2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * Functions for reading the configuration files.
7 * As far as I am concerned, the code I have written for this software
8 * can be used freely for any purpose. Any derived versions of this
9 * software must be clearly marked as such, and if the derived work is
10 * incompatible with the protocol description in the RFC file, it must be
11 * called by a name other than "ssh" or "Secure Shell".
15 RCSID("$OpenBSD: readconf.c,v 1.123 2003/10/11 08:24:07 markus Exp $");
21 #include "pathnames.h"
29 /* Format of the configuration file:
31 # Configuration data is parsed as follows:
32 # 1. command line options
33 # 2. user-specific file
35 # Any configuration value is only changed the first time it is set.
36 # Thus, host-specific definitions should be at the beginning of the
37 # configuration file, and defaults at the end.
39 # Host-specific declarations. These may override anything above. A single
40 # host may match multiple declarations; these are processed in the order
41 # that they are given in.
47 HostName another.host.name.real.org
54 RemoteForward 9999 shadows.cs.hut.fi:9999
60 PasswordAuthentication no
64 ProxyCommand ssh-proxy %h %p
67 PublicKeyAuthentication no
71 PasswordAuthentication no
73 # Defaults for various options
77 PasswordAuthentication yes
79 RhostsRSAAuthentication yes
80 StrictHostKeyChecking yes
82 IdentityFile ~/.ssh/identity
92 oForwardAgent, oForwardX11, oForwardX11Trusted, oGatewayPorts,
93 oPasswordAuthentication, oRSAAuthentication,
94 oChallengeResponseAuthentication, oXAuthLocation,
95 oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
96 oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
97 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
98 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
99 oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts,
100 oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
101 oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
102 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
103 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
104 oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
105 oClearAllForwardings, oNoHostAuthenticationForLocalhost,
106 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
107 oAddressFamily, oGssAuthentication, oGssDelegateCreds,
108 oDeprecated, oUnsupported
111 /* Textual representations of the tokens. */
117 { "forwardagent", oForwardAgent },
118 { "forwardx11", oForwardX11 },
119 { "forwardx11trusted", oForwardX11Trusted },
120 { "xauthlocation", oXAuthLocation },
121 { "gatewayports", oGatewayPorts },
122 { "useprivilegedport", oUsePrivilegedPort },
123 { "rhostsauthentication", oDeprecated },
124 { "passwordauthentication", oPasswordAuthentication },
125 { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
126 { "kbdinteractivedevices", oKbdInteractiveDevices },
127 { "rsaauthentication", oRSAAuthentication },
128 { "pubkeyauthentication", oPubkeyAuthentication },
129 { "dsaauthentication", oPubkeyAuthentication }, /* alias */
130 { "rhostsrsaauthentication", oRhostsRSAAuthentication },
131 { "hostbasedauthentication", oHostbasedAuthentication },
132 { "challengeresponseauthentication", oChallengeResponseAuthentication },
133 { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
134 { "tisauthentication", oChallengeResponseAuthentication }, /* alias */
135 { "kerberosauthentication", oUnsupported },
136 { "kerberostgtpassing", oUnsupported },
137 { "afstokenpassing", oUnsupported },
139 { "gssapiauthentication", oGssAuthentication },
140 { "gssapidelegatecredentials", oGssDelegateCreds },
142 { "gssapiauthentication", oUnsupported },
143 { "gssapidelegatecredentials", oUnsupported },
145 { "fallbacktorsh", oDeprecated },
146 { "usersh", oDeprecated },
147 { "identityfile", oIdentityFile },
148 { "identityfile2", oIdentityFile }, /* alias */
149 { "hostname", oHostName },
150 { "hostkeyalias", oHostKeyAlias },
151 { "proxycommand", oProxyCommand },
153 { "cipher", oCipher },
154 { "ciphers", oCiphers },
156 { "protocol", oProtocol },
157 { "remoteforward", oRemoteForward },
158 { "localforward", oLocalForward },
161 { "escapechar", oEscapeChar },
162 { "globalknownhostsfile", oGlobalKnownHostsFile },
163 { "userknownhostsfile", oUserKnownHostsFile }, /* obsolete */
164 { "globalknownhostsfile2", oGlobalKnownHostsFile2 },
165 { "userknownhostsfile2", oUserKnownHostsFile2 }, /* obsolete */
