2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
13 RCSID("$OpenBSD: servconf.c,v 1.83 2001/06/08 15:25:40 markus Exp $");
27 #include "pathnames.h"
28 #include "tildexpand.h"
34 void add_listen_addr(ServerOptions *options, char *addr, u_short port);
35 void add_one_listen_addr(ServerOptions *options, char *addr, u_short port);
37 /* AF_UNSPEC or AF_INET or AF_INET6 */
40 /* Initializes the server options to their default values. */
43 initialize_server_options(ServerOptions *options)
45 memset(options, 0, sizeof(*options));
46 options->num_ports = 0;
47 options->ports_from_cmdline = 0;
48 options->listen_addrs = NULL;
49 options->num_host_key_files = 0;
50 options->pid_file = NULL;
51 options->server_key_bits = -1;
52 options->login_grace_time = -1;
53 options->key_regeneration_time = -1;
54 options->permit_root_login = PERMIT_NOT_SET;
55 options->ignore_rhosts = -1;
56 options->ignore_user_known_hosts = -1;
57 options->print_motd = -1;
58 options->print_lastlog = -1;
59 options->check_mail = -1;
60 options->x11_forwarding = -1;
61 options->x11_display_offset = -1;
62 options->xauth_location = NULL;
63 options->strict_modes = -1;
64 options->keepalives = -1;
65 options->log_facility = (SyslogFacility) - 1;
66 options->log_level = (LogLevel) - 1;
67 options->rhosts_authentication = -1;
68 options->rhosts_rsa_authentication = -1;
69 options->hostbased_authentication = -1;
70 options->hostbased_uses_name_from_packet_only = -1;
71 options->rsa_authentication = -1;
72 options->pubkey_authentication = -1;
74 options->kerberos_authentication = -1;
75 options->kerberos_or_local_passwd = -1;
76 options->kerberos_ticket_cleanup = -1;
79 options->kerberos_tgt_passing = -1;
80 options->afs_token_passing = -1;
82 options->password_authentication = -1;
83 options->kbd_interactive_authentication = -1;
84 options->challenge_response_authentication = -1;
85 options->permit_empty_passwd = -1;
86 options->use_login = -1;
87 options->allow_tcp_forwarding = -1;
88 options->num_allow_users = 0;
89 options->num_deny_users = 0;
90 options->num_allow_groups = 0;
91 options->num_deny_groups = 0;
92 options->ciphers = NULL;
94 options->protocol = SSH_PROTO_UNKNOWN;
95 options->gateway_ports = -1;
96 options->num_subsystems = 0;
97 options->max_startups_begin = -1;
98 options->max_startups_rate = -1;
99 options->max_startups = -1;
100 options->banner = NULL;
101 options->reverse_mapping_check = -1;
102 options->client_alive_interval = -1;
103 options->client_alive_count_max = -1;
104 options->authorized_keys_file = NULL;
105 options->authorized_keys_file2 = NULL;
106 options->pam_authentication_via_kbd_int = -1;
110 fill_default_server_options(ServerOptions *options)
112 if (options->protocol == SSH_PROTO_UNKNOWN)
113 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
114 if (options->num_host_key_files == 0) {
115 /* fill default hostkeys for protocols */
116 if (options->protocol & SSH_PROTO_1)
117 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_KEY_FILE;
118 if (options->protocol & SSH_PROTO_2)
119 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE;
121 if (options->num_ports == 0)
122 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
123 if (options->listen_addrs == NULL)
124 add_listen_addr(options, NULL, 0);
125 if (options->pid_file == NULL)
126 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
127 if (options->server_key_bits == -1)
128 options->server_key_bits = 768;
129 if (options->login_grace_time == -1)
130 options->login_grace_time = 600;
131 if (options->key_regeneration_time == -1)
132 options->key_regeneration_time = 3600;
