blob: dda6f617e69531f2d913ce1e719dfe7a859b384d [file] [log] [blame]
djm@openbsd.org0a843d92018-12-27 03:25:24 +00001/* $OpenBSD: ssh.h,v 1.89 2018/12/27 03:25:25 djm Exp $ */
Ben Lindstrom05764b92002-03-05 01:53:02 +00002
Damien Millerd4a8b7e1999-10-27 13:42:43 +10003/*
Damien Miller95def091999-11-25 00:26:21 +11004 * Author: Tatu Ylonen <ylo@cs.hut.fi>
Damien Miller95def091999-11-25 00:26:21 +11005 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
6 * All rights reserved
Damien Miller4af51302000-04-16 11:18:38 +10007 *
Damien Millere4340be2000-09-16 13:29:08 +11008 * As far as I am concerned, the code I have written for this software
9 * can be used freely for any purpose. Any derived versions of this
10 * software must be clearly marked as such, and if the derived work is
11 * incompatible with the protocol description in the RFC file, it must be
12 * called by a name other than "ssh" or "Secure Shell".
Damien Miller95def091999-11-25 00:26:21 +110013 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +100014
Damien Millerd4a8b7e1999-10-27 13:42:43 +100015/* Cipher used for encrypting authentication files. */
16#define SSH_AUTHFILE_CIPHER SSH_CIPHER_3DES
17
18/* Default port number. */
19#define SSH_DEFAULT_PORT 22
20
Damien Miller5428f641999-11-25 11:54:57 +110021/*
djm@openbsd.org4e44a792015-09-24 06:15:11 +000022 * Maximum number of certificate files that can be specified
23 * in configuration files or on the command line.
24 */
25#define SSH_MAX_CERTIFICATE_FILES 100
26
27/*
Damien Miller5428f641999-11-25 11:54:57 +110028 * Maximum number of RSA authentication identity files that can be specified
29 * in configuration files or on the command line.
30 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +100031#define SSH_MAX_IDENTITY_FILES 100
32
Damien Miller5428f641999-11-25 11:54:57 +110033/*
Ben Lindstrom2e14bc72002-06-06 20:56:07 +000034 * Major protocol version. Different version indicates major incompatibility
Damien Miller5428f641999-11-25 11:54:57 +110035 * that prevents communication.
Damien Miller78928792000-04-12 20:17:38 +100036 *
Damien Miller5428f641999-11-25 11:54:57 +110037 * Minor protocol version. Different version indicates minor incompatibility
38 * that does not prevent interoperation.
39 */
Damien Miller78928792000-04-12 20:17:38 +100040#define PROTOCOL_MAJOR_1 1
41#define PROTOCOL_MINOR_1 5
42
naddy@openbsd.org768405f2017-05-03 21:08:09 +000043/* We support only SSH2 */
Damien Miller78928792000-04-12 20:17:38 +100044#define PROTOCOL_MAJOR_2 2
45#define PROTOCOL_MINOR_2 0
Damien Millerd4a8b7e1999-10-27 13:42:43 +100046
Damien Miller5428f641999-11-25 11:54:57 +110047/*
48 * Name for the service. The port named by this service overrides the
49 * default port if present.
50 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +100051#define SSH_SERVICE_NAME "ssh"
52
Damien Miller5428f641999-11-25 11:54:57 +110053/*
Ben Lindstrom5590aa52002-06-23 00:30:30 +000054 * Name of the environment variable containing the process ID of the
55 * authentication agent.
Damien Miller5428f641999-11-25 11:54:57 +110056 */
Kevin Steves28a7f262001-02-05 15:43:59 +000057#define SSH_AGENTPID_ENV_NAME "SSH_AGENT_PID"
Damien Millerd4a8b7e1999-10-27 13:42:43 +100058
Damien Miller5428f641999-11-25 11:54:57 +110059/*
60 * Name of the environment variable containing the pathname of the
61 * authentication socket.
62 */
Ben Lindstrom226cfa02001-01-22 05:34:40 +000063#define SSH_AUTHSOCKET_ENV_NAME "SSH_AUTH_SOCK"
Damien Millerd4a8b7e1999-10-27 13:42:43 +100064
Damien Miller5428f641999-11-25 11:54:57 +110065/*
Ben Lindstrom226cfa02001-01-22 05:34:40 +000066 * Environment variable for overwriting the default location of askpass
Damien Miller5428f641999-11-25 11:54:57 +110067 */
Damien Milleraae6c611999-12-06 11:47:28 +110068#define SSH_ASKPASS_ENV "SSH_ASKPASS"
69
70/*
Damien Miller5428f641999-11-25 11:54:57 +110071 * Force host key length and server key length to differ by at least this
72 * many bits. This is to make double encryption with rsaref work.
73 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +100074#define SSH_KEY_BITS_RESERVED 128
75
Damien Miller5428f641999-11-25 11:54:57 +110076/*
77 * Length of the session key in bytes. (Specified as 256 bits in the
78 * protocol.)
79 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +100080#define SSH_SESSION_KEY_LENGTH 32
81
Ben Lindstrom2b1f71b2001-06-05 20:32:21 +000082/* Used to identify ``EscapeChar none'' */
83#define SSH_ESCAPECHAR_NONE -2
84
Ben Lindstromc7431342002-03-22 03:11:49 +000085/*
86 * unprivileged user when UsePrivilegeSeparation=yes;
Ben Lindstrom966bfda2002-05-15 16:09:57 +000087 * sshd will change its privileges to this user and its
Ben Lindstromc7431342002-03-22 03:11:49 +000088 * primary group.
89 */
Kevin Steves7ff91122002-04-07 19:22:54 +000090#ifndef SSH_PRIVSEP_USER
Ben Lindstrom973be002002-05-15 16:08:48 +000091#define SSH_PRIVSEP_USER "sshd"
Kevin Steves7ff91122002-04-07 19:22:54 +000092#endif
Ben Lindstromc7431342002-03-22 03:11:49 +000093
Darren Tucker3175eb92003-12-09 19:15:11 +110094/* Listen backlog for sshd, ssh-agent and forwarding sockets */
95#define SSH_LISTEN_BACKLOG 128
djm@openbsd.org0a843d92018-12-27 03:25:24 +000096
97/* Limits for banner exchange */
98#define SSH_MAX_BANNER_LEN 8192
99#define SSH_MAX_PRE_BANNER_LINES 1024