2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * Functions for reading the configuration files.
7 * As far as I am concerned, the code I have written for this software
8 * can be used freely for any purpose. Any derived versions of this
9 * software must be clearly marked as such, and if the derived work is
10 * incompatible with the protocol description in the RFC file, it must be
11 * called by a name other than "ssh" or "Secure Shell".
15 RCSID("$OpenBSD: readconf.c,v 1.116 2003/08/13 08:46:30 markus Exp $");
21 #include "pathnames.h"
29 /* Format of the configuration file:
31 # Configuration data is parsed as follows:
32 # 1. command line options
33 # 2. user-specific file
35 # Any configuration value is only changed the first time it is set.
36 # Thus, host-specific definitions should be at the beginning of the
37 # configuration file, and defaults at the end.
39 # Host-specific declarations. These may override anything above. A single
40 # host may match multiple declarations; these are processed in the order
41 # that they are given in.
47 HostName another.host.name.real.org
54 RemoteForward 9999 shadows.cs.hut.fi:9999
60 PasswordAuthentication no
64 ProxyCommand ssh-proxy %h %p
67 PublicKeyAuthentication no
71 PasswordAuthentication no
73 # Defaults for various options
77 PasswordAuthentication yes
79 RhostsRSAAuthentication yes
80 StrictHostKeyChecking yes
82 IdentityFile ~/.ssh/identity
92 oForwardAgent, oForwardX11, oGatewayPorts,
93 oPasswordAuthentication, oRSAAuthentication,
94 oChallengeResponseAuthentication, oXAuthLocation,
95 oKerberosAuthentication, oKerberosTgtPassing,
96 oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
97 oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
98 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
99 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
100 oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts,
101 oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
102 oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
103 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
104 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
105 oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
106 oClearAllForwardings, oNoHostAuthenticationForLocalhost,
107 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
109 oDeprecated, oUnsupported
112 /* Textual representations of the tokens. */
118 { "forwardagent", oForwardAgent },
119 { "forwardx11", oForwardX11 },
120 { "xauthlocation", oXAuthLocation },
121 { "gatewayports", oGatewayPorts },
122 { "useprivilegedport", oUsePrivilegedPort },
123 { "rhostsauthentication", oDeprecated },
124 { "passwordauthentication", oPasswordAuthentication },
125 { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
126 { "kbdinteractivedevices", oKbdInteractiveDevices },
127 { "rsaauthentication", oRSAAuthentication },
128 { "pubkeyauthentication", oPubkeyAuthentication },
129 { "dsaauthentication", oPubkeyAuthentication }, /* alias */
130 { "rhostsrsaauthentication", oRhostsRSAAuthentication },
131 { "hostbasedauthentication", oHostbasedAuthentication },
132 { "challengeresponseauthentication", oChallengeResponseAuthentication },
133 { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
134 { "tisauthentication", oChallengeResponseAuthentication }, /* alias */
136 { "kerberosauthentication", oKerberosAuthentication },
137 { "kerberostgtpassing", oKerberosTgtPassing },
139 { "kerberosauthentication", oUnsupported },
140 { "kerberostgtpassing", oUnsupported },
142 { "afstokenpassing", oUnsupported },
143 { "fallbacktorsh", oDeprecated },
144 { "usersh", oDeprecated },
145 { "identityfile", oIdentityFile },
146 { "identityfile2", oIdentityFile }, /* alias */
147 { "hostname", oHostName },
148 { "hostkeyalias", oHostKeyAlias },
149 { "proxycommand", oProxyCommand },
151 { "cipher", oCipher },
152 { "ciphers", oCiphers },
154 { "protocol", oProtocol },
155 { "remoteforward", oRemoteForward },
156 { "localforward", oLocalForward },
159 { "escapechar", oEscapeChar },
160 { "globalknownhostsfile", oGlobalKnownHostsFile },
161 { "userknownhostsfile", oUserKnownHostsFile }, /* obsolete */
162 { "globalknownhostsfile2", oGlobalKnownHostsFile2 },
163 { "userknownhostsfile2", oUserKnownHostsFile2 }, /* obsolete */
164 { "connectionattempts", oConnectionAttempts },
165 { "batchmode", oBatchMode },
