2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * Functions for reading the configuration files.
7 * As far as I am concerned, the code I have written for this software
8 * can be used freely for any purpose. Any derived versions of this
9 * software must be clearly marked as such, and if the derived work is
10 * incompatible with the protocol description in the RFC file, it must be
11 * called by a name other than "ssh" or "Secure Shell".
15 RCSID("$OpenBSD: readconf.c,v 1.121 2003/09/01 18:15:50 markus Exp $");
22 #include "pathnames.h"
30 /* Format of the configuration file:
32 # Configuration data is parsed as follows:
33 # 1. command line options
34 # 2. user-specific file
36 # Any configuration value is only changed the first time it is set.
37 # Thus, host-specific definitions should be at the beginning of the
38 # configuration file, and defaults at the end.
40 # Host-specific declarations. These may override anything above. A single
41 # host may match multiple declarations; these are processed in the order
42 # that they are given in.
48 HostName another.host.name.real.org
55 RemoteForward 9999 shadows.cs.hut.fi:9999
61 PasswordAuthentication no
65 ProxyCommand ssh-proxy %h %p
68 PublicKeyAuthentication no
72 PasswordAuthentication no
74 # Defaults for various options
78 PasswordAuthentication yes
80 RhostsRSAAuthentication yes
81 StrictHostKeyChecking yes
83 IdentityFile ~/.ssh/identity
93 oForwardAgent, oForwardX11, oGatewayPorts,
94 oPasswordAuthentication, oRSAAuthentication,
95 oChallengeResponseAuthentication, oXAuthLocation,
96 oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
97 oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
98 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
99 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
100 oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts,
101 oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
102 oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
103 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
104 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
105 oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
106 oClearAllForwardings, oNoHostAuthenticationForLocalhost,
107 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
108 oAddressFamily, oGssAuthentication, oGssDelegateCreds,
110 oDeprecated, oUnsupported
113 /* Textual representations of the tokens. */
119 { "forwardagent", oForwardAgent },
120 { "forwardx11", oForwardX11 },
121 { "xauthlocation", oXAuthLocation },
122 { "gatewayports", oGatewayPorts },
123 { "useprivilegedport", oUsePrivilegedPort },
124 { "rhostsauthentication", oDeprecated },
125 { "passwordauthentication", oPasswordAuthentication },
126 { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
127 { "kbdinteractivedevices", oKbdInteractiveDevices },
128 { "rsaauthentication", oRSAAuthentication },
129 { "pubkeyauthentication", oPubkeyAuthentication },
130 { "dsaauthentication", oPubkeyAuthentication }, /* alias */
131 { "rhostsrsaauthentication", oRhostsRSAAuthentication },
132 { "hostbasedauthentication", oHostbasedAuthentication },
133 { "challengeresponseauthentication", oChallengeResponseAuthentication },
134 { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
135 { "tisauthentication", oChallengeResponseAuthentication }, /* alias */
136 { "kerberosauthentication", oUnsupported },
137 { "kerberostgtpassing", oUnsupported },
138 { "afstokenpassing", oUnsupported },
140 { "gssapiauthentication", oGssAuthentication },
141 { "gssapidelegatecredentials", oGssDelegateCreds },
143 { "gssapiauthentication", oUnsupported },
144 { "gssapidelegatecredentials", oUnsupported },
146 { "fallbacktorsh", oDeprecated },
147 { "usersh", oDeprecated },
148 { "identityfile", oIdentityFile },
149 { "identityfile2", oIdentityFile }, /* alias */
150 { "hostname", oHostName },
151 { "hostkeyalias", oHostKeyAlias },
152 { "proxycommand", oProxyCommand },
154 { "cipher", oCipher },
155 { "ciphers", oCiphers },
157 { "protocol", oProtocol },
158 { "remoteforward", oRemoteForward },
159 { "localforward", oLocalForward },
162 { "escapechar", oEscapeChar },