166 { "connectionattempts", oConnectionAttempts },
167 { "batchmode", oBatchMode },
168 { "checkhostip", oCheckHostIP },
169 { "stricthostkeychecking", oStrictHostKeyChecking },
170 { "compression", oCompression },
171 { "compressionlevel", oCompressionLevel },
172 { "keepalive", oKeepAlives },
173 { "numberofpasswordprompts", oNumberOfPasswordPrompts },
174 { "loglevel", oLogLevel },
175 { "dynamicforward", oDynamicForward },
176 { "preferredauthentications", oPreferredAuthentications },
177 { "hostkeyalgorithms", oHostKeyAlgorithms },
178 { "bindaddress", oBindAddress },
180 { "smartcarddevice", oSmartcardDevice },
182 { "smartcarddevice", oUnsupported },
184 { "clearallforwardings", oClearAllForwardings },
185 { "enablesshkeysign", oEnableSSHKeysign },
187 { "verifyhostkeydns", oVerifyHostKeyDNS },
189 { "verifyhostkeydns", oUnsupported },
191 { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
192 { "rekeylimit", oRekeyLimit },
193 { "connecttimeout", oConnectTimeout },
194 { "addressfamily", oAddressFamily },
199 * Adds a local TCP/IP port forward to options. Never returns if there is an
204 add_local_forward(Options *options, u_short port, const char *host,
208 #ifndef NO_IPPORT_RESERVED_CONCEPT
209 extern uid_t original_real_uid;
210 if (port < IPPORT_RESERVED && original_real_uid != 0)
211 fatal("Privileged ports can only be forwarded by root.");
213 if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
214 fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
215 fwd = &options->local_forwards[options->num_local_forwards++];
217 fwd->host = xstrdup(host);
218 fwd->host_port = host_port;
222 * Adds a remote TCP/IP port forward to options. Never returns if there is
227 add_remote_forward(Options *options, u_short port, const char *host,
231 if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
232 fatal("Too many remote forwards (max %d).",
233 SSH_MAX_FORWARDS_PER_DIRECTION);
234 fwd = &options->remote_forwards[options->num_remote_forwards++];
236 fwd->host = xstrdup(host);
237 fwd->host_port = host_port;
241 clear_forwardings(Options *options)
245 for (i = 0; i < options->num_local_forwards; i++)
246 xfree(options->local_forwards[i].host);
247 options->num_local_forwards = 0;
248 for (i = 0; i < options->num_remote_forwards; i++)
249 xfree(options->remote_forwards[i].host);
250 options->num_remote_forwards = 0;
254 * Returns the number of the token pointed to by cp or oBadOption.
258 parse_token(const char *cp, const char *filename, int linenum)
262 for (i = 0; keywords[i].name; i++)
263 if (strcasecmp(cp, keywords[i].name) == 0)
264 return keywords[i].opcode;
266 error("%s: line %d: Bad configuration option: %s",
267 filename, linenum, cp);
272 * Processes a single option line as used in the configuration files. This
273 * only sets those values that have not already been set.
275 #define WHITESPACE " \t\r\n"
278 process_config_line(Options *options, const char *host,
279 char *line, const char *filename, int linenum,
282 char buf[256], *s, **charptr, *endofnumber, *keyword, *arg;
283 int opcode, *intptr, value;
285 u_short fwd_port, fwd_host_port;
286 char sfwd_host_port[6];
288 /* Strip trailing whitespace */
289 for(len = strlen(line) - 1; len > 0; len--) {
290 if (strchr(WHITESPACE, line[len]) == NULL)
296 /* Get the keyword. (Each line is supposed to begin with a keyword). */
297 keyword = strdelim(&s);
298 /* Ignore leading whitespace. */
299 if (*keyword == '\0')
300 keyword = strdelim(&s);
301 if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
304 opcode = parse_token(keyword, filename, linenum);
308 /* don't panic, but count bad options */
311 case oConnectTimeout:
312 intptr = &options->connection_timeout;
315 if (!arg || *arg == '\0')
316 fatal("%s line %d: missing time value.",
318 if ((value = convtime(arg)) == -1)
319 fatal("%s line %d: invalid time value.",
326 intptr = &options->forward_agent;
329 if (!arg || *arg == '\0')
330 fatal("%.200s line %d: Missing yes/no argument.", filename, linenum);
331 value = 0; /* To avoid compiler warning... */
332 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
334 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
337 fatal("%.200s line %d: Bad yes/no argument.", filename, linenum);
338 if (*activep && *intptr == -1)
343 intptr = &options->forward_x11;
346 case oForwardX11Trusted:
347 intptr = &options->forward_x11_trusted;
