summaryrefslogtreecommitdiff
path: root/readconf.c
diff options
context:
space:
mode:
Diffstat (limited to 'readconf.c')
-rw-r--r--readconf.c160
1 files changed, 122 insertions, 38 deletions
diff --git a/readconf.c b/readconf.c
index 9812b8d98..1b9494d7c 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: readconf.c,v 1.309 2019/09/06 14:45:34 naddy Exp $ */ 1/* $OpenBSD: readconf.c,v 1.326 2020/02/06 22:46:31 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,9 +35,9 @@
35#endif 35#endif
36#include <pwd.h> 36#include <pwd.h>
37#include <signal.h> 37#include <signal.h>
38#include <stdarg.h>
39#include <stdio.h> 38#include <stdio.h>
40#include <string.h> 39#include <string.h>
40#include <stdarg.h>
41#include <unistd.h> 41#include <unistd.h>
42#ifdef USE_SYSTEM_GLOB 42#ifdef USE_SYSTEM_GLOB
43# include <glob.h> 43# include <glob.h>
@@ -122,8 +122,6 @@
122 ForwardAgent no 122 ForwardAgent no
123 ForwardX11 no 123 ForwardX11 no
124 PasswordAuthentication yes 124 PasswordAuthentication yes
125 RSAAuthentication yes
126 RhostsRSAAuthentication yes
127 StrictHostKeyChecking yes 125 StrictHostKeyChecking yes
128 TcpKeepAlive no 126 TcpKeepAlive no
129 IdentityFile ~/.ssh/identity 127 IdentityFile ~/.ssh/identity
@@ -147,15 +145,15 @@ typedef enum {
147 oHost, oMatch, oInclude, 145 oHost, oMatch, oInclude,
148 oForwardAgent, oForwardX11, oForwardX11Trusted, oForwardX11Timeout, 146 oForwardAgent, oForwardX11, oForwardX11Trusted, oForwardX11Timeout,
149 oGatewayPorts, oExitOnForwardFailure, 147 oGatewayPorts, oExitOnForwardFailure,
150 oPasswordAuthentication, oRSAAuthentication, 148 oPasswordAuthentication,
151 oChallengeResponseAuthentication, oXAuthLocation, 149 oChallengeResponseAuthentication, oXAuthLocation,
152 oIdentityFile, oHostname, oPort, oCipher, oRemoteForward, oLocalForward, 150 oIdentityFile, oHostname, oPort, oRemoteForward, oLocalForward,
153 oCertificateFile, oAddKeysToAgent, oIdentityAgent, 151 oCertificateFile, oAddKeysToAgent, oIdentityAgent,
154 oUser, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, 152 oUser, oEscapeChar, oProxyCommand,
155 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, 153 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
156 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, 154 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
157 oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts, 155 oTCPKeepAlive, oNumberOfPasswordPrompts,
158 oUsePrivilegedPort, oLogFacility, oLogLevel, oCiphers, oMacs, 156 oLogFacility, oLogLevel, oCiphers, oMacs,
159 oPubkeyAuthentication, 157 oPubkeyAuthentication,
160 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, 158 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
161 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, 159 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
@@ -177,6 +175,7 @@ typedef enum {
177 oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys, 175 oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys,
178 oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes, 176 oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes,
179 oPubkeyAcceptedKeyTypes, oCASignatureAlgorithms, oProxyJump, 177 oPubkeyAcceptedKeyTypes, oCASignatureAlgorithms, oProxyJump,
178 oSecurityKeyProvider,
