2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * Functions for reading the configuration files.
7 * As far as I am concerned, the code I have written for this software
8 * can be used freely for any purpose. Any derived versions of this
9 * software must be clearly marked as such, and if the derived work is
10 * incompatible with the protocol description in the RFC file, it must be
11 * called by a name other than "ssh" or "Secure Shell".
15 RCSID("$OpenBSD: readconf.c,v 1.120 2003/09/01 12:50:46 markus Exp $");
21 #include "pathnames.h"
29 /* Format of the configuration file:
31 # Configuration data is parsed as follows:
32 # 1. command line options
33 # 2. user-specific file
35 # Any configuration value is only changed the first time it is set.
36 # Thus, host-specific definitions should be at the beginning of the
37 # configuration file, and defaults at the end.
39 # Host-specific declarations. These may override anything above. A single
40 # host may match multiple declarations; these are processed in the order
41 # that they are given in.
47 HostName another.host.name.real.org
54 RemoteForward 9999 shadows.cs.hut.fi:9999
60 PasswordAuthentication no
64 ProxyCommand ssh-proxy %h %p
67 PublicKeyAuthentication no
71 PasswordAuthentication no
73 # Defaults for various options
77 PasswordAuthentication yes
79 RhostsRSAAuthentication yes
80 StrictHostKeyChecking yes
82 IdentityFile ~/.ssh/identity
92 oForwardAgent, oForwardX11, oGatewayPorts,
93 oPasswordAuthentication, oRSAAuthentication,
94 oChallengeResponseAuthentication, oXAuthLocation,
95 oKerberosAuthentication, oKerberosTgtPassing,
96 oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
97 oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
98 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
99 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
100 oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts,
101 oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
102 oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
103 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
104 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
105 oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
106 oClearAllForwardings, oNoHostAuthenticationForLocalhost,
107 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
108 oAddressFamily, oGssAuthentication, oGssDelegateCreds,
109 oDeprecated, oUnsupported
112 /* Textual representations of the tokens. */
118 { "forwardagent", oForwardAgent },
119 { "forwardx11", oForwardX11 },
120 { "xauthlocation", oXAuthLocation },
121 { "gatewayports", oGatewayPorts },
122 { "useprivilegedport", oUsePrivilegedPort },
123 { "rhostsauthentication", oDeprecated },
124 { "passwordauthentication", oPasswordAuthentication },
125 { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
126 { "kbdinteractivedevices", oKbdInteractiveDevices },
127 { "rsaauthentication", oRSAAuthentication },
128 { "pubkeyauthentication", oPubkeyAuthentication },
129 { "dsaauthentication", oPubkeyAuthentication }, /* alias */
130 { "rhostsrsaauthentication", oRhostsRSAAuthentication },
131 { "hostbasedauthentication", oHostbasedAuthentication },
132 { "challengeresponseauthentication", oChallengeResponseAuthentication },
133 { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
134 { "tisauthentication", oChallengeResponseAuthentication }, /* alias */
135 { "kerberosauthentication", oUnsupported },
136 { "kerberostgtpassing", oUnsupported },
137 { "afstokenpassing", oUnsupported },
139 { "gssapiauthentication", oGssAuthentication },
140 { "gssapidelegatecredentials", oGssDelegateCreds },
