2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * Functions for reading the configuration files.
7 * As far as I am concerned, the code I have written for this software
8 * can be used freely for any purpose. Any derived versions of this
9 * software must be clearly marked as such, and if the derived work is
10 * incompatible with the protocol description in the RFC file, it must be
11 * called by a name other than "ssh" or "Secure Shell".
15 RCSID("$OpenBSD: readconf.c,v 1.125 2003/11/12 16:39:58 jakob Exp $");
21 #include "pathnames.h"
29 /* Format of the configuration file:
31 # Configuration data is parsed as follows:
32 # 1. command line options
33 # 2. user-specific file
35 # Any configuration value is only changed the first time it is set.
36 # Thus, host-specific definitions should be at the beginning of the
37 # configuration file, and defaults at the end.
39 # Host-specific declarations. These may override anything above. A single
40 # host may match multiple declarations; these are processed in the order
41 # that they are given in.
47 HostName another.host.name.real.org
54 RemoteForward 9999 shadows.cs.hut.fi:9999
60 PasswordAuthentication no
64 ProxyCommand ssh-proxy %h %p
67 PublicKeyAuthentication no
71 PasswordAuthentication no
73 # Defaults for various options
77 PasswordAuthentication yes
79 RhostsRSAAuthentication yes
80 StrictHostKeyChecking yes
82 IdentityFile ~/.ssh/identity
92 oForwardAgent, oForwardX11, oForwardX11Trusted, oGatewayPorts,
93 oPasswordAuthentication, oRSAAuthentication,
94 oChallengeResponseAuthentication, oXAuthLocation,
95 oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
96 oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
97 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
98 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
99 oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts,
100 oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
101 oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
102 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
103 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
104 oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
105 oClearAllForwardings, oNoHostAuthenticationForLocalhost,
106 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
107 oAddressFamily, oGssAuthentication, oGssDelegateCreds,
108 oDeprecated, oUnsupported
111 /* Textual representations of the tokens. */
117 { "forwardagent", oForwardAgent },
118 { "forwardx11", oForwardX11 },
119 { "forwardx11trusted", oForwardX11Trusted },
120 { "xauthlocation", oXAuthLocation },
121 { "gatewayports", oGatewayPorts },
122 { "useprivilegedport", oUsePrivilegedPort },
123 { "rhostsauthentication", oDeprecated },
124 { "passwordauthentication", oPasswordAuthentication },
125 { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
126 { "kbdinteractivedevices", oKbdInteractiveDevices },
127 { "rsaauthentication", oRSAAuthentication },
128 { "pubkeyauthentication", oPubkeyAuthentication },
129 { "dsaauthentication", oPubkeyAuthentication }, /* alias */
130 { "rhostsrsaauthentication", oRhostsRSAAuthentication },
131 { "hostbasedauthentication", oHostbasedAuthentication },
132 { "challengeresponseauthentication", oChallengeResponseAuthentication },
133 { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
134 { "tisauthentication", oChallengeResponseAuthentication }, /* alias */
135 { "kerberosauthentication", oUnsupported },
136 { "kerberostgtpassing", oUnsupported },
137 { "afstokenpassing", oUnsupported },
139 { "gssapiauthentication", oGssAuthentication },
140 { "gssapidelegatecredentials", oGssDelegateCreds },
142 { "gssapiauthentication", oUnsupported },
143 { "gssapidelegatecredentials", oUnsupported },
145 { "fallbacktorsh", oDeprecated },
146 { "usersh", oDeprecated },
147 { "identityfile", oIdentityFile },
148 { "identityfile2", oIdentityFile }, /* alias */
149 { "hostname", oHostName },
150 { "hostkeyalias", oHostKeyAlias },
151 { "proxycommand", oProxyCommand },
153 { "cipher", oCipher },
154 { "ciphers", oCiphers },
156 { "protocol", oProtocol },
157 { "remoteforward", oRemoteForward },
158 { "localforward", oLocalForward },
161 { "escapechar", oEscapeChar },
162 { "globalknownhostsfile", oGlobalKnownHostsFile },
163 { "userknownhostsfile", oUserKnownHostsFile }, /* obsolete */
164 { "globalknownhostsfile2", oGlobalKnownHostsFile2 },
