2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * Functions for reading the configuration files.
7 * As far as I am concerned, the code I have written for this software
8 * can be used freely for any purpose. Any derived versions of this
9 * software must be clearly marked as such, and if the derived work is
10 * incompatible with the protocol description in the RFC file, it must be
11 * called by a name other than "ssh" or "Secure Shell".
15 RCSID("$OpenBSD: readconf.c,v 1.113 2003/06/26 20:08:33 markus Exp $");
21 #include "pathnames.h"
29 /* Format of the configuration file:
31 # Configuration data is parsed as follows:
32 # 1. command line options
33 # 2. user-specific file
35 # Any configuration value is only changed the first time it is set.
36 # Thus, host-specific definitions should be at the beginning of the
37 # configuration file, and defaults at the end.
39 # Host-specific declarations. These may override anything above. A single
40 # host may match multiple declarations; these are processed in the order
41 # that they are given in.
47 HostName another.host.name.real.org
54 RemoteForward 9999 shadows.cs.hut.fi:9999
60 RhostsAuthentication no
61 PasswordAuthentication no
65 ProxyCommand ssh-proxy %h %p
68 PublicKeyAuthentication no
72 PasswordAuthentication no
74 # Defaults for various options
78 RhostsAuthentication yes
79 PasswordAuthentication yes
81 RhostsRSAAuthentication yes
82 StrictHostKeyChecking yes
84 IdentityFile ~/.ssh/identity
94 oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication,
95 oPasswordAuthentication, oRSAAuthentication,
96 oChallengeResponseAuthentication, oXAuthLocation,
97 oKerberosAuthentication, oKerberosTgtPassing, oAFSTokenPassing,
98 oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
99 oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
100 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
101 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
102 oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts,
103 oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
104 oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
105 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
106 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
107 oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
108 oClearAllForwardings, oNoHostAuthenticationForLocalhost,
109 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
111 oDeprecated, oUnsupported
114 /* Textual representations of the tokens. */
120 { "forwardagent", oForwardAgent },
121 { "forwardx11", oForwardX11 },
122 { "xauthlocation", oXAuthLocation },
123 { "gatewayports", oGatewayPorts },
124 { "useprivilegedport", oUsePrivilegedPort },
125 { "rhostsauthentication", oRhostsAuthentication },
126 { "passwordauthentication", oPasswordAuthentication },
127 { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
128 { "kbdinteractivedevices", oKbdInteractiveDevices },
129 { "rsaauthentication", oRSAAuthentication },
130 { "pubkeyauthentication", oPubkeyAuthentication },
131 { "dsaauthentication", oPubkeyAuthentication }, /* alias */
132 { "rhostsrsaauthentication", oRhostsRSAAuthentication },
133 { "hostbasedauthentication", oHostbasedAuthentication },
134 { "challengeresponseauthentication", oChallengeResponseAuthentication },
135 { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
136 { "tisauthentication", oChallengeResponseAuthentication }, /* alias */
137 #if defined(KRB4) || defined(KRB5)
138 { "kerberosauthentication", oKerberosAuthentication },
139 { "kerberostgtpassing", oKerberosTgtPassing },
141 { "kerberosauthentication", oUnsupported },
142 { "kerberostgtpassing", oUnsupported },
145 { "afstokenpassing", oAFSTokenPassing },
147 { "afstokenpassing", oUnsupported },
149 { "fallbacktorsh", oDeprecated },
150 { "usersh", oDeprecated },
151 { "identityfile", oIdentityFile },
152 { "identityfile2", oIdentityFile }, /* alias */
153 { "hostname", oHostName },
154 { "hostkeyalias", oHostKeyAlias },
155 { "proxycommand", oProxyCommand },
157 { "cipher", oCipher },
158 { "ciphers", oCiphers },
160 { "protocol", oProtocol },
161 { "remoteforward", oRemoteForward },
162 { "localforward", oLocalForward },
165 { "escapechar", oEscapeChar },
166 { "globalknownhostsfile", oGlobalKnownHostsFile },
167 { "userknownhostsfile", oUserKnownHostsFile }, /* obsolete */
168 { "globalknownhostsfile2", oGlobalKnownHostsFile2 },
