2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * Functions for reading the configuration files.
7 * As far as I am concerned, the code I have written for this software
8 * can be used freely for any purpose. Any derived versions of this
9 * software must be clearly marked as such, and if the derived work is
10 * incompatible with the protocol description in the RFC file, it must be
11 * called by a name other than "ssh" or "Secure Shell".
15 RCSID("$OpenBSD: readconf.c,v 1.134 2004/07/11 17:48:47 deraadt Exp $");
21 #include "pathnames.h"
29 /* Format of the configuration file:
31 # Configuration data is parsed as follows:
32 # 1. command line options
33 # 2. user-specific file
35 # Any configuration value is only changed the first time it is set.
36 # Thus, host-specific definitions should be at the beginning of the
37 # configuration file, and defaults at the end.
39 # Host-specific declarations. These may override anything above. A single
40 # host may match multiple declarations; these are processed in the order
41 # that they are given in.
47 HostName another.host.name.real.org
54 RemoteForward 9999 shadows.cs.hut.fi:9999
60 PasswordAuthentication no
64 ProxyCommand ssh-proxy %h %p
67 PublicKeyAuthentication no
71 PasswordAuthentication no
73 # Defaults for various options
77 PasswordAuthentication yes
79 RhostsRSAAuthentication yes
80 StrictHostKeyChecking yes
82 IdentityFile ~/.ssh/identity
92 oForwardAgent, oForwardX11, oForwardX11Trusted, oGatewayPorts,
93 oPasswordAuthentication, oRSAAuthentication,
94 oChallengeResponseAuthentication, oXAuthLocation,
95 oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
96 oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
97 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
98 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
99 oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts,
100 oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
101 oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
102 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
103 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
104 oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
105 oClearAllForwardings, oNoHostAuthenticationForLocalhost,
106 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
107 oAddressFamily, oGssAuthentication, oGssDelegateCreds,
108 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
109 oSendEnv, oControlPath, oControlMaster,
110 oDeprecated, oUnsupported
113 /* Textual representations of the tokens. */
119 { "forwardagent", oForwardAgent },
120 { "forwardx11", oForwardX11 },
121 { "forwardx11trusted", oForwardX11Trusted },
122 { "xauthlocation", oXAuthLocation },
123 { "gatewayports", oGatewayPorts },
124 { "useprivilegedport", oUsePrivilegedPort },
125 { "rhostsauthentication", oDeprecated },
126 { "passwordauthentication", oPasswordAuthentication },
127 { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
128 { "kbdinteractivedevices", oKbdInteractiveDevices },
129 { "rsaauthentication", oRSAAuthentication },
130 { "pubkeyauthentication", oPubkeyAuthentication },
131 { "dsaauthentication", oPubkeyAuthentication }, /* alias */
132 { "rhostsrsaauthentication", oRhostsRSAAuthentication },
133 { "hostbasedauthentication", oHostbasedAuthentication },
134 { "challengeresponseauthentication", oChallengeResponseAuthentication },
135 { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
136 { "tisauthentication", oChallengeResponseAuthentication }, /* alias */
137 { "kerberosauthentication", oUnsupported },
138 { "kerberostgtpassing", oUnsupported },
139 { "afstokenpassing", oUnsupported },
141 { "gssapiauthentication", oGssAuthentication },
142 { "gssapidelegatecredentials", oGssDelegateCreds },
144 { "gssapiauthentication", oUnsupported },
145 { "gssapidelegatecredentials", oUnsupported },
