2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * Functions for reading the configuration files.
7 * As far as I am concerned, the code I have written for this software
8 * can be used freely for any purpose. Any derived versions of this
9 * software must be clearly marked as such, and if the derived work is
10 * incompatible with the protocol description in the RFC file, it must be
11 * called by a name other than "ssh" or "Secure Shell".
15 RCSID("$OpenBSD: readconf.c,v 1.130 2004/04/27 09:46:36 djm Exp $");
21 #include "pathnames.h"
29 /* Format of the configuration file:
31 # Configuration data is parsed as follows:
32 # 1. command line options
33 # 2. user-specific file
35 # Any configuration value is only changed the first time it is set.
36 # Thus, host-specific definitions should be at the beginning of the
37 # configuration file, and defaults at the end.
39 # Host-specific declarations. These may override anything above. A single
40 # host may match multiple declarations; these are processed in the order
41 # that they are given in.
47 HostName another.host.name.real.org
54 RemoteForward 9999 shadows.cs.hut.fi:9999
60 PasswordAuthentication no
64 ProxyCommand ssh-proxy %h %p
67 PublicKeyAuthentication no
71 PasswordAuthentication no
73 # Defaults for various options
77 PasswordAuthentication yes
79 RhostsRSAAuthentication yes
80 StrictHostKeyChecking yes
82 IdentityFile ~/.ssh/identity
92 oForwardAgent, oForwardX11, oForwardX11Trusted, oGatewayPorts,
93 oPasswordAuthentication, oRSAAuthentication,
94 oChallengeResponseAuthentication, oXAuthLocation,
95 oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
96 oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
97 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
98 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
99 oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts,
100 oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
101 oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
102 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
103 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
104 oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
105 oClearAllForwardings, oNoHostAuthenticationForLocalhost,
106 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
107 oAddressFamily, oGssAuthentication, oGssDelegateCreds,
108 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
110 oDeprecated, oUnsupported
113 /* Textual representations of the tokens. */
119 { "forwardagent", oForwardAgent },
120 { "forwardx11", oForwardX11 },
121 { "forwardx11trusted", oForwardX11Trusted },
122 { "xauthlocation", oXAuthLocation },
123 { "gatewayports", oGatewayPorts },
124 { "useprivilegedport", oUsePrivilegedPort },
125 { "rhostsauthentication", oDeprecated },
126 { "passwordauthentication", oPasswordAuthentication },
127 { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
128 { "kbdinteractivedevices", oKbdInteractiveDevices },
129 { "rsaauthentication", oRSAAuthentication },
130 { "pubkeyauthentication", oPubkeyAuthentication },
131 { "dsaauthentication", oPubkeyAuthentication }, /* alias */
132 { "rhostsrsaauthentication", oRhostsRSAAuthentication },
133 { "hostbasedauthentication", oHostbasedAuthentication },
134 { "challengeresponseauthentication", oChallengeResponseAuthentication },
135 { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
136 { "tisauthentication", oChallengeResponseAuthentication }, /* alias */
137 { "kerberosauthentication", oUnsupported },
138 { "kerberostgtpassing", oUnsupported },
139 { "afstokenpassing", oUnsupported },
141 { "gssapiauthentication", oGssAuthentication },
142 { "gssapidelegatecredentials", oGssDelegateCreds },
144 { "gssapiauthentication", oUnsupported },
145 { "gssapidelegatecredentials", oUnsupported },
