2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * Functions for reading the configuration files.
7 * As far as I am concerned, the code I have written for this software
8 * can be used freely for any purpose. Any derived versions of this
9 * software must be clearly marked as such, and if the derived work is
10 * incompatible with the protocol description in the RFC file, it must be
11 * called by a name other than "ssh" or "Secure Shell".
16 RCSID("$OpenBSD: readconf.c,v 1.127 2003/12/16 15:49:51 markus Exp $");
22 #include "pathnames.h"
30 /* Format of the configuration file:
32 # Configuration data is parsed as follows:
33 # 1. command line options
34 # 2. user-specific file
36 # Any configuration value is only changed the first time it is set.
37 # Thus, host-specific definitions should be at the beginning of the
38 # configuration file, and defaults at the end.
40 # Host-specific declarations. These may override anything above. A single
41 # host may match multiple declarations; these are processed in the order
42 # that they are given in.
48 HostName another.host.name.real.org
55 RemoteForward 9999 shadows.cs.hut.fi:9999
61 PasswordAuthentication no
65 ProxyCommand ssh-proxy %h %p
68 PublicKeyAuthentication no
72 PasswordAuthentication no
74 # Defaults for various options
78 PasswordAuthentication yes
80 RhostsRSAAuthentication yes
81 StrictHostKeyChecking yes
83 IdentityFile ~/.ssh/identity
93 oForwardAgent, oForwardX11, oForwardX11Trusted, oGatewayPorts,
94 oPasswordAuthentication, oRSAAuthentication,
95 oChallengeResponseAuthentication, oXAuthLocation,
96 oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
97 oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
98 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
99 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
100 oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts,
101 oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
102 oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
103 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
104 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
105 oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
106 oClearAllForwardings, oNoHostAuthenticationForLocalhost,
107 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
108 oAddressFamily, oGssAuthentication, oGssDelegateCreds,
109 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
111 oDeprecated, oUnsupported
114 /* Textual representations of the tokens. */
120 { "forwardagent", oForwardAgent },
121 { "forwardx11", oForwardX11 },
122 { "forwardx11trusted", oForwardX11Trusted },
123 { "xauthlocation", oXAuthLocation },
124 { "gatewayports", oGatewayPorts },
125 { "useprivilegedport", oUsePrivilegedPort },
126 { "rhostsauthentication", oDeprecated },
127 { "passwordauthentication", oPasswordAuthentication },
128 { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
129 { "kbdinteractivedevices", oKbdInteractiveDevices },
130 { "rsaauthentication", oRSAAuthentication },
131 { "pubkeyauthentication", oPubkeyAuthentication },
132 { "dsaauthentication", oPubkeyAuthentication }, /* alias */
133 { "rhostsrsaauthentication", oRhostsRSAAuthentication },
134 { "hostbasedauthentication", oHostbasedAuthentication },
135 { "challengeresponseauthentication", oChallengeResponseAuthentication },
136 { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
137 { "tisauthentication", oChallengeResponseAuthentication }, /* alias */
138 { "kerberosauthentication", oUnsupported },
139 { "kerberostgtpassing", oUnsupported },
140 { "afstokenpassing", oUnsupported },
142 { "gssapiauthentication", oGssAuthentication },
143 { "gssapidelegatecredentials", oGssDelegateCreds },
145 { "gssapiauthentication", oUnsupported },
146 { "gssapidelegatecredentials", oUnsupported },