165 { "userknownhostsfile2", oUserKnownHostsFile2 }, /* obsolete */
166 { "connectionattempts", oConnectionAttempts },
167 { "batchmode", oBatchMode },
168 { "checkhostip", oCheckHostIP },
169 { "stricthostkeychecking", oStrictHostKeyChecking },
170 { "compression", oCompression },
171 { "compressionlevel", oCompressionLevel },
172 { "keepalive", oKeepAlives },
173 { "numberofpasswordprompts", oNumberOfPasswordPrompts },
174 { "loglevel", oLogLevel },
175 { "dynamicforward", oDynamicForward },
176 { "preferredauthentications", oPreferredAuthentications },
177 { "hostkeyalgorithms", oHostKeyAlgorithms },
178 { "bindaddress", oBindAddress },
180 { "smartcarddevice", oSmartcardDevice },
182 { "smartcarddevice", oUnsupported },
184 { "clearallforwardings", oClearAllForwardings },
185 { "enablesshkeysign", oEnableSSHKeysign },
186 { "verifyhostkeydns", oVerifyHostKeyDNS },
187 { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
188 { "rekeylimit", oRekeyLimit },
189 { "connecttimeout", oConnectTimeout },
190 { "addressfamily", oAddressFamily },
195 * Adds a local TCP/IP port forward to options. Never returns if there is an
200 add_local_forward(Options *options, u_short port, const char *host,
204 #ifndef NO_IPPORT_RESERVED_CONCEPT
205 extern uid_t original_real_uid;
206 if (port < IPPORT_RESERVED && original_real_uid != 0)
207 fatal("Privileged ports can only be forwarded by root.");
209 if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
210 fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
211 fwd = &options->local_forwards[options->num_local_forwards++];
213 fwd->host = xstrdup(host);
214 fwd->host_port = host_port;
218 * Adds a remote TCP/IP port forward to options. Never returns if there is
223 add_remote_forward(Options *options, u_short port, const char *host,
227 if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
228 fatal("Too many remote forwards (max %d).",
229 SSH_MAX_FORWARDS_PER_DIRECTION);
230 fwd = &options->remote_forwards[options->num_remote_forwards++];
232 fwd->host = xstrdup(host);
233 fwd->host_port = host_port;
237 clear_forwardings(Options *options)
241 for (i = 0; i < options->num_local_forwards; i++)
242 xfree(options->local_forwards[i].host);
243 options->num_local_forwards = 0;
244 for (i = 0; i < options->num_remote_forwards; i++)
245 xfree(options->remote_forwards[i].host);
246 options->num_remote_forwards = 0;
250 * Returns the number of the token pointed to by cp or oBadOption.
254 parse_token(const char *cp, const char *filename, int linenum)
258 for (i = 0; keywords[i].name; i++)
259 if (strcasecmp(cp, keywords[i].name) == 0)
260 return keywords[i].opcode;
262 error("%s: line %d: Bad configuration option: %s",
263 filename, linenum, cp);
268 * Processes a single option line as used in the configuration files. This
269 * only sets those values that have not already been set.
271 #define WHITESPACE " \t\r\n"
274 process_config_line(Options *options, const char *host,
275 char *line, const char *filename, int linenum,
278 char buf[256], *s, **charptr, *endofnumber, *keyword, *arg;
279 int opcode, *intptr, value;
281 u_short fwd_port, fwd_host_port;
282 char sfwd_host_port[6];
284 /* Strip trailing whitespace */
285 for(len = strlen(line) - 1; len > 0; len--) {
286 if (strchr(WHITESPACE, line[len]) == NULL)
292 /* Get the keyword. (Each line is supposed to begin with a keyword). */
293 keyword = strdelim(&s);
294 /* Ignore leading whitespace. */
295 if (*keyword == '\0')
296 keyword = strdelim(&s);
297 if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
300 opcode = parse_token(keyword, filename, linenum);
304 /* don't panic, but count bad options */
307 case oConnectTimeout:
308 intptr = &options->connection_timeout;
311 if (!arg || *arg == '\0')
312 fatal("%s line %d: missing time value.",
314 if ((value = convtime(arg)) == -1)
315 fatal("%s line %d: invalid time value.",
322 intptr = &options->forward_agent;
325 if (!arg || *arg == '\0')
326 fatal("%.200s line %d: Missing yes/no argument.", filename, linenum);
327 value = 0; /* To avoid compiler warning... */
328 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
330 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
333 fatal("%.200s line %d: Bad yes/no argument.", filename, linenum);
334 if (*activep && *intptr == -1)
339 intptr = &options->forward_x11;
342 case oForwardX11Trusted:
343 intptr = &options->forward_x11_trusted;
347 intptr = &options->gateway_ports;