133 if (options->permit_root_login == PERMIT_NOT_SET)
134 options->permit_root_login = PERMIT_YES;
135 if (options->ignore_rhosts == -1)
136 options->ignore_rhosts = 1;
137 if (options->ignore_user_known_hosts == -1)
138 options->ignore_user_known_hosts = 0;
139 if (options->check_mail == -1)
140 options->check_mail = 0;
141 if (options->print_motd == -1)
142 options->print_motd = 1;
143 if (options->print_lastlog == -1)
144 options->print_lastlog = 1;
145 if (options->x11_forwarding == -1)
146 options->x11_forwarding = 0;
147 if (options->x11_display_offset == -1)
148 options->x11_display_offset = 10;
150 if (options->xauth_location == NULL)
151 options->xauth_location = _PATH_XAUTH;
153 if (options->strict_modes == -1)
154 options->strict_modes = 1;
155 if (options->keepalives == -1)
156 options->keepalives = 1;
157 if (options->log_facility == (SyslogFacility) (-1))
158 options->log_facility = SYSLOG_FACILITY_AUTH;
159 if (options->log_level == (LogLevel) (-1))
160 options->log_level = SYSLOG_LEVEL_INFO;
161 if (options->rhosts_authentication == -1)
162 options->rhosts_authentication = 0;
163 if (options->rhosts_rsa_authentication == -1)
164 options->rhosts_rsa_authentication = 0;
165 if (options->hostbased_authentication == -1)
166 options->hostbased_authentication = 0;
167 if (options->hostbased_uses_name_from_packet_only == -1)
168 options->hostbased_uses_name_from_packet_only = 0;
169 if (options->rsa_authentication == -1)
170 options->rsa_authentication = 1;
171 if (options->pubkey_authentication == -1)
172 options->pubkey_authentication = 1;
174 if (options->kerberos_authentication == -1)
175 options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
176 if (options->kerberos_or_local_passwd == -1)
177 options->kerberos_or_local_passwd = 1;
178 if (options->kerberos_ticket_cleanup == -1)
179 options->kerberos_ticket_cleanup = 1;
182 if (options->kerberos_tgt_passing == -1)
183 options->kerberos_tgt_passing = 0;
184 if (options->afs_token_passing == -1)
185 options->afs_token_passing = k_hasafs();
187 if (options->password_authentication == -1)
188 options->password_authentication = 1;
189 if (options->kbd_interactive_authentication == -1)
190 options->kbd_interactive_authentication = 0;
191 if (options->challenge_response_authentication == -1)
192 options->challenge_response_authentication = 1;
193 if (options->permit_empty_passwd == -1)
194 options->permit_empty_passwd = 0;
195 if (options->use_login == -1)
196 options->use_login = 0;
197 if (options->allow_tcp_forwarding == -1)
198 options->allow_tcp_forwarding = 1;
199 if (options->gateway_ports == -1)
200 options->gateway_ports = 0;
201 if (options->max_startups == -1)
202 options->max_startups = 10;
203 if (options->max_startups_rate == -1)
204 options->max_startups_rate = 100; /* 100% */
205 if (options->max_startups_begin == -1)
206 options->max_startups_begin = options->max_startups;
207 if (options->reverse_mapping_check == -1)
208 options->reverse_mapping_check = 0;
209 if (options->client_alive_interval == -1)
210 options->client_alive_interval = 0;
211 if (options->client_alive_count_max == -1)
212 options->client_alive_count_max = 3;
213 if (options->authorized_keys_file == NULL)
214 options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
215 if (options->authorized_keys_file2 == NULL)
216 options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2;
217 if (options->pam_authentication_via_kbd_int == -1)
218 options->pam_authentication_via_kbd_int = 0;
221 /* Keyword tokens. */
223 sBadOption, /* == unknown option */
