mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-25 01:02:24 +00:00
Consistently use a single notation to refer to SSH protocol versions, as
discussed. Use Barrett and Silverman's convention of "SSH-1" for SSH protocol version 1 and "SSH-2" for protocol 2 ("SSH1"/"SSH2" refer to ssh.com implementations in this scheme). <http://www.snailbook.com/terms.html> [originally from svn r5480]
This commit is contained in:
parent
dfccca7974
commit
5aa719d16e
18
cmdgen.c
18
cmdgen.c
@ -523,7 +523,7 @@ int main(int argc, char **argv)
|
|||||||
|
|
||||||
case SSH_KEYTYPE_SSH1:
|
case SSH_KEYTYPE_SSH1:
|
||||||
if (sshver == 2) {
|
if (sshver == 2) {
|
||||||
fprintf(stderr, "puttygen: conversion from SSH1 to SSH2 keys"
|
fprintf(stderr, "puttygen: conversion from SSH-1 to SSH-2 keys"
|
||||||
" not supported\n");
|
" not supported\n");
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
@ -534,7 +534,7 @@ int main(int argc, char **argv)
|
|||||||
case SSH_KEYTYPE_OPENSSH:
|
case SSH_KEYTYPE_OPENSSH:
|
||||||
case SSH_KEYTYPE_SSHCOM:
|
case SSH_KEYTYPE_SSHCOM:
|
||||||
if (sshver == 1) {
|
if (sshver == 1) {
|
||||||
fprintf(stderr, "puttygen: conversion from SSH2 to SSH1 keys"
|
fprintf(stderr, "puttygen: conversion from SSH-2 to SSH-1 keys"
|
||||||
" not supported\n");
|
" not supported\n");
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
@ -694,13 +694,13 @@ int main(int argc, char **argv)
|
|||||||
l = ssh1_read_bignum(blob + n, bloblen - n,
|
l = ssh1_read_bignum(blob + n, bloblen - n,
|
||||||
&ssh1key->exponent);
|
&ssh1key->exponent);
|
||||||
if (l < 0) {
|
if (l < 0) {
|
||||||
error = "SSH1 public key blob was too short";
|
error = "SSH-1 public key blob was too short";
|
||||||
} else {
|
} else {
|
||||||
n += l;
|
n += l;
|
||||||
l = ssh1_read_bignum(blob + n, bloblen - n,
|
l = ssh1_read_bignum(blob + n, bloblen - n,
|
||||||
&ssh1key->modulus);
|
&ssh1key->modulus);
|
||||||
if (l < 0) {
|
if (l < 0) {
|
||||||
error = "SSH1 public key blob was too short";
|
error = "SSH-1 public key blob was too short";
|
||||||
} else
|
} else
|
||||||
n += l;
|
n += l;
|
||||||
}
|
}
|
||||||
@ -829,14 +829,14 @@ int main(int argc, char **argv)
|
|||||||
assert(ssh1key);
|
assert(ssh1key);
|
||||||
ret = saversakey(&outfilename, ssh1key, passphrase);
|
ret = saversakey(&outfilename, ssh1key, passphrase);
|
||||||
if (!ret) {
|
if (!ret) {
|
||||||
fprintf(stderr, "puttygen: unable to save SSH1 private key\n");
|
fprintf(stderr, "puttygen: unable to save SSH-1 private key\n");
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
assert(ssh2key);
|
assert(ssh2key);
|
||||||
ret = ssh2_save_userkey(&outfilename, ssh2key, passphrase);
|
ret = ssh2_save_userkey(&outfilename, ssh2key, passphrase);
|
||||||
if (!ret) {
|
if (!ret) {
|
||||||
fprintf(stderr, "puttygen: unable to save SSH2 private key\n");
|
fprintf(stderr, "puttygen: unable to save SSH-2 private key\n");
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -1215,10 +1215,10 @@ int main(int argc, char **argv)
|
|||||||
* Change the comment of the key; this _does_ require a
|
* Change the comment of the key; this _does_ require a
|
||||||
* passphrase owing to the tamperproofing.
|
* passphrase owing to the tamperproofing.
|
||||||
*
|
*
|
||||||
* NOTE: In SSH1, this only requires a passphrase because
|
* NOTE: In SSH-1, this only requires a passphrase because
|
||||||
* of inadequacies of the loading and saving mechanisms. In
|
* of inadequacies of the loading and saving mechanisms. In
|
||||||
* _principle_, it should be perfectly possible to modify
|
* _principle_, it should be perfectly possible to modify
|
||||||
* the comment on an SSH1 key without requiring a
|
* the comment on an SSH-1 key without requiring a
|
||||||
* passphrase; the only reason I can't do it is because my
|
* passphrase; the only reason I can't do it is because my
|
||||||
* loading and saving mechanisms don't include a method of
|
* loading and saving mechanisms don't include a method of
|
||||||
* loading all the key data without also trying to decrypt
|
* loading all the key data without also trying to decrypt
|
||||||
@ -1226,7 +1226,7 @@ int main(int argc, char **argv)
|
|||||||
*
|
*
|
||||||
* I don't consider this to be a problem worth solving,
|
* I don't consider this to be a problem worth solving,
|
||||||
* because (a) to fix it would probably end up bloating
|
* because (a) to fix it would probably end up bloating
|
||||||
* PuTTY proper, and (b) SSH1 is on the way out anyway so
|
* PuTTY proper, and (b) SSH-1 is on the way out anyway so
|
||||||
* it shouldn't be highly significant. If it seriously
|
* it shouldn't be highly significant. If it seriously
|
||||||
* bothers anyone then perhaps I _might_ be persuadable.
|
* bothers anyone then perhaps I _might_ be persuadable.
|
||||||
*/
|
*/
|
||||||
|
26
config.c
26
config.c
@ -92,7 +92,7 @@ static void cipherlist_handler(union control *ctrl, void *dlg,
|
|||||||
{ "3DES", CIPHER_3DES },
|
{ "3DES", CIPHER_3DES },
|
||||||
{ "Blowfish", CIPHER_BLOWFISH },
|
{ "Blowfish", CIPHER_BLOWFISH },
|
||||||
{ "DES", CIPHER_DES },
|
{ "DES", CIPHER_DES },
|
||||||
{ "AES (SSH 2 only)", CIPHER_AES },
|
{ "AES (SSH-2 only)", CIPHER_AES },
|
||||||
{ "-- warn below here --", CIPHER_WARN }
|
{ "-- warn below here --", CIPHER_WARN }
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -1647,7 +1647,7 @@ void setup_config_box(struct controlbox *b, struct sesslist *sesslist,
|
|||||||
cipherlist_handler, P(NULL));
|
cipherlist_handler, P(NULL));
|
||||||
c->listbox.height = 6;
|
c->listbox.height = 6;
|
||||||
|
|
||||||
ctrl_checkbox(s, "Enable legacy use of single-DES in SSH 2", 'i',
|
ctrl_checkbox(s, "Enable legacy use of single-DES in SSH-2", 'i',
|
||||||
HELPCTX(ssh_ciphers),
|
HELPCTX(ssh_ciphers),
|
||||||
dlg_stdcheckbox_handler,
|
dlg_stdcheckbox_handler,
|
||||||
I(offsetof(Config,ssh2_des_cbc)));
|
I(offsetof(Config,ssh2_des_cbc)));
|
||||||
@ -1656,7 +1656,7 @@ void setup_config_box(struct controlbox *b, struct sesslist *sesslist,
|
|||||||
/*
|
/*
|
||||||
* The Connection/SSH/Kex panel. (Owing to repeat key
|
* The Connection/SSH/Kex panel. (Owing to repeat key
|
||||||
* exchange, this is all meaningful in mid-session _if_
|
* exchange, this is all meaningful in mid-session _if_
|
||||||
* we're using SSH2 or haven't decided yet.)
|
* we're using SSH-2 or haven't decided yet.)
|
||||||
*/
|
*/
|
||||||
if (protcfginfo != 1) {
|
if (protcfginfo != 1) {
|
||||||
ctrl_settitle(b, "Connection/SSH/Kex",
|
ctrl_settitle(b, "Connection/SSH/Kex",
|
||||||
@ -1696,11 +1696,11 @@ void setup_config_box(struct controlbox *b, struct sesslist *sesslist,
|
|||||||
|
|
||||||
s = ctrl_getset(b, "Connection/SSH/Auth", "methods",
|
s = ctrl_getset(b, "Connection/SSH/Auth", "methods",
|
||||||
"Authentication methods");
|
"Authentication methods");
|
||||||
ctrl_checkbox(s, "Attempt TIS or CryptoCard auth (SSH1)", 'm',
|
ctrl_checkbox(s, "Attempt TIS or CryptoCard auth (SSH-1)", 'm',
|
||||||
HELPCTX(ssh_auth_tis),
|
HELPCTX(ssh_auth_tis),
|
||||||
dlg_stdcheckbox_handler,
|
dlg_stdcheckbox_handler,
|
||||||
I(offsetof(Config,try_tis_auth)));
|
I(offsetof(Config,try_tis_auth)));
|
||||||
ctrl_checkbox(s, "Attempt \"keyboard-interactive\" auth (SSH2)",
|
ctrl_checkbox(s, "Attempt \"keyboard-interactive\" auth (SSH-2)",
|
||||||
'i', HELPCTX(ssh_auth_ki),
|
'i', HELPCTX(ssh_auth_ki),
|
||||||
dlg_stdcheckbox_handler,
|
dlg_stdcheckbox_handler,
|
||||||
I(offsetof(Config,try_ki_auth)));
|
I(offsetof(Config,try_ki_auth)));
|
||||||
@ -1710,7 +1710,7 @@ void setup_config_box(struct controlbox *b, struct sesslist *sesslist,
|
|||||||
ctrl_checkbox(s, "Allow agent forwarding", 'f',
|
ctrl_checkbox(s, "Allow agent forwarding", 'f',
|
||||||
HELPCTX(ssh_auth_agentfwd),
|
HELPCTX(ssh_auth_agentfwd),
|
||||||
dlg_stdcheckbox_handler, I(offsetof(Config,agentfwd)));
|
dlg_stdcheckbox_handler, I(offsetof(Config,agentfwd)));
|
||||||
ctrl_checkbox(s, "Allow attempted changes of username in SSH2", 'u',
|
ctrl_checkbox(s, "Allow attempted changes of username in SSH-2", 'u',
|
||||||
HELPCTX(ssh_auth_changeuser),
|
HELPCTX(ssh_auth_changeuser),
|
||||||
dlg_stdcheckbox_handler,
|
dlg_stdcheckbox_handler,
|
||||||
I(offsetof(Config,change_username)));
|
I(offsetof(Config,change_username)));
|
||||||
@ -1755,7 +1755,7 @@ void setup_config_box(struct controlbox *b, struct sesslist *sesslist,
|
|||||||
HELPCTX(ssh_tunnels_portfwd_localhost),
|
HELPCTX(ssh_tunnels_portfwd_localhost),
|
||||||
dlg_stdcheckbox_handler,
|
dlg_stdcheckbox_handler,
|
||||||
I(offsetof(Config,lport_acceptall)));
|
I(offsetof(Config,lport_acceptall)));
|
||||||
ctrl_checkbox(s, "Remote ports do the same (SSH v2 only)", 'p',
|
ctrl_checkbox(s, "Remote ports do the same (SSH-2 only)", 'p',
|
||||||
HELPCTX(ssh_tunnels_portfwd_localhost),
|
HELPCTX(ssh_tunnels_portfwd_localhost),
|
||||||
dlg_stdcheckbox_handler,
|
dlg_stdcheckbox_handler,
|
||||||
I(offsetof(Config,rport_acceptall)));
|
I(offsetof(Config,rport_acceptall)));
|
||||||
@ -1824,22 +1824,22 @@ void setup_config_box(struct controlbox *b, struct sesslist *sesslist,
|
|||||||
|
|
||||||
s = ctrl_getset(b, "Connection/SSH/Bugs", "main",
|
s = ctrl_getset(b, "Connection/SSH/Bugs", "main",
|
||||||
"Detection of known bugs in SSH servers");
|
"Detection of known bugs in SSH servers");
|
||||||
ctrl_droplist(s, "Chokes on SSH1 ignore messages", 'i', 20,
|
ctrl_droplist(s, "Chokes on SSH-1 ignore messages", 'i', 20,
|
||||||
HELPCTX(ssh_bugs_ignore1),
|
HELPCTX(ssh_bugs_ignore1),
|
||||||
sshbug_handler, I(offsetof(Config,sshbug_ignore1)));
|
sshbug_handler, I(offsetof(Config,sshbug_ignore1)));
|
||||||
ctrl_droplist(s, "Refuses all SSH1 password camouflage", 's', 20,
|
ctrl_droplist(s, "Refuses all SSH-1 password camouflage", 's', 20,
|
||||||
HELPCTX(ssh_bugs_plainpw1),
|
HELPCTX(ssh_bugs_plainpw1),
|
||||||
sshbug_handler, I(offsetof(Config,sshbug_plainpw1)));
|
sshbug_handler, I(offsetof(Config,sshbug_plainpw1)));
|
||||||
ctrl_droplist(s, "Chokes on SSH1 RSA authentication", 'r', 20,
|
ctrl_droplist(s, "Chokes on SSH-1 RSA authentication", 'r', 20,
|
||||||
HELPCTX(ssh_bugs_rsa1),
|
HELPCTX(ssh_bugs_rsa1),
|
||||||
sshbug_handler, I(offsetof(Config,sshbug_rsa1)));
|
sshbug_handler, I(offsetof(Config,sshbug_rsa1)));
|
||||||
ctrl_droplist(s, "Miscomputes SSH2 HMAC keys", 'm', 20,
|
ctrl_droplist(s, "Miscomputes SSH-2 HMAC keys", 'm', 20,
|
||||||
HELPCTX(ssh_bugs_hmac2),
|
HELPCTX(ssh_bugs_hmac2),
|
||||||
sshbug_handler, I(offsetof(Config,sshbug_hmac2)));
|
sshbug_handler, I(offsetof(Config,sshbug_hmac2)));
|
||||||
ctrl_droplist(s, "Miscomputes SSH2 encryption keys", 'e', 20,
|
ctrl_droplist(s, "Miscomputes SSH-2 encryption keys", 'e', 20,
|
||||||
HELPCTX(ssh_bugs_derivekey2),
|
HELPCTX(ssh_bugs_derivekey2),
|
||||||
sshbug_handler, I(offsetof(Config,sshbug_derivekey2)));
|
sshbug_handler, I(offsetof(Config,sshbug_derivekey2)));
|
||||||
ctrl_droplist(s, "Requires padding on SSH2 RSA signatures", 'p', 20,
|
ctrl_droplist(s, "Requires padding on SSH-2 RSA signatures", 'p', 20,
|
||||||
HELPCTX(ssh_bugs_rsapad2),
|
HELPCTX(ssh_bugs_rsapad2),
|
||||||
sshbug_handler, I(offsetof(Config,sshbug_rsapad2)));
|
sshbug_handler, I(offsetof(Config,sshbug_rsapad2)));
|
||||||
ctrl_droplist(s, "Misuses the session ID in PK auth", 'n', 20,
|
ctrl_droplist(s, "Misuses the session ID in PK auth", 'n', 20,
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
#! /usr/bin/env python
|
#! /usr/bin/env python
|
||||||
|
|
||||||
# $Id: kh2reg.py,v 1.3 2003/10/21 13:26:12 jacob Exp $
|
# $Id$
|
||||||
# Convert OpenSSH known_hosts and known_hosts2 files to "new format" PuTTY
|
# Convert OpenSSH known_hosts and known_hosts2 files to "new format" PuTTY
|
||||||
# host keys.
|
# host keys.
|
||||||
# usage:
|
# usage:
|
||||||
@ -87,7 +87,7 @@ for line in fileinput.input(args):
|
|||||||
# is second field entirely decimal digits?
|
# is second field entirely decimal digits?
|
||||||
if re.match (r"\d*$", fields[1]):
|
if re.match (r"\d*$", fields[1]):
|
||||||
|
|
||||||
# Treat as SSH1-type host key.
|
# Treat as SSH-1-type host key.
|
||||||
# Format: hostpat bits10 exp10 mod10 comment...
|
# Format: hostpat bits10 exp10 mod10 comment...
|
||||||
# (PuTTY doesn't store the number of bits.)
|
# (PuTTY doesn't store the number of bits.)
|
||||||
magicnumbers = map (long, fields[2:4])
|
magicnumbers = map (long, fields[2:4])
|
||||||
@ -95,7 +95,7 @@ for line in fileinput.input(args):
|
|||||||
|
|
||||||
else:
|
else:
|
||||||
|
|
||||||
# Treat as SSH2-type host key.
|
# Treat as SSH-2-type host key.
|
||||||
# Format: hostpat keytype keyblob64 comment...
|
# Format: hostpat keytype keyblob64 comment...
|
||||||
sshkeytype, blob = fields[1], base64.decodestring (fields[2])
|
sshkeytype, blob = fields[1], base64.decodestring (fields[2])
|
||||||
|
|
||||||
|
@ -1563,8 +1563,8 @@ Keepalives are only supported in Telnet and SSH; the Rlogin and Raw
|
|||||||
protocols offer no way of implementing them. (For an alternative, see
|
protocols offer no way of implementing them. (For an alternative, see
|
||||||
\k{config-tcp-keepalives}.)
|
\k{config-tcp-keepalives}.)
|
||||||
|
|
||||||
Note that if you are using SSH1 and the server has a bug that makes
|
Note that if you are using SSH-1 and the server has a bug that makes
|
||||||
it unable to deal with SSH1 ignore messages (see
|
it unable to deal with SSH-1 ignore messages (see
|
||||||
\k{config-ssh-bug-ignore1}), enabling keepalives will have no effect.
|
\k{config-ssh-bug-ignore1}), enabling keepalives will have no effect.
|
||||||
|
|
||||||
\S{config-nodelay} \q{Disable Nagle's algorithm}
|
\S{config-nodelay} \q{Disable Nagle's algorithm}
|
||||||
@ -1701,10 +1701,10 @@ other ways around the security problems than just disabling the
|
|||||||
whole mechanism.
|
whole mechanism.
