uxpgnt: correct control flow in find_key().

[PuTTY.git] / doc / errors.but

diff --git a/doc/errors.but b/doc/errors.but
index bf9672d05a0c7d28a268aef0565dc1cba08c6e55..e221a2d912cce090c2518292fdf82dfd6027b9a3 100644 (file)
--- a/doc/errors.but
+++ b/doc/errors.but
@@ -56,6 +56,25 @@ in the same way as you would if it was new.
 
 See \k{gs-hostkey} for more information on host keys.
 
+\H{errors-ssh-protocol} \q{SSH protocol version 2 required by our
+configuration but server only provides (old, insecure) SSH-1}
+
+By default, PuTTY only supports connecting to SSH servers that
+implement \i{SSH protocol version 2}. If you see this message, the
+server you're trying to connect to only supports the older SSH-1
+protocol.
+
+If the server genuinely only supports SSH-1, then you need to either
+change the \q{SSH protocol version} setting (see \k{config-ssh-prot}),
+or use the \c{-1} command-line option; in any case, you should not
+treat the resulting connection as secure.
+
+You might start seeing this message with new versions of PuTTY
+\#{XXX-REVIEW-BEFORE-RELEASE: (from 0.XX onwards)}
+where you didn't before, because it used to be possible to configure
+PuTTY to automatically fall back from SSH-2 to SSH-1. This is no
+longer supported, to prevent the possibility of a downgrade attack.
+
 \H{errors-cipher-warning} \q{The first cipher supported by the server is
 ... below the configured warning threshold}