2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * Functions for reading the configuration files.
7 * As far as I am concerned, the code I have written for this software
8 * can be used freely for any purpose. Any derived versions of this
9 * software must be clearly marked as such, and if the derived work is
10 * incompatible with the protocol description in the RFC file, it must be
11 * called by a name other than "ssh" or "Secure Shell".
15 RCSID("$OpenBSD: readconf.c,v 1.100 2002/06/19 00:27:55 deraadt Exp $");
16 RCSID("$FreeBSD: src/crypto/openssh/readconf.c,v 1.4.2.8 2003/02/03 17:31:07 des Exp $");
17 RCSID("$DragonFly: src/crypto/openssh/Attic/readconf.c,v 1.2 2003/06/17 04:24:36 dillon Exp $");
23 #include "pathnames.h"
31 /* Format of the configuration file:
33 # Configuration data is parsed as follows:
34 # 1. command line options
35 # 2. user-specific file
37 # Any configuration value is only changed the first time it is set.
38 # Thus, host-specific definitions should be at the beginning of the
39 # configuration file, and defaults at the end.
41 # Host-specific declarations. These may override anything above. A single
42 # host may match multiple declarations; these are processed in the order
43 # that they are given in.
49 HostName another.host.name.real.org
56 RemoteForward 9999 shadows.cs.hut.fi:9999
62 RhostsAuthentication no
63 PasswordAuthentication no
67 ProxyCommand ssh-proxy %h %p
70 PublicKeyAuthentication no
74 PasswordAuthentication no
76 # Defaults for various options
80 RhostsAuthentication yes
81 PasswordAuthentication yes
83 RhostsRSAAuthentication yes
84 StrictHostKeyChecking yes
86 IdentityFile ~/.ssh/identity
96 oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication,
97 oPasswordAuthentication, oRSAAuthentication,
98 oChallengeResponseAuthentication, oXAuthLocation,
99 #if defined(KRB4) || defined(KRB5)
100 oKerberosAuthentication,
102 #if defined(AFS) || defined(KRB5)
108 oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
109 oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
110 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
111 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
112 oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts,
113 oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
114 oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
115 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
116 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
117 oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
118 oClearAllForwardings, oNoHostAuthenticationForLocalhost,
123 /* Textual representations of the tokens. */
129 { "forwardagent", oForwardAgent },
130 { "forwardx11", oForwardX11 },
131 { "xauthlocation", oXAuthLocation },
132 { "gatewayports", oGatewayPorts },
133 { "useprivilegedport", oUsePrivilegedPort },
134 { "rhostsauthentication", oRhostsAuthentication },
135 { "passwordauthentication", oPasswordAuthentication },
136 { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
137 { "kbdinteractivedevices", oKbdInteractiveDevices },
138 { "rsaauthentication", oRSAAuthentication },
139 { "pubkeyauthentication", oPubkeyAuthentication },
140 { "dsaauthentication", oPubkeyAuthentication }, /* alias */
141 { "rhostsrsaauthentication", oRhostsRSAAuthentication },
142 { "hostbasedauthentication", oHostbasedAuthentication },
143 { "challengeresponseauthentication", oChallengeResponseAuthentication },
144 { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
145 { "tisauthentication", oChallengeResponseAuthentication }, /* alias */
146 #if defined(KRB4) || defined(KRB5)
147 { "kerberosauthentication", oKerberosAuthentication },
149 #if defined(AFS) || defined(KRB5)
150 { "kerberostgtpassing", oKerberosTgtPassing },
153 { "afstokenpassing", oAFSTokenPassing },
155 { "fallbacktorsh", oDeprecated },
156 { "usersh", oDeprecated },
157 { "identityfile", oIdentityFile },
158 { "identityfile2", oIdentityFile }, /* alias */
159 { "hostname", oHostName },
160 { "hostkeyalias", oHostKeyAlias },
161 { "proxycommand", oProxyCommand },
163 { "cipher", oCipher },
164 { "ciphers", oCiphers },