|
||||||
|
|
||||||
Version 2 of the SSH protocol also provides a similar mechanism,
|
Version 2 of the SSH protocol also provides a similar mechanism,
|
||||||
which is easier to implement without security flaws. Newer SSH2
|
which is easier to implement without security flaws. Newer SSH-2
|
||||||
servers are more likely to support it than older ones.
|
servers are more likely to support it than older ones.
|
||||||
|
|
||||||
This configuration data is not used in the SSHv1, rlogin or raw
|
This configuration data is not used in the SSH-1, rlogin or raw
|
||||||
protocols.
|
protocols.
|
||||||
|
|
||||||
To add an environment variable to the list transmitted down the
|
To add an environment variable to the list transmitted down the
|
||||||
@ -2126,11 +2126,11 @@ separate configuration of the preference orders. As a result you may
|
|||||||
get two warnings similar to the one above, possibly with different
|
get two warnings similar to the one above, possibly with different
|
||||||
encryptions.
|
encryptions.
|
||||||
|
|
||||||
Single-DES is not recommended in the SSH 2 draft protocol
|
Single-DES is not recommended in the SSH-2 draft protocol
|
||||||
standards, but one or two server implementations do support it.
|
standards, but one or two server implementations do support it.
|
||||||
PuTTY can use single-DES to interoperate with
|
PuTTY can use single-DES to interoperate with
|
||||||
these servers if you enable the \q{Enable legacy use of single-DES in
|
these servers if you enable the \q{Enable legacy use of single-DES in
|
||||||
SSH 2} option; by default this is disabled and PuTTY will stick to
|
SSH-2} option; by default this is disabled and PuTTY will stick to
|
||||||
recommended ciphers.
|
recommended ciphers.
|
||||||
|
|
||||||
\H{config-ssh-kex} The Kex panel
|
\H{config-ssh-kex} The Kex panel
|
||||||
@ -2283,7 +2283,7 @@ responses take.
|
|||||||
|
|
||||||
\cfg{winhelp-topic}{ssh.auth.ki}
|
\cfg{winhelp-topic}{ssh.auth.ki}
|
||||||
|
|
||||||
The SSH 2 equivalent of TIS authentication is called
|
The SSH-2 equivalent of TIS authentication is called
|
||||||
\q{keyboard-interactive}. It is a flexible authentication method
|
\q{keyboard-interactive}. It is a flexible authentication method
|
||||||
using an arbitrary sequence of requests and responses; so it is not
|
using an arbitrary sequence of requests and responses; so it is not
|
||||||
only useful for challenge/response mechanisms such as S/Key, but it
|
only useful for challenge/response mechanisms such as S/Key, but it
|
||||||
@ -2306,17 +2306,17 @@ See \k{pageant} for general information on Pageant, and
|
|||||||
there is a security risk involved with enabling this option; see
|
there is a security risk involved with enabling this option; see
|
||||||
\k{pageant-security} for details.
|
\k{pageant-security} for details.
|
||||||
|
|
||||||
\S{config-ssh-changeuser} \q{Allow attempted changes of username in SSH2}
|
\S{config-ssh-changeuser} \q{Allow attempted changes of username in SSH-2}
|
||||||
|
|
||||||
\cfg{winhelp-topic}{ssh.auth.changeuser}
|
\cfg{winhelp-topic}{ssh.auth.changeuser}
|
||||||
|
|
||||||
In the SSH 1 protocol, it is impossible to change username after
|
In the SSH-1 protocol, it is impossible to change username after
|
||||||
failing to authenticate. So if you mis-type your username at the
|
failing to authenticate. So if you mis-type your username at the
|
||||||
PuTTY \q{login as:} prompt, you will not be able to change it except
|
PuTTY \q{login as:} prompt, you will not be able to change it except
|
||||||
by restarting PuTTY.
|
by restarting PuTTY.
|
||||||
|
|
||||||
The SSH 2 protocol \e{does} allow changes of username, in principle,
|
The SSH-2 protocol \e{does} allow changes of username, in principle,
|
||||||
but does not make it mandatory for SSH 2 servers to accept them. In
|
but does not make it mandatory for SSH-2 servers to accept them. In
|
||||||
particular, OpenSSH does not accept a change of username; once you
|
particular, OpenSSH does not accept a change of username; once you
|
||||||
have sent one username, it will reject attempts to try to
|
have sent one username, it will reject attempts to try to
|
||||||
authenticate as another user. (Depending on the version of OpenSSH,
|
authenticate as another user. (Depending on the version of OpenSSH,
|
||||||
@ -2391,7 +2391,7 @@ experimental feature, and may encounter several problems:
|
|||||||
\cw{XDM-AUTHORIZATION-1}, so they will not know what to do with the
|
\cw{XDM-AUTHORIZATION-1}, so they will not know what to do with the
|
||||||
data PuTTY has provided.
|
data PuTTY has provided.
|
||||||
|
|
||||||
\b This authentication mechanism will only work in SSH v2. In SSH
|
\b This authentication mechanism will only work in SSH-2. In SSH
|
||||||
v1, the SSH server does not tell the client the source address of
|
v1, the SSH server does not tell the client the source address of
|
||||||
a forwarded connection in a machine-readable format, so it's
|
a forwarded connection in a machine-readable format, so it's
|
||||||
impossible to verify the \cw{XDM-AUTHORIZATION-1} data.
|
impossible to verify the \cw{XDM-AUTHORIZATION-1} data.
|
||||||
@ -2465,10 +2465,10 @@ If you delete a local or dynamic port forwarding in mid-session, PuTTY
|
|||||||
will stop listening for connections on that port, so it can be re-used
|
will stop listening for connections on that port, so it can be re-used
|
||||||
by another program. If you delete a remote port forwarding, note that:
|
by another program. If you delete a remote port forwarding, note that:
|
||||||
|
|
||||||
\b The SSHv1 protocol contains no mechanism for asking the server to
|
\b The SSH-1 protocol contains no mechanism for asking the server to
|
||||||
stop listening on a remote port.
|
stop listening on a remote port.
|
||||||
|
|
||||||
\b The SSHv2 protocol does contain such a mechanism, but not all SSH
|
\b The SSH-2 protocol does contain such a mechanism, but not all SSH
|
||||||
servers support it. (In particular, OpenSSH does not support it in
|
servers support it. (In particular, OpenSSH does not support it in
|
||||||
any version earlier than 3.9.)
|
any version earlier than 3.9.)
|
||||||
|
|
||||||
@ -2502,8 +2502,8 @@ port. (This also applies to dynamic SOCKS forwarding.)
|
|||||||
\b The \q{Remote ports do the same} option does the same thing for
|
\b The \q{Remote ports do the same} option does the same thing for
|
||||||
remote-to-local port forwardings (so that machines other than the
|
remote-to-local port forwardings (so that machines other than the
|
||||||
SSH server machine can connect to the forwarded port.) Note that
|
SSH server machine can connect to the forwarded port.) Note that
|
||||||
this feature is only available in the SSH 2 protocol, and not all
|
this feature is only available in the SSH-2 protocol, and not all
|
||||||
SSH 2 servers support it (OpenSSH 3.0 does not, for example).
|
SSH-2 servers support it (OpenSSH 3.0 does not, for example).
|
||||||
|
|
||||||
\S{config-ssh-portfwd-address-family} Selecting Internet protocol
|
\S{config-ssh-portfwd-address-family} Selecting Internet protocol
|
||||||
version for forwarded ports
|
version for forwarded ports
|
||||||
@ -2555,7 +2555,7 @@ states:
|
|||||||
\b \q{Auto}: PuTTY will use the server's version number announcement
|
\b \q{Auto}: PuTTY will use the server's version number announcement
|
||||||
to try to guess whether or not the server has the bug.
|
to try to guess whether or not the server has the bug.
|
||||||
|
|
||||||
\S{config-ssh-bug-ignore1} \q{Chokes on SSH1 ignore messages}
|
\S{config-ssh-bug-ignore1} \q{Chokes on SSH-1 ignore messages}
|
||||||
|
|
||||||
\cfg{winhelp-topic}{ssh.bugs.ignore1}
|
\cfg{winhelp-topic}{ssh.bugs.ignore1}
|
||||||
|
|
||||||
@ -2563,30 +2563,30 @@ An ignore message (SSH_MSG_IGNORE) is a message in the SSH protocol
|
|||||||
which can be sent from the client to the server, or from the server
|
which can be sent from the client to the server, or from the server
|
||||||
to the client, at any time. Either side is required to ignore the
|
to the client, at any time. Either side is required to ignore the
|
||||||
message whenever it receives it. PuTTY uses ignore messages to hide
|
message whenever it receives it. PuTTY uses ignore messages to hide
|
||||||
the password packet in SSH1, so that a listener cannot tell the
|
the password packet in SSH-1, so that a listener cannot tell the
|
||||||
length of the user's password; it also uses ignore messages for
|
length of the user's password; it also uses ignore messages for
|
||||||
connection keepalives (see \k{config-keepalive}).
|
connection keepalives (see \k{config-keepalive}).
|
||||||
|
|
||||||
If this bug is detected, PuTTY will stop using ignore messages. This
|
If this bug is detected, PuTTY will stop using ignore messages. This
|
||||||
means that keepalives will stop working, and PuTTY will have to fall
|
means that keepalives will stop working, and PuTTY will have to fall
|
||||||
back to a secondary defence against SSH1 password-length
|
back to a secondary defence against SSH-1 password-length
|
||||||
eavesdropping. See \k{config-ssh-bug-plainpw1}. If this bug is
|
eavesdropping. See \k{config-ssh-bug-plainpw1}. If this bug is
|
||||||
enabled when talking to a correct server, the session will succeed,
|
enabled when talking to a correct server, the session will succeed,
|
||||||
but keepalives will not work and the session might be more
|
but keepalives will not work and the session might be more
|
||||||
vulnerable to eavesdroppers than it could be.
|
vulnerable to eavesdroppers than it could be.
|
||||||
|
|
||||||
This is an SSH1-specific bug. No known SSH2 server fails to deal
|
This is an SSH-1-specific bug. No known SSH-2 server fails to deal
|
||||||
with SSH2 ignore messages.
|
with SSH-2 ignore messages.
|
||||||
|
|
||||||
\S{config-ssh-bug-plainpw1} \q{Refuses all SSH1 password camouflage}
|
\S{config-ssh-bug-plainpw1} \q{Refuses all SSH-1 password camouflage}
|
||||||
|
|
||||||
\cfg{winhelp-topic}{ssh.bugs.plainpw1}
|
\cfg{winhelp-topic}{ssh.bugs.plainpw1}
|
||||||
|
|
||||||
When talking to an SSH1 server which cannot deal with ignore
|
When talking to an SSH-1 server which cannot deal with ignore
|
||||||
messages (see \k{config-ssh-bug-ignore1}), PuTTY will attempt to
|
messages (see \k{config-ssh-bug-ignore1}), PuTTY will attempt to
|
||||||
disguise the length of the user's password by sending additional
|
disguise the length of the user's password by sending additional
|
||||||
padding \e{within} the password packet. This is technically a
|
padding \e{within} the password packet. This is technically a
|
||||||
violation of the SSH1 specification, and so PuTTY will only do it
|
violation of the SSH-1 specification, and so PuTTY will only do it
|
||||||
when it cannot use standards-compliant ignore messages as
|
when it cannot use standards-compliant ignore messages as
|
||||||
camouflage. In this sense, for a server to refuse to accept a padded
|
camouflage. In this sense, for a server to refuse to accept a padded
|
||||||
password packet is not really a bug, but it does make life
|
password packet is not really a bug, but it does make life
|
||||||
@ -2599,15 +2599,15 @@ of the password. If this bug is enabled when talking to a correct
|
|||||||
server, the session will succeed, but will be more vulnerable to
|
server, the session will succeed, but will be more vulnerable to
|
||||||
eavesdroppers than it could be.
|
eavesdroppers than it could be.
|
||||||
|
|
||||||
This is an SSH1-specific bug. SSH2 is secure against this type of
|
This is an SSH-1-specific bug. SSH-2 is secure against this type of
|
||||||
attack.
|
attack.
|
||||||
|
|
||||||
\S{config-ssh-bug-rsa1} \q{Chokes on SSH1 RSA authentication}
|
\S{config-ssh-bug-rsa1} \q{Chokes on SSH-1 RSA authentication}
|
||||||
|
|
||||||
\cfg{winhelp-topic}{ssh.bugs.rsa1}
|
\cfg{winhelp-topic}{ssh.bugs.rsa1}
|
||||||
|
|
||||||
Some SSH1 servers cannot deal with RSA authentication messages at
|
Some SSH-1 servers cannot deal with RSA authentication messages at
|
||||||
all. If Pageant is running and contains any SSH1 keys, PuTTY will
|
all. If Pageant is running and contains any SSH-1 keys, PuTTY will
|
||||||
normally automatically try RSA authentication before falling back to
|
normally automatically try RSA authentication before falling back to
|
||||||
passwords, so these servers will crash when they see the RSA attempt.
|
passwords, so these servers will crash when they see the RSA attempt.
|
||||||
|
|
||||||
@ -2616,9 +2616,9 @@ authentication. If this bug is enabled when talking to a correct
|
|||||||
server, the session will succeed, but of course RSA authentication
|
server, the session will succeed, but of course RSA authentication
|
||||||
will be impossible.
|
will be impossible.
|
||||||
|
|
||||||
This is an SSH1-specific bug.
|
This is an SSH-1-specific bug.
|
||||||
|
|
||||||
\S{config-ssh-bug-hmac2} \q{Miscomputes SSH2 HMAC keys}
|
\S{config-ssh-bug-hmac2} \q{Miscomputes SSH-2 HMAC keys}
|
||||||
|
|
||||||
\cfg{winhelp-topic}{ssh.bugs.hmac2}
|
\cfg{winhelp-topic}{ssh.bugs.hmac2}
|
||||||
|
|
||||||
@ -2633,9 +2633,9 @@ same way as the buggy server, so that communication will still be
|
|||||||
possible. If this bug is enabled when talking to a correct server,
|
possible. If this bug is enabled when talking to a correct server,
|
||||||
communication will fail.
|
communication will fail.
|
||||||
|
|
||||||
This is an SSH2-specific bug.
|
This is an SSH-2-specific bug.
|
||||||
|
|
||||||
\S{config-ssh-bug-derivekey2} \q{Miscomputes SSH2 encryption keys}
|
\S{config-ssh-bug-derivekey2} \q{Miscomputes SSH-2 encryption keys}
|
||||||
|
|
||||||
\cfg{winhelp-topic}{ssh.bugs.derivekey2}
|
\cfg{winhelp-topic}{ssh.bugs.derivekey2}
|
||||||
|
|
||||||
@ -2649,15 +2649,15 @@ the same way as the buggy server, so that communication will still
|
|||||||
be possible. If this bug is enabled when talking to a correct
|
be possible. If this bug is enabled when talking to a correct
|
||||||
server, communication will fail.
|
server, communication will fail.
|
||||||
|
|
||||||
This is an SSH2-specific bug.
|
This is an SSH-2-specific bug.
|
||||||
|
|
||||||
\S{config-ssh-bug-sig} \q{Requires padding on SSH2 RSA signatures}
|
\S{config-ssh-bug-sig} \q{Requires padding on SSH-2 RSA signatures}
|
||||||
|
|
||||||
\cfg{winhelp-topic}{ssh.bugs.rsapad2}
|
\cfg{winhelp-topic}{ssh.bugs.rsapad2}
|
||||||
|
|
||||||
Versions below 3.3 of OpenSSH require SSH2 RSA signatures to be
|
Versions below 3.3 of OpenSSH require SSH-2 RSA signatures to be
|
||||||
padded with zero bytes to the same length as the RSA key modulus.
|
padded with zero bytes to the same length as the RSA key modulus.
|
||||||
The SSH2 draft specification says that an unpadded signature MUST be
|
The SSH-2 draft specification says that an unpadded signature MUST be
|
||||||
accepted, so this is a bug. A typical symptom of this problem is
|
accepted, so this is a bug. A typical symptom of this problem is
|
||||||
that PuTTY mysteriously fails RSA authentication once in every few
|
that PuTTY mysteriously fails RSA authentication once in every few
|
||||||
hundred attempts, and falls back to passwords.
|
hundred attempts, and falls back to passwords.
|
||||||
@ -2668,13 +2668,13 @@ server, it is likely that no damage will be done, since correct
|
|||||||
servers usually still accept padded signatures because they're used
|
servers usually still accept padded signatures because they're used
|
||||||
to talking to OpenSSH.
|
to talking to OpenSSH.
|
||||||
|
|
||||||
This is an SSH2-specific bug.
|
This is an SSH-2-specific bug.
|
||||||
|
|
||||||
\S{config-ssh-bug-pksessid2} \q{Misuses the session ID in PK auth}
|
\S{config-ssh-bug-pksessid2} \q{Misuses the session ID in PK auth}
|
||||||
|
|
||||||
\cfg{winhelp-topic}{ssh.bugs.pksessid2}
|
\cfg{winhelp-topic}{ssh.bugs.pksessid2}
|
||||||
|
|
||||||
Versions below 2.3 of OpenSSH require SSH2 public-key authentication
|
Versions below 2.3 of OpenSSH require SSH-2 public-key authentication
|
||||||
to be done slightly differently: the data to be signed by the client
|
to be done slightly differently: the data to be signed by the client
|
||||||
contains the session ID formatted in a different way. If public-key
|
contains the session ID formatted in a different way. If public-key
|
||||||
authentication mysteriously does not work but the Event Log (see
|
authentication mysteriously does not work but the Event Log (see
|
||||||
@ -2684,9 +2684,9 @@ helps.
|
|||||||
|
|
||||||
If this bug is detected, PuTTY will sign data in the way OpenSSH
|
If this bug is detected, PuTTY will sign data in the way OpenSSH
|
||||||
expects. If this bug is enabled when talking to a correct server,
|
expects. If this bug is enabled when talking to a correct server,
|
||||||
SSH2 public-key authentication will fail.
|
SSH-2 public-key authentication will fail.
|
||||||
|
|
||||||
This is an SSH2-specific bug.
|
This is an SSH-2-specific bug.