142 { "gssapiauthentication", oUnsupported },
143 { "gssapidelegatecredentials", oUnsupported },
145 { "fallbacktorsh", oDeprecated },
146 { "usersh", oDeprecated },
147 { "identityfile", oIdentityFile },
148 { "identityfile2", oIdentityFile }, /* alias */
149 { "hostname", oHostName },
150 { "hostkeyalias", oHostKeyAlias },
151 { "proxycommand", oProxyCommand },
153 { "cipher", oCipher },
154 { "ciphers", oCiphers },
156 { "protocol", oProtocol },
157 { "remoteforward", oRemoteForward },
158 { "localforward", oLocalForward },
161 { "escapechar", oEscapeChar },
162 { "globalknownhostsfile", oGlobalKnownHostsFile },
163 { "userknownhostsfile", oUserKnownHostsFile }, /* obsolete */
164 { "globalknownhostsfile2", oGlobalKnownHostsFile2 },
165 { "userknownhostsfile2", oUserKnownHostsFile2 }, /* obsolete */
166 { "connectionattempts", oConnectionAttempts },
167 { "batchmode", oBatchMode },
168 { "checkhostip", oCheckHostIP },
169 { "stricthostkeychecking", oStrictHostKeyChecking },
170 { "compression", oCompression },
171 { "compressionlevel", oCompressionLevel },
172 { "keepalive", oKeepAlives },
173 { "numberofpasswordprompts", oNumberOfPasswordPrompts },
174 { "loglevel", oLogLevel },
175 { "dynamicforward", oDynamicForward },
176 { "preferredauthentications", oPreferredAuthentications },
177 { "hostkeyalgorithms", oHostKeyAlgorithms },
178 { "bindaddress", oBindAddress },
180 { "smartcarddevice", oSmartcardDevice },
182 { "smartcarddevice", oUnsupported },
184 { "clearallforwardings", oClearAllForwardings },
185 { "enablesshkeysign", oEnableSSHKeysign },
187 { "verifyhostkeydns", oVerifyHostKeyDNS },
189 { "verifyhostkeydns", oUnsupported },
191 { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
192 { "rekeylimit", oRekeyLimit },
193 { "connecttimeout", oConnectTimeout },
194 { "addressfamily", oAddressFamily },
199 * Adds a local TCP/IP port forward to options. Never returns if there is an
204 add_local_forward(Options *options, u_short port, const char *host,
208 #ifndef NO_IPPORT_RESERVED_CONCEPT
209 extern uid_t original_real_uid;
210 if (port < IPPORT_RESERVED && original_real_uid != 0)
211 fatal("Privileged ports can only be forwarded by root.");
213 if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
214 fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
215 fwd = &options->local_forwards[options->num_local_forwards++];
217 fwd->host = xstrdup(host);
218 fwd->host_port = host_port;
222 * Adds a remote TCP/IP port forward to options. Never returns if there is
227 add_remote_forward(Options *options, u_short port, const char *host,
231 if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
232 fatal("Too many remote forwards (max %d).",
233 SSH_MAX_FORWARDS_PER_DIRECTION);
234 fwd = &options->remote_forwards[options->num_remote_forwards++];
236 fwd->host = xstrdup(host);
237 fwd->host_port = host_port;
241 clear_forwardings(Options *options)
245 for (i = 0; i < options->num_local_forwards; i++)
246 xfree(options->local_forwards[i].host);
247 options->num_local_forwards = 0;
248 for (i = 0; i < options->num_remote_forwards; i++)
249 xfree(options->remote_forwards[i].host);
250 options->num_remote_forwards = 0;
254 * Returns the number of the token pointed to by cp or oBadOption.
258 parse_token(const char *cp, const char *filename, int linenum)
262 for (i = 0; keywords[i].name; i++)
263 if (strcasecmp(cp, keywords[i].name) == 0)
264 return keywords[i].opcode;
266 error("%s: line %d: Bad configuration option: %s",
267 filename, linenum, cp);
272 * Processes a single option line as used in the configuration files. This
273 * only sets those values that have not already been set.
