src/usr.bin/ssh/readconf.c - diff

Return to readconf.c CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/readconf.c between version 1.31 and 1.31.2.5

version 1.31, 2000/05/08 17:12:15

version 1.31.2.5, 2001/03/21 18:52:57

Line 1

* readconf.c

* Author: Tatu Ylonen <ylo@cs.hut.fi>

* Created: Sat Apr 22 00:03:10 1995 ylo

* Functions for reading the configuration files.

* As far as I am concerned, the code I have written for this software

* can be used freely for any purpose. Any derived versions of this

* software must be clearly marked as such, and if the derived work is

* incompatible with the protocol description in the RFC file, it must be

* called by a name other than "ssh" or "Secure Shell".

#include "includes.h"

RCSID("$Id$");

RCSID("$OpenBSD$");

#include "ssh.h"

#include "xmalloc.h"

#include "compat.h"

#include "cipher.h"

#include "pathnames.h"

#include "log.h"

#include "readconf.h"

#include "match.h"

#include "xmalloc.h"

#include "misc.h"

#include "compat.h"

#include "kex.h"

#include "mac.h"

/* Format of the configuration file:

Line 71

Line 74

# Defaults for various options

Host *

ForwardAgent no

ForwardX11 yes

ForwardX11 no

RhostsAuthentication yes

PasswordAuthentication yes

RSAAuthentication yes

Line 92

Line 95

oBadOption,

oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication,

oPasswordAuthentication, oRSAAuthentication, oFallBackToRsh, oUseRsh,

oSkeyAuthentication,

oChallengeResponseAuthentication, oXAuthLocation,

#ifdef KRB4

oKerberosAuthentication,

#endif /* KRB4 */

Line 103

Line 106

oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,

oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,

oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,

oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts, oTISAuthentication,

oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts,

oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oIdentityFile2,

oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,

oGlobalKnownHostsFile2, oUserKnownHostsFile2, oDSAAuthentication

oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,

oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,

oPreferredAuthentications

} OpCodes;

/* Textual representations of the tokens. */

Line 116

Line 121

} keywords[] = {

{ "forwardagent", oForwardAgent },

{ "forwardx11", oForwardX11 },

{ "xauthlocation", oXAuthLocation },

{ "gatewayports", oGatewayPorts },

{ "useprivilegedport", oUsePrivilegedPort },

{ "rhostsauthentication", oRhostsAuthentication },

{ "passwordauthentication", oPasswordAuthentication },

{ "kbdinteractiveauthentication", oKbdInteractiveAuthentication },

{ "kbdinteractivedevices", oKbdInteractiveDevices },

{ "rsaauthentication", oRSAAuthentication },

{ "dsaauthentication", oDSAAuthentication },

{ "pubkeyauthentication", oPubkeyAuthentication },

{ "skeyauthentication", oSkeyAuthentication },

{ "dsaauthentication", oPubkeyAuthentication }, /* alias */

{ "challengeresponseauthentication", oChallengeResponseAuthentication },

{ "skeyauthentication", oChallengeResponseAuthentication }, /* alias */

{ "tisauthentication", oChallengeResponseAuthentication }, /* alias */

#ifdef KRB4

{ "kerberosauthentication", oKerberosAuthentication },

#endif /* KRB4 */

Line 133

Line 144

{ "fallbacktorsh", oFallBackToRsh },

{ "usersh", oUseRsh },

{ "identityfile", oIdentityFile },

{ "identityfile2", oIdentityFile2 },

{ "identityfile2", oIdentityFile }, /* alias */

{ "hostname", oHostName },

{ "hostkeyalias", oHostKeyAlias },

{ "proxycommand", oProxyCommand },

{ "port", oPort },

{ "cipher", oCipher },

{ "ciphers", oCiphers },

{ "macs", oMacs },

{ "protocol", oProtocol },

{ "remoteforward", oRemoteForward },

{ "localforward", oLocalForward },

Line 158

Line 171

{ "compressionlevel", oCompressionLevel },

{ "keepalive", oKeepAlives },

{ "numberofpasswordprompts", oNumberOfPasswordPrompts },

{ "tisauthentication", oTISAuthentication },

{ "loglevel", oLogLevel },

{ "preferredauthentications", oPreferredAuthentications },

{ NULL, 0 }

};

/* Characters considered whitespace in strtok calls. */

#define WHITESPACE " \t\r\n"

* Adds a local TCP/IP port forward to options. Never returns if there is an

* error.