224 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
225 sPermitRootLogin, sLogFacility, sLogLevel,
226 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
228 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
231 sKerberosTgtPassing, sAFSTokenPassing,
233 sChallengeResponseAuthentication,
234 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
235 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
236 sX11Forwarding, sX11DisplayOffset,
237 sStrictModes, sEmptyPasswd, sKeepAlives, sCheckMail,
238 sUseLogin, sAllowTcpForwarding,
239 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
240 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
241 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
242 sBanner, sReverseMappingCheck, sHostbasedAuthentication,
243 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
244 sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
245 sPAMAuthenticationViaKbdInt
248 /* Textual representation of the tokens. */
251 ServerOpCodes opcode;
254 { "hostkey", sHostKeyFile },
255 { "hostdsakey", sHostKeyFile }, /* alias */
256 { "pidfile", sPidFile },
257 { "serverkeybits", sServerKeyBits },
258 { "logingracetime", sLoginGraceTime },
259 { "keyregenerationinterval", sKeyRegenerationTime },
260 { "permitrootlogin", sPermitRootLogin },
261 { "syslogfacility", sLogFacility },
262 { "loglevel", sLogLevel },
263 { "rhostsauthentication", sRhostsAuthentication },
264 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
265 { "hostbasedauthentication", sHostbasedAuthentication },
266 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
267 { "rsaauthentication", sRSAAuthentication },
268 { "pubkeyauthentication", sPubkeyAuthentication },
269 { "dsaauthentication", sPubkeyAuthentication }, /* alias */
271 { "kerberosauthentication", sKerberosAuthentication },
272 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
273 { "kerberosticketcleanup", sKerberosTicketCleanup },
276 { "kerberostgtpassing", sKerberosTgtPassing },
277 { "afstokenpassing", sAFSTokenPassing },
279 { "passwordauthentication", sPasswordAuthentication },
280 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
281 { "challengeresponseauthentication", sChallengeResponseAuthentication },
282 { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
283 { "checkmail", sCheckMail },
284 { "listenaddress", sListenAddress },
285 { "printmotd", sPrintMotd },
286 { "printlastlog", sPrintLastLog },
287 { "ignorerhosts", sIgnoreRhosts },
288 { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
289 { "x11forwarding", sX11Forwarding },
290 { "x11displayoffset", sX11DisplayOffset },
291 { "xauthlocation", sXAuthLocation },
292 { "strictmodes", sStrictModes },
293 { "permitemptypasswords", sEmptyPasswd },
294 { "uselogin", sUseLogin },
295 { "keepalive", sKeepAlives },
296 { "allowtcpforwarding", sAllowTcpForwarding },
297 { "allowusers", sAllowUsers },
298 { "denyusers", sDenyUsers },
299 { "allowgroups", sAllowGroups },
300 { "denygroups", sDenyGroups },
301 { "ciphers", sCiphers },
303 { "protocol", sProtocol },
304 { "gatewayports", sGatewayPorts },
305 { "subsystem", sSubsystem },
306 { "maxstartups", sMaxStartups },
307 { "banner", sBanner },
308 { "reversemappingcheck", sReverseMappingCheck },
309 { "clientaliveinterval", sClientAliveInterval },
310 { "clientalivecountmax", sClientAliveCountMax },
311 { "authorizedkeysfile", sAuthorizedKeysFile },
312 { "authorizedkeysfile2", sAuthorizedKeysFile2 },
313 { "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt },
318 * Returns the number of the token pointed to by cp or sBadOption.
