本站源代码
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

163 lines
8.2KB

  1. package ssh_config
  2. import (
  3. "fmt"
  4. "strconv"
  5. "strings"
  6. )
  7. // Default returns the default value for the given keyword, for example "22" if
  8. // the keyword is "Port". Default returns the empty string if the keyword has no
  9. // default, or if the keyword is unknown. Keyword matching is case-insensitive.
  10. //
  11. // Default values are provided by OpenSSH_7.4p1 on a Mac.
  12. func Default(keyword string) string {
  13. return defaults[strings.ToLower(keyword)]
  14. }
  15. // Arguments where the value must be "yes" or "no" and *only* yes or no.
  16. var yesnos = map[string]bool{
  17. strings.ToLower("BatchMode"): true,
  18. strings.ToLower("CanonicalizeFallbackLocal"): true,
  19. strings.ToLower("ChallengeResponseAuthentication"): true,
  20. strings.ToLower("CheckHostIP"): true,
  21. strings.ToLower("ClearAllForwardings"): true,
  22. strings.ToLower("Compression"): true,
  23. strings.ToLower("EnableSSHKeysign"): true,
  24. strings.ToLower("ExitOnForwardFailure"): true,
  25. strings.ToLower("ForwardAgent"): true,
  26. strings.ToLower("ForwardX11"): true,
  27. strings.ToLower("ForwardX11Trusted"): true,
  28. strings.ToLower("GatewayPorts"): true,
  29. strings.ToLower("GSSAPIAuthentication"): true,
  30. strings.ToLower("GSSAPIDelegateCredentials"): true,
  31. strings.ToLower("HostbasedAuthentication"): true,
  32. strings.ToLower("IdentitiesOnly"): true,
  33. strings.ToLower("KbdInteractiveAuthentication"): true,
  34. strings.ToLower("NoHostAuthenticationForLocalhost"): true,
  35. strings.ToLower("PasswordAuthentication"): true,
  36. strings.ToLower("PermitLocalCommand"): true,
  37. strings.ToLower("PubkeyAuthentication"): true,
  38. strings.ToLower("RhostsRSAAuthentication"): true,
  39. strings.ToLower("RSAAuthentication"): true,
  40. strings.ToLower("StreamLocalBindUnlink"): true,
  41. strings.ToLower("TCPKeepAlive"): true,
  42. strings.ToLower("UseKeychain"): true,
  43. strings.ToLower("UsePrivilegedPort"): true,
  44. strings.ToLower("VisualHostKey"): true,
  45. }
  46. var uints = map[string]bool{
  47. strings.ToLower("CanonicalizeMaxDots"): true,
  48. strings.ToLower("CompressionLevel"): true, // 1 to 9
  49. strings.ToLower("ConnectionAttempts"): true,
  50. strings.ToLower("ConnectTimeout"): true,
  51. strings.ToLower("NumberOfPasswordPrompts"): true,
  52. strings.ToLower("Port"): true,
  53. strings.ToLower("ServerAliveCountMax"): true,
  54. strings.ToLower("ServerAliveInterval"): true,
  55. }
  56. func mustBeYesOrNo(lkey string) bool {
  57. return yesnos[lkey]
  58. }
  59. func mustBeUint(lkey string) bool {
  60. return uints[lkey]
  61. }
  62. func validate(key, val string) error {
  63. lkey := strings.ToLower(key)
  64. if mustBeYesOrNo(lkey) && (val != "yes" && val != "no") {
  65. return fmt.Errorf("ssh_config: value for key %q must be 'yes' or 'no', got %q", key, val)
  66. }
  67. if mustBeUint(lkey) {
  68. _, err := strconv.ParseUint(val, 10, 64)
  69. if err != nil {
  70. return fmt.Errorf("ssh_config: %v", err)
  71. }
  72. }
  73. return nil
  74. }
  75. var defaults = map[string]string{
  76. strings.ToLower("AddKeysToAgent"): "no",
  77. strings.ToLower("AddressFamily"): "any",
  78. strings.ToLower("BatchMode"): "no",
  79. strings.ToLower("CanonicalizeFallbackLocal"): "yes",
  80. strings.ToLower("CanonicalizeHostname"): "no",
  81. strings.ToLower("CanonicalizeMaxDots"): "1",
  82. strings.ToLower("ChallengeResponseAuthentication"): "yes",
  83. strings.ToLower("CheckHostIP"): "yes",
