mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-25 01:02:24 +00:00
Merge SSH-2-only default from 'pre-0.64'.
This commit is contained in:
commit
3b4f3266d8
@ -2268,16 +2268,27 @@ make the most of a low-\i{bandwidth} connection.
|
||||
|
||||
\cfg{winhelp-topic}{ssh.protocol}
|
||||
|
||||
This allows you to select whether you would like to use \i{SSH protocol
|
||||
version 1} or \I{SSH-2}version 2. \#{FIXME: say something about this elsewhere?}
|
||||
This allows you to select whether you would prefer to use \i{SSH protocol
|
||||
version 1} or \I{SSH-2}version 2, and whether to permit falling back
|
||||
to the other version.
|
||||
|
||||
PuTTY will attempt to use protocol 1 if the server you connect to
|
||||
does not offer protocol 2, and vice versa.
|
||||
With the settings \q{1} and \q{2}, PuTTY will attempt to use protocol 1
|
||||
if the server you connect to does not offer protocol 2, and vice versa.
|
||||
|
||||
If you select \q{1 only} or \q{2 only} here, PuTTY will only connect
|
||||
if the server you connect to offers the SSH protocol version you
|
||||
have specified.
|
||||
|
||||
You should normally leave this at the default, \q{2 only}. The older
|
||||
SSH-1 protocol is no longer developed, has many known cryptographic
|
||||
weaknesses, and is generally not considered to be secure. If you
|
||||
permit use of SSH-1 by selecting \q{2} instead of \q{2 only}, an
|
||||
active attacker can force downgrade to SSH-1 even if the server
|
||||
you're connecting to supports SSH-2.
|
||||
|
||||
PuTTY's protocol 1 implementation is provided mainly for
|
||||
compatibility, and is no longer being enhanced.
|
||||
|
||||
\S{config-ssh-sharing} Sharing an SSH connection between PuTTY tools
|
||||
|
||||
\cfg{winhelp-topic}{ssh.sharing}
|
||||
|
@ -63,6 +63,9 @@ files into PuTTY's format.
|
||||
|
||||
Yes. SSH-1 support has always been available in PuTTY.
|
||||
|
||||
However, the SSH-1 protocol has many weaknesses and is no longer
|
||||
considered secure; it should be avoided if at all possible.
|
||||
|
||||
\S{faq-localecho}{Question} Does PuTTY support \i{local echo}?
|
||||
|
||||
Yes. Version 0.52 has proper support for local echo.
|
||||
|
@ -781,7 +781,8 @@ void load_open_settings(void *sesskey, Conf *conf)
|
||||
}
|
||||
gppi(sesskey, "RekeyTime", 60, conf, CONF_ssh_rekey_time);
|
||||
gpps(sesskey, "RekeyBytes", "1G", conf, CONF_ssh_rekey_data);
|
||||
gppi(sesskey, "SshProt", 2, conf, CONF_sshprot);
|
||||
/* SSH-2 only by default */
|
||||
gppi(sesskey, "SshProt", 3, conf, CONF_sshprot);
|
||||
gpps(sesskey, "LogHost", "", conf, CONF_loghost);
|
||||
gppi(sesskey, "SSH2DES", 0, conf, CONF_ssh2_des_cbc);
|
||||
gppi(sesskey, "SshNoAuth", 0, conf, CONF_ssh_no_userauth);
|
||||
|
6
ssh.c
6
ssh.c
@ -2966,11 +2966,13 @@ static int do_ssh_init(Ssh ssh, unsigned char c)
|
||||
s->proto2 = ssh_versioncmp(s->version, "1.99") >= 0;
|
||||
|
||||
if (conf_get_int(ssh->conf, CONF_sshprot) == 0 && !s->proto1) {
|
||||
bombout(("SSH protocol version 1 required by user but not provided by server"));
|
||||
bombout(("SSH protocol version 1 required by configuration but "
|
||||
"not provided by server"));
|
||||
crStop(0);
|
||||
}
|
||||
if (conf_get_int(ssh->conf, CONF_sshprot) == 3 && !s->proto2) {
|
||||
bombout(("SSH protocol version 2 required by user but not provided by server"));
|
||||
bombout(("SSH protocol version 2 required by configuration but "
|
||||
"not provided by server"));
|
||||
crStop(0);
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user