summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
fc77fa0)
And tweak some of the words a bit.
\H{config-ssh-hostkey} The Host Keys panel
The Host Keys panel allows you to configure options related to SSH-2
\H{config-ssh-hostkey} The Host Keys panel
The Host Keys panel allows you to configure options related to SSH-2
+\i{host key management}.
Host keys are used to prove the server's identity, and assure you that
the server is not being spoofed (either by a man-in-the-middle attack
Host keys are used to prove the server's identity, and assure you that
the server is not being spoofed (either by a man-in-the-middle attack
-or by completely replacing it on the network).
+or by completely replacing it on the network). See \k{gs-hostkey} for
+a basic introduction to host keys.
This entire panel is only relevant to SSH protocol version 2; none of
these settings affect SSH-1 at all.
This entire panel is only relevant to SSH protocol version 2; none of
these settings affect SSH-1 at all.
\b \q{RSA}: the ordinary \i{RSA} algorithm.
\b \q{RSA}: the ordinary \i{RSA} algorithm.
-If PuTTY already has a host key stored for the server, it will prefer
-to use the one it already has. If not, it will choose an algorithm
-based on the preference order you specify in the configuration.
+If PuTTY already has one or more host keys stored for the server,
+it will prefer to use one of those, even if the server has a key
+type that is higher in the preference order. You can add such a
+key to PuTTY's cache from within an existing session using the
+\q{Special Commands} menu; see \k{using-specials}.
-If the first algorithm PuTTY finds is below the \q{warn below here}
+Otherwise, PuTTY will choose a key type based purely on the
+preference order you specify in the configuration.
+
+If the first key type PuTTY finds is below the \q{warn below here}
line, you will see a warning box when you make the connection, similar
to that for cipher selection (see \k{config-ssh-encryption}).
line, you will see a warning box when you make the connection, similar
to that for cipher selection (see \k{config-ssh-encryption}).
\I{host key fingerprint}fingerprint, you should make sure the one
PuTTY shows you is on the list, but it doesn't matter which one it is.)
\I{host key fingerprint}fingerprint, you should make sure the one
PuTTY shows you is on the list, but it doesn't matter which one it is.)
+See \k{config-ssh-hostkey} for advanced options for managing host keys.
+
\# FIXME: this is all very fine but of course in practice the world
doesn't work that way. Ask the team if they have any good ideas for
changes to this section!
\# FIXME: this is all very fine but of course in practice the world
doesn't work that way. Ask the team if they have any good ideas for
changes to this section!
\IM{logical host name} logical host name
\IM{logical host name} host name, logical
\IM{logical host name} logical host name
\IM{logical host name} host name, logical
-\IM{host key cache}{host key caching policy} host key caching policy
+\IM{host key cache}{host key management} host key management
+\IM{host key cache}{host key management} cache, of SSH host keys
\IM{web browsers} web browser
\IM{web browsers} web browser
\S2{using-cmdline-loghost} \i\c{-loghost}: specify a \i{logical host
name}
\S2{using-cmdline-loghost} \i\c{-loghost}: specify a \i{logical host
name}
-This option overrides PuTTY's normal SSH \i{host key caching policy} by
-telling it the name of the host you expect your connection to end up
-at (in cases where this differs from the location PuTTY thinks it's
-connecting to). It can be a plain host name, or a host name followed
-by a colon and a port number. See \k{config-loghost} for more detail
-on this.
+This option overrides PuTTY's normal SSH \I{host key cache}host key
+caching policy by telling it the name of the host you expect your
+connection to end up at (in cases where this differs from the location
+PuTTY thinks it's connecting to). It can be a plain host name, or a
+host name followed by a colon and a port number. See
+\k{config-loghost} for more detail on this.
\S2{using-cmdline-hostkey} \i\c{-hostkey}: \I{manually configuring
host keys}manually specify an expected host key
\S2{using-cmdline-hostkey} \i\c{-hostkey}: \I{manually configuring
host keys}manually specify an expected host key
-This option overrides PuTTY's normal SSH \i{host key caching policy} by
-telling it exactly what host key to expect, which can be useful if the
-normal automatic host key store in the Registry is unavailable. The
-argument to this option should be either a host key fingerprint, or an
-SSH-2 public key blob. See \k{config-ssh-kex-manual-hostkeys} for more
-information.
+This option overrides PuTTY's normal SSH \I{host key cache}host key
+caching policy by telling it exactly what host key to expect, which
+can be useful if the normal automatic host key store in the Registry
+is unavailable. The argument to this option should be either a host key
+fingerprint, or an SSH-2 public key blob. See
+\k{config-ssh-kex-manual-hostkeys} for more information.
You can specify this option more than once if you want to configure
more than one key to be accepted.
You can specify this option more than once if you want to configure
more than one key to be accepted.