  84. // TODO is this still the correct cipher
  85. strings.ToLower("Cipher"): "3des",
  86. strings.ToLower("Ciphers"): "chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc",
  87. strings.ToLower("ClearAllForwardings"): "no",
  88. strings.ToLower("Compression"): "no",
  89. strings.ToLower("CompressionLevel"): "6",
  90. strings.ToLower("ConnectionAttempts"): "1",
  91. strings.ToLower("ControlMaster"): "no",
  92. strings.ToLower("EnableSSHKeysign"): "no",
  93. strings.ToLower("EscapeChar"): "~",
  94. strings.ToLower("ExitOnForwardFailure"): "no",
  95. strings.ToLower("FingerprintHash"): "sha256",
  96. strings.ToLower("ForwardAgent"): "no",
  97. strings.ToLower("ForwardX11"): "no",
  98. strings.ToLower("ForwardX11Timeout"): "20m",
  99. strings.ToLower("ForwardX11Trusted"): "no",
  100. strings.ToLower("GatewayPorts"): "no",
  101. strings.ToLower("GlobalKnownHostsFile"): "/etc/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts2",
  102. strings.ToLower("GSSAPIAuthentication"): "no",
  103. strings.ToLower("GSSAPIDelegateCredentials"): "no",
  104. strings.ToLower("HashKnownHosts"): "no",
  105. strings.ToLower("HostbasedAuthentication"): "no",
  106. strings.ToLower("HostbasedKeyTypes"): "ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa",
  107. strings.ToLower("HostKeyAlgorithms"): "ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa",
  108. // HostName has a dynamic default (the value passed at the command line).
  109. strings.ToLower("IdentitiesOnly"): "no",
  110. strings.ToLower("IdentityFile"): "~/.ssh/identity",
  111. // IPQoS has a dynamic default based on interactive or non-interactive
  112. // sessions.
  113. strings.ToLower("KbdInteractiveAuthentication"): "yes",
  114. strings.ToLower("KexAlgorithms"): "curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1",
  115. strings.ToLower("LogLevel"): "INFO",
  116. strings.ToLower("MACs"): "umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1",
  117. strings.ToLower("NoHostAuthenticationForLocalhost"): "no",
  118. strings.ToLower("NumberOfPasswordPrompts"): "3",
  119. strings.ToLower("PasswordAuthentication"): "yes",
  120. strings.ToLower("PermitLocalCommand"): "no",
  121. strings.ToLower("Port"): "22",
  122. strings.ToLower("PreferredAuthentications"): "gssapi-with-mic,hostbased,publickey,keyboard-interactive,password",
  123. strings.ToLower("Protocol"): "2",
  124. strings.ToLower("ProxyUseFdpass"): "no",
  125. strings.ToLower("PubkeyAcceptedKeyTypes"): "ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa",
  126. strings.ToLower("PubkeyAuthentication"): "yes",
  127. strings.ToLower("RekeyLimit"): "default none",
  128. strings.ToLower("RhostsRSAAuthentication"): "no",
  129. strings.ToLower("RSAAuthentication"): "yes",
  130. strings.ToLower("ServerAliveCountMax"): "3",
  131. strings.ToLower("ServerAliveInterval"): "0",
  132. strings.ToLower("StreamLocalBindMask"): "0177",
  133. strings.ToLower("StreamLocalBindUnlink"): "no",
  134. strings.ToLower("StrictHostKeyChecking"): "ask",
  135. strings.ToLower("TCPKeepAlive"): "yes",
  136. strings.ToLower("Tunnel"): "no",
  137. strings.ToLower("TunnelDevice"): "any:any",
  138. strings.ToLower("UpdateHostKeys"): "no",
  139. strings.ToLower("UseKeychain"): "no",
  140. strings.ToLower("UsePrivilegedPort"): "no",
  141. strings.ToLower("UserKnownHostsFile"): "~/.ssh/known_hosts ~/.ssh/known_hosts2",
  142. strings.ToLower("VerifyHostKeyDNS"): "no",
  143. strings.ToLower("VisualHostKey"): "no",
  144. strings.ToLower("XAuthLocation"): "/usr/X11R6/bin/xauth",
  145. }
上海开阖软件有限公司 沪ICP备12045867号-1