148 { "fallbacktorsh", oDeprecated },
149 { "usersh", oDeprecated },
150 { "identityfile", oIdentityFile },
151 { "identityfile2", oIdentityFile }, /* alias */
152 { "identitiesonly", oIdentitiesOnly },
153 { "hostname", oHostName },
154 { "hostkeyalias", oHostKeyAlias },
155 { "proxycommand", oProxyCommand },
157 { "cipher", oCipher },
158 { "ciphers", oCiphers },
160 { "protocol", oProtocol },
161 { "remoteforward", oRemoteForward },
162 { "localforward", oLocalForward },
165 { "escapechar", oEscapeChar },
166 { "globalknownhostsfile", oGlobalKnownHostsFile },
167 { "userknownhostsfile", oUserKnownHostsFile }, /* obsolete */
168 { "globalknownhostsfile2", oGlobalKnownHostsFile2 },
169 { "userknownhostsfile2", oUserKnownHostsFile2 }, /* obsolete */
170 { "connectionattempts", oConnectionAttempts },
171 { "batchmode", oBatchMode },
172 { "checkhostip", oCheckHostIP },
173 { "stricthostkeychecking", oStrictHostKeyChecking },
174 { "compression", oCompression },
175 { "compressionlevel", oCompressionLevel },
176 { "tcpkeepalive", oTCPKeepAlive },
177 { "keepalive", oTCPKeepAlive }, /* obsolete */
178 { "numberofpasswordprompts", oNumberOfPasswordPrompts },
179 { "loglevel", oLogLevel },
180 { "dynamicforward", oDynamicForward },
181 { "preferredauthentications", oPreferredAuthentications },
182 { "hostkeyalgorithms", oHostKeyAlgorithms },
183 { "bindaddress", oBindAddress },
185 { "smartcarddevice", oSmartcardDevice },
187 { "smartcarddevice", oUnsupported },
189 { "clearallforwardings", oClearAllForwardings },
190 { "enablesshkeysign", oEnableSSHKeysign },
191 { "verifyhostkeydns", oVerifyHostKeyDNS },
192 { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
193 { "rekeylimit", oRekeyLimit },
194 { "connecttimeout", oConnectTimeout },
195 { "addressfamily", oAddressFamily },
196 { "serveraliveinterval", oServerAliveInterval },
197 { "serveralivecountmax", oServerAliveCountMax },
198 { "versionaddendum", oVersionAddendum },
203 * Adds a local TCP/IP port forward to options. Never returns if there is an
208 add_local_forward(Options *options, u_short port, const char *host,
212 #ifndef NO_IPPORT_RESERVED_CONCEPT
213 extern uid_t original_real_uid;
214 if (port < IPPORT_RESERVED && original_real_uid != 0)
215 fatal("Privileged ports can only be forwarded by root.");
217 if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
218 fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
219 fwd = &options->local_forwards[options->num_local_forwards++];
221 fwd->host = xstrdup(host);
222 fwd->host_port = host_port;
226 * Adds a remote TCP/IP port forward to options. Never returns if there is
231 add_remote_forward(Options *options, u_short port, const char *host,
235 if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
236 fatal("Too many remote forwards (max %d).",
237 SSH_MAX_FORWARDS_PER_DIRECTION);
238 fwd = &options->remote_forwards[options->num_remote_forwards++];
240 fwd->host = xstrdup(host);
241 fwd->host_port = host_port;
245 clear_forwardings(Options *options)
249 for (i = 0; i < options->num_local_forwards; i++)
250 xfree(options->local_forwards[i].host);
251 options->num_local_forwards = 0;
252 for (i = 0; i < options->num_remote_forwards; i++)
253 xfree(options->remote_forwards[i].host);
254 options->num_remote_forwards = 0;
258 * Returns the number of the token pointed to by cp or oBadOption.
262 parse_token(const char *cp, const char *filename, int linenum)
266 for (i = 0; keywords[i].name; i++)
267 if (strcasecmp(cp, keywords[i].name) == 0)
268 return keywords[i].opcode;
270 error("%s: line %d: Bad configuration option: %s",
271 filename, linenum, cp);
276 * Processes a single option line as used in the configuration files. This
277 * only sets those values that have not already been set.