163 { "globalknownhostsfile", oGlobalKnownHostsFile },
164 { "userknownhostsfile", oUserKnownHostsFile }, /* obsolete */
165 { "globalknownhostsfile2", oGlobalKnownHostsFile2 },
166 { "userknownhostsfile2", oUserKnownHostsFile2 }, /* obsolete */
167 { "connectionattempts", oConnectionAttempts },
168 { "batchmode", oBatchMode },
169 { "checkhostip", oCheckHostIP },
170 { "stricthostkeychecking", oStrictHostKeyChecking },
171 { "compression", oCompression },
172 { "compressionlevel", oCompressionLevel },
173 { "keepalive", oKeepAlives },
174 { "numberofpasswordprompts", oNumberOfPasswordPrompts },
175 { "loglevel", oLogLevel },
176 { "dynamicforward", oDynamicForward },
177 { "preferredauthentications", oPreferredAuthentications },
178 { "hostkeyalgorithms", oHostKeyAlgorithms },
179 { "bindaddress", oBindAddress },
181 { "smartcarddevice", oSmartcardDevice },
183 { "smartcarddevice", oUnsupported },
185 { "clearallforwardings", oClearAllForwardings },
186 { "enablesshkeysign", oEnableSSHKeysign },
188 { "verifyhostkeydns", oVerifyHostKeyDNS },
190 { "verifyhostkeydns", oUnsupported },
192 { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
193 { "rekeylimit", oRekeyLimit },
194 { "connecttimeout", oConnectTimeout },
195 { "addressfamily", oAddressFamily },
196 { "versionaddendum", oVersionAddendum },
201 * Adds a local TCP/IP port forward to options. Never returns if there is an
206 add_local_forward(Options *options, u_short port, const char *host,
210 #ifndef NO_IPPORT_RESERVED_CONCEPT
211 extern uid_t original_real_uid;
212 if (port < IPPORT_RESERVED && original_real_uid != 0)
213 fatal("Privileged ports can only be forwarded by root.");
215 if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
216 fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
217 fwd = &options->local_forwards[options->num_local_forwards++];
219 fwd->host = xstrdup(host);
220 fwd->host_port = host_port;
224 * Adds a remote TCP/IP port forward to options. Never returns if there is
229 add_remote_forward(Options *options, u_short port, const char *host,
233 if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
234 fatal("Too many remote forwards (max %d).",
235 SSH_MAX_FORWARDS_PER_DIRECTION);
236 fwd = &options->remote_forwards[options->num_remote_forwards++];
238 fwd->host = xstrdup(host);
239 fwd->host_port = host_port;
243 clear_forwardings(Options *options)
247 for (i = 0; i < options->num_local_forwards; i++)
248 xfree(options->local_forwards[i].host);
249 options->num_local_forwards = 0;
250 for (i = 0; i < options->num_remote_forwards; i++)
251 xfree(options->remote_forwards[i].host);
252 options->num_remote_forwards = 0;
256 * Returns the number of the token pointed to by cp or oBadOption.
260 parse_token(const char *cp, const char *filename, int linenum)
264 for (i = 0; keywords[i].name; i++)
265 if (strcasecmp(cp, keywords[i].name) == 0)
266 return keywords[i].opcode;
268 error("%s: line %d: Bad configuration option: %s",
269 filename, linenum, cp);
274 * Processes a single option line as used in the configuration files. This
275 * only sets those values that have not already been set.
277 #define WHITESPACE " \t\r\n"
280 process_config_line(Options *options, const char *host,
281 char *line, const char *filename, int linenum,
284 char buf[256], *s, **charptr, *endofnumber, *keyword, *arg;
285 int opcode, *intptr, value;
287 u_short fwd_port, fwd_host_port;
288 char sfwd_host_port[6];
290 /* Strip trailing whitespace */
291 for(len = strlen(line) - 1; len > 0; len--) {
292 if (strchr(WHITESPACE, line[len]) == NULL)
298 /* Get the keyword. (Each line is supposed to begin with a keyword). */
299 keyword = strdelim(&s);
300 /* Ignore leading whitespace. */
301 if (*keyword == '\0')
302 keyword = strdelim(&s);
303 if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
306 opcode = parse_token(keyword, filename, linenum);
310 /* don't panic, but count bad options */
313 case oConnectTimeout:
314 intptr = &options->connection_timeout;
317 if (!arg || *arg == '\0')
318 fatal("%s line %d: missing time value.",
320 if ((value = convtime(arg)) == -1)
321 fatal("%s line %d: invalid time value.",