322 parse_token(const char *cp, const char *filename,
327 for (i = 0; keywords[i].name; i++)
328 if (strcasecmp(cp, keywords[i].name) == 0)
329 return keywords[i].opcode;
331 error("%s: line %d: Bad configuration option: %s",
332 filename, linenum, cp);
337 add_listen_addr(ServerOptions *options, char *addr, u_short port)
341 if (options->num_ports == 0)
342 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
344 for (i = 0; i < options->num_ports; i++)
345 add_one_listen_addr(options, addr, options->ports[i]);
347 add_one_listen_addr(options, addr, port);
351 add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
353 struct addrinfo hints, *ai, *aitop;
354 char strport[NI_MAXSERV];
357 memset(&hints, 0, sizeof(hints));
358 hints.ai_family = IPv4or6;
359 hints.ai_socktype = SOCK_STREAM;
360 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
361 snprintf(strport, sizeof strport, "%d", port);
362 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
363 fatal("bad addr or host: %s (%s)",
364 addr ? addr : "<NULL>",
365 gai_strerror(gaierr));
366 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
368 ai->ai_next = options->listen_addrs;
369 options->listen_addrs = aitop;
372 /* Reads the server configuration file. */
375 read_server_config(ServerOptions *options, const char *filename)
379 char *cp, **charptr, *arg, *p;
380 int linenum, *intptr, value;
382 ServerOpCodes opcode;
385 f = fopen(filename, "r");
391 while (fgets(line, sizeof(line), f)) {
395 /* Ignore leading whitespace */
398 if (!arg || !*arg || *arg == '#')
402 opcode = parse_token(arg, filename, linenum);
408 /* ignore ports from configfile if cmdline specifies ports */
409 if (options->ports_from_cmdline)
411 if (options->listen_addrs != NULL)
412 fatal("%s line %d: ports must be specified before "
413 "ListenAdress.", filename, linenum);
414 if (options->num_ports >= MAX_PORTS)
415 fatal("%s line %d: too many ports.",
418 if (!arg || *arg == '\0')
419 fatal("%s line %d: missing port number.",
421 options->ports[options->num_ports++] = a2port(arg);
422 if (options->ports[options->num_ports-1] == 0)
423 fatal("%s line %d: Badly formatted port number.",
428 intptr = &options->server_key_bits;
431 if (!arg || *arg == '\0')
432 fatal("%s line %d: missing integer value.",
439 case sLoginGraceTime:
440 intptr = &options->login_grace_time;
443 if (!arg || *arg == '\0')
444 fatal("%s line %d: missing time value.",
446 if ((value = convtime(arg)) == -1)
447 fatal("%s line %d: invalid time value.",
453 case sKeyRegenerationTime:
454 intptr = &options->key_regeneration_time;
459 if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0)
460 fatal("%s line %d: missing inet addr.",
463 if ((p = strchr(arg, ']')) == NULL)
464 fatal("%s line %d: bad ipv6 inet addr usage.",
467 memmove(p, p+1, strlen(p+1)+1);
468 } else if (((p = strchr(arg, ':')) == NULL) ||
469 (strchr(p+1, ':') != NULL)) {
470 add_listen_addr(options, arg, 0);
478 fatal("%s line %d: bad inet addr:port usage.",
482 if ((port = a2port(p)) == 0)
483 fatal("%s line %d: bad port number.",
485 add_listen_addr(options, arg, port);
487 } else if (*p == '\0')
488 add_listen_addr(options, arg, 0);
490 fatal("%s line %d: bad inet addr usage.",
495 intptr = &options->num_host_key_files;
496 if (*intptr >= MAX_HOSTKEYS)
497 fatal("%s line %d: too many host keys specified (max %d).",
498 filename, linenum, MAX_HOSTKEYS);
499 charptr = &options->host_key_files[*intptr];
502 if (!arg || *arg == '\0')
503 fatal("%s line %d: missing file name.",
505 if (*charptr == NULL) {
506 *charptr = tilde_expand_filename(arg, getuid());