275 #define WHITESPACE " \t\r\n"
278 process_config_line(Options *options, const char *host,
279 char *line, const char *filename, int linenum,
282 char buf[256], *s, **charptr, *endofnumber, *keyword, *arg;
283 int opcode, *intptr, value;
285 u_short fwd_port, fwd_host_port;
286 char sfwd_host_port[6];
288 /* Strip trailing whitespace */
289 for(len = strlen(line) - 1; len > 0; len--) {
290 if (strchr(WHITESPACE, line[len]) == NULL)
296 /* Get the keyword. (Each line is supposed to begin with a keyword). */
297 keyword = strdelim(&s);
298 /* Ignore leading whitespace. */
299 if (*keyword == '\0')
300 keyword = strdelim(&s);
301 if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
304 opcode = parse_token(keyword, filename, linenum);
308 /* don't panic, but count bad options */
311 case oConnectTimeout:
312 intptr = &options->connection_timeout;
315 if (!arg || *arg == '\0')
316 fatal("%s line %d: missing time value.",
318 if ((value = convtime(arg)) == -1)
319 fatal("%s line %d: invalid time value.",
326 intptr = &options->forward_agent;
329 if (!arg || *arg == '\0')
330 fatal("%.200s line %d: Missing yes/no argument.", filename, linenum);
331 value = 0; /* To avoid compiler warning... */
332 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
334 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
337 fatal("%.200s line %d: Bad yes/no argument.", filename, linenum);
338 if (*activep && *intptr == -1)
343 intptr = &options->forward_x11;
347 intptr = &options->gateway_ports;
350 case oUsePrivilegedPort:
351 intptr = &options->use_privileged_port;
354 case oPasswordAuthentication:
355 intptr = &options->password_authentication;
358 case oKbdInteractiveAuthentication:
359 intptr = &options->kbd_interactive_authentication;
362 case oKbdInteractiveDevices:
363 charptr = &options->kbd_interactive_devices;
366 case oPubkeyAuthentication:
367 intptr = &options->pubkey_authentication;
370 case oRSAAuthentication:
371 intptr = &options->rsa_authentication;
374 case oRhostsRSAAuthentication:
375 intptr = &options->rhosts_rsa_authentication;
378 case oHostbasedAuthentication:
379 intptr = &options->hostbased_authentication;
382 case oChallengeResponseAuthentication:
383 intptr = &options->challenge_response_authentication;
386 case oKerberosAuthentication:
387 intptr = &options->kerberos_authentication;
390 case oKerberosTgtPassing:
391 intptr = &options->kerberos_tgt_passing;
394 case oGssAuthentication:
395 intptr = &options->gss_authentication;
398 case oGssDelegateCreds:
399 intptr = &options->gss_deleg_creds;
403 intptr = &options->batch_mode;
407 intptr = &options->check_host_ip;
410 case oVerifyHostKeyDNS:
411 intptr = &options->verify_host_key_dns;
414 case oStrictHostKeyChecking:
415 intptr = &options->strict_host_key_checking;
417 if (!arg || *arg == '\0')
418 fatal("%.200s line %d: Missing yes/no/ask argument.",
420 value = 0; /* To avoid compiler warning... */
421 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
423 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
425 else if (strcmp(arg, "ask") == 0)
428 fatal("%.200s line %d: Bad yes/no/ask argument.", filename, linenum);
429 if (*activep && *intptr == -1)
434 intptr = &options->compression;
438 intptr = &options->keepalives;
441 case oNoHostAuthenticationForLocalhost:
442 intptr = &options->no_host_authentication_for_localhost;
445 case oNumberOfPasswordPrompts:
446 intptr = &options->number_of_password_prompts;
449 case oCompressionLevel:
450 intptr = &options->compression_level;