279 #define WHITESPACE " \t\r\n"
282 process_config_line(Options *options, const char *host,
283 char *line, const char *filename, int linenum,
286 char buf[256], *s, **charptr, *endofnumber, *keyword, *arg;
287 int opcode, *intptr, value;
289 u_short fwd_port, fwd_host_port;
290 char sfwd_host_port[6];
292 /* Strip trailing whitespace */
293 for(len = strlen(line) - 1; len > 0; len--) {
294 if (strchr(WHITESPACE, line[len]) == NULL)
300 /* Get the keyword. (Each line is supposed to begin with a keyword). */
301 keyword = strdelim(&s);
302 /* Ignore leading whitespace. */
303 if (*keyword == '\0')
304 keyword = strdelim(&s);
305 if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
308 opcode = parse_token(keyword, filename, linenum);
312 /* don't panic, but count bad options */
315 case oConnectTimeout:
316 intptr = &options->connection_timeout;
319 if (!arg || *arg == '\0')
320 fatal("%s line %d: missing time value.",
322 if ((value = convtime(arg)) == -1)
323 fatal("%s line %d: invalid time value.",
330 intptr = &options->forward_agent;
333 if (!arg || *arg == '\0')
334 fatal("%.200s line %d: Missing yes/no argument.", filename, linenum);
335 value = 0; /* To avoid compiler warning... */
336 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
338 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
341 fatal("%.200s line %d: Bad yes/no argument.", filename, linenum);
342 if (*activep && *intptr == -1)
347 intptr = &options->forward_x11;
350 case oForwardX11Trusted:
351 intptr = &options->forward_x11_trusted;
355 intptr = &options->gateway_ports;
358 case oUsePrivilegedPort:
359 intptr = &options->use_privileged_port;
362 case oPasswordAuthentication:
363 intptr = &options->password_authentication;
366 case oKbdInteractiveAuthentication:
367 intptr = &options->kbd_interactive_authentication;
370 case oKbdInteractiveDevices:
371 charptr = &options->kbd_interactive_devices;
374 case oPubkeyAuthentication:
375 intptr = &options->pubkey_authentication;
378 case oRSAAuthentication:
379 intptr = &options->rsa_authentication;
382 case oRhostsRSAAuthentication:
383 intptr = &options->rhosts_rsa_authentication;
386 case oHostbasedAuthentication:
387 intptr = &options->hostbased_authentication;
390 case oChallengeResponseAuthentication:
391 intptr = &options->challenge_response_authentication;
394 case oGssAuthentication:
395 intptr = &options->gss_authentication;
398 case oGssDelegateCreds:
399 intptr = &options->gss_deleg_creds;
403 intptr = &options->batch_mode;
407 intptr = &options->check_host_ip;
410 case oVerifyHostKeyDNS:
411 intptr = &options->verify_host_key_dns;
414 case oStrictHostKeyChecking:
415 intptr = &options->strict_host_key_checking;
418 if (!arg || *arg == '\0')
419 fatal("%.200s line %d: Missing yes/no/ask argument.",
421 value = 0; /* To avoid compiler warning... */
422 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
424 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
426 else if (strcmp(arg, "ask") == 0)
429 fatal("%.200s line %d: Bad yes/no/ask argument.", filename, linenum);
430 if (*activep && *intptr == -1)
435 intptr = &options->compression;
439 intptr = &options->tcp_keep_alive;
442 case oNoHostAuthenticationForLocalhost:
443 intptr = &options->no_host_authentication_for_localhost;
446 case oNumberOfPasswordPrompts:
447 intptr = &options->number_of_password_prompts;
450 case oCompressionLevel:
451 intptr = &options->compression_level;
455 intptr = &options->rekey_limit;
457 if (!arg || *arg == '\0')
458 fatal("%.200s line %d: Missing argument.", filename, linenum);
