1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-25 01:02:24 +00:00

Docs: cross-reference host-key warning sections.

The 'certified host key' variant of the host key warning always comes
with a scary 'POTENTIAL SECURITY BREACH!' message. So the error message
section with the scary title that should acknowledge that variant, and
the section about that variant should mention the scary warning.
This commit is contained in:
Jacob Nevins 2022-10-21 19:46:51 +01:00
parent 8c534c26fd
commit 5716c638a5

View File

@ -39,6 +39,9 @@ the one PuTTY has cached for this server}, means that PuTTY has
connected to the SSH server before, knows what its host key
\e{should} be, but has found a different one.
(If the message instead talks about a \q{certified host key}, see
instead \k{errors-cert-mismatch}.)
This may mean that a malicious attacker has replaced your server
with a different one, or has redirected your network connection to
their own machine. On the other hand, it may simply mean that the
@ -60,7 +63,8 @@ If you've configured PuTTY to trust at least one
\k{config-ssh-kex-cert}), then it will ask the SSH server to send it
any available certified host keys. If the server sends back a
certified key signed by a \e{different} certification authority, PuTTY
will present this variant of the host key prompt.
will present this variant of the host key prompt, preceded by
\q{WARNING - POTENTIAL SECURITY BREACH!}
One reason why this can happen is a deliberate attack. Just like an
ordinary man-in-the-middle attack which substitutes a wrong host key,