|
||||||
|
|
||||||
\S{config-ssh-bug-rekey} \q{Handles key re-exchange badly}
|
\S{config-ssh-bug-rekey} \q{Handles key re-exchange badly}
|
||||||
|
|
||||||
@ -2706,7 +2706,7 @@ exchange. If this bug is enabled when talking to a correct server,
|
|||||||
the session should still function, but may be less secure than you
|
the session should still function, but may be less secure than you
|
||||||
would expect.
|
would expect.
|
||||||
|
|
||||||
This is an SSH2-specific bug.
|
This is an SSH-2-specific bug.
|
||||||
|
|
||||||
\H{config-file} Storing configuration in a file
|
\H{config-file} Storing configuration in a file
|
||||||
|
|
||||||
|
@ -30,8 +30,8 @@ asking the machine's administrator.
|
|||||||
If you see this message and you know that your installation of PuTTY
|
If you see this message and you know that your installation of PuTTY
|
||||||
\e{has} connected to the same server before, it may have been
|
\e{has} connected to the same server before, it may have been
|
||||||
recently upgraded to SSH protocol version 2. SSH protocols 1 and 2
|
recently upgraded to SSH protocol version 2. SSH protocols 1 and 2
|
||||||
use separate host keys, so when you first use SSH 2 with a server
|
use separate host keys, so when you first use SSH-2 with a server
|
||||||
you have only used SSH 1 with before, you will see this message
|
you have only used SSH-1 with before, you will see this message
|
||||||
again. You should verify the correctness of the key as before.
|
again. You should verify the correctness of the key as before.
|
||||||
|
|
||||||
See \k{gs-hostkey} for more information on host keys.
|
See \k{gs-hostkey} for more information on host keys.
|
||||||
@ -100,7 +100,7 @@ PuTTY is not able to recover from running out of memory; it will
|
|||||||
terminate immediately after giving this error.
|
terminate immediately after giving this error.
|
||||||
|
|
||||||
However, this error can also occur when memory is not running out at
|
However, this error can also occur when memory is not running out at
|
||||||
all, because PuTTY receives data in the wrong format. In SSH 2 and
|
all, because PuTTY receives data in the wrong format. In SSH-2 and
|
||||||
also in SFTP, the server sends the length of each message before the
|
also in SFTP, the server sends the length of each message before the
|
||||||
message itself; so PuTTY will receive the length, try to allocate
|
message itself; so PuTTY will receive the length, try to allocate
|
||||||
space for the message, and then receive the rest of the message. If
|
space for the message, and then receive the rest of the message. If
|
||||||
@ -108,7 +108,7 @@ the length PuTTY receives is garbage, it will try to allocate a
|
|||||||
ridiculous amount of memory, and will terminate with an \q{Out of
|
ridiculous amount of memory, and will terminate with an \q{Out of
|
||||||
memory} error.
|
memory} error.
|
||||||
|
|
||||||
This can happen in SSH 2, if PuTTY and the server have not enabled
|
This can happen in SSH-2, if PuTTY and the server have not enabled
|
||||||
encryption in the same way (see \k{faq-outofmem} in the FAQ). Some
|
encryption in the same way (see \k{faq-outofmem} in the FAQ). Some
|
||||||
versions of OpenSSH have a known problem with this: see
|
versions of OpenSSH have a known problem with this: see
|
||||||
\k{faq-openssh-bad-openssl}.
|
\k{faq-openssh-bad-openssl}.
|
||||||
@ -213,7 +213,7 @@ to tell from this error message whether the problem is in the client,
|
|||||||
in the server, or in between.
|
in the server, or in between.
|
||||||
|
|
||||||
If you get this error, one thing you could try would be to fiddle
|
If you get this error, one thing you could try would be to fiddle
|
||||||
with the setting of \q{Miscomputes SSH2 encryption keys} on the Bugs
|
with the setting of \q{Miscomputes SSH-2 encryption keys} on the Bugs
|
||||||
panel (see \k{config-ssh-bug-derivekey2}).
|
panel (see \k{config-ssh-bug-derivekey2}).
|
||||||
|
|
||||||
Another known server problem which can cause this error is described
|
Another known server problem which can cause this error is described
|
||||||
|
36
doc/faq.but
36
doc/faq.but
@ -45,23 +45,23 @@ page}, and see if you can find the feature there. If it's on there,
|
|||||||
and not in the \q{Recently fixed} section, it probably \e{hasn't} been
|
and not in the \q{Recently fixed} section, it probably \e{hasn't} been
|
||||||
implemented.
|
implemented.
|
||||||
|
|
||||||
\S{faq-ssh2}{Question} Does PuTTY support SSH v2?
|
\S{faq-ssh2}{Question} Does PuTTY support SSH-2?
|
||||||
|
|
||||||
Yes. SSH v2 support has been available in PuTTY since version 0.50.
|
Yes. SSH-2 support has been available in PuTTY since version 0.50.
|
||||||
|
|
||||||
Public key authentication (both RSA and DSA) in SSH v2 is new in
|
Public key authentication (both RSA and DSA) in SSH-2 is new in
|
||||||
version 0.52.
|
version 0.52.
|
||||||
|
|
||||||
\S{faq-ssh2-keyfmt}{Question} Does PuTTY support reading OpenSSH or
|
\S{faq-ssh2-keyfmt}{Question} Does PuTTY support reading OpenSSH or
|
||||||
\cw{ssh.com} SSHv2 private key files?
|
\cw{ssh.com} SSH-2 private key files?
|
||||||
|
|
||||||
PuTTY doesn't support this natively, but as of 0.53
|
PuTTY doesn't support this natively, but as of 0.53
|
||||||
PuTTYgen can convert both OpenSSH and \cw{ssh.com} private key
|
PuTTYgen can convert both OpenSSH and \cw{ssh.com} private key
|
||||||
files into PuTTY's format.
|
files into PuTTY's format.
|
||||||
|
|
||||||
\S{faq-ssh1}{Question} Does PuTTY support SSH v1?
|
\S{faq-ssh1}{Question} Does PuTTY support SSH-1?
|
||||||
|
|
||||||
Yes. SSH 1 support has always been available in PuTTY.
|
Yes. SSH-1 support has always been available in PuTTY.
|
||||||
|
|
||||||
\S{faq-localecho}{Question} Does PuTTY support local echo?
|
\S{faq-localecho}{Question} Does PuTTY support local echo?
|
||||||
|
|
||||||
@ -534,9 +534,9 @@ of quotes in the obvious way:
|
|||||||
received on packet}?
|
received on packet}?
|
||||||
|
|
||||||
One possible cause of this that used to be common is a bug in old
|
One possible cause of this that used to be common is a bug in old
|
||||||
SSH 2 servers distributed by \cw{ssh.com}. (This is not the only
|
SSH-2 servers distributed by \cw{ssh.com}. (This is not the only
|
||||||
possible cause; see \k{errors-crc} in the documentation.)
|
possible cause; see \k{errors-crc} in the documentation.)
|
||||||
Version 2.3.0 and below of their SSH 2 server
|
Version 2.3.0 and below of their SSH-2 server
|
||||||
constructs Message Authentication Codes in the wrong way, and
|
constructs Message Authentication Codes in the wrong way, and
|
||||||
expects the client to construct them in the same wrong way. PuTTY
|
expects the client to construct them in the same wrong way. PuTTY
|
||||||
constructs the MACs correctly by default, and hence these old
|
constructs the MACs correctly by default, and hence these old
|
||||||
@ -550,7 +550,7 @@ to work with them.
|
|||||||
|
|
||||||
If you are using PuTTY version 0.51 or below, you can enable the
|
If you are using PuTTY version 0.51 or below, you can enable the
|
||||||
workaround by going to the SSH panel and ticking the box labelled
|
workaround by going to the SSH panel and ticking the box labelled
|
||||||
\q{Imitate SSH 2 MAC bug}. It's possible that you might have to do
|
\q{Imitate SSH-2 MAC bug}. It's possible that you might have to do
|
||||||
this with 0.52 as well, if a buggy server exists that PuTTY doesn't
|
this with 0.52 as well, if a buggy server exists that PuTTY doesn't
|
||||||
know about.
|
know about.
|
||||||
|
|
||||||
@ -608,7 +608,7 @@ the
|
|||||||
\c http://www.microsoft.com/windows95/downloads/contents/
|
\c http://www.microsoft.com/windows95/downloads/contents/
|
||||||
\c wuadmintools/s_wunetworkingtools/w95sockets2/
|
\c wuadmintools/s_wunetworkingtools/w95sockets2/
|
||||||
|
|
||||||
\S{faq-outofmem}{Question} After trying to establish an SSH 2
|
\S{faq-outofmem}{Question} After trying to establish an SSH-2
|
||||||
connection, PuTTY says \q{Out of memory} and dies.
|
connection, PuTTY says \q{Out of memory} and dies.
|
||||||
|
|
||||||
If this happens just while the connection is starting up, this often
|
If this happens just while the connection is starting up, this often
|
||||||
@ -838,17 +838,17 @@ default cipher differs from many other clients.)
|
|||||||
|
|
||||||
\e{OpenSSH 3.1p1:} configurations known to be broken (and symptoms):
|
\e{OpenSSH 3.1p1:} configurations known to be broken (and symptoms):
|
||||||
|
|
||||||
\b SSH 2 with AES cipher (PuTTY says "Assertion failed! Expression:
|
\b SSH-2 with AES cipher (PuTTY says "Assertion failed! Expression:
|
||||||
(len & 15) == 0" in sshaes.c, or "Out of memory", or crashes)
|
(len & 15) == 0" in sshaes.c, or "Out of memory", or crashes)
|
||||||
|
|
||||||
\b SSH 2 with 3DES (PuTTY says "Incorrect MAC received on packet")
|
\b SSH-2 with 3DES (PuTTY says "Incorrect MAC received on packet")
|
||||||
|
|
||||||
\b SSH 1 with Blowfish (PuTTY says "Incorrect CRC received on
|
\b SSH-1 with Blowfish (PuTTY says "Incorrect CRC received on
|
||||||
packet")
|
packet")
|
||||||
|
|
||||||
\b SSH 1 with 3DES
|
\b SSH-1 with 3DES
|
||||||
|
|
||||||
\e{OpenSSH 3.4p1:} as of 3.4p1, only the problem with SSH 1 and
|
\e{OpenSSH 3.4p1:} as of 3.4p1, only the problem with SSH-1 and
|
||||||
Blowfish remains. Rebuild your server, apply the patch linked to from
|
Blowfish remains. Rebuild your server, apply the patch linked to from
|
||||||
bug 138 above, or use another cipher (e.g., 3DES) instead.
|
bug 138 above, or use another cipher (e.g., 3DES) instead.
|
||||||
|
|
||||||
@ -860,11 +860,11 @@ clear the underlying cause is the same.
|
|||||||
key from ..."? Why can PuTTYgen load my key but not PuTTY?
|
key from ..."? Why can PuTTYgen load my key but not PuTTY?
|
||||||
|
|
||||||
It's likely that you've generated an SSH protocol 2 key with PuTTYgen,
|
It's likely that you've generated an SSH protocol 2 key with PuTTYgen,
|
||||||
but you're trying to use it in an SSH 1 connection. SSH1 and SSH2 keys
|
but you're trying to use it in an SSH-1 connection. SSH-1 and SSH-2 keys
|
||||||
have different formats, and (at least in 0.52) PuTTY's reporting of a
|
have different formats, and (at least in 0.52) PuTTY's reporting of a
|
||||||
key in the wrong format isn't optimal.
|
key in the wrong format isn't optimal.
|
||||||
|
|
||||||
To connect using SSH 2 to a server that supports both versions, you
|
To connect using SSH-2 to a server that supports both versions, you
|
||||||
need to change the configuration from the default (see \k{faq-ssh2}).
|
need to change the configuration from the default (see \k{faq-ssh2}).
|
||||||
|
|
||||||
\S{faq-rh8-utf8}{Question} When I'm connected to a Red Hat Linux 8.0
|
\S{faq-rh8-utf8}{Question} When I'm connected to a Red Hat Linux 8.0
|
||||||
@ -1177,7 +1177,7 @@ OpenSSH?
|
|||||||
|
|
||||||
No, it isn't. PuTTY is almost completely composed of code written
|
No, it isn't. PuTTY is almost completely composed of code written
|
||||||
from scratch for PuTTY. The only code we share with OpenSSH is the
|
from scratch for PuTTY. The only code we share with OpenSSH is the
|
||||||
detector for SSH1 CRC compensation attacks, written by CORE SDI S.A.
|
detector for SSH-1 CRC compensation attacks, written by CORE SDI S.A.
|
||||||
|
|
||||||
\S{faq-sillyputty}{Question} Where can I buy silly putty?
|
\S{faq-sillyputty}{Question} Where can I buy silly putty?
|
||||||
|
|
||||||
|
@ -42,15 +42,15 @@ The options to control this are:
|
|||||||
\dt \e{keyfile}
|
\dt \e{keyfile}
|
||||||
|
|
||||||
\dd Specify a private key file to be loaded. This private key file can
|
\dd Specify a private key file to be loaded. This private key file can
|
||||||
be in the (de facto standard) SSH1 key format, or in PuTTY's SSH2
|
be in the (de facto standard) SSH-1 key format, or in PuTTY's SSH-2
|
||||||
key format, or in either of the SSH2 private key formats used by
|
key format, or in either of the SSH-2 private key formats used by
|
||||||
OpenSSH and ssh.com's implementation.
|
OpenSSH and ssh.com's implementation.
|
||||||
|
|
||||||
\dt \cw{\-t} \e{keytype}
|
\dt \cw{\-t} \e{keytype}
|
||||||
|
|
||||||
\dd Specify a type of key to generate. The acceptable values here are
|
\dd Specify a type of key to generate. The acceptable values here are
|
||||||
\c{rsa} and \c{dsa} (to generate SSH2 keys), and \c{rsa1} (to
|
\c{rsa} and \c{dsa} (to generate SSH-2 keys), and \c{rsa1} (to
|
||||||
generate SSH1 keys).
|
generate SSH-1 keys).
|
||||||
|
|
||||||
\dt \cw{\-b} \e{bits}
|
\dt \cw{\-b} \e{bits}
|
||||||
|
|
||||||
@ -85,21 +85,21 @@ Acceptable options are:
|
|||||||
\dt \cw{private}
|
\dt \cw{private}
|
||||||
|
|
||||||
\dd Save the private key in a format usable by PuTTY. This will either
|
\dd Save the private key in a format usable by PuTTY. This will either
|
||||||
be the standard SSH1 key format, or PuTTY's own SSH2 key format.
|
be the standard SSH-1 key format, or PuTTY's own SSH-2 key format.
|
||||||
|
|
||||||
\dt \cw{public}
|
\dt \cw{public}
|
||||||
|
|
||||||
\dd Save the public key only. For SSH1 keys, the standard public key
|
\dd Save the public key only. For SSH-1 keys, the standard public key
|
||||||
format will be used (\q{\cw{1024 37 5698745}...}). For SSH2 keys, the
|
format will be used (\q{\cw{1024 37 5698745}...}). For SSH-2 keys, the
|
||||||
public key will be output in the format specified in the IETF
|
public key will be output in the format specified in the IETF
|
||||||
drafts, which is a multi-line text file beginning with the line
|
drafts, which is a multi-line text file beginning with the line
|
||||||
\q{\cw{---- BEGIN SSH2 PUBLIC KEY ----}}.
|
\q{\cw{---- BEGIN SSH2 PUBLIC KEY ----}}.
|
||||||
|
|
||||||
\dt \cw{public-openssh}
|
\dt \cw{public-openssh}
|
||||||
|
|
||||||
\dd Save the public key only, in a format usable by OpenSSH. For SSH1
|
\dd Save the public key only, in a format usable by OpenSSH. For SSH-1
|
||||||
keys, this output format behaves identically to \c{public}. For
|
keys, this output format behaves identically to \c{public}. For
|
||||||
SSH2 keys, the public key will be output in the OpenSSH format,
|
SSH-2 keys, the public key will be output in the OpenSSH format,
|
||||||
which is a single line (\q{\cw{ssh-rsa AAAAB3NzaC1yc2}...}).
|
which is a single line (\q{\cw{ssh-rsa AAAAB3NzaC1yc2}...}).
|
||||||
|
|
||||||
\dt \cw{fingerprint}
|
\dt \cw{fingerprint}
|
||||||
@ -109,13 +109,13 @@ algorithms are believed compatible with OpenSSH.
|
|||||||
|
|
||||||
\dt \cw{private-openssh}
|
\dt \cw{private-openssh}
|
||||||
|
|
||||||
\dd Save an SSH2 private key in OpenSSH's format. This option is not
|
\dd Save an SSH-2 private key in OpenSSH's format. This option is not
|
||||||
permitted for SSH1 keys.
|
permitted for SSH-1 keys.
|
||||||
|
|
||||||
\dt \cw{private-sshcom}
|
\dt \cw{private-sshcom}
|
||||||
|
|
||||||
\dd Save an SSH2 private key in ssh.com's format. This option is not
|
\dd Save an SSH-2 private key in ssh.com's format. This option is not
|
||||||
permitted for SSH1 keys.
|
permitted for SSH-1 keys.
|
||||||
|
|
||||||
If no output type is specified, the default is \c{private}.
|
If no output type is specified, the default is \c{private}.
|
||||||
|
|
||||||
@ -144,7 +144,7 @@ fingerprint. Otherwise, the \c{\-o} option is required.
|
|||||||
|
|
||||||
\S{puttygen-manpage-examples} EXAMPLES
|
\S{puttygen-manpage-examples} EXAMPLES
|
||||||
|
|
||||||
To generate an SSH2 RSA key pair and save it in PuTTY's own format
|
To generate an SSH-2 RSA key pair and save it in PuTTY's own format
|
||||||
(you will be prompted for the passphrase):
|
(you will be prompted for the passphrase):
|
||||||
|
|
||||||
\c puttygen -t rsa -C "my home key" -o mykey.ppk
|
\c puttygen -t rsa -C "my home key" -o mykey.ppk
|
||||||
|
@ -193,7 +193,7 @@ tunnel all their connections. Only works in SSH.
|
|||||||
\dt \cw{\-A}, \cw{\-a}
|
\dt \cw{\-A}, \cw{\-a}
|
||||||
|
|
||||||
\dd Enable (\cw{\-A}) or disable (\cw{\-a}) SSH agent forwarding.
