2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * Functions for reading the configuration files.
7 * As far as I am concerned, the code I have written for this software
8 * can be used freely for any purpose. Any derived versions of this
9 * software must be clearly marked as such, and if the derived work is
10 * incompatible with the protocol description in the RFC file, it must be
11 * called by a name other than "ssh" or "Secure Shell".
15 RCSID("$OpenBSD: readconf.c,v 1.101 2002/11/07 22:08:07 markus Exp $");
21 #include "pathnames.h"
29 /* Format of the configuration file:
31 # Configuration data is parsed as follows:
32 # 1. command line options
33 # 2. user-specific file
35 # Any configuration value is only changed the first time it is set.
36 # Thus, host-specific definitions should be at the beginning of the
37 # configuration file, and defaults at the end.
39 # Host-specific declarations. These may override anything above. A single
40 # host may match multiple declarations; these are processed in the order
41 # that they are given in.
47 HostName another.host.name.real.org
54 RemoteForward 9999 shadows.cs.hut.fi:9999
60 RhostsAuthentication no
61 PasswordAuthentication no
65 ProxyCommand ssh-proxy %h %p
68 PublicKeyAuthentication no
72 PasswordAuthentication no
74 # Defaults for various options
78 RhostsAuthentication yes
79 PasswordAuthentication yes
81 RhostsRSAAuthentication yes
82 StrictHostKeyChecking yes
84 IdentityFile ~/.ssh/identity
94 oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication,
95 oPasswordAuthentication, oRSAAuthentication,
96 oChallengeResponseAuthentication, oXAuthLocation,
97 #if defined(KRB4) || defined(KRB5)
98 oKerberosAuthentication,
100 #if defined(AFS) || defined(KRB5)
106 oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
107 oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
108 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
109 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
110 oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts,
111 oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
112 oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
113 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
114 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
115 oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
116 oClearAllForwardings, oNoHostAuthenticationForLocalhost,
121 /* Textual representations of the tokens. */
127 { "forwardagent", oForwardAgent },
128 { "forwardx11", oForwardX11 },
129 { "xauthlocation", oXAuthLocation },
130 { "gatewayports", oGatewayPorts },
131 { "useprivilegedport", oUsePrivilegedPort },
132 { "rhostsauthentication", oRhostsAuthentication },
133 { "passwordauthentication", oPasswordAuthentication },
134 { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
135 { "kbdinteractivedevices", oKbdInteractiveDevices },
136 { "rsaauthentication", oRSAAuthentication },
137 { "pubkeyauthentication", oPubkeyAuthentication },
138 { "dsaauthentication", oPubkeyAuthentication }, /* alias */
139 { "rhostsrsaauthentication", oRhostsRSAAuthentication },
140 { "hostbasedauthentication", oHostbasedAuthentication },
141 { "challengeresponseauthentication", oChallengeResponseAuthentication },
142 { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
143 { "tisauthentication", oChallengeResponseAuthentication }, /* alias */
144 #if defined(KRB4) || defined(KRB5)
145 { "kerberosauthentication", oKerberosAuthentication },
147 #if defined(AFS) || defined(KRB5)
148 { "kerberostgtpassing", oKerberosTgtPassing },
151 { "afstokenpassing", oAFSTokenPassing },
153 { "fallbacktorsh", oDeprecated },
154 { "usersh", oDeprecated },
155 { "identityfile", oIdentityFile },
156 { "identityfile2", oIdentityFile }, /* alias */
157 { "hostname", oHostName },
158 { "hostkeyalias", oHostKeyAlias },
159 { "proxycommand", oProxyCommand },
161 { "cipher", oCipher },
162 { "ciphers", oCiphers },
164 { "protocol", oProtocol },
165 { "remoteforward", oRemoteForward },
166 { "localforward", oLocalForward },
169 { "escapechar", oEscapeChar },
