2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
13 RCSID("$OpenBSD: servconf.c,v 1.89 2001/08/16 19:18:34 jakob Exp $");
15 #if defined(KRB4) || defined(KRB5)
27 #include "pathnames.h"
28 #include "tildexpand.h"
34 static void add_listen_addr(ServerOptions *, char *, u_short);
35 static void add_one_listen_addr(ServerOptions *, char *, u_short);
37 /* AF_UNSPEC or AF_INET or AF_INET6 */
40 /* Initializes the server options to their default values. */
43 initialize_server_options(ServerOptions *options)
45 memset(options, 0, sizeof(*options));
46 options->num_ports = 0;
47 options->ports_from_cmdline = 0;
48 options->listen_addrs = NULL;
49 options->num_host_key_files = 0;
50 options->pid_file = NULL;
51 options->server_key_bits = -1;
52 options->login_grace_time = -1;
53 options->key_regeneration_time = -1;
54 options->permit_root_login = PERMIT_NOT_SET;
55 options->ignore_rhosts = -1;
56 options->ignore_user_known_hosts = -1;
57 options->print_motd = -1;
58 options->print_lastlog = -1;
59 options->x11_forwarding = -1;
60 options->x11_display_offset = -1;
61 options->xauth_location = NULL;
62 options->strict_modes = -1;
63 options->keepalives = -1;
64 options->log_facility = (SyslogFacility) - 1;
65 options->log_level = (LogLevel) - 1;
66 options->rhosts_authentication = -1;
67 options->rhosts_rsa_authentication = -1;
68 options->hostbased_authentication = -1;
69 options->hostbased_uses_name_from_packet_only = -1;
70 options->rsa_authentication = -1;
71 options->pubkey_authentication = -1;
72 #if defined(KRB4) || defined(KRB5)
73 options->kerberos_authentication = -1;
74 options->kerberos_or_local_passwd = -1;
75 options->kerberos_ticket_cleanup = -1;
77 #if defined(AFS) || defined(KRB5)
78 options->kerberos_tgt_passing = -1;
81 options->afs_token_passing = -1;
83 options->password_authentication = -1;
84 options->kbd_interactive_authentication = -1;
85 options->challenge_response_authentication = -1;
86 options->permit_empty_passwd = -1;
87 options->use_login = -1;
88 options->allow_tcp_forwarding = -1;
89 options->num_allow_users = 0;
90 options->num_deny_users = 0;
91 options->num_allow_groups = 0;
92 options->num_deny_groups = 0;
93 options->ciphers = NULL;
95 options->protocol = SSH_PROTO_UNKNOWN;
96 options->gateway_ports = -1;
97 options->num_subsystems = 0;
98 options->max_startups_begin = -1;
99 options->max_startups_rate = -1;
100 options->max_startups = -1;
101 options->banner = NULL;
102 options->reverse_mapping_check = -1;
103 options->client_alive_interval = -1;
104 options->client_alive_count_max = -1;
105 options->authorized_keys_file = NULL;
106 options->authorized_keys_file2 = NULL;
107 options->pam_authentication_via_kbd_int = -1;
111 fill_default_server_options(ServerOptions *options)
113 if (options->protocol == SSH_PROTO_UNKNOWN)
114 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
115 if (options->num_host_key_files == 0) {
116 /* fill default hostkeys for protocols */
117 if (options->protocol & SSH_PROTO_1)
118 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_KEY_FILE;
119 if (options->protocol & SSH_PROTO_2)
120 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE;
122 if (options->num_ports == 0)
123 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
124 if (options->listen_addrs == NULL)
125 add_listen_addr(options, NULL, 0);
126 if (options->pid_file == NULL)
127 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
128 if (options->server_key_bits == -1)
129 options->server_key_bits = 768;
130 if (options->login_grace_time == -1)
131 options->login_grace_time = 600;
132 if (options->key_regeneration_time == -1)
133 options->key_regeneration_time = 3600;
