mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-25 01:02:24 +00:00
Consistently use a single notation to refer to SSH protocol versions, as
discussed. Use Barrett and Silverman's convention of "SSH-1" for SSH protocol version 1 and "SSH-2" for protocol 2 ("SSH1"/"SSH2" refer to ssh.com implementations in this scheme). <http://www.snailbook.com/terms.html> [originally from svn r5480]
This commit is contained in:
parent
dfccca7974
commit
5aa719d16e
18
cmdgen.c
18
cmdgen.c
@ -523,7 +523,7 @@ int main(int argc, char **argv)
|
||||
|
||||
case SSH_KEYTYPE_SSH1:
|
||||
if (sshver == 2) {
|
||||
fprintf(stderr, "puttygen: conversion from SSH1 to SSH2 keys"
|
||||
fprintf(stderr, "puttygen: conversion from SSH-1 to SSH-2 keys"
|
||||
" not supported\n");
|
||||
return 1;
|
||||
}
|
||||
@ -534,7 +534,7 @@ int main(int argc, char **argv)
|
||||
case SSH_KEYTYPE_OPENSSH:
|
||||
case SSH_KEYTYPE_SSHCOM:
|
||||
if (sshver == 1) {
|
||||
fprintf(stderr, "puttygen: conversion from SSH2 to SSH1 keys"
|
||||
fprintf(stderr, "puttygen: conversion from SSH-2 to SSH-1 keys"
|
||||
" not supported\n");
|
||||
return 1;
|
||||
}
|
||||
@ -694,13 +694,13 @@ int main(int argc, char **argv)
|
||||
l = ssh1_read_bignum(blob + n, bloblen - n,
|
||||
&ssh1key->exponent);
|
||||
if (l < 0) {
|
||||
error = "SSH1 public key blob was too short";
|
||||
error = "SSH-1 public key blob was too short";
|
||||
} else {
|
||||
n += l;
|
||||
l = ssh1_read_bignum(blob + n, bloblen - n,
|
||||
&ssh1key->modulus);
|
||||
if (l < 0) {
|
||||
error = "SSH1 public key blob was too short";
|
||||
error = "SSH-1 public key blob was too short";
|
||||
} else
|
||||
n += l;
|
||||
}
|
||||
@ -829,14 +829,14 @@ int main(int argc, char **argv)
|
||||
assert(ssh1key);
|
||||
ret = saversakey(&outfilename, ssh1key, passphrase);
|
||||
if (!ret) {
|
||||
fprintf(stderr, "puttygen: unable to save SSH1 private key\n");
|
||||
fprintf(stderr, "puttygen: unable to save SSH-1 private key\n");
|
||||
return 1;
|
||||
}
|
||||
} else {
|
||||
assert(ssh2key);
|
||||
ret = ssh2_save_userkey(&outfilename, ssh2key, passphrase);
|
||||
if (!ret) {
|
||||
fprintf(stderr, "puttygen: unable to save SSH2 private key\n");
|
||||
fprintf(stderr, "puttygen: unable to save SSH-2 private key\n");
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
@ -1215,10 +1215,10 @@ int main(int argc, char **argv)
|
||||
* Change the comment of the key; this _does_ require a
|
||||
* passphrase owing to the tamperproofing.
|
||||
*
|
||||
* NOTE: In SSH1, this only requires a passphrase because
|
||||
* NOTE: In SSH-1, this only requires a passphrase because
|
||||
* of inadequacies of the loading and saving mechanisms. In
|
||||
* _principle_, it should be perfectly possible to modify
|
||||
* the comment on an SSH1 key without requiring a
|
||||
* the comment on an SSH-1 key without requiring a
|
||||
* passphrase; the only reason I can't do it is because my
|
||||
* loading and saving mechanisms don't include a method of
|
||||
* loading all the key data without also trying to decrypt
|
||||
@ -1226,7 +1226,7 @@ int main(int argc, char **argv)
|
||||
*
|
||||
* I don't consider this to be a problem worth solving,
|
||||
* because (a) to fix it would probably end up bloating
|
||||
* PuTTY proper, and (b) SSH1 is on the way out anyway so
|
||||
* PuTTY proper, and (b) SSH-1 is on the way out anyway so
|
||||
* it shouldn't be highly significant. If it seriously
|
||||
* bothers anyone then perhaps I _might_ be persuadable.