328 intptr = &options->forward_agent;
331 if (!arg || *arg == '\0')
332 fatal("%.200s line %d: Missing yes/no argument.", filename, linenum);
333 value = 0; /* To avoid compiler warning... */
334 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
336 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
339 fatal("%.200s line %d: Bad yes/no argument.", filename, linenum);
340 if (*activep && *intptr == -1)
345 intptr = &options->forward_x11;
349 intptr = &options->gateway_ports;
352 case oUsePrivilegedPort:
353 intptr = &options->use_privileged_port;
356 case oPasswordAuthentication:
357 intptr = &options->password_authentication;
360 case oKbdInteractiveAuthentication:
361 intptr = &options->kbd_interactive_authentication;
364 case oKbdInteractiveDevices:
365 charptr = &options->kbd_interactive_devices;
368 case oPubkeyAuthentication:
369 intptr = &options->pubkey_authentication;
372 case oRSAAuthentication:
373 intptr = &options->rsa_authentication;
376 case oRhostsRSAAuthentication:
377 intptr = &options->rhosts_rsa_authentication;
380 case oHostbasedAuthentication:
381 intptr = &options->hostbased_authentication;
384 case oChallengeResponseAuthentication:
385 intptr = &options->challenge_response_authentication;
388 case oGssAuthentication:
389 intptr = &options->gss_authentication;
392 case oGssDelegateCreds:
393 intptr = &options->gss_deleg_creds;
397 intptr = &options->batch_mode;
401 intptr = &options->check_host_ip;
404 case oVerifyHostKeyDNS:
405 intptr = &options->verify_host_key_dns;
408 case oStrictHostKeyChecking:
409 intptr = &options->strict_host_key_checking;
411 if (!arg || *arg == '\0')
412 fatal("%.200s line %d: Missing yes/no/ask argument.",
414 value = 0; /* To avoid compiler warning... */
415 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
417 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
419 else if (strcmp(arg, "ask") == 0)
422 fatal("%.200s line %d: Bad yes/no/ask argument.", filename, linenum);
423 if (*activep && *intptr == -1)
428 intptr = &options->compression;
432 intptr = &options->keepalives;
435 case oNoHostAuthenticationForLocalhost:
436 intptr = &options->no_host_authentication_for_localhost;
439 case oNumberOfPasswordPrompts:
440 intptr = &options->number_of_password_prompts;
443 case oCompressionLevel:
444 intptr = &options->compression_level;
448 intptr = &options->rekey_limit;
450 if (!arg || *arg == '\0')
451 fatal("%.200s line %d: Missing argument.", filename, linenum);
452 if (arg[0] < '0' || arg[0] > '9')
453 fatal("%.200s line %d: Bad number.", filename, linenum);
454 value = strtol(arg, &endofnumber, 10);
455 if (arg == endofnumber)
456 fatal("%.200s line %d: Bad number.", filename, linenum);
457 switch (toupper(*endofnumber)) {
468 if (*activep && *intptr == -1)
474 if (!arg || *arg == '\0')
475 fatal("%.200s line %d: Missing argument.", filename, linenum);
477 intptr = &options->num_identity_files;
478 if (*intptr >= SSH_MAX_IDENTITY_FILES)
479 fatal("%.200s line %d: Too many identity files specified (max %d).",
480 filename, linenum, SSH_MAX_IDENTITY_FILES);
481 charptr = &options->identity_files[*intptr];
482 *charptr = xstrdup(arg);
483 *intptr = *intptr + 1;
488 charptr=&options->xauth_location;
492 charptr = &options->user;
495 if (!arg || *arg == '\0')
496 fatal("%.200s line %d: Missing argument.", filename, linenum);
497 if (*activep && *charptr == NULL)
498 *charptr = xstrdup(arg);
501 case oGlobalKnownHostsFile:
502 charptr = &options->system_hostfile;
505 case oUserKnownHostsFile:
506 charptr = &options->user_hostfile;
509 case oGlobalKnownHostsFile2:
510 charptr = &options->system_hostfile2;
513 case oUserKnownHostsFile2:
514 charptr = &options->user_hostfile2;
518 charptr = &options->hostname;
522 charptr = &options->host_key_alias;
525 case oPreferredAuthentications:
526 charptr = &options->preferred_authentications;
530 charptr = &options->bind_address;
533 case oSmartcardDevice:
534 charptr = &options->smartcard_device;
539 fatal("%.200s line %d: Missing argument.", filename, linenum);
540 charptr = &options->proxy_command;
541 len = strspn(s, WHITESPACE "=");
542 if (*activep && *charptr == NULL)