166 { "checkhostip", oCheckHostIP },
167 { "stricthostkeychecking", oStrictHostKeyChecking },
168 { "compression", oCompression },
169 { "compressionlevel", oCompressionLevel },
170 { "keepalive", oKeepAlives },
171 { "numberofpasswordprompts", oNumberOfPasswordPrompts },
172 { "loglevel", oLogLevel },
173 { "dynamicforward", oDynamicForward },
174 { "preferredauthentications", oPreferredAuthentications },
175 { "hostkeyalgorithms", oHostKeyAlgorithms },
176 { "bindaddress", oBindAddress },
178 { "smartcarddevice", oSmartcardDevice },
180 { "smartcarddevice", oUnsupported },
182 { "clearallforwardings", oClearAllForwardings },
183 { "enablesshkeysign", oEnableSSHKeysign },
185 { "verifyhostkeydns", oVerifyHostKeyDNS },
187 { "verifyhostkeydns", oUnsupported },
189 { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
190 { "rekeylimit", oRekeyLimit },
191 { "connecttimeout", oConnectTimeout },
192 { "addressfamily", oAddressFamily },
197 * Adds a local TCP/IP port forward to options. Never returns if there is an
202 add_local_forward(Options *options, u_short port, const char *host,
206 #ifndef NO_IPPORT_RESERVED_CONCEPT
207 extern uid_t original_real_uid;
208 if (port < IPPORT_RESERVED && original_real_uid != 0)
209 fatal("Privileged ports can only be forwarded by root.");
211 if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
212 fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
213 fwd = &options->local_forwards[options->num_local_forwards++];
215 fwd->host = xstrdup(host);
216 fwd->host_port = host_port;
220 * Adds a remote TCP/IP port forward to options. Never returns if there is
225 add_remote_forward(Options *options, u_short port, const char *host,
229 if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
230 fatal("Too many remote forwards (max %d).",
231 SSH_MAX_FORWARDS_PER_DIRECTION);
232 fwd = &options->remote_forwards[options->num_remote_forwards++];
234 fwd->host = xstrdup(host);
235 fwd->host_port = host_port;
239 clear_forwardings(Options *options)
243 for (i = 0; i < options->num_local_forwards; i++)
244 xfree(options->local_forwards[i].host);
245 options->num_local_forwards = 0;
246 for (i = 0; i < options->num_remote_forwards; i++)
247 xfree(options->remote_forwards[i].host);
248 options->num_remote_forwards = 0;
252 * Returns the number of the token pointed to by cp or oBadOption.
256 parse_token(const char *cp, const char *filename, int linenum)
260 for (i = 0; keywords[i].name; i++)
261 if (strcasecmp(cp, keywords[i].name) == 0)
262 return keywords[i].opcode;
264 error("%s: line %d: Bad configuration option: %s",
265 filename, linenum, cp);
270 * Processes a single option line as used in the configuration files. This
271 * only sets those values that have not already been set.
273 #define WHITESPACE " \t\r\n"
276 process_config_line(Options *options, const char *host,
277 char *line, const char *filename, int linenum,
280 char buf[256], *s, **charptr, *endofnumber, *keyword, *arg;
281 int opcode, *intptr, value;
283 u_short fwd_port, fwd_host_port;
284 char sfwd_host_port[6];
286 /* Strip trailing whitespace */
287 for(len = strlen(line) - 1; len > 0; len--) {
288 if (strchr(WHITESPACE, line[len]) == NULL)
294 /* Get the keyword. (Each line is supposed to begin with a keyword). */
295 keyword = strdelim(&s);
296 /* Ignore leading whitespace. */
297 if (*keyword == '\0')
298 keyword = strdelim(&s);
299 if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
302 opcode = parse_token(keyword, filename, linenum);
306 /* don't panic, but count bad options */
309 case oConnectTimeout:
310 intptr = &options->connection_timeout;
313 if (!arg || *arg == '\0')
314 fatal("%s line %d: missing time value.",
316 if ((value = convtime(arg)) == -1)
317 fatal("%s line %d: invalid time value.",
324 intptr = &options->forward_agent;
327 if (!arg || *arg == '\0')
328 fatal("%.200s line %d: Missing yes/no argument.", filename, linenum);
329 value = 0; /* To avoid compiler warning... */
330 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
332 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
335 fatal("%.200s line %d: Bad yes/no argument.", filename, linenum);
336 if (*activep && *intptr == -1)
341 intptr = &options->forward_x11;
345 intptr = &options->gateway_ports;
348 case oUsePrivilegedPort:
349 intptr = &options->use_privileged_port;
352 case oPasswordAuthentication:
