expecting, PuTTY can warn you that the server may have been switched
and that a spoofing attack might be in progress.
-PuTTY records the host key for each server you connect to, in the
-Windows \i{Registry}. Every time you connect to a server, it checks
-that the host key presented by the server is the same host key as it
-was the last time you connected. If it is not, you will see a
-warning, and you will have the chance to abandon your connection
-before you type any private information (such as a password) into
-it.
+PuTTY \I{host key cache}records the host key for each server you
+connect to, in the Windows \i{Registry}. Every time you connect to a
+server, it checks that the host key presented by the server is the
+same host key as it was the last time you connected. If it is not,
+you will see a warning, and you will have the chance to abandon your
+connection before you type any private information (such as a
+password) into it.
However, when you connect to a server you have not connected to
before, PuTTY has no way of telling whether the host key is the
unlikely, so you might choose to trust the key without checking it.
If you are connecting across a hostile network (such as the
Internet), you should check with your system administrator, perhaps
-by telephone or in person. (Some modern servers have more than one
+by telephone or in person. (Many servers have more than one
host key. If the system administrator sends you more than one
\I{host key fingerprint}fingerprint, you should make sure the one
PuTTY shows you is on the list, but it doesn't matter which one it is.)
+See \k{config-ssh-hostkey} for advanced options for managing host keys.
+
\# FIXME: this is all very fine but of course in practice the world
doesn't work that way. Ask the team if they have any good ideas for
changes to this section!
projects / PuTTY.git / blobdiff