166 { "protocol", oProtocol },
167 { "remoteforward", oRemoteForward },
168 { "localforward", oLocalForward },
171 { "escapechar", oEscapeChar },
172 { "globalknownhostsfile", oGlobalKnownHostsFile },
173 { "userknownhostsfile", oUserKnownHostsFile }, /* obsolete */
174 { "globalknownhostsfile2", oGlobalKnownHostsFile2 },
175 { "userknownhostsfile2", oUserKnownHostsFile2 }, /* obsolete */
176 { "connectionattempts", oConnectionAttempts },
177 { "batchmode", oBatchMode },
178 { "checkhostip", oCheckHostIP },
179 { "stricthostkeychecking", oStrictHostKeyChecking },
180 { "compression", oCompression },
181 { "compressionlevel", oCompressionLevel },
182 { "keepalive", oKeepAlives },
183 { "numberofpasswordprompts", oNumberOfPasswordPrompts },
184 { "loglevel", oLogLevel },
185 { "dynamicforward", oDynamicForward },
186 { "preferredauthentications", oPreferredAuthentications },
187 { "hostkeyalgorithms", oHostKeyAlgorithms },
188 { "bindaddress", oBindAddress },
189 { "smartcarddevice", oSmartcardDevice },
190 { "clearallforwardings", oClearAllForwardings },
191 { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
192 { "versionaddendum", oVersionAddendum },
197 * Adds a local TCP/IP port forward to options. Never returns if there is an
202 add_local_forward(Options *options, u_short port, const char *host,
206 #ifndef NO_IPPORT_RESERVED_CONCEPT
207 extern uid_t original_real_uid;
208 if (port < IPPORT_RESERVED && original_real_uid != 0)
209 fatal("Privileged ports can only be forwarded by root.");
211 if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
212 fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
213 fwd = &options->local_forwards[options->num_local_forwards++];
215 fwd->host = xstrdup(host);
216 fwd->host_port = host_port;
220 * Adds a remote TCP/IP port forward to options. Never returns if there is
225 add_remote_forward(Options *options, u_short port, const char *host,
229 if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
230 fatal("Too many remote forwards (max %d).",
231 SSH_MAX_FORWARDS_PER_DIRECTION);
232 fwd = &options->remote_forwards[options->num_remote_forwards++];
234 fwd->host = xstrdup(host);
235 fwd->host_port = host_port;
239 clear_forwardings(Options *options)
243 for (i = 0; i < options->num_local_forwards; i++)
244 xfree(options->local_forwards[i].host);
245 options->num_local_forwards = 0;
246 for (i = 0; i < options->num_remote_forwards; i++)
247 xfree(options->remote_forwards[i].host);
248 options->num_remote_forwards = 0;
252 * Returns the number of the token pointed to by cp or oBadOption.
256 parse_token(const char *cp, const char *filename, int linenum)
260 for (i = 0; keywords[i].name; i++)
261 if (strcasecmp(cp, keywords[i].name) == 0)
262 return keywords[i].opcode;
264 error("%s: line %d: Bad configuration option: %s",
265 filename, linenum, cp);
270 * Processes a single option line as used in the configuration files. This
271 * only sets those values that have not already been set.
275 process_config_line(Options *options, const char *host,
276 char *line, const char *filename, int linenum,
279 char buf[256], *s, *string, **charptr, *endofnumber, *keyword, *arg;
280 int opcode, *intptr, value;
281 u_short fwd_port, fwd_host_port;
282 char sfwd_host_port[6];
285 /* Get the keyword. (Each line is supposed to begin with a keyword). */
286 keyword = strdelim(&s);
287 /* Ignore leading whitespace. */
288 if (*keyword == '\0')
289 keyword = strdelim(&s);
290 if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
293 opcode = parse_token(keyword, filename, linenum);
297 /* don't panic, but count bad options */
301 intptr = &options->forward_agent;
304 if (!arg || *arg == '\0')
305 fatal("%.200s line %d: Missing yes/no argument.", filename, linenum);
306 value = 0; /* To avoid compiler warning... */
307 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
309 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
312 fatal("%.200s line %d: Bad yes/no argument.", filename, linenum);
313 if (*activep && *intptr == -1)
318 intptr = &options->forward_x11;
322 intptr = &options->gateway_ports;
325 case oUsePrivilegedPort:
326 intptr = &options->use_privileged_port;
329 case oRhostsAuthentication:
330 intptr = &options->rhosts_authentication;
333 case oPasswordAuthentication:
334 intptr = &options->password_authentication;
337 case oKbdInteractiveAuthentication:
338 intptr = &options->kbd_interactive_authentication;
341 case oKbdInteractiveDevices:
342 charptr = &options->kbd_interactive_devices;
345 case oPubkeyAuthentication:
346 intptr = &options->pubkey_authentication;
349 case oRSAAuthentication:
350 intptr = &options->rsa_authentication;
353 case oRhostsRSAAuthentication:
354 intptr = &options->rhosts_rsa_authentication;
357 case oHostbasedAuthentication:
358 intptr = &options->hostbased_authentication;
361 case oChallengeResponseAuthentication:
362 intptr = &options->challenge_response_authentication;
364 #if defined(KRB4) || defined(KRB5)
365 case oKerberosAuthentication:
366 intptr = &options->kerberos_authentication;
369 #if defined(AFS) || defined(KRB5)
370 case oKerberosTgtPassing:
371 intptr = &options->kerberos_tgt_passing;
375 case oAFSTokenPassing:
376 intptr = &options->afs_token_passing;
380 intptr = &options->batch_mode;
384 intptr = &options->check_host_ip;
387 case oStrictHostKeyChecking:
388 intptr = &options->strict_host_key_checking;
390 if (!arg || *arg == '\0')
391 fatal("%.200s line %d: Missing yes/no/ask argument.",
393 value = 0; /* To avoid compiler warning... */
394 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
396 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
398 else if (strcmp(arg, "ask") == 0)
401 fatal("%.200s line %d: Bad yes/no/ask argument.", filename, linenum);
402 if (*activep && *intptr == -1)
407 intptr = &options->compression;
411 intptr = &options->keepalives;
414 case oNoHostAuthenticationForLocalhost:
415 intptr = &options->no_host_authentication_for_localhost;
418 case oNumberOfPasswordPrompts:
419 intptr = &options->number_of_password_prompts;
422 case oCompressionLevel:
423 intptr = &options->compression_level;
428 if (!arg || *arg == '\0')
429 fatal("%.200s line %d: Missing argument.", filename, linenum);
431 intptr = &options->num_identity_files;
432 if (*intptr >= SSH_MAX_IDENTITY_FILES)
433 fatal("%.200s line %d: Too many identity files specified (max %d).",
434 filename, linenum, SSH_MAX_IDENTITY_FILES);
435 charptr = &options->identity_files[*intptr];
436 *charptr = xstrdup(arg);
437 *intptr = *intptr + 1;
442 charptr=&options->xauth_location;
446 charptr = &options->user;
449 if (!arg || *arg == '\0')
450 fatal("%.200s line %d: Missing argument.", filename, linenum);
451 if (*activep && *charptr == NULL)
452 *charptr = xstrdup(arg);
455 case oGlobalKnownHostsFile:
456 charptr = &options->system_hostfile;
459 case oUserKnownHostsFile:
460 charptr = &options->user_hostfile;
463 case oGlobalKnownHostsFile2:
464 charptr = &options->system_hostfile2;
467 case oUserKnownHostsFile2:
468 charptr = &options->user_hostfile2;
472 charptr = &options->hostname;
476 charptr = &options->host_key_alias;
479 case oPreferredAuthentications:
480 charptr = &options->preferred_authentications;
484 charptr = &options->bind_address;
487 case oSmartcardDevice:
488 charptr = &options->smartcard_device;
492 charptr = &options->proxy_command;
493 string = xstrdup("");
494 while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
495 string = xrealloc(string, strlen(string) + strlen(arg) + 2);
499 if (*activep && *charptr == NULL)
506 intptr = &options->port;
509 if (!arg || *arg == '\0')
510 fatal("%.200s line %d: Missing argument.", filename, linenum);
511 if (arg[0] < '0' || arg[0] > '9')
512 fatal("%.200s line %d: Bad number.", filename, linenum);
514 /* Octal, decimal, or hex format? */
515 value = strtol(arg, &endofnumber, 0);
516 if (arg == endofnumber)
517 fatal("%.200s line %d: Bad number.", filename, linenum);
518 if (*activep && *intptr == -1)
522 case oConnectionAttempts:
523 intptr = &options->connection_attempts;
527 intptr = &options->cipher;
529 if (!arg || *arg == '\0')
530 fatal("%.200s line %d: Missing argument.", filename, linenum);
531 value = cipher_number(arg);
533 fatal("%.200s line %d: Bad cipher '%s'.",