180 oProtocolKeepAlives, oSetupTimeOut, 179 oProtocolKeepAlives, oSetupTimeOut,
181 oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported 180 oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported
182} OpCodes; 181} OpCodes;
@@ -203,6 +202,9 @@ static struct {
203 { "afstokenpassing", oUnsupported }, 202 { "afstokenpassing", oUnsupported },
204 { "kerberosauthentication", oUnsupported }, 203 { "kerberosauthentication", oUnsupported },
205 { "kerberostgtpassing", oUnsupported }, 204 { "kerberostgtpassing", oUnsupported },
205 { "rsaauthentication", oUnsupported },
206 { "rhostsrsaauthentication", oUnsupported },
207 { "compressionlevel", oUnsupported },
206 208
207 /* Sometimes-unsupported options */ 209 /* Sometimes-unsupported options */
208#if defined(GSSAPI) 210#if defined(GSSAPI)
@@ -231,9 +233,6 @@ static struct {
231 { "smartcarddevice", oUnsupported }, 233 { "smartcarddevice", oUnsupported },
232 { "pkcs11provider", oUnsupported }, 234 { "pkcs11provider", oUnsupported },
233#endif 235#endif
234 { "rsaauthentication", oUnsupported },
235 { "rhostsrsaauthentication", oUnsupported },
236 { "compressionlevel", oUnsupported },
237 236
238 { "forwardagent", oForwardAgent }, 237 { "forwardagent", oForwardAgent },
239 { "forwardx11", oForwardX11 }, 238 { "forwardx11", oForwardX11 },
@@ -327,12 +326,23 @@ static struct {
327 { "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes }, 326 { "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes },
328 { "ignoreunknown", oIgnoreUnknown }, 327 { "ignoreunknown", oIgnoreUnknown },
329 { "proxyjump", oProxyJump }, 328 { "proxyjump", oProxyJump },
329 { "securitykeyprovider", oSecurityKeyProvider },
330 { "protocolkeepalives", oProtocolKeepAlives }, 330 { "protocolkeepalives", oProtocolKeepAlives },
331 { "setuptimeout", oSetupTimeOut }, 331 { "setuptimeout", oSetupTimeOut },
332 332
333 { NULL, oBadOption } 333 { NULL, oBadOption }
334}; 334};
335 335
336static char *kex_default_pk_alg_filtered;
337
338const char *
339kex_default_pk_alg(void)
340{
341 if (kex_default_pk_alg_filtered == NULL)
342 fatal("kex_default_pk_alg not initialized.");
343 return kex_default_pk_alg_filtered;
344}
345
336/* 346/*
337 * Adds a local TCP/IP port forward to options. Never returns if there is an 347 * Adds a local TCP/IP port forward to options. Never returns if there is an
338 * error. 348 * error.
@@ -537,7 +547,7 @@ execute_in_shell(const char *cmd)
537 execv(argv[0], argv); 547 execv(argv[0], argv);
538 error("Unable to execute '%.100s': %s", cmd, strerror(errno)); 548 error("Unable to execute '%.100s': %s", cmd, strerror(errno));
539 /* Die with signal to make this error apparent to parent. */ 549 /* Die with signal to make this error apparent to parent. */
540 signal(SIGTERM, SIG_DFL); 550 ssh_signal(SIGTERM, SIG_DFL);
541 kill(getpid(), SIGTERM); 551 kill(getpid(), SIGTERM);
542 _exit(1); 552 _exit(1);
543 } 553 }
@@ -846,6 +856,13 @@ static const struct multistate multistate_canonicalizehostname[] = {
846 { "always", SSH_CANONICALISE_ALWAYS }, 856 { "always", SSH_CANONICALISE_ALWAYS },
847 { NULL, -1 } 857 { NULL, -1 }
848}; 858};
859static const struct multistate multistate_compression[] = {
860#ifdef WITH_ZLIB
861 { "yes", COMP_ZLIB },
862#endif
863 { "no", COMP_NONE },