351 intptr = &options->gateway_ports;
354 case oUsePrivilegedPort:
355 intptr = &options->use_privileged_port;
358 case oPasswordAuthentication:
359 intptr = &options->password_authentication;
362 case oKbdInteractiveAuthentication:
363 intptr = &options->kbd_interactive_authentication;
366 case oKbdInteractiveDevices:
367 charptr = &options->kbd_interactive_devices;
370 case oPubkeyAuthentication:
371 intptr = &options->pubkey_authentication;
374 case oRSAAuthentication:
375 intptr = &options->rsa_authentication;
378 case oRhostsRSAAuthentication:
379 intptr = &options->rhosts_rsa_authentication;
382 case oHostbasedAuthentication:
383 intptr = &options->hostbased_authentication;
386 case oChallengeResponseAuthentication:
387 intptr = &options->challenge_response_authentication;
390 case oGssAuthentication:
391 intptr = &options->gss_authentication;
394 case oGssDelegateCreds:
395 intptr = &options->gss_deleg_creds;
399 intptr = &options->batch_mode;
403 intptr = &options->check_host_ip;
406 case oVerifyHostKeyDNS:
407 intptr = &options->verify_host_key_dns;
410 case oStrictHostKeyChecking:
411 intptr = &options->strict_host_key_checking;
413 if (!arg || *arg == '\0')
414 fatal("%.200s line %d: Missing yes/no/ask argument.",
416 value = 0; /* To avoid compiler warning... */
417 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
419 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
421 else if (strcmp(arg, "ask") == 0)
424 fatal("%.200s line %d: Bad yes/no/ask argument.", filename, linenum);
425 if (*activep && *intptr == -1)
430 intptr = &options->compression;
434 intptr = &options->keepalives;
437 case oNoHostAuthenticationForLocalhost:
438 intptr = &options->no_host_authentication_for_localhost;
441 case oNumberOfPasswordPrompts:
442 intptr = &options->number_of_password_prompts;
445 case oCompressionLevel:
446 intptr = &options->compression_level;
450 intptr = &options->rekey_limit;
452 if (!arg || *arg == '\0')
453 fatal("%.200s line %d: Missing argument.", filename, linenum);
454 if (arg[0] < '0' || arg[0] > '9')
455 fatal("%.200s line %d: Bad number.", filename, linenum);
456 value = strtol(arg, &endofnumber, 10);
457 if (arg == endofnumber)
458 fatal("%.200s line %d: Bad number.", filename, linenum);
459 switch (toupper(*endofnumber)) {
470 if (*activep && *intptr == -1)
476 if (!arg || *arg == '\0')
477 fatal("%.200s line %d: Missing argument.", filename, linenum);
479 intptr = &options->num_identity_files;
480 if (*intptr >= SSH_MAX_IDENTITY_FILES)
481 fatal("%.200s line %d: Too many identity files specified (max %d).",
482 filename, linenum, SSH_MAX_IDENTITY_FILES);
483 charptr = &options->identity_files[*intptr];
484 *charptr = xstrdup(arg);
485 *intptr = *intptr + 1;
490 charptr=&options->xauth_location;
494 charptr = &options->user;
497 if (!arg || *arg == '\0')
498 fatal("%.200s line %d: Missing argument.", filename, linenum);
499 if (*activep && *charptr == NULL)
500 *charptr = xstrdup(arg);
503 case oGlobalKnownHostsFile:
504 charptr = &options->system_hostfile;
507 case oUserKnownHostsFile:
508 charptr = &options->user_hostfile;
511 case oGlobalKnownHostsFile2:
512 charptr = &options->system_hostfile2;
515 case oUserKnownHostsFile2:
516 charptr = &options->user_hostfile2;
520 charptr = &options->hostname;
524 charptr = &options->host_key_alias;
527 case oPreferredAuthentications:
528 charptr = &options->preferred_authentications;
532 charptr = &options->bind_address;
535 case oSmartcardDevice:
536 charptr = &options->smartcard_device;
541 fatal("%.200s line %d: Missing argument.", filename, linenum);
542 charptr = &options->proxy_command;
543 len = strspn(s, WHITESPACE "=");
544 if (*activep && *charptr == NULL)
545 *charptr = xstrdup(s + len);
549 intptr = &options->port;
552 if (!arg || *arg == '\0')
553 fatal("%.200s line %d: Missing argument.", filename, linenum);
554 if (arg[0] < '0' || arg[0] > '9')
555 fatal("%.200s line %d: Bad number.", filename, linenum);
557 /* Octal, decimal, or hex format? */
558 value = strtol(arg, &endofnumber, 0);
559 if (arg == endofnumber)
560 fatal("%.200s line %d: Bad number.", filename, linenum);
561 if (*activep && *intptr == -1)
565 case oConnectionAttempts:
566 intptr = &options->connection_attempts;
570 intptr = &options->cipher;
572 if (!arg || *arg == '\0')
573 fatal("%.200s line %d: Missing argument.", filename, linenum);
574 value = cipher_number(arg);
576 fatal("%.200s line %d: Bad cipher '%s'.",
