nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-09 17:38:00 +00:00
Code Issues Projects Releases Wiki Activity

Consistently use a single notation to refer to SSH protocol versions, as

Browse Source 
discussed. Use Barrett and Silverman's convention of "SSH-1" for SSH protocol
version 1 and "SSH-2" for protocol 2 ("SSH1"/"SSH2" refer to ssh.com
implementations in this scheme). <http://www.snailbook.com/terms.html>

[originally from svn r5480]
This commit is contained in:
Jacob Nevins 2005-03-10 16:36:05 +00:00
parent dfccca7974
commit 5aa719d16e
30 changed files with 269 additions and 269 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
cmdgen.c
View File

@ -523,7 +523,7 @@ int main(int argc, char **argv)
case SSH_KEYTYPE_SSH1:
if (sshver == 2) {
fprintf(stderr, "puttygen: conversion from SSH1 to SSH2 keys"
fprintf(stderr, "puttygen: conversion from SSH-1 to SSH-2 keys"
" not supported\n");
return 1;
}
@ -534,7 +534,7 @@ int main(int argc, char **argv)
case SSH_KEYTYPE_OPENSSH:
case SSH_KEYTYPE_SSHCOM:
if (sshver == 1) {
fprintf(stderr, "puttygen: conversion from SSH2 to SSH1 keys"
fprintf(stderr, "puttygen: conversion from SSH-2 to SSH-1 keys"
" not supported\n");
return 1;
}
@ -694,13 +694,13 @@ int main(int argc, char **argv)
l = ssh1_read_bignum(blob + n, bloblen - n,
&ssh1key->exponent);
if (l < 0) {
error = "SSH1 public key blob was too short";
error = "SSH-1 public key blob was too short";
} else {
n += l;
l = ssh1_read_bignum(blob + n, bloblen - n,
&ssh1key->modulus);
if (l < 0) {
error = "SSH1 public key blob was too short";
error = "SSH-1 public key blob was too short";
} else
n += l;
}
@ -829,14 +829,14 @@ int main(int argc, char **argv)
assert(ssh1key);
ret = saversakey(&outfilename, ssh1key, passphrase);
if (!ret) {
fprintf(stderr, "puttygen: unable to save SSH1 private key\n");
fprintf(stderr, "puttygen: unable to save SSH-1 private key\n");
return 1;
}
} else {
assert(ssh2key);
ret = ssh2_save_userkey(&outfilename, ssh2key, passphrase);
if (!ret) {
fprintf(stderr, "puttygen: unable to save SSH2 private key\n");
fprintf(stderr, "puttygen: unable to save SSH-2 private key\n");
return 1;
}
}
@ -1215,10 +1215,10 @@ int main(int argc, char **argv)
* Change the comment of the key; this _does_ require a
* passphrase owing to the tamperproofing.
*
* NOTE: In SSH1, this only requires a passphrase because
* NOTE: In SSH-1, this only requires a passphrase because
* of inadequacies of the loading and saving mechanisms. In
* _principle_, it should be perfectly possible to modify
* the comment on an SSH1 key without requiring a
* the comment on an SSH-1 key without requiring a
* passphrase; the only reason I can't do it is because my
* loading and saving mechanisms don't include a method of
* loading all the key data without also trying to decrypt
@ -1226,7 +1226,7 @@ int main(int argc, char **argv)
*
* I don't consider this to be a problem worth solving,
* because (a) to fix it would probably end up bloating
* PuTTY proper, and (b) SSH1 is on the way out anyway so
* PuTTY proper, and (b) SSH-1 is on the way out anyway so
* it shouldn't be highly significant. If it seriously
* bothers anyone then perhaps I _might_ be persuadable.
*/

26
config.c
View File

@ -92,7 +92,7 @@ static void cipherlist_handler(union control *ctrl, void *dlg,
{ "3DES", CIPHER_3DES },
{ "Blowfish", CIPHER_BLOWFISH },
{ "DES", CIPHER_DES },
{ "AES (SSH 2 only)", CIPHER_AES },
{ "AES (SSH-2 only)", CIPHER_AES },
{ "-- warn below here --", CIPHER_WARN }
};
@ -1647,7 +1647,7 @@ void setup_config_box(struct controlbox *b, struct sesslist *sesslist,
cipherlist_handler, P(NULL));
c->listbox.height = 6;
ctrl_checkbox(s, "Enable legacy use of single-DES in SSH 2", 'i',
ctrl_checkbox(s, "Enable legacy use of single-DES in SSH-2", 'i',
HELPCTX(ssh_ciphers),
dlg_stdcheckbox_handler,
I(offsetof(Config,ssh2_des_cbc)));
@ -1656,7 +1656,7 @@ void setup_config_box(struct controlbox *b, struct sesslist *sesslist,
/*
* The Connection/SSH/Kex panel. (Owing to repeat key
* exchange, this is all meaningful in mid-session _if_
* we're using SSH2 or haven't decided yet.)
* we're using SSH-2 or haven't decided yet.)
*/
if (protcfginfo != 1) {
ctrl_settitle(b, "Connection/SSH/Kex",
@ -1696,11 +1696,11 @@ void setup_config_box(struct controlbox *b, struct sesslist *sesslist,
s = ctrl_getset(b, "Connection/SSH/Auth", "methods",
"Authentication methods");
ctrl_checkbox(s, "Attempt TIS or CryptoCard auth (SSH1)", 'm',
ctrl_checkbox(s, "Attempt TIS or CryptoCard auth (SSH-1)", 'm',
HELPCTX(ssh_auth_tis),
dlg_stdcheckbox_handler,
I(offsetof(Config,try_tis_auth)));
ctrl_checkbox(s, "Attempt \"keyboard-interactive\" auth (SSH2)",
ctrl_checkbox(s, "Attempt \"keyboard-interactive\" auth (SSH-2)",
'i', HELPCTX(ssh_auth_ki),
dlg_stdcheckbox_handler,
I(offsetof(Config,try_ki_auth)));
@ -1710,7 +1710,7 @@ void setup_config_box(struct controlbox *b, struct sesslist *sesslist,
ctrl_checkbox(s, "Allow agent forwarding", 'f',
HELPCTX(ssh_auth_agentfwd),
dlg_stdcheckbox_handler, I(offsetof(Config,agentfwd)));
ctrl_checkbox(s, "Allow attempted changes of username in SSH2", 'u',
ctrl_checkbox(s, "Allow attempted changes of username in SSH-2", 'u',
HELPCTX(ssh_auth_changeuser),
dlg_stdcheckbox_handler,
I(offsetof(Config,change_username)));
@ -1755,7 +1755,7 @@ void setup_config_box(struct controlbox *b, struct sesslist *sesslist,
HELPCTX(ssh_tunnels_portfwd_localhost),
dlg_stdcheckbox_handler,
I(offsetof(Config,lport_acceptall)));
ctrl_checkbox(s, "Remote ports do the same (SSH v2 only)", 'p',
ctrl_checkbox(s, "Remote ports do the same (SSH-2 only)", 'p',
HELPCTX(ssh_tunnels_portfwd_localhost),
dlg_stdcheckbox_handler,
I(offsetof(Config,rport_acceptall)));
@ -1824,22 +1824,22 @@ void setup_config_box(struct controlbox *b, struct sesslist *sesslist,
s = ctrl_getset(b, "Connection/SSH/Bugs", "main",
"Detection of known bugs in SSH servers");
ctrl_droplist(s, "Chokes on SSH1 ignore messages", 'i', 20,
ctrl_droplist(s, "Chokes on SSH-1 ignore messages", 'i', 20,
HELPCTX(ssh_bugs_ignore1),
sshbug_handler, I(offsetof(Config,sshbug_ignore1)));
ctrl_droplist(s, "Refuses all SSH1 password camouflage", 's', 20,
ctrl_droplist(s, "Refuses all SSH-1 password camouflage", 's', 20,
HELPCTX(ssh_bugs_plainpw1),
sshbug_handler, I(offsetof(Config,sshbug_plainpw1)));
ctrl_droplist(s, "Chokes on SSH1 RSA authentication", 'r', 20,
ctrl_droplist(s, "Chokes on SSH-1 RSA authentication", 'r', 20,
HELPCTX(ssh_bugs_rsa1),
sshbug_handler, I(offsetof(Config,sshbug_rsa1)));
ctrl_droplist(s, "Miscomputes SSH2 HMAC keys", 'm', 20,
ctrl_droplist(s, "Miscomputes SSH-2 HMAC keys", 'm', 20,
HELPCTX(ssh_bugs_hmac2),
sshbug_handler, I(offsetof(Config,sshbug_hmac2)));
ctrl_droplist(s, "Miscomputes SSH2 encryption keys", 'e', 20,
ctrl_droplist(s, "Miscomputes SSH-2 encryption keys", 'e', 20,
HELPCTX(ssh_bugs_derivekey2),
sshbug_handler, I(offsetof(Config,sshbug_derivekey2)));
ctrl_droplist(s, "Requires padding on SSH2 RSA signatures", 'p', 20,
ctrl_droplist(s, "Requires padding on SSH-2 RSA signatures", 'p', 20,
HELPCTX(ssh_bugs_rsapad2),
sshbug_handler, I(offsetof(Config,sshbug_rsapad2)));
ctrl_droplist(s, "Misuses the session ID in PK auth", 'n', 20,

6
contrib/kh2reg.py
View File

@ -1,6 +1,6 @@
#! /usr/bin/env python
# $Id: kh2reg.py,v 1.3 2003/10/21 13:26:12 jacob Exp $
# $Id$
# Convert OpenSSH known_hosts and known_hosts2 files to "new format" PuTTY
# host keys.
# usage:
@ -87,7 +87,7 @@ for line in fileinput.input(args):
# is second field entirely decimal digits?
if re.match (r"\d*$", fields[1]):
# Treat as SSH1-type host key.
# Treat as SSH-1-type host key.
# Format: hostpat bits10 exp10 mod10 comment...
# (PuTTY doesn't store the number of bits.)
magicnumbers = map (long, fields[2:4])
@ -95,7 +95,7 @@ for line in fileinput.input(args):
else:
# Treat as SSH2-type host key.
# Treat as SSH-2-type host key.
# Format: hostpat keytype keyblob64 comment...
sshkeytype, blob = fields[1], base64.decodestring (fields[2])

