mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-25 01:02:24 +00:00
Docs: cross-reference host-key warning sections.
The 'certified host key' variant of the host key warning always comes with a scary 'POTENTIAL SECURITY BREACH!' message. So the error message section with the scary title that should acknowledge that variant, and the section about that variant should mention the scary warning.
This commit is contained in:
parent
8c534c26fd
commit
5716c638a5
@ -39,6 +39,9 @@ the one PuTTY has cached for this server}, means that PuTTY has
|
||||
connected to the SSH server before, knows what its host key
|
||||
\e{should} be, but has found a different one.
|
||||
|
||||
(If the message instead talks about a \q{certified host key}, see
|
||||
instead \k{errors-cert-mismatch}.)
|
||||
|
||||
This may mean that a malicious attacker has replaced your server
|
||||
with a different one, or has redirected your network connection to
|
||||
their own machine. On the other hand, it may simply mean that the
|
||||
@ -60,7 +63,8 @@ If you've configured PuTTY to trust at least one
|
||||
\k{config-ssh-kex-cert}), then it will ask the SSH server to send it
|
||||
any available certified host keys. If the server sends back a
|
||||
certified key signed by a \e{different} certification authority, PuTTY
|
||||
will present this variant of the host key prompt.
|
||||
will present this variant of the host key prompt, preceded by
|
||||
\q{WARNING - POTENTIAL SECURITY BREACH!}
|
||||
|
||||
One reason why this can happen is a deliberate attack. Just like an
|
||||
ordinary man-in-the-middle attack which substitutes a wrong host key,
|
||||
|
Loading…
Reference in New Issue
Block a user