169 { "userknownhostsfile2", oUserKnownHostsFile2 }, /* obsolete */
170 { "connectionattempts", oConnectionAttempts },
171 { "batchmode", oBatchMode },
172 { "checkhostip", oCheckHostIP },
173 { "stricthostkeychecking", oStrictHostKeyChecking },
174 { "compression", oCompression },
175 { "compressionlevel", oCompressionLevel },
176 { "keepalive", oKeepAlives },
177 { "numberofpasswordprompts", oNumberOfPasswordPrompts },
178 { "loglevel", oLogLevel },
179 { "dynamicforward", oDynamicForward },
180 { "preferredauthentications", oPreferredAuthentications },
181 { "hostkeyalgorithms", oHostKeyAlgorithms },
182 { "bindaddress", oBindAddress },
184 { "smartcarddevice", oSmartcardDevice },
186 { "smartcarddevice", oUnsupported },
188 { "clearallforwardings", oClearAllForwardings },
189 { "enablesshkeysign", oEnableSSHKeysign },
191 { "verifyhostkeydns", oVerifyHostKeyDNS },
193 { "verifyhostkeydns", oUnsupported },
195 { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
196 { "rekeylimit", oRekeyLimit },
197 { "connecttimeout", oConnectTimeout },
198 { "addressfamily", oAddressFamily },
203 * Adds a local TCP/IP port forward to options. Never returns if there is an
208 add_local_forward(Options *options, u_short port, const char *host,
212 #ifndef NO_IPPORT_RESERVED_CONCEPT
213 extern uid_t original_real_uid;
214 if (port < IPPORT_RESERVED && original_real_uid != 0)
215 fatal("Privileged ports can only be forwarded by root.");
217 if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
218 fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
219 fwd = &options->local_forwards[options->num_local_forwards++];
221 fwd->host = xstrdup(host);
222 fwd->host_port = host_port;
226 * Adds a remote TCP/IP port forward to options. Never returns if there is
231 add_remote_forward(Options *options, u_short port, const char *host,
235 if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
236 fatal("Too many remote forwards (max %d).",
237 SSH_MAX_FORWARDS_PER_DIRECTION);
238 fwd = &options->remote_forwards[options->num_remote_forwards++];
240 fwd->host = xstrdup(host);
241 fwd->host_port = host_port;
245 clear_forwardings(Options *options)
249 for (i = 0; i < options->num_local_forwards; i++)
250 xfree(options->local_forwards[i].host);
251 options->num_local_forwards = 0;
252 for (i = 0; i < options->num_remote_forwards; i++)
253 xfree(options->remote_forwards[i].host);
254 options->num_remote_forwards = 0;
258 * Returns the number of the token pointed to by cp or oBadOption.
262 parse_token(const char *cp, const char *filename, int linenum)
266 for (i = 0; keywords[i].name; i++)
267 if (strcasecmp(cp, keywords[i].name) == 0)
268 return keywords[i].opcode;
270 error("%s: line %d: Bad configuration option: %s",
271 filename, linenum, cp);
276 * Processes a single option line as used in the configuration files. This
277 * only sets those values that have not already been set.
279 #define WHITESPACE " \t\r\n"
282 process_config_line(Options *options, const char *host,
283 char *line, const char *filename, int linenum,
286 char buf[256], *s, **charptr, *endofnumber, *keyword, *arg;
287 int opcode, *intptr, value;
289 u_short fwd_port, fwd_host_port;
290 char sfwd_host_port[6];
293 /* Strip trailing whitespace */
294 for(len = strlen(line) - 1; len > 0; len--) {
295 if (strchr(WHITESPACE, line[len]) == NULL)
301 /* Get the keyword. (Each line is supposed to begin with a keyword). */
302 keyword = strdelim(&s);
303 /* Ignore leading whitespace. */
304 if (*keyword == '\0')
305 keyword = strdelim(&s);
306 if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
309 opcode = parse_token(keyword, filename, linenum);
313 /* don't panic, but count bad options */
316 case oConnectTimeout:
317 intptr = &options->connection_timeout;
320 if (!arg || *arg == '\0')
321 fatal("%s line %d: missing time value.",
323 if ((value = convtime(arg)) == -1)
324 fatal("%s line %d: invalid time value.",
331 intptr = &options->forward_agent;
334 if (!arg || *arg == '\0')
335 fatal("%.200s line %d: Missing yes/no argument.", filename, linenum);
336 value = 0; /* To avoid compiler warning... */
337 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
339 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
342 fatal("%.200s line %d: Bad yes/no argument.", filename, linenum);
343 if (*activep && *intptr == -1)
348 intptr = &options->forward_x11;
352 intptr = &options->gateway_ports;
355 case oUsePrivilegedPort:
356 intptr = &options->use_privileged_port;
359 case oRhostsAuthentication:
360 intptr = &options->rhosts_authentication;
363 case oPasswordAuthentication:
364 intptr = &options->password_authentication;
367 case oKbdInteractiveAuthentication:
368 intptr = &options->kbd_interactive_authentication;
371 case oKbdInteractiveDevices:
372 charptr = &options->kbd_interactive_devices;
375 case oPubkeyAuthentication:
376 intptr = &options->pubkey_authentication;
379 case oRSAAuthentication:
380 intptr = &options->rsa_authentication;
383 case oRhostsRSAAuthentication:
384 intptr = &options->rhosts_rsa_authentication;
387 case oHostbasedAuthentication:
388 intptr = &options->hostbased_authentication;
391 case oChallengeResponseAuthentication:
392 intptr = &options->challenge_response_authentication;
395 case oKerberosAuthentication:
396 intptr = &options->kerberos_authentication;
399 case oKerberosTgtPassing:
400 intptr = &options->kerberos_tgt_passing;
403 case oAFSTokenPassing:
404 intptr = &options->afs_token_passing;
408 intptr = &options->batch_mode;
412 intptr = &options->check_host_ip;
415 case oVerifyHostKeyDNS:
416 intptr = &options->verify_host_key_dns;
419 case oStrictHostKeyChecking:
420 intptr = &options->strict_host_key_checking;
422 if (!arg || *arg == '\0')
423 fatal("%.200s line %d: Missing yes/no/ask argument.",
425 value = 0; /* To avoid compiler warning... */
426 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
428 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
430 else if (strcmp(arg, "ask") == 0)
433 fatal("%.200s line %d: Bad yes/no/ask argument.", filename, linenum);
434 if (*activep && *intptr == -1)
439 intptr = &options->compression;
443 intptr = &options->keepalives;
446 case oNoHostAuthenticationForLocalhost:
447 intptr = &options->no_host_authentication_for_localhost;
450 case oNumberOfPasswordPrompts:
451 intptr = &options->number_of_password_prompts;
454 case oCompressionLevel:
455 intptr = &options->compression_level;
459 intptr = &options->rekey_limit;
461 if (!arg || *arg == '\0')
462 fatal("%.200s line %d: Missing argument.", filename, linenum);
463 if (arg[0] < '0' || arg[0] > '9')
464 fatal("%.200s line %d: Bad number.", filename, linenum);
465 value = strtol(arg, &endofnumber, 10);
466 if (arg == endofnumber)
467 fatal("%.200s line %d: Bad number.", filename, linenum);
468 switch (toupper(*endofnumber)) {
479 if (*activep && *intptr == -1)
485 if (!arg || *arg == '\0')
486 fatal("%.200s line %d: Missing argument.", filename, linenum);
488 intptr = &options->num_identity_files;
489 if (*intptr >= SSH_MAX_IDENTITY_FILES)
490 fatal("%.200s line %d: Too many identity files specified (max %d).",
491 filename, linenum, SSH_MAX_IDENTITY_FILES);
492 charptr = &options->identity_files[*intptr];
493 *charptr = xstrdup(arg);
494 *intptr = *intptr + 1;
499 charptr=&options->xauth_location;
503 charptr = &options->user;
506 if (!arg || *arg == '\0')
507 fatal("%.200s line %d: Missing argument.", filename, linenum);
508 if (*activep && *charptr == NULL)
509 *charptr = xstrdup(arg);
512 case oGlobalKnownHostsFile:
513 charptr = &options->system_hostfile;
516 case oUserKnownHostsFile:
517 charptr = &options->user_hostfile;
520 case oGlobalKnownHostsFile2:
521 charptr = &options->system_hostfile2;
524 case oUserKnownHostsFile2:
525 charptr = &options->user_hostfile2;
529 charptr = &options->hostname;
533 charptr = &options->host_key_alias;
536 case oPreferredAuthentications:
537 charptr = &options->preferred_authentications;
541 charptr = &options->bind_address;
544 case oSmartcardDevice:
545 charptr = &options->smartcard_device;
550 fatal("%.200s line %d: Missing argument.", filename, linenum);
551 charptr = &options->proxy_command;
552 len = strspn(s, WHITESPACE "=");
553 if (*activep && *charptr == NULL)
554 *charptr = xstrdup(s + len);
558 intptr = &options->port;
561 if (!arg || *arg == '\0')
562 fatal("%.200s line %d: Missing argument.", filename, linenum);
563 if (arg[0] < '0' || arg[0] > '9')
564 fatal("%.200s line %d: Bad number.", filename, linenum);
566 /* Octal, decimal, or hex format? */
567 value = strtol(arg, &endofnumber, 0);
568 if (arg == endofnumber)
569 fatal("%.200s line %d: Bad number.", filename, linenum);
570 if (*activep && *intptr == -1)
574 case oConnectionAttempts:
575 intptr = &options->connection_attempts;
579 intptr = &options->cipher;
581 if (!arg || *arg == '\0')
582 fatal("%.200s line %d: Missing argument.", filename, linenum);