170 { "globalknownhostsfile", oGlobalKnownHostsFile },
171 { "userknownhostsfile", oUserKnownHostsFile }, /* obsolete */
172 { "globalknownhostsfile2", oGlobalKnownHostsFile2 },
173 { "userknownhostsfile2", oUserKnownHostsFile2 }, /* obsolete */
174 { "connectionattempts", oConnectionAttempts },
175 { "batchmode", oBatchMode },
176 { "checkhostip", oCheckHostIP },
177 { "stricthostkeychecking", oStrictHostKeyChecking },
178 { "compression", oCompression },
179 { "compressionlevel", oCompressionLevel },
180 { "keepalive", oKeepAlives },
181 { "numberofpasswordprompts", oNumberOfPasswordPrompts },
182 { "loglevel", oLogLevel },
183 { "dynamicforward", oDynamicForward },
184 { "preferredauthentications", oPreferredAuthentications },
185 { "hostkeyalgorithms", oHostKeyAlgorithms },
186 { "bindaddress", oBindAddress },
187 { "smartcarddevice", oSmartcardDevice },
188 { "clearallforwardings", oClearAllForwardings },
189 { "enablesshkeysign", oEnableSSHKeysign },
190 { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
195 * Adds a local TCP/IP port forward to options. Never returns if there is an
200 add_local_forward(Options *options, u_short port, const char *host,
204 #ifndef NO_IPPORT_RESERVED_CONCEPT
205 extern uid_t original_real_uid;
206 if (port < IPPORT_RESERVED && original_real_uid != 0)
207 fatal("Privileged ports can only be forwarded by root.");
209 if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
210 fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
211 fwd = &options->local_forwards[options->num_local_forwards++];
213 fwd->host = xstrdup(host);
214 fwd->host_port = host_port;
218 * Adds a remote TCP/IP port forward to options. Never returns if there is
223 add_remote_forward(Options *options, u_short port, const char *host,
227 if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
228 fatal("Too many remote forwards (max %d).",
229 SSH_MAX_FORWARDS_PER_DIRECTION);
230 fwd = &options->remote_forwards[options->num_remote_forwards++];
232 fwd->host = xstrdup(host);
233 fwd->host_port = host_port;
237 clear_forwardings(Options *options)
241 for (i = 0; i < options->num_local_forwards; i++)
242 xfree(options->local_forwards[i].host);
243 options->num_local_forwards = 0;
244 for (i = 0; i < options->num_remote_forwards; i++)
245 xfree(options->remote_forwards[i].host);
246 options->num_remote_forwards = 0;
250 * Returns the number of the token pointed to by cp or oBadOption.
254 parse_token(const char *cp, const char *filename, int linenum)
258 for (i = 0; keywords[i].name; i++)
259 if (strcasecmp(cp, keywords[i].name) == 0)
260 return keywords[i].opcode;
262 error("%s: line %d: Bad configuration option: %s",
263 filename, linenum, cp);
268 * Processes a single option line as used in the configuration files. This
269 * only sets those values that have not already been set.
273 process_config_line(Options *options, const char *host,
274 char *line, const char *filename, int linenum,
277 char buf[256], *s, *string, **charptr, *endofnumber, *keyword, *arg;
278 int opcode, *intptr, value;
279 u_short fwd_port, fwd_host_port;
280 char sfwd_host_port[6];
283 /* Get the keyword. (Each line is supposed to begin with a keyword). */
284 keyword = strdelim(&s);
285 /* Ignore leading whitespace. */
286 if (*keyword == '\0')
287 keyword = strdelim(&s);
288 if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
291 opcode = parse_token(keyword, filename, linenum);
295 /* don't panic, but count bad options */
299 intptr = &options->forward_agent;
302 if (!arg || *arg == '\0')
303 fatal("%.200s line %d: Missing yes/no argument.", filename, linenum);
304 value = 0; /* To avoid compiler warning... */
305 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
307 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
310 fatal("%.200s line %d: Bad yes/no argument.", filename, linenum);
311 if (*activep && *intptr == -1)
316 intptr = &options->forward_x11;
320 intptr = &options->gateway_ports;
323 case oUsePrivilegedPort:
324 intptr = &options->use_privileged_port;
327 case oRhostsAuthentication:
328 intptr = &options->rhosts_authentication;
331 case oPasswordAuthentication:
332 intptr = &options->password_authentication;
335 case oKbdInteractiveAuthentication:
336 intptr = &options->kbd_interactive_authentication;
339 case oKbdInteractiveDevices:
340 charptr = &options->kbd_interactive_devices;
343 case oPubkeyAuthentication:
344 intptr = &options->pubkey_authentication;
347 case oRSAAuthentication:
348 intptr = &options->rsa_authentication;
351 case oRhostsRSAAuthentication:
352 intptr = &options->rhosts_rsa_authentication;
355 case oHostbasedAuthentication:
356 intptr = &options->hostbased_authentication;
359 case oChallengeResponseAuthentication:
360 intptr = &options->challenge_response_authentication;
362 #if defined(KRB4) || defined(KRB5)
363 case oKerberosAuthentication:
364 intptr = &options->kerberos_authentication;
367 #if defined(AFS) || defined(KRB5)
368 case oKerberosTgtPassing:
369 intptr = &options->kerberos_tgt_passing;
373 case oAFSTokenPassing:
374 intptr = &options->afs_token_passing;
378 intptr = &options->batch_mode;
382 intptr = &options->check_host_ip;
385 case oStrictHostKeyChecking:
386 intptr = &options->strict_host_key_checking;
388 if (!arg || *arg == '\0')
389 fatal("%.200s line %d: Missing yes/no/ask argument.",
391 value = 0; /* To avoid compiler warning... */
392 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
394 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
396 else if (strcmp(arg, "ask") == 0)
399 fatal("%.200s line %d: Bad yes/no/ask argument.", filename, linenum);
400 if (*activep && *intptr == -1)
405 intptr = &options->compression;
409 intptr = &options->keepalives;
412 case oNoHostAuthenticationForLocalhost:
413 intptr = &options->no_host_authentication_for_localhost;
416 case oNumberOfPasswordPrompts:
417 intptr = &options->number_of_password_prompts;
420 case oCompressionLevel:
421 intptr = &options->compression_level;
426 if (!arg || *arg == '\0')
427 fatal("%.200s line %d: Missing argument.", filename, linenum);
429 intptr = &options->num_identity_files;
430 if (*intptr >= SSH_MAX_IDENTITY_FILES)
431 fatal("%.200s line %d: Too many identity files specified (max %d).",
432 filename, linenum, SSH_MAX_IDENTITY_FILES);
433 charptr = &options->identity_files[*intptr];
434 *charptr = xstrdup(arg);
435 *intptr = *intptr + 1;
440 charptr=&options->xauth_location;
444 charptr = &options->user;
447 if (!arg || *arg == '\0')
448 fatal("%.200s line %d: Missing argument.", filename, linenum);
449 if (*activep && *charptr == NULL)
450 *charptr = xstrdup(arg);
453 case oGlobalKnownHostsFile:
454 charptr = &options->system_hostfile;
457 case oUserKnownHostsFile:
458 charptr = &options->user_hostfile;
461 case oGlobalKnownHostsFile2:
462 charptr = &options->system_hostfile2;
465 case oUserKnownHostsFile2:
466 charptr = &options->user_hostfile2;
470 charptr = &options->hostname;
474 charptr = &options->host_key_alias;
477 case oPreferredAuthentications:
478 charptr = &options->preferred_authentications;
482 charptr = &options->bind_address;
485 case oSmartcardDevice:
486 charptr = &options->smartcard_device;
490 charptr = &options->proxy_command;
491 string = xstrdup("");
492 while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
493 string = xrealloc(string, strlen(string) + strlen(arg) + 2);
497 if (*activep && *charptr == NULL)
504 intptr = &options->port;
507 if (!arg || *arg == '\0')
508 fatal("%.200s line %d: Missing argument.", filename, linenum);
509 if (arg[0] < '0' || arg[0] > '9')
510 fatal("%.200s line %d: Bad number.", filename, linenum);
512 /* Octal, decimal, or hex format? */
513 value = strtol(arg, &endofnumber, 0);
514 if (arg == endofnumber)
515 fatal("%.200s line %d: Bad number.", filename, linenum);
516 if (*activep && *intptr == -1)
520 case oConnectionAttempts:
521 intptr = &options->connection_attempts;
525 intptr = &options->cipher;
527 if (!arg || *arg == '\0')
528 fatal("%.200s line %d: Missing argument.", filename, linenum);
529 value = cipher_number(arg);
531 fatal("%.200s line %d: Bad cipher '%s'.",
