X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=blobdiff_plain;f=doc%2Fconfig.but;h=a4e7fb839d6b35495f87e4a66449a72aee9aa9a6;hb=98e5eeedd1456656f73894c26a359bb6355c1b4e;hp=8ee0d4451e700477a20d6984ffa8bea58397d65e;hpb=0550943b51c538400e31ce18483032e446178120;p=PuTTY.git diff --git a/doc/config.but b/doc/config.but index 8ee0d445..a4e7fb83 100644 --- a/doc/config.but +++ b/doc/config.but @@ -2353,6 +2353,9 @@ with sharing enabled, then it can act as a downstream and use an existing SSH connection set up by an instance of GUI PuTTY. The one special case is that PSCP and PSFTP will \e{never} act as upstreams. +It is possible to test programmatically for the existence of a live +upstream using Plink. See \k{plink-option-shareexists}. + \H{config-ssh-kex} The Kex panel The Kex panel (short for \q{\i{key exchange}}) allows you to configure @@ -2548,6 +2551,8 @@ use that. PuTTY currently supports the following algorithms: +\b \i{ChaCha20-Poly1305}, a combined cipher and \i{MAC} (SSH-2 only) + \b \i{AES} (Rijndael) - 256, 192, or 128-bit SDCTR or CBC (SSH-2 only) \b \i{Arcfour} (RC4) - 256 or 128-bit stream cipher (SSH-2 only) @@ -2591,22 +2596,6 @@ recommended ciphers. The Auth panel allows you to configure \i{authentication} options for SSH sessions. -\S{config-ssh-noauth} \q{Bypass authentication entirely} - -\cfg{winhelp-topic}{ssh.auth.bypass} - -In SSH-2, it is possible to establish a connection without using SSH's -mechanisms to identify or authenticate oneself to the server. Some -servers may prefer to handle authentication in the data channel, for -instance, or may simply require no authentication whatsoever. - -By default, PuTTY assumes the server requires authentication (most -do), and thus must provide a username. If you find you are getting -unwanted username prompts, you could try checking this option. - -This option only affects SSH-2 connections. SSH-1 connections always -require an authentication step. - \S{config-ssh-banner} \q{Display pre-authentication banner} \cfg{winhelp-topic}{ssh.auth.banner} @@ -2622,6 +2611,34 @@ prompting for a login name, due to the nature of the protocol design). By unchecking this option, display of the banner can be suppressed entirely. +\S{config-ssh-noauth} \q{Bypass authentication entirely} + +\cfg{winhelp-topic}{ssh.auth.bypass} + +In SSH-2, it is in principle possible to establish a connection +without using SSH's mechanisms to identify or prove who you are +to the server. An SSH server could prefer to handle authentication +in the data channel, for instance, or simply require no user +authentication whatsoever. + +By default, PuTTY assumes the server requires authentication (we've +never heard of one that doesn't), and thus must start this process +with a username. If you find you are getting username prompts that +you cannot answer, you could try enabling this option. However, +most SSH servers will reject this. + +This is not the option you want if you have a username and just want +PuTTY to remember it; for that see \k{config-username}. +It's also probably not what if you're trying to set up passwordless +login to a mainstream SSH server; depending on the server, you +probably wanted public-key authentication (\k{pubkey}) +or perhaps GSSAPI authentication (\k{config-ssh-auth-gssapi}). +(These are still forms of authentication, even if you don't have to +interact with them.) + +This option only affects SSH-2 connections. SSH-1 connections always +require an authentication step. + \S{config-ssh-tryagent} \q{Attempt authentication using Pageant} \cfg{winhelp-topic}{ssh.auth.pageant} @@ -2724,11 +2741,15 @@ private key in another format that you want to use with PuTTY, see \k{puttygen-conversions}. You can use the authentication agent \i{Pageant} so that you do not -need to explicitly configure a key here; see \k{pageant}. If a file -is specified here with Pageant running, PuTTY will first try asking -Pageant to authenticate with that key, and ignore any other keys -Pageant may have. If that fails, PuTTY will ask for a passphrase as -normal. +need to explicitly configure a key here; see \k{pageant}. + +If a private key file is specified here with Pageant running, PuTTY +will first try asking Pageant to authenticate with that key, and +ignore any other keys Pageant may have. If that fails, PuTTY will ask +for a passphrase as normal. You can also specify a \e{public} key file +in this case (in RFC 4716 or OpenSSH format), as that's sufficient to +identify the key to Pageant, but of course if Pageant isn't present +PuTTY can't fall back to using this file itself. \H{config-ssh-auth-gssapi} The \i{GSSAPI} panel @@ -2739,7 +2760,7 @@ GSSAPI authentication. This is a mechanism which delegates the authentication exchange to a library elsewhere on the client machine, which in principle can authenticate in many different ways but in practice is usually used with the \i{Kerberos} \i{single sign-on} -protocol. +protocol to implement \i{passwordless login}. GSSAPI is only available in the SSH-2 protocol.