|
\dd Enable (\cw{\-A}) or disable (\cw{\-a}) SSH agent forwarding.
|
||||||
Currently this only works with OpenSSH and SSH1.
|
Currently this only works with OpenSSH and SSH-1.
|
||||||
|
|
||||||
\dt \cw{\-X}, \cw{\-x}
|
\dt \cw{\-X}, \cw{\-x}
|
||||||
|
|
||||||
@ -214,7 +214,7 @@ pseudo-terminal at the server end.
|
|||||||
|
|
||||||
\dt \cw{\-i} \e{keyfile}
|
\dt \cw{\-i} \e{keyfile}
|
||||||
|
|
||||||
\dd Specify a private key file to use for authentication. For SSH2
|
\dd Specify a private key file to use for authentication. For SSH-2
|
||||||
keys, this key file must be in PuTTY's format, not OpenSSH's or
|
keys, this key file must be in PuTTY's format, not OpenSSH's or
|
||||||
anyone else's.
|
anyone else's.
|
||||||
|
|
||||||
|
@ -68,9 +68,9 @@ something like this:
|
|||||||
For each key, the list box will tell you:
|
For each key, the list box will tell you:
|
||||||
|
|
||||||
\b The type of the key. Currently, this can be \c{ssh1} (an RSA key
|
\b The type of the key. Currently, this can be \c{ssh1} (an RSA key
|
||||||
for use with the SSH v1 protocol), \c{ssh-rsa} (an RSA key for use
|
for use with the SSH-1 protocol), \c{ssh-rsa} (an RSA key for use
|
||||||
with the SSH v2 protocol), or \c{ssh-dss} (a DSA key for use with
|
with the SSH-2 protocol), or \c{ssh-dss} (a DSA key for use with
|
||||||
the SSH v2 protocol).
|
the SSH-2 protocol).
|
||||||
|
|
||||||
\b The size (in bits) of the key.
|
\b The size (in bits) of the key.
|
||||||
|
|
||||||
@ -152,7 +152,7 @@ like this:
|
|||||||
Agent forwarding is a mechanism that allows applications on your SSH
|
Agent forwarding is a mechanism that allows applications on your SSH
|
||||||
server machine to talk to the agent on your client machine.
|
server machine to talk to the agent on your client machine.
|
||||||
|
|
||||||
Note that at present, agent forwarding in SSH2 is only available
|
Note that at present, agent forwarding in SSH-2 is only available
|
||||||
when your SSH server is OpenSSH. The \cw{ssh.com} server uses a
|
when your SSH server is OpenSSH. The \cw{ssh.com} server uses a
|
||||||
different agent protocol, which PuTTY does not yet support.
|
different agent protocol, which PuTTY does not yet support.
|
||||||
|
|
||||||
|
16
doc/pscp.but
16
doc/pscp.but
@ -7,8 +7,8 @@
|
|||||||
\i{PSCP}, the PuTTY Secure Copy client, is a tool for transferring files
|
\i{PSCP}, the PuTTY Secure Copy client, is a tool for transferring files
|
||||||
securely between computers using an SSH connection.
|
securely between computers using an SSH connection.
|
||||||
|
|
||||||
If you have an SSH 2 server, you might prefer PSFTP (see \k{psftp})
|
If you have an SSH-2 server, you might prefer PSFTP (see \k{psftp})
|
||||||
for interactive use. PSFTP does not in general work with SSH 1
|
for interactive use. PSFTP does not in general work with SSH-1
|
||||||
servers, however.
|
servers, however.
|
||||||
|
|
||||||
\H{pscp-starting} Starting PSCP
|
\H{pscp-starting} Starting PSCP
|
||||||
@ -98,7 +98,7 @@ However, in the second case (using a wildcard for multiple remote
|
|||||||
files) you may see a warning saying something like \q{warning:
|
files) you may see a warning saying something like \q{warning:
|
||||||
remote host tried to write to a file called \cq{terminal.c} when we
|
remote host tried to write to a file called \cq{terminal.c} when we
|
||||||
requested a file called \cq{*.c}. If this is a wildcard, consider
|
requested a file called \cq{*.c}. If this is a wildcard, consider
|
||||||
upgrading to SSH 2 or using the \cq{-unsafe} option. Renaming of
|
upgrading to SSH-2 or using the \cq{-unsafe} option. Renaming of
|
||||||
this file has been disallowed}.
|
this file has been disallowed}.
|
||||||
|
|
||||||
This is due to a fundamental insecurity in the old-style SCP
|
This is due to a fundamental insecurity in the old-style SCP
|
||||||
@ -112,13 +112,13 @@ the wildcard matching rules are decided by the server, the client
|
|||||||
cannot reliably verify that the filenames sent back match the
|
cannot reliably verify that the filenames sent back match the
|
||||||
pattern.
|
pattern.
|
||||||
|
|
||||||
PSCP will attempt to use the newer SFTP protocol (part of SSH 2)
|
PSCP will attempt to use the newer SFTP protocol (part of SSH-2)
|
||||||
where possible, which does not suffer from this security flaw. If
|
where possible, which does not suffer from this security flaw. If
|
||||||
you are talking to an SSH 2 server which supports SFTP, you will
|
you are talking to an SSH-2 server which supports SFTP, you will
|
||||||
never see this warning. (You can force use of the SFTP protocol,
|
never see this warning. (You can force use of the SFTP protocol,
|
||||||
if available, with \c{-sftp} - see \k{pscp-usage-options-backend}.)
|
if available, with \c{-sftp} - see \k{pscp-usage-options-backend}.)
|
||||||
|
|
||||||
If you really need to use a server-side wildcard with an SSH 1
|
If you really need to use a server-side wildcard with an SSH-1
|
||||||
server, you can use the \c{-unsafe} command line option with PSCP:
|
server, you can use the \c{-unsafe} command line option with PSCP:
|
||||||
|
|
||||||
\c pscp -unsafe fred@example.com:source/*.c c:\source
|
\c pscp -unsafe fred@example.com:source/*.c c:\source
|
||||||
@ -244,7 +244,7 @@ used, but also leads to interoperability issues such as with filename
|
|||||||
quoting (for instance, where filenames contain spaces), and also the
|
quoting (for instance, where filenames contain spaces), and also the
|
||||||
security issue described in \k{pscp-usage-basics}.
|
security issue described in \k{pscp-usage-basics}.
|
||||||
|
|
||||||
The newer SFTP protocol, which is usually associated with SSH 2
|
The newer SFTP protocol, which is usually associated with SSH-2
|
||||||
servers, is specified in a more platform independent way, and leaves
|
servers, is specified in a more platform independent way, and leaves
|
||||||
issues such as wildcard syntax up to the client. (PuTTY's SFTP
|
issues such as wildcard syntax up to the client. (PuTTY's SFTP
|
||||||
wildcard syntax is described in \k{psftp-wildcards}.) This makes it
|
wildcard syntax is described in \k{psftp-wildcards}.) This makes it
|
||||||
@ -258,7 +258,7 @@ The \c{-scp} option forces PSCP to use the SCP protocol or quit.
|
|||||||
|
|
||||||
The \c{-sftp} option forces PSCP to use the SFTP protocol or quit.
|
The \c{-sftp} option forces PSCP to use the SFTP protocol or quit.
|
||||||
When this option is specified, PSCP looks harder for an SFTP server,
|
When this option is specified, PSCP looks harder for an SFTP server,
|
||||||
which may allow use of SFTP with SSH 1 depending on server setup.
|
which may allow use of SFTP with SSH-1 depending on server setup.
|
||||||
|
|
||||||
\S{pscp-retval} Return value
|
\S{pscp-retval} Return value
|
||||||
|
|
||||||
|
@ -8,8 +8,8 @@ securely between computers using an SSH connection.
|
|||||||
PSFTP differs from PSCP in the following ways:
|
PSFTP differs from PSCP in the following ways:
|
||||||
|
|
||||||
\b PSCP should work on virtually every SSH server. PSFTP uses the
|
\b PSCP should work on virtually every SSH server. PSFTP uses the
|
||||||
new SFTP protocol, which is a feature of SSH 2 only. (PSCP will also
|
new SFTP protocol, which is a feature of SSH-2 only. (PSCP will also
|
||||||
use this protocol if it can, but there is an SSH 1 equivalent it can
|
use this protocol if it can, but there is an SSH-1 equivalent it can
|
||||||
fall back to if it cannot.)
|
fall back to if it cannot.)
|
||||||
|
|
||||||
\b PSFTP allows you to run an interactive file transfer session,
|
\b PSFTP allows you to run an interactive file transfer session,
|
||||||
|
@ -114,17 +114,17 @@ Before generating a key pair using PuTTYgen, you need to select
|
|||||||
which type of key you need. PuTTYgen currently supports three types
|
which type of key you need. PuTTYgen currently supports three types
|
||||||
of key:
|
of key:
|
||||||
|
|
||||||
\b An RSA key for use with the SSH 1 protocol.
|
\b An RSA key for use with the SSH-1 protocol.
|
||||||
|
|
||||||
\b An RSA key for use with the SSH 2 protocol.
|
\b An RSA key for use with the SSH-2 protocol.
|
||||||
|
|
||||||
\b A DSA key for use with the SSH 2 protocol.
|
\b A DSA key for use with the SSH-2 protocol.
|
||||||
|
|
||||||
The SSH 1 protocol only supports RSA keys; if you will be connecting
|
The SSH-1 protocol only supports RSA keys; if you will be connecting
|
||||||
using the SSH 1 protocol, you must select the first key type or your
|
using the SSH-1 protocol, you must select the first key type or your
|
||||||
key will be completely useless.
|
key will be completely useless.
|
||||||
|
|
||||||
The SSH 2 protocol supports more than one key type. The two types
|
The SSH-2 protocol supports more than one key type. The two types
|
||||||
supported by PuTTY are RSA and DSA.
|
supported by PuTTY are RSA and DSA.
|
||||||
|
|
||||||
The PuTTY developers \e{strongly} recommend you use RSA. DSA has an
|
The PuTTY developers \e{strongly} recommend you use RSA. DSA has an
|
||||||
@ -289,13 +289,13 @@ will need to tell PuTTY to use for authentication (see
|
|||||||
|
|
||||||
\cfg{winhelp-topic}{puttygen.savepub}
|
\cfg{winhelp-topic}{puttygen.savepub}
|
||||||
|
|
||||||
The SSH 2 protocol drafts specify a standard format for storing
|
The SSH-2 protocol drafts specify a standard format for storing
|
||||||
public keys on disk. Some SSH servers (such as \cw{ssh.com}'s)
|
public keys on disk. Some SSH servers (such as \cw{ssh.com}'s)
|
||||||
require a public key in this format in order to accept
|
require a public key in this format in order to accept
|
||||||
authentication with the corresponding private key. (Others, such as
|
authentication with the corresponding private key. (Others, such as
|
||||||
OpenSSH, use a different format; see \k{puttygen-pastekey}.)
|
OpenSSH, use a different format; see \k{puttygen-pastekey}.)
|
||||||
|
|
||||||
To save your public key in the SSH 2 standard format, press the
|
To save your public key in the SSH-2 standard format, press the
|
||||||
\q{Save public key} button in PuTTYgen. PuTTYgen will put up a
|
\q{Save public key} button in PuTTYgen. PuTTYgen will put up a
|
||||||
dialog box asking you where to save the file. Select a directory,
|
dialog box asking you where to save the file. Select a directory,
|
||||||
type in a file name, and press \q{Save}.
|
type in a file name, and press \q{Save}.
|
||||||
@ -305,9 +305,9 @@ server machine. See \k{pubkey-gettingready} for general instructions
|
|||||||
on configuring public-key authentication once you have generated a
|
on configuring public-key authentication once you have generated a
|
||||||
key.
|
key.
|
||||||
|
|
||||||
If you use this option with an SSH 1 key, the file PuTTYgen saves
|
If you use this option with an SSH-1 key, the file PuTTYgen saves
|
||||||
will contain exactly the same text that appears in the \q{Public key
|
will contain exactly the same text that appears in the \q{Public key
|
||||||
for pasting} box. This is the only existing standard for SSH 1
|
for pasting} box. This is the only existing standard for SSH-1
|
||||||
public keys.
|
public keys.
|
||||||
|
|
||||||
\S{puttygen-pastekey} \q{Public key for pasting into authorized_keys
|
\S{puttygen-pastekey} \q{Public key for pasting into authorized_keys
|
||||||
@ -315,9 +315,9 @@ file}
|
|||||||
|
|
||||||
\cfg{winhelp-topic}{puttygen.pastekey}
|
\cfg{winhelp-topic}{puttygen.pastekey}
|
||||||
|
|
||||||
All SSH 1 servers require your public key to be given to it in a
|
All SSH-1 servers require your public key to be given to it in a
|
||||||
one-line format before it will accept authentication with your
|
one-line format before it will accept authentication with your
|
||||||
private key. The OpenSSH server also requires this for SSH 2.
|
private key. The OpenSSH server also requires this for SSH-2.
|
||||||
|
|
||||||
The \q{Public key for pasting into authorized_keys file} gives the
|
The \q{Public key for pasting into authorized_keys file} gives the
|
||||||
public-key data in the correct one-line format. Typically you will
|
public-key data in the correct one-line format. Typically you will
|
||||||
@ -352,23 +352,23 @@ for information about importing foreign key formats.
|
|||||||
|
|
||||||
\cfg{winhelp-topic}{puttygen.conversions}
|
\cfg{winhelp-topic}{puttygen.conversions}
|
||||||
|
|
||||||
Most SSH1 clients use a standard format for storing private keys on
|
Most SSH-1 clients use a standard format for storing private keys on
|
||||||
disk. PuTTY uses this format as well; so if you have generated an
|
disk. PuTTY uses this format as well; so if you have generated an
|
||||||
SSH1 private key using OpenSSH or \cw{ssh.com}'s client, you can use
|
SSH-1 private key using OpenSSH or \cw{ssh.com}'s client, you can use
|
||||||
it with PuTTY, and vice versa.
|
it with PuTTY, and vice versa.
|
||||||
|
|
||||||
However, SSH2 private keys have no standard format. OpenSSH and
|
However, SSH-2 private keys have no standard format. OpenSSH and
|
||||||
\cw{ssh.com} have different formats, and PuTTY's is different again.
|
\cw{ssh.com} have different formats, and PuTTY's is different again.
|
||||||
So a key generated with one client cannot immediately be used with
|
So a key generated with one client cannot immediately be used with
|
||||||
another.
|
another.
|
||||||
|
|
||||||
Using the \q{Import} command from the \q{Conversions} menu, PuTTYgen
|
Using the \q{Import} command from the \q{Conversions} menu, PuTTYgen
|
||||||
can load SSH2 private keys in OpenSSH's format and \cw{ssh.com}'s
|
can load SSH-2 private keys in OpenSSH's format and \cw{ssh.com}'s
|
||||||
format. Once you have loaded one of these key types, you can then
|
format. Once you have loaded one of these key types, you can then
|
||||||
save it back out as a PuTTY-format key (\c{*.PPK}) so that you can use
|
save it back out as a PuTTY-format key (\c{*.PPK}) so that you can use
|
||||||
it with the PuTTY suite. The passphrase will be unchanged by this
|
it with the PuTTY suite. The passphrase will be unchanged by this
|
||||||
process (unless you deliberately change it). You may want to change
|
process (unless you deliberately change it). You may want to change
|
||||||
the key comment before you save the key, since OpenSSH's SSH2 key
|
the key comment before you save the key, since OpenSSH's SSH-2 key
|
||||||
format contains no space for a comment and \cw{ssh.com}'s default
|
format contains no space for a comment and \cw{ssh.com}'s default
|
||||||
comment format is long and verbose.
|
comment format is long and verbose.
|
||||||
|
|
||||||
@ -379,8 +379,8 @@ saving it (see \k{puttygen-savepriv}) - you need to have typed your
|
|||||||
passphrase in beforehand, and you will be warned if you are about to
|
passphrase in beforehand, and you will be warned if you are about to
|
||||||
save a key without a passphrase.
|
save a key without a passphrase.
|
||||||
|
|
||||||
Note that since only SSH2 keys come in different formats, the export
|
Note that since only SSH-2 keys come in different formats, the export
|
||||||
options are not available if you have generated an SSH1 key.
|
options are not available if you have generated an SSH-1 key.
|
||||||
|
|
||||||
\H{pubkey-gettingready} Getting ready for public key authentication
|
\H{pubkey-gettingready} Getting ready for public key authentication
|
||||||
|
|
||||||
@ -389,7 +389,7 @@ connection succeeds you will be prompted for your user name and
|
|||||||
password to login. Once logged in, you must configure the server to
|
password to login. Once logged in, you must configure the server to
|
||||||
accept your public key for authentication:
|
accept your public key for authentication:
|
||||||
|
|
||||||
\b If your server is using the SSH 1 protocol, you should change
|
\b If your server is using the SSH-1 protocol, you should change
|
||||||
into the \c{.ssh} directory and open the file \c{authorized_keys}
|
into the \c{.ssh} directory and open the file \c{authorized_keys}
|
||||||
with your favourite editor. (You may have to create this file if
|
with your favourite editor. (You may have to create this file if
|
||||||
this is the first key you have put in it). Then switch to the
|
this is the first key you have put in it). Then switch to the
|
||||||
@ -399,11 +399,11 @@ and copy it to the clipboard (\c{Ctrl+C}). Then, switch back to the
|
|||||||
PuTTY window and insert the data into the open file, making sure it
|
PuTTY window and insert the data into the open file, making sure it
|
||||||
ends up all on one line. Save the file.
|
ends up all on one line. Save the file.
|
||||||
|
|
||||||
\b If your server is OpenSSH and is using the SSH 2 protocol, you
|
\b If your server is OpenSSH and is using the SSH-2 protocol, you
|
||||||
should follow the same instructions, except that in earlier versions
|
should follow the same instructions, except that in earlier versions
|
||||||
of OpenSSH 2 the file might be called \c{authorized_keys2}. (In
|
of OpenSSH 2 the file might be called \c{authorized_keys2}. (In
|
||||||
modern versions the same \c{authorized_keys} file is used for both
|
modern versions the same \c{authorized_keys} file is used for both
|
||||||
SSH 1 and SSH 2 keys.)