507 /* increase optional counter */
509 *intptr = *intptr + 1;
514 charptr = &options->pid_file;
517 case sPermitRootLogin:
518 intptr = &options->permit_root_login;
520 if (!arg || *arg == '\0')
521 fatal("%s line %d: missing yes/"
522 "without-password/forced-commands-only/no "
523 "argument.", filename, linenum);
524 value = 0; /* silence compiler */
525 if (strcmp(arg, "without-password") == 0)
526 value = PERMIT_NO_PASSWD;
527 else if (strcmp(arg, "forced-commands-only") == 0)
528 value = PERMIT_FORCED_ONLY;
529 else if (strcmp(arg, "yes") == 0)
531 else if (strcmp(arg, "no") == 0)
534 fatal("%s line %d: Bad yes/"
535 "without-password/forced-commands-only/no "
536 "argument: %s", filename, linenum, arg);
542 intptr = &options->ignore_rhosts;
545 if (!arg || *arg == '\0')
546 fatal("%s line %d: missing yes/no argument.",
548 value = 0; /* silence compiler */
549 if (strcmp(arg, "yes") == 0)
551 else if (strcmp(arg, "no") == 0)
554 fatal("%s line %d: Bad yes/no argument: %s",
555 filename, linenum, arg);
560 case sIgnoreUserKnownHosts:
561 intptr = &options->ignore_user_known_hosts;
564 case sRhostsAuthentication:
565 intptr = &options->rhosts_authentication;
568 case sRhostsRSAAuthentication:
569 intptr = &options->rhosts_rsa_authentication;
572 case sHostbasedAuthentication:
573 intptr = &options->hostbased_authentication;
576 case sHostbasedUsesNameFromPacketOnly:
577 intptr = &options->hostbased_uses_name_from_packet_only;
580 case sRSAAuthentication:
581 intptr = &options->rsa_authentication;
584 case sPubkeyAuthentication:
585 intptr = &options->pubkey_authentication;
589 case sKerberosAuthentication:
590 intptr = &options->kerberos_authentication;
593 case sKerberosOrLocalPasswd:
594 intptr = &options->kerberos_or_local_passwd;
597 case sKerberosTicketCleanup:
598 intptr = &options->kerberos_ticket_cleanup;
603 case sKerberosTgtPassing:
604 intptr = &options->kerberos_tgt_passing;
607 case sAFSTokenPassing:
608 intptr = &options->afs_token_passing;
612 case sPasswordAuthentication:
613 intptr = &options->password_authentication;
616 case sKbdInteractiveAuthentication:
617 intptr = &options->kbd_interactive_authentication;
621 intptr = &options->check_mail;
624 case sChallengeResponseAuthentication:
625 intptr = &options->challenge_response_authentication;
629 intptr = &options->print_motd;
633 intptr = &options->print_lastlog;
637 intptr = &options->x11_forwarding;
640 case sX11DisplayOffset:
641 intptr = &options->x11_display_offset;
645 charptr = &options->xauth_location;
649 intptr = &options->strict_modes;
653 intptr = &options->keepalives;
657 intptr = &options->permit_empty_passwd;
661 intptr = &options->use_login;
665 intptr = &options->gateway_ports;
668 case sReverseMappingCheck:
669 intptr = &options->reverse_mapping_check;
673 intptr = (int *) &options->log_facility;
675 value = log_facility_number(arg);
676 if (value == (SyslogFacility) - 1)
677 fatal("%.200s line %d: unsupported log facility '%s'",
678 filename, linenum, arg ? arg : "<NONE>");
680 *intptr = (SyslogFacility) value;
684 intptr = (int *) &options->log_level;
686 value = log_level_number(arg);
687 if (value == (LogLevel) - 1)
688 fatal("%.200s line %d: unsupported log level '%s'",
689 filename, linenum, arg ? arg : "<NONE>");
691 *intptr = (LogLevel) value;
694 case sAllowTcpForwarding:
695 intptr = &options->allow_tcp_forwarding;
699 while ((arg = strdelim(&cp)) && *arg != '\0') {
700 if (options->num_allow_users >= MAX_ALLOW_USERS)
701 fatal("%s line %d: too many allow users.",