147 { "fallbacktorsh", oDeprecated },
148 { "usersh", oDeprecated },
149 { "identityfile", oIdentityFile },
150 { "identityfile2", oIdentityFile }, /* alias */
151 { "identitiesonly", oIdentitiesOnly },
152 { "hostname", oHostName },
153 { "hostkeyalias", oHostKeyAlias },
154 { "proxycommand", oProxyCommand },
156 { "cipher", oCipher },
157 { "ciphers", oCiphers },
159 { "protocol", oProtocol },
160 { "remoteforward", oRemoteForward },
161 { "localforward", oLocalForward },
164 { "escapechar", oEscapeChar },
165 { "globalknownhostsfile", oGlobalKnownHostsFile },
166 { "userknownhostsfile", oUserKnownHostsFile }, /* obsolete */
167 { "globalknownhostsfile2", oGlobalKnownHostsFile2 },
168 { "userknownhostsfile2", oUserKnownHostsFile2 }, /* obsolete */
169 { "connectionattempts", oConnectionAttempts },
170 { "batchmode", oBatchMode },
171 { "checkhostip", oCheckHostIP },
172 { "stricthostkeychecking", oStrictHostKeyChecking },
173 { "compression", oCompression },
174 { "compressionlevel", oCompressionLevel },
175 { "tcpkeepalive", oTCPKeepAlive },
176 { "keepalive", oTCPKeepAlive }, /* obsolete */
177 { "numberofpasswordprompts", oNumberOfPasswordPrompts },
178 { "loglevel", oLogLevel },
179 { "dynamicforward", oDynamicForward },
180 { "preferredauthentications", oPreferredAuthentications },
181 { "hostkeyalgorithms", oHostKeyAlgorithms },
182 { "bindaddress", oBindAddress },
184 { "smartcarddevice", oSmartcardDevice },
186 { "smartcarddevice", oUnsupported },
188 { "clearallforwardings", oClearAllForwardings },
189 { "enablesshkeysign", oEnableSSHKeysign },
190 { "verifyhostkeydns", oVerifyHostKeyDNS },
191 { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
192 { "rekeylimit", oRekeyLimit },
193 { "connecttimeout", oConnectTimeout },
194 { "addressfamily", oAddressFamily },
195 { "serveraliveinterval", oServerAliveInterval },
196 { "serveralivecountmax", oServerAliveCountMax },
197 { "sendenv", oSendEnv },
198 { "controlpath", oControlPath },
199 { "controlmaster", oControlMaster },
204 * Adds a local TCP/IP port forward to options. Never returns if there is an
209 add_local_forward(Options *options, u_short port, const char *host,
213 #ifndef NO_IPPORT_RESERVED_CONCEPT
214 extern uid_t original_real_uid;
215 if (port < IPPORT_RESERVED && original_real_uid != 0)
216 fatal("Privileged ports can only be forwarded by root.");
218 if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
219 fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
220 fwd = &options->local_forwards[options->num_local_forwards++];
222 fwd->host = xstrdup(host);
223 fwd->host_port = host_port;
227 * Adds a remote TCP/IP port forward to options. Never returns if there is
232 add_remote_forward(Options *options, u_short port, const char *host,
236 if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
237 fatal("Too many remote forwards (max %d).",
238 SSH_MAX_FORWARDS_PER_DIRECTION);
239 fwd = &options->remote_forwards[options->num_remote_forwards++];
241 fwd->host = xstrdup(host);
242 fwd->host_port = host_port;
246 clear_forwardings(Options *options)
250 for (i = 0; i < options->num_local_forwards; i++)
251 xfree(options->local_forwards[i].host);
252 options->num_local_forwards = 0;
253 for (i = 0; i < options->num_remote_forwards; i++)
254 xfree(options->remote_forwards[i].host);
255 options->num_remote_forwards = 0;
259 * Returns the number of the token pointed to by cp or oBadOption.
263 parse_token(const char *cp, const char *filename, int linenum)
267 for (i = 0; keywords[i].name; i++)
268 if (strcasecmp(cp, keywords[i].name) == 0)
269 return keywords[i].opcode;
271 error("%s: line %d: Bad configuration option: %s",
272 filename, linenum, cp);
277 * Processes a single option line as used in the configuration files. This
278 * only sets those values that have not already been set.
