2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * Functions for reading the configuration files.
7 * As far as I am concerned, the code I have written for this software
8 * can be used freely for any purpose. Any derived versions of this
9 * software must be clearly marked as such, and if the derived work is
10 * incompatible with the protocol description in the RFC file, it must be
11 * called by a name other than "ssh" or "Secure Shell".
15 RCSID("$OpenBSD: readconf.c,v 1.127 2003/12/16 15:49:51 markus Exp $");
21 #include "pathnames.h"
29 /* Format of the configuration file:
31 # Configuration data is parsed as follows:
32 # 1. command line options
33 # 2. user-specific file
35 # Any configuration value is only changed the first time it is set.
36 # Thus, host-specific definitions should be at the beginning of the
37 # configuration file, and defaults at the end.
39 # Host-specific declarations. These may override anything above. A single
40 # host may match multiple declarations; these are processed in the order
41 # that they are given in.
47 HostName another.host.name.real.org
54 RemoteForward 9999 shadows.cs.hut.fi:9999
60 PasswordAuthentication no
64 ProxyCommand ssh-proxy %h %p
67 PublicKeyAuthentication no
71 PasswordAuthentication no
73 # Defaults for various options
77 PasswordAuthentication yes
79 RhostsRSAAuthentication yes
80 StrictHostKeyChecking yes
82 IdentityFile ~/.ssh/identity
92 oForwardAgent, oForwardX11, oForwardX11Trusted, oGatewayPorts,
93 oPasswordAuthentication, oRSAAuthentication,
94 oChallengeResponseAuthentication, oXAuthLocation,
95 oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
96 oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
97 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
98 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
99 oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts,
100 oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
101 oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
102 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
103 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
104 oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
105 oClearAllForwardings, oNoHostAuthenticationForLocalhost,
106 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
107 oAddressFamily, oGssAuthentication, oGssDelegateCreds,
108 oServerAliveInterval, oServerAliveCountMax,
109 oDeprecated, oUnsupported
112 /* Textual representations of the tokens. */
118 { "forwardagent", oForwardAgent },
119 { "forwardx11", oForwardX11 },
120 { "forwardx11trusted", oForwardX11Trusted },
121 { "xauthlocation", oXAuthLocation },
122 { "gatewayports", oGatewayPorts },
123 { "useprivilegedport", oUsePrivilegedPort },
124 { "rhostsauthentication", oDeprecated },
125 { "passwordauthentication", oPasswordAuthentication },
126 { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
127 { "kbdinteractivedevices", oKbdInteractiveDevices },
128 { "rsaauthentication", oRSAAuthentication },
129 { "pubkeyauthentication", oPubkeyAuthentication },
130 { "dsaauthentication", oPubkeyAuthentication }, /* alias */
131 { "rhostsrsaauthentication", oRhostsRSAAuthentication },
132 { "hostbasedauthentication", oHostbasedAuthentication },
133 { "challengeresponseauthentication", oChallengeResponseAuthentication },
134 { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
135 { "tisauthentication", oChallengeResponseAuthentication }, /* alias */
136 { "kerberosauthentication", oUnsupported },
137 { "kerberostgtpassing", oUnsupported },
138 { "afstokenpassing", oUnsupported },
140 { "gssapiauthentication", oGssAuthentication },
141 { "gssapidelegatecredentials", oGssDelegateCreds },
143 { "gssapiauthentication", oUnsupported },