577 filename, linenum, arg ? arg : "<NONE>");
578 if (*activep && *intptr == -1)
584 if (!arg || *arg == '\0')
585 fatal("%.200s line %d: Missing argument.", filename, linenum);
586 if (!ciphers_valid(arg))
587 fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
588 filename, linenum, arg ? arg : "<NONE>");
589 if (*activep && options->ciphers == NULL)
590 options->ciphers = xstrdup(arg);
595 if (!arg || *arg == '\0')
596 fatal("%.200s line %d: Missing argument.", filename, linenum);
598 fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
599 filename, linenum, arg ? arg : "<NONE>");
600 if (*activep && options->macs == NULL)
601 options->macs = xstrdup(arg);
604 case oHostKeyAlgorithms:
606 if (!arg || *arg == '\0')
607 fatal("%.200s line %d: Missing argument.", filename, linenum);
608 if (!key_names_valid2(arg))
609 fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.",
610 filename, linenum, arg ? arg : "<NONE>");
611 if (*activep && options->hostkeyalgorithms == NULL)
612 options->hostkeyalgorithms = xstrdup(arg);
616 intptr = &options->protocol;
618 if (!arg || *arg == '\0')
619 fatal("%.200s line %d: Missing argument.", filename, linenum);
620 value = proto_spec(arg);
621 if (value == SSH_PROTO_UNKNOWN)
622 fatal("%.200s line %d: Bad protocol spec '%s'.",
623 filename, linenum, arg ? arg : "<NONE>");
624 if (*activep && *intptr == SSH_PROTO_UNKNOWN)
629 intptr = (int *) &options->log_level;
631 value = log_level_number(arg);
632 if (value == SYSLOG_LEVEL_NOT_SET)
633 fatal("%.200s line %d: unsupported log level '%s'",
634 filename, linenum, arg ? arg : "<NONE>");
635 if (*activep && (LogLevel) *intptr == SYSLOG_LEVEL_NOT_SET)
636 *intptr = (LogLevel) value;
642 if (!arg || *arg == '\0')
643 fatal("%.200s line %d: Missing port argument.",
645 if ((fwd_port = a2port(arg)) == 0)
646 fatal("%.200s line %d: Bad listen port.",
649 if (!arg || *arg == '\0')
650 fatal("%.200s line %d: Missing second argument.",
652 if (sscanf(arg, "%255[^:]:%5[0-9]", buf, sfwd_host_port) != 2 &&
653 sscanf(arg, "%255[^/]/%5[0-9]", buf, sfwd_host_port) != 2)
654 fatal("%.200s line %d: Bad forwarding specification.",
656 if ((fwd_host_port = a2port(sfwd_host_port)) == 0)
657 fatal("%.200s line %d: Bad forwarding port.",
660 if (opcode == oLocalForward)
661 add_local_forward(options, fwd_port, buf,
663 else if (opcode == oRemoteForward)
664 add_remote_forward(options, fwd_port, buf,
669 case oDynamicForward:
671 if (!arg || *arg == '\0')
672 fatal("%.200s line %d: Missing port argument.",
674 fwd_port = a2port(arg);
676 fatal("%.200s line %d: Badly formatted port number.",
679 add_local_forward(options, fwd_port, "socks", 0);
682 case oClearAllForwardings:
683 intptr = &options->clear_forwardings;
688 while ((arg = strdelim(&s)) != NULL && *arg != '\0')
689 if (match_pattern(host, arg)) {
690 debug("Applying options for %.100s", arg);
694 /* Avoid garbage check below, as strdelim is done. */
698 intptr = &options->escape_char;
700 if (!arg || *arg == '\0')
701 fatal("%.200s line %d: Missing argument.", filename, linenum);
702 if (arg[0] == '^' && arg[2] == 0 &&
703 (u_char) arg[1] >= 64 && (u_char) arg[1] < 128)
704 value = (u_char) arg[1] & 31;
705 else if (strlen(arg) == 1)
706 value = (u_char) arg[0];
707 else if (strcmp(arg, "none") == 0)
708 value = SSH_ESCAPECHAR_NONE;
710 fatal("%.200s line %d: Bad escape character.",
713 value = 0; /* Avoid compiler warning. */
715 if (*activep && *intptr == -1)
721 intptr = &options->address_family;
722 if (strcasecmp(arg, "inet") == 0)
724 else if (strcasecmp(arg, "inet6") == 0)
726 else if (strcasecmp(arg, "any") == 0)
729 fatal("Unsupported AddressFamily \"%s\"", arg);
730 if (*activep && *intptr == -1)
734 case oEnableSSHKeysign:
735 intptr = &options->enable_ssh_keysign;
739 debug("%s line %d: Deprecated option \"%s\"",
740 filename, linenum, keyword);
744 error("%s line %d: Unsupported option \"%s\"",
745 filename, linenum, keyword);
749 fatal("process_config_line: Unimplemented opcode %d", opcode);
752 /* Check that there is no garbage at end of line. */
753 if ((arg = strdelim(&s)) != NULL && *arg != '\0') {
754 fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
755 filename, linenum, arg);
762 * Reads the config file and modifies the options accordingly. Options
763 * should already be initialized before this call. This never returns if
764 * there is an error. If the file does not exist, this returns 0.