454 intptr = &options->rekey_limit;
456 if (!arg || *arg == '\0')
457 fatal("%.200s line %d: Missing argument.", filename, linenum);
458 if (arg[0] < '0' || arg[0] > '9')
459 fatal("%.200s line %d: Bad number.", filename, linenum);
460 value = strtol(arg, &endofnumber, 10);
461 if (arg == endofnumber)
462 fatal("%.200s line %d: Bad number.", filename, linenum);
463 switch (toupper(*endofnumber)) {
474 if (*activep && *intptr == -1)
480 if (!arg || *arg == '\0')
481 fatal("%.200s line %d: Missing argument.", filename, linenum);
483 intptr = &options->num_identity_files;
484 if (*intptr >= SSH_MAX_IDENTITY_FILES)
485 fatal("%.200s line %d: Too many identity files specified (max %d).",
486 filename, linenum, SSH_MAX_IDENTITY_FILES);
487 charptr = &options->identity_files[*intptr];
488 *charptr = xstrdup(arg);
489 *intptr = *intptr + 1;
494 charptr=&options->xauth_location;
498 charptr = &options->user;
501 if (!arg || *arg == '\0')
502 fatal("%.200s line %d: Missing argument.", filename, linenum);
503 if (*activep && *charptr == NULL)
504 *charptr = xstrdup(arg);
507 case oGlobalKnownHostsFile:
508 charptr = &options->system_hostfile;
511 case oUserKnownHostsFile:
512 charptr = &options->user_hostfile;
515 case oGlobalKnownHostsFile2:
516 charptr = &options->system_hostfile2;
519 case oUserKnownHostsFile2:
520 charptr = &options->user_hostfile2;
524 charptr = &options->hostname;
528 charptr = &options->host_key_alias;
531 case oPreferredAuthentications:
532 charptr = &options->preferred_authentications;
536 charptr = &options->bind_address;
539 case oSmartcardDevice:
540 charptr = &options->smartcard_device;
545 fatal("%.200s line %d: Missing argument.", filename, linenum);
546 charptr = &options->proxy_command;
547 len = strspn(s, WHITESPACE "=");
548 if (*activep && *charptr == NULL)
549 *charptr = xstrdup(s + len);
553 intptr = &options->port;
556 if (!arg || *arg == '\0')
557 fatal("%.200s line %d: Missing argument.", filename, linenum);
558 if (arg[0] < '0' || arg[0] > '9')
559 fatal("%.200s line %d: Bad number.", filename, linenum);
561 /* Octal, decimal, or hex format? */
562 value = strtol(arg, &endofnumber, 0);
563 if (arg == endofnumber)
564 fatal("%.200s line %d: Bad number.", filename, linenum);
565 if (*activep && *intptr == -1)
569 case oConnectionAttempts:
570 intptr = &options->connection_attempts;
574 intptr = &options->cipher;
576 if (!arg || *arg == '\0')
577 fatal("%.200s line %d: Missing argument.", filename, linenum);
578 value = cipher_number(arg);
580 fatal("%.200s line %d: Bad cipher '%s'.",
581 filename, linenum, arg ? arg : "<NONE>");
582 if (*activep && *intptr == -1)
588 if (!arg || *arg == '\0')
589 fatal("%.200s line %d: Missing argument.", filename, linenum);
590 if (!ciphers_valid(arg))
591 fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
592 filename, linenum, arg ? arg : "<NONE>");
593 if (*activep && options->ciphers == NULL)
594 options->ciphers = xstrdup(arg);
599 if (!arg || *arg == '\0')
600 fatal("%.200s line %d: Missing argument.", filename, linenum);
602 fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
603 filename, linenum, arg ? arg : "<NONE>");
604 if (*activep && options->macs == NULL)
605 options->macs = xstrdup(arg);
608 case oHostKeyAlgorithms:
610 if (!arg || *arg == '\0')
611 fatal("%.200s line %d: Missing argument.", filename, linenum);
612 if (!key_names_valid2(arg))
613 fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.",
614 filename, linenum, arg ? arg : "<NONE>");
