1*50a69bb5SSascha Wildner /* $OpenBSD: ssh.h,v 1.90 2020/07/14 23:57:01 djm Exp $ */ 218de8d7fSPeter Avalos 318de8d7fSPeter Avalos /* 418de8d7fSPeter Avalos * Author: Tatu Ylonen <ylo@cs.hut.fi> 518de8d7fSPeter Avalos * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 618de8d7fSPeter Avalos * All rights reserved 718de8d7fSPeter Avalos * 818de8d7fSPeter Avalos * As far as I am concerned, the code I have written for this software 918de8d7fSPeter Avalos * can be used freely for any purpose. Any derived versions of this 1018de8d7fSPeter Avalos * software must be clearly marked as such, and if the derived work is 1118de8d7fSPeter Avalos * incompatible with the protocol description in the RFC file, it must be 1218de8d7fSPeter Avalos * called by a name other than "ssh" or "Secure Shell". 1318de8d7fSPeter Avalos */ 1418de8d7fSPeter Avalos 1518de8d7fSPeter Avalos /* Cipher used for encrypting authentication files. */ 1618de8d7fSPeter Avalos #define SSH_AUTHFILE_CIPHER SSH_CIPHER_3DES 1718de8d7fSPeter Avalos 1818de8d7fSPeter Avalos /* Default port number. */ 1918de8d7fSPeter Avalos #define SSH_DEFAULT_PORT 22 2018de8d7fSPeter Avalos 2118de8d7fSPeter Avalos /* 22e9778795SPeter Avalos * Maximum number of certificate files that can be specified 23e9778795SPeter Avalos * in configuration files or on the command line. 24e9778795SPeter Avalos */ 25e9778795SPeter Avalos #define SSH_MAX_CERTIFICATE_FILES 100 26e9778795SPeter Avalos 27e9778795SPeter Avalos /* 2818de8d7fSPeter Avalos * Maximum number of RSA authentication identity files that can be specified 2918de8d7fSPeter Avalos * in configuration files or on the command line. 3018de8d7fSPeter Avalos */ 3118de8d7fSPeter Avalos #define SSH_MAX_IDENTITY_FILES 100 3218de8d7fSPeter Avalos 3318de8d7fSPeter Avalos /* 3418de8d7fSPeter Avalos * Major protocol version. Different version indicates major incompatibility 3518de8d7fSPeter Avalos * that prevents communication. 3618de8d7fSPeter Avalos * 3718de8d7fSPeter Avalos * Minor protocol version. Different version indicates minor incompatibility 3818de8d7fSPeter Avalos * that does not prevent interoperation. 3918de8d7fSPeter Avalos */ 4018de8d7fSPeter Avalos #define PROTOCOL_MAJOR_1 1 4118de8d7fSPeter Avalos #define PROTOCOL_MINOR_1 5 4218de8d7fSPeter Avalos 43ce74bacaSMatthew Dillon /* We support only SSH2 */ 4418de8d7fSPeter Avalos #define PROTOCOL_MAJOR_2 2 4518de8d7fSPeter Avalos #define PROTOCOL_MINOR_2 0 4618de8d7fSPeter Avalos 4718de8d7fSPeter Avalos /* 4818de8d7fSPeter Avalos * Name for the service. The port named by this service overrides the 4918de8d7fSPeter Avalos * default port if present. 5018de8d7fSPeter Avalos */ 5118de8d7fSPeter Avalos #define SSH_SERVICE_NAME "ssh" 5218de8d7fSPeter Avalos 5318de8d7fSPeter Avalos /* 5418de8d7fSPeter Avalos * Name of the environment variable containing the process ID of the 5518de8d7fSPeter Avalos * authentication agent. 5618de8d7fSPeter Avalos */ 5718de8d7fSPeter Avalos #define SSH_AGENTPID_ENV_NAME "SSH_AGENT_PID" 5818de8d7fSPeter Avalos 5918de8d7fSPeter Avalos /* 6018de8d7fSPeter Avalos * Name of the environment variable containing the pathname of the 6118de8d7fSPeter Avalos * authentication socket. 6218de8d7fSPeter Avalos */ 6318de8d7fSPeter Avalos #define SSH_AUTHSOCKET_ENV_NAME "SSH_AUTH_SOCK" 6418de8d7fSPeter Avalos 6518de8d7fSPeter Avalos /* 6618de8d7fSPeter Avalos * Environment variable for overwriting the default location of askpass 6718de8d7fSPeter Avalos */ 6818de8d7fSPeter Avalos #define SSH_ASKPASS_ENV "SSH_ASKPASS" 6918de8d7fSPeter Avalos 7018de8d7fSPeter Avalos /* 71*50a69bb5SSascha Wildner * Environment variable to control whether or not askpass is used. 72*50a69bb5SSascha Wildner */ 73*50a69bb5SSascha Wildner #define SSH_ASKPASS_REQUIRE_ENV "SSH_ASKPASS_REQUIRE" 74*50a69bb5SSascha Wildner 75*50a69bb5SSascha Wildner /* 7618de8d7fSPeter Avalos * Force host key length and server key length to differ by at least this 7718de8d7fSPeter Avalos * many bits. This is to make double encryption with rsaref work. 7818de8d7fSPeter Avalos */ 7918de8d7fSPeter Avalos #define SSH_KEY_BITS_RESERVED 128 8018de8d7fSPeter Avalos 8118de8d7fSPeter Avalos /* 8218de8d7fSPeter Avalos * Length of the session key in bytes. (Specified as 256 bits in the 8318de8d7fSPeter Avalos * protocol.) 8418de8d7fSPeter Avalos */ 8518de8d7fSPeter Avalos #define SSH_SESSION_KEY_LENGTH 32 8618de8d7fSPeter Avalos 8718de8d7fSPeter Avalos /* Used to identify ``EscapeChar none'' */ 8818de8d7fSPeter Avalos #define SSH_ESCAPECHAR_NONE -2 8918de8d7fSPeter Avalos 9018de8d7fSPeter Avalos /* 9118de8d7fSPeter Avalos * unprivileged user when UsePrivilegeSeparation=yes; 9218de8d7fSPeter Avalos * sshd will change its privileges to this user and its 9318de8d7fSPeter Avalos * primary group. 9418de8d7fSPeter Avalos */ 9518de8d7fSPeter Avalos #ifndef SSH_PRIVSEP_USER 9618de8d7fSPeter Avalos #define SSH_PRIVSEP_USER "sshd" 9718de8d7fSPeter Avalos #endif 9818de8d7fSPeter Avalos 9918de8d7fSPeter Avalos /* Listen backlog for sshd, ssh-agent and forwarding sockets */ 10018de8d7fSPeter Avalos #define SSH_LISTEN_BACKLOG 128 101664f4763Szrj 102664f4763Szrj /* Limits for banner exchange */ 103664f4763Szrj #define SSH_MAX_BANNER_LEN 8192 104664f4763Szrj #define SSH_MAX_PRE_BANNER_LINES 1024 105