mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-10 01:48:00 +00:00
Cross-reference all the host key docs.
And tweak some of the words a bit.
This commit is contained in:
Jacob Nevins
parent
fc77fa0b8b
commit
15386cbe92
@ -2486,11 +2486,12 @@ protection than SSH-2 without rekeys.
|
||||
\H{config-ssh-hostkey} The Host Keys panel
|
||||
|
||||
The Host Keys panel allows you to configure options related to SSH-2
|
||||
host key management.
|
||||
\i{host key management}.
|
||||
|
||||
Host keys are used to prove the server's identity, and assure you that
|
||||
the server is not being spoofed (either by a man-in-the-middle attack
|
||||
or by completely replacing it on the network).
|
||||
or by completely replacing it on the network). See \k{gs-hostkey} for
|
||||
a basic introduction to host keys.
|
||||
|
||||
This entire panel is only relevant to SSH protocol version 2; none of
|
||||
these settings affect SSH-1 at all.
|
||||
@ -2516,11 +2517,16 @@ NIST-standardised elliptic curves.
|
||||
|
||||
\b \q{RSA}: the ordinary \i{RSA} algorithm.
|
||||
|
||||
If PuTTY already has a host key stored for the server, it will prefer
|
||||
to use the one it already has. If not, it will choose an algorithm
|
||||
based on the preference order you specify in the configuration.
|
||||
If PuTTY already has one or more host keys stored for the server,
|
||||
it will prefer to use one of those, even if the server has a key
|
||||
type that is higher in the preference order. You can add such a
|
||||
key to PuTTY's cache from within an existing session using the
|
||||
\q{Special Commands} menu; see \k{using-specials}.
|
||||
|
||||
If the first algorithm PuTTY finds is below the \q{warn below here}
|
||||
Otherwise, PuTTY will choose a key type based purely on the
|
||||
preference order you specify in the configuration.
|
||||
|
||||
If the first key type PuTTY finds is below the \q{warn below here}
|
||||
line, you will see a warning box when you make the connection, similar
|
||||
to that for cipher selection (see \k{config-ssh-encryption}).
|
||||
|
||||
|
||||
@ -102,6 +102,8 @@ host key. If the system administrator sends you more than one
|
||||
\I{host key fingerprint}fingerprint, you should make sure the one
|
||||
PuTTY shows you is on the list, but it doesn't matter which one it is.)
|
||||
|
||||
See \k{config-ssh-hostkey} for advanced options for managing host keys.
|
||||
|
||||
\# FIXME: this is all very fine but of course in practice the world
|
||||
doesn't work that way. Ask the team if they have any good ideas for
|
||||
changes to this section!
|
||||
|
||||
@ -851,7 +851,8 @@ saved sessions from
|
||||
\IM{logical host name} logical host name
|
||||
\IM{logical host name} host name, logical
|
||||
|
||||
\IM{host key cache}{host key caching policy} host key caching policy
|
||||
\IM{host key cache}{host key management} host key management
|
||||
\IM{host key cache}{host key management} cache, of SSH host keys
|
||||
|
||||
\IM{web browsers} web browser
|
||||
|
||||
|
||||
@ -934,22 +934,22 @@ authentication} box in the Auth panel of the PuTTY configuration box
|
||||
\S2{using-cmdline-loghost} \i\c{-loghost}: specify a \i{logical host
|
||||
name}
|
||||
|
||||
This option overrides PuTTY's normal SSH \i{host key caching policy} by
|
||||
telling it the name of the host you expect your connection to end up
|
||||
at (in cases where this differs from the location PuTTY thinks it's
|
||||
connecting to). It can be a plain host name, or a host name followed
|
||||
by a colon and a port number. See \k{config-loghost} for more detail
|
||||
on this.
|
||||
This option overrides PuTTY's normal SSH \I{host key cache}host key
|
||||
caching policy by telling it the name of the host you expect your
|
||||
connection to end up at (in cases where this differs from the location
|
||||
PuTTY thinks it's connecting to). It can be a plain host name, or a
|
||||
host name followed by a colon and a port number. See
|
||||
\k{config-loghost} for more detail on this.
|
||||
|
||||
\S2{using-cmdline-hostkey} \i\c{-hostkey}: \I{manually configuring
|
||||
host keys}manually specify an expected host key
|
||||
|
||||
This option overrides PuTTY's normal SSH \i{host key caching policy} by
|
||||
telling it exactly what host key to expect, which can be useful if the
|
||||
normal automatic host key store in the Registry is unavailable. The
|
||||
argument to this option should be either a host key fingerprint, or an
|
||||
SSH-2 public key blob. See \k{config-ssh-kex-manual-hostkeys} for more
|
||||
information.
|
||||
This option overrides PuTTY's normal SSH \I{host key cache}host key
|
||||
caching policy by telling it exactly what host key to expect, which
|
||||
can be useful if the normal automatic host key store in the Registry
|
||||
is unavailable. The argument to this option should be either a host key
|
||||
fingerprint, or an SSH-2 public key blob. See
|
||||
\k{config-ssh-kex-manual-hostkeys} for more information.
|
||||
|
||||
You can specify this option more than once if you want to configure
|
||||
more than one key to be accepted.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user