147 { "fallbacktorsh", oDeprecated },
148 { "usersh", oDeprecated },
149 { "identityfile", oIdentityFile },
150 { "identityfile2", oIdentityFile }, /* alias */
151 { "identitiesonly", oIdentitiesOnly },
152 { "hostname", oHostName },
153 { "hostkeyalias", oHostKeyAlias },
154 { "proxycommand", oProxyCommand },
156 { "cipher", oCipher },
157 { "ciphers", oCiphers },
159 { "protocol", oProtocol },
160 { "remoteforward", oRemoteForward },
161 { "localforward", oLocalForward },
164 { "escapechar", oEscapeChar },
165 { "globalknownhostsfile", oGlobalKnownHostsFile },
166 { "userknownhostsfile", oUserKnownHostsFile }, /* obsolete */
167 { "globalknownhostsfile2", oGlobalKnownHostsFile2 },
168 { "userknownhostsfile2", oUserKnownHostsFile2 }, /* obsolete */
169 { "connectionattempts", oConnectionAttempts },
170 { "batchmode", oBatchMode },
171 { "checkhostip", oCheckHostIP },
172 { "stricthostkeychecking", oStrictHostKeyChecking },
173 { "compression", oCompression },
174 { "compressionlevel", oCompressionLevel },
175 { "tcpkeepalive", oTCPKeepAlive },
176 { "keepalive", oTCPKeepAlive }, /* obsolete */
177 { "numberofpasswordprompts", oNumberOfPasswordPrompts },
178 { "loglevel", oLogLevel },
179 { "dynamicforward", oDynamicForward },
180 { "preferredauthentications", oPreferredAuthentications },
181 { "hostkeyalgorithms", oHostKeyAlgorithms },
182 { "bindaddress", oBindAddress },
184 { "smartcarddevice", oSmartcardDevice },
186 { "smartcarddevice", oUnsupported },
188 { "clearallforwardings", oClearAllForwardings },
189 { "enablesshkeysign", oEnableSSHKeysign },
190 { "verifyhostkeydns", oVerifyHostKeyDNS },
191 { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
192 { "rekeylimit", oRekeyLimit },
193 { "connecttimeout", oConnectTimeout },
194 { "addressfamily", oAddressFamily },
195 { "serveraliveinterval", oServerAliveInterval },
196 { "serveralivecountmax", oServerAliveCountMax },
197 { "sendenv", oSendEnv },
202 * Adds a local TCP/IP port forward to options. Never returns if there is an
207 add_local_forward(Options *options, u_short port, const char *host,
211 #ifndef NO_IPPORT_RESERVED_CONCEPT
212 extern uid_t original_real_uid;
213 if (port < IPPORT_RESERVED && original_real_uid != 0)
214 fatal("Privileged ports can only be forwarded by root.");
216 if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
217 fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
218 fwd = &options->local_forwards[options->num_local_forwards++];
220 fwd->host = xstrdup(host);
221 fwd->host_port = host_port;
225 * Adds a remote TCP/IP port forward to options. Never returns if there is
230 add_remote_forward(Options *options, u_short port, const char *host,
234 if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
235 fatal("Too many remote forwards (max %d).",
236 SSH_MAX_FORWARDS_PER_DIRECTION);
237 fwd = &options->remote_forwards[options->num_remote_forwards++];
239 fwd->host = xstrdup(host);
240 fwd->host_port = host_port;
244 clear_forwardings(Options *options)
248 for (i = 0; i < options->num_local_forwards; i++)
249 xfree(options->local_forwards[i].host);
250 options->num_local_forwards = 0;
251 for (i = 0; i < options->num_remote_forwards; i++)
252 xfree(options->remote_forwards[i].host);
253 options->num_remote_forwards = 0;
257 * Returns the number of the token pointed to by cp or oBadOption.
261 parse_token(const char *cp, const char *filename, int linenum)
265 for (i = 0; keywords[i].name; i++)
266 if (strcasecmp(cp, keywords[i].name) == 0)
267 return keywords[i].opcode;
269 error("%s: line %d: Bad configuration option: %s",
270 filename, linenum, cp);
275 * Processes a single option line as used in the configuration files. This
276 * only sets those values that have not already been set.