543 *charptr = xstrdup(s + len);
547 intptr = &options->port;
550 if (!arg || *arg == '\0')
551 fatal("%.200s line %d: Missing argument.", filename, linenum);
552 if (arg[0] < '0' || arg[0] > '9')
553 fatal("%.200s line %d: Bad number.", filename, linenum);
555 /* Octal, decimal, or hex format? */
556 value = strtol(arg, &endofnumber, 0);
557 if (arg == endofnumber)
558 fatal("%.200s line %d: Bad number.", filename, linenum);
559 if (*activep && *intptr == -1)
563 case oConnectionAttempts:
564 intptr = &options->connection_attempts;
568 intptr = &options->cipher;
570 if (!arg || *arg == '\0')
571 fatal("%.200s line %d: Missing argument.", filename, linenum);
572 value = cipher_number(arg);
574 fatal("%.200s line %d: Bad cipher '%s'.",
575 filename, linenum, arg ? arg : "<NONE>");
576 if (*activep && *intptr == -1)
582 if (!arg || *arg == '\0')
583 fatal("%.200s line %d: Missing argument.", filename, linenum);
584 if (!ciphers_valid(arg))
585 fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
586 filename, linenum, arg ? arg : "<NONE>");
587 if (*activep && options->ciphers == NULL)
588 options->ciphers = xstrdup(arg);
593 if (!arg || *arg == '\0')
594 fatal("%.200s line %d: Missing argument.", filename, linenum);
596 fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
597 filename, linenum, arg ? arg : "<NONE>");
598 if (*activep && options->macs == NULL)
599 options->macs = xstrdup(arg);
602 case oHostKeyAlgorithms:
604 if (!arg || *arg == '\0')
605 fatal("%.200s line %d: Missing argument.", filename, linenum);
606 if (!key_names_valid2(arg))
607 fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.",
608 filename, linenum, arg ? arg : "<NONE>");
609 if (*activep && options->hostkeyalgorithms == NULL)
610 options->hostkeyalgorithms = xstrdup(arg);
614 intptr = &options->protocol;
616 if (!arg || *arg == '\0')
617 fatal("%.200s line %d: Missing argument.", filename, linenum);
618 value = proto_spec(arg);
619 if (value == SSH_PROTO_UNKNOWN)
620 fatal("%.200s line %d: Bad protocol spec '%s'.",
621 filename, linenum, arg ? arg : "<NONE>");
622 if (*activep && *intptr == SSH_PROTO_UNKNOWN)
627 intptr = (int *) &options->log_level;
629 value = log_level_number(arg);
630 if (value == SYSLOG_LEVEL_NOT_SET)
631 fatal("%.200s line %d: unsupported log level '%s'",
632 filename, linenum, arg ? arg : "<NONE>");
633 if (*activep && (LogLevel) *intptr == SYSLOG_LEVEL_NOT_SET)
634 *intptr = (LogLevel) value;
640 if (!arg || *arg == '\0')
641 fatal("%.200s line %d: Missing port argument.",
643 if ((fwd_port = a2port(arg)) == 0)
644 fatal("%.200s line %d: Bad listen port.",
647 if (!arg || *arg == '\0')
648 fatal("%.200s line %d: Missing second argument.",
650 if (sscanf(arg, "%255[^:]:%5[0-9]", buf, sfwd_host_port) != 2 &&
651 sscanf(arg, "%255[^/]/%5[0-9]", buf, sfwd_host_port) != 2)
652 fatal("%.200s line %d: Bad forwarding specification.",
654 if ((fwd_host_port = a2port(sfwd_host_port)) == 0)
655 fatal("%.200s line %d: Bad forwarding port.",
658 if (opcode == oLocalForward)
659 add_local_forward(options, fwd_port, buf,
661 else if (opcode == oRemoteForward)
662 add_remote_forward(options, fwd_port, buf,
667 case oDynamicForward:
669 if (!arg || *arg == '\0')
670 fatal("%.200s line %d: Missing port argument.",
672 fwd_port = a2port(arg);
674 fatal("%.200s line %d: Badly formatted port number.",
677 add_local_forward(options, fwd_port, "socks", 0);
680 case oClearAllForwardings:
681 intptr = &options->clear_forwardings;
686 while ((arg = strdelim(&s)) != NULL && *arg != '\0')
687 if (match_pattern(host, arg)) {
688 debug("Applying options for %.100s", arg);
692 /* Avoid garbage check below, as strdelim is done. */
696 intptr = &options->escape_char;
698 if (!arg || *arg == '\0')
699 fatal("%.200s line %d: Missing argument.", filename, linenum);
700 if (arg[0] == '^' && arg[2] == 0 &&
701 (u_char) arg[1] >= 64 && (u_char) arg[1] < 128)
702 value = (u_char) arg[1] & 31;
703 else if (strlen(arg) == 1)
704 value = (u_char) arg[0];
705 else if (strcmp(arg, "none") == 0)
706 value = SSH_ESCAPECHAR_NONE;
708 fatal("%.200s line %d: Bad escape character.",