|
||||
*/
|
||||
|
26
config.c
26
config.c
@ -92,7 +92,7 @@ static void cipherlist_handler(union control *ctrl, void *dlg,
|
||||
{ "3DES", CIPHER_3DES },
|
||||
{ "Blowfish", CIPHER_BLOWFISH },
|
||||
{ "DES", CIPHER_DES },
|
||||
{ "AES (SSH 2 only)", CIPHER_AES },
|
||||
{ "AES (SSH-2 only)", CIPHER_AES },
|
||||
{ "-- warn below here --", CIPHER_WARN }
|
||||
};
|
||||
|
||||
@ -1647,7 +1647,7 @@ void setup_config_box(struct controlbox *b, struct sesslist *sesslist,
|
||||
cipherlist_handler, P(NULL));
|
||||
c->listbox.height = 6;
|
||||
|
||||
ctrl_checkbox(s, "Enable legacy use of single-DES in SSH 2", 'i',
|
||||
ctrl_checkbox(s, "Enable legacy use of single-DES in SSH-2", 'i',
|
||||
HELPCTX(ssh_ciphers),
|
||||
dlg_stdcheckbox_handler,
|
||||
I(offsetof(Config,ssh2_des_cbc)));
|
||||
@ -1656,7 +1656,7 @@ void setup_config_box(struct controlbox *b, struct sesslist *sesslist,
|
||||
/*
|
||||
* The Connection/SSH/Kex panel. (Owing to repeat key
|
||||
* exchange, this is all meaningful in mid-session _if_
|
||||
* we're using SSH2 or haven't decided yet.)
|
||||
* we're using SSH-2 or haven't decided yet.)
|
||||
*/
|
||||
if (protcfginfo != 1) {
|
||||
ctrl_settitle(b, "Connection/SSH/Kex",
|
||||
@ -1696,11 +1696,11 @@ void setup_config_box(struct controlbox *b, struct sesslist *sesslist,
|
||||
|
||||
s = ctrl_getset(b, "Connection/SSH/Auth", "methods",
|
||||
"Authentication methods");
|
||||
ctrl_checkbox(s, "Attempt TIS or CryptoCard auth (SSH1)", 'm',
|
||||
ctrl_checkbox(s, "Attempt TIS or CryptoCard auth (SSH-1)", 'm',
|
||||
HELPCTX(ssh_auth_tis),
|
||||
dlg_stdcheckbox_handler,
|
||||
I(offsetof(Config,try_tis_auth)));
|
||||
ctrl_checkbox(s, "Attempt \"keyboard-interactive\" auth (SSH2)",
|
||||
ctrl_checkbox(s, "Attempt \"keyboard-interactive\" auth (SSH-2)",
|
||||
'i', HELPCTX(ssh_auth_ki),
|
||||
dlg_stdcheckbox_handler,
|
||||
I(offsetof(Config,try_ki_auth)));
|
||||
@ -1710,7 +1710,7 @@ void setup_config_box(struct controlbox *b, struct sesslist *sesslist,
|
||||
ctrl_checkbox(s, "Allow agent forwarding", 'f',
|
||||
HELPCTX(ssh_auth_agentfwd),
|
||||
dlg_stdcheckbox_handler, I(offsetof(Config,agentfwd)));
|
||||
ctrl_checkbox(s, "Allow attempted changes of username in SSH2", 'u',
|
||||
ctrl_checkbox(s, "Allow attempted changes of username in SSH-2", 'u',
|
||||
HELPCTX(ssh_auth_changeuser),
|
||||
dlg_stdcheckbox_handler,
|
||||
I(offsetof(Config,change_username)));
|
||||
@ -1755,7 +1755,7 @@ void setup_config_box(struct controlbox *b, struct sesslist *sesslist,
|
||||
HELPCTX(ssh_tunnels_portfwd_localhost),
|
||||
dlg_stdcheckbox_handler,
|
||||
I(offsetof(Config,lport_acceptall)));
|
||||
ctrl_checkbox(s, "Remote ports do the same (SSH v2 only)", 'p',
|
||||
ctrl_checkbox(s, "Remote ports do the same (SSH-2 only)", 'p',
|
||||
HELPCTX(ssh_tunnels_portfwd_localhost),
|
||||
dlg_stdcheckbox_handler,
|
||||
I(offsetof(Config,rport_acceptall)));
|
||||
@ -1824,22 +1824,22 @@ void setup_config_box(struct controlbox *b, struct sesslist *sesslist,
|
||||
|
||||