82
doc/config.but
View File

@ -1563,8 +1563,8 @@ Keepalives are only supported in Telnet and SSH; the Rlogin and Raw
protocols offer no way of implementing them. (For an alternative, see
\k{config-tcp-keepalives}.)
Note that if you are using SSH1 and the server has a bug that makes
it unable to deal with SSH1 ignore messages (see
Note that if you are using SSH-1 and the server has a bug that makes
it unable to deal with SSH-1 ignore messages (see
\k{config-ssh-bug-ignore1}), enabling keepalives will have no effect.
\S{config-nodelay} \q{Disable Nagle's algorithm}
@ -1701,10 +1701,10 @@ other ways around the security problems than just disabling the
whole mechanism.
Version 2 of the SSH protocol also provides a similar mechanism,
which is easier to implement without security flaws. Newer SSH2
which is easier to implement without security flaws. Newer SSH-2
servers are more likely to support it than older ones.
This configuration data is not used in the SSHv1, rlogin or raw
This configuration data is not used in the SSH-1, rlogin or raw
protocols.
To add an environment variable to the list transmitted down the
@ -2126,11 +2126,11 @@ separate configuration of the preference orders. As a result you may
get two warnings similar to the one above, possibly with different
encryptions.
Single-DES is not recommended in the SSH 2 draft protocol
Single-DES is not recommended in the SSH-2 draft protocol
standards, but one or two server implementations do support it.
PuTTY can use single-DES to interoperate with
these servers if you enable the \q{Enable legacy use of single-DES in
SSH 2} option; by default this is disabled and PuTTY will stick to
SSH-2} option; by default this is disabled and PuTTY will stick to
recommended ciphers.
\H{config-ssh-kex} The Kex panel
@ -2283,7 +2283,7 @@ responses take.
\cfg{winhelp-topic}{ssh.auth.ki}
The SSH 2 equivalent of TIS authentication is called
The SSH-2 equivalent of TIS authentication is called
\q{keyboard-interactive}. It is a flexible authentication method
using an arbitrary sequence of requests and responses; so it is not
only useful for challenge/response mechanisms such as S/Key, but it
@ -2306,17 +2306,17 @@ See \k{pageant} for general information on Pageant, and
there is a security risk involved with enabling this option; see
\k{pageant-security} for details.
\S{config-ssh-changeuser} \q{Allow attempted changes of username in SSH2}
\S{config-ssh-changeuser} \q{Allow attempted changes of username in SSH-2}
\cfg{winhelp-topic}{ssh.auth.changeuser}
In the SSH 1 protocol, it is impossible to change username after
In the SSH-1 protocol, it is impossible to change username after
failing to authenticate. So if you mis-type your username at the
PuTTY \q{login as:} prompt, you will not be able to change it except
by restarting PuTTY.
The SSH 2 protocol \e{does} allow changes of username, in principle,
but does not make it mandatory for SSH 2 servers to accept them. In
The SSH-2 protocol \e{does} allow changes of username, in principle,
but does not make it mandatory for SSH-2 servers to accept them. In
particular, OpenSSH does not accept a change of username; once you
have sent one username, it will reject attempts to try to
authenticate as another user. (Depending on the version of OpenSSH,
@ -2391,7 +2391,7 @@ experimental feature, and may encounter several problems:
\cw{XDM-AUTHORIZATION-1}, so they will not know what to do with the
data PuTTY has provided.
\b This authentication mechanism will only work in SSH v2. In SSH
\b This authentication mechanism will only work in SSH-2. In SSH
v1, the SSH server does not tell the client the source address of
a forwarded connection in a machine-readable format, so it's
impossible to verify the \cw{XDM-AUTHORIZATION-1} data.
@ -2465,10 +2465,10 @@ If you delete a local or dynamic port forwarding in mid-session, PuTTY
will stop listening for connections on that port, so it can be re-used
by another program. If you delete a remote port forwarding, note that:
\b The SSHv1 protocol contains no mechanism for asking the server to
\b The SSH-1 protocol contains no mechanism for asking the server to
stop listening on a remote port.
\b The SSHv2 protocol does contain such a mechanism, but not all SSH
\b The SSH-2 protocol does contain such a mechanism, but not all SSH
servers support it. (In particular, OpenSSH does not support it in
any version earlier than 3.9.)
@ -2502,8 +2502,8 @@ port. (This also applies to dynamic SOCKS forwarding.)
\b The \q{Remote ports do the same} option does the same thing for
remote-to-local port forwardings (so that machines other than the
SSH server machine can connect to the forwarded port.) Note that
this feature is only available in the SSH 2 protocol, and not all
SSH 2 servers support it (OpenSSH 3.0 does not, for example).
this feature is only available in the SSH-2 protocol, and not all
SSH-2 servers support it (OpenSSH 3.0 does not, for example).
\S{config-ssh-portfwd-address-family} Selecting Internet protocol
version for forwarded ports
@ -2555,7 +2555,7 @@ states:
\b \q{Auto}: PuTTY will use the server's version number announcement
to try to guess whether or not the server has the bug.
\S{config-ssh-bug-ignore1} \q{Chokes on SSH1 ignore messages}
\S{config-ssh-bug-ignore1} \q{Chokes on SSH-1 ignore messages}
\cfg{winhelp-topic}{ssh.bugs.ignore1}
@ -2563,30 +2563,30 @@ An ignore message (SSH_MSG_IGNORE) is a message in the SSH protocol
which can be sent from the client to the server, or from the server
to the client, at any time. Either side is required to ignore the
message whenever it receives it. PuTTY uses ignore messages to hide
the password packet in SSH1, so that a listener cannot tell the
the password packet in SSH-1, so that a listener cannot tell the
length of the user's password; it also uses ignore messages for
connection keepalives (see \k{config-keepalive}).
If this bug is detected, PuTTY will stop using ignore messages. This
means that keepalives will stop working, and PuTTY will have to fall
back to a secondary defence against SSH1 password-length
back to a secondary defence against SSH-1 password-length
eavesdropping. See \k{config-ssh-bug-plainpw1}. If this bug is
enabled when talking to a correct server, the session will succeed,
but keepalives will not work and the session might be more
vulnerable to eavesdroppers than it could be.
This is an SSH1-specific bug. No known SSH2 server fails to deal
with SSH2 ignore messages.
This is an SSH-1-specific bug. No known SSH-2 server fails to deal
with SSH-2 ignore messages.
\S{config-ssh-bug-plainpw1} \q{Refuses all SSH1 password camouflage}
\S{config-ssh-bug-plainpw1} \q{Refuses all SSH-1 password camouflage}
\cfg{winhelp-topic}{ssh.bugs.plainpw1}
When talking to an SSH1 server which cannot deal with ignore
When talking to an SSH-1 server which cannot deal with ignore
messages (see \k{config-ssh-bug-ignore1}), PuTTY will attempt to
disguise the length of the user's password by sending additional
padding \e{within} the password packet. This is technically a
violation of the SSH1 specification, and so PuTTY will only do it
violation of the SSH-1 specification, and so PuTTY will only do it
when it cannot use standards-compliant ignore messages as
camouflage. In this sense, for a server to refuse to accept a padded
password packet is not really a bug, but it does make life
@ -2599,15 +2599,15 @@ of the password. If this bug is enabled when talking to a correct
server, the session will succeed, but will be more vulnerable to
eavesdroppers than it could be.
This is an SSH1-specific bug. SSH2 is secure against this type of
This is an SSH-1-specific bug. SSH-2 is secure against this type of
attack.
\S{config-ssh-bug-rsa1} \q{Chokes on SSH1 RSA authentication}
\S{config-ssh-bug-rsa1} \q{Chokes on SSH-1 RSA authentication}
\cfg{winhelp-topic}{ssh.bugs.rsa1}
Some SSH1 servers cannot deal with RSA authentication messages at
all. If Pageant is running and contains any SSH1 keys, PuTTY will
Some SSH-1 servers cannot deal with RSA authentication messages at
all. If Pageant is running and contains any SSH-1 keys, PuTTY will
normally automatically try RSA authentication before falling back to
passwords, so these servers will crash when they see the RSA attempt.
@ -2616,9 +2616,9 @@ authentication. If this bug is enabled when talking to a correct
server, the session will succeed, but of course RSA authentication
will be impossible.
This is an SSH1-specific bug.
This is an SSH-1-specific bug.
\S{config-ssh-bug-hmac2} \q{Miscomputes SSH2 HMAC keys}
\S{config-ssh-bug-hmac2} \q{Miscomputes SSH-2 HMAC keys}
\cfg{winhelp-topic}{ssh.bugs.hmac2}
@ -2633,9 +2633,9 @@ same way as the buggy server, so that communication will still be
possible. If this bug is enabled when talking to a correct server,
communication will fail.
This is an SSH2-specific bug.
This is an SSH-2-specific bug.
\S{config-ssh-bug-derivekey2} \q{Miscomputes SSH2 encryption keys}
\S{config-ssh-bug-derivekey2} \q{Miscomputes SSH-2 encryption keys}
\cfg{winhelp-topic}{ssh.bugs.derivekey2}
@ -2649,15 +2649,15 @@ the same way as the buggy server, so that communication will still
be possible. If this bug is enabled when talking to a correct
server, communication will fail.
This is an SSH2-specific bug.
This is an SSH-2-specific bug.
\S{config-ssh-bug-sig} \q{Requires padding on SSH2 RSA signatures}
\S{config-ssh-bug-sig} \q{Requires padding on SSH-2 RSA signatures}
\cfg{winhelp-topic}{ssh.bugs.rsapad2}
Versions below 3.3 of OpenSSH require SSH2 RSA signatures to be
Versions below 3.3 of OpenSSH require SSH-2 RSA signatures to be
padded with zero bytes to the same length as the RSA key modulus.
The SSH2 draft specification says that an unpadded signature MUST be
The SSH-2 draft specification says that an unpadded signature MUST be
accepted, so this is a bug. A typical symptom of this problem is
that PuTTY mysteriously fails RSA authentication once in every few
hundred attempts, and falls back to passwords.
@ -2668,13 +2668,13 @@ server, it is likely that no damage will be done, since correct
servers usually still accept padded signatures because they're used
to talking to OpenSSH.
This is an SSH2-specific bug.
This is an SSH-2-specific bug.
\S{config-ssh-bug-pksessid2} \q{Misuses the session ID in PK auth}
\cfg{winhelp-topic}{ssh.bugs.pksessid2}
Versions below 2.3 of OpenSSH require SSH2 public-key authentication
Versions below 2.3 of OpenSSH require SSH-2 public-key authentication
to be done slightly differently: the data to be signed by the client
contains the session ID formatted in a different way. If public-key
authentication mysteriously does not work but the Event Log (see
@ -2684,9 +2684,9 @@ helps.
If this bug is detected, PuTTY will sign data in the way OpenSSH
expects. If this bug is enabled when talking to a correct server,
SSH2 public-key authentication will fail.
SSH-2 public-key authentication will fail.
This is an SSH2-specific bug.
This is an SSH-2-specific bug.
\S{config-ssh-bug-rekey} \q{Handles key re-exchange badly}
@ -2706,7 +2706,7 @@ exchange. If this bug is enabled when talking to a correct server,
the session should still function, but may be less secure than you
would expect.
This is an SSH2-specific bug.
This is an SSH-2-specific bug.
\H{config-file} Storing configuration in a file