280 #define WHITESPACE " \t\r\n"
283 process_config_line(Options *options, const char *host,
284 char *line, const char *filename, int linenum,
287 char buf[256], *s, **charptr, *endofnumber, *keyword, *arg;
288 int opcode, *intptr, value;
290 u_short fwd_port, fwd_host_port;
291 char sfwd_host_port[6];
293 /* Strip trailing whitespace */
294 for(len = strlen(line) - 1; len > 0; len--) {
295 if (strchr(WHITESPACE, line[len]) == NULL)
301 /* Get the keyword. (Each line is supposed to begin with a keyword). */
302 keyword = strdelim(&s);
303 /* Ignore leading whitespace. */
304 if (*keyword == '\0')
305 keyword = strdelim(&s);
306 if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
309 opcode = parse_token(keyword, filename, linenum);
313 /* don't panic, but count bad options */
316 case oConnectTimeout:
317 intptr = &options->connection_timeout;
320 if (!arg || *arg == '\0')
321 fatal("%s line %d: missing time value.",
323 if ((value = convtime(arg)) == -1)
324 fatal("%s line %d: invalid time value.",
331 intptr = &options->forward_agent;
334 if (!arg || *arg == '\0')
335 fatal("%.200s line %d: Missing yes/no argument.", filename, linenum);
336 value = 0; /* To avoid compiler warning... */
337 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
339 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
342 fatal("%.200s line %d: Bad yes/no argument.", filename, linenum);
343 if (*activep && *intptr == -1)
348 intptr = &options->forward_x11;
351 case oForwardX11Trusted:
352 intptr = &options->forward_x11_trusted;
356 intptr = &options->gateway_ports;
359 case oUsePrivilegedPort:
360 intptr = &options->use_privileged_port;
363 case oPasswordAuthentication:
364 intptr = &options->password_authentication;
367 case oKbdInteractiveAuthentication:
368 intptr = &options->kbd_interactive_authentication;
371 case oKbdInteractiveDevices:
372 charptr = &options->kbd_interactive_devices;
375 case oPubkeyAuthentication:
376 intptr = &options->pubkey_authentication;
379 case oRSAAuthentication:
380 intptr = &options->rsa_authentication;
383 case oRhostsRSAAuthentication:
384 intptr = &options->rhosts_rsa_authentication;
387 case oHostbasedAuthentication:
388 intptr = &options->hostbased_authentication;
391 case oChallengeResponseAuthentication:
392 intptr = &options->challenge_response_authentication;
395 case oGssAuthentication:
396 intptr = &options->gss_authentication;
399 case oGssDelegateCreds:
400 intptr = &options->gss_deleg_creds;
404 intptr = &options->batch_mode;
408 intptr = &options->check_host_ip;
411 case oVerifyHostKeyDNS:
412 intptr = &options->verify_host_key_dns;
415 case oStrictHostKeyChecking:
416 intptr = &options->strict_host_key_checking;
419 if (!arg || *arg == '\0')
420 fatal("%.200s line %d: Missing yes/no/ask argument.",
422 value = 0; /* To avoid compiler warning... */
423 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
425 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
427 else if (strcmp(arg, "ask") == 0)
430 fatal("%.200s line %d: Bad yes/no/ask argument.", filename, linenum);
431 if (*activep && *intptr == -1)
436 intptr = &options->compression;
440 intptr = &options->tcp_keep_alive;
443 case oNoHostAuthenticationForLocalhost:
444 intptr = &options->no_host_authentication_for_localhost;
447 case oNumberOfPasswordPrompts:
448 intptr = &options->number_of_password_prompts;
451 case oCompressionLevel:
452 intptr = &options->compression_level;
456 intptr = &options->rekey_limit;
458 if (!arg || *arg == '\0')
459 fatal("%.200s line %d: Missing argument.", filename, linenum);
460 if (arg[0] < '0' || arg[0] > '9')
461 fatal("%.200s line %d: Bad number.", filename, linenum);
462 value = strtol(arg, &endofnumber, 10);
463 if (arg == endofnumber)
464 fatal("%.200s line %d: Bad number.", filename, linenum);
465 switch (toupper(*endofnumber)) {