532 filename, linenum, arg ? arg : "<NONE>");
533 if (*activep && *intptr == -1)
539 if (!arg || *arg == '\0')
540 fatal("%.200s line %d: Missing argument.", filename, linenum);
541 if (!ciphers_valid(arg))
542 fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
543 filename, linenum, arg ? arg : "<NONE>");
544 if (*activep && options->ciphers == NULL)
545 options->ciphers = xstrdup(arg);
550 if (!arg || *arg == '\0')
551 fatal("%.200s line %d: Missing argument.", filename, linenum);
553 fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
554 filename, linenum, arg ? arg : "<NONE>");
555 if (*activep && options->macs == NULL)
556 options->macs = xstrdup(arg);
559 case oHostKeyAlgorithms:
561 if (!arg || *arg == '\0')
562 fatal("%.200s line %d: Missing argument.", filename, linenum);
563 if (!key_names_valid2(arg))
564 fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.",
565 filename, linenum, arg ? arg : "<NONE>");
566 if (*activep && options->hostkeyalgorithms == NULL)
567 options->hostkeyalgorithms = xstrdup(arg);
571 intptr = &options->protocol;
573 if (!arg || *arg == '\0')
574 fatal("%.200s line %d: Missing argument.", filename, linenum);
575 value = proto_spec(arg);
576 if (value == SSH_PROTO_UNKNOWN)
577 fatal("%.200s line %d: Bad protocol spec '%s'.",
578 filename, linenum, arg ? arg : "<NONE>");
579 if (*activep && *intptr == SSH_PROTO_UNKNOWN)
584 intptr = (int *) &options->log_level;
586 value = log_level_number(arg);
587 if (value == SYSLOG_LEVEL_NOT_SET)
588 fatal("%.200s line %d: unsupported log level '%s'",
589 filename, linenum, arg ? arg : "<NONE>");
590 if (*activep && (LogLevel) *intptr == SYSLOG_LEVEL_NOT_SET)
591 *intptr = (LogLevel) value;
597 if (!arg || *arg == '\0')
598 fatal("%.200s line %d: Missing port argument.",
600 if ((fwd_port = a2port(arg)) == 0)
601 fatal("%.200s line %d: Bad listen port.",
604 if (!arg || *arg == '\0')
605 fatal("%.200s line %d: Missing second argument.",
607 if (sscanf(arg, "%255[^:]:%5[0-9]", buf, sfwd_host_port) != 2 &&
608 sscanf(arg, "%255[^/]/%5[0-9]", buf, sfwd_host_port) != 2)
609 fatal("%.200s line %d: Bad forwarding specification.",
611 if ((fwd_host_port = a2port(sfwd_host_port)) == 0)
612 fatal("%.200s line %d: Bad forwarding port.",
615 if (opcode == oLocalForward)
616 add_local_forward(options, fwd_port, buf,
618 else if (opcode == oRemoteForward)
619 add_remote_forward(options, fwd_port, buf,
624 case oDynamicForward:
626 if (!arg || *arg == '\0')
627 fatal("%.200s line %d: Missing port argument.",
629 fwd_port = a2port(arg);
631 fatal("%.200s line %d: Badly formatted port number.",
634 add_local_forward(options, fwd_port, "socks4", 0);
637 case oClearAllForwardings:
638 intptr = &options->clear_forwardings;
643 while ((arg = strdelim(&s)) != NULL && *arg != '\0')
644 if (match_pattern(host, arg)) {
645 debug("Applying options for %.100s", arg);
649 /* Avoid garbage check below, as strdelim is done. */
653 intptr = &options->escape_char;
655 if (!arg || *arg == '\0')
656 fatal("%.200s line %d: Missing argument.", filename, linenum);
657 if (arg[0] == '^' && arg[2] == 0 &&
658 (u_char) arg[1] >= 64 && (u_char) arg[1] < 128)
659 value = (u_char) arg[1] & 31;
660 else if (strlen(arg) == 1)
661 value = (u_char) arg[0];
662 else if (strcmp(arg, "none") == 0)
663 value = SSH_ESCAPECHAR_NONE;
665 fatal("%.200s line %d: Bad escape character.",
668 value = 0; /* Avoid compiler warning. */
670 if (*activep && *intptr == -1)
674 case oEnableSSHKeysign:
675 intptr = &options->enable_ssh_keysign;
679 debug("%s line %d: Deprecated option \"%s\"",
680 filename, linenum, keyword);
684 fatal("process_config_line: Unimplemented opcode %d", opcode);
687 /* Check that there is no garbage at end of line. */
688 if ((arg = strdelim(&s)) != NULL && *arg != '\0') {
689 fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
690 filename, linenum, arg);
697 * Reads the config file and modifies the options accordingly. Options
698 * should already be initialized before this call. This never returns if
699 * there is an error. If the file does not exist, this returns 0.