10
doc/errors.but
View File

@ -30,8 +30,8 @@ asking the machine's administrator.
If you see this message and you know that your installation of PuTTY
\e{has} connected to the same server before, it may have been
recently upgraded to SSH protocol version 2. SSH protocols 1 and 2
use separate host keys, so when you first use SSH 2 with a server
you have only used SSH 1 with before, you will see this message
use separate host keys, so when you first use SSH-2 with a server
you have only used SSH-1 with before, you will see this message
again. You should verify the correctness of the key as before.
See \k{gs-hostkey} for more information on host keys.
@ -100,7 +100,7 @@ PuTTY is not able to recover from running out of memory; it will
terminate immediately after giving this error.
However, this error can also occur when memory is not running out at
all, because PuTTY receives data in the wrong format. In SSH 2 and
all, because PuTTY receives data in the wrong format. In SSH-2 and
also in SFTP, the server sends the length of each message before the
message itself; so PuTTY will receive the length, try to allocate
space for the message, and then receive the rest of the message. If
@ -108,7 +108,7 @@ the length PuTTY receives is garbage, it will try to allocate a
ridiculous amount of memory, and will terminate with an \q{Out of
memory} error.
This can happen in SSH 2, if PuTTY and the server have not enabled
This can happen in SSH-2, if PuTTY and the server have not enabled
encryption in the same way (see \k{faq-outofmem} in the FAQ). Some
versions of OpenSSH have a known problem with this: see
\k{faq-openssh-bad-openssl}.
@ -213,7 +213,7 @@ to tell from this error message whether the problem is in the client,
in the server, or in between.
If you get this error, one thing you could try would be to fiddle
with the setting of \q{Miscomputes SSH2 encryption keys} on the Bugs
with the setting of \q{Miscomputes SSH-2 encryption keys} on the Bugs
panel (see \k{config-ssh-bug-derivekey2}).
Another known server problem which can cause this error is described

36
doc/faq.but
View File

@ -45,23 +45,23 @@ page}, and see if you can find the feature there. If it's on there,
and not in the \q{Recently fixed} section, it probably \e{hasn't} been
implemented.
\S{faq-ssh2}{Question} Does PuTTY support SSH v2?
\S{faq-ssh2}{Question} Does PuTTY support SSH-2?
Yes. SSH v2 support has been available in PuTTY since version 0.50.
Yes. SSH-2 support has been available in PuTTY since version 0.50.
Public key authentication (both RSA and DSA) in SSH v2 is new in
Public key authentication (both RSA and DSA) in SSH-2 is new in
version 0.52.
\S{faq-ssh2-keyfmt}{Question} Does PuTTY support reading OpenSSH or
\cw{ssh.com} SSHv2 private key files?
\cw{ssh.com} SSH-2 private key files?
PuTTY doesn't support this natively, but as of 0.53
PuTTYgen can convert both OpenSSH and \cw{ssh.com} private key
files into PuTTY's format.
\S{faq-ssh1}{Question} Does PuTTY support SSH v1?
\S{faq-ssh1}{Question} Does PuTTY support SSH-1?
Yes. SSH 1 support has always been available in PuTTY.
Yes. SSH-1 support has always been available in PuTTY.
\S{faq-localecho}{Question} Does PuTTY support local echo?
@ -534,9 +534,9 @@ of quotes in the obvious way:
received on packet}?
One possible cause of this that used to be common is a bug in old
SSH 2 servers distributed by \cw{ssh.com}. (This is not the only
SSH-2 servers distributed by \cw{ssh.com}. (This is not the only
possible cause; see \k{errors-crc} in the documentation.)
Version 2.3.0 and below of their SSH 2 server
Version 2.3.0 and below of their SSH-2 server
constructs Message Authentication Codes in the wrong way, and
expects the client to construct them in the same wrong way. PuTTY
constructs the MACs correctly by default, and hence these old
@ -550,7 +550,7 @@ to work with them.
If you are using PuTTY version 0.51 or below, you can enable the
workaround by going to the SSH panel and ticking the box labelled
\q{Imitate SSH 2 MAC bug}. It's possible that you might have to do
\q{Imitate SSH-2 MAC bug}. It's possible that you might have to do
this with 0.52 as well, if a buggy server exists that PuTTY doesn't
know about.
@ -608,7 +608,7 @@ the
\c http://www.microsoft.com/windows95/downloads/contents/
\c wuadmintools/s_wunetworkingtools/w95sockets2/
\S{faq-outofmem}{Question} After trying to establish an SSH 2
\S{faq-outofmem}{Question} After trying to establish an SSH-2
connection, PuTTY says \q{Out of memory} and dies.
If this happens just while the connection is starting up, this often
@ -838,17 +838,17 @@ default cipher differs from many other clients.)
\e{OpenSSH 3.1p1:} configurations known to be broken (and symptoms):
\b SSH 2 with AES cipher (PuTTY says "Assertion failed! Expression:
\b SSH-2 with AES cipher (PuTTY says "Assertion failed! Expression:
(len & 15) == 0" in sshaes.c, or "Out of memory", or crashes)
\b SSH 2 with 3DES (PuTTY says "Incorrect MAC received on packet")
\b SSH-2 with 3DES (PuTTY says "Incorrect MAC received on packet")
\b SSH 1 with Blowfish (PuTTY says "Incorrect CRC received on
\b SSH-1 with Blowfish (PuTTY says "Incorrect CRC received on
packet")
\b SSH 1 with 3DES
\b SSH-1 with 3DES
\e{OpenSSH 3.4p1:} as of 3.4p1, only the problem with SSH 1 and
\e{OpenSSH 3.4p1:} as of 3.4p1, only the problem with SSH-1 and
Blowfish remains. Rebuild your server, apply the patch linked to from
bug 138 above, or use another cipher (e.g., 3DES) instead.
@ -860,11 +860,11 @@ clear the underlying cause is the same.
key from ..."? Why can PuTTYgen load my key but not PuTTY?
It's likely that you've generated an SSH protocol 2 key with PuTTYgen,
but you're trying to use it in an SSH 1 connection. SSH1 and SSH2 keys
but you're trying to use it in an SSH-1 connection. SSH-1 and SSH-2 keys
have different formats, and (at least in 0.52) PuTTY's reporting of a
key in the wrong format isn't optimal.
To connect using SSH 2 to a server that supports both versions, you
To connect using SSH-2 to a server that supports both versions, you
need to change the configuration from the default (see \k{faq-ssh2}).
\S{faq-rh8-utf8}{Question} When I'm connected to a Red Hat Linux 8.0
@ -1177,7 +1177,7 @@ OpenSSH?
No, it isn't. PuTTY is almost completely composed of code written
from scratch for PuTTY. The only code we share with OpenSSH is the
detector for SSH1 CRC compensation attacks, written by CORE SDI S.A.
detector for SSH-1 CRC compensation attacks, written by CORE SDI S.A.
\S{faq-sillyputty}{Question} Where can I buy silly putty?

28
doc/man-pg.but
View File

@ -42,15 +42,15 @@ The options to control this are:
\dt \e{keyfile}
\dd Specify a private key file to be loaded. This private key file can
be in the (de facto standard) SSH1 key format, or in PuTTY's SSH2
key format, or in either of the SSH2 private key formats used by
be in the (de facto standard) SSH-1 key format, or in PuTTY's SSH-2
key format, or in either of the SSH-2 private key formats used by
OpenSSH and ssh.com's implementation.
\dt \cw{\-t} \e{keytype}
\dd Specify a type of key to generate. The acceptable values here are
\c{rsa} and \c{dsa} (to generate SSH2 keys), and \c{rsa1} (to
generate SSH1 keys).
\c{rsa} and \c{dsa} (to generate SSH-2 keys), and \c{rsa1} (to
generate SSH-1 keys).
\dt \cw{\-b} \e{bits}
@ -85,21 +85,21 @@ Acceptable options are:
\dt \cw{private}
\dd Save the private key in a format usable by PuTTY. This will either
be the standard SSH1 key format, or PuTTY's own SSH2 key format.
be the standard SSH-1 key format, or PuTTY's own SSH-2 key format.
\dt \cw{public}
\dd Save the public key only. For SSH1 keys, the standard public key
format will be used (\q{\cw{1024 37 5698745}...}). For SSH2 keys, the
\dd Save the public key only. For SSH-1 keys, the standard public key
format will be used (\q{\cw{1024 37 5698745}...}). For SSH-2 keys, the
public key will be output in the format specified in the IETF
drafts, which is a multi-line text file beginning with the line
\q{\cw{---- BEGIN SSH2 PUBLIC KEY ----}}.
\dt \cw{public-openssh}
\dd Save the public key only, in a format usable by OpenSSH. For SSH1
\dd Save the public key only, in a format usable by OpenSSH. For SSH-1
keys, this output format behaves identically to \c{public}. For
SSH2 keys, the public key will be output in the OpenSSH format,
SSH-2 keys, the public key will be output in the OpenSSH format,
which is a single line (\q{\cw{ssh-rsa AAAAB3NzaC1yc2}...}).
\dt \cw{fingerprint}
@ -109,13 +109,13 @@ algorithms are believed compatible with OpenSSH.
\dt \cw{private-openssh}
\dd Save an SSH2 private key in OpenSSH's format. This option is not
permitted for SSH1 keys.
\dd Save an SSH-2 private key in OpenSSH's format. This option is not
permitted for SSH-1 keys.
\dt \cw{private-sshcom}
\dd Save an SSH2 private key in ssh.com's format. This option is not
permitted for SSH1 keys.
\dd Save an SSH-2 private key in ssh.com's format. This option is not
permitted for SSH-1 keys.
If no output type is specified, the default is \c{private}.
@ -144,7 +144,7 @@ fingerprint. Otherwise, the \c{\-o} option is required.
\S{puttygen-manpage-examples} EXAMPLES
To generate an SSH2 RSA key pair and save it in PuTTY's own format
To generate an SSH-2 RSA key pair and save it in PuTTY's own format
(you will be prompted for the passphrase):
\c puttygen -t rsa -C "my home key" -o mykey.ppk

4
doc/man-putt.but
View File

@ -193,7 +193,7 @@ tunnel all their connections. Only works in SSH.
\dt \cw{\-A}, \cw{\-a}
\dd Enable (\cw{\-A}) or disable (\cw{\-a}) SSH agent forwarding.
Currently this only works with OpenSSH and SSH1.
Currently this only works with OpenSSH and SSH-1.
\dt \cw{\-X}, \cw{\-x}
@ -214,7 +214,7 @@ pseudo-terminal at the server end.
\dt \cw{\-i} \e{keyfile}
\dd Specify a private key file to use for authentication. For SSH2
\dd Specify a private key file to use for authentication. For SSH-2
keys, this key file must be in PuTTY's format, not OpenSSH's or
anyone else's.