350 case oUsePrivilegedPort:
351 intptr = &options->use_privileged_port;
354 case oPasswordAuthentication:
355 intptr = &options->password_authentication;
358 case oKbdInteractiveAuthentication:
359 intptr = &options->kbd_interactive_authentication;
362 case oKbdInteractiveDevices:
363 charptr = &options->kbd_interactive_devices;
366 case oPubkeyAuthentication:
367 intptr = &options->pubkey_authentication;
370 case oRSAAuthentication:
371 intptr = &options->rsa_authentication;
374 case oRhostsRSAAuthentication:
375 intptr = &options->rhosts_rsa_authentication;
378 case oHostbasedAuthentication:
379 intptr = &options->hostbased_authentication;
382 case oChallengeResponseAuthentication:
383 intptr = &options->challenge_response_authentication;
386 case oGssAuthentication:
387 intptr = &options->gss_authentication;
390 case oGssDelegateCreds:
391 intptr = &options->gss_deleg_creds;
395 intptr = &options->batch_mode;
399 intptr = &options->check_host_ip;
402 case oVerifyHostKeyDNS:
403 intptr = &options->verify_host_key_dns;
406 case oStrictHostKeyChecking:
407 intptr = &options->strict_host_key_checking;
410 if (!arg || *arg == '\0')
411 fatal("%.200s line %d: Missing yes/no/ask argument.",
413 value = 0; /* To avoid compiler warning... */
414 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
416 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
418 else if (strcmp(arg, "ask") == 0)
421 fatal("%.200s line %d: Bad yes/no/ask argument.", filename, linenum);
422 if (*activep && *intptr == -1)
427 intptr = &options->compression;
431 intptr = &options->keepalives;
434 case oNoHostAuthenticationForLocalhost:
435 intptr = &options->no_host_authentication_for_localhost;
438 case oNumberOfPasswordPrompts:
439 intptr = &options->number_of_password_prompts;
442 case oCompressionLevel:
443 intptr = &options->compression_level;
447 intptr = &options->rekey_limit;
449 if (!arg || *arg == '\0')
450 fatal("%.200s line %d: Missing argument.", filename, linenum);
451 if (arg[0] < '0' || arg[0] > '9')
452 fatal("%.200s line %d: Bad number.", filename, linenum);
453 value = strtol(arg, &endofnumber, 10);
454 if (arg == endofnumber)
455 fatal("%.200s line %d: Bad number.", filename, linenum);
456 switch (toupper(*endofnumber)) {
467 if (*activep && *intptr == -1)
473 if (!arg || *arg == '\0')
474 fatal("%.200s line %d: Missing argument.", filename, linenum);
476 intptr = &options->num_identity_files;
477 if (*intptr >= SSH_MAX_IDENTITY_FILES)
478 fatal("%.200s line %d: Too many identity files specified (max %d).",
479 filename, linenum, SSH_MAX_IDENTITY_FILES);
480 charptr = &options->identity_files[*intptr];
481 *charptr = xstrdup(arg);
482 *intptr = *intptr + 1;
487 charptr=&options->xauth_location;
491 charptr = &options->user;
494 if (!arg || *arg == '\0')
495 fatal("%.200s line %d: Missing argument.", filename, linenum);
496 if (*activep && *charptr == NULL)
497 *charptr = xstrdup(arg);
500 case oGlobalKnownHostsFile:
501 charptr = &options->system_hostfile;
504 case oUserKnownHostsFile:
505 charptr = &options->user_hostfile;
508 case oGlobalKnownHostsFile2:
509 charptr = &options->system_hostfile2;
512 case oUserKnownHostsFile2:
513 charptr = &options->user_hostfile2;
517 charptr = &options->hostname;
521 charptr = &options->host_key_alias;
524 case oPreferredAuthentications:
525 charptr = &options->preferred_authentications;
529 charptr = &options->bind_address;
532 case oSmartcardDevice:
533 charptr = &options->smartcard_device;
538 fatal("%.200s line %d: Missing argument.", filename, linenum);
539 charptr = &options->proxy_command;
540 len = strspn(s, WHITESPACE "=");
541 if (*activep && *charptr == NULL)
542 *charptr = xstrdup(s + len);
546 intptr = &options->port;
549 if (!arg || *arg == '\0')
550 fatal("%.200s line %d: Missing argument.", filename, linenum);
551 if (arg[0] < '0' || arg[0] > '9')
552 fatal("%.200s line %d: Bad number.", filename, linenum);
554 /* Octal, decimal, or hex format? */
555 value = strtol(arg, &endofnumber, 0);
556 if (arg == endofnumber)
557 fatal("%.200s line %d: Bad number.", filename, linenum);
558 if (*activep && *intptr == -1)
562 case oConnectionAttempts:
563 intptr = &options->connection_attempts;
567 intptr = &options->cipher;
569 if (!arg || *arg == '\0')
570 fatal("%.200s line %d: Missing argument.", filename, linenum);
571 value = cipher_number(arg);
573 fatal("%.200s line %d: Bad cipher '%s'.",