278 #define WHITESPACE " \t\r\n"
281 process_config_line(Options *options, const char *host,
282 char *line, const char *filename, int linenum,
285 char buf[256], *s, **charptr, *endofnumber, *keyword, *arg;
286 int opcode, *intptr, value;
288 u_short fwd_port, fwd_host_port;
289 char sfwd_host_port[6];
291 /* Strip trailing whitespace */
292 for(len = strlen(line) - 1; len > 0; len--) {
293 if (strchr(WHITESPACE, line[len]) == NULL)
299 /* Get the keyword. (Each line is supposed to begin with a keyword). */
300 keyword = strdelim(&s);
301 /* Ignore leading whitespace. */
302 if (*keyword == '\0')
303 keyword = strdelim(&s);
304 if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
307 opcode = parse_token(keyword, filename, linenum);
311 /* don't panic, but count bad options */
314 case oConnectTimeout:
315 intptr = &options->connection_timeout;
318 if (!arg || *arg == '\0')
319 fatal("%s line %d: missing time value.",
321 if ((value = convtime(arg)) == -1)
322 fatal("%s line %d: invalid time value.",
329 intptr = &options->forward_agent;
332 if (!arg || *arg == '\0')
333 fatal("%.200s line %d: Missing yes/no argument.", filename, linenum);
334 value = 0; /* To avoid compiler warning... */
335 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
337 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
340 fatal("%.200s line %d: Bad yes/no argument.", filename, linenum);
341 if (*activep && *intptr == -1)
346 intptr = &options->forward_x11;
349 case oForwardX11Trusted:
350 intptr = &options->forward_x11_trusted;
354 intptr = &options->gateway_ports;
357 case oUsePrivilegedPort:
358 intptr = &options->use_privileged_port;
361 case oPasswordAuthentication:
362 intptr = &options->password_authentication;
365 case oKbdInteractiveAuthentication:
366 intptr = &options->kbd_interactive_authentication;
369 case oKbdInteractiveDevices:
370 charptr = &options->kbd_interactive_devices;
373 case oPubkeyAuthentication:
374 intptr = &options->pubkey_authentication;
377 case oRSAAuthentication:
378 intptr = &options->rsa_authentication;
381 case oRhostsRSAAuthentication:
382 intptr = &options->rhosts_rsa_authentication;
385 case oHostbasedAuthentication:
386 intptr = &options->hostbased_authentication;
389 case oChallengeResponseAuthentication:
390 intptr = &options->challenge_response_authentication;
393 case oGssAuthentication:
394 intptr = &options->gss_authentication;
397 case oGssDelegateCreds:
398 intptr = &options->gss_deleg_creds;
402 intptr = &options->batch_mode;
406 intptr = &options->check_host_ip;
409 case oVerifyHostKeyDNS:
410 intptr = &options->verify_host_key_dns;
413 case oStrictHostKeyChecking:
414 intptr = &options->strict_host_key_checking;
417 if (!arg || *arg == '\0')
418 fatal("%.200s line %d: Missing yes/no/ask argument.",
420 value = 0; /* To avoid compiler warning... */
421 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
423 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
425 else if (strcmp(arg, "ask") == 0)
428 fatal("%.200s line %d: Bad yes/no/ask argument.", filename, linenum);
429 if (*activep && *intptr == -1)
434 intptr = &options->compression;
438 intptr = &options->tcp_keep_alive;
441 case oNoHostAuthenticationForLocalhost:
442 intptr = &options->no_host_authentication_for_localhost;
445 case oNumberOfPasswordPrompts:
446 intptr = &options->number_of_password_prompts;
449 case oCompressionLevel:
450 intptr = &options->compression_level;
454 intptr = &options->rekey_limit;
456 if (!arg || *arg == '\0')
457 fatal("%.200s line %d: Missing argument.", filename, linenum);
458 if (arg[0] < '0' || arg[0] > '9')
459 fatal("%.200s line %d: Bad number.", filename, linenum);
460 value = strtol(arg, &endofnumber, 10);
461 if (arg == endofnumber)
462 fatal("%.200s line %d: Bad number.", filename, linenum);
463 switch (toupper(*endofnumber)) {