8
doc/pageant.but
View File

@ -68,9 +68,9 @@ something like this:
For each key, the list box will tell you:
\b The type of the key. Currently, this can be \c{ssh1} (an RSA key
for use with the SSH v1 protocol), \c{ssh-rsa} (an RSA key for use
with the SSH v2 protocol), or \c{ssh-dss} (a DSA key for use with
the SSH v2 protocol).
for use with the SSH-1 protocol), \c{ssh-rsa} (an RSA key for use
with the SSH-2 protocol), or \c{ssh-dss} (a DSA key for use with
the SSH-2 protocol).
\b The size (in bits) of the key.
@ -152,7 +152,7 @@ like this:
Agent forwarding is a mechanism that allows applications on your SSH
server machine to talk to the agent on your client machine.
Note that at present, agent forwarding in SSH2 is only available
Note that at present, agent forwarding in SSH-2 is only available
when your SSH server is OpenSSH. The \cw{ssh.com} server uses a
different agent protocol, which PuTTY does not yet support.

16
doc/pscp.but
View File

@ -7,8 +7,8 @@
\i{PSCP}, the PuTTY Secure Copy client, is a tool for transferring files
securely between computers using an SSH connection.
If you have an SSH 2 server, you might prefer PSFTP (see \k{psftp})
for interactive use. PSFTP does not in general work with SSH 1
If you have an SSH-2 server, you might prefer PSFTP (see \k{psftp})
for interactive use. PSFTP does not in general work with SSH-1
servers, however.
\H{pscp-starting} Starting PSCP
@ -98,7 +98,7 @@ However, in the second case (using a wildcard for multiple remote
files) you may see a warning saying something like \q{warning:
remote host tried to write to a file called \cq{terminal.c} when we
requested a file called \cq{*.c}. If this is a wildcard, consider
upgrading to SSH 2 or using the \cq{-unsafe} option. Renaming of
upgrading to SSH-2 or using the \cq{-unsafe} option. Renaming of
this file has been disallowed}.
This is due to a fundamental insecurity in the old-style SCP
@ -112,13 +112,13 @@ the wildcard matching rules are decided by the server, the client
cannot reliably verify that the filenames sent back match the
pattern.
PSCP will attempt to use the newer SFTP protocol (part of SSH 2)
PSCP will attempt to use the newer SFTP protocol (part of SSH-2)
where possible, which does not suffer from this security flaw. If
you are talking to an SSH 2 server which supports SFTP, you will
you are talking to an SSH-2 server which supports SFTP, you will
never see this warning. (You can force use of the SFTP protocol,
if available, with \c{-sftp} - see \k{pscp-usage-options-backend}.)
If you really need to use a server-side wildcard with an SSH 1
If you really need to use a server-side wildcard with an SSH-1
server, you can use the \c{-unsafe} command line option with PSCP:
\c pscp -unsafe fred@example.com:source/*.c c:\source
@ -244,7 +244,7 @@ used, but also leads to interoperability issues such as with filename
quoting (for instance, where filenames contain spaces), and also the
security issue described in \k{pscp-usage-basics}.
The newer SFTP protocol, which is usually associated with SSH 2
The newer SFTP protocol, which is usually associated with SSH-2
servers, is specified in a more platform independent way, and leaves
issues such as wildcard syntax up to the client. (PuTTY's SFTP
wildcard syntax is described in \k{psftp-wildcards}.) This makes it
@ -258,7 +258,7 @@ The \c{-scp} option forces PSCP to use the SCP protocol or quit.
The \c{-sftp} option forces PSCP to use the SFTP protocol or quit.
When this option is specified, PSCP looks harder for an SFTP server,
which may allow use of SFTP with SSH 1 depending on server setup.
which may allow use of SFTP with SSH-1 depending on server setup.
\S{pscp-retval} Return value

4
doc/psftp.but
View File

@ -8,8 +8,8 @@ securely between computers using an SSH connection.
PSFTP differs from PSCP in the following ways:
\b PSCP should work on virtually every SSH server. PSFTP uses the
new SFTP protocol, which is a feature of SSH 2 only. (PSCP will also
use this protocol if it can, but there is an SSH 1 equivalent it can
new SFTP protocol, which is a feature of SSH-2 only. (PSCP will also
use this protocol if it can, but there is an SSH-1 equivalent it can
fall back to if it cannot.)
\b PSFTP allows you to run an interactive file transfer session,

44
doc/pubkey.but
View File

@ -114,17 +114,17 @@ Before generating a key pair using PuTTYgen, you need to select
which type of key you need. PuTTYgen currently supports three types
of key:
\b An RSA key for use with the SSH 1 protocol.
\b An RSA key for use with the SSH-1 protocol.
\b An RSA key for use with the SSH 2 protocol.
\b An RSA key for use with the SSH-2 protocol.
\b A DSA key for use with the SSH 2 protocol.
\b A DSA key for use with the SSH-2 protocol.
The SSH 1 protocol only supports RSA keys; if you will be connecting
using the SSH 1 protocol, you must select the first key type or your
The SSH-1 protocol only supports RSA keys; if you will be connecting
using the SSH-1 protocol, you must select the first key type or your
key will be completely useless.
The SSH 2 protocol supports more than one key type. The two types
The SSH-2 protocol supports more than one key type. The two types
supported by PuTTY are RSA and DSA.
The PuTTY developers \e{strongly} recommend you use RSA. DSA has an
@ -289,13 +289,13 @@ will need to tell PuTTY to use for authentication (see
\cfg{winhelp-topic}{puttygen.savepub}
The SSH 2 protocol drafts specify a standard format for storing
The SSH-2 protocol drafts specify a standard format for storing
public keys on disk. Some SSH servers (such as \cw{ssh.com}'s)
require a public key in this format in order to accept
authentication with the corresponding private key. (Others, such as
OpenSSH, use a different format; see \k{puttygen-pastekey}.)
To save your public key in the SSH 2 standard format, press the
To save your public key in the SSH-2 standard format, press the
\q{Save public key} button in PuTTYgen. PuTTYgen will put up a
dialog box asking you where to save the file. Select a directory,
type in a file name, and press \q{Save}.
@ -305,9 +305,9 @@ server machine. See \k{pubkey-gettingready} for general instructions
on configuring public-key authentication once you have generated a
key.
If you use this option with an SSH 1 key, the file PuTTYgen saves
If you use this option with an SSH-1 key, the file PuTTYgen saves
will contain exactly the same text that appears in the \q{Public key
for pasting} box. This is the only existing standard for SSH 1
for pasting} box. This is the only existing standard for SSH-1
public keys.
\S{puttygen-pastekey} \q{Public key for pasting into authorized_keys
@ -315,9 +315,9 @@ file}
\cfg{winhelp-topic}{puttygen.pastekey}
All SSH 1 servers require your public key to be given to it in a
All SSH-1 servers require your public key to be given to it in a
one-line format before it will accept authentication with your
private key. The OpenSSH server also requires this for SSH 2.
private key. The OpenSSH server also requires this for SSH-2.
The \q{Public key for pasting into authorized_keys file} gives the
public-key data in the correct one-line format. Typically you will
@ -352,23 +352,23 @@ for information about importing foreign key formats.
\cfg{winhelp-topic}{puttygen.conversions}
Most SSH1 clients use a standard format for storing private keys on
Most SSH-1 clients use a standard format for storing private keys on
disk. PuTTY uses this format as well; so if you have generated an
SSH1 private key using OpenSSH or \cw{ssh.com}'s client, you can use
SSH-1 private key using OpenSSH or \cw{ssh.com}'s client, you can use
it with PuTTY, and vice versa.
However, SSH2 private keys have no standard format. OpenSSH and
However, SSH-2 private keys have no standard format. OpenSSH and
\cw{ssh.com} have different formats, and PuTTY's is different again.
So a key generated with one client cannot immediately be used with
another.
Using the \q{Import} command from the \q{Conversions} menu, PuTTYgen
can load SSH2 private keys in OpenSSH's format and \cw{ssh.com}'s
can load SSH-2 private keys in OpenSSH's format and \cw{ssh.com}'s
format. Once you have loaded one of these key types, you can then
save it back out as a PuTTY-format key (\c{*.PPK}) so that you can use
it with the PuTTY suite. The passphrase will be unchanged by this
process (unless you deliberately change it). You may want to change
the key comment before you save the key, since OpenSSH's SSH2 key
the key comment before you save the key, since OpenSSH's SSH-2 key
format contains no space for a comment and \cw{ssh.com}'s default
comment format is long and verbose.
@ -379,8 +379,8 @@ saving it (see \k{puttygen-savepriv}) - you need to have typed your
passphrase in beforehand, and you will be warned if you are about to
save a key without a passphrase.
Note that since only SSH2 keys come in different formats, the export
options are not available if you have generated an SSH1 key.
Note that since only SSH-2 keys come in different formats, the export
options are not available if you have generated an SSH-1 key.
\H{pubkey-gettingready} Getting ready for public key authentication
@ -389,7 +389,7 @@ connection succeeds you will be prompted for your user name and
password to login. Once logged in, you must configure the server to
accept your public key for authentication:
\b If your server is using the SSH 1 protocol, you should change
\b If your server is using the SSH-1 protocol, you should change
into the \c{.ssh} directory and open the file \c{authorized_keys}
with your favourite editor. (You may have to create this file if
this is the first key you have put in it). Then switch to the
@ -399,11 +399,11 @@ and copy it to the clipboard (\c{Ctrl+C}). Then, switch back to the
PuTTY window and insert the data into the open file, making sure it
ends up all on one line. Save the file.
\b If your server is OpenSSH and is using the SSH 2 protocol, you
\b If your server is OpenSSH and is using the SSH-2 protocol, you
should follow the same instructions, except that in earlier versions
of OpenSSH 2 the file might be called \c{authorized_keys2}. (In
modern versions the same \c{authorized_keys} file is used for both
SSH 1 and SSH 2 keys.)
SSH-1 and SSH-2 keys.)
\b If your server is \cw{ssh.com}'s SSH 2 product, you need to save
a \e{public} key file from PuTTYgen (see \k{puttygen-savepub}), and