864 { NULL, -1 }
865};
849 866
850/* 867/*
851 * Processes a single option line as used in the configuration files. This 868 * Processes a single option line as used in the configuration files. This
@@ -938,6 +955,34 @@ parse_time:
938 955
939 case oForwardAgent: 956 case oForwardAgent:
940 intptr = &options->forward_agent; 957 intptr = &options->forward_agent;
958
959 arg = strdelim(&s);
960 if (!arg || *arg == '\0')
961 fatal("%s line %d: missing argument.",
962 filename, linenum);
963
964 value = -1;
965 multistate_ptr = multistate_flag;
966 for (i = 0; multistate_ptr[i].key != NULL; i++) {
967 if (strcasecmp(arg, multistate_ptr[i].key) == 0) {
968 value = multistate_ptr[i].value;
969 break;
970 }
971 }
972 if (value != -1) {
973 if (*activep && *intptr == -1)
974 *intptr = value;
975 break;
976 }
977 /* ForwardAgent wasn't 'yes' or 'no', assume a path */
978 if (*activep && *intptr == -1)
979 *intptr = 1;
980
981 charptr = &options->forward_agent_sock_path;
982 goto parse_agent_path;
983
984 case oForwardX11:
985 intptr = &options->forward_x11;
941 parse_flag: 986 parse_flag:
942 multistate_ptr = multistate_flag; 987 multistate_ptr = multistate_flag;
943 parse_multistate: 988 parse_multistate:
@@ -959,10 +1004,6 @@ parse_time:
959 *intptr = value; 1004 *intptr = value;
960 break; 1005 break;
961 1006
962 case oForwardX11:
963 intptr = &options->forward_x11;
964 goto parse_flag;
965
966 case oForwardX11Trusted: 1007 case oForwardX11Trusted:
967 intptr = &options->forward_x11_trusted; 1008 intptr = &options->forward_x11_trusted;
968 goto parse_flag; 1009 goto parse_flag;
@@ -1063,7 +1104,8 @@ parse_time:
1063 1104
1064 case oCompression: 1105 case oCompression:
1065 intptr = &options->compression; 1106 intptr = &options->compression;
1066 goto parse_flag; 1107 multistate_ptr = multistate_compression;
1108 goto parse_multistate;
1067 1109
1068 case oTCPKeepAlive: 1110 case oTCPKeepAlive:
1069 intptr = &options->tcp_keep_alive; 1111 intptr = &options->tcp_keep_alive;
@@ -1197,6 +1239,10 @@ parse_char_array:
1197 charptr = &options->pkcs11_provider; 1239 charptr = &options->pkcs11_provider;
1198 goto parse_string; 1240 goto parse_string;
1199 1241
1242 case oSecurityKeyProvider:
1243 charptr = &options->sk_provider;
1244 goto parse_string;
1245
1200 case oProxyCommand: 1246 case oProxyCommand:
1201 charptr = &options->proxy_command; 1247 charptr = &options->proxy_command;
1202 /* Ignore ProxyCommand if ProxyJump already specified */ 1248 /* Ignore ProxyCommand if ProxyJump already specified */
@@ -1606,12 +1652,12 @@ parse_keytypes:
1606 "files",filename, linenum, arg2); 1652 "files",filename, linenum, arg2);
1607 free(arg2); 1653 free(arg2);
1608 continue; 1654 continue;
1609 } else if (r != 0 || gl.gl_pathc < 0) 1655 } else if (r != 0)
1610 fatal("%.200s line %d: glob failed for %s.", 1656 fatal("%.200s line %d: glob failed for %s.",
1611 filename, linenum, arg2); 1657 filename, linenum, arg2);
1612 free(arg2); 1658 free(arg2);
1613 oactive = *activep; 1659 oactive = *activep;
1614 for (i = 0; i < (u_int)gl.gl_pathc; i++) { 1660 for (i = 0; i < gl.gl_pathc; i++) {
1615 debug3("%.200s line %d: Including file %s " 1661 debug3("%.200s line %d: Including file %s "
1616 "depth %d%s", filename, linenum, 1662 "depth %d%s", filename, linenum,