Line 179

Line 188

Forward *fwd;

extern uid_t original_real_uid;

if (port < IPPORT_RESERVED && original_real_uid != 0)

fatal("Privileged ports can only be forwarded by root.\n");

fatal("Privileged ports can only be forwarded by root.");

if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)

fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);

fwd = &options->local_forwards[options->num_local_forwards++];

Line 215

Line 224

static OpCodes

parse_token(const char *cp, const char *filename, int linenum)

{

unsigned int i;

u_int i;

for (i = 0; keywords[i].name; i++)

if (strcasecmp(cp, keywords[i].name) == 0)

Line 236

Line 245

char *line, const char *filename, int linenum,

int *activep)

{

char buf[256], *cp, *string, **charptr, *cp2;

char buf[256], *s, *string, **charptr, *endofnumber, *keyword, *arg;

int opcode, *intptr, value;

u_short fwd_port, fwd_host_port;

/* Skip leading whitespace. */

s = line;

cp = line + strspn(line, WHITESPACE);

/* Get the keyword. (Each line is supposed to begin with a keyword). */

if (!*cp || *cp == '\n' || *cp == '#')

keyword = strdelim(&s);

/* Ignore leading whitespace. */

if (*keyword == '\0')

keyword = strdelim(&s);

if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')

return 0;

/* Get the keyword. (Each line is supposed to begin with a keyword). */

opcode = parse_token(keyword, filename, linenum);

cp = strtok(cp, WHITESPACE);

opcode = parse_token(cp, filename, linenum);

switch (opcode) {

case oBadOption:

Line 257

Line 268

case oForwardAgent:

intptr = &options->forward_agent;

parse_flag:

cp = strtok(NULL, WHITESPACE);

arg = strdelim(&s);

if (!cp)

if (!arg || *arg == '\0')

fatal("%.200s line %d: Missing yes/no argument.", filename, linenum);

value = 0; /* To avoid compiler warning... */

if (strcmp(cp, "yes") == 0 || strcmp(cp, "true") == 0)

if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)

value = 1;

else if (strcmp(cp, "no") == 0 || strcmp(cp, "false") == 0)

else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)

value = 0;

else

fatal("%.200s line %d: Bad yes/no argument.", filename, linenum);

Line 291

Line 302

intptr = &options->password_authentication;

goto parse_flag;

case oDSAAuthentication:

case oKbdInteractiveAuthentication:

intptr = &options->dsa_authentication;

intptr = &options->kbd_interactive_authentication;

goto parse_flag;

case oKbdInteractiveDevices:

charptr = &options->kbd_interactive_devices;

goto parse_string;

case oPubkeyAuthentication:

intptr = &options->pubkey_authentication;

goto parse_flag;

case oRSAAuthentication:

intptr = &options->rsa_authentication;

goto parse_flag;

Line 303

Line 322

intptr = &options->rhosts_rsa_authentication;

goto parse_flag;

case oTISAuthentication:

case oChallengeResponseAuthentication:

/* fallthrough, there is no difference on the client side */

intptr = &options->challenge_reponse_authentication;

case oSkeyAuthentication:

intptr = &options->skey_authentication;

goto parse_flag;

#ifdef KRB4

Line 343

Line 360

case oStrictHostKeyChecking:

intptr = &options->strict_host_key_checking;

cp = strtok(NULL, WHITESPACE);

arg = strdelim(&s);

if (!cp)

if (!arg || *arg == '\0')

fatal("%.200s line %d: Missing yes/no argument.",

fatal("%.200s line %d: Missing yes/no/ask argument.",

filename, linenum);

value = 0; /* To avoid compiler warning... */

if (strcmp(cp, "yes") == 0 || strcmp(cp, "true") == 0)

if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)

value = 1;

else if (strcmp(cp, "no") == 0 || strcmp(cp, "false") == 0)

else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)

value = 0;

else if (strcmp(cp, "ask") == 0)

else if (strcmp(arg, "ask") == 0)

value = 2;

else

fatal("%.200s line %d: Bad yes/no/ask argument.", filename, linenum);