476 if (*activep && *intptr == -1)
482 if (!arg || *arg == '\0')
483 fatal("%.200s line %d: Missing argument.", filename, linenum);
485 intptr = &options->num_identity_files;
486 if (*intptr >= SSH_MAX_IDENTITY_FILES)
487 fatal("%.200s line %d: Too many identity files specified (max %d).",
488 filename, linenum, SSH_MAX_IDENTITY_FILES);
489 charptr = &options->identity_files[*intptr];
490 *charptr = xstrdup(arg);
491 *intptr = *intptr + 1;
496 charptr=&options->xauth_location;
500 charptr = &options->user;
503 if (!arg || *arg == '\0')
504 fatal("%.200s line %d: Missing argument.", filename, linenum);
505 if (*activep && *charptr == NULL)
506 *charptr = xstrdup(arg);
509 case oGlobalKnownHostsFile:
510 charptr = &options->system_hostfile;
513 case oUserKnownHostsFile:
514 charptr = &options->user_hostfile;
517 case oGlobalKnownHostsFile2:
518 charptr = &options->system_hostfile2;
521 case oUserKnownHostsFile2:
522 charptr = &options->user_hostfile2;
526 charptr = &options->hostname;
530 charptr = &options->host_key_alias;
533 case oPreferredAuthentications:
534 charptr = &options->preferred_authentications;
538 charptr = &options->bind_address;
541 case oSmartcardDevice:
542 charptr = &options->smartcard_device;
547 fatal("%.200s line %d: Missing argument.", filename, linenum);
548 charptr = &options->proxy_command;
549 len = strspn(s, WHITESPACE "=");
550 if (*activep && *charptr == NULL)
551 *charptr = xstrdup(s + len);
555 intptr = &options->port;
558 if (!arg || *arg == '\0')
559 fatal("%.200s line %d: Missing argument.", filename, linenum);
560 if (arg[0] < '0' || arg[0] > '9')
561 fatal("%.200s line %d: Bad number.", filename, linenum);
563 /* Octal, decimal, or hex format? */
564 value = strtol(arg, &endofnumber, 0);
565 if (arg == endofnumber)
566 fatal("%.200s line %d: Bad number.", filename, linenum);
567 if (*activep && *intptr == -1)
571 case oConnectionAttempts:
572 intptr = &options->connection_attempts;
576 intptr = &options->cipher;
578 if (!arg || *arg == '\0')
579 fatal("%.200s line %d: Missing argument.", filename, linenum);
580 value = cipher_number(arg);
582 fatal("%.200s line %d: Bad cipher '%s'.",
583 filename, linenum, arg ? arg : "<NONE>");
584 if (*activep && *intptr == -1)
590 if (!arg || *arg == '\0')
591 fatal("%.200s line %d: Missing argument.", filename, linenum);
592 if (!ciphers_valid(arg))
593 fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
594 filename, linenum, arg ? arg : "<NONE>");
595 if (*activep && options->ciphers == NULL)
596 options->ciphers = xstrdup(arg);
601 if (!arg || *arg == '\0')
602 fatal("%.200s line %d: Missing argument.", filename, linenum);
604 fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
605 filename, linenum, arg ? arg : "<NONE>");
606 if (*activep && options->macs == NULL)
607 options->macs = xstrdup(arg);
610 case oHostKeyAlgorithms:
612 if (!arg || *arg == '\0')
613 fatal("%.200s line %d: Missing argument.", filename, linenum);
614 if (!key_names_valid2(arg))
615 fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.",
616 filename, linenum, arg ? arg : "<NONE>");
617 if (*activep && options->hostkeyalgorithms == NULL)
618 options->hostkeyalgorithms = xstrdup(arg);
622 intptr = &options->protocol;
624 if (!arg || *arg == '\0')
625 fatal("%.200s line %d: Missing argument.", filename, linenum);
626 value = proto_spec(arg);
627 if (value == SSH_PROTO_UNKNOWN)
628 fatal("%.200s line %d: Bad protocol spec '%s'.",
629 filename, linenum, arg ? arg : "<NONE>");
630 if (*activep && *intptr == SSH_PROTO_UNKNOWN)
635 intptr = (int *) &options->log_level;
637 value = log_level_number(arg);
638 if (value == SYSLOG_LEVEL_NOT_SET)
639 fatal("%.200s line %d: unsupported log level '%s'",
640 filename, linenum, arg ? arg : "<NONE>");
641 if (*activep && (LogLevel) *intptr == SYSLOG_LEVEL_NOT_SET)
642 *intptr = (LogLevel) value;