459 if (arg[0] < '0' || arg[0] > '9')
460 fatal("%.200s line %d: Bad number.", filename, linenum);
461 value = strtol(arg, &endofnumber, 10);
462 if (arg == endofnumber)
463 fatal("%.200s line %d: Bad number.", filename, linenum);
464 switch (toupper(*endofnumber)) {
475 if (*activep && *intptr == -1)
481 if (!arg || *arg == '\0')
482 fatal("%.200s line %d: Missing argument.", filename, linenum);
484 intptr = &options->num_identity_files;
485 if (*intptr >= SSH_MAX_IDENTITY_FILES)
486 fatal("%.200s line %d: Too many identity files specified (max %d).",
487 filename, linenum, SSH_MAX_IDENTITY_FILES);
488 charptr = &options->identity_files[*intptr];
489 *charptr = xstrdup(arg);
490 *intptr = *intptr + 1;
495 charptr=&options->xauth_location;
499 charptr = &options->user;
502 if (!arg || *arg == '\0')
503 fatal("%.200s line %d: Missing argument.", filename, linenum);
504 if (*activep && *charptr == NULL)
505 *charptr = xstrdup(arg);
508 case oGlobalKnownHostsFile:
509 charptr = &options->system_hostfile;
512 case oUserKnownHostsFile:
513 charptr = &options->user_hostfile;
516 case oGlobalKnownHostsFile2:
517 charptr = &options->system_hostfile2;
520 case oUserKnownHostsFile2:
521 charptr = &options->user_hostfile2;
525 charptr = &options->hostname;
529 charptr = &options->host_key_alias;
532 case oPreferredAuthentications:
533 charptr = &options->preferred_authentications;
537 charptr = &options->bind_address;
540 case oSmartcardDevice:
541 charptr = &options->smartcard_device;
546 fatal("%.200s line %d: Missing argument.", filename, linenum);
547 charptr = &options->proxy_command;
548 len = strspn(s, WHITESPACE "=");
549 if (*activep && *charptr == NULL)
550 *charptr = xstrdup(s + len);
554 intptr = &options->port;
557 if (!arg || *arg == '\0')
558 fatal("%.200s line %d: Missing argument.", filename, linenum);
559 if (arg[0] < '0' || arg[0] > '9')
560 fatal("%.200s line %d: Bad number.", filename, linenum);
562 /* Octal, decimal, or hex format? */
563 value = strtol(arg, &endofnumber, 0);
564 if (arg == endofnumber)
565 fatal("%.200s line %d: Bad number.", filename, linenum);
566 if (*activep && *intptr == -1)
570 case oConnectionAttempts:
571 intptr = &options->connection_attempts;
575 intptr = &options->cipher;
577 if (!arg || *arg == '\0')
578 fatal("%.200s line %d: Missing argument.", filename, linenum);
579 value = cipher_number(arg);
581 fatal("%.200s line %d: Bad cipher '%s'.",
582 filename, linenum, arg ? arg : "<NONE>");
583 if (*activep && *intptr == -1)
589 if (!arg || *arg == '\0')
590 fatal("%.200s line %d: Missing argument.", filename, linenum);
591 if (!ciphers_valid(arg))
592 fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
593 filename, linenum, arg ? arg : "<NONE>");
594 if (*activep && options->ciphers == NULL)
595 options->ciphers = xstrdup(arg);
600 if (!arg || *arg == '\0')
601 fatal("%.200s line %d: Missing argument.", filename, linenum);
603 fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
604 filename, linenum, arg ? arg : "<NONE>");
605 if (*activep && options->macs == NULL)
606 options->macs = xstrdup(arg);
609 case oHostKeyAlgorithms:
611 if (!arg || *arg == '\0')
612 fatal("%.200s line %d: Missing argument.", filename, linenum);
613 if (!key_names_valid2(arg))
614 fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.",
615 filename, linenum, arg ? arg : "<NONE>");
616 if (*activep && options->hostkeyalgorithms == NULL)
617 options->hostkeyalgorithms = xstrdup(arg);
621 intptr = &options->protocol;
623 if (!arg || *arg == '\0')
624 fatal("%.200s line %d: Missing argument.", filename, linenum);
