src/usr.bin/ssh/readconf.c - diff

Return to readconf.c CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/readconf.c between version 1.49 and 1.49.2.6

version 1.49, 2000/10/11 20:27:23

version 1.49.2.6, 2001/11/15 00:14:59

Line 15

RCSID("$OpenBSD$");

#include "ssh.h"

#include "readconf.h"

#include "match.h"

#include "xmalloc.h"

#include "compat.h"

#include "cipher.h"

#include "pathnames.h"

#include "log.h"

#include "readconf.h"

#include "match.h"

#include "misc.h"

#include "kex.h"

#include "mac.h"

/* Format of the configuration file:

Line 68

Line 74

# Defaults for various options

Host *

ForwardAgent no

ForwardX11 yes

ForwardX11 no

RhostsAuthentication yes

PasswordAuthentication yes

RSAAuthentication yes

Line 89

Line 95

oBadOption,

oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication,

oPasswordAuthentication, oRSAAuthentication, oFallBackToRsh, oUseRsh,

oSkeyAuthentication, oXAuthLocation,

oChallengeResponseAuthentication, oXAuthLocation,

#ifdef KRB4

#if defined(KRB4) || defined(KRB5)

oKerberosAuthentication,

#endif /* KRB4 */

#endif

#if defined(AFS) || defined(KRB5)

oKerberosTgtPassing,

#endif

#ifdef AFS

oKerberosTgtPassing, oAFSTokenPassing,

oAFSTokenPassing,

#endif

oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,

oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,

oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,

oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,

oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts, oTISAuthentication,

oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts,

oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oIdentityFile2,

oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,

oGlobalKnownHostsFile2, oUserKnownHostsFile2, oDSAAuthentication,

oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,

oKbdInteractiveAuthentication, oKbdInteractiveDevices

oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,

oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,

oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,

oClearAllForwardings, oNoHostAuthenticationForLocalhost

} OpCodes;

/* Textual representations of the tokens. */

Line 122

Line 134

{ "kbdinteractiveauthentication", oKbdInteractiveAuthentication },

{ "kbdinteractivedevices", oKbdInteractiveDevices },

{ "rsaauthentication", oRSAAuthentication },

{ "dsaauthentication", oDSAAuthentication },

{ "pubkeyauthentication", oPubkeyAuthentication },

{ "skeyauthentication", oSkeyAuthentication },

{ "dsaauthentication", oPubkeyAuthentication }, /* alias */

#ifdef KRB4

{ "rhostsrsaauthentication", oRhostsRSAAuthentication },

{ "hostbasedauthentication", oHostbasedAuthentication },

{ "challengeresponseauthentication", oChallengeResponseAuthentication },

{ "skeyauthentication", oChallengeResponseAuthentication }, /* alias */

{ "tisauthentication", oChallengeResponseAuthentication }, /* alias */

#if defined(KRB4) || defined(KRB5)

{ "kerberosauthentication", oKerberosAuthentication },

#endif /* KRB4 */

#endif

#ifdef AFS

#if defined(AFS) || defined(KRB5)