Line 377

Line 394

goto parse_int;

case oIdentityFile:

case oIdentityFile2:

arg = strdelim(&s);

cp = strtok(NULL, WHITESPACE);

if (!arg || *arg == '\0')

if (!cp)

fatal("%.200s line %d: Missing argument.", filename, linenum);

if (*activep) {

intptr = (opcode == oIdentityFile) ?

intptr = &options->num_identity_files;

&options->num_identity_files :

&options->num_identity_files2;

if (*intptr >= SSH_MAX_IDENTITY_FILES)

fatal("%.200s line %d: Too many identity files specified (max %d).",

filename, linenum, SSH_MAX_IDENTITY_FILES);

charptr = (opcode == oIdentityFile) ?

charptr = &options->identity_files[*intptr];

&options->identity_files[*intptr] :

*charptr = xstrdup(arg);

&options->identity_files2[*intptr];

*charptr = xstrdup(cp);

*intptr = *intptr + 1;

}

break;

case oXAuthLocation:

charptr=&options->xauth_location;

goto parse_string;

case oUser:

charptr = &options->user;

parse_string:

cp = strtok(NULL, WHITESPACE);

arg = strdelim(&s);

if (!cp)

if (!arg || *arg == '\0')

fatal("%.200s line %d: Missing argument.", filename, linenum);

if (*activep && *charptr == NULL)

*charptr = xstrdup(cp);

*charptr = xstrdup(arg);

break;

case oGlobalKnownHostsFile:

Line 426

Line 442

charptr = &options->hostname;

goto parse_string;

case oHostKeyAlias:

charptr = &options->host_key_alias;

goto parse_string;

case oPreferredAuthentications:

charptr = &options->preferred_authentications;

goto parse_string;

case oProxyCommand:

charptr = &options->proxy_command;

string = xstrdup("");

while ((cp = strtok(NULL, WHITESPACE)) != NULL) {

while ((arg = strdelim(&s)) != NULL && *arg != '\0') {

string = xrealloc(string, strlen(string) + strlen(cp) + 2);

string = xrealloc(string, strlen(string) + strlen(arg) + 2);

strcat(string, " ");

strcat(string, cp);

strcat(string, arg);

}

if (*activep && *charptr == NULL)

*charptr = string;

Line 443

Line 467

case oPort:

intptr = &options->port;

parse_int:

cp = strtok(NULL, WHITESPACE);

arg = strdelim(&s);

if (!cp)

if (!arg || *arg == '\0')

fatal("%.200s line %d: Missing argument.", filename, linenum);

if (cp[0] < '0' || cp[0] > '9')

if (arg[0] < '0' || arg[0] > '9')

fatal("%.200s line %d: Bad number.", filename, linenum);

/* Octal, decimal, or hex format? */

value = strtol(cp, &cp2, 0);

value = strtol(arg, &endofnumber, 0);

if (cp == cp2)

if (arg == endofnumber)

fatal("%.200s line %d: Bad number.", filename, linenum);

if (*activep && *intptr == -1)

*intptr = value;

Line 463

Line 487

case oCipher:

intptr = &options->cipher;

cp = strtok(NULL, WHITESPACE);

arg = strdelim(&s);

value = cipher_number(cp);

if (!arg || *arg == '\0')

fatal("%.200s line %d: Missing argument.", filename, linenum);

value = cipher_number(arg);

if (value == -1)

fatal("%.200s line %d: Bad cipher '%s'.",

filename, linenum, cp ? cp : "<NONE>");

filename, linenum, arg ? arg : "<NONE>");

if (*activep && *intptr == -1)