625 value = proto_spec(arg);
626 if (value == SSH_PROTO_UNKNOWN)
627 fatal("%.200s line %d: Bad protocol spec '%s'.",
628 filename, linenum, arg ? arg : "<NONE>");
629 if (*activep && *intptr == SSH_PROTO_UNKNOWN)
634 intptr = (int *) &options->log_level;
636 value = log_level_number(arg);
637 if (value == SYSLOG_LEVEL_NOT_SET)
638 fatal("%.200s line %d: unsupported log level '%s'",
639 filename, linenum, arg ? arg : "<NONE>");
640 if (*activep && (LogLevel) *intptr == SYSLOG_LEVEL_NOT_SET)
641 *intptr = (LogLevel) value;
647 if (!arg || *arg == '\0')
648 fatal("%.200s line %d: Missing port argument.",
650 if ((fwd_port = a2port(arg)) == 0)
651 fatal("%.200s line %d: Bad listen port.",
654 if (!arg || *arg == '\0')
655 fatal("%.200s line %d: Missing second argument.",
657 if (sscanf(arg, "%255[^:]:%5[0-9]", buf, sfwd_host_port) != 2 &&
658 sscanf(arg, "%255[^/]/%5[0-9]", buf, sfwd_host_port) != 2)
659 fatal("%.200s line %d: Bad forwarding specification.",
661 if ((fwd_host_port = a2port(sfwd_host_port)) == 0)
662 fatal("%.200s line %d: Bad forwarding port.",
665 if (opcode == oLocalForward)
666 add_local_forward(options, fwd_port, buf,
668 else if (opcode == oRemoteForward)
669 add_remote_forward(options, fwd_port, buf,
674 case oDynamicForward:
676 if (!arg || *arg == '\0')
677 fatal("%.200s line %d: Missing port argument.",
679 fwd_port = a2port(arg);
681 fatal("%.200s line %d: Badly formatted port number.",
684 add_local_forward(options, fwd_port, "socks", 0);
687 case oClearAllForwardings:
688 intptr = &options->clear_forwardings;
693 while ((arg = strdelim(&s)) != NULL && *arg != '\0')
694 if (match_pattern(host, arg)) {
695 debug("Applying options for %.100s", arg);
699 /* Avoid garbage check below, as strdelim is done. */
703 intptr = &options->escape_char;
705 if (!arg || *arg == '\0')
706 fatal("%.200s line %d: Missing argument.", filename, linenum);
707 if (arg[0] == '^' && arg[2] == 0 &&
708 (u_char) arg[1] >= 64 && (u_char) arg[1] < 128)
709 value = (u_char) arg[1] & 31;
710 else if (strlen(arg) == 1)
711 value = (u_char) arg[0];
712 else if (strcmp(arg, "none") == 0)
713 value = SSH_ESCAPECHAR_NONE;
715 fatal("%.200s line %d: Bad escape character.",
718 value = 0; /* Avoid compiler warning. */
720 if (*activep && *intptr == -1)
726 intptr = &options->address_family;
727 if (strcasecmp(arg, "inet") == 0)
729 else if (strcasecmp(arg, "inet6") == 0)
731 else if (strcasecmp(arg, "any") == 0)
734 fatal("Unsupported AddressFamily \"%s\"", arg);
735 if (*activep && *intptr == -1)
739 case oEnableSSHKeysign:
740 intptr = &options->enable_ssh_keysign;
743 case oIdentitiesOnly:
744 intptr = &options->identities_only;
747 case oServerAliveInterval:
748 intptr = &options->server_alive_interval;
751 case oServerAliveCountMax:
752 intptr = &options->server_alive_count_max;
755 case oVersionAddendum:
756 ssh_version_set_addendum(strtok(s, "\n"));
759 } while (arg != NULL && *arg != '\0');
763 debug("%s line %d: Deprecated option \"%s\"",
764 filename, linenum, keyword);
768 error("%s line %d: Unsupported option \"%s\"",
769 filename, linenum, keyword);
773 fatal("process_config_line: Unimplemented opcode %d", opcode);
776 /* Check that there is no garbage at end of line. */
777 if ((arg = strdelim(&s)) != NULL && *arg != '\0') {
778 fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
779 filename, linenum, arg);
786 * Reads the config file and modifies the options accordingly. Options
787 * should already be initialized before this call. This never returns if
788 * there is an error. If the file does not exist, this returns 0.
