X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=blobdiff_plain;f=doc%2Ferrors.but;h=e221a2d912cce090c2518292fdf82dfd6027b9a3;hb=e22120fea8d39e6a2ef6b2f4ab3ee5502f56169a;hp=bf9672d05a0c7d28a268aef0565dc1cba08c6e55;hpb=906f8ed262316d7180f929e4f9988d93df3e8797;p=PuTTY.git

diff --git a/doc/errors.but b/doc/errors.but
index bf9672d0..e221a2d9 100644
--- a/doc/errors.but
+++ b/doc/errors.but
@@ -56,6 +56,25 @@ in the same way as you would if it was new.
 
 See \k{gs-hostkey} for more information on host keys.
 
+\H{errors-ssh-protocol} \q{SSH protocol version 2 required by our
+configuration but server only provides (old, insecure) SSH-1}
+
+By default, PuTTY only supports connecting to SSH servers that
+implement \i{SSH protocol version 2}. If you see this message, the
+server you're trying to connect to only supports the older SSH-1
+protocol.
+
+If the server genuinely only supports SSH-1, then you need to either
+change the \q{SSH protocol version} setting (see \k{config-ssh-prot}),
+or use the \c{-1} command-line option; in any case, you should not
+treat the resulting connection as secure.
+
+You might start seeing this message with new versions of PuTTY
+\#{XXX-REVIEW-BEFORE-RELEASE: (from 0.XX onwards)}
+where you didn't before, because it used to be possible to configure
+PuTTY to automatically fall back from SSH-2 to SSH-1. This is no
+longer supported, to prevent the possibility of a downgrade attack.
+
 \H{errors-cipher-warning} \q{The first cipher supported by the server is
 ... below the configured warning threshold}