|
SSH-1 and SSH-2 keys.)
|
||||||
|
|
||||||
\b If your server is \cw{ssh.com}'s SSH 2 product, you need to save
|
\b If your server is \cw{ssh.com}'s SSH 2 product, you need to save
|
||||||
a \e{public} key file from PuTTYgen (see \k{puttygen-savepub}), and
|
a \e{public} key file from PuTTYgen (see \k{puttygen-savepub}), and
|
||||||
|
@ -431,8 +431,8 @@ your client PC can connect to the forwarded port.
|
|||||||
\b The \q{Remote ports do the same} option does the same thing for
|
\b The \q{Remote ports do the same} option does the same thing for
|
||||||
remote-to-local port forwardings (so that machines other than the
|
remote-to-local port forwardings (so that machines other than the
|
||||||
SSH server machine can connect to the forwarded port.) Note that
|
SSH server machine can connect to the forwarded port.) Note that
|
||||||
this feature is only available in the SSH 2 protocol, and not all
|
this feature is only available in the SSH-2 protocol, and not all
|
||||||
SSH 2 servers honour it (in OpenSSH, for example, it's usually
|
SSH-2 servers honour it (in OpenSSH, for example, it's usually
|
||||||
disabled by default).
|
disabled by default).
|
||||||
|
|
||||||
You can also specify an \i{IP address} to listen on. Typically a
|
You can also specify an \i{IP address} to listen on. Typically a
|
||||||
@ -443,8 +443,8 @@ available only to the local machine. So if you forward (for example)
|
|||||||
should be able to run commands such as \c{finger fred@127.0.0.5}.
|
should be able to run commands such as \c{finger fred@127.0.0.5}.
|
||||||
This can be useful if the program connecting to the forwarded port
|
This can be useful if the program connecting to the forwarded port
|
||||||
doesn't allow you to change the port number it uses. This feature is
|
doesn't allow you to change the port number it uses. This feature is
|
||||||
available for local-to-remote forwarded ports; SSH1 is unable to
|
available for local-to-remote forwarded ports; SSH-1 is unable to
|
||||||
support it for remote-to-local ports, while SSH2 can support it in
|
support it for remote-to-local ports, while SSH-2 can support it in
|
||||||
theory but servers will not necessarily cooperate.
|
theory but servers will not necessarily cooperate.
|
||||||
|
|
||||||
(Note that if you're using Windows XP Service Pack 2, you may need
|
(Note that if you're using Windows XP Service Pack 2, you may need
|
||||||
@ -752,8 +752,8 @@ the SSH panel of the PuTTY configuration box (see
|
|||||||
\S2{using-cmdline-sshprot} \i\c{-1} and \i\c{-2}: specify an \i{SSH
|
\S2{using-cmdline-sshprot} \i\c{-1} and \i\c{-2}: specify an \i{SSH
|
||||||
protocol version}
|
protocol version}
|
||||||
|
|
||||||
The \c{-1} and \c{-2} options force PuTTY to use version \I{SSH1}1
|
The \c{-1} and \c{-2} options force PuTTY to use version \I{SSH-1}1
|
||||||
or version \I{SSH2}2 of the SSH protocol. These options are only
|
or version \I{SSH-2}2 of the SSH protocol. These options are only
|
||||||
meaningful if you are using SSH.
|
meaningful if you are using SSH.
|
||||||
|
|
||||||
These options are equivalent to selecting your preferred SSH
|
These options are equivalent to selecting your preferred SSH
|
||||||
|
18
import.c
18
import.c
@ -56,7 +56,7 @@ int import_possible(int type)
|
|||||||
int import_target_type(int type)
|
int import_target_type(int type)
|
||||||
{
|
{
|
||||||
/*
|
/*
|
||||||
* There are no known foreign SSH1 key formats.
|
* There are no known foreign SSH-1 key formats.
|
||||||
*/
|
*/
|
||||||
return SSH_KEYTYPE_SSH2;
|
return SSH_KEYTYPE_SSH2;
|
||||||
}
|
}
|
||||||
@ -78,7 +78,7 @@ int import_encrypted(const Filename *filename, int type, char **comment)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Import an SSH1 key.
|
* Import an SSH-1 key.
|
||||||
*/
|
*/
|
||||||
int import_ssh1(const Filename *filename, int type,
|
int import_ssh1(const Filename *filename, int type,
|
||||||
struct RSAKey *key, char *passphrase, const char **errmsg_p)
|
struct RSAKey *key, char *passphrase, const char **errmsg_p)
|
||||||
@ -87,7 +87,7 @@ int import_ssh1(const Filename *filename, int type,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Import an SSH2 key.
|
* Import an SSH-2 key.
|
||||||
*/
|
*/
|
||||||
struct ssh2_userkey *import_ssh2(const Filename *filename, int type,
|
struct ssh2_userkey *import_ssh2(const Filename *filename, int type,
|
||||||
char *passphrase, const char **errmsg_p)
|
char *passphrase, const char **errmsg_p)
|
||||||
@ -100,7 +100,7 @@ struct ssh2_userkey *import_ssh2(const Filename *filename, int type,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Export an SSH1 key.
|
* Export an SSH-1 key.
|
||||||
*/
|
*/
|
||||||
int export_ssh1(const Filename *filename, int type, struct RSAKey *key,
|
int export_ssh1(const Filename *filename, int type, struct RSAKey *key,
|
||||||
char *passphrase)
|
char *passphrase)
|
||||||
@ -109,7 +109,7 @@ int export_ssh1(const Filename *filename, int type, struct RSAKey *key,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Export an SSH2 key.
|
* Export an SSH-2 key.
|
||||||
*/
|
*/
|
||||||
int export_ssh2(const Filename *filename, int type,
|
int export_ssh2(const Filename *filename, int type,
|
||||||
struct ssh2_userkey *key, char *passphrase)
|
struct ssh2_userkey *key, char *passphrase)
|
||||||
@ -918,9 +918,9 @@ int openssh_write(const Filename *filename, struct ssh2_userkey *key,
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* The format of the base64 blob is largely ssh2-packet-formatted,
|
* The format of the base64 blob is largely SSH-2-packet-formatted,
|
||||||
* except that mpints are a bit different: they're more like the
|
* except that mpints are a bit different: they're more like the
|
||||||
* old ssh1 mpint. You have a 32-bit bit count N, followed by
|
* old SSH-1 mpint. You have a 32-bit bit count N, followed by
|
||||||
* (N+7)/8 bytes of data.
|
* (N+7)/8 bytes of data.
|
||||||
*
|
*
|
||||||
* So. The blob contains:
|
* So. The blob contains:
|
||||||
@ -932,7 +932,7 @@ int openssh_write(const Filename *filename, struct ssh2_userkey *key,
|
|||||||
* - string encrypted-blob
|
* - string encrypted-blob
|
||||||
*
|
*
|
||||||
* (The first size field includes the size field itself and the
|
* (The first size field includes the size field itself and the
|
||||||
* magic number before it. All other size fields are ordinary ssh2
|
* magic number before it. All other size fields are ordinary SSH-2
|
||||||
* strings, so the size field indicates how much data is to
|
* strings, so the size field indicates how much data is to
|
||||||
* _follow_.)
|
* _follow_.)
|
||||||
*
|
*
|
||||||
@ -977,7 +977,7 @@ int openssh_write(const Filename *filename, struct ssh2_userkey *key,
|
|||||||
* `dl-modp{sign{dsa' prefixes.
|
* `dl-modp{sign{dsa' prefixes.
|
||||||
*
|
*
|
||||||
* Finally, the encryption. The cipher-type string appears to be
|
* Finally, the encryption. The cipher-type string appears to be
|
||||||
* either `none' or `3des-cbc'. Looks as if this is SSH2-style
|
* either `none' or `3des-cbc'. Looks as if this is SSH-2-style
|
||||||
* 3des-cbc (i.e. outer cbc rather than inner). The key is created
|
* 3des-cbc (i.e. outer cbc rather than inner). The key is created
|
||||||
* from the passphrase by means of yet another hashing faff:
|
* from the passphrase by means of yet another hashing faff:
|
||||||
*
|
*
|
||||||
|
2
pscp.c
2
pscp.c
@ -1827,7 +1827,7 @@ static void sink(char *targ, char *src)
|
|||||||
tell_user(stderr, " when we requested a file "
|
tell_user(stderr, " when we requested a file "
|
||||||
"called '%s'.", stripsrc);
|
"called '%s'.", stripsrc);
|
||||||
tell_user(stderr, " If this is a wildcard, "
|
tell_user(stderr, " If this is a wildcard, "
|
||||||
"consider upgrading to SSH 2 or using");
|
"consider upgrading to SSH-2 or using");
|
||||||
tell_user(stderr, " the '-unsafe' option. Renaming"
|
tell_user(stderr, " the '-unsafe' option. Renaming"
|
||||||
" of this file has been disallowed.");
|
" of this file has been disallowed.");
|
||||||
/* Override the name the server provided with our own. */
|
/* Override the name the server provided with our own. */
|
||||||
|
2
psftp.c
2
psftp.c
@ -2743,7 +2743,7 @@ static int psftp_connect(char *userhost, char *user, int portnumber)
|
|||||||
cfg.nopty = TRUE;
|
cfg.nopty = TRUE;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Set up fallback option, for SSH1 servers or servers with the
|
* Set up fallback option, for SSH-1 servers or servers with the
|
||||||
* sftp subsystem not enabled but the server binary installed
|
* sftp subsystem not enabled but the server binary installed
|
||||||
* in the usual place. We only support fallback on Unix
|
* in the usual place. We only support fallback on Unix
|
||||||
* systems, and we use a kludgy piece of shellery which should
|
* systems, and we use a kludgy piece of shellery which should
|
||||||
|
10
putty.h
10
putty.h
@ -245,12 +245,12 @@ enum {
|
|||||||
|
|
||||||
enum {
|
enum {
|
||||||
/*
|
/*
|
||||||
* SSH ciphers (both SSH1 and SSH2)
|
* SSH ciphers (both SSH-1 and SSH-2)
|
||||||
*/
|
*/
|
||||||
CIPHER_WARN, /* pseudo 'cipher' */
|
CIPHER_WARN, /* pseudo 'cipher' */
|
||||||
CIPHER_3DES,
|
CIPHER_3DES,
|
||||||
CIPHER_BLOWFISH,
|
CIPHER_BLOWFISH,
|
||||||
CIPHER_AES, /* (SSH 2 only) */
|
CIPHER_AES, /* (SSH-2 only) */
|
||||||
CIPHER_DES,
|
CIPHER_DES,
|
||||||
CIPHER_MAX /* no. ciphers (inc warn) */
|
CIPHER_MAX /* no. ciphers (inc warn) */
|
||||||
};
|
};
|
||||||
@ -415,11 +415,11 @@ struct config_tag {
|
|||||||
int ssh_rekey_time; /* in minutes */
|
int ssh_rekey_time; /* in minutes */
|
||||||
char ssh_rekey_data[16];
|
char ssh_rekey_data[16];
|
||||||
int agentfwd;
|
int agentfwd;
|
||||||
int change_username; /* allow username switching in SSH2 */
|
int change_username; /* allow username switching in SSH-2 */
|
||||||
int ssh_cipherlist[CIPHER_MAX];
|
int ssh_cipherlist[CIPHER_MAX];
|
||||||
Filename keyfile;
|
Filename keyfile;
|
||||||
int sshprot; /* use v1 or v2 when both available */
|
int sshprot; /* use v1 or v2 when both available */
|
||||||
int ssh2_des_cbc; /* "des-cbc" nonstandard SSH2 cipher */
|
int ssh2_des_cbc; /* "des-cbc" unrecommended SSH-2 cipher */
|
||||||
int try_tis_auth;
|
int try_tis_auth;
|
||||||
int try_ki_auth;
|
int try_ki_auth;
|
||||||
int ssh_subsys; /* run a subsystem rather than a command */
|
int ssh_subsys; /* run a subsystem rather than a command */
|
||||||
@ -524,7 +524,7 @@ struct config_tag {
|
|||||||
int x11_auth;
|
int x11_auth;
|
||||||
/* port forwarding */
|
/* port forwarding */
|
||||||
int lport_acceptall; /* accept conns from hosts other than localhost */
|
int lport_acceptall; /* accept conns from hosts other than localhost */
|
||||||
int rport_acceptall; /* same for remote forwarded ports (SSH2 only) */
|
int rport_acceptall; /* same for remote forwarded ports (SSH-2 only) */
|
||||||
/*
|
/*
|
||||||
* The port forwarding string contains a number of
|
* The port forwarding string contains a number of
|
||||||
* NUL-terminated substrings, terminated in turn by an empty
|
* NUL-terminated substrings, terminated in turn by an empty
|
||||||
|
116
ssh.c
116
ssh.c
@ -342,18 +342,18 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
|
|||||||
*
|
*
|
||||||
* - SSH1_BUFFER_LIMIT is the amount of backlog that must build up
|
* - SSH1_BUFFER_LIMIT is the amount of backlog that must build up
|
||||||
* on a local data stream before we throttle the whole SSH
|
* on a local data stream before we throttle the whole SSH
|
||||||
* connection (in SSH1 only). Throttling the whole connection is
|
* connection (in SSH-1 only). Throttling the whole connection is
|
||||||
* pretty drastic so we set this high in the hope it won't
|
* pretty drastic so we set this high in the hope it won't
|
||||||
* happen very often.
|
* happen very often.
|
||||||
*
|
*
|
||||||
* - SSH_MAX_BACKLOG is the amount of backlog that must build up
|
* - SSH_MAX_BACKLOG is the amount of backlog that must build up
|
||||||
* on the SSH connection itself before we defensively throttle
|
* on the SSH connection itself before we defensively throttle
|
||||||
* _all_ local data streams. This is pretty drastic too (though
|
* _all_ local data streams. This is pretty drastic too (though
|
||||||
* thankfully unlikely in SSH2 since the window mechanism should
|
* thankfully unlikely in SSH-2 since the window mechanism should
|
||||||
* ensure that the server never has any need to throttle its end
|
* ensure that the server never has any need to throttle its end
|
||||||
* of the connection), so we set this high as well.
|
* of the connection), so we set this high as well.
|
||||||
*
|
*
|
||||||
* - OUR_V2_WINSIZE is the maximum window size we present on SSH2
|
* - OUR_V2_WINSIZE is the maximum window size we present on SSH-2
|
||||||
* channels.
|
* channels.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
@ -439,7 +439,7 @@ struct ssh_channel {
|
|||||||
/* True if we opened this channel but server hasn't confirmed. */
|
/* True if we opened this channel but server hasn't confirmed. */
|
||||||
int halfopen;
|
int halfopen;
|
||||||
/*
|
/*
|
||||||
* In SSH1, this value contains four bits:
|
* In SSH-1, this value contains four bits:
|
||||||
*
|
*
|
||||||
* 1 We have sent SSH1_MSG_CHANNEL_CLOSE.
|
* 1 We have sent SSH1_MSG_CHANNEL_CLOSE.
|
||||||
* 2 We have sent SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION.
|
* 2 We have sent SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION.
|
||||||
@ -475,11 +475,11 @@ struct ssh_channel {
|
|||||||
};
|
};
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* 2-3-4 tree storing remote->local port forwardings. SSH 1 and SSH
|
* 2-3-4 tree storing remote->local port forwardings. SSH-1 and SSH-2
|
||||||
* 2 use this structure in different ways, reflecting SSH 2's
|
* use this structure in different ways, reflecting SSH-2's
|
||||||
* altogether saner approach to port forwarding.
|
* altogether saner approach to port forwarding.
|
||||||
*
|
*
|
||||||
* In SSH 1, you arrange a remote forwarding by sending the server
|
* In SSH-1, you arrange a remote forwarding by sending the server
|
||||||
* the remote port number, and the local destination host:port.
|
* the remote port number, and the local destination host:port.
|
||||||
* When a connection comes in, the server sends you back that
|
* When a connection comes in, the server sends you back that
|
||||||
* host:port pair, and you connect to it. This is a ready-made
|
* host:port pair, and you connect to it. This is a ready-made
|
||||||
@ -491,15 +491,15 @@ struct ssh_channel {
|
|||||||
* host:port pairs we _are_ trying to forward to, and reject a
|
* host:port pairs we _are_ trying to forward to, and reject a
|
||||||
* connection request from the server if it's not in the list.
|
* connection request from the server if it's not in the list.
|
||||||
*
|
*
|
||||||
* In SSH 2, each side of the connection minds its own business and
|
* In SSH-2, each side of the connection minds its own business and
|
||||||
* doesn't send unnecessary information to the other. You arrange a
|
* doesn't send unnecessary information to the other. You arrange a
|
||||||
* remote forwarding by sending the server just the remote port
|
* remote forwarding by sending the server just the remote port
|
||||||
* number. When a connection comes in, the server tells you which
|
* number. When a connection comes in, the server tells you which
|
||||||
* of its ports was connected to; and _you_ have to remember what
|
* of its ports was connected to; and _you_ have to remember what
|
||||||
* local host:port pair went with that port number.
|
* local host:port pair went with that port number.
|
||||||
*
|
*
|
||||||
* Hence, in SSH 1 this structure is indexed by destination
|
* Hence, in SSH-1 this structure is indexed by destination
|
||||||
* host:port pair, whereas in SSH 2 it is indexed by source port.
|
* host:port pair, whereas in SSH-2 it is indexed by source port.