711 value = 0; /* Avoid compiler warning. */
713 if (*activep && *intptr == -1)
719 intptr = &options->address_family;
720 if (strcasecmp(arg, "inet") == 0)
722 else if (strcasecmp(arg, "inet6") == 0)
724 else if (strcasecmp(arg, "any") == 0)
727 fatal("Unsupported AddressFamily \"%s\"", arg);
728 if (*activep && *intptr == -1)
732 case oEnableSSHKeysign:
733 intptr = &options->enable_ssh_keysign;
736 case oVersionAddendum:
737 ssh_version_set_addendum(strtok(s, "\n"));
740 } while (arg != NULL && *arg != '\0');
744 debug("%s line %d: Deprecated option \"%s\"",
745 filename, linenum, keyword);
749 error("%s line %d: Unsupported option \"%s\"",
750 filename, linenum, keyword);
754 fatal("process_config_line: Unimplemented opcode %d", opcode);
757 /* Check that there is no garbage at end of line. */
758 if ((arg = strdelim(&s)) != NULL && *arg != '\0') {
759 fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
760 filename, linenum, arg);
767 * Reads the config file and modifies the options accordingly. Options
768 * should already be initialized before this call. This never returns if
769 * there is an error. If the file does not exist, this returns 0.
773 read_config_file(const char *filename, const char *host, Options *options)
781 f = fopen(filename, "r");
785 debug("Reading configuration data %.200s", filename);
788 * Mark that we are now processing the options. This flag is turned
789 * on/off by Host specifications.
793 while (fgets(line, sizeof(line), f)) {
794 /* Update line number counter. */
796 if (process_config_line(options, host, line, filename, linenum, &active) != 0)
801 fatal("%s: terminating, %d bad configuration options",
802 filename, bad_options);
807 * Initializes options to special values that indicate that they have not yet
808 * been set. Read_config_file will only set options with this value. Options
809 * are processed in the following order: command line, user config file,
810 * system config file. Last, fill_default_options is called.
814 initialize_options(Options * options)
816 memset(options, 'X', sizeof(*options));
817 options->forward_agent = -1;
818 options->forward_x11 = -1;
819 options->xauth_location = NULL;
820 options->gateway_ports = -1;
821 options->use_privileged_port = -1;
822 options->rsa_authentication = -1;
823 options->pubkey_authentication = -1;
824 options->challenge_response_authentication = -1;
825 options->gss_authentication = -1;
826 options->gss_deleg_creds = -1;
827 options->password_authentication = -1;
828 options->kbd_interactive_authentication = -1;
829 options->kbd_interactive_devices = NULL;
830 options->rhosts_rsa_authentication = -1;
831 options->hostbased_authentication = -1;
832 options->batch_mode = -1;
833 options->check_host_ip = -1;
834 options->strict_host_key_checking = -1;
835 options->compression = -1;
836 options->keepalives = -1;
837 options->compression_level = -1;
839 options->address_family = -1;
840 options->connection_attempts = -1;
841 options->connection_timeout = -1;
842 options->number_of_password_prompts = -1;
843 options->cipher = -1;
844 options->ciphers = NULL;
845 options->macs = NULL;
846 options->hostkeyalgorithms = NULL;
847 options->protocol = SSH_PROTO_UNKNOWN;
848 options->num_identity_files = 0;
849 options->hostname = NULL;
850 options->host_key_alias = NULL;
851 options->proxy_command = NULL;
852 options->user = NULL;
853 options->escape_char = -1;
854 options->system_hostfile = NULL;
855 options->user_hostfile = NULL;
856 options->system_hostfile2 = NULL;
857 options->user_hostfile2 = NULL;
858 options->num_local_forwards = 0;
859 options->num_remote_forwards = 0;
860 options->clear_forwardings = -1;
861 options->log_level = SYSLOG_LEVEL_NOT_SET;
862 options->preferred_authentications = NULL;
863 options->bind_address = NULL;
864 options->smartcard_device = NULL;
865 options->enable_ssh_keysign = - 1;
866 options->no_host_authentication_for_localhost = - 1;
867 options->rekey_limit = - 1;
868 options->verify_host_key_dns = -1;
872 * Called after processing other sources of option data, this fills those
873 * options for which no value has been specified with their default values.