353 intptr = &options->password_authentication;
356 case oKbdInteractiveAuthentication:
357 intptr = &options->kbd_interactive_authentication;
360 case oKbdInteractiveDevices:
361 charptr = &options->kbd_interactive_devices;
364 case oPubkeyAuthentication:
365 intptr = &options->pubkey_authentication;
368 case oRSAAuthentication:
369 intptr = &options->rsa_authentication;
372 case oRhostsRSAAuthentication:
373 intptr = &options->rhosts_rsa_authentication;
376 case oHostbasedAuthentication:
377 intptr = &options->hostbased_authentication;
380 case oChallengeResponseAuthentication:
381 intptr = &options->challenge_response_authentication;
384 case oKerberosAuthentication:
385 intptr = &options->kerberos_authentication;
388 case oKerberosTgtPassing:
389 intptr = &options->kerberos_tgt_passing;
393 intptr = &options->batch_mode;
397 intptr = &options->check_host_ip;
400 case oVerifyHostKeyDNS:
401 intptr = &options->verify_host_key_dns;
404 case oStrictHostKeyChecking:
405 intptr = &options->strict_host_key_checking;
407 if (!arg || *arg == '\0')
408 fatal("%.200s line %d: Missing yes/no/ask argument.",
410 value = 0; /* To avoid compiler warning... */
411 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
413 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
415 else if (strcmp(arg, "ask") == 0)
418 fatal("%.200s line %d: Bad yes/no/ask argument.", filename, linenum);
419 if (*activep && *intptr == -1)
424 intptr = &options->compression;
428 intptr = &options->keepalives;
431 case oNoHostAuthenticationForLocalhost:
432 intptr = &options->no_host_authentication_for_localhost;
435 case oNumberOfPasswordPrompts:
436 intptr = &options->number_of_password_prompts;
439 case oCompressionLevel:
440 intptr = &options->compression_level;
444 intptr = &options->rekey_limit;
446 if (!arg || *arg == '\0')
447 fatal("%.200s line %d: Missing argument.", filename, linenum);
448 if (arg[0] < '0' || arg[0] > '9')
449 fatal("%.200s line %d: Bad number.", filename, linenum);
450 value = strtol(arg, &endofnumber, 10);
451 if (arg == endofnumber)
452 fatal("%.200s line %d: Bad number.", filename, linenum);
453 switch (toupper(*endofnumber)) {
464 if (*activep && *intptr == -1)
470 if (!arg || *arg == '\0')
471 fatal("%.200s line %d: Missing argument.", filename, linenum);
473 intptr = &options->num_identity_files;
474 if (*intptr >= SSH_MAX_IDENTITY_FILES)
475 fatal("%.200s line %d: Too many identity files specified (max %d).",
476 filename, linenum, SSH_MAX_IDENTITY_FILES);
477 charptr = &options->identity_files[*intptr];
478 *charptr = xstrdup(arg);
479 *intptr = *intptr + 1;
484 charptr=&options->xauth_location;
488 charptr = &options->user;
491 if (!arg || *arg == '\0')
492 fatal("%.200s line %d: Missing argument.", filename, linenum);
493 if (*activep && *charptr == NULL)
494 *charptr = xstrdup(arg);
497 case oGlobalKnownHostsFile:
498 charptr = &options->system_hostfile;
501 case oUserKnownHostsFile:
502 charptr = &options->user_hostfile;
505 case oGlobalKnownHostsFile2:
506 charptr = &options->system_hostfile2;
509 case oUserKnownHostsFile2:
510 charptr = &options->user_hostfile2;
514 charptr = &options->hostname;
518 charptr = &options->host_key_alias;
521 case oPreferredAuthentications:
522 charptr = &options->preferred_authentications;
526 charptr = &options->bind_address;
529 case oSmartcardDevice:
530 charptr = &options->smartcard_device;
535 fatal("%.200s line %d: Missing argument.", filename, linenum);
536 charptr = &options->proxy_command;
537 len = strspn(s, WHITESPACE "=");
538 if (*activep && *charptr == NULL)
539 *charptr = xstrdup(s + len);
543 intptr = &options->port;
546 if (!arg || *arg == '\0')
547 fatal("%.200s line %d: Missing argument.", filename, linenum);
548 if (arg[0] < '0' || arg[0] > '9')
549 fatal("%.200s line %d: Bad number.", filename, linenum);
551 /* Octal, decimal, or hex format? */
552 value = strtol(arg, &endofnumber, 0);
553 if (arg == endofnumber)
554 fatal("%.200s line %d: Bad number.", filename, linenum);
555 if (*activep && *intptr == -1)
559 case oConnectionAttempts:
560 intptr = &options->connection_attempts;
564 intptr = &options->cipher;
566 if (!arg || *arg == '\0')
567 fatal("%.200s line %d: Missing argument.", filename, linenum);
568 value = cipher_number(arg);
570 fatal("%.200s line %d: Bad cipher '%s'.",
571 filename, linenum, arg ? arg : "<NONE>");