144 { "gssapidelegatecredentials", oUnsupported },
146 { "fallbacktorsh", oDeprecated },
147 { "usersh", oDeprecated },
148 { "identityfile", oIdentityFile },
149 { "identityfile2", oIdentityFile }, /* alias */
150 { "hostname", oHostName },
151 { "hostkeyalias", oHostKeyAlias },
152 { "proxycommand", oProxyCommand },
154 { "cipher", oCipher },
155 { "ciphers", oCiphers },
157 { "protocol", oProtocol },
158 { "remoteforward", oRemoteForward },
159 { "localforward", oLocalForward },
162 { "escapechar", oEscapeChar },
163 { "globalknownhostsfile", oGlobalKnownHostsFile },
164 { "userknownhostsfile", oUserKnownHostsFile }, /* obsolete */
165 { "globalknownhostsfile2", oGlobalKnownHostsFile2 },
166 { "userknownhostsfile2", oUserKnownHostsFile2 }, /* obsolete */
167 { "connectionattempts", oConnectionAttempts },
168 { "batchmode", oBatchMode },
169 { "checkhostip", oCheckHostIP },
170 { "stricthostkeychecking", oStrictHostKeyChecking },
171 { "compression", oCompression },
172 { "compressionlevel", oCompressionLevel },
173 { "tcpkeepalive", oTCPKeepAlive },
174 { "keepalive", oTCPKeepAlive }, /* obsolete */
175 { "numberofpasswordprompts", oNumberOfPasswordPrompts },
176 { "loglevel", oLogLevel },
177 { "dynamicforward", oDynamicForward },
178 { "preferredauthentications", oPreferredAuthentications },
179 { "hostkeyalgorithms", oHostKeyAlgorithms },
180 { "bindaddress", oBindAddress },
182 { "smartcarddevice", oSmartcardDevice },
184 { "smartcarddevice", oUnsupported },
186 { "clearallforwardings", oClearAllForwardings },
187 { "enablesshkeysign", oEnableSSHKeysign },
188 { "verifyhostkeydns", oVerifyHostKeyDNS },
189 { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
190 { "rekeylimit", oRekeyLimit },
191 { "connecttimeout", oConnectTimeout },
192 { "addressfamily", oAddressFamily },
193 { "serveraliveinterval", oServerAliveInterval },
194 { "serveralivecountmax", oServerAliveCountMax },
199 * Adds a local TCP/IP port forward to options. Never returns if there is an
204 add_local_forward(Options *options, u_short port, const char *host,
208 #ifndef NO_IPPORT_RESERVED_CONCEPT
209 extern uid_t original_real_uid;
210 if (port < IPPORT_RESERVED && original_real_uid != 0)
211 fatal("Privileged ports can only be forwarded by root.");
213 if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
214 fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
215 fwd = &options->local_forwards[options->num_local_forwards++];
217 fwd->host = xstrdup(host);
218 fwd->host_port = host_port;
222 * Adds a remote TCP/IP port forward to options. Never returns if there is
227 add_remote_forward(Options *options, u_short port, const char *host,
231 if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
232 fatal("Too many remote forwards (max %d).",
233 SSH_MAX_FORWARDS_PER_DIRECTION);
234 fwd = &options->remote_forwards[options->num_remote_forwards++];
236 fwd->host = xstrdup(host);
237 fwd->host_port = host_port;
241 clear_forwardings(Options *options)
245 for (i = 0; i < options->num_local_forwards; i++)
246 xfree(options->local_forwards[i].host);
247 options->num_local_forwards = 0;
248 for (i = 0; i < options->num_remote_forwards; i++)
249 xfree(options->remote_forwards[i].host);
250 options->num_remote_forwards = 0;
254 * Returns the number of the token pointed to by cp or oBadOption.
258 parse_token(const char *cp, const char *filename, int linenum)
262 for (i = 0; keywords[i].name; i++)
263 if (strcasecmp(cp, keywords[i].name) == 0)
264 return keywords[i].opcode;
266 error("%s: line %d: Bad configuration option: %s",
267 filename, linenum, cp);
272 * Processes a single option line as used in the configuration files. This
273 * only sets those values that have not already been set.