648 if (!arg || *arg == '\0')
649 fatal("%.200s line %d: Missing port argument.",
651 if ((fwd_port = a2port(arg)) == 0)
652 fatal("%.200s line %d: Bad listen port.",
655 if (!arg || *arg == '\0')
656 fatal("%.200s line %d: Missing second argument.",
658 if (sscanf(arg, "%255[^:]:%5[0-9]", buf, sfwd_host_port) != 2 &&
659 sscanf(arg, "%255[^/]/%5[0-9]", buf, sfwd_host_port) != 2)
660 fatal("%.200s line %d: Bad forwarding specification.",
662 if ((fwd_host_port = a2port(sfwd_host_port)) == 0)
663 fatal("%.200s line %d: Bad forwarding port.",
666 if (opcode == oLocalForward)
667 add_local_forward(options, fwd_port, buf,
669 else if (opcode == oRemoteForward)
670 add_remote_forward(options, fwd_port, buf,
675 case oDynamicForward:
677 if (!arg || *arg == '\0')
678 fatal("%.200s line %d: Missing port argument.",
680 fwd_port = a2port(arg);
682 fatal("%.200s line %d: Badly formatted port number.",
685 add_local_forward(options, fwd_port, "socks", 0);
688 case oClearAllForwardings:
689 intptr = &options->clear_forwardings;
694 while ((arg = strdelim(&s)) != NULL && *arg != '\0')
695 if (match_pattern(host, arg)) {
696 debug("Applying options for %.100s", arg);
700 /* Avoid garbage check below, as strdelim is done. */
704 intptr = &options->escape_char;
706 if (!arg || *arg == '\0')
707 fatal("%.200s line %d: Missing argument.", filename, linenum);
708 if (arg[0] == '^' && arg[2] == 0 &&
709 (u_char) arg[1] >= 64 && (u_char) arg[1] < 128)
710 value = (u_char) arg[1] & 31;
711 else if (strlen(arg) == 1)
712 value = (u_char) arg[0];
713 else if (strcmp(arg, "none") == 0)
714 value = SSH_ESCAPECHAR_NONE;
716 fatal("%.200s line %d: Bad escape character.",
719 value = 0; /* Avoid compiler warning. */
721 if (*activep && *intptr == -1)
727 intptr = &options->address_family;
728 if (strcasecmp(arg, "inet") == 0)
730 else if (strcasecmp(arg, "inet6") == 0)
732 else if (strcasecmp(arg, "any") == 0)
735 fatal("Unsupported AddressFamily \"%s\"", arg);
736 if (*activep && *intptr == -1)
740 case oEnableSSHKeysign:
741 intptr = &options->enable_ssh_keysign;
744 case oIdentitiesOnly:
745 intptr = &options->identities_only;
748 case oServerAliveInterval:
749 intptr = &options->server_alive_interval;
752 case oServerAliveCountMax:
753 intptr = &options->server_alive_count_max;
757 while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
758 if (strchr(arg, '=') != NULL)
759 fatal("%s line %d: Invalid environment name.",
761 if (options->num_send_env >= MAX_SEND_ENV)
762 fatal("%s line %d: too many send env.",
764 options->send_env[options->num_send_env++] =
770 charptr = &options->control_path;
774 intptr = &options->control_master;
778 debug("%s line %d: Deprecated option \"%s\"",
779 filename, linenum, keyword);
783 error("%s line %d: Unsupported option \"%s\"",
784 filename, linenum, keyword);
788 fatal("process_config_line: Unimplemented opcode %d", opcode);
791 /* Check that there is no garbage at end of line. */
792 if ((arg = strdelim(&s)) != NULL && *arg != '\0') {
793 fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
794 filename, linenum, arg);
801 * Reads the config file and modifies the options accordingly. Options
802 * should already be initialized before this call. This never returns if
803 * there is an error. If the file does not exist, this returns 0.
807 read_config_file(const char *filename, const char *host, Options *options,
816 if ((f = fopen(filename, "r")) == NULL)
822 if (fstat(fileno(f), &sb) == -1)
823 fatal("fstat %s: %s", filename, strerror(errno));
824 if (((sb.st_uid != 0 && sb.st_uid != getuid()) ||
825 (sb.st_mode & 022) != 0))
826 fatal("Bad owner or permissions on %s", filename);
829 debug("Reading configuration data %.200s", filename);
832 * Mark that we are now processing the options. This flag is turned
833 * on/off by Host specifications.