572 if (*activep && *intptr == -1)
578 if (!arg || *arg == '\0')
579 fatal("%.200s line %d: Missing argument.", filename, linenum);
580 if (!ciphers_valid(arg))
581 fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
582 filename, linenum, arg ? arg : "<NONE>");
583 if (*activep && options->ciphers == NULL)
584 options->ciphers = xstrdup(arg);
589 if (!arg || *arg == '\0')
590 fatal("%.200s line %d: Missing argument.", filename, linenum);
592 fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
593 filename, linenum, arg ? arg : "<NONE>");
594 if (*activep && options->macs == NULL)
595 options->macs = xstrdup(arg);
598 case oHostKeyAlgorithms:
600 if (!arg || *arg == '\0')
601 fatal("%.200s line %d: Missing argument.", filename, linenum);
602 if (!key_names_valid2(arg))
603 fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.",
604 filename, linenum, arg ? arg : "<NONE>");
605 if (*activep && options->hostkeyalgorithms == NULL)
606 options->hostkeyalgorithms = xstrdup(arg);
610 intptr = &options->protocol;
612 if (!arg || *arg == '\0')
613 fatal("%.200s line %d: Missing argument.", filename, linenum);
614 value = proto_spec(arg);
615 if (value == SSH_PROTO_UNKNOWN)
616 fatal("%.200s line %d: Bad protocol spec '%s'.",
617 filename, linenum, arg ? arg : "<NONE>");
618 if (*activep && *intptr == SSH_PROTO_UNKNOWN)
623 intptr = (int *) &options->log_level;
625 value = log_level_number(arg);
626 if (value == SYSLOG_LEVEL_NOT_SET)
627 fatal("%.200s line %d: unsupported log level '%s'",
628 filename, linenum, arg ? arg : "<NONE>");
629 if (*activep && (LogLevel) *intptr == SYSLOG_LEVEL_NOT_SET)
630 *intptr = (LogLevel) value;
636 if (!arg || *arg == '\0')
637 fatal("%.200s line %d: Missing port argument.",
639 if ((fwd_port = a2port(arg)) == 0)
640 fatal("%.200s line %d: Bad listen port.",
643 if (!arg || *arg == '\0')
644 fatal("%.200s line %d: Missing second argument.",
646 if (sscanf(arg, "%255[^:]:%5[0-9]", buf, sfwd_host_port) != 2 &&
647 sscanf(arg, "%255[^/]/%5[0-9]", buf, sfwd_host_port) != 2)
648 fatal("%.200s line %d: Bad forwarding specification.",
650 if ((fwd_host_port = a2port(sfwd_host_port)) == 0)
651 fatal("%.200s line %d: Bad forwarding port.",
654 if (opcode == oLocalForward)
655 add_local_forward(options, fwd_port, buf,
657 else if (opcode == oRemoteForward)
658 add_remote_forward(options, fwd_port, buf,
663 case oDynamicForward:
665 if (!arg || *arg == '\0')
666 fatal("%.200s line %d: Missing port argument.",
668 fwd_port = a2port(arg);
670 fatal("%.200s line %d: Badly formatted port number.",
673 add_local_forward(options, fwd_port, "socks4", 0);
676 case oClearAllForwardings:
677 intptr = &options->clear_forwardings;
682 while ((arg = strdelim(&s)) != NULL && *arg != '\0')
683 if (match_pattern(host, arg)) {
684 debug("Applying options for %.100s", arg);
688 /* Avoid garbage check below, as strdelim is done. */
692 intptr = &options->escape_char;
694 if (!arg || *arg == '\0')
695 fatal("%.200s line %d: Missing argument.", filename, linenum);
696 if (arg[0] == '^' && arg[2] == 0 &&
697 (u_char) arg[1] >= 64 && (u_char) arg[1] < 128)
698 value = (u_char) arg[1] & 31;
699 else if (strlen(arg) == 1)
700 value = (u_char) arg[0];
701 else if (strcmp(arg, "none") == 0)
702 value = SSH_ESCAPECHAR_NONE;
704 fatal("%.200s line %d: Bad escape character.",
707 value = 0; /* Avoid compiler warning. */
709 if (*activep && *intptr == -1)
715 intptr = &options->address_family;
716 if (strcasecmp(arg, "inet") == 0)
718 else if (strcasecmp(arg, "inet6") == 0)
720 else if (strcasecmp(arg, "any") == 0)
723 fatal("Unsupported AddressFamily \"%s\"", arg);
724 if (*activep && *intptr == -1)
728 case oEnableSSHKeysign:
729 intptr = &options->enable_ssh_keysign;
733 debug("%s line %d: Deprecated option \"%s\"",
734 filename, linenum, keyword);
738 error("%s line %d: Unsupported option \"%s\"",
739 filename, linenum, keyword);
743 fatal("process_config_line: Unimplemented opcode %d", opcode);
746 /* Check that there is no garbage at end of line. */
747 if ((arg = strdelim(&s)) != NULL && *arg != '\0') {
748 fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
749 filename, linenum, arg);
756 * Reads the config file and modifies the options accordingly. Options
757 * should already be initialized before this call. This never returns if
758 * there is an error. If the file does not exist, this returns 0.