s = ctrl_getset(b, "Connection/SSH/Bugs", "main",
|
||||
"Detection of known bugs in SSH servers");
|
||||
ctrl_droplist(s, "Chokes on SSH1 ignore messages", 'i', 20,
|
||||
ctrl_droplist(s, "Chokes on SSH-1 ignore messages", 'i', 20,
|
||||
HELPCTX(ssh_bugs_ignore1),
|
||||
sshbug_handler, I(offsetof(Config,sshbug_ignore1)));
|
||||
ctrl_droplist(s, "Refuses all SSH1 password camouflage", 's', 20,
|
||||
ctrl_droplist(s, "Refuses all SSH-1 password camouflage", 's', 20,
|
||||
HELPCTX(ssh_bugs_plainpw1),
|
||||
sshbug_handler, I(offsetof(Config,sshbug_plainpw1)));
|
||||
ctrl_droplist(s, "Chokes on SSH1 RSA authentication", 'r', 20,
|
||||
ctrl_droplist(s, "Chokes on SSH-1 RSA authentication", 'r', 20,
|
||||
HELPCTX(ssh_bugs_rsa1),
|
||||
sshbug_handler, I(offsetof(Config,sshbug_rsa1)));
|
||||
ctrl_droplist(s, "Miscomputes SSH2 HMAC keys", 'm', 20,
|
||||
ctrl_droplist(s, "Miscomputes SSH-2 HMAC keys", 'm', 20,
|
||||
HELPCTX(ssh_bugs_hmac2),
|
||||
sshbug_handler, I(offsetof(Config,sshbug_hmac2)));
|
||||
ctrl_droplist(s, "Miscomputes SSH2 encryption keys", 'e', 20,
|
||||
ctrl_droplist(s, "Miscomputes SSH-2 encryption keys", 'e', 20,
|
||||
HELPCTX(ssh_bugs_derivekey2),
|
||||
sshbug_handler, I(offsetof(Config,sshbug_derivekey2)));
|
||||
ctrl_droplist(s, "Requires padding on SSH2 RSA signatures", 'p', 20,
|
||||
ctrl_droplist(s, "Requires padding on SSH-2 RSA signatures", 'p', 20,
|
||||
HELPCTX(ssh_bugs_rsapad2),
|
||||
sshbug_handler, I(offsetof(Config,sshbug_rsapad2)));
|
||||
ctrl_droplist(s, "Misuses the session ID in PK auth", 'n', 20,
|
||||
|
@ -1,6 +1,6 @@
|
||||
#! /usr/bin/env python
|
||||
|
||||
# $Id: kh2reg.py,v 1.3 2003/10/21 13:26:12 jacob Exp $
|
||||
# $Id$
|
||||
# Convert OpenSSH known_hosts and known_hosts2 files to "new format" PuTTY
|
||||
# host keys.
|
||||
# usage:
|
||||
@ -87,7 +87,7 @@ for line in fileinput.input(args):
|
||||
# is second field entirely decimal digits?
|
||||
if re.match (r"\d*$", fields[1]):
|
||||
|
||||
# Treat as SSH1-type host key.
|
||||
# Treat as SSH-1-type host key.
|
||||
# Format: hostpat bits10 exp10 mod10 comment...
|
||||
# (PuTTY doesn't store the number of bits.)
|
||||
magicnumbers = map (long, fields[2:4])
|
||||
@ -95,7 +95,7 @@ for line in fileinput.input(args):
|
||||
|
||||
else:
|
||||
|
||||
# Treat as SSH2-type host key.
|
||||
# Treat as SSH-2-type host key.
|
||||
# Format: hostpat keytype keyblob64 comment...
|
||||
sshkeytype, blob = fields[1], base64.decodestring (fields[2])
|
||||
|
||||
|
@ -1563,8 +1563,8 @@ Keepalives are only supported in Telnet and SSH; the Rlogin and Raw
|
||||
protocols offer no way of implementing them. (For an alternative, see
|
||||
\k{config-tcp-keepalives}.)
|
||||
|
||||
Note that if you are using SSH1 and the server has a bug that makes
|
||||
it unable to deal with SSH1 ignore messages (see
|
||||
Note that if you are using SSH-1 and the server has a bug that makes
|
||||
it unable to deal with SSH-1 ignore messages (see
|
||||
\k{config-ssh-bug-ignore1}), enabling keepalives will have no effect.