275 #define WHITESPACE " \t\r\n"
278 process_config_line(Options *options, const char *host,
279 char *line, const char *filename, int linenum,
282 char buf[256], *s, **charptr, *endofnumber, *keyword, *arg;
283 int opcode, *intptr, value;
285 u_short fwd_port, fwd_host_port;
286 char sfwd_host_port[6];
288 /* Strip trailing whitespace */
289 for(len = strlen(line) - 1; len > 0; len--) {
290 if (strchr(WHITESPACE, line[len]) == NULL)
296 /* Get the keyword. (Each line is supposed to begin with a keyword). */
297 keyword = strdelim(&s);
298 /* Ignore leading whitespace. */
299 if (*keyword == '\0')
300 keyword = strdelim(&s);
301 if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
304 opcode = parse_token(keyword, filename, linenum);
308 /* don't panic, but count bad options */
311 case oConnectTimeout:
312 intptr = &options->connection_timeout;
315 if (!arg || *arg == '\0')
316 fatal("%s line %d: missing time value.",
318 if ((value = convtime(arg)) == -1)
319 fatal("%s line %d: invalid time value.",
326 intptr = &options->forward_agent;
329 if (!arg || *arg == '\0')
330 fatal("%.200s line %d: Missing yes/no argument.", filename, linenum);
331 value = 0; /* To avoid compiler warning... */
332 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
334 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
337 fatal("%.200s line %d: Bad yes/no argument.", filename, linenum);
338 if (*activep && *intptr == -1)
343 intptr = &options->forward_x11;
346 case oForwardX11Trusted:
347 intptr = &options->forward_x11_trusted;
351 intptr = &options->gateway_ports;
354 case oUsePrivilegedPort:
355 intptr = &options->use_privileged_port;
358 case oPasswordAuthentication:
359 intptr = &options->password_authentication;
362 case oKbdInteractiveAuthentication:
363 intptr = &options->kbd_interactive_authentication;
366 case oKbdInteractiveDevices:
367 charptr = &options->kbd_interactive_devices;
370 case oPubkeyAuthentication:
371 intptr = &options->pubkey_authentication;
374 case oRSAAuthentication:
375 intptr = &options->rsa_authentication;
378 case oRhostsRSAAuthentication:
379 intptr = &options->rhosts_rsa_authentication;
382 case oHostbasedAuthentication:
383 intptr = &options->hostbased_authentication;
386 case oChallengeResponseAuthentication:
387 intptr = &options->challenge_response_authentication;
390 case oGssAuthentication:
391 intptr = &options->gss_authentication;
394 case oGssDelegateCreds:
395 intptr = &options->gss_deleg_creds;
399 intptr = &options->batch_mode;
403 intptr = &options->check_host_ip;
406 case oVerifyHostKeyDNS:
407 intptr = &options->verify_host_key_dns;
410 case oStrictHostKeyChecking:
411 intptr = &options->strict_host_key_checking;
414 if (!arg || *arg == '\0')
415 fatal("%.200s line %d: Missing yes/no/ask argument.",
417 value = 0; /* To avoid compiler warning... */
418 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
420 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
422 else if (strcmp(arg, "ask") == 0)
425 fatal("%.200s line %d: Bad yes/no/ask argument.", filename, linenum);
426 if (*activep && *intptr == -1)
431 intptr = &options->compression;
435 intptr = &options->tcp_keep_alive;
438 case oNoHostAuthenticationForLocalhost:
439 intptr = &options->no_host_authentication_for_localhost;
442 case oNumberOfPasswordPrompts:
443 intptr = &options->number_of_password_prompts;
446 case oCompressionLevel:
447 intptr = &options->compression_level;
451 intptr = &options->rekey_limit;
453 if (!arg || *arg == '\0')