792 read_config_file(const char *filename, const char *host, Options *options)
800 f = fopen(filename, "r");
804 debug("Reading configuration data %.200s", filename);
807 * Mark that we are now processing the options. This flag is turned
808 * on/off by Host specifications.
812 while (fgets(line, sizeof(line), f)) {
813 /* Update line number counter. */
815 if (process_config_line(options, host, line, filename, linenum, &active) != 0)
820 fatal("%s: terminating, %d bad configuration options",
821 filename, bad_options);
826 * Initializes options to special values that indicate that they have not yet
827 * been set. Read_config_file will only set options with this value. Options
828 * are processed in the following order: command line, user config file,
829 * system config file. Last, fill_default_options is called.
833 initialize_options(Options * options)
835 memset(options, 'X', sizeof(*options));
836 options->forward_agent = -1;
837 options->forward_x11 = -1;
838 options->forward_x11_trusted = -1;
839 options->xauth_location = NULL;
840 options->gateway_ports = -1;
841 options->use_privileged_port = -1;
842 options->rsa_authentication = -1;
843 options->pubkey_authentication = -1;
844 options->challenge_response_authentication = -1;
845 options->gss_authentication = -1;
846 options->gss_deleg_creds = -1;
847 options->password_authentication = -1;
848 options->kbd_interactive_authentication = -1;
849 options->kbd_interactive_devices = NULL;
850 options->rhosts_rsa_authentication = -1;
851 options->hostbased_authentication = -1;
852 options->batch_mode = -1;
853 options->check_host_ip = -1;
854 options->strict_host_key_checking = -1;
855 options->compression = -1;
856 options->tcp_keep_alive = -1;
857 options->compression_level = -1;
859 options->address_family = -1;
860 options->connection_attempts = -1;
861 options->connection_timeout = -1;
862 options->number_of_password_prompts = -1;
863 options->cipher = -1;
864 options->ciphers = NULL;
865 options->macs = NULL;
866 options->hostkeyalgorithms = NULL;
867 options->protocol = SSH_PROTO_UNKNOWN;
868 options->num_identity_files = 0;
869 options->hostname = NULL;
870 options->host_key_alias = NULL;
871 options->proxy_command = NULL;
872 options->user = NULL;
873 options->escape_char = -1;
874 options->system_hostfile = NULL;
875 options->user_hostfile = NULL;
876 options->system_hostfile2 = NULL;
877 options->user_hostfile2 = NULL;
878 options->num_local_forwards = 0;
879 options->num_remote_forwards = 0;
880 options->clear_forwardings = -1;
881 options->log_level = SYSLOG_LEVEL_NOT_SET;
882 options->preferred_authentications = NULL;
883 options->bind_address = NULL;
884 options->smartcard_device = NULL;
885 options->enable_ssh_keysign = - 1;
886 options->no_host_authentication_for_localhost = - 1;
887 options->identities_only = - 1;
888 options->rekey_limit = - 1;
889 options->verify_host_key_dns = -1;
890 options->server_alive_interval = -1;
891 options->server_alive_count_max = -1;
895 * Called after processing other sources of option data, this fills those
896 * options for which no value has been specified with their default values.
