth_location == NULL)
970 options->xauth_location = _PATH_XAUTH;
971 if (options->gateway_ports == -1)
972 options->gateway_ports = 0;
973 if (options->use_privileged_port == -1)
974 options->use_privileged_port = 0;
975 if (options->rsa_authentication == -1)
976 options->rsa_authentication = 1;
977 if (options->pubkey_authentication == -1)
978 options->pubkey_authentication = 1;
979 if (options->challenge_response_authentication == -1)
980 options->challenge_response_authentication = 1;
981 if (options->gss_authentication == -1)
982 options->gss_authentication = 1;
983 if (options->gss_keyex == -1)
984 options->gss_keyex = 1;
985 if (options->gss_deleg_creds == -1)
986 options->gss_deleg_creds = 1;
987 if (options->password_authentication == -1)
988 options->password_authentication = 1;
989 if (options->kbd_interactive_authentication == -1)
990 options->kbd_interactive_authentication = 1;
991 if (options->rhosts_rsa_authentication == -1)
992 options->rhosts_rsa_authentication = 0;
993 if (options->hostbased_authentication == -1)
994 options->hostbased_authentication = 0;
995 if (options->batch_mode == -1)
996 options->batch_mode = 0;
997 if (options->check_host_ip == -1)
998 options->check_host_ip = 1;
999 if (options->strict_host_key_checking == -1)
1000 options->strict_host_key_checking = 2; /* 2 is default */
1001 if (options->compression == -1)
1002 options->compression = 0;
1003 if (options->tcp_keep_alive == -1)
1004 options->tcp_keep_alive = 1;
1005 if (options->compression_level == -1)
1006 options->compression_level = 6;
1007 if (options->port == -1)
1008 options->port = 0; /* Filled in ssh_connect. */
1009 if (options->address_family == -1)
1010 options->address_family = AF_UNSPEC;
1011 if (options->connection_attempts == -1)
1012 options->connection_attempts = 1;
1013 if (options->number_of_password_prompts == -1)
1014 options->number_of_password_prompts = 3;
1015 /* Selected in ssh_login(). */
1016 if (options->cipher == -1)
1017 options->cipher = SSH_CIPHER_NOT_SET;
1018 /* options->ciphers, default set in myproposals.h */
1019 /* options->macs, default set in myproposals.h */
1020 /* options->hostkeyalgorithms, default set in myproposals.h */
1021 if (options->protocol == SSH_PROTO_UNKNOWN)
1022 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
1023 if (options->num_identity_files == 0) {
1024 if (options->protocol & SSH_PROTO_1) {
1025 len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;
1026 options->identity_files[options->num_identity_files] =
1028 snprintf(options->identity_files[options->num_identity_files++],
1029 len, "~/%.100s", _PATH_SSH_CLIENT_IDENTITY);
1031 if (options->protocol & SSH_PROTO_2) {
1032 len = 2 + strlen(_PATH_SSH_CLIENT_ID_RSA) + 1;
1033 options->identity_files[options->num_identity_files] =
1035 snprintf(options->identity_files[options->num_identity_files++],
1036 len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA);
1038 len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1;
1039 options->identity_files[options->num_identity_files] =
1041 snprintf(options->identity_files[options->num_identity_files++],
1042 len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
1045 if (options->escape_char == -1)
1046 options->escape_char = '~';
1047 if (options->system_hostfile == NULL)
1048 options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE;
1049 if (options->user_hostfile == NULL)
1050 options->user_hostfile = _PATH_SSH_USER_HOSTFILE;
1051 if (options->system_hostfile2 == NULL)
1052 options->system_hostfile2 = _PATH_SSH_SYSTEM_HOSTFILE2;
1053 if (options->user_hostfile2 == NULL)
1054 options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2;
1055 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
1056 options->log_level = SYSLOG_LEVEL_INFO;
1057 if (options->clear_forwardings == 1)
1058 clear_forwardings(options);
1059 if (options->no_host_authentication_for_localhost == - 1)
1060 options->no_host_authentication_for_localhost = 0;
1061 if (options->identities_only == -1)
1062 options->identities_only = 0;
1063 if (options->enable_ssh_keysign == -1)
1064 options->enable_ssh_keysign = 0;
1065 if (options->rekey_limit == -1)
1066 options->rekey_limit = 0;
1067 if (options->verify_host_key_dns == -1)
1068 options->verify_host_key_dns = 0;
1069 if (options->server_alive_interval == -1)
1070 options->server_alive_interval = 0;
1071 if (options->server_alive_count_max == -1)
1072 options->server_alive_count_max = 3;
1073 if (options->control_master == -1)
1074 options->control_master = 0;
1075 if (options->hash_known_hosts == -1)
1076 options->hash_known_hosts = 0;
1077 /* options->proxy_command should not be set by default */
1078 /* options->user will be set in the main program if appropriate */
1079 /* options->hostname will be set in the main program if appropriate */
1080 /* options->host_key_alias should not be set by default */
1081 /* options->preferred_authentications will be set in ssh */
1086 * parses a string containing a port forwarding specification of the form:
1087 * [listenhost:]listenport:connecthost:connectport
1088 * returns number of arguments parsed or zero on error
1091 parse_forward(Forward *fwd, const char *fwdspec)
1094 char *p, *cp, *fwdarg[4];
1096 memset(fwd, '\0', sizeof(*fwd));
1098 cp = p = xstrdup(fwdspec);
1100 /* skip leading spaces */
1101 while (*cp && isspace(*cp))
1104 for (i = 0; i < 4; ++i)
1105 if ((fwdarg[i] = hpdelim(&cp)) == NULL)
1108 /* Check for trailing garbage in 4-arg case*/
1110 i = 0; /* failure */
1114 fwd->listen_host = NULL;
1115 fwd->listen_port = a2port(fwdarg[0]);
1116 fwd->connect_host = xstrdup(cleanhostname(fwdarg[1]));
1117 fwd->connect_port = a2port(fwdarg[2]);
1121 fwd->listen_host = xstrdup(cleanhostname(fwdarg[0]));
1122 fwd->listen_port = a2port(fwdarg[1]);
1123 fwd->connect_host = xstrdup(cleanhostname(fwdarg[2]));
1124 fwd->connect_port = a2port(fwdarg[3]);
1127 i = 0; /* failure */
1132 if (fwd->listen_port == 0 && fwd->connect_port == 0)
1135 if (fwd->connect_host != NULL &&
1136 strlen(fwd->connect_host) >= NI_MAXHOST)
1142 if (fwd->connect_host != NULL)
1143 xfree(fwd->connect_host);
1144 if (fwd->listen_host != NULL)
1145 xfree(fwd->listen_host);