837 while (fgets(line, sizeof(line), f)) {
838 /* Update line number counter. */
840 if (process_config_line(options, host, line, filename, linenum, &active) != 0)
845 fatal("%s: terminating, %d bad configuration options",
846 filename, bad_options);
851 * Initializes options to special values that indicate that they have not yet
852 * been set. Read_config_file will only set options with this value. Options
853 * are processed in the following order: command line, user config file,
854 * system config file. Last, fill_default_options is called.
858 initialize_options(Options * options)
860 memset(options, 'X', sizeof(*options));
861 options->forward_agent = -1;
862 options->forward_x11 = -1;
863 options->forward_x11_trusted = -1;
864 options->xauth_location = NULL;
865 options->gateway_ports = -1;
866 options->use_privileged_port = -1;
867 options->rsa_authentication = -1;
868 options->pubkey_authentication = -1;
869 options->challenge_response_authentication = -1;
870 options->gss_authentication = -1;
871 options->gss_deleg_creds = -1;
872 options->password_authentication = -1;
873 options->kbd_interactive_authentication = -1;
874 options->kbd_interactive_devices = NULL;
875 options->rhosts_rsa_authentication = -1;
876 options->hostbased_authentication = -1;
877 options->batch_mode = -1;
878 options->check_host_ip = -1;
879 options->strict_host_key_checking = -1;
880 options->compression = -1;
881 options->tcp_keep_alive = -1;
882 options->compression_level = -1;
884 options->address_family = -1;
885 options->connection_attempts = -1;
886 options->connection_timeout = -1;
887 options->number_of_password_prompts = -1;
888 options->cipher = -1;
889 options->ciphers = NULL;
890 options->macs = NULL;
891 options->hostkeyalgorithms = NULL;
892 options->protocol = SSH_PROTO_UNKNOWN;
893 options->num_identity_files = 0;
894 options->hostname = NULL;
895 options->host_key_alias = NULL;
896 options->proxy_command = NULL;
897 options->user = NULL;
898 options->escape_char = -1;
899 options->system_hostfile = NULL;
900 options->user_hostfile = NULL;
901 options->system_hostfile2 = NULL;
902 options->user_hostfile2 = NULL;
903 options->num_local_forwards = 0;
904 options->num_remote_forwards = 0;
905 options->clear_forwardings = -1;
906 options->log_level = SYSLOG_LEVEL_NOT_SET;
907 options->preferred_authentications = NULL;
908 options->bind_address = NULL;
909 options->smartcard_device = NULL;
910 options->enable_ssh_keysign = - 1;
911 options->no_host_authentication_for_localhost = - 1;
912 options->identities_only = - 1;
913 options->rekey_limit = - 1;
914 options->verify_host_key_dns = -1;
915 options->server_alive_interval = -1;
916 options->server_alive_count_max = -1;
917 options->num_send_env = 0;
918 options->control_path = NULL;
919 options->control_master = -1;
923 * Called after processing other sources of option data, this fills those
924 * options for which no value has been specified with their default values.