583 value = cipher_number(arg);
585 fatal("%.200s line %d: Bad cipher '%s'.",
586 filename, linenum, arg ? arg : "<NONE>");
587 if (*activep && *intptr == -1)
593 if (!arg || *arg == '\0')
594 fatal("%.200s line %d: Missing argument.", filename, linenum);
595 if (!ciphers_valid(arg))
596 fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
597 filename, linenum, arg ? arg : "<NONE>");
598 if (*activep && options->ciphers == NULL)
599 options->ciphers = xstrdup(arg);
604 if (!arg || *arg == '\0')
605 fatal("%.200s line %d: Missing argument.", filename, linenum);
607 fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
608 filename, linenum, arg ? arg : "<NONE>");
609 if (*activep && options->macs == NULL)
610 options->macs = xstrdup(arg);
613 case oHostKeyAlgorithms:
615 if (!arg || *arg == '\0')
616 fatal("%.200s line %d: Missing argument.", filename, linenum);
617 if (!key_names_valid2(arg))
618 fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.",
619 filename, linenum, arg ? arg : "<NONE>");
620 if (*activep && options->hostkeyalgorithms == NULL)
621 options->hostkeyalgorithms = xstrdup(arg);
625 intptr = &options->protocol;
627 if (!arg || *arg == '\0')
628 fatal("%.200s line %d: Missing argument.", filename, linenum);
629 value = proto_spec(arg);
630 if (value == SSH_PROTO_UNKNOWN)
631 fatal("%.200s line %d: Bad protocol spec '%s'.",
632 filename, linenum, arg ? arg : "<NONE>");
633 if (*activep && *intptr == SSH_PROTO_UNKNOWN)
638 intptr = (int *) &options->log_level;
640 value = log_level_number(arg);
641 if (value == SYSLOG_LEVEL_NOT_SET)
642 fatal("%.200s line %d: unsupported log level '%s'",
643 filename, linenum, arg ? arg : "<NONE>");
644 if (*activep && (LogLevel) *intptr == SYSLOG_LEVEL_NOT_SET)
645 *intptr = (LogLevel) value;
651 if (!arg || *arg == '\0')
652 fatal("%.200s line %d: Missing port argument.",
654 if ((fwd_port = a2port(arg)) == 0)
655 fatal("%.200s line %d: Bad listen port.",
658 if (!arg || *arg == '\0')
659 fatal("%.200s line %d: Missing second argument.",
661 if (sscanf(arg, "%255[^:]:%5[0-9]", buf, sfwd_host_port) != 2 &&
662 sscanf(arg, "%255[^/]/%5[0-9]", buf, sfwd_host_port) != 2)
663 fatal("%.200s line %d: Bad forwarding specification.",
665 if ((fwd_host_port = a2port(sfwd_host_port)) == 0)
666 fatal("%.200s line %d: Bad forwarding port.",
669 if (opcode == oLocalForward)
670 add_local_forward(options, fwd_port, buf,
672 else if (opcode == oRemoteForward)
673 add_remote_forward(options, fwd_port, buf,
678 case oDynamicForward:
680 if (!arg || *arg == '\0')
681 fatal("%.200s line %d: Missing port argument.",
683 fwd_port = a2port(arg);
685 fatal("%.200s line %d: Badly formatted port number.",
688 add_local_forward(options, fwd_port, "socks4", 0);
691 case oClearAllForwardings:
692 intptr = &options->clear_forwardings;
697 while ((arg = strdelim(&s)) != NULL && *arg != '\0')
698 if (match_pattern(host, arg)) {
699 debug("Applying options for %.100s", arg);
703 /* Avoid garbage check below, as strdelim is done. */
707 intptr = &options->escape_char;
709 if (!arg || *arg == '\0')
710 fatal("%.200s line %d: Missing argument.", filename, linenum);
711 if (arg[0] == '^' && arg[2] == 0 &&
712 (u_char) arg[1] >= 64 && (u_char) arg[1] < 128)
713 value = (u_char) arg[1] & 31;
714 else if (strlen(arg) == 1)
715 value = (u_char) arg[0];
716 else if (strcmp(arg, "none") == 0)
717 value = SSH_ESCAPECHAR_NONE;
719 fatal("%.200s line %d: Bad escape character.",
722 value = 0; /* Avoid compiler warning. */
724 if (*activep && *intptr == -1)
730 if (strcasecmp(arg, "inet") == 0)
732 else if (strcasecmp(arg, "inet6") == 0)
734 else if (strcasecmp(arg, "any") == 0)
737 fatal("Unsupported AddressFamily \"%s\"", arg);
740 case oEnableSSHKeysign:
741 intptr = &options->enable_ssh_keysign;
745 debug("%s line %d: Deprecated option \"%s\"",
746 filename, linenum, keyword);
750 error("%s line %d: Unsupported option \"%s\"",
751 filename, linenum, keyword);
755 fatal("process_config_line: Unimplemented opcode %d", opcode);
758 /* Check that there is no garbage at end of line. */
759 if ((arg = strdelim(&s)) != NULL && *arg != '\0') {
760 fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
761 filename, linenum, arg);
768 * Reads the config file and modifies the options accordingly. Options
769 * should already be initialized before this call. This never returns if
770 * there is an error. If the file does not exist, this returns 0.