615 if (*activep && options->hostkeyalgorithms == NULL)
616 options->hostkeyalgorithms = xstrdup(arg);
620 intptr = &options->protocol;
622 if (!arg || *arg == '\0')
623 fatal("%.200s line %d: Missing argument.", filename, linenum);
624 value = proto_spec(arg);
625 if (value == SSH_PROTO_UNKNOWN)
626 fatal("%.200s line %d: Bad protocol spec '%s'.",
627 filename, linenum, arg ? arg : "<NONE>");
628 if (*activep && *intptr == SSH_PROTO_UNKNOWN)
633 intptr = (int *) &options->log_level;
635 value = log_level_number(arg);
636 if (value == SYSLOG_LEVEL_NOT_SET)
637 fatal("%.200s line %d: unsupported log level '%s'",
638 filename, linenum, arg ? arg : "<NONE>");
639 if (*activep && (LogLevel) *intptr == SYSLOG_LEVEL_NOT_SET)
640 *intptr = (LogLevel) value;
646 if (!arg || *arg == '\0')
647 fatal("%.200s line %d: Missing port argument.",
649 if ((fwd_port = a2port(arg)) == 0)
650 fatal("%.200s line %d: Bad listen port.",
653 if (!arg || *arg == '\0')
654 fatal("%.200s line %d: Missing second argument.",
656 if (sscanf(arg, "%255[^:]:%5[0-9]", buf, sfwd_host_port) != 2 &&
657 sscanf(arg, "%255[^/]/%5[0-9]", buf, sfwd_host_port) != 2)
658 fatal("%.200s line %d: Bad forwarding specification.",
660 if ((fwd_host_port = a2port(sfwd_host_port)) == 0)
661 fatal("%.200s line %d: Bad forwarding port.",
664 if (opcode == oLocalForward)
665 add_local_forward(options, fwd_port, buf,
667 else if (opcode == oRemoteForward)
668 add_remote_forward(options, fwd_port, buf,
673 case oDynamicForward:
675 if (!arg || *arg == '\0')
676 fatal("%.200s line %d: Missing port argument.",
678 fwd_port = a2port(arg);
680 fatal("%.200s line %d: Badly formatted port number.",
683 add_local_forward(options, fwd_port, "socks", 0);
686 case oClearAllForwardings:
687 intptr = &options->clear_forwardings;
692 while ((arg = strdelim(&s)) != NULL && *arg != '\0')
693 if (match_pattern(host, arg)) {
694 debug("Applying options for %.100s", arg);
698 /* Avoid garbage check below, as strdelim is done. */
702 intptr = &options->escape_char;
704 if (!arg || *arg == '\0')
705 fatal("%.200s line %d: Missing argument.", filename, linenum);
706 if (arg[0] == '^' && arg[2] == 0 &&
707 (u_char) arg[1] >= 64 && (u_char) arg[1] < 128)
708 value = (u_char) arg[1] & 31;
709 else if (strlen(arg) == 1)
710 value = (u_char) arg[0];
711 else if (strcmp(arg, "none") == 0)
712 value = SSH_ESCAPECHAR_NONE;
714 fatal("%.200s line %d: Bad escape character.",
717 value = 0; /* Avoid compiler warning. */
719 if (*activep && *intptr == -1)
725 intptr = &options->address_family;
726 if (strcasecmp(arg, "inet") == 0)
728 else if (strcasecmp(arg, "inet6") == 0)
730 else if (strcasecmp(arg, "any") == 0)
733 fatal("Unsupported AddressFamily \"%s\"", arg);
734 if (*activep && *intptr == -1)
738 case oEnableSSHKeysign:
739 intptr = &options->enable_ssh_keysign;
743 debug("%s line %d: Deprecated option \"%s\"",
744 filename, linenum, keyword);
748 error("%s line %d: Unsupported option \"%s\"",
749 filename, linenum, keyword);
753 fatal("process_config_line: Unimplemented opcode %d", opcode);
756 /* Check that there is no garbage at end of line. */
757 if ((arg = strdelim(&s)) != NULL && *arg != '\0') {
758 fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
759 filename, linenum, arg);
766 * Reads the config file and modifies the options accordingly. Options
767 * should already be initialized before this call. This never returns if
768 * there is an error. If the file does not exist, this returns 0.