474 if (*activep && *intptr == -1)
480 if (!arg || *arg == '\0')
481 fatal("%.200s line %d: Missing argument.", filename, linenum);
483 intptr = &options->num_identity_files;
484 if (*intptr >= SSH_MAX_IDENTITY_FILES)
485 fatal("%.200s line %d: Too many identity files specified (max %d).",
486 filename, linenum, SSH_MAX_IDENTITY_FILES);
487 charptr = &options->identity_files[*intptr];
488 *charptr = xstrdup(arg);
489 *intptr = *intptr + 1;
494 charptr=&options->xauth_location;
498 charptr = &options->user;
501 if (!arg || *arg == '\0')
502 fatal("%.200s line %d: Missing argument.", filename, linenum);
503 if (*activep && *charptr == NULL)
504 *charptr = xstrdup(arg);
507 case oGlobalKnownHostsFile:
508 charptr = &options->system_hostfile;
511 case oUserKnownHostsFile:
512 charptr = &options->user_hostfile;
515 case oGlobalKnownHostsFile2:
516 charptr = &options->system_hostfile2;
519 case oUserKnownHostsFile2:
520 charptr = &options->user_hostfile2;
524 charptr = &options->hostname;
528 charptr = &options->host_key_alias;
531 case oPreferredAuthentications:
532 charptr = &options->preferred_authentications;
536 charptr = &options->bind_address;
539 case oSmartcardDevice:
540 charptr = &options->smartcard_device;
545 fatal("%.200s line %d: Missing argument.", filename, linenum);
546 charptr = &options->proxy_command;
547 len = strspn(s, WHITESPACE "=");
548 if (*activep && *charptr == NULL)
549 *charptr = xstrdup(s + len);
553 intptr = &options->port;
556 if (!arg || *arg == '\0')
557 fatal("%.200s line %d: Missing argument.", filename, linenum);
558 if (arg[0] < '0' || arg[0] > '9')
559 fatal("%.200s line %d: Bad number.", filename, linenum);
561 /* Octal, decimal, or hex format? */
562 value = strtol(arg, &endofnumber, 0);
563 if (arg == endofnumber)
564 fatal("%.200s line %d: Bad number.", filename, linenum);
565 if (*activep && *intptr == -1)
569 case oConnectionAttempts:
570 intptr = &options->connection_attempts;
574 intptr = &options->cipher;
576 if (!arg || *arg == '\0')
577 fatal("%.200s line %d: Missing argument.", filename, linenum);
578 value = cipher_number(arg);
580 fatal("%.200s line %d: Bad cipher '%s'.",
581 filename, linenum, arg ? arg : "<NONE>");
582 if (*activep && *intptr == -1)
588 if (!arg || *arg == '\0')
589 fatal("%.200s line %d: Missing argument.", filename, linenum);
590 if (!ciphers_valid(arg))
591 fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
592 filename, linenum, arg ? arg : "<NONE>");
593 if (*activep && options->ciphers == NULL)
594 options->ciphers = xstrdup(arg);
599 if (!arg || *arg == '\0')
600 fatal("%.200s line %d: Missing argument.", filename, linenum);
602 fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
603 filename, linenum, arg ? arg : "<NONE>");
604 if (*activep && options->macs == NULL)
605 options->macs = xstrdup(arg);
608 case oHostKeyAlgorithms:
610 if (!arg || *arg == '\0')
611 fatal("%.200s line %d: Missing argument.", filename, linenum);
612 if (!key_names_valid2(arg))
613 fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.",
614 filename, linenum, arg ? arg : "<NONE>");
615 if (*activep && options->hostkeyalgorithms == NULL)
616 options->hostkeyalgorithms = xstrdup(arg);
620 intptr = &options->protocol;
622 if (!arg || *arg == '\0')
623 fatal("%.200s line %d: Missing argument.", filename, linenum);
624 value = proto_spec(arg);
625 if (value == SSH_PROTO_UNKNOWN)
626 fatal("%.200s line %d: Bad protocol spec '%s'.",
627 filename, linenum, arg ? arg : "<NONE>");
628 if (*activep && *intptr == SSH_PROTO_UNKNOWN)
633 intptr = (int *) &options->log_level;
635 value = log_level_number(arg);
636 if (value == SYSLOG_LEVEL_NOT_SET)
637 fatal("%.200s line %d: unsupported log level '%s'",
638 filename, linenum, arg ? arg : "<NONE>");
639 if (*activep && (LogLevel) *intptr == SYSLOG_LEVEL_NOT_SET)