134 if (options->permit_root_login == PERMIT_NOT_SET)
135 options->permit_root_login = PERMIT_YES;
136 if (options->ignore_rhosts == -1)
137 options->ignore_rhosts = 1;
138 if (options->ignore_user_known_hosts == -1)
139 options->ignore_user_known_hosts = 0;
140 if (options->print_motd == -1)
141 options->print_motd = 1;
142 if (options->print_lastlog == -1)
143 options->print_lastlog = 1;
144 if (options->x11_forwarding == -1)
145 options->x11_forwarding = 0;
146 if (options->x11_display_offset == -1)
147 options->x11_display_offset = 10;
149 if (options->xauth_location == NULL)
150 options->xauth_location = _PATH_XAUTH;
152 if (options->strict_modes == -1)
153 options->strict_modes = 1;
154 if (options->keepalives == -1)
155 options->keepalives = 1;
156 if (options->log_facility == (SyslogFacility) (-1))
157 options->log_facility = SYSLOG_FACILITY_AUTH;
158 if (options->log_level == (LogLevel) (-1))
159 options->log_level = SYSLOG_LEVEL_INFO;
160 if (options->rhosts_authentication == -1)
161 options->rhosts_authentication = 0;
162 if (options->rhosts_rsa_authentication == -1)
163 options->rhosts_rsa_authentication = 0;
164 if (options->hostbased_authentication == -1)
165 options->hostbased_authentication = 0;
166 if (options->hostbased_uses_name_from_packet_only == -1)
167 options->hostbased_uses_name_from_packet_only = 0;
168 if (options->rsa_authentication == -1)
169 options->rsa_authentication = 1;
170 if (options->pubkey_authentication == -1)
171 options->pubkey_authentication = 1;
172 #if defined(KRB4) || defined(KRB5)
173 if (options->kerberos_authentication == -1)
174 options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
175 if (options->kerberos_or_local_passwd == -1)
176 options->kerberos_or_local_passwd = 1;
177 if (options->kerberos_ticket_cleanup == -1)
178 options->kerberos_ticket_cleanup = 1;
180 #if defined(AFS) || defined(KRB5)
181 if (options->kerberos_tgt_passing == -1)
182 options->kerberos_tgt_passing = 0;
185 if (options->afs_token_passing == -1)
186 options->afs_token_passing = k_hasafs();
188 if (options->password_authentication == -1)
189 options->password_authentication = 1;
190 if (options->kbd_interactive_authentication == -1)
191 options->kbd_interactive_authentication = 0;
192 if (options->challenge_response_authentication == -1)
193 options->challenge_response_authentication = 1;
194 if (options->permit_empty_passwd == -1)
195 options->permit_empty_passwd = 0;
196 if (options->use_login == -1)
197 options->use_login = 0;
198 if (options->allow_tcp_forwarding == -1)
199 options->allow_tcp_forwarding = 1;
200 if (options->gateway_ports == -1)
201 options->gateway_ports = 0;
202 if (options->max_startups == -1)
203 options->max_startups = 10;
204 if (options->max_startups_rate == -1)
205 options->max_startups_rate = 100; /* 100% */
206 if (options->max_startups_begin == -1)
207 options->max_startups_begin = options->max_startups;
208 if (options->reverse_mapping_check == -1)
209 options->reverse_mapping_check = 0;
210 if (options->client_alive_interval == -1)
211 options->client_alive_interval = 0;
212 if (options->client_alive_count_max == -1)
213 options->client_alive_count_max = 3;
214 if (options->authorized_keys_file == NULL)
215 options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
216 if (options->authorized_keys_file2 == NULL)
217 options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2;
218 if (options->pam_authentication_via_kbd_int == -1)
219 options->pam_authentication_via_kbd_int = 0;
222 /* Keyword tokens. */
224 sBadOption, /* == unknown option */
225 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