928 fill_default_options(Options * options)
932 if (options->forward_agent == -1)
933 options->forward_agent = 0;
934 if (options->forward_x11 == -1)
935 options->forward_x11 = 0;
936 if (options->forward_x11_trusted == -1)
937 options->forward_x11_trusted = 0;
938 if (options->xauth_location == NULL)
939 options->xauth_location = _PATH_XAUTH;
940 if (options->gateway_ports == -1)
941 options->gateway_ports = 0;
942 if (options->use_privileged_port == -1)
943 options->use_privileged_port = 0;
944 if (options->rsa_authentication == -1)
945 options->rsa_authentication = 1;
946 if (options->pubkey_authentication == -1)
947 options->pubkey_authentication = 1;
948 if (options->challenge_response_authentication == -1)
949 options->challenge_response_authentication = 1;
950 if (options->gss_authentication == -1)
951 options->gss_authentication = 0;
952 if (options->gss_deleg_creds == -1)
953 options->gss_deleg_creds = 0;
954 if (options->password_authentication == -1)
955 options->password_authentication = 1;
956 if (options->kbd_interactive_authentication == -1)
957 options->kbd_interactive_authentication = 1;
958 if (options->rhosts_rsa_authentication == -1)
959 options->rhosts_rsa_authentication = 0;
960 if (options->hostbased_authentication == -1)
961 options->hostbased_authentication = 0;
962 if (options->batch_mode == -1)
963 options->batch_mode = 0;
964 if (options->check_host_ip == -1)
965 options->check_host_ip = 1;
966 if (options->strict_host_key_checking == -1)
967 options->strict_host_key_checking = 2; /* 2 is default */
968 if (options->compression == -1)
969 options->compression = 0;
970 if (options->tcp_keep_alive == -1)
971 options->tcp_keep_alive = 1;
972 if (options->compression_level == -1)
973 options->compression_level = 6;
974 if (options->port == -1)
975 options->port = 0; /* Filled in ssh_connect. */
976 if (options->address_family == -1)
977 options->address_family = AF_UNSPEC;
978 if (options->connection_attempts == -1)
979 options->connection_attempts = 1;
980 if (options->number_of_password_prompts == -1)
981 options->number_of_password_prompts = 3;
982 /* Selected in ssh_login(). */
983 if (options->cipher == -1)
984 options->cipher = SSH_CIPHER_NOT_SET;
985 /* options->ciphers, default set in myproposals.h */
986 /* options->macs, default set in myproposals.h */
987 /* options->hostkeyalgorithms, default set in myproposals.h */
988 if (options->protocol == SSH_PROTO_UNKNOWN)
989 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
990 if (options->num_identity_files == 0) {
991 if (options->protocol & SSH_PROTO_1) {
992 len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;
993 options->identity_files[options->num_identity_files] =
995 snprintf(options->identity_files[options->num_identity_files++],
996 len, "~/%.100s", _PATH_SSH_CLIENT_IDENTITY);
998 if (options->protocol & SSH_PROTO_2) {
999 len = 2 + strlen(_PATH_SSH_CLIENT_ID_RSA) + 1;
1000 options->identity_files[options->num_identity_files] =
1002 snprintf(options->identity_files[options->num_identity_files++],
1003 len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA);
1005 len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1;
1006 options->identity_files[options->num_identity_files] =
1008 snprintf(options->identity_files[options->num_identity_files++],
1009 len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
1012 if (options->escape_char == -1)
1013 options->escape_char = '~';
1014 if (options->system_hostfile == NULL)
1015 options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE;
1016 if (options->user_hostfile == NULL)
1017 options->user_hostfile = _PATH_SSH_USER_HOSTFILE;
1018 if (options->system_hostfile2 == NULL)
1019 options->system_hostfile2 = _PATH_SSH_SYSTEM_HOSTFILE2;
1020 if (options->user_hostfile2 == NULL)
1021 options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2;
1022 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
1023 options->log_level = SYSLOG_LEVEL_INFO;
1024 if (options->clear_forwardings == 1)
1025 clear_forwardings(options);
1026 if (options->no_host_authentication_for_localhost == - 1)
1027 options->no_host_authentication_for_localhost = 0;
1028 if (options->identities_only == -1)
1029 options->identities_only = 0;
1030 if (options->enable_ssh_keysign == -1)
1031 options->enable_ssh_keysign = 0;
1032 if (options->rekey_limit == -1)
1033 options->rekey_limit = 0;
1034 if (options->verify_host_key_dns == -1)
1035 options->verify_host_key_dns = 0;
1036 if (options->server_alive_interval == -1)
1037 options->server_alive_interval = 0;
1038 if (options->server_alive_count_max == -1)
1039 options->server_alive_count_max = 3;
1040 if (options->control_master == -1)
1041 options->control_master = 0;
1042 /* options->proxy_command should not be set by default */
1043 /* options->user will be set in the main program if appropriate */
1044 /* options->hostname will be set in the main program if appropriate */
1045 /* options->host_key_alias should not be set by default */
1046 /* options->preferred_authentications will be set in ssh */