*intptr = value;

break;

case oCiphers:

cp = strtok(NULL, WHITESPACE);

arg = strdelim(&s);

if (!ciphers_valid(cp))

if (!arg || *arg == '\0')

fatal("%.200s line %d: Missing argument.", filename, linenum);

if (!ciphers_valid(arg))

fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",

filename, linenum, cp ? cp : "<NONE>");

filename, linenum, arg ? arg : "<NONE>");

if (*activep && options->ciphers == NULL)

options->ciphers = xstrdup(cp);

options->ciphers = xstrdup(arg);

break;

case oMacs:

arg = strdelim(&s);

if (!arg || *arg == '\0')

fatal("%.200s line %d: Missing argument.", filename, linenum);

if (!mac_valid(arg))

fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",

filename, linenum, arg ? arg : "<NONE>");

if (*activep && options->macs == NULL)

options->macs = xstrdup(arg);

break;

case oProtocol:

intptr = &options->protocol;

cp = strtok(NULL, WHITESPACE);

arg = strdelim(&s);

value = proto_spec(cp);

if (!arg || *arg == '\0')

fatal("%.200s line %d: Missing argument.", filename, linenum);

value = proto_spec(arg);

if (value == SSH_PROTO_UNKNOWN)

fatal("%.200s line %d: Bad protocol spec '%s'.",

filename, linenum, cp ? cp : "<NONE>");

filename, linenum, arg ? arg : "<NONE>");

if (*activep && *intptr == SSH_PROTO_UNKNOWN)

*intptr = value;

break;

case oLogLevel:

intptr = (int *) &options->log_level;

cp = strtok(NULL, WHITESPACE);

arg = strdelim(&s);

value = log_level_number(cp);

value = log_level_number(arg);

if (value == (LogLevel) - 1)

fatal("%.200s line %d: unsupported log level '%s'\n",

fatal("%.200s line %d: unsupported log level '%s'",

filename, linenum, cp ? cp : "<NONE>");

filename, linenum, arg ? arg : "<NONE>");

if (*activep && (LogLevel) * intptr == -1)

*intptr = (LogLevel) value;

break;

case oRemoteForward:

cp = strtok(NULL, WHITESPACE);

arg = strdelim(&s);

if (!cp)

if (!arg || *arg == '\0')

fatal("%.200s line %d: Missing argument.", filename, linenum);

if (cp[0] < '0' || cp[0] > '9')

if (arg[0] < '0' || arg[0] > '9')

fatal("%.200s line %d: Badly formatted port number.",

filename, linenum);

fwd_port = atoi(cp);

fwd_port = atoi(arg);

cp = strtok(NULL, WHITESPACE);

arg = strdelim(&s);

if (!cp)

if (!arg || *arg == '\0')

fatal("%.200s line %d: Missing second argument.",

filename, linenum);

if (sscanf(cp, "%255[^:]:%hu", buf, &fwd_host_port) != 2)

if (sscanf(arg, "%255[^:]:%hu", buf, &fwd_host_port) != 2)

fatal("%.200s line %d: Badly formatted host:port.",

filename, linenum);

if (*activep)

Line 523

Line 564

break;

case oLocalForward:

cp = strtok(NULL, WHITESPACE);

arg = strdelim(&s);

if (!cp)

if (!arg || *arg == '\0')

fatal("%.200s line %d: Missing argument.", filename, linenum);

if (cp[0] < '0' || cp[0] > '9')

if (arg[0] < '0' || arg[0] > '9')

fatal("%.200s line %d: Badly formatted port number.",

filename, linenum);

fwd_port = atoi(cp);

fwd_port = atoi(arg);

cp = strtok(NULL, WHITESPACE);

arg = strdelim(&s);

if (!cp)

if (!arg || *arg == '\0')

fatal("%.200s line %d: Missing second argument.",

filename, linenum);

if (sscanf(cp, "%255[^:]:%hu", buf, &fwd_host_port) != 2)

if (sscanf(arg, "%255[^:]:%hu", buf, &fwd_host_port) != 2)

fatal("%.200s line %d: Badly formatted host:port.",

filename, linenum);

if (*activep)