640 *intptr = (LogLevel) value;
646 if (!arg || *arg == '\0')
647 fatal("%.200s line %d: Missing port argument.",
649 if ((fwd_port = a2port(arg)) == 0)
650 fatal("%.200s line %d: Bad listen port.",
653 if (!arg || *arg == '\0')
654 fatal("%.200s line %d: Missing second argument.",
656 if (sscanf(arg, "%255[^:]:%5[0-9]", buf, sfwd_host_port) != 2 &&
657 sscanf(arg, "%255[^/]/%5[0-9]", buf, sfwd_host_port) != 2)
658 fatal("%.200s line %d: Bad forwarding specification.",
660 if ((fwd_host_port = a2port(sfwd_host_port)) == 0)
661 fatal("%.200s line %d: Bad forwarding port.",
664 if (opcode == oLocalForward)
665 add_local_forward(options, fwd_port, buf,
667 else if (opcode == oRemoteForward)
668 add_remote_forward(options, fwd_port, buf,
673 case oDynamicForward:
675 if (!arg || *arg == '\0')
676 fatal("%.200s line %d: Missing port argument.",
678 fwd_port = a2port(arg);
680 fatal("%.200s line %d: Badly formatted port number.",
683 add_local_forward(options, fwd_port, "socks", 0);
686 case oClearAllForwardings:
687 intptr = &options->clear_forwardings;
692 while ((arg = strdelim(&s)) != NULL && *arg != '\0')
693 if (match_pattern(host, arg)) {
694 debug("Applying options for %.100s", arg);
698 /* Avoid garbage check below, as strdelim is done. */
702 intptr = &options->escape_char;
704 if (!arg || *arg == '\0')
705 fatal("%.200s line %d: Missing argument.", filename, linenum);
706 if (arg[0] == '^' && arg[2] == 0 &&
707 (u_char) arg[1] >= 64 && (u_char) arg[1] < 128)
708 value = (u_char) arg[1] & 31;
709 else if (strlen(arg) == 1)
710 value = (u_char) arg[0];
711 else if (strcmp(arg, "none") == 0)
712 value = SSH_ESCAPECHAR_NONE;
714 fatal("%.200s line %d: Bad escape character.",
717 value = 0; /* Avoid compiler warning. */
719 if (*activep && *intptr == -1)
725 intptr = &options->address_family;
726 if (strcasecmp(arg, "inet") == 0)
728 else if (strcasecmp(arg, "inet6") == 0)
730 else if (strcasecmp(arg, "any") == 0)
733 fatal("Unsupported AddressFamily \"%s\"", arg);
734 if (*activep && *intptr == -1)
738 case oEnableSSHKeysign:
739 intptr = &options->enable_ssh_keysign;
742 case oIdentitiesOnly:
743 intptr = &options->identities_only;
746 case oServerAliveInterval:
747 intptr = &options->server_alive_interval;
750 case oServerAliveCountMax:
751 intptr = &options->server_alive_count_max;
755 while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
756 if (strchr(arg, '=') != NULL)
757 fatal("%s line %d: Invalid environment name.",
759 if (options->num_send_env >= MAX_SEND_ENV)
760 fatal("%s line %d: too many send env.",
762 options->send_env[options->num_send_env++] =
768 debug("%s line %d: Deprecated option \"%s\"",
769 filename, linenum, keyword);
773 error("%s line %d: Unsupported option \"%s\"",
774 filename, linenum, keyword);
778 fatal("process_config_line: Unimplemented opcode %d", opcode);
781 /* Check that there is no garbage at end of line. */
782 if ((arg = strdelim(&s)) != NULL && *arg != '\0') {
783 fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
784 filename, linenum, arg);
791 * Reads the config file and modifies the options accordingly. Options
792 * should already be initialized before this call. This never returns if
793 * there is an error. If the file does not exist, this returns 0.
797 read_config_file(const char *filename, const char *host, Options *options,
806 if ((f = fopen(filename, "r")) == NULL)
812 if (fstat(fileno(f), &sb) == -1) {
813 fatal("fstat %s: %s", filename, strerror(errno));
817 if (((sb.st_uid != 0 && sb.st_uid != getuid()) ||
818 (sb.st_mode & 022) != 0)) {
819 fatal("Bad owner or permissions on %s", filename);
824 debug("Reading configuration data %.200s", filename);
827 * Mark that we are now processing the options. This flag is turned
828 * on/off by Host specifications.