{ "kerberostgtpassing", oKerberosTgtPassing },

#endif

#ifdef AFS

{ "afstokenpassing", oAFSTokenPassing },

#endif

{ "fallbacktorsh", oFallBackToRsh },

{ "usersh", oUseRsh },

{ "identityfile", oIdentityFile },

{ "identityfile2", oIdentityFile2 },

{ "identityfile2", oIdentityFile }, /* alias */

{ "hostname", oHostName },

{ "hostkeyalias", oHostKeyAlias },

{ "proxycommand", oProxyCommand },

{ "port", oPort },

{ "cipher", oCipher },

{ "ciphers", oCiphers },

{ "macs", oMacs },

{ "protocol", oProtocol },

{ "remoteforward", oRemoteForward },

{ "localforward", oLocalForward },

{ "user", oUser },

{ "host", oHost },

{ "escapechar", oEscapeChar },

{ "rhostsrsaauthentication", oRhostsRSAAuthentication },

{ "globalknownhostsfile", oGlobalKnownHostsFile },

{ "userknownhostsfile", oUserKnownHostsFile },

{ "userknownhostsfile", oUserKnownHostsFile }, /* obsolete */

{ "globalknownhostsfile2", oGlobalKnownHostsFile2 },

{ "userknownhostsfile2", oUserKnownHostsFile2 },

{ "userknownhostsfile2", oUserKnownHostsFile2 }, /* obsolete */

{ "connectionattempts", oConnectionAttempts },

{ "batchmode", oBatchMode },

{ "checkhostip", oCheckHostIP },

Line 159

Line 179

{ "compressionlevel", oCompressionLevel },

{ "keepalive", oKeepAlives },

{ "numberofpasswordprompts", oNumberOfPasswordPrompts },

{ "tisauthentication", oTISAuthentication },

{ "loglevel", oLogLevel },

{ "dynamicforward", oDynamicForward },

{ "preferredauthentications", oPreferredAuthentications },

{ "hostkeyalgorithms", oHostKeyAlgorithms },

{ "bindaddress", oBindAddress },

{ "smartcarddevice", oSmartcardDevice },

{ "clearallforwardings", oClearAllForwardings },

{ "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },

{ NULL, 0 }

};

Line 176

Line 202

Forward *fwd;

extern uid_t original_real_uid;

if (port < IPPORT_RESERVED && original_real_uid != 0)

fatal("Privileged ports can only be forwarded by root.\n");

fatal("Privileged ports can only be forwarded by root.");

if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)

fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);

fwd = &options->local_forwards[options->num_local_forwards++];

Line 204

Line 230

fwd->host_port = host_port;

}

static void

clear_forwardings(Options *options)

{

int i;

for (i = 0; i < options->num_local_forwards; i++)

xfree(options->local_forwards[i].host);

options->num_local_forwards = 0;

for (i = 0; i < options->num_remote_forwards; i++)

xfree(options->remote_forwards[i].host);

options->num_remote_forwards = 0;

}

* Returns the number of the token pointed to by cp of length len. Never

* Returns the number of the token pointed to by cp or oBadOption.

* returns if the token is not known.

static OpCodes

parse_token(const char *cp, const char *filename, int linenum)

{

unsigned int i;

u_int i;

for (i = 0; keywords[i].name; i++)

if (strcasecmp(cp, keywords[i].name) == 0)

return keywords[i].opcode;

fprintf(stderr, "%s: line %d: Bad configuration option: %s\n",

error("%s: line %d: Bad configuration option: %s",

filename, linenum, cp);

return oBadOption;

}

Line 236

Line 274

char buf[256], *s, *string, **charptr, *endofnumber, *keyword, *arg;

int opcode, *intptr, value;

u_short fwd_port, fwd_host_port;

char sfwd_host_port[6];

s = line;

/* Get the keyword. (Each line is supposed to begin with a keyword). */

Line 243

Line 282

/* Ignore leading whitespace. */

if (*keyword == '\0')

keyword = strdelim(&s);

if (!*keyword || *keyword == '\n' || *keyword == '#')

if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')

return 0;

opcode = parse_token(keyword, filename, linenum);

Line 298

Line 337

charptr = &options->kbd_interactive_devices;

goto parse_string;

case oDSAAuthentication:

case oPubkeyAuthentication:

intptr = &options->dsa_authentication;

intptr = &options->pubkey_authentication;

goto parse_flag;

case oRSAAuthentication:

Line 310

Line 349

intptr = &options->rhosts_rsa_authentication;

goto parse_flag;

case oTISAuthentication:

case oHostbasedAuthentication:

/* fallthrough, there is no difference on the client side */

intptr = &options->hostbased_authentication;

case oSkeyAuthentication:

intptr = &options->skey_authentication;

goto parse_flag;

#ifdef KRB4

case oChallengeResponseAuthentication:

intptr = &options->challenge_response_authentication;

goto parse_flag;

