+ if (protcfginfo != 1) {
+ ctrl_settitle(b, "Connection/SSH/Kex",
+ "Options controlling SSH key exchange");
+
+ s = ctrl_getset(b, "Connection/SSH/Kex", "main",
+ "Key exchange algorithm options");
+ c = ctrl_draglist(s, "Algorithm selection policy:", 's',
+ HELPCTX(ssh_kexlist),
+ kexlist_handler, P(NULL));
+ c->listbox.height = 5;
+
+ s = ctrl_getset(b, "Connection/SSH/Kex", "repeat",
+ "Options controlling key re-exchange");
+
+ ctrl_editbox(s, "Max minutes before rekey (0 for no limit)", 't', 20,
+ HELPCTX(ssh_kex_repeat),
+ conf_editbox_handler,
+ I(CONF_ssh_rekey_time),
+ I(-1));
+ ctrl_editbox(s, "Max data before rekey (0 for no limit)", 'x', 20,
+ HELPCTX(ssh_kex_repeat),
+ conf_editbox_handler,
+ I(CONF_ssh_rekey_data),
+ I(16));
+ ctrl_text(s, "(Use 1M for 1 megabyte, 1G for 1 gigabyte etc)",
+ HELPCTX(ssh_kex_repeat));
+ }
+
+ if (!midsession) {
+
+ /*
+ * The Connection/SSH/Auth panel.
+ */
+ ctrl_settitle(b, "Connection/SSH/Auth",
+ "Options controlling SSH authentication");
+
+ s = ctrl_getset(b, "Connection/SSH/Auth", "main", NULL);
+ ctrl_checkbox(s, "Bypass authentication entirely (SSH-2 only)", 'b',
+ HELPCTX(ssh_auth_bypass),
+ conf_checkbox_handler,
+ I(CONF_ssh_no_userauth));
+ ctrl_checkbox(s, "Display pre-authentication banner (SSH-2 only)",
+ 'd', HELPCTX(ssh_auth_banner),
+ conf_checkbox_handler,
+ I(CONF_ssh_show_banner));
+
+ s = ctrl_getset(b, "Connection/SSH/Auth", "methods",
+ "Authentication methods");
+ ctrl_checkbox(s, "Attempt authentication using Pageant", 'p',
+ HELPCTX(ssh_auth_pageant),
+ conf_checkbox_handler,
+ I(CONF_tryagent));
+ ctrl_checkbox(s, "Attempt TIS or CryptoCard auth (SSH-1)", 'm',
+ HELPCTX(ssh_auth_tis),
+ conf_checkbox_handler,
+ I(CONF_try_tis_auth));
+ ctrl_checkbox(s, "Attempt \"keyboard-interactive\" auth (SSH-2)",
+ 'i', HELPCTX(ssh_auth_ki),
+ conf_checkbox_handler,
+ I(CONF_try_ki_auth));
+
+ s = ctrl_getset(b, "Connection/SSH/Auth", "params",
+ "Authentication parameters");
+ ctrl_checkbox(s, "Allow agent forwarding", 'f',
+ HELPCTX(ssh_auth_agentfwd),
+ conf_checkbox_handler, I(CONF_agentfwd));
+ ctrl_checkbox(s, "Allow attempted changes of username in SSH-2", NO_SHORTCUT,
+ HELPCTX(ssh_auth_changeuser),
+ conf_checkbox_handler,
+ I(CONF_change_username));
+ ctrl_filesel(s, "Private key file for authentication:", 'k',
+ FILTER_KEY_FILES, FALSE, "Select private key file",
+ HELPCTX(ssh_auth_privkey),
+ conf_filesel_handler, I(CONF_keyfile));
+
+#ifndef NO_GSSAPI
+ /*
+ * Connection/SSH/Auth/GSSAPI, which sadly won't fit on
+ * the main Auth panel.
+ */
+ ctrl_settitle(b, "Connection/SSH/Auth/GSSAPI",
+ "Options controlling GSSAPI authentication");
+ s = ctrl_getset(b, "Connection/SSH/Auth/GSSAPI", "gssapi", NULL);
+
+ ctrl_checkbox(s, "Attempt GSSAPI authentication (SSH-2 only)",
+ 't', HELPCTX(ssh_gssapi),
+ conf_checkbox_handler,
+ I(CONF_try_gssapi_auth));
+
+ ctrl_checkbox(s, "Allow GSSAPI credential delegation", 'l',
+ HELPCTX(ssh_gssapi_delegation),
+ conf_checkbox_handler,
+ I(CONF_gssapifwd));
+
+ /*
+ * GSSAPI library selection.
+ */
+ if (ngsslibs > 1) {
+ c = ctrl_draglist(s, "Preference order for GSSAPI libraries:",
+ 'p', HELPCTX(ssh_gssapi_libraries),
+ gsslist_handler, P(NULL));
+ c->listbox.height = ngsslibs;
+
+ /*
+ * I currently assume that if more than one GSS
+ * library option is available, then one of them is
+ * 'user-supplied' and so we should present the
+ * following file selector. This is at least half-
+ * reasonable, because if we're using statically
+ * linked GSSAPI then there will only be one option
+ * and no way to load from a user-supplied library,
+ * whereas if we're using dynamic libraries then
+ * there will almost certainly be some default
+ * option in addition to a user-supplied path. If
+ * anyone ever ports PuTTY to a system on which
+ * dynamic-library GSSAPI is available but there is
+ * absolutely no consensus on where to keep the
+ * libraries, there'll need to be a flag alongside
+ * ngsslibs to control whether the file selector is
+ * displayed.