774 read_config_file(const char *filename, const char *host, Options *options)
782 f = fopen(filename, "r");
786 debug("Reading configuration data %.200s", filename);
789 * Mark that we are now processing the options. This flag is turned
790 * on/off by Host specifications.
794 while (fgets(line, sizeof(line), f)) {
795 /* Update line number counter. */
797 if (process_config_line(options, host, line, filename, linenum, &active) != 0)
802 fatal("%s: terminating, %d bad configuration options",
803 filename, bad_options);
808 * Initializes options to special values that indicate that they have not yet
809 * been set. Read_config_file will only set options with this value. Options
810 * are processed in the following order: command line, user config file,
811 * system config file. Last, fill_default_options is called.
815 initialize_options(Options * options)
817 memset(options, 'X', sizeof(*options));
818 options->forward_agent = -1;
819 options->forward_x11 = -1;
820 options->xauth_location = NULL;
821 options->gateway_ports = -1;
822 options->use_privileged_port = -1;
823 options->rhosts_authentication = -1;
824 options->rsa_authentication = -1;
825 options->pubkey_authentication = -1;
826 options->challenge_response_authentication = -1;
827 options->kerberos_authentication = -1;
828 options->kerberos_tgt_passing = -1;
829 options->afs_token_passing = -1;
830 options->password_authentication = -1;
831 options->kbd_interactive_authentication = -1;
832 options->kbd_interactive_devices = NULL;
833 options->rhosts_rsa_authentication = -1;
834 options->hostbased_authentication = -1;
835 options->batch_mode = -1;
836 options->check_host_ip = -1;
837 options->strict_host_key_checking = -1;
838 options->compression = -1;
839 options->keepalives = -1;
840 options->compression_level = -1;
842 options->connection_attempts = -1;
843 options->connection_timeout = -1;
844 options->number_of_password_prompts = -1;
845 options->cipher = -1;
846 options->ciphers = NULL;
847 options->macs = NULL;
848 options->hostkeyalgorithms = NULL;
849 options->protocol = SSH_PROTO_UNKNOWN;
850 options->num_identity_files = 0;
851 options->hostname = NULL;
852 options->host_key_alias = NULL;
853 options->proxy_command = NULL;
854 options->user = NULL;
855 options->escape_char = -1;
856 options->system_hostfile = NULL;
857 options->user_hostfile = NULL;
858 options->system_hostfile2 = NULL;
859 options->user_hostfile2 = NULL;
860 options->num_local_forwards = 0;
861 options->num_remote_forwards = 0;
862 options->clear_forwardings = -1;
863 options->log_level = SYSLOG_LEVEL_NOT_SET;
864 options->preferred_authentications = NULL;
865 options->bind_address = NULL;
866 options->smartcard_device = NULL;
867 options->enable_ssh_keysign = - 1;
868 options->no_host_authentication_for_localhost = - 1;
869 options->rekey_limit = - 1;
870 options->verify_host_key_dns = -1;
874 * Called after processing other sources of option data, this fills those
875 * options for which no value has been specified with their default values.