#if defined(KRB4) || defined(KRB5)

case oKerberosAuthentication:

intptr = &options->kerberos_authentication;

goto parse_flag;

#endif /* KRB4 */

#endif

#if defined(AFS) || defined(KRB5)

#ifdef AFS

case oKerberosTgtPassing:

intptr = &options->kerberos_tgt_passing;

goto parse_flag;

#endif

#ifdef AFS

case oAFSTokenPassing:

intptr = &options->afs_token_passing;

goto parse_flag;

#endif

case oFallBackToRsh:

intptr = &options->fallback_to_rsh;

goto parse_flag;

Line 352

Line 391

intptr = &options->strict_host_key_checking;

arg = strdelim(&s);

if (!arg || *arg == '\0')

fatal("%.200s line %d: Missing yes/no argument.",

fatal("%.200s line %d: Missing yes/no/ask argument.",

filename, linenum);

value = 0; /* To avoid compiler warning... */

if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)

Line 375

Line 414

intptr = &options->keepalives;

goto parse_flag;

case oNoHostAuthenticationForLocalhost:

intptr = &options->no_host_authentication_for_localhost;

goto parse_flag;

case oNumberOfPasswordPrompts:

intptr = &options->number_of_password_prompts;

goto parse_int;

Line 384

Line 427

goto parse_int;

case oIdentityFile:

case oIdentityFile2:

arg = strdelim(&s);

if (!arg || *arg == '\0')

fatal("%.200s line %d: Missing argument.", filename, linenum);

if (*activep) {

intptr = (opcode == oIdentityFile) ?

intptr = &options->num_identity_files;

&options->num_identity_files :

&options->num_identity_files2;

if (*intptr >= SSH_MAX_IDENTITY_FILES)

fatal("%.200s line %d: Too many identity files specified (max %d).",

filename, linenum, SSH_MAX_IDENTITY_FILES);

charptr = (opcode == oIdentityFile) ?

charptr = &options->identity_files[*intptr];

&options->identity_files[*intptr] :

&options->identity_files2[*intptr];

*charptr = xstrdup(arg);

*intptr = *intptr + 1;

}

Line 437

Line 475

charptr = &options->hostname;

goto parse_string;

case oHostKeyAlias:

charptr = &options->host_key_alias;

goto parse_string;

case oPreferredAuthentications:

charptr = &options->preferred_authentications;

goto parse_string;

case oBindAddress:

charptr = &options->bind_address;

goto parse_string;

case oSmartcardDevice:

charptr = &options->smartcard_device;

goto parse_string;

case oProxyCommand:

charptr = &options->proxy_command;

string = xstrdup("");

Line 496

Line 550

options->ciphers = xstrdup(arg);

break;

case oMacs:

arg = strdelim(&s);

if (!arg || *arg == '\0')

fatal("%.200s line %d: Missing argument.", filename, linenum);

if (!mac_valid(arg))

fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",

filename, linenum, arg ? arg : "<NONE>");

if (*activep && options->macs == NULL)

options->macs = xstrdup(arg);

break;

case oHostKeyAlgorithms:

arg = strdelim(&s);

if (!arg || *arg == '\0')

fatal("%.200s line %d: Missing argument.", filename, linenum);

if (!key_names_valid2(arg))

fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.",

filename, linenum, arg ? arg : "<NONE>");

if (*activep && options->hostkeyalgorithms == NULL)

options->hostkeyalgorithms = xstrdup(arg);

break;

case oProtocol:

intptr = &options->protocol;

arg = strdelim(&s);

Line 514

Line 590

arg = strdelim(&s);

value = log_level_number(arg);

if (value == (LogLevel) - 1)

fatal("%.200s line %d: unsupported log level '%s'\n",

fatal("%.200s line %d: unsupported log level '%s'",

filename, linenum, arg ? arg : "<NONE>");

if (*activep && (LogLevel) * intptr == -1)