454 fatal("%.200s line %d: Missing argument.", filename, linenum);
455 if (arg[0] < '0' || arg[0] > '9')
456 fatal("%.200s line %d: Bad number.", filename, linenum);
457 value = strtol(arg, &endofnumber, 10);
458 if (arg == endofnumber)
459 fatal("%.200s line %d: Bad number.", filename, linenum);
460 switch (toupper(*endofnumber)) {
471 if (*activep && *intptr == -1)
477 if (!arg || *arg == '\0')
478 fatal("%.200s line %d: Missing argument.", filename, linenum);
480 intptr = &options->num_identity_files;
481 if (*intptr >= SSH_MAX_IDENTITY_FILES)
482 fatal("%.200s line %d: Too many identity files specified (max %d).",
483 filename, linenum, SSH_MAX_IDENTITY_FILES);
484 charptr = &options->identity_files[*intptr];
485 *charptr = xstrdup(arg);
486 *intptr = *intptr + 1;
491 charptr=&options->xauth_location;
495 charptr = &options->user;
498 if (!arg || *arg == '\0')
499 fatal("%.200s line %d: Missing argument.", filename, linenum);
500 if (*activep && *charptr == NULL)
501 *charptr = xstrdup(arg);
504 case oGlobalKnownHostsFile:
505 charptr = &options->system_hostfile;
508 case oUserKnownHostsFile:
509 charptr = &options->user_hostfile;
512 case oGlobalKnownHostsFile2:
513 charptr = &options->system_hostfile2;
516 case oUserKnownHostsFile2:
517 charptr = &options->user_hostfile2;
521 charptr = &options->hostname;
525 charptr = &options->host_key_alias;
528 case oPreferredAuthentications:
529 charptr = &options->preferred_authentications;
533 charptr = &options->bind_address;
536 case oSmartcardDevice:
537 charptr = &options->smartcard_device;
542 fatal("%.200s line %d: Missing argument.", filename, linenum);
543 charptr = &options->proxy_command;
544 len = strspn(s, WHITESPACE "=");
545 if (*activep && *charptr == NULL)
546 *charptr = xstrdup(s + len);
550 intptr = &options->port;
553 if (!arg || *arg == '\0')
554 fatal("%.200s line %d: Missing argument.", filename, linenum);
555 if (arg[0] < '0' || arg[0] > '9')
556 fatal("%.200s line %d: Bad number.", filename, linenum);
558 /* Octal, decimal, or hex format? */
559 value = strtol(arg, &endofnumber, 0);
560 if (arg == endofnumber)
561 fatal("%.200s line %d: Bad number.", filename, linenum);
562 if (*activep && *intptr == -1)
566 case oConnectionAttempts:
567 intptr = &options->connection_attempts;
571 intptr = &options->cipher;
573 if (!arg || *arg == '\0')
574 fatal("%.200s line %d: Missing argument.", filename, linenum);
575 value = cipher_number(arg);
577 fatal("%.200s line %d: Bad cipher '%s'.",
578 filename, linenum, arg ? arg : "<NONE>");
579 if (*activep && *intptr == -1)
585 if (!arg || *arg == '\0')
586 fatal("%.200s line %d: Missing argument.", filename, linenum);
587 if (!ciphers_valid(arg))
588 fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
589 filename, linenum, arg ? arg : "<NONE>");
590 if (*activep && options->ciphers == NULL)
591 options->ciphers = xstrdup(arg);
596 if (!arg || *arg == '\0')
597 fatal("%.200s line %d: Missing argument.", filename, linenum);
599 fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
600 filename, linenum, arg ? arg : "<NONE>");
601 if (*activep && options->macs == NULL)
602 options->macs = xstrdup(arg);
605 case oHostKeyAlgorithms:
607 if (!arg || *arg == '\0')
608 fatal("%.200s line %d: Missing argument.", filename, linenum);
609 if (!key_names_valid2(arg))
610 fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.",
611 filename, linenum, arg ? arg : "<NONE>");
612 if (*activep && options->hostkeyalgorithms == NULL)
613 options->hostkeyalgorithms = xstrdup(arg);
