X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=blobdiff_plain;f=doc%2Fgs.but;h=56ab282a69155564bb9f6fa294e4e3538e38a6ae;hb=15386cbe927fc85ac2fed0bb47704645c4b67dad;hp=5909c8a3eb404d9fe0c6df040bf6a58fbf8c48e6;hpb=4d8782e74fed043fdf549718f99494622fe9e79b;p=PuTTY.git diff --git a/doc/gs.but b/doc/gs.but index 5909c8a3..56ab282a 100644 --- a/doc/gs.but +++ b/doc/gs.but @@ -77,13 +77,13 @@ server and it sends you a different host key from the one you were expecting, PuTTY can warn you that the server may have been switched and that a spoofing attack might be in progress. -PuTTY records the host key for each server you connect to, in the -Windows \i{Registry}. Every time you connect to a server, it checks -that the host key presented by the server is the same host key as it -was the last time you connected. If it is not, you will see a -warning, and you will have the chance to abandon your connection -before you type any private information (such as a password) into -it. +PuTTY \I{host key cache}records the host key for each server you +connect to, in the Windows \i{Registry}. Every time you connect to a +server, it checks that the host key presented by the server is the +same host key as it was the last time you connected. If it is not, +you will see a warning, and you will have the chance to abandon your +connection before you type any private information (such as a +password) into it. However, when you connect to a server you have not connected to before, PuTTY has no way of telling whether the host key is the @@ -97,11 +97,13 @@ network users are on the same side and spoofing attacks are unlikely, so you might choose to trust the key without checking it. If you are connecting across a hostile network (such as the Internet), you should check with your system administrator, perhaps -by telephone or in person. (Some modern servers have more than one +by telephone or in person. (Many servers have more than one host key. If the system administrator sends you more than one \I{host key fingerprint}fingerprint, you should make sure the one PuTTY shows you is on the list, but it doesn't matter which one it is.) +See \k{config-ssh-hostkey} for advanced options for managing host keys. + \# FIXME: this is all very fine but of course in practice the world doesn't work that way. Ask the team if they have any good ideas for changes to this section!