226 sPermitRootLogin, sLogFacility, sLogLevel,
227 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
228 #if defined(KRB4) || defined(KRB5)
229 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
231 #if defined(AFS) || defined(KRB5)
237 sChallengeResponseAuthentication,
238 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
239 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
240 sX11Forwarding, sX11DisplayOffset,
241 sStrictModes, sEmptyPasswd, sKeepAlives,
242 sUseLogin, sAllowTcpForwarding,
243 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
244 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
245 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
246 sBanner, sReverseMappingCheck, sHostbasedAuthentication,
247 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
248 sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
249 sDeprecated, sPAMAuthenticationViaKbdInt
252 /* Textual representation of the tokens. */
255 ServerOpCodes opcode;
258 { "hostkey", sHostKeyFile },
259 { "hostdsakey", sHostKeyFile }, /* alias */
260 { "pidfile", sPidFile },
261 { "serverkeybits", sServerKeyBits },
262 { "logingracetime", sLoginGraceTime },
263 { "keyregenerationinterval", sKeyRegenerationTime },
264 { "permitrootlogin", sPermitRootLogin },
265 { "syslogfacility", sLogFacility },
266 { "loglevel", sLogLevel },
267 { "rhostsauthentication", sRhostsAuthentication },
268 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
269 { "hostbasedauthentication", sHostbasedAuthentication },
270 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
271 { "rsaauthentication", sRSAAuthentication },
272 { "pubkeyauthentication", sPubkeyAuthentication },
273 { "dsaauthentication", sPubkeyAuthentication }, /* alias */
274 #if defined(KRB4) || defined(KRB5)
275 { "kerberosauthentication", sKerberosAuthentication },
276 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
277 { "kerberosticketcleanup", sKerberosTicketCleanup },
279 #if defined(AFS) || defined(KRB5)
280 { "kerberostgtpassing", sKerberosTgtPassing },
283 { "afstokenpassing", sAFSTokenPassing },
285 { "passwordauthentication", sPasswordAuthentication },
286 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
287 { "challengeresponseauthentication", sChallengeResponseAuthentication },
288 { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
289 { "checkmail", sDeprecated },
290 { "listenaddress", sListenAddress },
291 { "printmotd", sPrintMotd },
292 { "printlastlog", sPrintLastLog },
293 { "ignorerhosts", sIgnoreRhosts },
294 { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
295 { "x11forwarding", sX11Forwarding },
296 { "x11displayoffset", sX11DisplayOffset },
297 { "xauthlocation", sXAuthLocation },
298 { "strictmodes", sStrictModes },
299 { "permitemptypasswords", sEmptyPasswd },
300 { "uselogin", sUseLogin },
301 { "keepalive", sKeepAlives },
302 { "allowtcpforwarding", sAllowTcpForwarding },
303 { "allowusers", sAllowUsers },
304 { "denyusers", sDenyUsers },
305 { "allowgroups", sAllowGroups },
306 { "denygroups", sDenyGroups },
307 { "ciphers", sCiphers },
309 { "protocol", sProtocol },
310 { "gatewayports", sGatewayPorts },
311 { "subsystem", sSubsystem },
312 { "maxstartups", sMaxStartups },
313 { "banner", sBanner },
314 { "reversemappingcheck", sReverseMappingCheck },
315 { "clientaliveinterval", sClientAliveInterval },
316 { "clientalivecountmax", sClientAliveCountMax },
317 { "authorizedkeysfile", sAuthorizedKeysFile },
318 { "authorizedkeysfile2", sAuthorizedKeysFile2 },
319 { "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt },
324 * Returns the number of the token pointed to by cp or sBadOption.