534 filename, linenum, arg ? arg : "<NONE>");
535 if (*activep && *intptr == -1)
541 if (!arg || *arg == '\0')
542 fatal("%.200s line %d: Missing argument.", filename, linenum);
543 if (!ciphers_valid(arg))
544 fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
545 filename, linenum, arg ? arg : "<NONE>");
546 if (*activep && options->ciphers == NULL)
547 options->ciphers = xstrdup(arg);
552 if (!arg || *arg == '\0')
553 fatal("%.200s line %d: Missing argument.", filename, linenum);
555 fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
556 filename, linenum, arg ? arg : "<NONE>");
557 if (*activep && options->macs == NULL)
558 options->macs = xstrdup(arg);
561 case oHostKeyAlgorithms:
563 if (!arg || *arg == '\0')
564 fatal("%.200s line %d: Missing argument.", filename, linenum);
565 if (!key_names_valid2(arg))
566 fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.",
567 filename, linenum, arg ? arg : "<NONE>");
568 if (*activep && options->hostkeyalgorithms == NULL)
569 options->hostkeyalgorithms = xstrdup(arg);
573 intptr = &options->protocol;
575 if (!arg || *arg == '\0')
576 fatal("%.200s line %d: Missing argument.", filename, linenum);
577 value = proto_spec(arg);
578 if (value == SSH_PROTO_UNKNOWN)
579 fatal("%.200s line %d: Bad protocol spec '%s'.",
580 filename, linenum, arg ? arg : "<NONE>");
581 if (*activep && *intptr == SSH_PROTO_UNKNOWN)
586 intptr = (int *) &options->log_level;
588 value = log_level_number(arg);
589 if (value == SYSLOG_LEVEL_NOT_SET)
590 fatal("%.200s line %d: unsupported log level '%s'",
591 filename, linenum, arg ? arg : "<NONE>");
592 if (*activep && (LogLevel) *intptr == SYSLOG_LEVEL_NOT_SET)
593 *intptr = (LogLevel) value;
599 if (!arg || *arg == '\0')
600 fatal("%.200s line %d: Missing port argument.",
602 if ((fwd_port = a2port(arg)) == 0)
603 fatal("%.200s line %d: Bad listen port.",
606 if (!arg || *arg == '\0')
607 fatal("%.200s line %d: Missing second argument.",
609 if (sscanf(arg, "%255[^:]:%5[0-9]", buf, sfwd_host_port) != 2 &&
610 sscanf(arg, "%255[^/]/%5[0-9]", buf, sfwd_host_port) != 2)
611 fatal("%.200s line %d: Bad forwarding specification.",
613 if ((fwd_host_port = a2port(sfwd_host_port)) == 0)
614 fatal("%.200s line %d: Bad forwarding port.",
617 if (opcode == oLocalForward)
618 add_local_forward(options, fwd_port, buf,
620 else if (opcode == oRemoteForward)
621 add_remote_forward(options, fwd_port, buf,
626 case oDynamicForward:
628 if (!arg || *arg == '\0')
629 fatal("%.200s line %d: Missing port argument.",
631 fwd_port = a2port(arg);
633 fatal("%.200s line %d: Badly formatted port number.",
636 add_local_forward(options, fwd_port, "socks4", 0);
639 case oClearAllForwardings:
640 intptr = &options->clear_forwardings;
645 while ((arg = strdelim(&s)) != NULL && *arg != '\0')
646 if (match_pattern(host, arg)) {
647 debug("Applying options for %.100s", arg);
651 /* Avoid garbage check below, as strdelim is done. */
655 intptr = &options->escape_char;
657 if (!arg || *arg == '\0')
658 fatal("%.200s line %d: Missing argument.", filename, linenum);
659 if (arg[0] == '^' && arg[2] == 0 &&
660 (u_char) arg[1] >= 64 && (u_char) arg[1] < 128)
661 value = (u_char) arg[1] & 31;
662 else if (strlen(arg) == 1)
663 value = (u_char) arg[0];
664 else if (strcmp(arg, "none") == 0)
665 value = SSH_ESCAPECHAR_NONE;
667 fatal("%.200s line %d: Bad escape character.",
670 value = 0; /* Avoid compiler warning. */
672 if (*activep && *intptr == -1)
676 case oVersionAddendum:
677 ssh_version_set_addendum(strtok(s, "\n"));
680 } while (arg != NULL && *arg != '\0');
684 debug("%s line %d: Deprecated option \"%s\"",
685 filename, linenum, keyword);
689 fatal("process_config_line: Unimplemented opcode %d", opcode);
692 /* Check that there is no garbage at end of line. */
693 if ((arg = strdelim(&s)) != NULL && *arg != '\0') {
694 fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
695 filename, linenum, arg);
702 * Reads the config file and modifies the options accordingly. Options
703 * should already be initialized before this call. This never returns if
704 * there is an error. If the file does not exist, this returns 0.