Line 543

Line 584

case oHost:

*activep = 0;

while ((cp = strtok(NULL, WHITESPACE)) != NULL)

while ((arg = strdelim(&s)) != NULL && *arg != '\0')

if (match_pattern(host, cp)) {

if (match_pattern(host, arg)) {

debug("Applying options for %.100s", cp);

debug("Applying options for %.100s", arg);

*activep = 1;

break;

}

/* Avoid garbage check below, as strtok already returned NULL. */

/* Avoid garbage check below, as strdelim is done. */

return 0;

case oEscapeChar:

intptr = &options->escape_char;

cp = strtok(NULL, WHITESPACE);

arg = strdelim(&s);

if (!cp)

if (!arg || *arg == '\0')

fatal("%.200s line %d: Missing argument.", filename, linenum);

if (cp[0] == '^' && cp[2] == 0 &&

if (arg[0] == '^' && arg[2] == 0 &&

(unsigned char) cp[1] >= 64 && (unsigned char) cp[1] < 128)

(u_char) arg[1] >= 64 && (u_char) arg[1] < 128)

value = (unsigned char) cp[1] & 31;

value = (u_char) arg[1] & 31;

else if (strlen(cp) == 1)

else if (strlen(arg) == 1)

value = (unsigned char) cp[0];

value = (u_char) arg[0];

else if (strcmp(cp, "none") == 0)

else if (strcmp(arg, "none") == 0)

value = -2;

else {

fatal("%.200s line %d: Bad escape character.",

Line 579

Line 620

}

/* Check that there is no garbage at end of line. */

if (strtok(NULL, WHITESPACE) != NULL)

if ((arg = strdelim(&s)) != NULL && *arg != '\0') {

fatal("%.200s line %d: garbage at end of line.",

fatal("%.200s line %d: garbage at end of line; \"%.200s\".",

filename, linenum);

filename, linenum, arg);

}

return 0;

}

Line 621

Line 663

}

fclose(f);

if (bad_options > 0)

fatal("%s: terminating, %d bad configuration options\n",

fatal("%s: terminating, %d bad configuration options",

filename, bad_options);

}

Line 638

Line 680

memset(options, 'X', sizeof(*options));

options->forward_agent = -1;

options->forward_x11 = -1;

options->xauth_location = NULL;

options->gateway_ports = -1;

options->use_privileged_port = -1;

options->rhosts_authentication = -1;

options->rsa_authentication = -1;

options->dsa_authentication = -1;

options->pubkey_authentication = -1;

options->skey_authentication = -1;

options->challenge_reponse_authentication = -1;

#ifdef KRB4

options->kerberos_authentication = -1;

#endif

Line 652

Line 695

options->afs_token_passing = -1;

#endif

options->password_authentication = -1;

options->kbd_interactive_authentication = -1;

options->kbd_interactive_devices = NULL;

options->rhosts_rsa_authentication = -1;

options->fallback_to_rsh = -1;

options->use_rsh = -1;

Line 666

Line 711

options->number_of_password_prompts = -1;

options->cipher = -1;

options->ciphers = NULL;

options->macs = NULL;

options->protocol = SSH_PROTO_UNKNOWN;

options->num_identity_files = 0;

options->num_identity_files2 = 0;

options->hostname = NULL;

options->host_key_alias = NULL;

options->proxy_command = NULL;

options->user = NULL;

options->escape_char = -1;

Line 680

Line 726

options->num_local_forwards = 0;

options->num_remote_forwards = 0;

options->log_level = (LogLevel) - 1;

options->preferred_authentications = NULL;

}

Line 690

Line 737

void

fill_default_options(Options * options)

{

int len;

if (options->forward_agent == -1)

options->forward_agent = 1;

options->forward_agent = 0;

if (options->forward_x11 == -1)

options->forward_x11 = 0;

#ifdef XAUTH_PATH

if (options->xauth_location == NULL)

options->xauth_location = XAUTH_PATH;