703 options->allow_users[options->num_allow_users++] = xstrdup(arg);
708 while ((arg = strdelim(&cp)) && *arg != '\0') {
709 if (options->num_deny_users >= MAX_DENY_USERS)
710 fatal( "%s line %d: too many deny users.",
712 options->deny_users[options->num_deny_users++] = xstrdup(arg);
717 while ((arg = strdelim(&cp)) && *arg != '\0') {
718 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
719 fatal("%s line %d: too many allow groups.",
721 options->allow_groups[options->num_allow_groups++] = xstrdup(arg);
726 while ((arg = strdelim(&cp)) && *arg != '\0') {
727 if (options->num_deny_groups >= MAX_DENY_GROUPS)
728 fatal("%s line %d: too many deny groups.",
730 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
736 if (!arg || *arg == '\0')
737 fatal("%s line %d: Missing argument.", filename, linenum);
738 if (!ciphers_valid(arg))
739 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
740 filename, linenum, arg ? arg : "<NONE>");
741 if (options->ciphers == NULL)
742 options->ciphers = xstrdup(arg);
747 if (!arg || *arg == '\0')
748 fatal("%s line %d: Missing argument.", filename, linenum);
750 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
751 filename, linenum, arg ? arg : "<NONE>");
752 if (options->macs == NULL)
753 options->macs = xstrdup(arg);
757 intptr = &options->protocol;
759 if (!arg || *arg == '\0')
760 fatal("%s line %d: Missing argument.", filename, linenum);
761 value = proto_spec(arg);
762 if (value == SSH_PROTO_UNKNOWN)
763 fatal("%s line %d: Bad protocol spec '%s'.",
764 filename, linenum, arg ? arg : "<NONE>");
765 if (*intptr == SSH_PROTO_UNKNOWN)
770 if(options->num_subsystems >= MAX_SUBSYSTEMS) {
771 fatal("%s line %d: too many subsystems defined.",
775 if (!arg || *arg == '\0')
776 fatal("%s line %d: Missing subsystem name.",
778 for (i = 0; i < options->num_subsystems; i++)
779 if(strcmp(arg, options->subsystem_name[i]) == 0)
780 fatal("%s line %d: Subsystem '%s' already defined.",
781 filename, linenum, arg);
782 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
784 if (!arg || *arg == '\0')
785 fatal("%s line %d: Missing subsystem command.",
787 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
788 options->num_subsystems++;
793 if (!arg || *arg == '\0')
794 fatal("%s line %d: Missing MaxStartups spec.",
796 if (sscanf(arg, "%d:%d:%d",
797 &options->max_startups_begin,
798 &options->max_startups_rate,
799 &options->max_startups) == 3) {
800 if (options->max_startups_begin >
801 options->max_startups ||
802 options->max_startups_rate > 100 ||
803 options->max_startups_rate < 1)
804 fatal("%s line %d: Illegal MaxStartups spec.",
808 intptr = &options->max_startups;
812 charptr = &options->banner;
815 * These options can contain %X options expanded at
816 * connect time, so that you can specify paths like:
818 * AuthorizedKeysFile /etc/ssh_keys/%u
820 case sAuthorizedKeysFile:
821 case sAuthorizedKeysFile2:
822 charptr = (opcode == sAuthorizedKeysFile ) ?
823 &options->authorized_keys_file :
824 &options->authorized_keys_file2;
827 case sClientAliveInterval:
828 intptr = &options->client_alive_interval;
831 case sClientAliveCountMax:
832 intptr = &options->client_alive_count_max;
835 case sPAMAuthenticationViaKbdInt:
836 intptr = &options->pam_authentication_via_kbd_int;
840 fatal("%s line %d: Missing handler for opcode %s (%d)",
841 filename, linenum, arg, opcode);
843 if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
844 fatal("%s line %d: garbage at end of line; \"%.200s\".",
845 filename, linenum, arg);
849 fatal("%s: terminating, %d bad configuration options",
850 filename, bad_options);