708 read_config_file(const char *filename, const char *host, Options *options)
716 f = fopen(filename, "r");
720 debug("Reading configuration data %.200s", filename);
723 * Mark that we are now processing the options. This flag is turned
724 * on/off by Host specifications.
728 while (fgets(line, sizeof(line), f)) {
729 /* Update line number counter. */
731 if (process_config_line(options, host, line, filename, linenum, &active) != 0)
736 fatal("%s: terminating, %d bad configuration options",
737 filename, bad_options);
742 * Initializes options to special values that indicate that they have not yet
743 * been set. Read_config_file will only set options with this value. Options
744 * are processed in the following order: command line, user config file,
745 * system config file. Last, fill_default_options is called.
749 initialize_options(Options * options)
751 memset(options, 'X', sizeof(*options));
752 options->forward_agent = -1;
753 options->forward_x11 = -1;
754 options->xauth_location = NULL;
755 options->gateway_ports = -1;
756 options->use_privileged_port = -1;
757 options->rhosts_authentication = -1;
758 options->rsa_authentication = -1;
759 options->pubkey_authentication = -1;
760 options->challenge_response_authentication = -1;
761 #if defined(KRB4) || defined(KRB5)
762 options->kerberos_authentication = -1;
764 #if defined(AFS) || defined(KRB5)
765 options->kerberos_tgt_passing = -1;
768 options->afs_token_passing = -1;
770 options->password_authentication = -1;
771 options->kbd_interactive_authentication = -1;
772 options->kbd_interactive_devices = NULL;
773 options->rhosts_rsa_authentication = -1;
774 options->hostbased_authentication = -1;
775 options->batch_mode = -1;
776 options->check_host_ip = -1;
777 options->strict_host_key_checking = -1;
778 options->compression = -1;
779 options->keepalives = -1;
780 options->compression_level = -1;
782 options->connection_attempts = -1;
783 options->number_of_password_prompts = -1;
784 options->cipher = -1;
785 options->ciphers = NULL;
786 options->macs = NULL;
787 options->hostkeyalgorithms = NULL;
788 options->protocol = SSH_PROTO_UNKNOWN;
789 options->num_identity_files = 0;
790 options->hostname = NULL;
791 options->host_key_alias = NULL;
792 options->proxy_command = NULL;
793 options->user = NULL;
794 options->escape_char = -1;
795 options->system_hostfile = NULL;
796 options->user_hostfile = NULL;
797 options->system_hostfile2 = NULL;
798 options->user_hostfile2 = NULL;
799 options->num_local_forwards = 0;
800 options->num_remote_forwards = 0;
801 options->clear_forwardings = -1;
802 options->log_level = SYSLOG_LEVEL_NOT_SET;
803 options->preferred_authentications = NULL;
804 options->bind_address = NULL;
805 options->smartcard_device = NULL;
806 options->no_host_authentication_for_localhost = - 1;
810 * Called after processing other sources of option data, this fills those
811 * options for which no value has been specified with their default values.