|
||||||
*/
|
*/
|
||||||
struct ssh_portfwd; /* forward declaration */
|
struct ssh_portfwd; /* forward declaration */
|
||||||
|
|
||||||
@ -542,7 +542,7 @@ struct Packet {
|
|||||||
unsigned char *body;
|
unsigned char *body;
|
||||||
long savedpos;
|
long savedpos;
|
||||||
long maxlen;
|
long maxlen;
|
||||||
long encrypted_len; /* for SSH2 total-size counting */
|
long encrypted_len; /* for SSH-2 total-size counting */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* State associated with packet logging
|
* State associated with packet logging
|
||||||
@ -710,7 +710,7 @@ struct ssh_tag {
|
|||||||
struct rdpkt1_state_tag rdpkt1_state;
|
struct rdpkt1_state_tag rdpkt1_state;
|
||||||
struct rdpkt2_state_tag rdpkt2_state;
|
struct rdpkt2_state_tag rdpkt2_state;
|
||||||
|
|
||||||
/* ssh1 and ssh2 use this for different things, but both use it */
|
/* SSH-1 and SSH-2 use this for different things, but both use it */
|
||||||
int protocol_initial_phase_done;
|
int protocol_initial_phase_done;
|
||||||
|
|
||||||
void (*protocol) (Ssh ssh, void *vin, int inlen,
|
void (*protocol) (Ssh ssh, void *vin, int inlen,
|
||||||
@ -1558,7 +1558,7 @@ static void sha_uint32(SHA_State * s, unsigned i)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* SSH2 packet construction functions.
|
* SSH-2 packet construction functions.
|
||||||
*/
|
*/
|
||||||
static void ssh2_pkt_ensure(struct Packet *pkt, int length)
|
static void ssh2_pkt_ensure(struct Packet *pkt, int length)
|
||||||
{
|
{
|
||||||
@ -1650,7 +1650,7 @@ static void ssh2_pkt_addmp(struct Packet *pkt, Bignum b)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Construct an SSH2 final-form packet: compress it, encrypt it,
|
* Construct an SSH-2 final-form packet: compress it, encrypt it,
|
||||||
* put the MAC on it. Final packet, ready to be sent, is stored in
|
* put the MAC on it. Final packet, ready to be sent, is stored in
|
||||||
* pkt->data. Total length is returned.
|
* pkt->data. Total length is returned.
|
||||||
*/
|
*/
|
||||||
@ -1748,7 +1748,7 @@ static int ssh2_pkt_construct(Ssh ssh, struct Packet *pkt)
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Send an SSH2 packet immediately, without queuing or deferring.
|
* Send an SSH-2 packet immediately, without queuing or deferring.
|
||||||
*/
|
*/
|
||||||
static void ssh2_pkt_send_noqueue(Ssh ssh, struct Packet *pkt)
|
static void ssh2_pkt_send_noqueue(Ssh ssh, struct Packet *pkt)
|
||||||
{
|
{
|
||||||
@ -1769,7 +1769,7 @@ static void ssh2_pkt_send_noqueue(Ssh ssh, struct Packet *pkt)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Defer an SSH2 packet.
|
* Defer an SSH-2 packet.
|
||||||
*/
|
*/
|
||||||
static void ssh2_pkt_defer_noqueue(Ssh ssh, struct Packet *pkt)
|
static void ssh2_pkt_defer_noqueue(Ssh ssh, struct Packet *pkt)
|
||||||
{
|
{
|
||||||
@ -1787,7 +1787,7 @@ static void ssh2_pkt_defer_noqueue(Ssh ssh, struct Packet *pkt)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Queue an SSH2 packet.
|
* Queue an SSH-2 packet.
|
||||||
*/
|
*/
|
||||||
static void ssh2_pkt_queue(Ssh ssh, struct Packet *pkt)
|
static void ssh2_pkt_queue(Ssh ssh, struct Packet *pkt)
|
||||||
{
|
{
|
||||||
@ -1829,7 +1829,7 @@ static void ssh2_pkt_defer(Ssh ssh, struct Packet *pkt)
|
|||||||
|
|
||||||
/*
|
/*
|
||||||
* Send the whole deferred data block constructed by
|
* Send the whole deferred data block constructed by
|
||||||
* ssh2_pkt_defer() or SSH1's defer_packet().
|
* ssh2_pkt_defer() or SSH-1's defer_packet().
|
||||||
*
|
*
|
||||||
* The expected use of the defer mechanism is that you call
|
* The expected use of the defer mechanism is that you call
|
||||||
* ssh2_pkt_defer() a few times, then call ssh_pkt_defersend(). If
|
* ssh2_pkt_defer() a few times, then call ssh_pkt_defersend(). If
|
||||||
@ -1860,7 +1860,7 @@ static void ssh_pkt_defersend(Ssh ssh)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Send all queued SSH2 packets. We send them by means of
|
* Send all queued SSH-2 packets. We send them by means of
|
||||||
* ssh2_pkt_defer_noqueue(), in case they included a pair of
|
* ssh2_pkt_defer_noqueue(), in case they included a pair of
|
||||||
* packets that needed to be lumped together.
|
* packets that needed to be lumped together.
|
||||||
*/
|
*/
|
||||||
@ -1901,7 +1901,7 @@ static void sha_mpint(SHA_State * s, Bignum b)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Packet decode functions for both SSH1 and SSH2.
|
* Packet decode functions for both SSH-1 and SSH-2.
|
||||||
*/
|
*/
|
||||||
static unsigned long ssh_pkt_getuint32(struct Packet *pkt)
|
static unsigned long ssh_pkt_getuint32(struct Packet *pkt)
|
||||||
{
|
{
|
||||||
@ -1992,7 +1992,7 @@ static Bignum ssh2_pkt_getmp(struct Packet *pkt)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Helper function to add an SSH2 signature blob to a packet.
|
* Helper function to add an SSH-2 signature blob to a packet.
|
||||||
* Expects to be shown the public key blob as well as the signature
|
* Expects to be shown the public key blob as well as the signature
|
||||||
* blob. Normally works just like ssh2_pkt_addstring, but will
|
* blob. Normally works just like ssh2_pkt_addstring, but will
|
||||||
* fiddle with the signature packet if necessary for
|
* fiddle with the signature packet if necessary for
|
||||||
@ -2088,7 +2088,7 @@ static void ssh_detect_bugs(Ssh ssh, char *vstring)
|
|||||||
* sniffing.
|
* sniffing.
|
||||||
*/
|
*/
|
||||||
ssh->remote_bugs |= BUG_CHOKES_ON_SSH1_IGNORE;
|
ssh->remote_bugs |= BUG_CHOKES_ON_SSH1_IGNORE;
|
||||||
logevent("We believe remote version has SSH1 ignore bug");
|
logevent("We believe remote version has SSH-1 ignore bug");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ssh->cfg.sshbug_plainpw1 == FORCE_ON ||
|
if (ssh->cfg.sshbug_plainpw1 == FORCE_ON ||
|
||||||
@ -2100,7 +2100,7 @@ static void ssh_detect_bugs(Ssh ssh, char *vstring)
|
|||||||
* the password.
|
* the password.
|
||||||
*/
|
*/
|
||||||
ssh->remote_bugs |= BUG_NEEDS_SSH1_PLAIN_PASSWORD;
|
ssh->remote_bugs |= BUG_NEEDS_SSH1_PLAIN_PASSWORD;
|
||||||
logevent("We believe remote version needs a plain SSH1 password");
|
logevent("We believe remote version needs a plain SSH-1 password");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ssh->cfg.sshbug_rsa1 == FORCE_ON ||
|
if (ssh->cfg.sshbug_rsa1 == FORCE_ON ||
|
||||||
@ -2125,7 +2125,7 @@ static void ssh_detect_bugs(Ssh ssh, char *vstring)
|
|||||||
* These versions have the HMAC bug.
|
* These versions have the HMAC bug.
|
||||||
*/
|
*/
|
||||||
ssh->remote_bugs |= BUG_SSH2_HMAC;
|
ssh->remote_bugs |= BUG_SSH2_HMAC;
|
||||||
logevent("We believe remote version has SSH2 HMAC bug");
|
logevent("We believe remote version has SSH-2 HMAC bug");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ssh->cfg.sshbug_derivekey2 == FORCE_ON ||
|
if (ssh->cfg.sshbug_derivekey2 == FORCE_ON ||
|
||||||
@ -2138,7 +2138,7 @@ static void ssh_detect_bugs(Ssh ssh, char *vstring)
|
|||||||
* generate the keys).
|
* generate the keys).
|
||||||
*/
|
*/
|
||||||
ssh->remote_bugs |= BUG_SSH2_DERIVEKEY;
|
ssh->remote_bugs |= BUG_SSH2_DERIVEKEY;
|
||||||
logevent("We believe remote version has SSH2 key-derivation bug");
|
logevent("We believe remote version has SSH-2 key-derivation bug");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ssh->cfg.sshbug_rsapad2 == FORCE_ON ||
|
if (ssh->cfg.sshbug_rsapad2 == FORCE_ON ||
|
||||||
@ -2146,21 +2146,21 @@ static void ssh_detect_bugs(Ssh ssh, char *vstring)
|
|||||||
(wc_match("OpenSSH_2.[5-9]*", imp) ||
|
(wc_match("OpenSSH_2.[5-9]*", imp) ||
|
||||||
wc_match("OpenSSH_3.[0-2]*", imp)))) {
|
wc_match("OpenSSH_3.[0-2]*", imp)))) {
|
||||||
/*
|
/*
|
||||||
* These versions have the SSH2 RSA padding bug.
|
* These versions have the SSH-2 RSA padding bug.
|
||||||
*/
|
*/
|
||||||
ssh->remote_bugs |= BUG_SSH2_RSA_PADDING;
|
ssh->remote_bugs |= BUG_SSH2_RSA_PADDING;
|
||||||
logevent("We believe remote version has SSH2 RSA padding bug");
|
logevent("We believe remote version has SSH-2 RSA padding bug");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ssh->cfg.sshbug_pksessid2 == FORCE_ON ||
|
if (ssh->cfg.sshbug_pksessid2 == FORCE_ON ||
|
||||||
(ssh->cfg.sshbug_pksessid2 == AUTO &&
|
(ssh->cfg.sshbug_pksessid2 == AUTO &&
|
||||||
wc_match("OpenSSH_2.[0-2]*", imp))) {
|
wc_match("OpenSSH_2.[0-2]*", imp))) {
|
||||||
/*
|
/*
|
||||||
* These versions have the SSH2 session-ID bug in
|
* These versions have the SSH-2 session-ID bug in
|
||||||
* public-key authentication.
|
* public-key authentication.
|
||||||
*/
|
*/
|
||||||
ssh->remote_bugs |= BUG_SSH2_PK_SESSIONID;
|
ssh->remote_bugs |= BUG_SSH2_PK_SESSIONID;
|
||||||
logevent("We believe remote version has SSH2 public-key-session-ID bug");
|
logevent("We believe remote version has SSH-2 public-key-session-ID bug");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ssh->cfg.sshbug_rekey2 == FORCE_ON ||
|
if (ssh->cfg.sshbug_rekey2 == FORCE_ON ||
|
||||||
@ -2170,10 +2170,10 @@ static void ssh_detect_bugs(Ssh ssh, char *vstring)
|
|||||||
wc_match("Sun_SSH_1.0", imp) ||
|
wc_match("Sun_SSH_1.0", imp) ||
|
||||||
wc_match("Sun_SSH_1.0.1", imp)))) {
|
wc_match("Sun_SSH_1.0.1", imp)))) {
|
||||||
/*
|
/*
|
||||||
* These versions have the SSH2 rekey bug.
|
* These versions have the SSH-2 rekey bug.
|
||||||
*/
|
*/
|
||||||
ssh->remote_bugs |= BUG_SSH2_REKEY;
|
ssh->remote_bugs |= BUG_SSH2_REKEY;
|
||||||
logevent("We believe remote version has SSH2 rekey bug");
|
logevent("We believe remote version has SSH-2 rekey bug");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2314,14 +2314,14 @@ static int do_ssh_init(Ssh ssh, unsigned char c)
|
|||||||
strcspn(s->vstring, "\015\012"));
|
strcspn(s->vstring, "\015\012"));
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Initialise SSHv2 protocol.
|
* Initialise SSH-2 protocol.
|
||||||
*/
|
*/
|
||||||
ssh->protocol = ssh2_protocol;
|
ssh->protocol = ssh2_protocol;
|
||||||
ssh2_protocol_setup(ssh);
|
ssh2_protocol_setup(ssh);
|
||||||
ssh->s_rdpkt = ssh2_rdpkt;
|
ssh->s_rdpkt = ssh2_rdpkt;
|
||||||
} else {
|
} else {
|
||||||
/*
|
/*
|
||||||
* Initialise SSHv1 protocol.
|
* Initialise SSH-1 protocol.
|
||||||
*/
|
*/
|
||||||
ssh->protocol = ssh1_protocol;
|
ssh->protocol = ssh1_protocol;
|
||||||
ssh1_protocol_setup(ssh);
|
ssh1_protocol_setup(ssh);
|
||||||
@ -2661,7 +2661,7 @@ static void ssh_throttle_all(Ssh ssh, int enable, int bufsize)
|
|||||||
|
|
||||||
/*
|
/*
|
||||||
* Username and password input, abstracted off into routines
|
* Username and password input, abstracted off into routines
|
||||||
* reusable in several places - even between SSH1 and SSH2.
|
* reusable in several places - even between SSH-1 and SSH-2.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/* Set up a username or password input loop on a given buffer. */
|
/* Set up a username or password input loop on a given buffer. */
|
||||||
@ -2841,14 +2841,14 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
|
|||||||
|
|
||||||
ptr = ssh_pkt_getdata(pktin, 8);
|
ptr = ssh_pkt_getdata(pktin, 8);
|
||||||
if (!ptr) {
|
if (!ptr) {
|
||||||
bombout(("SSH1 public key packet stopped before random cookie"));
|
bombout(("SSH-1 public key packet stopped before random cookie"));
|
||||||
crStop(0);
|
crStop(0);
|
||||||
}
|
}
|
||||||
memcpy(cookie, ptr, 8);
|
memcpy(cookie, ptr, 8);
|
||||||
|
|
||||||
if (!ssh1_pkt_getrsakey(pktin, &servkey, &s->keystr1) ||
|
if (!ssh1_pkt_getrsakey(pktin, &servkey, &s->keystr1) ||
|
||||||
!ssh1_pkt_getrsakey(pktin, &hostkey, &s->keystr2)) {
|
!ssh1_pkt_getrsakey(pktin, &hostkey, &s->keystr2)) {
|
||||||
bombout(("Failed to read SSH1 public keys from public key packet"));
|
bombout(("Failed to read SSH-1 public keys from public key packet"));
|
||||||
crStop(0);
|
crStop(0);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2887,7 +2887,7 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
|
|||||||
*/
|
*/
|
||||||
if (hostkey.bits > hostkey.bytes * 8 ||
|
if (hostkey.bits > hostkey.bytes * 8 ||
|
||||||
servkey.bits > servkey.bytes * 8) {
|
servkey.bits > servkey.bytes * 8) {
|
||||||
bombout(("SSH1 public keys were badly formatted"));
|
bombout(("SSH-1 public keys were badly formatted"));
|
||||||
crStop(0);
|
crStop(0);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2954,7 +2954,7 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
|
|||||||
ret = rsaencrypt(s->rsabuf, hostkey.bytes, &servkey);
|
ret = rsaencrypt(s->rsabuf, hostkey.bytes, &servkey);
|
||||||
}
|
}
|
||||||
if (!ret) {
|
if (!ret) {
|
||||||
bombout(("SSH1 public key encryptions failed due to bad formatting"));
|
bombout(("SSH-1 public key encryptions failed due to bad formatting"));
|
||||||
crStop(0);
|
crStop(0);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2971,7 +2971,7 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
|
|||||||
warn = 1;
|
warn = 1;
|
||||||
} else if (next_cipher == CIPHER_AES) {
|
} else if (next_cipher == CIPHER_AES) {
|
||||||
/* XXX Probably don't need to mention this. */
|
/* XXX Probably don't need to mention this. */
|
||||||
logevent("AES not supported in SSH1, skipping");
|
logevent("AES not supported in SSH-1, skipping");
|
||||||
} else {
|
} else {
|
||||||
switch (next_cipher) {
|
switch (next_cipher) {
|
||||||
case CIPHER_3DES: s->cipher_type = SSH_CIPHER_3DES;
|
case CIPHER_3DES: s->cipher_type = SSH_CIPHER_3DES;
|
||||||
@ -2987,7 +2987,7 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
|
|||||||
}
|
}
|
||||||
if (!cipher_chosen) {
|
if (!cipher_chosen) {
|
||||||
if ((s->supported_ciphers_mask & (1 << SSH_CIPHER_3DES)) == 0)
|
if ((s->supported_ciphers_mask & (1 << SSH_CIPHER_3DES)) == 0)
|
||||||
bombout(("Server violates SSH 1 protocol by not "
|
bombout(("Server violates SSH-1 protocol by not "
|
||||||
"supporting 3DES encryption"));
|
"supporting 3DES encryption"));
|
||||||
else
|
else
|
||||||
/* shouldn't happen */
|
/* shouldn't happen */
|
||||||
@ -3177,7 +3177,7 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
|
|||||||
s->p = s->response + 5;
|
s->p = s->response + 5;
|
||||||
s->nkeys = GET_32BIT(s->p);
|
s->nkeys = GET_32BIT(s->p);
|
||||||
s->p += 4;
|
s->p += 4;
|
||||||
logeventf(ssh, "Pageant has %d SSH1 keys", s->nkeys);
|
logeventf(ssh, "Pageant has %d SSH-1 keys", s->nkeys);
|
||||||
for (s->keyi = 0; s->keyi < s->nkeys; s->keyi++) {
|
for (s->keyi = 0; s->keyi < s->nkeys; s->keyi++) {
|
||||||
logeventf(ssh, "Trying Pageant key #%d", s->keyi);
|
logeventf(ssh, "Trying Pageant key #%d", s->keyi);
|
||||||
if (s->publickey_blob &&
|
if (s->publickey_blob &&
|
||||||
@ -3732,7 +3732,7 @@ int sshfwd_write(struct ssh_channel *c, char *buf, int len)
|
|||||||
PKT_INT, len, PKT_DATA, buf, len,
|
PKT_INT, len, PKT_DATA, buf, len,
|
||||||
PKTT_OTHER, PKT_END);
|
PKTT_OTHER, PKT_END);
|
||||||
/*
|
/*
|
||||||
* In SSH1 we can return 0 here - implying that forwarded
|
* In SSH-1 we can return 0 here - implying that forwarded
|
||||||
* connections are never individually throttled - because
|
* connections are never individually throttled - because
|
||||||
* the only circumstance that can cause throttling will be
|
* the only circumstance that can cause throttling will be
|
||||||
* the whole SSH connection backing up, in which case
|
* the whole SSH connection backing up, in which case
|
||||||
@ -3902,7 +3902,7 @@ static void ssh_setup_portfwd(Ssh ssh, const Config *cfg)
|
|||||||
portfwd_strptr++;
|
portfwd_strptr++;
|
||||||
sports[n] = '\0';
|
sports[n] = '\0';
|
||||||
if (ssh->version == 1 && type == 'R') {
|
if (ssh->version == 1 && type == 'R') {
|
||||||
logeventf(ssh, "SSH1 cannot handle remote source address "
|
logeventf(ssh, "SSH-1 cannot handle remote source address "
|
||||||
"spec \"%s\"; ignoring", sports);
|
"spec \"%s\"; ignoring", sports);
|
||||||
} else
|
} else
|
||||||
strcpy(saddr, sports);
|
strcpy(saddr, sports);
|
||||||
@ -4023,7 +4023,7 @@ static void ssh_setup_portfwd(Ssh ssh, const Config *cfg)
|
|||||||
if (ssh->version == 1) {
|
if (ssh->version == 1) {
|
||||||
/*
|
/*
|
||||||
* We cannot cancel listening ports on the
|
* We cannot cancel listening ports on the
|
||||||
* server side in SSH1! There's no message
|
* server side in SSH-1! There's no message
|
||||||
* to support it. Instead, we simply remove
|
* to support it. Instead, we simply remove
|
||||||
* the rportfwd record from the local end
|
* the rportfwd record from the local end
|
||||||
* so that any connections the server tries
|
* so that any connections the server tries
|
||||||
@ -4612,7 +4612,7 @@ static void do_ssh1_connection(Ssh ssh, unsigned char *in, int inlen,
|
|||||||
/*
|
/*
|
||||||
* Start the shell or command.