12
doc/using.but
View File

@ -431,8 +431,8 @@ your client PC can connect to the forwarded port.
\b The \q{Remote ports do the same} option does the same thing for
remote-to-local port forwardings (so that machines other than the
SSH server machine can connect to the forwarded port.) Note that
this feature is only available in the SSH 2 protocol, and not all
SSH 2 servers honour it (in OpenSSH, for example, it's usually
this feature is only available in the SSH-2 protocol, and not all
SSH-2 servers honour it (in OpenSSH, for example, it's usually
disabled by default).
You can also specify an \i{IP address} to listen on. Typically a
@ -443,8 +443,8 @@ available only to the local machine. So if you forward (for example)
should be able to run commands such as \c{finger fred@127.0.0.5}.
This can be useful if the program connecting to the forwarded port
doesn't allow you to change the port number it uses. This feature is
available for local-to-remote forwarded ports; SSH1 is unable to
support it for remote-to-local ports, while SSH2 can support it in
available for local-to-remote forwarded ports; SSH-1 is unable to
support it for remote-to-local ports, while SSH-2 can support it in
theory but servers will not necessarily cooperate.
(Note that if you're using Windows XP Service Pack 2, you may need
@ -752,8 +752,8 @@ the SSH panel of the PuTTY configuration box (see
\S2{using-cmdline-sshprot} \i\c{-1} and \i\c{-2}: specify an \i{SSH
protocol version}
The \c{-1} and \c{-2} options force PuTTY to use version \I{SSH1}1
or version \I{SSH2}2 of the SSH protocol. These options are only
The \c{-1} and \c{-2} options force PuTTY to use version \I{SSH-1}1
or version \I{SSH-2}2 of the SSH protocol. These options are only
meaningful if you are using SSH.
These options are equivalent to selecting your preferred SSH

18
import.c
View File

@ -56,7 +56,7 @@ int import_possible(int type)
int import_target_type(int type)
{
/*
* There are no known foreign SSH1 key formats.
* There are no known foreign SSH-1 key formats.
*/
return SSH_KEYTYPE_SSH2;
}
@ -78,7 +78,7 @@ int import_encrypted(const Filename *filename, int type, char **comment)
}
/*
* Import an SSH1 key.
* Import an SSH-1 key.
*/
int import_ssh1(const Filename *filename, int type,
struct RSAKey *key, char *passphrase, const char **errmsg_p)
@ -87,7 +87,7 @@ int import_ssh1(const Filename *filename, int type,
}
/*
* Import an SSH2 key.
* Import an SSH-2 key.
*/
struct ssh2_userkey *import_ssh2(const Filename *filename, int type,
char *passphrase, const char **errmsg_p)
@ -100,7 +100,7 @@ struct ssh2_userkey *import_ssh2(const Filename *filename, int type,
}
/*
* Export an SSH1 key.
* Export an SSH-1 key.
*/
int export_ssh1(const Filename *filename, int type, struct RSAKey *key,
char *passphrase)
@ -109,7 +109,7 @@ int export_ssh1(const Filename *filename, int type, struct RSAKey *key,
}
/*
* Export an SSH2 key.
* Export an SSH-2 key.
*/
int export_ssh2(const Filename *filename, int type,
struct ssh2_userkey *key, char *passphrase)
@ -918,9 +918,9 @@ int openssh_write(const Filename *filename, struct ssh2_userkey *key,
*/
/*
* The format of the base64 blob is largely ssh2-packet-formatted,
* The format of the base64 blob is largely SSH-2-packet-formatted,
* except that mpints are a bit different: they're more like the
* old ssh1 mpint. You have a 32-bit bit count N, followed by
* old SSH-1 mpint. You have a 32-bit bit count N, followed by
* (N+7)/8 bytes of data.
*
* So. The blob contains:
@ -932,7 +932,7 @@ int openssh_write(const Filename *filename, struct ssh2_userkey *key,
* - string encrypted-blob
*
* (The first size field includes the size field itself and the
* magic number before it. All other size fields are ordinary ssh2
* magic number before it. All other size fields are ordinary SSH-2
* strings, so the size field indicates how much data is to
* _follow_.)
*
@ -977,7 +977,7 @@ int openssh_write(const Filename *filename, struct ssh2_userkey *key,
* `dl-modp{sign{dsa' prefixes.
*
* Finally, the encryption. The cipher-type string appears to be
* either `none' or `3des-cbc'. Looks as if this is SSH2-style
* either `none' or `3des-cbc'. Looks as if this is SSH-2-style
* 3des-cbc (i.e. outer cbc rather than inner). The key is created
* from the passphrase by means of yet another hashing faff:
*

2
pscp.c
View File

@ -1827,7 +1827,7 @@ static void sink(char *targ, char *src)
tell_user(stderr, " when we requested a file "
"called '%s'.", stripsrc);
tell_user(stderr, " If this is a wildcard, "
"consider upgrading to SSH 2 or using");
"consider upgrading to SSH-2 or using");
tell_user(stderr, " the '-unsafe' option. Renaming"
" of this file has been disallowed.");
/* Override the name the server provided with our own. */

2
psftp.c
View File

@ -2743,7 +2743,7 @@ static int psftp_connect(char *userhost, char *user, int portnumber)
cfg.nopty = TRUE;
/*
* Set up fallback option, for SSH1 servers or servers with the
* Set up fallback option, for SSH-1 servers or servers with the
* sftp subsystem not enabled but the server binary installed
* in the usual place. We only support fallback on Unix
* systems, and we use a kludgy piece of shellery which should

10
putty.h
View File

@ -245,12 +245,12 @@ enum {
enum {
/*
* SSH ciphers (both SSH1 and SSH2)
* SSH ciphers (both SSH-1 and SSH-2)
*/
CIPHER_WARN, /* pseudo 'cipher' */
CIPHER_3DES,
CIPHER_BLOWFISH,
CIPHER_AES, /* (SSH 2 only) */
CIPHER_AES, /* (SSH-2 only) */
CIPHER_DES,
CIPHER_MAX /* no. ciphers (inc warn) */
};
@ -415,11 +415,11 @@ struct config_tag {
int ssh_rekey_time; /* in minutes */
char ssh_rekey_data[16];
int agentfwd;
int change_username; /* allow username switching in SSH2 */
int change_username; /* allow username switching in SSH-2 */
int ssh_cipherlist[CIPHER_MAX];
Filename keyfile;
int sshprot; /* use v1 or v2 when both available */
int ssh2_des_cbc; /* "des-cbc" nonstandard SSH2 cipher */
int ssh2_des_cbc; /* "des-cbc" unrecommended SSH-2 cipher */
int try_tis_auth;
int try_ki_auth;
int ssh_subsys; /* run a subsystem rather than a command */
@ -524,7 +524,7 @@ struct config_tag {
int x11_auth;
/* port forwarding */
int lport_acceptall; /* accept conns from hosts other than localhost */
int rport_acceptall; /* same for remote forwarded ports (SSH2 only) */
int rport_acceptall; /* same for remote forwarded ports (SSH-2 only) */
/*
* The port forwarding string contains a number of
* NUL-terminated substrings, terminated in turn by an empty