815 fill_default_options(Options * options)
819 if (options->forward_agent == -1)
820 options->forward_agent = 0;
821 if (options->forward_x11 == -1)
822 options->forward_x11 = 0;
823 if (options->xauth_location == NULL)
824 options->xauth_location = _PATH_XAUTH;
825 if (options->gateway_ports == -1)
826 options->gateway_ports = 0;
827 if (options->use_privileged_port == -1)
828 options->use_privileged_port = 0;
829 if (options->rhosts_authentication == -1)
830 options->rhosts_authentication = 0;
831 if (options->rsa_authentication == -1)
832 options->rsa_authentication = 1;
833 if (options->pubkey_authentication == -1)
834 options->pubkey_authentication = 1;
835 if (options->challenge_response_authentication == -1)
836 options->challenge_response_authentication = 1;
837 #if defined(KRB4) || defined(KRB5)
838 if (options->kerberos_authentication == -1)
839 options->kerberos_authentication = 1;
841 #if defined(AFS) || defined(KRB5)
842 if (options->kerberos_tgt_passing == -1)
843 options->kerberos_tgt_passing = 1;
846 if (options->afs_token_passing == -1)
847 options->afs_token_passing = 1;
849 if (options->password_authentication == -1)
850 options->password_authentication = 1;
851 if (options->kbd_interactive_authentication == -1)
852 options->kbd_interactive_authentication = 1;
853 if (options->rhosts_rsa_authentication == -1)
854 options->rhosts_rsa_authentication = 0;
855 if (options->hostbased_authentication == -1)
856 options->hostbased_authentication = 0;
857 if (options->batch_mode == -1)
858 options->batch_mode = 0;
859 if (options->check_host_ip == -1)
860 options->check_host_ip = 0;
861 if (options->strict_host_key_checking == -1)
862 options->strict_host_key_checking = 2; /* 2 is default */
863 if (options->compression == -1)
864 options->compression = 0;
865 if (options->keepalives == -1)
866 options->keepalives = 1;
867 if (options->compression_level == -1)
868 options->compression_level = 6;
869 if (options->port == -1)
870 options->port = 0; /* Filled in ssh_connect. */
871 if (options->connection_attempts == -1)
872 options->connection_attempts = 1;
873 if (options->number_of_password_prompts == -1)
874 options->number_of_password_prompts = 3;
875 /* Selected in ssh_login(). */
876 if (options->cipher == -1)
877 options->cipher = SSH_CIPHER_NOT_SET;
878 /* options->ciphers, default set in myproposals.h */
879 /* options->macs, default set in myproposals.h */
880 /* options->hostkeyalgorithms, default set in myproposals.h */
881 if (options->protocol == SSH_PROTO_UNKNOWN)
882 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
883 if (options->num_identity_files == 0) {
884 if (options->protocol & SSH_PROTO_1) {
885 len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;
886 options->identity_files[options->num_identity_files] =
888 snprintf(options->identity_files[options->num_identity_files++],
889 len, "~/%.100s", _PATH_SSH_CLIENT_IDENTITY);
891 if (options->protocol & SSH_PROTO_2) {
892 len = 2 + strlen(_PATH_SSH_CLIENT_ID_RSA) + 1;
893 options->identity_files[options->num_identity_files] =
895 snprintf(options->identity_files[options->num_identity_files++],
896 len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA);
898 len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1;
899 options->identity_files[options->num_identity_files] =
901 snprintf(options->identity_files[options->num_identity_files++],
902 len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
905 if (options->escape_char == -1)
906 options->escape_char = '~';
907 if (options->system_hostfile == NULL)
908 options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE;
909 if (options->user_hostfile == NULL)
910 options->user_hostfile = _PATH_SSH_USER_HOSTFILE;
911 if (options->system_hostfile2 == NULL)
912 options->system_hostfile2 = _PATH_SSH_SYSTEM_HOSTFILE2;
913 if (options->user_hostfile2 == NULL)
914 options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2;
915 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
916 options->log_level = SYSLOG_LEVEL_INFO;
917 if (options->clear_forwardings == 1)
918 clear_forwardings(options);
919 if (options->no_host_authentication_for_localhost == - 1)
920 options->no_host_authentication_for_localhost = 0;
921 /* options->proxy_command should not be set by default */
922 /* options->user will be set in the main program if appropriate */
923 /* options->hostname will be set in the main program if appropriate */
924 /* options->host_key_alias should not be set by default */
925 /* options->preferred_authentications will be set in ssh */