832 while (fgets(line, sizeof(line), f)) {
833 /* Update line number counter. */
835 if (process_config_line(options, host, line, filename, linenum, &active) != 0)
840 fatal("%s: terminating, %d bad configuration options",
841 filename, bad_options);
846 * Initializes options to special values that indicate that they have not yet
847 * been set. Read_config_file will only set options with this value. Options
848 * are processed in the following order: command line, user config file,
849 * system config file. Last, fill_default_options is called.
853 initialize_options(Options * options)
855 memset(options, 'X', sizeof(*options));
856 options->forward_agent = -1;
857 options->forward_x11 = -1;
858 options->forward_x11_trusted = -1;
859 options->xauth_location = NULL;
860 options->gateway_ports = -1;
861 options->use_privileged_port = -1;
862 options->rsa_authentication = -1;
863 options->pubkey_authentication = -1;
864 options->challenge_response_authentication = -1;
865 options->gss_authentication = -1;
866 options->gss_deleg_creds = -1;
867 options->password_authentication = -1;
868 options->kbd_interactive_authentication = -1;
869 options->kbd_interactive_devices = NULL;
870 options->rhosts_rsa_authentication = -1;
871 options->hostbased_authentication = -1;
872 options->batch_mode = -1;
873 options->check_host_ip = -1;
874 options->strict_host_key_checking = -1;
875 options->compression = -1;
876 options->tcp_keep_alive = -1;
877 options->compression_level = -1;
879 options->address_family = -1;
880 options->connection_attempts = -1;
881 options->connection_timeout = -1;
882 options->number_of_password_prompts = -1;
883 options->cipher = -1;
884 options->ciphers = NULL;
885 options->macs = NULL;
886 options->hostkeyalgorithms = NULL;
887 options->protocol = SSH_PROTO_UNKNOWN;
888 options->num_identity_files = 0;
889 options->hostname = NULL;
890 options->host_key_alias = NULL;
891 options->proxy_command = NULL;
892 options->user = NULL;
893 options->escape_char = -1;
894 options->system_hostfile = NULL;
895 options->user_hostfile = NULL;
896 options->system_hostfile2 = NULL;
897 options->user_hostfile2 = NULL;
898 options->num_local_forwards = 0;
899 options->num_remote_forwards = 0;
900 options->clear_forwardings = -1;
901 options->log_level = SYSLOG_LEVEL_NOT_SET;
902 options->preferred_authentications = NULL;
903 options->bind_address = NULL;
904 options->smartcard_device = NULL;
905 options->enable_ssh_keysign = - 1;
906 options->no_host_authentication_for_localhost = - 1;
907 options->identities_only = - 1;
908 options->rekey_limit = - 1;
909 options->verify_host_key_dns = -1;
910 options->server_alive_interval = -1;
911 options->server_alive_count_max = -1;
912 options->num_send_env = 0;
916 * Called after processing other sources of option data, this fills those
917 * options for which no value has been specified with their default values.