116
ssh.c
View File

@ -342,18 +342,18 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
*
* - SSH1_BUFFER_LIMIT is the amount of backlog that must build up
* on a local data stream before we throttle the whole SSH
* connection (in SSH1 only). Throttling the whole connection is
* connection (in SSH-1 only). Throttling the whole connection is
* pretty drastic so we set this high in the hope it won't
* happen very often.
*
* - SSH_MAX_BACKLOG is the amount of backlog that must build up
* on the SSH connection itself before we defensively throttle
* _all_ local data streams. This is pretty drastic too (though
* thankfully unlikely in SSH2 since the window mechanism should
* thankfully unlikely in SSH-2 since the window mechanism should
* ensure that the server never has any need to throttle its end
* of the connection), so we set this high as well.
*
* - OUR_V2_WINSIZE is the maximum window size we present on SSH2
* - OUR_V2_WINSIZE is the maximum window size we present on SSH-2
* channels.
*/
@ -439,7 +439,7 @@ struct ssh_channel {
/* True if we opened this channel but server hasn't confirmed. */
int halfopen;
/*
* In SSH1, this value contains four bits:
* In SSH-1, this value contains four bits:
*
* 1 We have sent SSH1_MSG_CHANNEL_CLOSE.
* 2 We have sent SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION.
@ -475,11 +475,11 @@ struct ssh_channel {
};
/*
* 2-3-4 tree storing remote->local port forwardings. SSH 1 and SSH
* 2 use this structure in different ways, reflecting SSH 2's
* 2-3-4 tree storing remote->local port forwardings. SSH-1 and SSH-2
* use this structure in different ways, reflecting SSH-2's
* altogether saner approach to port forwarding.
*
* In SSH 1, you arrange a remote forwarding by sending the server
* In SSH-1, you arrange a remote forwarding by sending the server
* the remote port number, and the local destination host:port.
* When a connection comes in, the server sends you back that
* host:port pair, and you connect to it. This is a ready-made
@ -491,15 +491,15 @@ struct ssh_channel {
* host:port pairs we _are_ trying to forward to, and reject a
* connection request from the server if it's not in the list.
*
* In SSH 2, each side of the connection minds its own business and
* In SSH-2, each side of the connection minds its own business and
* doesn't send unnecessary information to the other. You arrange a
* remote forwarding by sending the server just the remote port
* number. When a connection comes in, the server tells you which
* of its ports was connected to; and _you_ have to remember what
* local host:port pair went with that port number.
*
* Hence, in SSH 1 this structure is indexed by destination
* host:port pair, whereas in SSH 2 it is indexed by source port.
* Hence, in SSH-1 this structure is indexed by destination
* host:port pair, whereas in SSH-2 it is indexed by source port.
*/
struct ssh_portfwd; /* forward declaration */
@ -542,7 +542,7 @@ struct Packet {
unsigned char *body;
long savedpos;
long maxlen;
long encrypted_len; /* for SSH2 total-size counting */
long encrypted_len; /* for SSH-2 total-size counting */
/*
* State associated with packet logging
@ -710,7 +710,7 @@ struct ssh_tag {
struct rdpkt1_state_tag rdpkt1_state;
struct rdpkt2_state_tag rdpkt2_state;
/* ssh1 and ssh2 use this for different things, but both use it */
/* SSH-1 and SSH-2 use this for different things, but both use it */
int protocol_initial_phase_done;
void (*protocol) (Ssh ssh, void *vin, int inlen,
@ -1558,7 +1558,7 @@ static void sha_uint32(SHA_State * s, unsigned i)
}
/*
* SSH2 packet construction functions.
* SSH-2 packet construction functions.
*/
static void ssh2_pkt_ensure(struct Packet *pkt, int length)
{
@ -1650,7 +1650,7 @@ static void ssh2_pkt_addmp(struct Packet *pkt, Bignum b)
}
/*
* Construct an SSH2 final-form packet: compress it, encrypt it,
* Construct an SSH-2 final-form packet: compress it, encrypt it,
* put the MAC on it. Final packet, ready to be sent, is stored in
* pkt->data. Total length is returned.
*/
@ -1748,7 +1748,7 @@ static int ssh2_pkt_construct(Ssh ssh, struct Packet *pkt)
*/
/*
* Send an SSH2 packet immediately, without queuing or deferring.
* Send an SSH-2 packet immediately, without queuing or deferring.
*/
static void ssh2_pkt_send_noqueue(Ssh ssh, struct Packet *pkt)
{
@ -1769,7 +1769,7 @@ static void ssh2_pkt_send_noqueue(Ssh ssh, struct Packet *pkt)
}
/*
* Defer an SSH2 packet.
* Defer an SSH-2 packet.
*/
static void ssh2_pkt_defer_noqueue(Ssh ssh, struct Packet *pkt)
{
@ -1787,7 +1787,7 @@ static void ssh2_pkt_defer_noqueue(Ssh ssh, struct Packet *pkt)
}
/*
* Queue an SSH2 packet.
* Queue an SSH-2 packet.
*/
static void ssh2_pkt_queue(Ssh ssh, struct Packet *pkt)
{
@ -1829,7 +1829,7 @@ static void ssh2_pkt_defer(Ssh ssh, struct Packet *pkt)
/*
* Send the whole deferred data block constructed by
* ssh2_pkt_defer() or SSH1's defer_packet().
* ssh2_pkt_defer() or SSH-1's defer_packet().
*
* The expected use of the defer mechanism is that you call
* ssh2_pkt_defer() a few times, then call ssh_pkt_defersend(). If
@ -1860,7 +1860,7 @@ static void ssh_pkt_defersend(Ssh ssh)
}
/*
* Send all queued SSH2 packets. We send them by means of
* Send all queued SSH-2 packets. We send them by means of
* ssh2_pkt_defer_noqueue(), in case they included a pair of
* packets that needed to be lumped together.
*/
@ -1901,7 +1901,7 @@ static void sha_mpint(SHA_State * s, Bignum b)
}
/*
* Packet decode functions for both SSH1 and SSH2.
* Packet decode functions for both SSH-1 and SSH-2.
*/
static unsigned long ssh_pkt_getuint32(struct Packet *pkt)
{
@ -1992,7 +1992,7 @@ static Bignum ssh2_pkt_getmp(struct Packet *pkt)
}
/*
* Helper function to add an SSH2 signature blob to a packet.
* Helper function to add an SSH-2 signature blob to a packet.
* Expects to be shown the public key blob as well as the signature
* blob. Normally works just like ssh2_pkt_addstring, but will
* fiddle with the signature packet if necessary for
@ -2088,7 +2088,7 @@ static void ssh_detect_bugs(Ssh ssh, char *vstring)
* sniffing.
*/
ssh->remote_bugs |= BUG_CHOKES_ON_SSH1_IGNORE;
logevent("We believe remote version has SSH1 ignore bug");
logevent("We believe remote version has SSH-1 ignore bug");
}
if (ssh->cfg.sshbug_plainpw1 == FORCE_ON ||
@ -2100,7 +2100,7 @@ static void ssh_detect_bugs(Ssh ssh, char *vstring)
* the password.
*/
ssh->remote_bugs |= BUG_NEEDS_SSH1_PLAIN_PASSWORD;
logevent("We believe remote version needs a plain SSH1 password");
logevent("We believe remote version needs a plain SSH-1 password");
}
if (ssh->cfg.sshbug_rsa1 == FORCE_ON ||
@ -2125,7 +2125,7 @@ static void ssh_detect_bugs(Ssh ssh, char *vstring)
* These versions have the HMAC bug.
*/
ssh->remote_bugs |= BUG_SSH2_HMAC;
logevent("We believe remote version has SSH2 HMAC bug");
logevent("We believe remote version has SSH-2 HMAC bug");
}
if (ssh->cfg.sshbug_derivekey2 == FORCE_ON ||
@ -2138,7 +2138,7 @@ static void ssh_detect_bugs(Ssh ssh, char *vstring)
* generate the keys).
*/
ssh->remote_bugs |= BUG_SSH2_DERIVEKEY;
logevent("We believe remote version has SSH2 key-derivation bug");
logevent("We believe remote version has SSH-2 key-derivation bug");
}
if (ssh->cfg.sshbug_rsapad2 == FORCE_ON ||
@ -2146,21 +2146,21 @@ static void ssh_detect_bugs(Ssh ssh, char *vstring)
(wc_match("OpenSSH_2.[5-9]*", imp) ||
wc_match("OpenSSH_3.[0-2]*", imp)))) {
/*
* These versions have the SSH2 RSA padding bug.
* These versions have the SSH-2 RSA padding bug.
*/
ssh->remote_bugs |= BUG_SSH2_RSA_PADDING;
logevent("We believe remote version has SSH2 RSA padding bug");
logevent("We believe remote version has SSH-2 RSA padding bug");
}
if (ssh->cfg.sshbug_pksessid2 == FORCE_ON ||
(ssh->cfg.sshbug_pksessid2 == AUTO &&
wc_match("OpenSSH_2.[0-2]*", imp))) {
/*
* These versions have the SSH2 session-ID bug in
* These versions have the SSH-2 session-ID bug in
* public-key authentication.
*/
ssh->remote_bugs |= BUG_SSH2_PK_SESSIONID;
logevent("We believe remote version has SSH2 public-key-session-ID bug");
logevent("We believe remote version has SSH-2 public-key-session-ID bug");
}
if (ssh->cfg.sshbug_rekey2 == FORCE_ON ||
@ -2170,10 +2170,10 @@ static void ssh_detect_bugs(Ssh ssh, char *vstring)
wc_match("Sun_SSH_1.0", imp) ||
wc_match("Sun_SSH_1.0.1", imp)))) {
/*
* These versions have the SSH2 rekey bug.
* These versions have the SSH-2 rekey bug.
*/
ssh->remote_bugs |= BUG_SSH2_REKEY;
logevent("We believe remote version has SSH2 rekey bug");
logevent("We believe remote version has SSH-2 rekey bug");
}
}
@ -2314,14 +2314,14 @@ static int do_ssh_init(Ssh ssh, unsigned char c)
strcspn(s->vstring, "\015\012"));
/*
* Initialise SSHv2 protocol.
* Initialise SSH-2 protocol.
*/
ssh->protocol = ssh2_protocol;
ssh2_protocol_setup(ssh);
ssh->s_rdpkt = ssh2_rdpkt;
} else {
/*
* Initialise SSHv1 protocol.
* Initialise SSH-1 protocol.
*/
ssh->protocol = ssh1_protocol;
ssh1_protocol_setup(ssh);
@ -2661,7 +2661,7 @@ static void ssh_throttle_all(Ssh ssh, int enable, int bufsize)
/*
* Username and password input, abstracted off into routines
* reusable in several places - even between SSH1 and SSH2.
* reusable in several places - even between SSH-1 and SSH-2.
*/
/* Set up a username or password input loop on a given buffer. */
@ -2841,14 +2841,14 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
ptr = ssh_pkt_getdata(pktin, 8);
if (!ptr) {
bombout(("SSH1 public key packet stopped before random cookie"));
bombout(("SSH-1 public key packet stopped before random cookie"));
crStop(0);
}
memcpy(cookie, ptr, 8);
if (!ssh1_pkt_getrsakey(pktin, &servkey, &s->keystr1) ||
!ssh1_pkt_getrsakey(pktin, &hostkey, &s->keystr2)) {
bombout(("Failed to read SSH1 public keys from public key packet"));
bombout(("Failed to read SSH-1 public keys from public key packet"));
crStop(0);
}
@ -2887,7 +2887,7 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
*/
if (hostkey.bits > hostkey.bytes * 8 ||
servkey.bits > servkey.bytes * 8) {
bombout(("SSH1 public keys were badly formatted"));
bombout(("SSH-1 public keys were badly formatted"));
crStop(0);
}
@ -2954,7 +2954,7 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
ret = rsaencrypt(s->rsabuf, hostkey.bytes, &servkey);
}
if (!ret) {
bombout(("SSH1 public key encryptions failed due to bad formatting"));
bombout(("SSH-1 public key encryptions failed due to bad formatting"));
crStop(0);
}
@ -2971,7 +2971,7 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
warn = 1;
} else if (next_cipher == CIPHER_AES) {
/* XXX Probably don't need to mention this. */
logevent("AES not supported in SSH1, skipping");
logevent("AES not supported in SSH-1, skipping");
} else {
switch (next_cipher) {
case CIPHER_3DES: s->cipher_type = SSH_CIPHER_3DES;
@ -2987,7 +2987,7 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
}
if (!cipher_chosen) {
if ((s->supported_ciphers_mask & (1 << SSH_CIPHER_3DES)) == 0)
bombout(("Server violates SSH 1 protocol by not "
bombout(("Server violates SSH-1 protocol by not "
"supporting 3DES encryption"));
else
/* shouldn't happen */
@ -3177,7 +3177,7 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
s->p = s->response + 5;
s->nkeys = GET_32BIT(s->p);
s->p += 4;
logeventf(ssh, "Pageant has %d SSH1 keys", s->nkeys);
logeventf(ssh, "Pageant has %d SSH-1 keys", s->nkeys);
for (s->keyi = 0; s->keyi < s->nkeys; s->keyi++) {
logeventf(ssh, "Trying Pageant key #%d", s->keyi);
if (s->publickey_blob &&
@ -3732,7 +3732,7 @@ int sshfwd_write(struct ssh_channel *c, char *buf, int len)
PKT_INT, len, PKT_DATA, buf, len,
PKTT_OTHER, PKT_END);
/*
* In SSH1 we can return 0 here - implying that forwarded
* In SSH-1 we can return 0 here - implying that forwarded
* connections are never individually throttled - because
* the only circumstance that can cause throttling will be
* the whole SSH connection backing up, in which case
@ -3902,7 +3902,7 @@ static void ssh_setup_portfwd(Ssh ssh, const Config *cfg)
portfwd_strptr++;
sports[n] = '\0';
if (ssh->version == 1 && type == 'R') {
logeventf(ssh, "SSH1 cannot handle remote source address "
logeventf(ssh, "SSH-1 cannot handle remote source address "
"spec \"%s\"; ignoring", sports);
} else
strcpy(saddr, sports);
@ -4023,7 +4023,7 @@ static void ssh_setup_portfwd(Ssh ssh, const Config *cfg)
if (ssh->version == 1) {
/*
* We cannot cancel listening ports on the
* server side in SSH1! There's no message
* server side in SSH-1! There's no message
* to support it. Instead, we simply remove
* the rportfwd record from the local end
* so that any connections the server tries
@ -4612,7 +4612,7 @@ static void do_ssh1_connection(Ssh ssh, unsigned char *in, int inlen,
/*
* Start the shell or command.
*
* Special case: if the first-choice command is an SSH2
* Special case: if the first-choice command is an SSH-2
* subsystem (hence not usable here) and the second choice
* exists, we fall straight back to that.
*/
@ -4677,7 +4677,7 @@ static void do_ssh1_connection(Ssh ssh, unsigned char *in, int inlen,
}
/*
* Handle the top-level SSH2 protocol.
* Handle the top-level SSH-2 protocol.
*/
static void ssh1_msg_debug(Ssh ssh, struct Packet *pktin)
{
@ -4797,7 +4797,7 @@ static int first_in_commasep_string(char *needle, char *haystack, int haylen)
/*
* SSH2 key creation method.
* SSH-2 key creation method.
*/
static void ssh2_mkkey(Ssh ssh, Bignum K, unsigned char *H,
unsigned char *sessid, char chr,
@ -4822,7 +4822,7 @@ static void ssh2_mkkey(Ssh ssh, Bignum K, unsigned char *H,
}
/*
* Handle the SSH2 transport layer.
* Handle the SSH-2 transport layer.
*/
static int do_ssh2_transport(Ssh ssh, void *vin, int inlen,
struct Packet *pktin)
@ -5635,7 +5635,7 @@ static int do_ssh2_transport(Ssh ssh, void *vin, int inlen,
}
/*
* Add data to an SSH2 channel output buffer.
* Add data to an SSH-2 channel output buffer.
*/
static void ssh2_add_channel_data(struct ssh_channel *c, char *buf,
int len)
@ -5644,7 +5644,7 @@ static void ssh2_add_channel_data(struct ssh_channel *c, char *buf,
}
/*
* Attempt to send data on an SSH2 channel.
* Attempt to send data on an SSH-2 channel.
*/
static int ssh2_try_send(struct ssh_channel *c)
{
@ -5678,7 +5678,7 @@ static int ssh2_try_send(struct ssh_channel *c)
}
/*
* Potentially enlarge the window on an SSH2 channel.
* Potentially enlarge the window on an SSH-2 channel.
*/
static void ssh2_set_window(struct ssh_channel *c, unsigned newwin)
{
@ -5875,7 +5875,7 @@ static void ssh2_msg_channel_close(Ssh ssh, struct Packet *pktin)
/*
* We used to send SSH_MSG_DISCONNECT here,
* because I'd believed that _every_ conforming
* SSH2 connection had to end with a disconnect
* SSH-2 connection had to end with a disconnect
* being sent by at least one side; apparently
* I was wrong and it's perfectly OK to
* unceremoniously slam the connection shut
@ -6238,7 +6238,7 @@ static void ssh2_msg_channel_open(Ssh ssh, struct Packet *pktin)
}
/*
* Handle the SSH2 userauth and connection layers.
* Handle the SSH-2 userauth and connection layers.
*/
static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
struct Packet *pktin)
@ -6585,7 +6585,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
s->p = s->response + 5;
s->nkeys = GET_32BIT(s->p);
s->p += 4;
logeventf(ssh, "Pageant has %d SSH2 keys", s->nkeys);
logeventf(ssh, "Pageant has %d SSH-2 keys", s->nkeys);
for (s->keyi = 0; s->keyi < s->nkeys; s->keyi++) {
void *vret;
@ -7445,7 +7445,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
}
/*
* Handlers for SSH2 messages that might arrive at any moment.
* Handlers for SSH-2 messages that might arrive at any moment.
*/
static void ssh2_msg_disconnect(Ssh ssh, struct Packet *pktin)
{
@ -7503,7 +7503,7 @@ static void ssh2_msg_something_unimplemented(Ssh ssh, struct Packet *pktin)
}
/*
* Handle the top-level SSH2 protocol.
* Handle the top-level SSH-2 protocol.
*/
static void ssh2_protocol_setup(Ssh ssh)
{
@ -7557,7 +7557,7 @@ static void ssh2_protocol_setup(Ssh ssh)
* These special message types we install handlers for.
*/
ssh->packet_dispatch[SSH2_MSG_DISCONNECT] = ssh2_msg_disconnect;
ssh->packet_dispatch[SSH2_MSG_IGNORE] = ssh_msg_ignore; /* shared with ssh1 */
ssh->packet_dispatch[SSH2_MSG_IGNORE] = ssh_msg_ignore; /* shared with SSH-1 */
ssh->packet_dispatch[SSH2_MSG_DEBUG] = ssh2_msg_debug;
}
@ -8070,7 +8070,7 @@ static void ssh_special(void *handle, Telnet_Special code)
if (ssh->state == SSH_STATE_CLOSED
|| ssh->state == SSH_STATE_PREPACKET) return;
if (ssh->version == 1) {
logevent("Unable to send BREAK signal in SSH1");
logevent("Unable to send BREAK signal in SSH-1");
} else if (ssh->mainchan) {
pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
ssh2_pkt_adduint32(pktout, ssh->mainchan->remoteid);

