nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-09 17:38:00 +00:00
Code Issues Projects Releases Wiki Activity

privacy.but: greater emphasis on checking host keys.

Browse Source 
Re-reading the wording, I think I was a bit cavalier about "if you
don't like the host key cache recording where you've been, check host
keys yourself." It should be more like "check host keys yourself,
SERIOUSLY, WE REALLY MEAN IT, DO NOT LEAVE THIS STEP OUT."
This commit is contained in:
Simon Tatham 2024-11-03 14:12:46 +00:00
parent 33881a1445
commit 47df948362
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
doc/privacy.but
View File

@ -43,9 +43,15 @@ cache if you select the \q{Accept} action at one of the PuTTY suite's
host key verification prompts. So if you want to make an SSH
connection without PuTTY saving any trace of where you connected to,
you can press \q{Connect Once} instead of \q{Accept}, which does not
store the host key in the cache. However, if you do this, PuTTY can't
automatically detect the host key changing in the future, so you
should check the key fingerprint yourself every time you connect.
store the host key in the cache.
However, if you do this, PuTTY can't automatically detect the host key
changing in the future, so you should check the key fingerprint
yourself every time you connect. \s{This is vitally important.} If you
don't let PuTTY cache host keys \e{and} don't check them yourself,
then it becomes easy for an attacker to interpose a listener between
you and the server you're connecting to. The entire cryptographic
system of SSH depends on making sure the host key is right.
The host key cache is only used by SSH. No other protocol supported
by PuTTY has any analogue of it.