921 fill_default_options(Options * options)
925 if (options->forward_agent == -1)
926 options->forward_agent = 0;
927 if (options->forward_x11 == -1)
928 options->forward_x11 = 0;
929 if (options->forward_x11_trusted == -1)
930 options->forward_x11_trusted = 0;
931 if (options->xauth_location == NULL)
932 options->xauth_location = _PATH_XAUTH;
933 if (options->gateway_ports == -1)
934 options->gateway_ports = 0;
935 if (options->use_privileged_port == -1)
936 options->use_privileged_port = 0;
937 if (options->rsa_authentication == -1)
938 options->rsa_authentication = 1;
939 if (options->pubkey_authentication == -1)
940 options->pubkey_authentication = 1;
941 if (options->challenge_response_authentication == -1)
942 options->challenge_response_authentication = 1;
943 if (options->gss_authentication == -1)
944 options->gss_authentication = 0;
945 if (options->gss_deleg_creds == -1)
946 options->gss_deleg_creds = 0;
947 if (options->password_authentication == -1)
948 options->password_authentication = 1;
949 if (options->kbd_interactive_authentication == -1)
950 options->kbd_interactive_authentication = 1;
951 if (options->rhosts_rsa_authentication == -1)
952 options->rhosts_rsa_authentication = 0;
953 if (options->hostbased_authentication == -1)
954 options->hostbased_authentication = 0;
955 if (options->batch_mode == -1)
956 options->batch_mode = 0;
957 if (options->check_host_ip == -1)
958 options->check_host_ip = 1;
959 if (options->strict_host_key_checking == -1)
960 options->strict_host_key_checking = 2; /* 2 is default */
961 if (options->compression == -1)
962 options->compression = 0;
963 if (options->tcp_keep_alive == -1)
964 options->tcp_keep_alive = 1;
965 if (options->compression_level == -1)
966 options->compression_level = 6;
967 if (options->port == -1)
968 options->port = 0; /* Filled in ssh_connect. */
969 if (options->address_family == -1)
970 options->address_family = AF_UNSPEC;
971 if (options->connection_attempts == -1)
972 options->connection_attempts = 1;
973 if (options->number_of_password_prompts == -1)
974 options->number_of_password_prompts = 3;
975 /* Selected in ssh_login(). */
976 if (options->cipher == -1)
977 options->cipher = SSH_CIPHER_NOT_SET;
978 /* options->ciphers, default set in myproposals.h */
979 /* options->macs, default set in myproposals.h */
980 /* options->hostkeyalgorithms, default set in myproposals.h */
981 if (options->protocol == SSH_PROTO_UNKNOWN)
982 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
983 if (options->num_identity_files == 0) {
984 if (options->protocol & SSH_PROTO_1) {
985 len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;
986 options->identity_files[options->num_identity_files] =
988 snprintf(options->identity_files[options->num_identity_files++],
989 len, "~/%.100s", _PATH_SSH_CLIENT_IDENTITY);
991 if (options->protocol & SSH_PROTO_2) {
992 len = 2 + strlen(_PATH_SSH_CLIENT_ID_RSA) + 1;
993 options->identity_files[options->num_identity_files] =
995 snprintf(options->identity_files[options->num_identity_files++],
996 len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA);
998 len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1;
999 options->identity_files[options->num_identity_files] =
1001 snprintf(options->identity_files[options->num_identity_files++],
1002 len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
1005 if (options->escape_char == -1)
1006 options->escape_char = '~';
1007 if (options->system_hostfile == NULL)
1008 options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE;
1009 if (options->user_hostfile == NULL)
1010 options->user_hostfile = _PATH_SSH_USER_HOSTFILE;
1011 if (options->system_hostfile2 == NULL)
1012 options->system_hostfile2 = _PATH_SSH_SYSTEM_HOSTFILE2;
1013 if (options->user_hostfile2 == NULL)
1014 options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2;
1015 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
1016 options->log_level = SYSLOG_LEVEL_INFO;
1017 if (options->clear_forwardings == 1)
1018 clear_forwardings(options);
1019 if (options->no_host_authentication_for_localhost == - 1)
1020 options->no_host_authentication_for_localhost = 0;
1021 if (options->identities_only == -1)
1022 options->identities_only = 0;
1023 if (options->enable_ssh_keysign == -1)
1024 options->enable_ssh_keysign = 0;
1025 if (options->rekey_limit == -1)
1026 options->rekey_limit = 0;
1027 if (options->verify_host_key_dns == -1)
1028 options->verify_host_key_dns = 0;
1029 if (options->server_alive_interval == -1)
1030 options->server_alive_interval = 0;
1031 if (options->server_alive_count_max == -1)
1032 options->server_alive_count_max = 3;
1033 /* options->proxy_command should not be set by default */
1034 /* options->user will be set in the main program if appropriate */
1035 /* options->hostname will be set in the main program if appropriate */
1036 /* options->host_key_alias should not be set by default */
1037 /* options->preferred_authentications will be set in ssh */