1617 gl.gl_pathv[i], depth, 1663 gl.gl_pathv[i], depth,
@@ -1785,6 +1831,7 @@ parse_keytypes:
1785 if (!arg || *arg == '\0') 1831 if (!arg || *arg == '\0')
1786 fatal("%.200s line %d: Missing argument.", 1832 fatal("%.200s line %d: Missing argument.",
1787 filename, linenum); 1833 filename, linenum);
1834 parse_agent_path:
1788 /* Extra validation if the string represents an env var. */ 1835 /* Extra validation if the string represents an env var. */
1789 if (arg[0] == '$' && !valid_env_name(arg + 1)) { 1836 if (arg[0] == '$' && !valid_env_name(arg + 1)) {
1790 fatal("%.200s line %d: Invalid environment name %s.", 1837 fatal("%.200s line %d: Invalid environment name %s.",
@@ -1901,6 +1948,7 @@ initialize_options(Options * options)
1901{ 1948{
1902 memset(options, 'X', sizeof(*options)); 1949 memset(options, 'X', sizeof(*options));
1903 options->forward_agent = -1; 1950 options->forward_agent = -1;
1951 options->forward_agent_sock_path = NULL;
1904 options->forward_x11 = -1; 1952 options->forward_x11 = -1;
1905 options->forward_x11_trusted = -1; 1953 options->forward_x11_trusted = -1;
1906 options->forward_x11_timeout = -1; 1954 options->forward_x11_timeout = -1;
@@ -1964,6 +2012,7 @@ initialize_options(Options * options)
1964 options->bind_address = NULL; 2012 options->bind_address = NULL;
1965 options->bind_interface = NULL; 2013 options->bind_interface = NULL;
1966 options->pkcs11_provider = NULL; 2014 options->pkcs11_provider = NULL;
2015 options->sk_provider = NULL;
1967 options->enable_ssh_keysign = - 1; 2016 options->enable_ssh_keysign = - 1;
1968 options->no_host_authentication_for_localhost = - 1; 2017 options->no_host_authentication_for_localhost = - 1;
1969 options->identities_only = - 1; 2018 options->identities_only = - 1;
@@ -2030,6 +2079,7 @@ void
2030fill_default_options(Options * options) 2079fill_default_options(Options * options)
2031{ 2080{
2032 char *all_cipher, *all_mac, *all_kex, *all_key, *all_sig; 2081 char *all_cipher, *all_mac, *all_kex, *all_key, *all_sig;
2082 char *def_cipher, *def_mac, *def_kex, *def_key, *def_sig;
2033 int r; 2083 int r;
2034 2084
2035 if (options->forward_agent == -1) 2085 if (options->forward_agent == -1)
@@ -2111,9 +2161,13 @@ fill_default_options(Options * options)
2111 add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_DSA, 0); 2161 add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_DSA, 0);
2112#ifdef OPENSSL_HAS_ECC 2162#ifdef OPENSSL_HAS_ECC
2113 add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ECDSA, 0); 2163 add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ECDSA, 0);
2164 add_identity_file(options, "~/",
2165 _PATH_SSH_CLIENT_ID_ECDSA_SK, 0);
2114#endif 2166#endif
2115 add_identity_file(options, "~/", 2167 add_identity_file(options, "~/",
2116 _PATH_SSH_CLIENT_ID_ED25519, 0); 2168 _PATH_SSH_CLIENT_ID_ED25519, 0);
2169 add_identity_file(options, "~/",
2170 _PATH_SSH_CLIENT_ID_ED25519_SK, 0);
2117 add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_XMSS, 0); 2171 add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_XMSS, 0);
2118 } 2172 }
2119 if (options->escape_char == -1) 2173 if (options->escape_char == -1)
@@ -2124,6 +2178,8 @@ fill_default_options(Options * options)