574 filename, linenum, arg ? arg : "<NONE>");
575 if (*activep && *intptr == -1)
581 if (!arg || *arg == '\0')
582 fatal("%.200s line %d: Missing argument.", filename, linenum);
583 if (!ciphers_valid(arg))
584 fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
585 filename, linenum, arg ? arg : "<NONE>");
586 if (*activep && options->ciphers == NULL)
587 options->ciphers = xstrdup(arg);
592 if (!arg || *arg == '\0')
593 fatal("%.200s line %d: Missing argument.", filename, linenum);
595 fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
596 filename, linenum, arg ? arg : "<NONE>");
597 if (*activep && options->macs == NULL)
598 options->macs = xstrdup(arg);
601 case oHostKeyAlgorithms:
603 if (!arg || *arg == '\0')
604 fatal("%.200s line %d: Missing argument.", filename, linenum);
605 if (!key_names_valid2(arg))
606 fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.",
607 filename, linenum, arg ? arg : "<NONE>");
608 if (*activep && options->hostkeyalgorithms == NULL)
609 options->hostkeyalgorithms = xstrdup(arg);
613 intptr = &options->protocol;
615 if (!arg || *arg == '\0')
616 fatal("%.200s line %d: Missing argument.", filename, linenum);
617 value = proto_spec(arg);
618 if (value == SSH_PROTO_UNKNOWN)
619 fatal("%.200s line %d: Bad protocol spec '%s'.",
620 filename, linenum, arg ? arg : "<NONE>");
621 if (*activep && *intptr == SSH_PROTO_UNKNOWN)
626 intptr = (int *) &options->log_level;
628 value = log_level_number(arg);
629 if (value == SYSLOG_LEVEL_NOT_SET)
630 fatal("%.200s line %d: unsupported log level '%s'",
631 filename, linenum, arg ? arg : "<NONE>");
632 if (*activep && (LogLevel) *intptr == SYSLOG_LEVEL_NOT_SET)
633 *intptr = (LogLevel) value;
639 if (!arg || *arg == '\0')
640 fatal("%.200s line %d: Missing port argument.",
642 if ((fwd_port = a2port(arg)) == 0)
643 fatal("%.200s line %d: Bad listen port.",
646 if (!arg || *arg == '\0')
647 fatal("%.200s line %d: Missing second argument.",
649 if (sscanf(arg, "%255[^:]:%5[0-9]", buf, sfwd_host_port) != 2 &&
650 sscanf(arg, "%255[^/]/%5[0-9]", buf, sfwd_host_port) != 2)
651 fatal("%.200s line %d: Bad forwarding specification.",
653 if ((fwd_host_port = a2port(sfwd_host_port)) == 0)
654 fatal("%.200s line %d: Bad forwarding port.",
657 if (opcode == oLocalForward)
658 add_local_forward(options, fwd_port, buf,
660 else if (opcode == oRemoteForward)
661 add_remote_forward(options, fwd_port, buf,
666 case oDynamicForward:
668 if (!arg || *arg == '\0')
669 fatal("%.200s line %d: Missing port argument.",
671 fwd_port = a2port(arg);
673 fatal("%.200s line %d: Badly formatted port number.",
676 add_local_forward(options, fwd_port, "socks", 0);
679 case oClearAllForwardings:
680 intptr = &options->clear_forwardings;
685 while ((arg = strdelim(&s)) != NULL && *arg != '\0')
686 if (match_pattern(host, arg)) {
687 debug("Applying options for %.100s", arg);
691 /* Avoid garbage check below, as strdelim is done. */
695 intptr = &options->escape_char;
697 if (!arg || *arg == '\0')
698 fatal("%.200s line %d: Missing argument.", filename, linenum);
699 if (arg[0] == '^' && arg[2] == 0 &&
700 (u_char) arg[1] >= 64 && (u_char) arg[1] < 128)
701 value = (u_char) arg[1] & 31;
702 else if (strlen(arg) == 1)
703 value = (u_char) arg[0];
704 else if (strcmp(arg, "none") == 0)
705 value = SSH_ESCAPECHAR_NONE;
707 fatal("%.200s line %d: Bad escape character.",
710 value = 0; /* Avoid compiler warning. */
712 if (*activep && *intptr == -1)
718 intptr = &options->address_family;
719 if (strcasecmp(arg, "inet") == 0)
721 else if (strcasecmp(arg, "inet6") == 0)
723 else if (strcasecmp(arg, "any") == 0)
726 fatal("Unsupported AddressFamily \"%s\"", arg);
727 if (*activep && *intptr == -1)
731 case oEnableSSHKeysign:
732 intptr = &options->enable_ssh_keysign;
736 debug("%s line %d: Deprecated option \"%s\"",
737 filename, linenum, keyword);
741 error("%s line %d: Unsupported option \"%s\"",
742 filename, linenum, keyword);
746 fatal("process_config_line: Unimplemented opcode %d", opcode);
749 /* Check that there is no garbage at end of line. */
750 if ((arg = strdelim(&s)) != NULL && *arg != '\0') {
751 fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
752 filename, linenum, arg);
759 * Reads the config file and modifies the options accordingly. Options
760 * should already be initialized before this call. This never returns if
761 * there is an error. If the file does not exist, this returns 0.