772 read_config_file(const char *filename, const char *host, Options *options)
780 f = fopen(filename, "r");
784 debug("Reading configuration data %.200s", filename);
787 * Mark that we are now processing the options. This flag is turned
788 * on/off by Host specifications.
792 while (fgets(line, sizeof(line), f)) {
793 /* Update line number counter. */
795 if (process_config_line(options, host, line, filename, linenum, &active) != 0)
800 fatal("%s: terminating, %d bad configuration options",
801 filename, bad_options);
806 * Initializes options to special values that indicate that they have not yet
807 * been set. Read_config_file will only set options with this value. Options
808 * are processed in the following order: command line, user config file,
809 * system config file. Last, fill_default_options is called.
813 initialize_options(Options * options)
815 memset(options, 'X', sizeof(*options));
816 options->forward_agent = -1;
817 options->forward_x11 = -1;
818 options->xauth_location = NULL;
819 options->gateway_ports = -1;
820 options->use_privileged_port = -1;
821 options->rsa_authentication = -1;
822 options->pubkey_authentication = -1;
823 options->challenge_response_authentication = -1;
824 options->kerberos_authentication = -1;
825 options->kerberos_tgt_passing = -1;
826 options->gss_authentication = -1;
827 options->gss_deleg_creds = -1;
828 options->password_authentication = -1;
829 options->kbd_interactive_authentication = -1;
830 options->kbd_interactive_devices = NULL;
831 options->rhosts_rsa_authentication = -1;
832 options->hostbased_authentication = -1;
833 options->batch_mode = -1;
834 options->check_host_ip = -1;
835 options->strict_host_key_checking = -1;
836 options->compression = -1;
837 options->keepalives = -1;
838 options->compression_level = -1;
840 options->address_family = -1;
841 options->connection_attempts = -1;
842 options->connection_timeout = -1;
843 options->number_of_password_prompts = -1;
844 options->cipher = -1;
845 options->ciphers = NULL;
846 options->macs = NULL;
847 options->hostkeyalgorithms = NULL;
848 options->protocol = SSH_PROTO_UNKNOWN;
849 options->num_identity_files = 0;
850 options->hostname = NULL;
851 options->host_key_alias = NULL;
852 options->proxy_command = NULL;
853 options->user = NULL;
854 options->escape_char = -1;
855 options->system_hostfile = NULL;
856 options->user_hostfile = NULL;
857 options->system_hostfile2 = NULL;
858 options->user_hostfile2 = NULL;
859 options->num_local_forwards = 0;
860 options->num_remote_forwards = 0;
861 options->clear_forwardings = -1;
862 options->log_level = SYSLOG_LEVEL_NOT_SET;
863 options->preferred_authentications = NULL;
864 options->bind_address = NULL;
865 options->smartcard_device = NULL;
866 options->enable_ssh_keysign = - 1;
867 options->no_host_authentication_for_localhost = - 1;
868 options->rekey_limit = - 1;
869 options->verify_host_key_dns = -1;
873 * Called after processing other sources of option data, this fills those
874 * options for which no value has been specified with their default values.