877 fill_default_options(Options * options)
881 if (options->forward_agent == -1)
882 options->forward_agent = 0;
883 if (options->forward_x11 == -1)
884 options->forward_x11 = 0;
885 if (options->xauth_location == NULL)
886 options->xauth_location = _PATH_XAUTH;
887 if (options->gateway_ports == -1)
888 options->gateway_ports = 0;
889 if (options->use_privileged_port == -1)
890 options->use_privileged_port = 0;
891 if (options->rsa_authentication == -1)
892 options->rsa_authentication = 1;
893 if (options->pubkey_authentication == -1)
894 options->pubkey_authentication = 1;
895 if (options->challenge_response_authentication == -1)
896 options->challenge_response_authentication = 1;
897 if (options->gss_authentication == -1)
898 options->gss_authentication = 1;
899 if (options->gss_deleg_creds == -1)
900 options->gss_deleg_creds = 0;
901 if (options->password_authentication == -1)
902 options->password_authentication = 1;
903 if (options->kbd_interactive_authentication == -1)
904 options->kbd_interactive_authentication = 1;
905 if (options->rhosts_rsa_authentication == -1)
906 options->rhosts_rsa_authentication = 0;
907 if (options->hostbased_authentication == -1)
908 options->hostbased_authentication = 0;
909 if (options->batch_mode == -1)
910 options->batch_mode = 0;
911 if (options->check_host_ip == -1)
912 options->check_host_ip = 0;
913 if (options->strict_host_key_checking == -1)
914 options->strict_host_key_checking = 2; /* 2 is default */
915 if (options->compression == -1)
916 options->compression = 0;
917 if (options->keepalives == -1)
918 options->keepalives = 1;
919 if (options->compression_level == -1)
920 options->compression_level = 6;
921 if (options->port == -1)
922 options->port = 0; /* Filled in ssh_connect. */
923 if (options->address_family == -1)
924 options->address_family = AF_UNSPEC;
925 if (options->connection_attempts == -1)
926 options->connection_attempts = 1;
927 if (options->number_of_password_prompts == -1)
928 options->number_of_password_prompts = 3;
929 /* Selected in ssh_login(). */
930 if (options->cipher == -1)
931 options->cipher = SSH_CIPHER_NOT_SET;
932 /* options->ciphers, default set in myproposals.h */
933 /* options->macs, default set in myproposals.h */
934 /* options->hostkeyalgorithms, default set in myproposals.h */
935 if (options->protocol == SSH_PROTO_UNKNOWN)
936 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
937 if (options->num_identity_files == 0) {
938 if (options->protocol & SSH_PROTO_1) {
939 len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;
940 options->identity_files[options->num_identity_files] =
942 snprintf(options->identity_files[options->num_identity_files++],
943 len, "~/%.100s", _PATH_SSH_CLIENT_IDENTITY);
945 if (options->protocol & SSH_PROTO_2) {
946 len = 2 + strlen(_PATH_SSH_CLIENT_ID_RSA) + 1;
947 options->identity_files[options->num_identity_files] =
949 snprintf(options->identity_files[options->num_identity_files++],
950 len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA);
952 len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1;
953 options->identity_files[options->num_identity_files] =
955 snprintf(options->identity_files[options->num_identity_files++],
956 len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
959 if (options->escape_char == -1)
960 options->escape_char = '~';
961 if (options->system_hostfile == NULL)
962 options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE;
963 if (options->user_hostfile == NULL)
964 options->user_hostfile = _PATH_SSH_USER_HOSTFILE;
965 if (options->system_hostfile2 == NULL)
966 options->system_hostfile2 = _PATH_SSH_SYSTEM_HOSTFILE2;
967 if (options->user_hostfile2 == NULL)
968 options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2;
969 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
970 options->log_level = SYSLOG_LEVEL_INFO;
971 if (options->clear_forwardings == 1)
972 clear_forwardings(options);
973 if (options->no_host_authentication_for_localhost == - 1)
974 options->no_host_authentication_for_localhost = 0;
975 if (options->enable_ssh_keysign == -1)
976 options->enable_ssh_keysign = 0;
977 if (options->rekey_limit == -1)
978 options->rekey_limit = 0;
979 if (options->verify_host_key_dns == -1)
980 options->verify_host_key_dns = 0;
981 /* options->proxy_command should not be set by default */
982 /* options->user will be set in the main program if appropriate */
983 /* options->hostname will be set in the main program if appropriate */
984 /* options->host_key_alias should not be set by default */
985 /* options->preferred_authentications will be set in ssh */