617 intptr = &options->protocol;
619 if (!arg || *arg == '\0')
620 fatal("%.200s line %d: Missing argument.", filename, linenum);
621 value = proto_spec(arg);
622 if (value == SSH_PROTO_UNKNOWN)
623 fatal("%.200s line %d: Bad protocol spec '%s'.",
624 filename, linenum, arg ? arg : "<NONE>");
625 if (*activep && *intptr == SSH_PROTO_UNKNOWN)
630 intptr = (int *) &options->log_level;
632 value = log_level_number(arg);
633 if (value == SYSLOG_LEVEL_NOT_SET)
634 fatal("%.200s line %d: unsupported log level '%s'",
635 filename, linenum, arg ? arg : "<NONE>");
636 if (*activep && (LogLevel) *intptr == SYSLOG_LEVEL_NOT_SET)
637 *intptr = (LogLevel) value;
643 if (!arg || *arg == '\0')
644 fatal("%.200s line %d: Missing port argument.",
646 if ((fwd_port = a2port(arg)) == 0)
647 fatal("%.200s line %d: Bad listen port.",
650 if (!arg || *arg == '\0')
651 fatal("%.200s line %d: Missing second argument.",
653 if (sscanf(arg, "%255[^:]:%5[0-9]", buf, sfwd_host_port) != 2 &&
654 sscanf(arg, "%255[^/]/%5[0-9]", buf, sfwd_host_port) != 2)
655 fatal("%.200s line %d: Bad forwarding specification.",
657 if ((fwd_host_port = a2port(sfwd_host_port)) == 0)
658 fatal("%.200s line %d: Bad forwarding port.",
661 if (opcode == oLocalForward)
662 add_local_forward(options, fwd_port, buf,
664 else if (opcode == oRemoteForward)
665 add_remote_forward(options, fwd_port, buf,
670 case oDynamicForward:
672 if (!arg || *arg == '\0')
673 fatal("%.200s line %d: Missing port argument.",
675 fwd_port = a2port(arg);
677 fatal("%.200s line %d: Badly formatted port number.",
680 add_local_forward(options, fwd_port, "socks", 0);
683 case oClearAllForwardings:
684 intptr = &options->clear_forwardings;
689 while ((arg = strdelim(&s)) != NULL && *arg != '\0')
690 if (match_pattern(host, arg)) {
691 debug("Applying options for %.100s", arg);
695 /* Avoid garbage check below, as strdelim is done. */
699 intptr = &options->escape_char;
701 if (!arg || *arg == '\0')
702 fatal("%.200s line %d: Missing argument.", filename, linenum);
703 if (arg[0] == '^' && arg[2] == 0 &&
704 (u_char) arg[1] >= 64 && (u_char) arg[1] < 128)
705 value = (u_char) arg[1] & 31;
706 else if (strlen(arg) == 1)
707 value = (u_char) arg[0];
708 else if (strcmp(arg, "none") == 0)
709 value = SSH_ESCAPECHAR_NONE;
711 fatal("%.200s line %d: Bad escape character.",
714 value = 0; /* Avoid compiler warning. */
716 if (*activep && *intptr == -1)
722 intptr = &options->address_family;
723 if (strcasecmp(arg, "inet") == 0)
725 else if (strcasecmp(arg, "inet6") == 0)
727 else if (strcasecmp(arg, "any") == 0)
730 fatal("Unsupported AddressFamily \"%s\"", arg);
731 if (*activep && *intptr == -1)
735 case oEnableSSHKeysign:
736 intptr = &options->enable_ssh_keysign;
739 case oServerAliveInterval:
740 intptr = &options->server_alive_interval;
743 case oServerAliveCountMax:
744 intptr = &options->server_alive_count_max;
748 debug("%s line %d: Deprecated option \"%s\"",
749 filename, linenum, keyword);
753 error("%s line %d: Unsupported option \"%s\"",
754 filename, linenum, keyword);
758 fatal("process_config_line: Unimplemented opcode %d", opcode);
761 /* Check that there is no garbage at end of line. */
762 if ((arg = strdelim(&s)) != NULL && *arg != '\0') {
763 fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
764 filename, linenum, arg);
771 * Reads the config file and modifies the options accordingly. Options
772 * should already be initialized before this call. This never returns if
773 * there is an error. If the file does not exist, this returns 0.