762 read_config_file(const char *filename, const char *host, Options *options)
770 f = fopen(filename, "r");
774 debug("Reading configuration data %.200s", filename);
777 * Mark that we are now processing the options. This flag is turned
778 * on/off by Host specifications.
782 while (fgets(line, sizeof(line), f)) {
783 /* Update line number counter. */
785 if (process_config_line(options, host, line, filename, linenum, &active) != 0)
790 fatal("%s: terminating, %d bad configuration options",
791 filename, bad_options);
796 * Initializes options to special values that indicate that they have not yet
797 * been set. Read_config_file will only set options with this value. Options
798 * are processed in the following order: command line, user config file,
799 * system config file. Last, fill_default_options is called.
803 initialize_options(Options * options)
805 memset(options, 'X', sizeof(*options));
806 options->forward_agent = -1;
807 options->forward_x11 = -1;
808 options->xauth_location = NULL;
809 options->gateway_ports = -1;
810 options->use_privileged_port = -1;
811 options->rsa_authentication = -1;
812 options->pubkey_authentication = -1;
813 options->challenge_response_authentication = -1;
814 options->kerberos_authentication = -1;
815 options->kerberos_tgt_passing = -1;
816 options->password_authentication = -1;
817 options->kbd_interactive_authentication = -1;
818 options->kbd_interactive_devices = NULL;
819 options->rhosts_rsa_authentication = -1;
820 options->hostbased_authentication = -1;
821 options->batch_mode = -1;
822 options->check_host_ip = -1;
823 options->strict_host_key_checking = -1;
824 options->compression = -1;
825 options->keepalives = -1;
826 options->compression_level = -1;
828 options->address_family = -1;
829 options->connection_attempts = -1;
830 options->connection_timeout = -1;
831 options->number_of_password_prompts = -1;
832 options->cipher = -1;
833 options->ciphers = NULL;
834 options->macs = NULL;
835 options->hostkeyalgorithms = NULL;
836 options->protocol = SSH_PROTO_UNKNOWN;
837 options->num_identity_files = 0;
838 options->hostname = NULL;
839 options->host_key_alias = NULL;
840 options->proxy_command = NULL;
841 options->user = NULL;
842 options->escape_char = -1;
843 options->system_hostfile = NULL;
844 options->user_hostfile = NULL;
845 options->system_hostfile2 = NULL;
846 options->user_hostfile2 = NULL;
847 options->num_local_forwards = 0;
848 options->num_remote_forwards = 0;
849 options->clear_forwardings = -1;
850 options->log_level = SYSLOG_LEVEL_NOT_SET;
851 options->preferred_authentications = NULL;
852 options->bind_address = NULL;
853 options->smartcard_device = NULL;
854 options->enable_ssh_keysign = - 1;
855 options->no_host_authentication_for_localhost = - 1;
856 options->rekey_limit = - 1;
857 options->verify_host_key_dns = -1;
861 * Called after processing other sources of option data, this fills those
862 * options for which no value has been specified with their default values.