328 parse_token(const char *cp, const char *filename,
333 for (i = 0; keywords[i].name; i++)
334 if (strcasecmp(cp, keywords[i].name) == 0)
335 return keywords[i].opcode;
337 error("%s: line %d: Bad configuration option: %s",
338 filename, linenum, cp);
343 add_listen_addr(ServerOptions *options, char *addr, u_short port)
347 if (options->num_ports == 0)
348 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
350 for (i = 0; i < options->num_ports; i++)
351 add_one_listen_addr(options, addr, options->ports[i]);
353 add_one_listen_addr(options, addr, port);
357 add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
359 struct addrinfo hints, *ai, *aitop;
360 char strport[NI_MAXSERV];
363 memset(&hints, 0, sizeof(hints));
364 hints.ai_family = IPv4or6;
365 hints.ai_socktype = SOCK_STREAM;
366 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
367 snprintf(strport, sizeof strport, "%d", port);
368 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
369 fatal("bad addr or host: %s (%s)",
370 addr ? addr : "<NULL>",
371 gai_strerror(gaierr));
372 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
374 ai->ai_next = options->listen_addrs;
375 options->listen_addrs = aitop;
378 /* Reads the server configuration file. */
381 read_server_config(ServerOptions *options, const char *filename)
385 char *cp, **charptr, *arg, *p;
386 int linenum, *intptr, value;
388 ServerOpCodes opcode;
391 f = fopen(filename, "r");
397 while (fgets(line, sizeof(line), f)) {
401 /* Ignore leading whitespace */
404 if (!arg || !*arg || *arg == '#')
408 opcode = parse_token(arg, filename, linenum);
414 /* ignore ports from configfile if cmdline specifies ports */
415 if (options->ports_from_cmdline)
417 if (options->listen_addrs != NULL)
418 fatal("%s line %d: ports must be specified before "
419 "ListenAdress.", filename, linenum);
420 if (options->num_ports >= MAX_PORTS)
421 fatal("%s line %d: too many ports.",
424 if (!arg || *arg == '\0')
425 fatal("%s line %d: missing port number.",
427 options->ports[options->num_ports++] = a2port(arg);
428 if (options->ports[options->num_ports-1] == 0)
429 fatal("%s line %d: Badly formatted port number.",
434 intptr = &options->server_key_bits;
437 if (!arg || *arg == '\0')
438 fatal("%s line %d: missing integer value.",
445 case sLoginGraceTime:
446 intptr = &options->login_grace_time;
449 if (!arg || *arg == '\0')
450 fatal("%s line %d: missing time value.",
452 if ((value = convtime(arg)) == -1)
453 fatal("%s line %d: invalid time value.",
459 case sKeyRegenerationTime:
460 intptr = &options->key_regeneration_time;
465 if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0)
466 fatal("%s line %d: missing inet addr.",
469 if ((p = strchr(arg, ']')) == NULL)
470 fatal("%s line %d: bad ipv6 inet addr usage.",
473 memmove(p, p+1, strlen(p+1)+1);
474 } else if (((p = strchr(arg, ':')) == NULL) ||
475 (strchr(p+1, ':') != NULL)) {
476 add_listen_addr(options, arg, 0);
484 fatal("%s line %d: bad inet addr:port usage.",
488 if ((port = a2port(p)) == 0)
489 fatal("%s line %d: bad port number.",
491 add_listen_addr(options, arg, port);
493 } else if (*p == '\0')
494 add_listen_addr(options, arg, 0);
496 fatal("%s line %d: bad inet addr usage.",
501 intptr = &options->num_host_key_files;
502 if (*intptr >= MAX_HOSTKEYS)
503 fatal("%s line %d: too many host keys specified (max %d).",
504 filename, linenum, MAX_HOSTKEYS);
505 charptr = &options->host_key_files[*intptr];
508 if (!arg || *arg == '\0')
509 fatal("%s line %d: missing file name.",
511 if (*charptr == NULL) {
512 *charptr = tilde_expand_filename(arg, getuid());
513 /* increase optional counter */