2124 options->system_hostfiles[options->num_system_hostfiles++] = 2178 options->system_hostfiles[options->num_system_hostfiles++] =
2125 xstrdup(_PATH_SSH_SYSTEM_HOSTFILE2); 2179 xstrdup(_PATH_SSH_SYSTEM_HOSTFILE2);
2126 } 2180 }
2181 if (options->update_hostkeys == -1)
2182 options->update_hostkeys = SSH_UPDATE_HOSTKEYS_NO;
2127 if (options->num_user_hostfiles == 0) { 2183 if (options->num_user_hostfiles == 0) {
2128 options->user_hostfiles[options->num_user_hostfiles++] = 2184 options->user_hostfiles[options->num_user_hostfiles++] =
2129 xstrdup(_PATH_SSH_USER_HOSTFILE); 2185 xstrdup(_PATH_SSH_USER_HOSTFILE);
@@ -2189,8 +2245,13 @@ fill_default_options(Options * options)
2189 options->canonicalize_hostname = SSH_CANONICALISE_NO; 2245 options->canonicalize_hostname = SSH_CANONICALISE_NO;
2190 if (options->fingerprint_hash == -1) 2246 if (options->fingerprint_hash == -1)
2191 options->fingerprint_hash = SSH_FP_HASH_DEFAULT; 2247 options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
2192 if (options->update_hostkeys == -1) 2248#ifdef ENABLE_SK_INTERNAL
2193 options->update_hostkeys = 0; 2249 if (options->sk_provider == NULL)
2250 options->sk_provider = xstrdup("internal");
2251#else
2252 if (options->sk_provider == NULL)
2253 options->sk_provider = xstrdup("$SSH_SK_PROVIDER");
2254#endif
2194 2255
2195 /* Expand KEX name lists */ 2256 /* Expand KEX name lists */
2196 all_cipher = cipher_alg_list(',', 0); 2257 all_cipher = cipher_alg_list(',', 0);
@@ -2198,24 +2259,35 @@ fill_default_options(Options * options)
2198 all_kex = kex_alg_list(','); 2259 all_kex = kex_alg_list(',');
2199 all_key = sshkey_alg_list(0, 0, 1, ','); 2260 all_key = sshkey_alg_list(0, 0, 1, ',');
2200 all_sig = sshkey_alg_list(0, 1, 1, ','); 2261 all_sig = sshkey_alg_list(0, 1, 1, ',');
2262 /* remove unsupported algos from default lists */
2263 def_cipher = match_filter_whitelist(KEX_CLIENT_ENCRYPT, all_cipher);
2264 def_mac = match_filter_whitelist(KEX_CLIENT_MAC, all_mac);
2265 def_kex = match_filter_whitelist(KEX_CLIENT_KEX, all_kex);
2266 def_key = match_filter_whitelist(KEX_DEFAULT_PK_ALG, all_key);
2267 def_sig = match_filter_whitelist(SSH_ALLOWED_CA_SIGALGS, all_sig);
2201#define ASSEMBLE(what, defaults, all) \ 2268#define ASSEMBLE(what, defaults, all) \
2202 do { \ 2269 do { \
2203 if ((r = kex_assemble_names(&options->what, \ 2270 if ((r = kex_assemble_names(&options->what, \
2204 defaults, all)) != 0) \ 2271 defaults, all)) != 0) \
2205 fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \ 2272 fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \
2206 } while (0) 2273 } while (0)
2207 ASSEMBLE(ciphers, KEX_CLIENT_ENCRYPT, all_cipher); 2274 ASSEMBLE(ciphers, def_cipher, all_cipher);
2208 ASSEMBLE(macs, KEX_CLIENT_MAC, all_mac); 2275 ASSEMBLE(macs, def_mac, all_mac);
2209 ASSEMBLE(kex_algorithms, KEX_CLIENT_KEX, all_kex); 2276 ASSEMBLE(kex_algorithms, def_kex, all_kex);
2210 ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key); 2277 ASSEMBLE(hostbased_key_types, def_key, all_key);
2211 ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key); 2278 ASSEMBLE(pubkey_key_types, def_key, all_key);
2212 ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, all_sig); 2279 ASSEMBLE(ca_sign_algorithms, def_sig, all_sig);
2213#undef ASSEMBLE 2280#undef ASSEMBLE