777 read_config_file(const char *filename, const char *host, Options *options)
785 f = fopen(filename, "r");
789 debug("Reading configuration data %.200s", filename);
792 * Mark that we are now processing the options. This flag is turned
793 * on/off by Host specifications.
797 while (fgets(line, sizeof(line), f)) {
798 /* Update line number counter. */
800 if (process_config_line(options, host, line, filename, linenum, &active) != 0)
805 fatal("%s: terminating, %d bad configuration options",
806 filename, bad_options);
811 * Initializes options to special values that indicate that they have not yet
812 * been set. Read_config_file will only set options with this value. Options
813 * are processed in the following order: command line, user config file,
814 * system config file. Last, fill_default_options is called.
818 initialize_options(Options * options)
820 memset(options, 'X', sizeof(*options));
821 options->forward_agent = -1;
822 options->forward_x11 = -1;
823 options->forward_x11_trusted = -1;
824 options->xauth_location = NULL;
825 options->gateway_ports = -1;
826 options->use_privileged_port = -1;
827 options->rsa_authentication = -1;
828 options->pubkey_authentication = -1;
829 options->challenge_response_authentication = -1;
830 options->gss_authentication = -1;
831 options->gss_deleg_creds = -1;
832 options->password_authentication = -1;
833 options->kbd_interactive_authentication = -1;
834 options->kbd_interactive_devices = NULL;
835 options->rhosts_rsa_authentication = -1;
836 options->hostbased_authentication = -1;
837 options->batch_mode = -1;
838 options->check_host_ip = -1;
839 options->strict_host_key_checking = -1;
840 options->compression = -1;
841 options->tcp_keep_alive = -1;
842 options->compression_level = -1;
844 options->address_family = -1;
845 options->connection_attempts = -1;
846 options->connection_timeout = -1;
847 options->number_of_password_prompts = -1;
848 options->cipher = -1;
849 options->ciphers = NULL;
850 options->macs = NULL;
851 options->hostkeyalgorithms = NULL;
852 options->protocol = SSH_PROTO_UNKNOWN;
853 options->num_identity_files = 0;
854 options->hostname = NULL;
855 options->host_key_alias = NULL;
856 options->proxy_command = NULL;
857 options->user = NULL;
858 options->escape_char = -1;
859 options->system_hostfile = NULL;
860 options->user_hostfile = NULL;
861 options->system_hostfile2 = NULL;
862 options->user_hostfile2 = NULL;
863 options->num_local_forwards = 0;
864 options->num_remote_forwards = 0;
865 options->clear_forwardings = -1;
866 options->log_level = SYSLOG_LEVEL_NOT_SET;
867 options->preferred_authentications = NULL;
868 options->bind_address = NULL;
869 options->smartcard_device = NULL;
870 options->enable_ssh_keysign = - 1;
871 options->no_host_authentication_for_localhost = - 1;
872 options->rekey_limit = - 1;
873 options->verify_host_key_dns = -1;
874 options->server_alive_interval = -1;
875 options->server_alive_count_max = -1;
879 * Called after processing other sources of option data, this fills those
880 * options for which no value has been specified with their default values.