*intptr = (LogLevel) value;

break;

case oLocalForward:

case oRemoteForward:

arg = strdelim(&s);

if (!arg || *arg == '\0')

fatal("%.200s line %d: Missing argument.", filename, linenum);

fatal("%.200s line %d: Missing port argument.",

if (arg[0] < '0' || arg[0] > '9')

filename, linenum);

fatal("%.200s line %d: Badly formatted port number.",

if ((fwd_port = a2port(arg)) == 0)

filename, linenum);

fatal("%.200s line %d: Bad listen port.",

fwd_port = atoi(arg);

filename, linenum);

arg = strdelim(&s);

if (!arg || *arg == '\0')

fatal("%.200s line %d: Missing second argument.",

filename, linenum);

if (sscanf(arg, "%255[^:]:%hu", buf, &fwd_host_port) != 2)

if (sscanf(arg, "%255[^:]:%5[0-9]", buf, sfwd_host_port) != 2 &&

fatal("%.200s line %d: Badly formatted host:port.",

sscanf(arg, "%255[^/]/%5[0-9]", buf, sfwd_host_port) != 2)

filename, linenum);

fatal("%.200s line %d: Bad forwarding specification.",

if (*activep)

filename, linenum);

add_remote_forward(options, fwd_port, buf, fwd_host_port);

if ((fwd_host_port = a2port(sfwd_host_port)) == 0)

fatal("%.200s line %d: Bad forwarding port.",

filename, linenum);

if (*activep) {

if (opcode == oLocalForward)

add_local_forward(options, fwd_port, buf,

fwd_host_port);

else if (opcode == oRemoteForward)

add_remote_forward(options, fwd_port, buf,

fwd_host_port);

}

break;

case oLocalForward:

case oDynamicForward:

arg = strdelim(&s);

if (!arg || *arg == '\0')

fatal("%.200s line %d: Missing argument.", filename, linenum);

fatal("%.200s line %d: Missing port argument.",

if (arg[0] < '0' || arg[0] > '9')

filename, linenum);

fwd_port = a2port(arg);

if (fwd_port == 0)

fatal("%.200s line %d: Badly formatted port number.",

filename, linenum);

fwd_port = atoi(arg);

arg = strdelim(&s);

if (!arg || *arg == '\0')

fatal("%.200s line %d: Missing second argument.",

filename, linenum);

if (sscanf(arg, "%255[^:]:%hu", buf, &fwd_host_port) != 2)

fatal("%.200s line %d: Badly formatted host:port.",

filename, linenum);

if (*activep)

add_local_forward(options, fwd_port, buf, fwd_host_port);

add_local_forward(options, fwd_port, "socks4", 0);

break;

case oClearAllForwardings:

intptr = &options->clear_forwardings;

goto parse_flag;

case oHost:

*activep = 0;

while ((arg = strdelim(&s)) != NULL && *arg != '\0')

Line 575

Line 660

if (!arg || *arg == '\0')

fatal("%.200s line %d: Missing argument.", filename, linenum);

if (arg[0] == '^' && arg[2] == 0 &&

(unsigned char) arg[1] >= 64 && (unsigned char) arg[1] < 128)

(u_char) arg[1] >= 64 && (u_char) arg[1] < 128)

value = (unsigned char) arg[1] & 31;

value = (u_char) arg[1] & 31;

else if (strlen(arg) == 1)

value = (unsigned char) arg[0];

value = (u_char) arg[0];

else if (strcmp(arg, "none") == 0)

value = -2;

value = SSH_ESCAPECHAR_NONE;

else {

fatal("%.200s line %d: Bad escape character.",

filename, linenum);

Line 596

Line 681

}

/* Check that there is no garbage at end of line. */

if ((arg = strdelim(&s)) != NULL && *arg != '\0')

if ((arg = strdelim(&s)) != NULL && *arg != '\0') {

{

fatal("%.200s line %d: garbage at end of line; \"%.200s\".",

filename, linenum, arg);

}

Line 608

Line 692

* Reads the config file and modifies the options accordingly. Options

* should already be initialized before this call. This never returns if

* there is an error. If the file does not exist, this returns immediately.