900 fill_default_options(Options * options)
904 if (options->forward_agent == -1)
905 options->forward_agent = 0;
906 if (options->forward_x11 == -1)
907 options->forward_x11 = 0;
908 if (options->forward_x11_trusted == -1)
909 options->forward_x11_trusted = 0;
910 if (options->xauth_location == NULL)
911 options->xauth_location = _PATH_XAUTH;
912 if (options->gateway_ports == -1)
913 options->gateway_ports = 0;
914 if (options->use_privileged_port == -1)
915 options->use_privileged_port = 0;
916 if (options->rsa_authentication == -1)
917 options->rsa_authentication = 1;
918 if (options->pubkey_authentication == -1)
919 options->pubkey_authentication = 1;
920 if (options->challenge_response_authentication == -1)
921 options->challenge_response_authentication = 1;
922 if (options->gss_authentication == -1)
923 options->gss_authentication = 0;
924 if (options->gss_deleg_creds == -1)
925 options->gss_deleg_creds = 0;
926 if (options->password_authentication == -1)
927 options->password_authentication = 1;
928 if (options->kbd_interactive_authentication == -1)
929 options->kbd_interactive_authentication = 1;
930 if (options->rhosts_rsa_authentication == -1)
931 options->rhosts_rsa_authentication = 0;
932 if (options->hostbased_authentication == -1)
933 options->hostbased_authentication = 0;
934 if (options->batch_mode == -1)
935 options->batch_mode = 0;
936 if (options->check_host_ip == -1)
937 options->check_host_ip = 0;
938 if (options->strict_host_key_checking == -1)
939 options->strict_host_key_checking = 2; /* 2 is default */
940 if (options->compression == -1)
941 options->compression = 0;
942 if (options->tcp_keep_alive == -1)
943 options->tcp_keep_alive = 1;
944 if (options->compression_level == -1)
945 options->compression_level = 6;
946 if (options->port == -1)
947 options->port = 0; /* Filled in ssh_connect. */
948 if (options->address_family == -1)
949 options->address_family = AF_UNSPEC;
950 if (options->connection_attempts == -1)
951 options->connection_attempts = 1;
952 if (options->number_of_password_prompts == -1)
953 options->number_of_password_prompts = 3;
954 /* Selected in ssh_login(). */
955 if (options->cipher == -1)
956 options->cipher = SSH_CIPHER_NOT_SET;
957 /* options->ciphers, default set in myproposals.h */
958 /* options->macs, default set in myproposals.h */
959 /* options->hostkeyalgorithms, default set in myproposals.h */
960 if (options->protocol == SSH_PROTO_UNKNOWN)
961 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
962 if (options->num_identity_files == 0) {
963 if (options->protocol & SSH_PROTO_1) {
964 len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;
965 options->identity_files[options->num_identity_files] =
967 snprintf(options->identity_files[options->num_identity_files++],
968 len, "~/%.100s", _PATH_SSH_CLIENT_IDENTITY);
970 if (options->protocol & SSH_PROTO_2) {
971 len = 2 + strlen(_PATH_SSH_CLIENT_ID_RSA) + 1;
972 options->identity_files[options->num_identity_files] =
974 snprintf(options->identity_files[options->num_identity_files++],
975 len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA);
977 len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1;
978 options->identity_files[options->num_identity_files] =
980 snprintf(options->identity_files[options->num_identity_files++],
981 len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
984 if (options->escape_char == -1)
985 options->escape_char = '~';
986 if (options->system_hostfile == NULL)
987 options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE;
988 if (options->user_hostfile == NULL)
989 options->user_hostfile = _PATH_SSH_USER_HOSTFILE;
990 if (options->system_hostfile2 == NULL)
991 options->system_hostfile2 = _PATH_SSH_SYSTEM_HOSTFILE2;
992 if (options->user_hostfile2 == NULL)
993 options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2;
994 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
995 options->log_level = SYSLOG_LEVEL_INFO;
996 if (options->clear_forwardings == 1)
997 clear_forwardings(options);
998 if (options->no_host_authentication_for_localhost == - 1)
999 options->no_host_authentication_for_localhost = 0;
1000 if (options->identities_only == -1)
1001 options->identities_only = 0;
1002 if (options->enable_ssh_keysign == -1)
1003 options->enable_ssh_keysign = 0;
1004 if (options->rekey_limit == -1)
1005 options->rekey_limit = 0;
1006 if (options->verify_host_key_dns == -1)
1007 options->verify_host_key_dns = 0;
1008 if (options->server_alive_interval == -1)
1009 options->server_alive_interval = 0;
1010 if (options->server_alive_count_max == -1)
1011 options->server_alive_count_max = 3;
1012 /* options->proxy_command should not be set by default */
1013 /* options->user will be set in the main program if appropriate */
1014 /* options->hostname will be set in the main program if appropriate */
1015 /* options->host_key_alias should not be set by default */
1016 /* options->preferred_authentications will be set in ssh */