768 read_config_file(const char *filename, const char *host, Options *options)
776 f = fopen(filename, "r");
780 debug("Reading configuration data %.200s", filename);
783 * Mark that we are now processing the options. This flag is turned
784 * on/off by Host specifications.
788 while (fgets(line, sizeof(line), f)) {
789 /* Update line number counter. */
791 if (process_config_line(options, host, line, filename, linenum, &active) != 0)
796 fatal("%s: terminating, %d bad configuration options",
797 filename, bad_options);
802 * Initializes options to special values that indicate that they have not yet
803 * been set. Read_config_file will only set options with this value. Options
804 * are processed in the following order: command line, user config file,
805 * system config file. Last, fill_default_options is called.
809 initialize_options(Options * options)
811 memset(options, 'X', sizeof(*options));
812 options->forward_agent = -1;
813 options->forward_x11 = -1;
814 options->forward_x11_trusted = -1;
815 options->xauth_location = NULL;
816 options->gateway_ports = -1;
817 options->use_privileged_port = -1;
818 options->rsa_authentication = -1;
819 options->pubkey_authentication = -1;
820 options->challenge_response_authentication = -1;
821 options->gss_authentication = -1;
822 options->gss_deleg_creds = -1;
823 options->password_authentication = -1;
824 options->kbd_interactive_authentication = -1;
825 options->kbd_interactive_devices = NULL;
826 options->rhosts_rsa_authentication = -1;
827 options->hostbased_authentication = -1;
828 options->batch_mode = -1;
829 options->check_host_ip = -1;
830 options->strict_host_key_checking = -1;
831 options->compression = -1;
832 options->keepalives = -1;
833 options->compression_level = -1;
835 options->address_family = -1;
836 options->connection_attempts = -1;
837 options->connection_timeout = -1;
838 options->number_of_password_prompts = -1;
839 options->cipher = -1;
840 options->ciphers = NULL;
841 options->macs = NULL;
842 options->hostkeyalgorithms = NULL;
843 options->protocol = SSH_PROTO_UNKNOWN;
844 options->num_identity_files = 0;
845 options->hostname = NULL;
846 options->host_key_alias = NULL;
847 options->proxy_command = NULL;
848 options->user = NULL;
849 options->escape_char = -1;
850 options->system_hostfile = NULL;
851 options->user_hostfile = NULL;
852 options->system_hostfile2 = NULL;
853 options->user_hostfile2 = NULL;
854 options->num_local_forwards = 0;
855 options->num_remote_forwards = 0;
856 options->clear_forwardings = -1;
857 options->log_level = SYSLOG_LEVEL_NOT_SET;
858 options->preferred_authentications = NULL;
859 options->bind_address = NULL;
860 options->smartcard_device = NULL;
861 options->enable_ssh_keysign = - 1;
862 options->no_host_authentication_for_localhost = - 1;
863 options->rekey_limit = - 1;
864 options->verify_host_key_dns = -1;
868 * Called after processing other sources of option data, this fills those
869 * options for which no value has been specified with their default values.