878 fill_default_options(Options * options)
882 if (options->forward_agent == -1)
883 options->forward_agent = 0;
884 if (options->forward_x11 == -1)
885 options->forward_x11 = 0;
886 if (options->xauth_location == NULL)
887 options->xauth_location = _PATH_XAUTH;
888 if (options->gateway_ports == -1)
889 options->gateway_ports = 0;
890 if (options->use_privileged_port == -1)
891 options->use_privileged_port = 0;
892 if (options->rsa_authentication == -1)
893 options->rsa_authentication = 1;
894 if (options->pubkey_authentication == -1)
895 options->pubkey_authentication = 1;
896 if (options->challenge_response_authentication == -1)
897 options->challenge_response_authentication = 1;
898 if (options->kerberos_authentication == -1)
899 options->kerberos_authentication = 1;
900 if (options->kerberos_tgt_passing == -1)
901 options->kerberos_tgt_passing = 1;
902 if (options->gss_authentication == -1)
903 options->gss_authentication = 1;
904 if (options->gss_deleg_creds == -1)
905 options->gss_deleg_creds = 0;
906 if (options->password_authentication == -1)
907 options->password_authentication = 1;
908 if (options->kbd_interactive_authentication == -1)
909 options->kbd_interactive_authentication = 1;
910 if (options->rhosts_rsa_authentication == -1)
911 options->rhosts_rsa_authentication = 0;
912 if (options->hostbased_authentication == -1)
913 options->hostbased_authentication = 0;
914 if (options->batch_mode == -1)
915 options->batch_mode = 0;
916 if (options->check_host_ip == -1)
917 options->check_host_ip = 1;
918 if (options->strict_host_key_checking == -1)
919 options->strict_host_key_checking = 2; /* 2 is default */
920 if (options->compression == -1)
921 options->compression = 0;
922 if (options->keepalives == -1)
923 options->keepalives = 1;
924 if (options->compression_level == -1)
925 options->compression_level = 6;
926 if (options->port == -1)
927 options->port = 0; /* Filled in ssh_connect. */
928 if (options->address_family == -1)
929 options->address_family = AF_UNSPEC;
930 if (options->connection_attempts == -1)
931 options->connection_attempts = 1;
932 if (options->number_of_password_prompts == -1)
933 options->number_of_password_prompts = 3;
934 /* Selected in ssh_login(). */
935 if (options->cipher == -1)
936 options->cipher = SSH_CIPHER_NOT_SET;
937 /* options->ciphers, default set in myproposals.h */
938 /* options->macs, default set in myproposals.h */
939 /* options->hostkeyalgorithms, default set in myproposals.h */
940 if (options->protocol == SSH_PROTO_UNKNOWN)
941 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
942 if (options->num_identity_files == 0) {
943 if (options->protocol & SSH_PROTO_1) {
944 len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;
945 options->identity_files[options->num_identity_files] =
947 snprintf(options->identity_files[options->num_identity_files++],
948 len, "~/%.100s", _PATH_SSH_CLIENT_IDENTITY);
950 if (options->protocol & SSH_PROTO_2) {
951 len = 2 + strlen(_PATH_SSH_CLIENT_ID_RSA) + 1;
952 options->identity_files[options->num_identity_files] =
954 snprintf(options->identity_files[options->num_identity_files++],
955 len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA);
957 len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1;
958 options->identity_files[options->num_identity_files] =
960 snprintf(options->identity_files[options->num_identity_files++],
961 len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
964 if (options->escape_char == -1)
965 options->escape_char = '~';
966 if (options->system_hostfile == NULL)
967 options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE;
968 if (options->user_hostfile == NULL)
969 options->user_hostfile = _PATH_SSH_USER_HOSTFILE;
970 if (options->system_hostfile2 == NULL)
971 options->system_hostfile2 = _PATH_SSH_SYSTEM_HOSTFILE2;
972 if (options->user_hostfile2 == NULL)
973 options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2;
974 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
975 options->log_level = SYSLOG_LEVEL_INFO;
976 if (options->clear_forwardings == 1)
977 clear_forwardings(options);
978 if (options->no_host_authentication_for_localhost == - 1)
979 options->no_host_authentication_for_localhost = 0;
980 if (options->enable_ssh_keysign == -1)
981 options->enable_ssh_keysign = 0;
982 if (options->rekey_limit == -1)
983 options->rekey_limit = 0;
984 if (options->verify_host_key_dns == -1)
985 options->verify_host_key_dns = 0;
986 /* options->proxy_command should not be set by default */
987 /* options->user will be set in the main program if appropriate */
988 /* options->hostname will be set in the main program if appropriate */
989 /* options->host_key_alias should not be set by default */
990 /* options->preferred_authentications will be set in ssh */