879 fill_default_options(Options * options)
883 if (options->forward_agent == -1)
884 options->forward_agent = 0;
885 if (options->forward_x11 == -1)
886 options->forward_x11 = 0;
887 if (options->xauth_location == NULL)
888 options->xauth_location = _PATH_XAUTH;
889 if (options->gateway_ports == -1)
890 options->gateway_ports = 0;
891 if (options->use_privileged_port == -1)
892 options->use_privileged_port = 0;
893 if (options->rhosts_authentication == -1)
894 options->rhosts_authentication = 0;
895 if (options->rsa_authentication == -1)
896 options->rsa_authentication = 1;
897 if (options->pubkey_authentication == -1)
898 options->pubkey_authentication = 1;
899 if (options->challenge_response_authentication == -1)
900 options->challenge_response_authentication = 1;
901 if (options->kerberos_authentication == -1)
902 options->kerberos_authentication = 1;
903 if (options->kerberos_tgt_passing == -1)
904 options->kerberos_tgt_passing = 1;
905 if (options->afs_token_passing == -1)
906 options->afs_token_passing = 1;
907 if (options->password_authentication == -1)
908 options->password_authentication = 1;
909 if (options->kbd_interactive_authentication == -1)
910 options->kbd_interactive_authentication = 1;
911 if (options->rhosts_rsa_authentication == -1)
912 options->rhosts_rsa_authentication = 0;
913 if (options->hostbased_authentication == -1)
914 options->hostbased_authentication = 0;
915 if (options->batch_mode == -1)
916 options->batch_mode = 0;
917 if (options->check_host_ip == -1)
918 options->check_host_ip = 1;
919 if (options->strict_host_key_checking == -1)
920 options->strict_host_key_checking = 2; /* 2 is default */
921 if (options->compression == -1)
922 options->compression = 0;
923 if (options->keepalives == -1)
924 options->keepalives = 1;
925 if (options->compression_level == -1)
926 options->compression_level = 6;
927 if (options->port == -1)
928 options->port = 0; /* Filled in ssh_connect. */
929 if (options->connection_attempts == -1)
930 options->connection_attempts = 1;
931 if (options->number_of_password_prompts == -1)
932 options->number_of_password_prompts = 3;
933 /* Selected in ssh_login(). */
934 if (options->cipher == -1)
935 options->cipher = SSH_CIPHER_NOT_SET;
936 /* options->ciphers, default set in myproposals.h */
937 /* options->macs, default set in myproposals.h */
938 /* options->hostkeyalgorithms, default set in myproposals.h */
939 if (options->protocol == SSH_PROTO_UNKNOWN)
940 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
941 if (options->num_identity_files == 0) {
942 if (options->protocol & SSH_PROTO_1) {
943 len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;
944 options->identity_files[options->num_identity_files] =
946 snprintf(options->identity_files[options->num_identity_files++],
947 len, "~/%.100s", _PATH_SSH_CLIENT_IDENTITY);
949 if (options->protocol & SSH_PROTO_2) {
950 len = 2 + strlen(_PATH_SSH_CLIENT_ID_RSA) + 1;
951 options->identity_files[options->num_identity_files] =
953 snprintf(options->identity_files[options->num_identity_files++],
954 len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA);
956 len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1;
957 options->identity_files[options->num_identity_files] =
959 snprintf(options->identity_files[options->num_identity_files++],
960 len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
963 if (options->escape_char == -1)
964 options->escape_char = '~';
965 if (options->system_hostfile == NULL)
966 options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE;
967 if (options->user_hostfile == NULL)
968 options->user_hostfile = _PATH_SSH_USER_HOSTFILE;
969 if (options->system_hostfile2 == NULL)
970 options->system_hostfile2 = _PATH_SSH_SYSTEM_HOSTFILE2;
971 if (options->user_hostfile2 == NULL)
972 options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2;
973 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
974 options->log_level = SYSLOG_LEVEL_INFO;
975 if (options->clear_forwardings == 1)
976 clear_forwardings(options);
977 if (options->no_host_authentication_for_localhost == - 1)
978 options->no_host_authentication_for_localhost = 0;
979 if (options->enable_ssh_keysign == -1)
980 options->enable_ssh_keysign = 0;
981 if (options->rekey_limit == -1)
982 options->rekey_limit = 0;
983 if (options->verify_host_key_dns == -1)
984 options->verify_host_key_dns = 0;
985 /* options->proxy_command should not be set by default */
986 /* options->user will be set in the main program if appropriate */
987 /* options->hostname will be set in the main program if appropriate */
988 /* options->host_key_alias should not be set by default */
989 /* options->preferred_authentications will be set in ssh */