14
ssh.h
View File

@ -137,7 +137,7 @@ void SHA512_Simple(const void *p, int len, unsigned char *output);
struct ssh_cipher {
void *(*make_context)(void);
void (*free_context)(void *);
void (*sesskey) (void *, unsigned char *key); /* for ssh 1 */
void (*sesskey) (void *, unsigned char *key); /* for SSH-1 */
void (*encrypt) (void *, unsigned char *blk, int len);
void (*decrypt) (void *, unsigned char *blk, int len);
int blksize;
@ -147,8 +147,8 @@ struct ssh_cipher {
struct ssh2_cipher {
void *(*make_context)(void);
void (*free_context)(void *);
void (*setiv) (void *, unsigned char *key); /* for ssh 2 */
void (*setkey) (void *, unsigned char *key);/* for ssh 2 */
void (*setiv) (void *, unsigned char *key); /* for SSH-2 */
void (*setkey) (void *, unsigned char *key);/* for SSH-2 */
void (*encrypt) (void *, unsigned char *blk, int len);
void (*decrypt) (void *, unsigned char *blk, int len);
char *name;
@ -441,7 +441,7 @@ int zlib_decompress_block(void *, unsigned char *block, int len,
unsigned char **outblock, int *outlen);
/*
* SSH1 agent messages.
* SSH-1 agent messages.
*/
#define SSH1_AGENTC_REQUEST_RSA_IDENTITIES 1
#define SSH1_AGENT_RSA_IDENTITIES_ANSWER 2
@ -452,13 +452,13 @@ int zlib_decompress_block(void *, unsigned char *block, int len,
#define SSH1_AGENTC_REMOVE_ALL_RSA_IDENTITIES 9 /* openssh private? */
/*
* Messages common to SSH1 and OpenSSH's SSH2.
* Messages common to SSH-1 and OpenSSH's SSH-2.
*/
#define SSH_AGENT_FAILURE 5
#define SSH_AGENT_SUCCESS 6
/*
* OpenSSH's SSH2 agent messages.
* OpenSSH's SSH-2 agent messages.
*/
#define SSH2_AGENTC_REQUEST_IDENTITIES 11
#define SSH2_AGENT_IDENTITIES_ANSWER 12
@ -469,7 +469,7 @@ int zlib_decompress_block(void *, unsigned char *block, int len,
#define SSH2_AGENTC_REMOVE_ALL_IDENTITIES 19
/*
* Need this to warn about support for the original SSH2 keyfile
* Need this to warn about support for the original SSH-2 keyfile
* format.
*/
void old_keyfile_warning(void);

2
sshblowf.c
View File

@ -483,7 +483,7 @@ static void *blowfish_make_context(void)
static void *blowfish_ssh1_make_context(void)
{
/* In SSH1, need one key for each direction */
/* In SSH-1, need one key for each direction */
return snewn(2, BlowfishContext);
}

10
sshbn.c
View File

@ -558,7 +558,7 @@ Bignum bignum_from_bytes(const unsigned char *data, int nbytes)
}
/*
* Read an ssh1-format bignum from a data buffer. Return the number
* Read an SSH-1-format bignum from a data buffer. Return the number
* of bytes consumed, or -1 if there wasn't enough data.
*/
int ssh1_read_bignum(const unsigned char *data, int len, Bignum * result)
@ -587,7 +587,7 @@ int ssh1_read_bignum(const unsigned char *data, int len, Bignum * result)
}
/*
* Return the bit count of a bignum, for ssh1 encoding.
* Return the bit count of a bignum, for SSH-1 encoding.
*/
int bignum_bitcount(Bignum bn)
{
@ -598,7 +598,7 @@ int bignum_bitcount(Bignum bn)
}
/*
* Return the byte length of a bignum when ssh1 encoded.
* Return the byte length of a bignum when SSH-1 encoded.
*/
int ssh1_bignum_length(Bignum bn)
{
@ -606,7 +606,7 @@ int ssh1_bignum_length(Bignum bn)
}
/*
* Return the byte length of a bignum when ssh2 encoded.
* Return the byte length of a bignum when SSH-2 encoded.
*/
int ssh2_bignum_length(Bignum bn)
{
@ -654,7 +654,7 @@ void bignum_set_bit(Bignum bn, int bitnum, int value)
}
/*
* Write a ssh1-format bignum into a buffer. It is assumed the
* Write a SSH-1-format bignum into a buffer. It is assumed the
* buffer is big enough. Returns the number of bytes used.
*/
int ssh1_write_bignum(void *data, Bignum bn)

6
sshdes.c
View File

@ -751,7 +751,7 @@ static void *des3_make_context(void)
static void *des3_ssh1_make_context(void)
{
/* Need 3 keys for each direction, in SSH1 */
/* Need 3 keys for each direction, in SSH-1 */
return snewn(6, DESContext);
}
@ -762,7 +762,7 @@ static void *des_make_context(void)
static void *des_ssh1_make_context(void)
{
/* Need one key for each direction, in SSH1 */
/* Need one key for each direction, in SSH-1 */
return snewn(2, DESContext);
}
@ -942,7 +942,7 @@ static const struct ssh2_cipher ssh_3des_ssh2 = {
};
/*
* Single DES in ssh2. "des-cbc" is marked as HISTORIC in
* Single DES in SSH-2. "des-cbc" is marked as HISTORIC in
* draft-ietf-secsh-assignednumbers-04.txt, referring to
* FIPS-46-3. ("Single DES (i.e., DES) will be permitted
* for legacy systems only.") , but ssh.com support it and