* there is an error. If the file does not exist, this returns 0.

void

int

read_config_file(const char *filename, const char *host, Options *options)

{

FILE *f;

Line 622

Line 706

/* Open the file. */

f = fopen(filename, "r");

if (!f)

return;

return 0;

debug("Reading configuration data %.200s", filename);

Line 640

Line 724

}

fclose(f);

if (bad_options > 0)

fatal("%s: terminating, %d bad configuration options\n",

fatal("%s: terminating, %d bad configuration options",

filename, bad_options);

return 1;

}

Line 662

Line 747

options->use_privileged_port = -1;

options->rhosts_authentication = -1;

options->rsa_authentication = -1;

options->dsa_authentication = -1;

options->pubkey_authentication = -1;

options->skey_authentication = -1;

options->challenge_response_authentication = -1;

#ifdef KRB4

#if defined(KRB4) || defined(KRB5)

options->kerberos_authentication = -1;

#endif

#ifdef AFS

#if defined(AFS) || defined(KRB5)

options->kerberos_tgt_passing = -1;

#endif

#ifdef AFS

options->afs_token_passing = -1;

#endif

options->password_authentication = -1;

options->kbd_interactive_authentication = -1;

options->kbd_interactive_devices = NULL;

options->rhosts_rsa_authentication = -1;

options->hostbased_authentication = -1;

options->fallback_to_rsh = -1;

options->use_rsh = -1;

options->batch_mode = -1;

Line 688

Line 776

options->number_of_password_prompts = -1;

options->cipher = -1;

options->ciphers = NULL;

options->macs = NULL;

options->hostkeyalgorithms = NULL;

options->protocol = SSH_PROTO_UNKNOWN;

options->num_identity_files = 0;

options->num_identity_files2 = 0;

options->hostname = NULL;

options->host_key_alias = NULL;

options->proxy_command = NULL;

options->user = NULL;

options->escape_char = -1;

Line 701

Line 791

options->user_hostfile2 = NULL;

options->num_local_forwards = 0;

options->num_remote_forwards = 0;

options->clear_forwardings = -1;

options->log_level = (LogLevel) - 1;

options->preferred_authentications = NULL;

options->bind_address = NULL;

options->smartcard_device = NULL;

options->no_host_authentication_for_localhost = - 1;

}

Line 712

Line 807

void

fill_default_options(Options * options)

{

int len;

if (options->forward_agent == -1)

options->forward_agent = 0;

if (options->forward_x11 == -1)

options->forward_x11 = 0;

#ifdef XAUTH_PATH

#ifdef _PATH_XAUTH

if (options->xauth_location == NULL)

options->xauth_location = XAUTH_PATH;

options->xauth_location = _PATH_XAUTH;

#endif /* XAUTH_PATH */

#endif

if (options->gateway_ports == -1)

options->gateway_ports = 0;

if (options->use_privileged_port == -1)

options->use_privileged_port = 1;

options->use_privileged_port = 0;

if (options->rhosts_authentication == -1)

options->rhosts_authentication = 1;

if (options->rsa_authentication == -1)

options->rsa_authentication = 1;

if (options->dsa_authentication == -1)

if (options->pubkey_authentication == -1)

options->dsa_authentication = 1;

options->pubkey_authentication = 1;

if (options->skey_authentication == -1)

if (options->challenge_response_authentication == -1)

options->skey_authentication = 0;

options->challenge_response_authentication = 1;

#ifdef KRB4

#if defined(KRB4) || defined(KRB5)

if (options->kerberos_authentication == -1)

options->kerberos_authentication = 1;

#endif /* KRB4 */

#endif

#ifdef AFS

#if defined(AFS) || defined(KRB5)

if (options->kerberos_tgt_passing == -1)

options->kerberos_tgt_passing = 1;

#endif

#ifdef AFS

if (options->afs_token_passing == -1)

options->afs_token_passing = 1;