765 read_config_file(const char *filename, const char *host, Options *options)
773 f = fopen(filename, "r");
777 debug("Reading configuration data %.200s", filename);
780 * Mark that we are now processing the options. This flag is turned
781 * on/off by Host specifications.
785 while (fgets(line, sizeof(line), f)) {
786 /* Update line number counter. */
788 if (process_config_line(options, host, line, filename, linenum, &active) != 0)
793 fatal("%s: terminating, %d bad configuration options",
794 filename, bad_options);
799 * Initializes options to special values that indicate that they have not yet
800 * been set. Read_config_file will only set options with this value. Options
801 * are processed in the following order: command line, user config file,
802 * system config file. Last, fill_default_options is called.
806 initialize_options(Options * options)
808 memset(options, 'X', sizeof(*options));
809 options->forward_agent = -1;
810 options->forward_x11 = -1;
811 options->forward_x11_trusted = -1;
812 options->xauth_location = NULL;
813 options->gateway_ports = -1;
814 options->use_privileged_port = -1;
815 options->rsa_authentication = -1;
816 options->pubkey_authentication = -1;
817 options->challenge_response_authentication = -1;
818 options->gss_authentication = -1;
819 options->gss_deleg_creds = -1;
820 options->password_authentication = -1;
821 options->kbd_interactive_authentication = -1;
822 options->kbd_interactive_devices = NULL;
823 options->rhosts_rsa_authentication = -1;
824 options->hostbased_authentication = -1;
825 options->batch_mode = -1;
826 options->check_host_ip = -1;
827 options->strict_host_key_checking = -1;
828 options->compression = -1;
829 options->keepalives = -1;
830 options->compression_level = -1;
832 options->address_family = -1;
833 options->connection_attempts = -1;
834 options->connection_timeout = -1;
835 options->number_of_password_prompts = -1;
836 options->cipher = -1;
837 options->ciphers = NULL;
838 options->macs = NULL;
839 options->hostkeyalgorithms = NULL;
840 options->protocol = SSH_PROTO_UNKNOWN;
841 options->num_identity_files = 0;
842 options->hostname = NULL;
843 options->host_key_alias = NULL;
844 options->proxy_command = NULL;
845 options->user = NULL;
846 options->escape_char = -1;
847 options->system_hostfile = NULL;
848 options->user_hostfile = NULL;
849 options->system_hostfile2 = NULL;
850 options->user_hostfile2 = NULL;
851 options->num_local_forwards = 0;
852 options->num_remote_forwards = 0;
853 options->clear_forwardings = -1;
854 options->log_level = SYSLOG_LEVEL_NOT_SET;
855 options->preferred_authentications = NULL;
856 options->bind_address = NULL;
857 options->smartcard_device = NULL;
858 options->enable_ssh_keysign = - 1;
859 options->no_host_authentication_for_localhost = - 1;
860 options->rekey_limit = - 1;
861 options->verify_host_key_dns = -1;
865 * Called after processing other sources of option data, this fills those
866 * options for which no value has been specified with their default values.