873 fill_default_options(Options * options)
877 if (options->forward_agent == -1)
878 options->forward_agent = 0;
879 if (options->forward_x11 == -1)
880 options->forward_x11 = 0;
881 if (options->forward_x11_trusted == -1)
882 options->forward_x11_trusted = 0;
883 if (options->xauth_location == NULL)
884 options->xauth_location = _PATH_XAUTH;
885 if (options->gateway_ports == -1)
886 options->gateway_ports = 0;
887 if (options->use_privileged_port == -1)
888 options->use_privileged_port = 0;
889 if (options->rsa_authentication == -1)
890 options->rsa_authentication = 1;
891 if (options->pubkey_authentication == -1)
892 options->pubkey_authentication = 1;
893 if (options->challenge_response_authentication == -1)
894 options->challenge_response_authentication = 1;
895 if (options->gss_authentication == -1)
896 options->gss_authentication = 0;
897 if (options->gss_deleg_creds == -1)
898 options->gss_deleg_creds = 0;
899 if (options->password_authentication == -1)
900 options->password_authentication = 1;
901 if (options->kbd_interactive_authentication == -1)
902 options->kbd_interactive_authentication = 1;
903 if (options->rhosts_rsa_authentication == -1)
904 options->rhosts_rsa_authentication = 0;
905 if (options->hostbased_authentication == -1)
906 options->hostbased_authentication = 0;
907 if (options->batch_mode == -1)
908 options->batch_mode = 0;
909 if (options->check_host_ip == -1)
910 options->check_host_ip = 1;
911 if (options->strict_host_key_checking == -1)
912 options->strict_host_key_checking = 2; /* 2 is default */
913 if (options->compression == -1)
914 options->compression = 0;
915 if (options->keepalives == -1)
916 options->keepalives = 1;
917 if (options->compression_level == -1)
918 options->compression_level = 6;
919 if (options->port == -1)
920 options->port = 0; /* Filled in ssh_connect. */
921 if (options->address_family == -1)
922 options->address_family = AF_UNSPEC;
923 if (options->connection_attempts == -1)
924 options->connection_attempts = 1;
925 if (options->number_of_password_prompts == -1)
926 options->number_of_password_prompts = 3;
927 /* Selected in ssh_login(). */
928 if (options->cipher == -1)
929 options->cipher = SSH_CIPHER_NOT_SET;
930 /* options->ciphers, default set in myproposals.h */
931 /* options->macs, default set in myproposals.h */
932 /* options->hostkeyalgorithms, default set in myproposals.h */
933 if (options->protocol == SSH_PROTO_UNKNOWN)
934 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
935 if (options->num_identity_files == 0) {
936 if (options->protocol & SSH_PROTO_1) {
937 len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;
938 options->identity_files[options->num_identity_files] =
940 snprintf(options->identity_files[options->num_identity_files++],
941 len, "~/%.100s", _PATH_SSH_CLIENT_IDENTITY);
943 if (options->protocol & SSH_PROTO_2) {
944 len = 2 + strlen(_PATH_SSH_CLIENT_ID_RSA) + 1;
945 options->identity_files[options->num_identity_files] =
947 snprintf(options->identity_files[options->num_identity_files++],
948 len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA);
950 len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1;
951 options->identity_files[options->num_identity_files] =
953 snprintf(options->identity_files[options->num_identity_files++],
954 len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
957 if (options->escape_char == -1)
958 options->escape_char = '~';
959 if (options->system_hostfile == NULL)
960 options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE;
961 if (options->user_hostfile == NULL)
962 options->user_hostfile = _PATH_SSH_USER_HOSTFILE;
963 if (options->system_hostfile2 == NULL)
964 options->system_hostfile2 = _PATH_SSH_SYSTEM_HOSTFILE2;
965 if (options->user_hostfile2 == NULL)
966 options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2;
967 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
968 options->log_level = SYSLOG_LEVEL_INFO;
969 if (options->clear_forwardings == 1)
970 clear_forwardings(options);
971 if (options->no_host_authentication_for_localhost == - 1)
972 options->no_host_authentication_for_localhost = 0;
973 if (options->enable_ssh_keysign == -1)
974 options->enable_ssh_keysign = 0;
975 if (options->rekey_limit == -1)
976 options->rekey_limit = 0;
977 if (options->verify_host_key_dns == -1)
978 options->verify_host_key_dns = 0;
979 /* options->proxy_command should not be set by default */
980 /* options->user will be set in the main program if appropriate */
981 /* options->hostname will be set in the main program if appropriate */
982 /* options->host_key_alias should not be set by default */
983 /* options->preferred_authentications will be set in ssh */