|
* Start the shell or command.
|
||||||
*
|
*
|
||||||
* Special case: if the first-choice command is an SSH2
|
* Special case: if the first-choice command is an SSH-2
|
||||||
* subsystem (hence not usable here) and the second choice
|
* subsystem (hence not usable here) and the second choice
|
||||||
* exists, we fall straight back to that.
|
* exists, we fall straight back to that.
|
||||||
*/
|
*/
|
||||||
@ -4677,7 +4677,7 @@ static void do_ssh1_connection(Ssh ssh, unsigned char *in, int inlen,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Handle the top-level SSH2 protocol.
|
* Handle the top-level SSH-2 protocol.
|
||||||
*/
|
*/
|
||||||
static void ssh1_msg_debug(Ssh ssh, struct Packet *pktin)
|
static void ssh1_msg_debug(Ssh ssh, struct Packet *pktin)
|
||||||
{
|
{
|
||||||
@ -4797,7 +4797,7 @@ static int first_in_commasep_string(char *needle, char *haystack, int haylen)
|
|||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* SSH2 key creation method.
|
* SSH-2 key creation method.
|
||||||
*/
|
*/
|
||||||
static void ssh2_mkkey(Ssh ssh, Bignum K, unsigned char *H,
|
static void ssh2_mkkey(Ssh ssh, Bignum K, unsigned char *H,
|
||||||
unsigned char *sessid, char chr,
|
unsigned char *sessid, char chr,
|
||||||
@ -4822,7 +4822,7 @@ static void ssh2_mkkey(Ssh ssh, Bignum K, unsigned char *H,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Handle the SSH2 transport layer.
|
* Handle the SSH-2 transport layer.
|
||||||
*/
|
*/
|
||||||
static int do_ssh2_transport(Ssh ssh, void *vin, int inlen,
|
static int do_ssh2_transport(Ssh ssh, void *vin, int inlen,
|
||||||
struct Packet *pktin)
|
struct Packet *pktin)
|
||||||
@ -5635,7 +5635,7 @@ static int do_ssh2_transport(Ssh ssh, void *vin, int inlen,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Add data to an SSH2 channel output buffer.
|
* Add data to an SSH-2 channel output buffer.
|
||||||
*/
|
*/
|
||||||
static void ssh2_add_channel_data(struct ssh_channel *c, char *buf,
|
static void ssh2_add_channel_data(struct ssh_channel *c, char *buf,
|
||||||
int len)
|
int len)
|
||||||
@ -5644,7 +5644,7 @@ static void ssh2_add_channel_data(struct ssh_channel *c, char *buf,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Attempt to send data on an SSH2 channel.
|
* Attempt to send data on an SSH-2 channel.
|
||||||
*/
|
*/
|
||||||
static int ssh2_try_send(struct ssh_channel *c)
|
static int ssh2_try_send(struct ssh_channel *c)
|
||||||
{
|
{
|
||||||
@ -5678,7 +5678,7 @@ static int ssh2_try_send(struct ssh_channel *c)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Potentially enlarge the window on an SSH2 channel.
|
* Potentially enlarge the window on an SSH-2 channel.
|
||||||
*/
|
*/
|
||||||
static void ssh2_set_window(struct ssh_channel *c, unsigned newwin)
|
static void ssh2_set_window(struct ssh_channel *c, unsigned newwin)
|
||||||
{
|
{
|
||||||
@ -5875,7 +5875,7 @@ static void ssh2_msg_channel_close(Ssh ssh, struct Packet *pktin)
|
|||||||
/*
|
/*
|
||||||
* We used to send SSH_MSG_DISCONNECT here,
|
* We used to send SSH_MSG_DISCONNECT here,
|
||||||
* because I'd believed that _every_ conforming
|
* because I'd believed that _every_ conforming
|
||||||
* SSH2 connection had to end with a disconnect
|
* SSH-2 connection had to end with a disconnect
|
||||||
* being sent by at least one side; apparently
|
* being sent by at least one side; apparently
|
||||||
* I was wrong and it's perfectly OK to
|
* I was wrong and it's perfectly OK to
|
||||||
* unceremoniously slam the connection shut
|
* unceremoniously slam the connection shut
|
||||||
@ -6238,7 +6238,7 @@ static void ssh2_msg_channel_open(Ssh ssh, struct Packet *pktin)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Handle the SSH2 userauth and connection layers.
|
* Handle the SSH-2 userauth and connection layers.
|
||||||
*/
|
*/
|
||||||
static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
|
static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
|
||||||
struct Packet *pktin)
|
struct Packet *pktin)
|
||||||
@ -6585,7 +6585,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
|
|||||||
s->p = s->response + 5;
|
s->p = s->response + 5;
|
||||||
s->nkeys = GET_32BIT(s->p);
|
s->nkeys = GET_32BIT(s->p);
|
||||||
s->p += 4;
|
s->p += 4;
|
||||||
logeventf(ssh, "Pageant has %d SSH2 keys", s->nkeys);
|
logeventf(ssh, "Pageant has %d SSH-2 keys", s->nkeys);
|
||||||
for (s->keyi = 0; s->keyi < s->nkeys; s->keyi++) {
|
for (s->keyi = 0; s->keyi < s->nkeys; s->keyi++) {
|
||||||
void *vret;
|
void *vret;
|
||||||
|
|
||||||
@ -7445,7 +7445,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Handlers for SSH2 messages that might arrive at any moment.
|
* Handlers for SSH-2 messages that might arrive at any moment.
|
||||||
*/
|
*/
|
||||||
static void ssh2_msg_disconnect(Ssh ssh, struct Packet *pktin)
|
static void ssh2_msg_disconnect(Ssh ssh, struct Packet *pktin)
|
||||||
{
|
{
|
||||||
@ -7503,7 +7503,7 @@ static void ssh2_msg_something_unimplemented(Ssh ssh, struct Packet *pktin)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Handle the top-level SSH2 protocol.
|
* Handle the top-level SSH-2 protocol.
|
||||||
*/
|
*/
|
||||||
static void ssh2_protocol_setup(Ssh ssh)
|
static void ssh2_protocol_setup(Ssh ssh)
|
||||||
{
|
{
|
||||||
@ -7557,7 +7557,7 @@ static void ssh2_protocol_setup(Ssh ssh)
|
|||||||
* These special message types we install handlers for.
|
* These special message types we install handlers for.
|
||||||
*/
|
*/
|
||||||
ssh->packet_dispatch[SSH2_MSG_DISCONNECT] = ssh2_msg_disconnect;
|
ssh->packet_dispatch[SSH2_MSG_DISCONNECT] = ssh2_msg_disconnect;
|
||||||
ssh->packet_dispatch[SSH2_MSG_IGNORE] = ssh_msg_ignore; /* shared with ssh1 */
|
ssh->packet_dispatch[SSH2_MSG_IGNORE] = ssh_msg_ignore; /* shared with SSH-1 */
|
||||||
ssh->packet_dispatch[SSH2_MSG_DEBUG] = ssh2_msg_debug;
|
ssh->packet_dispatch[SSH2_MSG_DEBUG] = ssh2_msg_debug;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -8070,7 +8070,7 @@ static void ssh_special(void *handle, Telnet_Special code)
|
|||||||
if (ssh->state == SSH_STATE_CLOSED
|
if (ssh->state == SSH_STATE_CLOSED
|
||||||
|| ssh->state == SSH_STATE_PREPACKET) return;
|
|| ssh->state == SSH_STATE_PREPACKET) return;
|
||||||
if (ssh->version == 1) {
|
if (ssh->version == 1) {
|
||||||
logevent("Unable to send BREAK signal in SSH1");
|
logevent("Unable to send BREAK signal in SSH-1");
|
||||||
} else if (ssh->mainchan) {
|
} else if (ssh->mainchan) {
|
||||||
pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
|
pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
|
||||||
ssh2_pkt_adduint32(pktout, ssh->mainchan->remoteid);
|
ssh2_pkt_adduint32(pktout, ssh->mainchan->remoteid);
|
||||||
|
14
ssh.h
14
ssh.h
@ -137,7 +137,7 @@ void SHA512_Simple(const void *p, int len, unsigned char *output);
|
|||||||
struct ssh_cipher {
|
struct ssh_cipher {
|
||||||
void *(*make_context)(void);
|
void *(*make_context)(void);
|
||||||
void (*free_context)(void *);
|
void (*free_context)(void *);
|
||||||
void (*sesskey) (void *, unsigned char *key); /* for ssh 1 */
|
void (*sesskey) (void *, unsigned char *key); /* for SSH-1 */
|
||||||
void (*encrypt) (void *, unsigned char *blk, int len);
|
void (*encrypt) (void *, unsigned char *blk, int len);
|
||||||
void (*decrypt) (void *, unsigned char *blk, int len);
|
void (*decrypt) (void *, unsigned char *blk, int len);
|
||||||
int blksize;
|
int blksize;
|
||||||
@ -147,8 +147,8 @@ struct ssh_cipher {
|
|||||||
struct ssh2_cipher {
|
struct ssh2_cipher {
|
||||||
void *(*make_context)(void);
|
void *(*make_context)(void);
|
||||||
void (*free_context)(void *);
|
void (*free_context)(void *);
|
||||||
void (*setiv) (void *, unsigned char *key); /* for ssh 2 */
|
void (*setiv) (void *, unsigned char *key); /* for SSH-2 */
|
||||||
void (*setkey) (void *, unsigned char *key);/* for ssh 2 */
|
void (*setkey) (void *, unsigned char *key);/* for SSH-2 */
|
||||||
void (*encrypt) (void *, unsigned char *blk, int len);
|
void (*encrypt) (void *, unsigned char *blk, int len);
|
||||||
void (*decrypt) (void *, unsigned char *blk, int len);
|
void (*decrypt) (void *, unsigned char *blk, int len);
|
||||||
char *name;
|
char *name;
|
||||||
@ -441,7 +441,7 @@ int zlib_decompress_block(void *, unsigned char *block, int len,
|
|||||||
unsigned char **outblock, int *outlen);
|
unsigned char **outblock, int *outlen);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* SSH1 agent messages.
|
* SSH-1 agent messages.
|
||||||
*/
|
*/
|
||||||
#define SSH1_AGENTC_REQUEST_RSA_IDENTITIES 1
|
#define SSH1_AGENTC_REQUEST_RSA_IDENTITIES 1
|
||||||
#define SSH1_AGENT_RSA_IDENTITIES_ANSWER 2
|
#define SSH1_AGENT_RSA_IDENTITIES_ANSWER 2
|
||||||
@ -452,13 +452,13 @@ int zlib_decompress_block(void *, unsigned char *block, int len,
|
|||||||
#define SSH1_AGENTC_REMOVE_ALL_RSA_IDENTITIES 9 /* openssh private? */
|
#define SSH1_AGENTC_REMOVE_ALL_RSA_IDENTITIES 9 /* openssh private? */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Messages common to SSH1 and OpenSSH's SSH2.
|
* Messages common to SSH-1 and OpenSSH's SSH-2.
|
||||||
*/
|
*/
|
||||||
#define SSH_AGENT_FAILURE 5
|
#define SSH_AGENT_FAILURE 5
|
||||||
#define SSH_AGENT_SUCCESS 6
|
#define SSH_AGENT_SUCCESS 6
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* OpenSSH's SSH2 agent messages.
|
* OpenSSH's SSH-2 agent messages.
|
||||||
*/
|
*/
|
||||||
#define SSH2_AGENTC_REQUEST_IDENTITIES 11
|
#define SSH2_AGENTC_REQUEST_IDENTITIES 11
|
||||||
#define SSH2_AGENT_IDENTITIES_ANSWER 12
|
#define SSH2_AGENT_IDENTITIES_ANSWER 12
|
||||||
@ -469,7 +469,7 @@ int zlib_decompress_block(void *, unsigned char *block, int len,
|
|||||||
#define SSH2_AGENTC_REMOVE_ALL_IDENTITIES 19
|
#define SSH2_AGENTC_REMOVE_ALL_IDENTITIES 19
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Need this to warn about support for the original SSH2 keyfile
|
* Need this to warn about support for the original SSH-2 keyfile
|
||||||
* format.
|
* format.
|
||||||
*/
|
*/
|
||||||
void old_keyfile_warning(void);
|
void old_keyfile_warning(void);
|
||||||
|
@ -483,7 +483,7 @@ static void *blowfish_make_context(void)
|
|||||||
|
|
||||||
static void *blowfish_ssh1_make_context(void)
|
static void *blowfish_ssh1_make_context(void)
|
||||||
{
|
{
|
||||||
/* In SSH1, need one key for each direction */
|
/* In SSH-1, need one key for each direction */
|
||||||
return snewn(2, BlowfishContext);
|
return snewn(2, BlowfishContext);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
10
sshbn.c
10
sshbn.c
@ -558,7 +558,7 @@ Bignum bignum_from_bytes(const unsigned char *data, int nbytes)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Read an ssh1-format bignum from a data buffer. Return the number
|
* Read an SSH-1-format bignum from a data buffer. Return the number
|
||||||
* of bytes consumed, or -1 if there wasn't enough data.
|
* of bytes consumed, or -1 if there wasn't enough data.
|
||||||
*/
|
*/
|
||||||
int ssh1_read_bignum(const unsigned char *data, int len, Bignum * result)
|
int ssh1_read_bignum(const unsigned char *data, int len, Bignum * result)
|
||||||
@ -587,7 +587,7 @@ int ssh1_read_bignum(const unsigned char *data, int len, Bignum * result)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Return the bit count of a bignum, for ssh1 encoding.
|
* Return the bit count of a bignum, for SSH-1 encoding.
|
||||||
*/
|
*/
|
||||||
int bignum_bitcount(Bignum bn)
|
int bignum_bitcount(Bignum bn)
|
||||||
{
|
{
|
||||||
@ -598,7 +598,7 @@ int bignum_bitcount(Bignum bn)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Return the byte length of a bignum when ssh1 encoded.
|
* Return the byte length of a bignum when SSH-1 encoded.
|
||||||
*/
|
*/
|
||||||
int ssh1_bignum_length(Bignum bn)
|
int ssh1_bignum_length(Bignum bn)
|
||||||
{
|
{
|
||||||
@ -606,7 +606,7 @@ int ssh1_bignum_length(Bignum bn)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Return the byte length of a bignum when ssh2 encoded.
|
* Return the byte length of a bignum when SSH-2 encoded.
|
||||||
*/
|
*/
|
||||||
int ssh2_bignum_length(Bignum bn)
|
int ssh2_bignum_length(Bignum bn)
|
||||||
{
|
{
|
||||||
@ -654,7 +654,7 @@ void bignum_set_bit(Bignum bn, int bitnum, int value)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Write a ssh1-format bignum into a buffer. It is assumed the
|
* Write a SSH-1-format bignum into a buffer. It is assumed the
|
||||||
* buffer is big enough. Returns the number of bytes used.
|
* buffer is big enough. Returns the number of bytes used.
|
||||||
*/
|
*/
|
||||||
int ssh1_write_bignum(void *data, Bignum bn)
|
int ssh1_write_bignum(void *data, Bignum bn)
|
||||||
|
6
sshdes.c
6
sshdes.c
@ -751,7 +751,7 @@ static void *des3_make_context(void)
|
|||||||
|
|
||||||
static void *des3_ssh1_make_context(void)
|
static void *des3_ssh1_make_context(void)
|
||||||
{
|
{
|
||||||
/* Need 3 keys for each direction, in SSH1 */
|
/* Need 3 keys for each direction, in SSH-1 */
|
||||||
return snewn(6, DESContext);
|
return snewn(6, DESContext);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -762,7 +762,7 @@ static void *des_make_context(void)
|
|||||||
|
|
||||||
static void *des_ssh1_make_context(void)
|
static void *des_ssh1_make_context(void)
|
||||||
{
|
{
|
||||||
/* Need one key for each direction, in SSH1 */
|
/* Need one key for each direction, in SSH-1 */
|
||||||
return snewn(2, DESContext);
|
return snewn(2, DESContext);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -942,7 +942,7 @@ static const struct ssh2_cipher ssh_3des_ssh2 = {
|
|||||||
};
|
};
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Single DES in ssh2. "des-cbc" is marked as HISTORIC in
|
* Single DES in SSH-2. "des-cbc" is marked as HISTORIC in
|
||||||
* draft-ietf-secsh-assignednumbers-04.txt, referring to
|
* draft-ietf-secsh-assignednumbers-04.txt, referring to
|
||||||
* FIPS-46-3. ("Single DES (i.e., DES) will be permitted
|
* FIPS-46-3. ("Single DES (i.e., DES) will be permitted
|
||||||
* for legacy systems only.") , but ssh.com support it and
|
* for legacy systems only.") , but ssh.com support it and
|
||||||
|
20
sshpubk.c
20
sshpubk.c
@ -1,7 +1,7 @@
|
|||||||
/*
|
/*
|
||||||
* Generic SSH public-key handling operations. In particular,
|
* Generic SSH public-key handling operations. In particular,
|
||||||
* reading of SSH public-key files, and also the generic `sign'
|
* reading of SSH public-key files, and also the generic `sign'
|
||||||
* operation for ssh2 (which checks the type of the key and
|
* operation for SSH-2 (which checks the type of the key and
|
||||||
* dispatches to the appropriate key-type specific function).