884 fill_default_options(Options * options)
888 if (options->forward_agent == -1)
889 options->forward_agent = 0;
890 if (options->forward_x11 == -1)
891 options->forward_x11 = 0;
892 if (options->forward_x11_trusted == -1)
893 options->forward_x11_trusted = 0;
894 if (options->xauth_location == NULL)
895 options->xauth_location = _PATH_XAUTH;
896 if (options->gateway_ports == -1)
897 options->gateway_ports = 0;
898 if (options->use_privileged_port == -1)
899 options->use_privileged_port = 0;
900 if (options->rsa_authentication == -1)
901 options->rsa_authentication = 1;
902 if (options->pubkey_authentication == -1)
903 options->pubkey_authentication = 1;
904 if (options->challenge_response_authentication == -1)
905 options->challenge_response_authentication = 1;
906 if (options->gss_authentication == -1)
907 options->gss_authentication = 0;
908 if (options->gss_deleg_creds == -1)
909 options->gss_deleg_creds = 0;
910 if (options->password_authentication == -1)
911 options->password_authentication = 1;
912 if (options->kbd_interactive_authentication == -1)
913 options->kbd_interactive_authentication = 1;
914 if (options->rhosts_rsa_authentication == -1)
915 options->rhosts_rsa_authentication = 0;
916 if (options->hostbased_authentication == -1)
917 options->hostbased_authentication = 0;
918 if (options->batch_mode == -1)
919 options->batch_mode = 0;
920 if (options->check_host_ip == -1)
921 options->check_host_ip = 1;
922 if (options->strict_host_key_checking == -1)
923 options->strict_host_key_checking = 2; /* 2 is default */
924 if (options->compression == -1)
925 options->compression = 0;
926 if (options->tcp_keep_alive == -1)
927 options->tcp_keep_alive = 1;
928 if (options->compression_level == -1)
929 options->compression_level = 6;
930 if (options->port == -1)
931 options->port = 0; /* Filled in ssh_connect. */
932 if (options->address_family == -1)
933 options->address_family = AF_UNSPEC;
934 if (options->connection_attempts == -1)
935 options->connection_attempts = 1;
936 if (options->number_of_password_prompts == -1)
937 options->number_of_password_prompts = 3;
938 /* Selected in ssh_login(). */
939 if (options->cipher == -1)
940 options->cipher = SSH_CIPHER_NOT_SET;
941 /* options->ciphers, default set in myproposals.h */
942 /* options->macs, default set in myproposals.h */
943 /* options->hostkeyalgorithms, default set in myproposals.h */
944 if (options->protocol == SSH_PROTO_UNKNOWN)
945 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
946 if (options->num_identity_files == 0) {
947 if (options->protocol & SSH_PROTO_1) {
948 len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;
949 options->identity_files[options->num_identity_files] =
951 snprintf(options->identity_files[options->num_identity_files++],
952 len, "~/%.100s", _PATH_SSH_CLIENT_IDENTITY);
954 if (options->protocol & SSH_PROTO_2) {
955 len = 2 + strlen(_PATH_SSH_CLIENT_ID_RSA) + 1;
956 options->identity_files[options->num_identity_files] =
958 snprintf(options->identity_files[options->num_identity_files++],
959 len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA);
961 len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1;
962 options->identity_files[options->num_identity_files] =
964 snprintf(options->identity_files[options->num_identity_files++],
965 len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
968 if (options->escape_char == -1)
969 options->escape_char = '~';
970 if (options->system_hostfile == NULL)
971 options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE;
972 if (options->user_hostfile == NULL)
973 options->user_hostfile = _PATH_SSH_USER_HOSTFILE;
974 if (options->system_hostfile2 == NULL)
975 options->system_hostfile2 = _PATH_SSH_SYSTEM_HOSTFILE2;
976 if (options->user_hostfile2 == NULL)
977 options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2;
978 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
979 options->log_level = SYSLOG_LEVEL_INFO;
980 if (options->clear_forwardings == 1)
981 clear_forwardings(options);
982 if (options->no_host_authentication_for_localhost == - 1)
983 options->no_host_authentication_for_localhost = 0;
984 if (options->enable_ssh_keysign == -1)
985 options->enable_ssh_keysign = 0;
986 if (options->rekey_limit == -1)
987 options->rekey_limit = 0;
988 if (options->verify_host_key_dns == -1)
989 options->verify_host_key_dns = 0;
990 if (options->server_alive_interval == -1)
991 options->server_alive_interval = 0;
992 if (options->server_alive_count_max == -1)
993 options->server_alive_count_max = 3;
994 /* options->proxy_command should not be set by default */
995 /* options->user will be set in the main program if appropriate */
996 /* options->hostname will be set in the main program if appropriate */
997 /* options->host_key_alias should not be set by default */
998 /* options->preferred_authentications will be set in ssh */
andersk / openssh.git / blob