703 read_config_file(const char *filename, const char *host, Options *options)
711 f = fopen(filename, "r");
715 debug("Reading configuration data %.200s", filename);
718 * Mark that we are now processing the options. This flag is turned
719 * on/off by Host specifications.
723 while (fgets(line, sizeof(line), f)) {
724 /* Update line number counter. */
726 if (process_config_line(options, host, line, filename, linenum, &active) != 0)
731 fatal("%s: terminating, %d bad configuration options",
732 filename, bad_options);
737 * Initializes options to special values that indicate that they have not yet
738 * been set. Read_config_file will only set options with this value. Options
739 * are processed in the following order: command line, user config file,
740 * system config file. Last, fill_default_options is called.
744 initialize_options(Options * options)
746 memset(options, 'X', sizeof(*options));
747 options->forward_agent = -1;
748 options->forward_x11 = -1;
749 options->xauth_location = NULL;
750 options->gateway_ports = -1;
751 options->use_privileged_port = -1;
752 options->rhosts_authentication = -1;
753 options->rsa_authentication = -1;
754 options->pubkey_authentication = -1;
755 options->challenge_response_authentication = -1;
756 #if defined(KRB4) || defined(KRB5)
757 options->kerberos_authentication = -1;
759 #if defined(AFS) || defined(KRB5)
760 options->kerberos_tgt_passing = -1;
763 options->afs_token_passing = -1;
765 options->password_authentication = -1;
766 options->kbd_interactive_authentication = -1;
767 options->kbd_interactive_devices = NULL;
768 options->rhosts_rsa_authentication = -1;
769 options->hostbased_authentication = -1;
770 options->batch_mode = -1;
771 options->check_host_ip = -1;
772 options->strict_host_key_checking = -1;
773 options->compression = -1;
774 options->keepalives = -1;
775 options->compression_level = -1;
777 options->connection_attempts = -1;
778 options->number_of_password_prompts = -1;
779 options->cipher = -1;
780 options->ciphers = NULL;
781 options->macs = NULL;
782 options->hostkeyalgorithms = NULL;
783 options->protocol = SSH_PROTO_UNKNOWN;
784 options->num_identity_files = 0;
785 options->hostname = NULL;
786 options->host_key_alias = NULL;
787 options->proxy_command = NULL;
788 options->user = NULL;
789 options->escape_char = -1;
790 options->system_hostfile = NULL;
791 options->user_hostfile = NULL;
792 options->system_hostfile2 = NULL;
793 options->user_hostfile2 = NULL;
794 options->num_local_forwards = 0;
795 options->num_remote_forwards = 0;
796 options->clear_forwardings = -1;
797 options->log_level = SYSLOG_LEVEL_NOT_SET;
798 options->preferred_authentications = NULL;
799 options->bind_address = NULL;
800 options->smartcard_device = NULL;
801 options->enable_ssh_keysign = - 1;
802 options->no_host_authentication_for_localhost = - 1;
806 * Called after processing other sources of option data, this fills those
807 * options for which no value has been specified with their default values.