515 *intptr = *intptr + 1;
520 charptr = &options->pid_file;
523 case sPermitRootLogin:
524 intptr = &options->permit_root_login;
526 if (!arg || *arg == '\0')
527 fatal("%s line %d: missing yes/"
528 "without-password/forced-commands-only/no "
529 "argument.", filename, linenum);
530 value = 0; /* silence compiler */
531 if (strcmp(arg, "without-password") == 0)
532 value = PERMIT_NO_PASSWD;
533 else if (strcmp(arg, "forced-commands-only") == 0)
534 value = PERMIT_FORCED_ONLY;
535 else if (strcmp(arg, "yes") == 0)
537 else if (strcmp(arg, "no") == 0)
540 fatal("%s line %d: Bad yes/"
541 "without-password/forced-commands-only/no "
542 "argument: %s", filename, linenum, arg);
548 intptr = &options->ignore_rhosts;
551 if (!arg || *arg == '\0')
552 fatal("%s line %d: missing yes/no argument.",
554 value = 0; /* silence compiler */
555 if (strcmp(arg, "yes") == 0)
557 else if (strcmp(arg, "no") == 0)
560 fatal("%s line %d: Bad yes/no argument: %s",
561 filename, linenum, arg);
566 case sIgnoreUserKnownHosts:
567 intptr = &options->ignore_user_known_hosts;
570 case sRhostsAuthentication:
571 intptr = &options->rhosts_authentication;
574 case sRhostsRSAAuthentication:
575 intptr = &options->rhosts_rsa_authentication;
578 case sHostbasedAuthentication:
579 intptr = &options->hostbased_authentication;
582 case sHostbasedUsesNameFromPacketOnly:
583 intptr = &options->hostbased_uses_name_from_packet_only;
586 case sRSAAuthentication:
587 intptr = &options->rsa_authentication;
590 case sPubkeyAuthentication:
591 intptr = &options->pubkey_authentication;
593 #if defined(KRB4) || defined(KRB5)
594 case sKerberosAuthentication:
595 intptr = &options->kerberos_authentication;
598 case sKerberosOrLocalPasswd:
599 intptr = &options->kerberos_or_local_passwd;
602 case sKerberosTicketCleanup:
603 intptr = &options->kerberos_ticket_cleanup;
606 #if defined(AFS) || defined(KRB5)
607 case sKerberosTgtPassing:
608 intptr = &options->kerberos_tgt_passing;
612 case sAFSTokenPassing:
613 intptr = &options->afs_token_passing;
617 case sPasswordAuthentication:
618 intptr = &options->password_authentication;
621 case sKbdInteractiveAuthentication:
622 intptr = &options->kbd_interactive_authentication;
625 case sChallengeResponseAuthentication:
626 intptr = &options->challenge_response_authentication;
630 intptr = &options->print_motd;
634 intptr = &options->print_lastlog;
638 intptr = &options->x11_forwarding;
641 case sX11DisplayOffset:
642 intptr = &options->x11_display_offset;
646 charptr = &options->xauth_location;
650 intptr = &options->strict_modes;
654 intptr = &options->keepalives;
658 intptr = &options->permit_empty_passwd;
662 intptr = &options->use_login;
666 intptr = &options->gateway_ports;
669 case sReverseMappingCheck:
670 intptr = &options->reverse_mapping_check;
674 intptr = (int *) &options->log_facility;
676 value = log_facility_number(arg);
677 if (value == (SyslogFacility) - 1)
678 fatal("%.200s line %d: unsupported log facility '%s'",
679 filename, linenum, arg ? arg : "<NONE>");
681 *intptr = (SyslogFacility) value;
685 intptr = (int *) &options->log_level;
687 value = log_level_number(arg);
688 if (value == (LogLevel) - 1)
689 fatal("%.200s line %d: unsupported log level '%s'",
690 filename, linenum, arg ? arg : "<NONE>");
692 *intptr = (LogLevel) value;
695 case sAllowTcpForwarding:
696 intptr = &options->allow_tcp_forwarding;
700 while ((arg = strdelim(&cp)) && *arg != '\0') {
701 if (options->num_allow_users >= MAX_ALLOW_USERS)
702 fatal("%s line %d: too many allow users.",
704 options->allow_users[options->num_allow_users++] = xstrdup(arg);
709 while ((arg = strdelim(&cp)) && *arg != '\0') {