|
* dispatches to the appropriate key-type specific function).
|
||||||
*/
|
*/
|
||||||
|
|
||||||
@ -78,7 +78,7 @@ static int loadrsakey_main(FILE * fp, struct RSAKey *key, int pub_only,
|
|||||||
|| buf[i + 3] != 0) goto end; /* reserved field nonzero, panic! */
|
|| buf[i + 3] != 0) goto end; /* reserved field nonzero, panic! */
|
||||||
i += 4;
|
i += 4;
|
||||||
|
|
||||||
/* Now the serious stuff. An ordinary SSH 1 public key. */
|
/* Now the serious stuff. An ordinary SSH-1 public key. */
|
||||||
i += makekey(buf + i, len, key, NULL, 1);
|
i += makekey(buf + i, len, key, NULL, 1);
|
||||||
if (i < 0)
|
if (i < 0)
|
||||||
goto end; /* overran */
|
goto end; /* overran */
|
||||||
@ -307,7 +307,7 @@ int saversakey(const Filename *filename, struct RSAKey *key, char *passphrase)
|
|||||||
p += 4;
|
p += 4;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* An ordinary SSH 1 public key consists of: a uint32
|
* An ordinary SSH-1 public key consists of: a uint32
|
||||||
* containing the bit count, then two bignums containing the
|
* containing the bit count, then two bignums containing the
|
||||||
* modulus and exponent respectively.
|
* modulus and exponent respectively.
|
||||||
*/
|
*/
|
||||||
@ -384,11 +384,11 @@ int saversakey(const Filename *filename, struct RSAKey *key, char *passphrase)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* ----------------------------------------------------------------------
|
/* ----------------------------------------------------------------------
|
||||||
* SSH2 private key load/store functions.
|
* SSH-2 private key load/store functions.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* PuTTY's own format for SSH2 keys is as follows:
|
* PuTTY's own format for SSH-2 keys is as follows:
|
||||||
*
|
*
|
||||||
* The file is text. Lines are terminated by CRLF, although CR-only
|
* The file is text. Lines are terminated by CRLF, although CR-only
|
||||||
* and LF-only are tolerated on input.
|
* and LF-only are tolerated on input.
|
||||||
@ -404,7 +404,7 @@ int saversakey(const Filename *filename, struct RSAKey *key, char *passphrase)
|
|||||||
*
|
*
|
||||||
* Next there is a line saying "Public-Lines: " plus a number N.
|
* Next there is a line saying "Public-Lines: " plus a number N.
|
||||||
* The following N lines contain a base64 encoding of the public
|
* The following N lines contain a base64 encoding of the public
|
||||||
* part of the key. This is encoded as the standard SSH2 public key
|
* part of the key. This is encoded as the standard SSH-2 public key
|
||||||
* blob (with no initial length): so for RSA, for example, it will
|
* blob (with no initial length): so for RSA, for example, it will
|
||||||
* read
|
* read
|
||||||
*
|
*
|
||||||
@ -1213,10 +1213,10 @@ char *key_type_to_str(int type)
|
|||||||
switch (type) {
|
switch (type) {
|
||||||
case SSH_KEYTYPE_UNOPENABLE: return "unable to open file"; break;
|
case SSH_KEYTYPE_UNOPENABLE: return "unable to open file"; break;
|
||||||
case SSH_KEYTYPE_UNKNOWN: return "not a private key"; break;
|
case SSH_KEYTYPE_UNKNOWN: return "not a private key"; break;
|
||||||
case SSH_KEYTYPE_SSH1: return "SSH1 private key"; break;
|
case SSH_KEYTYPE_SSH1: return "SSH-1 private key"; break;
|
||||||
case SSH_KEYTYPE_SSH2: return "PuTTY SSH2 private key"; break;
|
case SSH_KEYTYPE_SSH2: return "PuTTY SSH-2 private key"; break;
|
||||||
case SSH_KEYTYPE_OPENSSH: return "OpenSSH SSH2 private key"; break;
|
case SSH_KEYTYPE_OPENSSH: return "OpenSSH SSH-2 private key"; break;
|
||||||
case SSH_KEYTYPE_SSHCOM: return "ssh.com SSH2 private key"; break;
|
case SSH_KEYTYPE_SSHCOM: return "ssh.com SSH-2 private key"; break;
|
||||||
default: return "INTERNAL ERROR"; break;
|
default: return "INTERNAL ERROR"; break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
2
sshsha.c
2
sshsha.c
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* SHA1 hash algorithm. Used in SSH2 as a MAC, and the transform is
|
* SHA1 hash algorithm. Used in SSH-2 as a MAC, and the transform is
|
||||||
* also used as a `stirring' function for the PuTTY random number
|
* also used as a `stirring' function for the PuTTY random number
|
||||||
* pool. Implemented directly from the specification by Simon
|
* pool. Implemented directly from the specification by Simon
|
||||||
* Tatham.
|
* Tatham.
|
||||||
|
@ -6231,13 +6231,13 @@ int term_data(Terminal *term, int is_stderr, const char *data, int len)
|
|||||||
* the remote side needing to wait until term_out() has cleared
|
* the remote side needing to wait until term_out() has cleared
|
||||||
* a backlog.
|
* a backlog.
|
||||||
*
|
*
|
||||||
* This is a slightly suboptimal way to deal with SSH2 - in
|
* This is a slightly suboptimal way to deal with SSH-2 - in
|
||||||
* principle, the window mechanism would allow us to continue
|
* principle, the window mechanism would allow us to continue
|
||||||
* to accept data on forwarded ports and X connections even
|
* to accept data on forwarded ports and X connections even
|
||||||
* while the terminal processing was going slowly - but we
|
* while the terminal processing was going slowly - but we
|
||||||
* can't do the 100% right thing without moving the terminal
|
* can't do the 100% right thing without moving the terminal
|
||||||
* processing into a separate thread, and that might hurt
|
* processing into a separate thread, and that might hurt
|
||||||
* portability. So we manage stdout buffering the old SSH1 way:
|
* portability. So we manage stdout buffering the old SSH-1 way:
|
||||||
* if the terminal processing goes slowly, the whole SSH
|
* if the terminal processing goes slowly, the whole SSH
|
||||||
* connection stops accepting data until it's ready.
|
* connection stops accepting data until it's ready.
|
||||||
*
|
*
|
||||||
|
@ -256,7 +256,7 @@ int askappend(void *frontend, Filename filename,
|
|||||||
void old_keyfile_warning(void)
|
void old_keyfile_warning(void)
|
||||||
{
|
{
|
||||||
static const char message[] =
|
static const char message[] =
|
||||||
"You are loading an SSH 2 private key which has an\n"
|
"You are loading an SSH-2 private key which has an\n"
|
||||||
"old version of the file format. This means your key\n"
|
"old version of the file format. This means your key\n"
|
||||||
"file is not fully tamperproof. Future versions of\n"
|
"file is not fully tamperproof. Future versions of\n"
|
||||||
"PuTTY may stop supporting this private key format,\n"
|
"PuTTY may stop supporting this private key format,\n"
|
||||||
|
@ -258,7 +258,7 @@ int askappend(void *frontend, Filename filename,
|
|||||||
void old_keyfile_warning(void)
|
void old_keyfile_warning(void)
|
||||||
{
|
{
|
||||||
static const char message[] =
|
static const char message[] =
|
||||||
"You are loading an SSH 2 private key which has an\n"
|
"You are loading an SSH-2 private key which has an\n"
|
||||||
"old version of the file format. This means your key\n"
|
"old version of the file format. This means your key\n"
|
||||||
"file is not fully tamperproof. Future versions of\n"
|
"file is not fully tamperproof. Future versions of\n"
|
||||||
"PuTTY may stop supporting this private key format,\n"
|
"PuTTY may stop supporting this private key format,\n"
|
||||||
|
@ -909,7 +909,7 @@ void old_keyfile_warning(void)
|
|||||||
{
|
{
|
||||||
static const char mbtitle[] = "%s Key File Warning";
|
static const char mbtitle[] = "%s Key File Warning";
|
||||||
static const char message[] =
|
static const char message[] =
|
||||||
"You are loading an SSH 2 private key which has an\n"
|
"You are loading an SSH-2 private key which has an\n"
|
||||||
"old version of the file format. This means your key\n"
|
"old version of the file format. This means your key\n"
|
||||||
"file is not fully tamperproof. Future versions of\n"
|
"file is not fully tamperproof. Future versions of\n"
|
||||||
"%s may stop supporting this private key format,\n"
|
"%s may stop supporting this private key format,\n"
|
||||||
|
@ -425,7 +425,7 @@ void old_keyfile_warning(void)
|
|||||||
{
|
{
|
||||||
static const char mbtitle[] = "PuTTY Key File Warning";
|
static const char mbtitle[] = "PuTTY Key File Warning";
|
||||||
static const char message[] =
|
static const char message[] =
|
||||||
"You are loading an SSH 2 private key which has an\n"
|
"You are loading an SSH-2 private key which has an\n"
|
||||||
"old version of the file format. This means your key\n"
|
"old version of the file format. This means your key\n"
|
||||||
"file is not fully tamperproof. Future versions of\n"
|
"file is not fully tamperproof. Future versions of\n"
|
||||||
"PuTTY may stop supporting this private key format,\n"
|
"PuTTY may stop supporting this private key format,\n"
|
||||||
@ -836,9 +836,9 @@ static int CALLBACK MainDlgProc(HWND hwnd, UINT msg,
|
|||||||
menu1 = CreateMenu();
|
menu1 = CreateMenu();
|
||||||
AppendMenu(menu1, MF_ENABLED, IDC_GENERATE, "&Generate key pair");
|
AppendMenu(menu1, MF_ENABLED, IDC_GENERATE, "&Generate key pair");
|
||||||
AppendMenu(menu1, MF_SEPARATOR, 0, 0);
|
AppendMenu(menu1, MF_SEPARATOR, 0, 0);
|
||||||
AppendMenu(menu1, MF_ENABLED, IDC_KEYSSH1, "SSH&1 key (RSA)");
|
AppendMenu(menu1, MF_ENABLED, IDC_KEYSSH1, "SSH-&1 key (RSA)");
|
||||||
AppendMenu(menu1, MF_ENABLED, IDC_KEYSSH2RSA, "SSH2 &RSA key");
|
AppendMenu(menu1, MF_ENABLED, IDC_KEYSSH2RSA, "SSH-2 &RSA key");
|
||||||
AppendMenu(menu1, MF_ENABLED, IDC_KEYSSH2DSA, "SSH2 &DSA key");
|
AppendMenu(menu1, MF_ENABLED, IDC_KEYSSH2DSA, "SSH-2 &DSA key");
|
||||||
AppendMenu(menu, MF_POPUP | MF_ENABLED, (UINT) menu1, "&Key");
|
AppendMenu(menu, MF_POPUP | MF_ENABLED, (UINT) menu1, "&Key");
|
||||||
state->keymenu = menu1;
|
state->keymenu = menu1;
|
||||||
|
|
||||||
@ -915,9 +915,9 @@ static int CALLBACK MainDlgProc(HWND hwnd, UINT msg,
|
|||||||
endbox(&cp);
|
endbox(&cp);
|
||||||
beginbox(&cp, "Parameters", IDC_BOX_PARAMS);
|
beginbox(&cp, "Parameters", IDC_BOX_PARAMS);
|
||||||
radioline(&cp, "Type of key to generate:", IDC_TYPESTATIC, 3,
|
radioline(&cp, "Type of key to generate:", IDC_TYPESTATIC, 3,
|
||||||
"SSH&1 (RSA)", IDC_KEYSSH1,
|
"SSH-&1 (RSA)", IDC_KEYSSH1,
|
||||||
"SSH2 &RSA", IDC_KEYSSH2RSA,
|
"SSH-2 &RSA", IDC_KEYSSH2RSA,
|
||||||
"SSH2 &DSA", IDC_KEYSSH2DSA, NULL);
|
"SSH-2 &DSA", IDC_KEYSSH2DSA, NULL);
|
||||||
staticedit(&cp, "Number of &bits in a generated key:",
|
staticedit(&cp, "Number of &bits in a generated key:",
|
||||||
IDC_BITSSTATIC, IDC_BITS, 20);
|
IDC_BITSSTATIC, IDC_BITS, 20);
|
||||||
endbox(&cp);
|
endbox(&cp);
|
||||||
@ -1125,7 +1125,7 @@ static int CALLBACK MainDlgProc(HWND hwnd, UINT msg,
|
|||||||
if (type != realtype &&
|
if (type != realtype &&
|
||||||
import_target_type(type) != realtype) {
|
import_target_type(type) != realtype) {
|
||||||
char msg[256];
|
char msg[256];
|
||||||
sprintf(msg, "Cannot export an SSH%d key in an SSH%d"
|
sprintf(msg, "Cannot export an SSH-%d key in an SSH-%d"
|
||||||
" format", (state->ssh2 ? 2 : 1),
|
" format", (state->ssh2 ? 2 : 1),
|
||||||
(state->ssh2 ? 1 : 2));
|
(state->ssh2 ? 1 : 2));
|
||||||
MessageBox(hwnd, msg,
|
MessageBox(hwnd, msg,
|
||||||
|
@ -147,7 +147,7 @@ int random_byte(void)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Blob structure for passing to the asymmetric SSH2 key compare
|
* Blob structure for passing to the asymmetric SSH-2 key compare
|
||||||
* function, prototyped here.
|
* function, prototyped here.
|
||||||
*/
|
*/
|
||||||
struct blob {
|
struct blob {
|
||||||
@ -321,7 +321,7 @@ void old_keyfile_warning(void)
|
|||||||
{
|
{
|
||||||
static const char mbtitle[] = "PuTTY Key File Warning";
|
static const char mbtitle[] = "PuTTY Key File Warning";
|
||||||
static const char message[] =
|
static const char message[] =
|
||||||
"You are loading an SSH 2 private key which has an\n"
|
"You are loading an SSH-2 private key which has an\n"
|
||||||
"old version of the file format. This means your key\n"
|
"old version of the file format. This means your key\n"
|
||||||
"file is not fully tamperproof. Future versions of\n"
|
"file is not fully tamperproof. Future versions of\n"
|
||||||
"PuTTY may stop supporting this private key format,\n"
|
"PuTTY may stop supporting this private key format,\n"
|
||||||
@ -692,7 +692,7 @@ static void add_keyfile(Filename filename)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Create an SSH1 key list in a malloc'ed buffer; return its
|
* Create an SSH-1 key list in a malloc'ed buffer; return its
|
||||||
* length.
|
* length.
|
||||||
*/
|
*/
|
||||||
static void *make_keylist1(int *length)
|
static void *make_keylist1(int *length)
|
||||||
@ -736,7 +736,7 @@ static void *make_keylist1(int *length)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Create an SSH2 key list in a malloc'ed buffer; return its
|
* Create an SSH-2 key list in a malloc'ed buffer; return its
|
||||||
* length.
|
* length.
|
||||||
*/
|
*/
|
||||||
static void *make_keylist2(int *length)
|
static void *make_keylist2(int *length)
|
||||||
@ -1246,7 +1246,7 @@ static void answer_msg(void *msg)
|
|||||||
break;
|
break;
|
||||||
case SSH1_AGENTC_REMOVE_ALL_RSA_IDENTITIES:
|
case SSH1_AGENTC_REMOVE_ALL_RSA_IDENTITIES:
|
||||||
/*
|
/*
|
||||||
* Remove all SSH1 keys. Always returns success.
|
* Remove all SSH-1 keys. Always returns success.
|
||||||
*/
|
*/
|
||||||
{
|
{
|
||||||
struct RSAKey *rkey;
|
struct RSAKey *rkey;
|
||||||
@ -1264,7 +1264,7 @@ static void answer_msg(void *msg)
|
|||||||
break;
|
break;
|
||||||
case SSH2_AGENTC_REMOVE_ALL_IDENTITIES:
|
case SSH2_AGENTC_REMOVE_ALL_IDENTITIES:
|
||||||
/*
|
/*
|
||||||
* Remove all SSH2 keys. Always returns success.
|
* Remove all SSH-2 keys. Always returns success.
|
||||||
*/
|
*/
|
||||||
{
|
{
|
||||||
struct ssh2_userkey *skey;
|
struct ssh2_userkey *skey;
|
||||||
@ -1332,7 +1332,7 @@ static int cmpkeys_rsa(void *av, void *bv)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Key comparison function for the 2-3-4 tree of SSH2 keys.
|
* Key comparison function for the 2-3-4 tree of SSH-2 keys.
|
||||||
*/
|
*/
|
||||||
static int cmpkeys_ssh2(void *av, void *bv)
|
static int cmpkeys_ssh2(void *av, void *bv)
|
||||||
{
|
{
|
||||||
@ -1372,7 +1372,7 @@ static int cmpkeys_ssh2(void *av, void *bv)
|
|||||||
|
|
||||||
/*
|
/*
|
||||||
* Key comparison function for looking up a blob in the 2-3-4 tree
|
* Key comparison function for looking up a blob in the 2-3-4 tree
|
||||||
* of SSH2 keys.
|
* of SSH-2 keys.
|
||||||
*/
|
*/
|
||||||
static int cmpkeys_ssh2_asymm(void *av, void *bv)
|
static int cmpkeys_ssh2_asymm(void *av, void *bv)
|
||||||
{
|
{
|
||||||
|
Loading…
Reference in New Issue
Block a user