20
sshpubk.c
View File

@ -1,7 +1,7 @@
/*
* Generic SSH public-key handling operations. In particular,
* reading of SSH public-key files, and also the generic `sign'
* operation for ssh2 (which checks the type of the key and
* operation for SSH-2 (which checks the type of the key and
* dispatches to the appropriate key-type specific function).
*/
@ -78,7 +78,7 @@ static int loadrsakey_main(FILE * fp, struct RSAKey *key, int pub_only,
|| buf[i + 3] != 0) goto end; /* reserved field nonzero, panic! */
i += 4;
/* Now the serious stuff. An ordinary SSH 1 public key. */
/* Now the serious stuff. An ordinary SSH-1 public key. */
i += makekey(buf + i, len, key, NULL, 1);
if (i < 0)
goto end; /* overran */
@ -307,7 +307,7 @@ int saversakey(const Filename *filename, struct RSAKey *key, char *passphrase)
p += 4;
/*
* An ordinary SSH 1 public key consists of: a uint32
* An ordinary SSH-1 public key consists of: a uint32
* containing the bit count, then two bignums containing the
* modulus and exponent respectively.
*/
@ -384,11 +384,11 @@ int saversakey(const Filename *filename, struct RSAKey *key, char *passphrase)
}
/* ----------------------------------------------------------------------
* SSH2 private key load/store functions.
* SSH-2 private key load/store functions.
*/
/*
* PuTTY's own format for SSH2 keys is as follows:
* PuTTY's own format for SSH-2 keys is as follows:
*
* The file is text. Lines are terminated by CRLF, although CR-only
* and LF-only are tolerated on input.
@ -404,7 +404,7 @@ int saversakey(const Filename *filename, struct RSAKey *key, char *passphrase)
*
* Next there is a line saying "Public-Lines: " plus a number N.
* The following N lines contain a base64 encoding of the public
* part of the key. This is encoded as the standard SSH2 public key
* part of the key. This is encoded as the standard SSH-2 public key
* blob (with no initial length): so for RSA, for example, it will
* read
*
@ -1213,10 +1213,10 @@ char *key_type_to_str(int type)
switch (type) {
case SSH_KEYTYPE_UNOPENABLE: return "unable to open file"; break;
case SSH_KEYTYPE_UNKNOWN: return "not a private key"; break;
case SSH_KEYTYPE_SSH1: return "SSH1 private key"; break;
case SSH_KEYTYPE_SSH2: return "PuTTY SSH2 private key"; break;
case SSH_KEYTYPE_OPENSSH: return "OpenSSH SSH2 private key"; break;
case SSH_KEYTYPE_SSHCOM: return "ssh.com SSH2 private key"; break;
case SSH_KEYTYPE_SSH1: return "SSH-1 private key"; break;
case SSH_KEYTYPE_SSH2: return "PuTTY SSH-2 private key"; break;
case SSH_KEYTYPE_OPENSSH: return "OpenSSH SSH-2 private key"; break;
case SSH_KEYTYPE_SSHCOM: return "ssh.com SSH-2 private key"; break;
default: return "INTERNAL ERROR"; break;
}
}

2
sshsha.c
View File

@ -1,5 +1,5 @@
/*
* SHA1 hash algorithm. Used in SSH2 as a MAC, and the transform is
* SHA1 hash algorithm. Used in SSH-2 as a MAC, and the transform is
* also used as a `stirring' function for the PuTTY random number
* pool. Implemented directly from the specification by Simon
* Tatham.

4
terminal.c
View File

@ -6231,13 +6231,13 @@ int term_data(Terminal *term, int is_stderr, const char *data, int len)
* the remote side needing to wait until term_out() has cleared
* a backlog.
*
* This is a slightly suboptimal way to deal with SSH2 - in
* This is a slightly suboptimal way to deal with SSH-2 - in
* principle, the window mechanism would allow us to continue
* to accept data on forwarded ports and X connections even
* while the terminal processing was going slowly - but we
* can't do the 100% right thing without moving the terminal
* processing into a separate thread, and that might hurt
* portability. So we manage stdout buffering the old SSH1 way:
* portability. So we manage stdout buffering the old SSH-1 way:
* if the terminal processing goes slowly, the whole SSH
* connection stops accepting data until it's ready.
*

2
unix/uxcons.c
View File

@ -256,7 +256,7 @@ int askappend(void *frontend, Filename filename,
void old_keyfile_warning(void)
{
static const char message[] =
"You are loading an SSH 2 private key which has an\n"
"You are loading an SSH-2 private key which has an\n"
"old version of the file format. This means your key\n"
"file is not fully tamperproof. Future versions of\n"
"PuTTY may stop supporting this private key format,\n"

2
windows/wincons.c
View File

@ -258,7 +258,7 @@ int askappend(void *frontend, Filename filename,
void old_keyfile_warning(void)
{
static const char message[] =
"You are loading an SSH 2 private key which has an\n"
"You are loading an SSH-2 private key which has an\n"
"old version of the file format. This means your key\n"
"file is not fully tamperproof. Future versions of\n"
"PuTTY may stop supporting this private key format,\n"

2
windows/windlg.c
View File

@ -909,7 +909,7 @@ void old_keyfile_warning(void)
{
static const char mbtitle[] = "%s Key File Warning";
static const char message[] =
"You are loading an SSH 2 private key which has an\n"
"You are loading an SSH-2 private key which has an\n"
"old version of the file format. This means your key\n"
"file is not fully tamperproof. Future versions of\n"
"%s may stop supporting this private key format,\n"

16
windows/winpgen.c
View File

@ -425,7 +425,7 @@ void old_keyfile_warning(void)
{
static const char mbtitle[] = "PuTTY Key File Warning";
static const char message[] =
"You are loading an SSH 2 private key which has an\n"
"You are loading an SSH-2 private key which has an\n"
"old version of the file format. This means your key\n"
"file is not fully tamperproof. Future versions of\n"
"PuTTY may stop supporting this private key format,\n"
@ -836,9 +836,9 @@ static int CALLBACK MainDlgProc(HWND hwnd, UINT msg,
menu1 = CreateMenu();
AppendMenu(menu1, MF_ENABLED, IDC_GENERATE, "&Generate key pair");
AppendMenu(menu1, MF_SEPARATOR, 0, 0);
AppendMenu(menu1, MF_ENABLED, IDC_KEYSSH1, "SSH&1 key (RSA)");
AppendMenu(menu1, MF_ENABLED, IDC_KEYSSH2RSA, "SSH2 &RSA key");
AppendMenu(menu1, MF_ENABLED, IDC_KEYSSH2DSA, "SSH2 &DSA key");
AppendMenu(menu1, MF_ENABLED, IDC_KEYSSH1, "SSH-&1 key (RSA)");
AppendMenu(menu1, MF_ENABLED, IDC_KEYSSH2RSA, "SSH-2 &RSA key");
AppendMenu(menu1, MF_ENABLED, IDC_KEYSSH2DSA, "SSH-2 &DSA key");
AppendMenu(menu, MF_POPUP | MF_ENABLED, (UINT) menu1, "&Key");
state->keymenu = menu1;
@ -915,9 +915,9 @@ static int CALLBACK MainDlgProc(HWND hwnd, UINT msg,
endbox(&cp);
beginbox(&cp, "Parameters", IDC_BOX_PARAMS);
radioline(&cp, "Type of key to generate:", IDC_TYPESTATIC, 3,
"SSH&1 (RSA)", IDC_KEYSSH1,
"SSH2 &RSA", IDC_KEYSSH2RSA,
"SSH2 &DSA", IDC_KEYSSH2DSA, NULL);
"SSH-&1 (RSA)", IDC_KEYSSH1,
"SSH-2 &RSA", IDC_KEYSSH2RSA,
"SSH-2 &DSA", IDC_KEYSSH2DSA, NULL);
staticedit(&cp, "Number of &bits in a generated key:",
IDC_BITSSTATIC, IDC_BITS, 20);
endbox(&cp);
@ -1125,7 +1125,7 @@ static int CALLBACK MainDlgProc(HWND hwnd, UINT msg,
if (type != realtype &&
import_target_type(type) != realtype) {
char msg[256];
sprintf(msg, "Cannot export an SSH%d key in an SSH%d"
sprintf(msg, "Cannot export an SSH-%d key in an SSH-%d"
" format", (state->ssh2 ? 2 : 1),
(state->ssh2 ? 1 : 2));
MessageBox(hwnd, msg,

16
windows/winpgnt.c
View File

@ -147,7 +147,7 @@ int random_byte(void)
}
/*
* Blob structure for passing to the asymmetric SSH2 key compare
* Blob structure for passing to the asymmetric SSH-2 key compare
* function, prototyped here.
*/
struct blob {
@ -321,7 +321,7 @@ void old_keyfile_warning(void)
{
static const char mbtitle[] = "PuTTY Key File Warning";
static const char message[] =
"You are loading an SSH 2 private key which has an\n"
"You are loading an SSH-2 private key which has an\n"
"old version of the file format. This means your key\n"
"file is not fully tamperproof. Future versions of\n"
"PuTTY may stop supporting this private key format,\n"
@ -692,7 +692,7 @@ static void add_keyfile(Filename filename)
}
/*
* Create an SSH1 key list in a malloc'ed buffer; return its
* Create an SSH-1 key list in a malloc'ed buffer; return its
* length.
*/
static void *make_keylist1(int *length)
@ -736,7 +736,7 @@ static void *make_keylist1(int *length)
}
/*
* Create an SSH2 key list in a malloc'ed buffer; return its
* Create an SSH-2 key list in a malloc'ed buffer; return its
* length.
*/
static void *make_keylist2(int *length)
@ -1246,7 +1246,7 @@ static void answer_msg(void *msg)
break;
case SSH1_AGENTC_REMOVE_ALL_RSA_IDENTITIES:
/*
* Remove all SSH1 keys. Always returns success.
* Remove all SSH-1 keys. Always returns success.
*/
{
struct RSAKey *rkey;
@ -1264,7 +1264,7 @@ static void answer_msg(void *msg)
break;
case SSH2_AGENTC_REMOVE_ALL_IDENTITIES:
/*
* Remove all SSH2 keys. Always returns success.
* Remove all SSH-2 keys. Always returns success.
*/
{
struct ssh2_userkey *skey;
@ -1332,7 +1332,7 @@ static int cmpkeys_rsa(void *av, void *bv)
}
/*
* Key comparison function for the 2-3-4 tree of SSH2 keys.
* Key comparison function for the 2-3-4 tree of SSH-2 keys.
*/
static int cmpkeys_ssh2(void *av, void *bv)
{
@ -1372,7 +1372,7 @@ static int cmpkeys_ssh2(void *av, void *bv)
/*
* Key comparison function for looking up a blob in the 2-3-4 tree
* of SSH2 keys.
* of SSH-2 keys.
*/
static int cmpkeys_ssh2_asymm(void *av, void *bv)
{