710 if (options->num_deny_users >= MAX_DENY_USERS)
711 fatal( "%s line %d: too many deny users.",
713 options->deny_users[options->num_deny_users++] = xstrdup(arg);
718 while ((arg = strdelim(&cp)) && *arg != '\0') {
719 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
720 fatal("%s line %d: too many allow groups.",
722 options->allow_groups[options->num_allow_groups++] = xstrdup(arg);
727 while ((arg = strdelim(&cp)) && *arg != '\0') {
728 if (options->num_deny_groups >= MAX_DENY_GROUPS)
729 fatal("%s line %d: too many deny groups.",
731 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
737 if (!arg || *arg == '\0')
738 fatal("%s line %d: Missing argument.", filename, linenum);
739 if (!ciphers_valid(arg))
740 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
741 filename, linenum, arg ? arg : "<NONE>");
742 if (options->ciphers == NULL)
743 options->ciphers = xstrdup(arg);
748 if (!arg || *arg == '\0')
749 fatal("%s line %d: Missing argument.", filename, linenum);
751 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
752 filename, linenum, arg ? arg : "<NONE>");
753 if (options->macs == NULL)
754 options->macs = xstrdup(arg);
758 intptr = &options->protocol;
760 if (!arg || *arg == '\0')
761 fatal("%s line %d: Missing argument.", filename, linenum);
762 value = proto_spec(arg);
763 if (value == SSH_PROTO_UNKNOWN)
764 fatal("%s line %d: Bad protocol spec '%s'.",
765 filename, linenum, arg ? arg : "<NONE>");
766 if (*intptr == SSH_PROTO_UNKNOWN)
771 if(options->num_subsystems >= MAX_SUBSYSTEMS) {
772 fatal("%s line %d: too many subsystems defined.",
776 if (!arg || *arg == '\0')
777 fatal("%s line %d: Missing subsystem name.",
779 for (i = 0; i < options->num_subsystems; i++)
780 if(strcmp(arg, options->subsystem_name[i]) == 0)
781 fatal("%s line %d: Subsystem '%s' already defined.",
782 filename, linenum, arg);
783 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
785 if (!arg || *arg == '\0')
786 fatal("%s line %d: Missing subsystem command.",
788 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
789 options->num_subsystems++;
794 if (!arg || *arg == '\0')
795 fatal("%s line %d: Missing MaxStartups spec.",
797 if ((n = sscanf(arg, "%d:%d:%d",
798 &options->max_startups_begin,
799 &options->max_startups_rate,
800 &options->max_startups)) == 3) {
801 if (options->max_startups_begin >
802 options->max_startups ||
803 options->max_startups_rate > 100 ||
804 options->max_startups_rate < 1)
805 fatal("%s line %d: Illegal MaxStartups spec.",
808 fatal("%s line %d: Illegal MaxStartups spec.",
811 options->max_startups = options->max_startups_begin;
815 charptr = &options->banner;
818 * These options can contain %X options expanded at
819 * connect time, so that you can specify paths like:
821 * AuthorizedKeysFile /etc/ssh_keys/%u
823 case sAuthorizedKeysFile:
824 case sAuthorizedKeysFile2:
825 charptr = (opcode == sAuthorizedKeysFile ) ?
826 &options->authorized_keys_file :
827 &options->authorized_keys_file2;
830 case sClientAliveInterval:
831 intptr = &options->client_alive_interval;
834 case sClientAliveCountMax:
835 intptr = &options->client_alive_count_max;
839 log("%s line %d: Deprecated option %s",
840 filename, linenum, arg);
845 case sPAMAuthenticationViaKbdInt:
846 intptr = &options->pam_authentication_via_kbd_int;
850 fatal("%s line %d: Missing handler for opcode %s (%d)",
851 filename, linenum, arg, opcode);
853 if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
854 fatal("%s line %d: garbage at end of line; \"%.200s\".",
855 filename, linenum, arg);
859 fatal("%s: terminating, %d bad configuration options",
860 filename, bad_options);