2214 free(all_cipher); 2281 free(all_cipher);
2215 free(all_mac); 2282 free(all_mac);
2216 free(all_kex); 2283 free(all_kex);
2217 free(all_key); 2284 free(all_key);
2218 free(all_sig); 2285 free(all_sig);
2286 free(def_cipher);
2287 free(def_mac);
2288 free(def_kex);
2289 kex_default_pk_alg_filtered = def_key; /* save for later use */
2290 free(def_sig);
2219 2291
2220#define CLEAR_ON_NONE(v) \ 2292#define CLEAR_ON_NONE(v) \
2221 do { \ 2293 do { \
@@ -2230,6 +2302,7 @@ fill_default_options(Options * options)
2230 CLEAR_ON_NONE(options->control_path); 2302 CLEAR_ON_NONE(options->control_path);
2231 CLEAR_ON_NONE(options->revoked_host_keys); 2303 CLEAR_ON_NONE(options->revoked_host_keys);
2232 CLEAR_ON_NONE(options->pkcs11_provider); 2304 CLEAR_ON_NONE(options->pkcs11_provider);
2305 CLEAR_ON_NONE(options->sk_provider);
2233 if (options->jump_host != NULL && 2306 if (options->jump_host != NULL &&
2234 strcmp(options->jump_host, "none") == 0 && 2307 strcmp(options->jump_host, "none") == 0 &&
2235 options->jump_port == 0 && options->jump_user == NULL) { 2308 options->jump_port == 0 && options->jump_user == NULL) {
@@ -2663,14 +2736,19 @@ dump_cfg_forwards(OpCodes code, u_int count, const struct Forward *fwds)
2663void 2736void
2664dump_client_config(Options *o, const char *host) 2737dump_client_config(Options *o, const char *host)
2665{ 2738{
2666 int i; 2739 int i, r;
2667 char buf[8], *all_key; 2740 char buf[8], *all_key;
2668 2741
2669 /* This is normally prepared in ssh_kex2 */ 2742 /*
2743 * Expand HostKeyAlgorithms name lists. This isn't handled in
2744 * fill_default_options() like the other algorithm lists because
2745 * the host key algorithms are by default dynamically chosen based
2746 * on the host's keys found in known_hosts.
2747 */
2670 all_key = sshkey_alg_list(0, 0, 1, ','); 2748 all_key = sshkey_alg_list(0, 0, 1, ',');
2671 if (kex_assemble_names( &o->hostkeyalgorithms, 2749 if ((r = kex_assemble_names(&o->hostkeyalgorithms, kex_default_pk_alg(),
2672 KEX_DEFAULT_PK_ALG, all_key) != 0) 2750 all_key)) != 0)
2673 fatal("%s: kex_assemble_names failed", __func__); 2751 fatal("%s: expand HostKeyAlgorithms: %s", __func__, ssh_err(r));
2674 free(all_key); 2752 free(all_key);
2675 2753
2676 /* Most interesting options first: user, host, port */ 2754 /* Most interesting options first: user, host, port */
@@ -2692,7 +2770,6 @@ dump_client_config(Options *o, const char *host)
2692 dump_cfg_fmtint(oClearAllForwardings, o->clear_forwardings); 2770 dump_cfg_fmtint(oClearAllForwardings, o->clear_forwardings);
2693 dump_cfg_fmtint(oExitOnForwardFailure, o->exit_on_forward_failure); 2771 dump_cfg_fmtint(oExitOnForwardFailure, o->exit_on_forward_failure);
2694 dump_cfg_fmtint(oFingerprintHash, o->fingerprint_hash); 2772 dump_cfg_fmtint(oFingerprintHash, o->fingerprint_hash);
2695 dump_cfg_fmtint(oForwardAgent, o->forward_agent);
2696 dump_cfg_fmtint(oForwardX11, o->forward_x11); 2773 dump_cfg_fmtint(oForwardX11, o->forward_x11);
2697 dump_cfg_fmtint(oForwardX11Trusted, o->forward_x11_trusted); 2774 dump_cfg_fmtint(oForwardX11Trusted, o->forward_x11_trusted);
2698 dump_cfg_fmtint(oGatewayPorts, o->fwd_opts.gateway_ports); 2775 dump_cfg_fmtint(oGatewayPorts, o->fwd_opts.gateway_ports);
@@ -2736,7 +2813,7 @@ dump_client_config(Options *o, const char *host)
