X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=blobdiff_plain;f=doc%2Fconfig.but;h=0f8175f2bcec550dc44e43e8172d8cee2a8d47b9;hb=f004bcca17a789356c32527a396b68b71a773db2;hp=aab5ebca6dc7179e225a62d5efdade1b7733b543;hpb=5ffb20e4bf58cab31e066bc8cbdd4d4d94137eb0;p=PuTTY.git

diff --git a/doc/config.but b/doc/config.but
index aab5ebca..0f8175f2 100644
--- a/doc/config.but
+++ b/doc/config.but
@@ -2268,16 +2268,27 @@ make the most of a low-\i{bandwidth} connection.
 
 \cfg{winhelp-topic}{ssh.protocol}
 
-This allows you to select whether you would like to use \i{SSH protocol
-version 1} or \I{SSH-2}version 2. \#{FIXME: say something about this elsewhere?}
+This allows you to select whether you would prefer to use \i{SSH protocol
+version 1} or \I{SSH-2}version 2, and whether to permit falling back
+to the other version.
 
-PuTTY will attempt to use protocol 1 if the server you connect to
-does not offer protocol 2, and vice versa.
+With the settings \q{1} and \q{2}, PuTTY will attempt to use protocol 1
+if the server you connect to does not offer protocol 2, and vice versa.
 
 If you select \q{1 only} or \q{2 only} here, PuTTY will only connect
 if the server you connect to offers the SSH protocol version you
 have specified.
 
+You should normally leave this at the default, \q{2 only}. The older
+SSH-1 protocol is no longer developed, has many known cryptographic
+weaknesses, and is generally not considered to be secure. If you
+permit use of SSH-1 by selecting \q{2} instead of \q{2 only}, an
+active attacker can force downgrade to SSH-1 even if the server
+you're connecting to supports SSH-2.
+
+PuTTY's protocol 1 implementation is provided mainly for
+compatibility, and is no longer being enhanced.
+
 \S{config-ssh-sharing} Sharing an SSH connection between PuTTY tools
 
 \cfg{winhelp-topic}{ssh.sharing}
@@ -2503,12 +2514,10 @@ The text describing a host key can be in one of the following formats:
 Event Log and host key dialog boxes, i.e. sixteen 2-digit hex numbers
 separated by colons.
 
-\b A base64-encoded blob describing an SSH-2 public key in the
-standard way. This can be found in OpenSSH's one-line public key
-format, or by concatenating all the lines of the public key section in
-one of PuTTY's \cw{.ppk} files. Alternatively, you can load a key into
-PuTTYgen, and paste out the OpenSSH-format public key line it
-displays.
+\b A base64-encoded blob describing an SSH-2 public key in
+OpenSSH's one-line public key format. How you acquire a public key in
+this format is server-dependent; on an OpenSSH server it can typically
+be found in a location like \c{/etc/ssh/ssh_host_rsa_key.pub}.
 
 If this box contains at least one host key or fingerprint when PuTTY
 makes an SSH connection, then PuTTY's automated host key management is
@@ -3018,7 +3027,9 @@ needed with \q{Dynamic}), enter a hostname and port number separated
 by a colon, in the \q{Destination} box. Connections received on the
 source port will be directed to this destination. For example, to
 connect to a POP-3 server, you might enter
-\c{popserver.example.com:110}.
+\c{popserver.example.com:110}. (If you need to enter a literal
+\i{IPv6 address}, enclose it in square brackets, for instance
+\cq{[::1]:2200}.)
 
 \b Click the \q{Add} button. Your forwarding details should appear
 in the list box.