#endif /* XAUTH_PATH */

if (options->gateway_ports == -1)

options->gateway_ports = 0;

if (options->use_privileged_port == -1)

options->use_privileged_port = 1;

options->use_privileged_port = 0;

if (options->rhosts_authentication == -1)

options->rhosts_authentication = 1;

if (options->rsa_authentication == -1)

options->rsa_authentication = 1;

if (options->dsa_authentication == -1)

if (options->pubkey_authentication == -1)

options->dsa_authentication = 1;

options->pubkey_authentication = 1;

if (options->skey_authentication == -1)

if (options->challenge_reponse_authentication == -1)

options->skey_authentication = 0;

options->challenge_reponse_authentication = 0;

#ifdef KRB4

if (options->kerberos_authentication == -1)

options->kerberos_authentication = 1;

Line 718

Line 771

#endif /* AFS */

if (options->password_authentication == -1)

options->password_authentication = 1;

if (options->kbd_interactive_authentication == -1)

options->kbd_interactive_authentication = 1;

if (options->rhosts_rsa_authentication == -1)

options->rhosts_rsa_authentication = 1;

if (options->fallback_to_rsh == -1)

options->fallback_to_rsh = 1;

options->fallback_to_rsh = 0;

if (options->use_rsh == -1)

options->use_rsh = 0;

if (options->batch_mode == -1)

Line 746

Line 801

if (options->cipher == -1)

options->cipher = SSH_CIPHER_NOT_SET;

/* options->ciphers, default set in myproposals.h */

/* options->macs, default set in myproposals.h */

if (options->protocol == SSH_PROTO_UNKNOWN)

options->protocol = SSH_PROTO_1|SSH_PROTO_2|SSH_PROTO_1_PREFERRED;

if (options->num_identity_files == 0) {

options->identity_files[0] =

if (options->protocol & SSH_PROTO_1) {

xmalloc(2 + strlen(SSH_CLIENT_IDENTITY) + 1);

len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;

sprintf(options->identity_files[0], "~/%.100s", SSH_CLIENT_IDENTITY);

options->identity_files[options->num_identity_files] =

options->num_identity_files = 1;

xmalloc(len);

snprintf(options->identity_files[options->num_identity_files++],

len, "~/%.100s", _PATH_SSH_CLIENT_IDENTITY);

}

if (options->protocol & SSH_PROTO_2) {

len = 2 + strlen(_PATH_SSH_CLIENT_ID_RSA) + 1;

options->identity_files[options->num_identity_files] =

xmalloc(len);

snprintf(options->identity_files[options->num_identity_files++],

len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA);

len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1;

options->identity_files[options->num_identity_files] =

xmalloc(len);

snprintf(options->identity_files[options->num_identity_files++],

len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);

}

if (options->num_identity_files2 == 0) {

options->identity_files2[0] =

xmalloc(2 + strlen(SSH_CLIENT_ID_DSA) + 1);

sprintf(options->identity_files2[0], "~/%.100s", SSH_CLIENT_ID_DSA);

options->num_identity_files2 = 1;

}

if (options->escape_char == -1)

options->escape_char = '~';

if (options->system_hostfile == NULL)

options->system_hostfile = SSH_SYSTEM_HOSTFILE;

options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE;

if (options->user_hostfile == NULL)

options->user_hostfile = SSH_USER_HOSTFILE;

options->user_hostfile = _PATH_SSH_USER_HOSTFILE;

if (options->system_hostfile2 == NULL)

options->system_hostfile2 = SSH_SYSTEM_HOSTFILE2;

options->system_hostfile2 = _PATH_SSH_SYSTEM_HOSTFILE2;

if (options->user_hostfile2 == NULL)

options->user_hostfile2 = SSH_USER_HOSTFILE2;

options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2;

if (options->log_level == (LogLevel) - 1)

options->log_level = SYSLOG_LEVEL_INFO;

/* options->proxy_command should not be set by default */

/* options->user will be set in the main program if appropriate */

/* options->hostname will be set in the main program if appropriate */

/* options->host_key_alias should not be set by default */

/* options->preferred_authentications will be set in ssh */

}