870 fill_default_options(Options * options)
874 if (options->forward_agent == -1)
875 options->forward_agent = 0;
876 if (options->forward_x11 == -1)
877 options->forward_x11 = 0;
878 if (options->forward_x11_trusted == -1)
879 options->forward_x11_trusted = 0;
880 if (options->xauth_location == NULL)
881 options->xauth_location = _PATH_XAUTH;
882 if (options->gateway_ports == -1)
883 options->gateway_ports = 0;
884 if (options->use_privileged_port == -1)
885 options->use_privileged_port = 0;
886 if (options->rsa_authentication == -1)
887 options->rsa_authentication = 1;
888 if (options->pubkey_authentication == -1)
889 options->pubkey_authentication = 1;
890 if (options->challenge_response_authentication == -1)
891 options->challenge_response_authentication = 1;
892 if (options->gss_authentication == -1)
893 options->gss_authentication = 0;
894 if (options->gss_deleg_creds == -1)
895 options->gss_deleg_creds = 0;
896 if (options->password_authentication == -1)
897 options->password_authentication = 1;
898 if (options->kbd_interactive_authentication == -1)
899 options->kbd_interactive_authentication = 1;
900 if (options->rhosts_rsa_authentication == -1)
901 options->rhosts_rsa_authentication = 0;
902 if (options->hostbased_authentication == -1)
903 options->hostbased_authentication = 0;
904 if (options->batch_mode == -1)
905 options->batch_mode = 0;
906 if (options->check_host_ip == -1)
907 options->check_host_ip = 1;
908 if (options->strict_host_key_checking == -1)
909 options->strict_host_key_checking = 2; /* 2 is default */
910 if (options->compression == -1)
911 options->compression = 0;
912 if (options->keepalives == -1)
913 options->keepalives = 1;
914 if (options->compression_level == -1)
915 options->compression_level = 6;
916 if (options->port == -1)
917 options->port = 0; /* Filled in ssh_connect. */
918 if (options->address_family == -1)
919 options->address_family = AF_UNSPEC;
920 if (options->connection_attempts == -1)
921 options->connection_attempts = 1;
922 if (options->number_of_password_prompts == -1)
923 options->number_of_password_prompts = 3;
924 /* Selected in ssh_login(). */
925 if (options->cipher == -1)
926 options->cipher = SSH_CIPHER_NOT_SET;
927 /* options->ciphers, default set in myproposals.h */
928 /* options->macs, default set in myproposals.h */
929 /* options->hostkeyalgorithms, default set in myproposals.h */
930 if (options->protocol == SSH_PROTO_UNKNOWN)
931 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
932 if (options->num_identity_files == 0) {
933 if (options->protocol & SSH_PROTO_1) {
934 len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;
935 options->identity_files[options->num_identity_files] =
937 snprintf(options->identity_files[options->num_identity_files++],
938 len, "~/%.100s", _PATH_SSH_CLIENT_IDENTITY);
940 if (options->protocol & SSH_PROTO_2) {
941 len = 2 + strlen(_PATH_SSH_CLIENT_ID_RSA) + 1;
942 options->identity_files[options->num_identity_files] =
944 snprintf(options->identity_files[options->num_identity_files++],
945 len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA);
947 len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1;
948 options->identity_files[options->num_identity_files] =
950 snprintf(options->identity_files[options->num_identity_files++],
951 len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
954 if (options->escape_char == -1)
955 options->escape_char = '~';
956 if (options->system_hostfile == NULL)
957 options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE;
958 if (options->user_hostfile == NULL)
959 options->user_hostfile = _PATH_SSH_USER_HOSTFILE;
960 if (options->system_hostfile2 == NULL)
961 options->system_hostfile2 = _PATH_SSH_SYSTEM_HOSTFILE2;
962 if (options->user_hostfile2 == NULL)
963 options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2;
964 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
965 options->log_level = SYSLOG_LEVEL_INFO;
966 if (options->clear_forwardings == 1)
967 clear_forwardings(options);
968 if (options->no_host_authentication_for_localhost == - 1)
969 options->no_host_authentication_for_localhost = 0;
970 if (options->enable_ssh_keysign == -1)
971 options->enable_ssh_keysign = 0;
972 if (options->rekey_limit == -1)
973 options->rekey_limit = 0;
974 if (options->verify_host_key_dns == -1)
975 options->verify_host_key_dns = 0;
976 /* options->proxy_command should not be set by default */
977 /* options->user will be set in the main program if appropriate */
978 /* options->hostname will be set in the main program if appropriate */
979 /* options->host_key_alias should not be set by default */
980 /* options->preferred_authentications will be set in ssh */