+ */
+
+ ctrl_filesel(s, "User-supplied GSSAPI library path:", 's',
+ FILTER_DYNLIB_FILES, FALSE, "Select library file",
+ HELPCTX(ssh_gssapi_libraries),
+ conf_filesel_handler,
+ I(CONF_ssh_gss_custom));
+ }
+#endif
+ }
+
+ if (!midsession) {
+ /*
+ * The Connection/SSH/TTY panel.
+ */
+ ctrl_settitle(b, "Connection/SSH/TTY", "Remote terminal settings");
+
+ s = ctrl_getset(b, "Connection/SSH/TTY", "sshtty", NULL);
+ ctrl_checkbox(s, "Don't allocate a pseudo-terminal", 'p',
+ HELPCTX(ssh_nopty),
+ conf_checkbox_handler,
+ I(CONF_nopty));
+
+ s = ctrl_getset(b, "Connection/SSH/TTY", "ttymodes",
+ "Terminal modes");
+ td = (struct ttymodes_data *)
+ ctrl_alloc(b, sizeof(struct ttymodes_data));
+ ctrl_columns(s, 2, 75, 25);
+ c = ctrl_text(s, "Terminal modes to send:", HELPCTX(ssh_ttymodes));
+ c->generic.column = 0;
+ td->rembutton = ctrl_pushbutton(s, "Remove", 'r',
+ HELPCTX(ssh_ttymodes),
+ ttymodes_handler, P(td));
+ td->rembutton->generic.column = 1;
+ td->rembutton->generic.tabdelay = 1;
+ ctrl_columns(s, 1, 100);
+ td->listbox = ctrl_listbox(s, NULL, NO_SHORTCUT,
+ HELPCTX(ssh_ttymodes),
+ ttymodes_handler, P(td));
+ td->listbox->listbox.multisel = 1;
+ td->listbox->listbox.height = 4;
+ td->listbox->listbox.ncols = 2;
+ td->listbox->listbox.percentages = snewn(2, int);
+ td->listbox->listbox.percentages[0] = 40;
+ td->listbox->listbox.percentages[1] = 60;
+ ctrl_tabdelay(s, td->rembutton);
+ ctrl_columns(s, 2, 75, 25);
+ td->modelist = ctrl_droplist(s, "Mode:", 'm', 67,
+ HELPCTX(ssh_ttymodes),
+ ttymodes_handler, P(td));
+ td->modelist->generic.column = 0;
+ td->addbutton = ctrl_pushbutton(s, "Add", 'd',
+ HELPCTX(ssh_ttymodes),
+ ttymodes_handler, P(td));
+ td->addbutton->generic.column = 1;
+ td->addbutton->generic.tabdelay = 1;
+ ctrl_columns(s, 1, 100); /* column break */
+ /* Bit of a hack to get the value radio buttons and
+ * edit-box on the same row. */
+ ctrl_columns(s, 3, 25, 50, 25);
+ c = ctrl_text(s, "Value:", HELPCTX(ssh_ttymodes));
+ c->generic.column = 0;
+ td->valradio = ctrl_radiobuttons(s, NULL, NO_SHORTCUT, 2,
+ HELPCTX(ssh_ttymodes),
+ ttymodes_handler, P(td),
+ "Auto", NO_SHORTCUT, P(NULL),
+ "This:", NO_SHORTCUT, P(NULL),
+ NULL);
+ td->valradio->generic.column = 1;
+ td->valbox = ctrl_editbox(s, NULL, NO_SHORTCUT, 100,
+ HELPCTX(ssh_ttymodes),
+ ttymodes_handler, P(td), P(NULL));
+ td->valbox->generic.column = 2;
+ ctrl_tabdelay(s, td->addbutton);
+
+ }
+
+ if (!midsession) {
+ /*
+ * The Connection/SSH/X11 panel.
+ */
+ ctrl_settitle(b, "Connection/SSH/X11",
+ "Options controlling SSH X11 forwarding");
+
+ s = ctrl_getset(b, "Connection/SSH/X11", "x11", "X11 forwarding");
+ ctrl_checkbox(s, "Enable X11 forwarding", 'e',
+ HELPCTX(ssh_tunnels_x11),
+ conf_checkbox_handler,I(CONF_x11_forward));
+ ctrl_editbox(s, "X display location", 'x', 50,
+ HELPCTX(ssh_tunnels_x11),
+ conf_editbox_handler, I(CONF_x11_display), I(1));
+ ctrl_radiobuttons(s, "Remote X11 authentication protocol", 'u', 2,
+ HELPCTX(ssh_tunnels_x11auth),
+ conf_radiobutton_handler,
+ I(CONF_x11_auth),
+ "MIT-Magic-Cookie-1", I(X11_MIT),
+ "XDM-Authorization-1", I(X11_XDM), NULL);
+ }