811 fill_default_options(Options * options)
815 if (options->forward_agent == -1)
816 options->forward_agent = 0;
817 if (options->forward_x11 == -1)
818 options->forward_x11 = 0;
819 if (options->xauth_location == NULL)
820 options->xauth_location = _PATH_XAUTH;
821 if (options->gateway_ports == -1)
822 options->gateway_ports = 0;
823 if (options->use_privileged_port == -1)
824 options->use_privileged_port = 0;
825 if (options->rhosts_authentication == -1)
826 options->rhosts_authentication = 0;
827 if (options->rsa_authentication == -1)
828 options->rsa_authentication = 1;
829 if (options->pubkey_authentication == -1)
830 options->pubkey_authentication = 1;
831 if (options->challenge_response_authentication == -1)
832 options->challenge_response_authentication = 1;
833 #if defined(KRB4) || defined(KRB5)
834 if (options->kerberos_authentication == -1)
835 options->kerberos_authentication = 1;
837 #if defined(AFS) || defined(KRB5)
838 if (options->kerberos_tgt_passing == -1)
839 options->kerberos_tgt_passing = 1;
842 if (options->afs_token_passing == -1)
843 options->afs_token_passing = 1;
845 if (options->password_authentication == -1)
846 options->password_authentication = 1;
847 if (options->kbd_interactive_authentication == -1)
848 options->kbd_interactive_authentication = 1;
849 if (options->rhosts_rsa_authentication == -1)
850 options->rhosts_rsa_authentication = 0;
851 if (options->hostbased_authentication == -1)
852 options->hostbased_authentication = 0;
853 if (options->batch_mode == -1)
854 options->batch_mode = 0;
855 if (options->check_host_ip == -1)
856 options->check_host_ip = 1;
857 if (options->strict_host_key_checking == -1)
858 options->strict_host_key_checking = 2; /* 2 is default */
859 if (options->compression == -1)
860 options->compression = 0;
861 if (options->keepalives == -1)
862 options->keepalives = 1;
863 if (options->compression_level == -1)
864 options->compression_level = 6;
865 if (options->port == -1)
866 options->port = 0; /* Filled in ssh_connect. */
867 if (options->connection_attempts == -1)
868 options->connection_attempts = 1;
869 if (options->number_of_password_prompts == -1)
870 options->number_of_password_prompts = 3;
871 /* Selected in ssh_login(). */
872 if (options->cipher == -1)
873 options->cipher = SSH_CIPHER_NOT_SET;
874 /* options->ciphers, default set in myproposals.h */
875 /* options->macs, default set in myproposals.h */
876 /* options->hostkeyalgorithms, default set in myproposals.h */
877 if (options->protocol == SSH_PROTO_UNKNOWN)
878 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
879 if (options->num_identity_files == 0) {
880 if (options->protocol & SSH_PROTO_1) {
881 len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;
882 options->identity_files[options->num_identity_files] =
884 snprintf(options->identity_files[options->num_identity_files++],
885 len, "~/%.100s", _PATH_SSH_CLIENT_IDENTITY);
887 if (options->protocol & SSH_PROTO_2) {
888 len = 2 + strlen(_PATH_SSH_CLIENT_ID_RSA) + 1;
889 options->identity_files[options->num_identity_files] =
891 snprintf(options->identity_files[options->num_identity_files++],
892 len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA);
894 len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1;
895 options->identity_files[options->num_identity_files] =
897 snprintf(options->identity_files[options->num_identity_files++],
898 len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
901 if (options->escape_char == -1)
902 options->escape_char = '~';
903 if (options->system_hostfile == NULL)
904 options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE;
905 if (options->user_hostfile == NULL)
906 options->user_hostfile = _PATH_SSH_USER_HOSTFILE;
907 if (options->system_hostfile2 == NULL)
908 options->system_hostfile2 = _PATH_SSH_SYSTEM_HOSTFILE2;
909 if (options->user_hostfile2 == NULL)
910 options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2;
911 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
912 options->log_level = SYSLOG_LEVEL_INFO;
913 if (options->clear_forwardings == 1)
914 clear_forwardings(options);
915 if (options->no_host_authentication_for_localhost == - 1)
916 options->no_host_authentication_for_localhost = 0;
917 if (options->enable_ssh_keysign == -1)
918 options->enable_ssh_keysign = 0;
919 /* options->proxy_command should not be set by default */
920 /* options->user will be set in the main program if appropriate */
921 /* options->hostname will be set in the main program if appropriate */
922 /* options->host_key_alias should not be set by default */
923 /* options->preferred_authentications will be set in ssh */