866 fill_default_options(Options * options)
870 if (options->forward_agent == -1)
871 options->forward_agent = 0;
872 if (options->forward_x11 == -1)
873 options->forward_x11 = 0;
874 if (options->xauth_location == NULL)
875 options->xauth_location = _PATH_XAUTH;
876 if (options->gateway_ports == -1)
877 options->gateway_ports = 0;
878 if (options->use_privileged_port == -1)
879 options->use_privileged_port = 0;
880 if (options->rsa_authentication == -1)
881 options->rsa_authentication = 1;
882 if (options->pubkey_authentication == -1)
883 options->pubkey_authentication = 1;
884 if (options->challenge_response_authentication == -1)
885 options->challenge_response_authentication = 1;
886 if (options->kerberos_authentication == -1)
887 options->kerberos_authentication = 1;
888 if (options->kerberos_tgt_passing == -1)
889 options->kerberos_tgt_passing = 1;
890 if (options->password_authentication == -1)
891 options->password_authentication = 1;
892 if (options->kbd_interactive_authentication == -1)
893 options->kbd_interactive_authentication = 1;
894 if (options->rhosts_rsa_authentication == -1)
895 options->rhosts_rsa_authentication = 0;
896 if (options->hostbased_authentication == -1)
897 options->hostbased_authentication = 0;
898 if (options->batch_mode == -1)
899 options->batch_mode = 0;
900 if (options->check_host_ip == -1)
901 options->check_host_ip = 1;
902 if (options->strict_host_key_checking == -1)
903 options->strict_host_key_checking = 2; /* 2 is default */
904 if (options->compression == -1)
905 options->compression = 0;
906 if (options->keepalives == -1)
907 options->keepalives = 1;
908 if (options->compression_level == -1)
909 options->compression_level = 6;
910 if (options->port == -1)
911 options->port = 0; /* Filled in ssh_connect. */
912 if (options->address_family == -1)
913 options->address_family = AF_UNSPEC;
914 if (options->connection_attempts == -1)
915 options->connection_attempts = 1;
916 if (options->number_of_password_prompts == -1)
917 options->number_of_password_prompts = 3;
918 /* Selected in ssh_login(). */
919 if (options->cipher == -1)
920 options->cipher = SSH_CIPHER_NOT_SET;
921 /* options->ciphers, default set in myproposals.h */
922 /* options->macs, default set in myproposals.h */
923 /* options->hostkeyalgorithms, default set in myproposals.h */
924 if (options->protocol == SSH_PROTO_UNKNOWN)
925 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
926 if (options->num_identity_files == 0) {
927 if (options->protocol & SSH_PROTO_1) {
928 len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;
929 options->identity_files[options->num_identity_files] =
931 snprintf(options->identity_files[options->num_identity_files++],
932 len, "~/%.100s", _PATH_SSH_CLIENT_IDENTITY);
934 if (options->protocol & SSH_PROTO_2) {
935 len = 2 + strlen(_PATH_SSH_CLIENT_ID_RSA) + 1;
936 options->identity_files[options->num_identity_files] =
938 snprintf(options->identity_files[options->num_identity_files++],
939 len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA);
941 len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1;
942 options->identity_files[options->num_identity_files] =
944 snprintf(options->identity_files[options->num_identity_files++],
945 len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
948 if (options->escape_char == -1)
949 options->escape_char = '~';
950 if (options->system_hostfile == NULL)
951 options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE;
952 if (options->user_hostfile == NULL)
953 options->user_hostfile = _PATH_SSH_USER_HOSTFILE;
954 if (options->system_hostfile2 == NULL)
955 options->system_hostfile2 = _PATH_SSH_SYSTEM_HOSTFILE2;
956 if (options->user_hostfile2 == NULL)
957 options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2;
958 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
959 options->log_level = SYSLOG_LEVEL_INFO;
960 if (options->clear_forwardings == 1)
961 clear_forwardings(options);
962 if (options->no_host_authentication_for_localhost == - 1)
963 options->no_host_authentication_for_localhost = 0;
964 if (options->enable_ssh_keysign == -1)
965 options->enable_ssh_keysign = 0;
966 if (options->rekey_limit == -1)
967 options->rekey_limit = 0;
968 if (options->verify_host_key_dns == -1)
969 options->verify_host_key_dns = 0;
970 /* options->proxy_command should not be set by default */
971 /* options->user will be set in the main program if appropriate */
972 /* options->hostname will be set in the main program if appropriate */
973 /* options->host_key_alias should not be set by default */
974 /* options->preferred_authentications will be set in ssh */