2736 /* String options */ 2813 /* String options */
2737 dump_cfg_string(oBindAddress, o->bind_address); 2814 dump_cfg_string(oBindAddress, o->bind_address);
2738 dump_cfg_string(oBindInterface, o->bind_interface); 2815 dump_cfg_string(oBindInterface, o->bind_interface);
2739 dump_cfg_string(oCiphers, o->ciphers ? o->ciphers : KEX_CLIENT_ENCRYPT); 2816 dump_cfg_string(oCiphers, o->ciphers);
2740 dump_cfg_string(oControlPath, o->control_path); 2817 dump_cfg_string(oControlPath, o->control_path);
2741 dump_cfg_string(oHostKeyAlgorithms, o->hostkeyalgorithms); 2818 dump_cfg_string(oHostKeyAlgorithms, o->hostkeyalgorithms);
2742 dump_cfg_string(oHostKeyAlias, o->host_key_alias); 2819 dump_cfg_string(oHostKeyAlias, o->host_key_alias);
@@ -2744,15 +2821,16 @@ dump_client_config(Options *o, const char *host)
2744 dump_cfg_string(oIdentityAgent, o->identity_agent); 2821 dump_cfg_string(oIdentityAgent, o->identity_agent);
2745 dump_cfg_string(oIgnoreUnknown, o->ignored_unknown); 2822 dump_cfg_string(oIgnoreUnknown, o->ignored_unknown);
2746 dump_cfg_string(oKbdInteractiveDevices, o->kbd_interactive_devices); 2823 dump_cfg_string(oKbdInteractiveDevices, o->kbd_interactive_devices);
2747 dump_cfg_string(oKexAlgorithms, o->kex_algorithms ? o->kex_algorithms : KEX_CLIENT_KEX); 2824 dump_cfg_string(oKexAlgorithms, o->kex_algorithms);
2748 dump_cfg_string(oCASignatureAlgorithms, o->ca_sign_algorithms ? o->ca_sign_algorithms : SSH_ALLOWED_CA_SIGALGS); 2825 dump_cfg_string(oCASignatureAlgorithms, o->ca_sign_algorithms);
2749 dump_cfg_string(oLocalCommand, o->local_command); 2826 dump_cfg_string(oLocalCommand, o->local_command);
2750 dump_cfg_string(oRemoteCommand, o->remote_command); 2827 dump_cfg_string(oRemoteCommand, o->remote_command);
2751 dump_cfg_string(oLogLevel, log_level_name(o->log_level)); 2828 dump_cfg_string(oLogLevel, log_level_name(o->log_level));
2752 dump_cfg_string(oMacs, o->macs ? o->macs : KEX_CLIENT_MAC); 2829 dump_cfg_string(oMacs, o->macs);
2753#ifdef ENABLE_PKCS11 2830#ifdef ENABLE_PKCS11
2754 dump_cfg_string(oPKCS11Provider, o->pkcs11_provider); 2831 dump_cfg_string(oPKCS11Provider, o->pkcs11_provider);
2755#endif 2832#endif
2833 dump_cfg_string(oSecurityKeyProvider, o->sk_provider);
2756 dump_cfg_string(oPreferredAuthentications, o->preferred_authentications); 2834 dump_cfg_string(oPreferredAuthentications, o->preferred_authentications);
2757 dump_cfg_string(oPubkeyAcceptedKeyTypes, o->pubkey_key_types); 2835 dump_cfg_string(oPubkeyAcceptedKeyTypes, o->pubkey_key_types);
2758 dump_cfg_string(oRevokedHostKeys, o->revoked_host_keys); 2836 dump_cfg_string(oRevokedHostKeys, o->revoked_host_keys);
@@ -2774,6 +2852,12 @@ dump_client_config(Options *o, const char *host)
2774 2852
2775 /* Special cases */ 2853 /* Special cases */
2776 2854
2855 /* oForwardAgent */
2856 if (o->forward_agent_sock_path == NULL)
2857 dump_cfg_fmtint(oForwardAgent, o->forward_agent);
2858 else
2859 dump_cfg_string(oForwardAgent, o->forward_agent_sock_path);
2860
2777 /* oConnectTimeout */ 2861 /* oConnectTimeout */
2778 if (o->connection_timeout == -1) 2862 if (o->connection_timeout == -1)
2779 printf("connecttimeout none\n"); 2863 printf("connecttimeout none\n");
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-26 18:15:17 +0000