#endif /* AFS */

#endif

if (options->password_authentication == -1)

options->password_authentication = 1;

if (options->kbd_interactive_authentication == -1)

options->kbd_interactive_authentication = 0;

options->kbd_interactive_authentication = 1;

if (options->rhosts_rsa_authentication == -1)

options->rhosts_rsa_authentication = 1;

if (options->hostbased_authentication == -1)

options->hostbased_authentication = 0;

if (options->fallback_to_rsh == -1)

options->fallback_to_rsh = 0;

if (options->use_rsh == -1)

Line 767

Line 868

if (options->port == -1)

options->port = 0; /* Filled in ssh_connect. */

if (options->connection_attempts == -1)

options->connection_attempts = 4;

options->connection_attempts = 1;

if (options->number_of_password_prompts == -1)

options->number_of_password_prompts = 3;

/* Selected in ssh_login(). */

if (options->cipher == -1)

options->cipher = SSH_CIPHER_NOT_SET;

/* options->ciphers, default set in myproposals.h */

/* options->macs, default set in myproposals.h */

/* options->hostkeyalgorithms, default set in myproposals.h */

if (options->protocol == SSH_PROTO_UNKNOWN)

options->protocol = SSH_PROTO_1|SSH_PROTO_2|SSH_PROTO_1_PREFERRED;

options->protocol = SSH_PROTO_1|SSH_PROTO_2;

if (options->num_identity_files == 0) {

options->identity_files[0] =

if (options->protocol & SSH_PROTO_1) {

xmalloc(2 + strlen(SSH_CLIENT_IDENTITY) + 1);

len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;

sprintf(options->identity_files[0], "~/%.100s", SSH_CLIENT_IDENTITY);

options->identity_files[options->num_identity_files] =

options->num_identity_files = 1;

xmalloc(len);

snprintf(options->identity_files[options->num_identity_files++],

len, "~/%.100s", _PATH_SSH_CLIENT_IDENTITY);

}

if (options->protocol & SSH_PROTO_2) {

len = 2 + strlen(_PATH_SSH_CLIENT_ID_RSA) + 1;

options->identity_files[options->num_identity_files] =

xmalloc(len);

snprintf(options->identity_files[options->num_identity_files++],

len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA);

len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1;

options->identity_files[options->num_identity_files] =

xmalloc(len);

snprintf(options->identity_files[options->num_identity_files++],

len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);

}

if (options->num_identity_files2 == 0) {

options->identity_files2[0] =

xmalloc(2 + strlen(SSH_CLIENT_ID_DSA) + 1);

sprintf(options->identity_files2[0], "~/%.100s", SSH_CLIENT_ID_DSA);

options->num_identity_files2 = 1;

}

if (options->escape_char == -1)

options->escape_char = '~';

if (options->system_hostfile == NULL)

options->system_hostfile = SSH_SYSTEM_HOSTFILE;

options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE;

if (options->user_hostfile == NULL)

options->user_hostfile = SSH_USER_HOSTFILE;

options->user_hostfile = _PATH_SSH_USER_HOSTFILE;

if (options->system_hostfile2 == NULL)

options->system_hostfile2 = SSH_SYSTEM_HOSTFILE2;

options->system_hostfile2 = _PATH_SSH_SYSTEM_HOSTFILE2;

if (options->user_hostfile2 == NULL)

options->user_hostfile2 = SSH_USER_HOSTFILE2;

options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2;

if (options->log_level == (LogLevel) - 1)

options->log_level = SYSLOG_LEVEL_INFO;

if (options->clear_forwardings == 1)

clear_forwardings(options);

if (options->no_host_authentication_for_localhost == - 1)

options->no_host_authentication_for_localhost = 0;

/* options->proxy_command should not be set by default */

/* options->user will be set in the main program if appropriate */

/* options->hostname will be set in the main program if appropriate */

/* options->host_key_alias should not be set by default */

/* options->preferred_authentications will be set in ssh */

}