|
||||
|
||||
\S{config-nodelay} \q{Disable Nagle's algorithm}
|
||||
@ -1701,10 +1701,10 @@ other ways around the security problems than just disabling the
|
||||
whole mechanism.
|
||||
|
||||
Version 2 of the SSH protocol also provides a similar mechanism,
|
||||
which is easier to implement without security flaws. Newer SSH2
|
||||
which is easier to implement without security flaws. Newer SSH-2
|
||||
servers are more likely to support it than older ones.
|
||||
|
||||
This configuration data is not used in the SSHv1, rlogin or raw
|
||||
This configuration data is not used in the SSH-1, rlogin or raw
|
||||
protocols.
|
||||
|
||||
To add an environment variable to the list transmitted down the
|
||||
@ -2126,11 +2126,11 @@ separate configuration of the preference orders. As a result you may
|
||||
get two warnings similar to the one above, possibly with different
|
||||
encryptions.
|
||||
|
||||
Single-DES is not recommended in the SSH 2 draft protocol
|
||||
Single-DES is not recommended in the SSH-2 draft protocol
|
||||
standards, but one or two server implementations do support it.
|
||||
PuTTY can use single-DES to interoperate with
|
||||
these servers if you enable the \q{Enable legacy use of single-DES in
|
||||
SSH 2} option; by default this is disabled and PuTTY will stick to
|
||||
SSH-2} option; by default this is disabled and PuTTY will stick to
|
||||
recommended ciphers.
|
||||
|
||||
\H{config-ssh-kex} The Kex panel
|
||||
@ -2283,7 +2283,7 @@ responses take.
|
||||
|
||||
\cfg{winhelp-topic}{ssh.auth.ki}
|
||||
|
||||
The SSH 2 equivalent of TIS authentication is called
|
||||
The SSH-2 equivalent of TIS authentication is called
|
||||
\q{keyboard-interactive}. It is a flexible authentication method
|
||||
using an arbitrary sequence of requests and responses; so it is not
|
||||
only useful for challenge/response mechanisms such as S/Key, but it
|
||||
@ -2306,17 +2306,17 @@ See \k{pageant} for general information on Pageant, and
|
||||
there is a security risk involved with enabling this option; see
|
||||
\k{pageant-security} for details.
|
||||
|
||||
\S{config-ssh-changeuser} \q{Allow attempted changes of username in SSH2}
|
||||
\S{config-ssh-changeuser} \q{Allow attempted changes of username in SSH-2}
|
||||
|
||||
\cfg{winhelp-topic}{ssh.auth.changeuser}
|
||||
|
||||
In the SSH 1 protocol, it is impossible to change username after
|
||||
In the SSH-1 protocol, it is impossible to change username after
|
||||
failing to authenticate. So if you mis-type your username at the
|
||||
PuTTY \q{login as:} prompt, you will not be able to change it except
|
||||
by restarting PuTTY.
|
||||
|
||||
The SSH 2 protocol \e{does} allow changes of username, in principle,
|
||||
but does not make it mandatory for SSH 2 servers to accept them. In
|
||||
The SSH-2 protocol \e{does} allow changes of username, in principle,
|
||||
but does not make it mandatory for SSH-2 servers to accept them. In
|
||||
particular, OpenSSH does not accept a change of username; once you
|
||||
have sent one username, it will reject attempts to try to
|
||||
authenticate as another user. (Depending on the version of OpenSSH,
|
||||
@ -2391,7 +2391,7 @@ experimental feature, and may encounter several problems:
|
||||
\cw{XDM-AUTHORIZATION-1}, so they will not know what to do with the
|
||||
data PuTTY has provided.
|
||||
|
||||
\b This authentication mechanism will only work in SSH v2. In SSH
|
||||
\b This authentication mechanism will only work in SSH-2. In SSH
|
||||
v1, the SSH server does not tell the client the source address of
|
||||
a forwarded connection in a machine-readable format, so it's
|
||||
impossible to verify the \cw{XDM-AUTHORIZATION-1} data.
|
||||
@ -2465,10 +2465,10 @@ If you delete a local or dynamic port forwarding in mid-session, PuTTY
|
||||
will stop listening for connections on that port, so it can be re-used
|
||||
by another program. If you delete a remote port forwarding, note that:
|
||||
|
||||
\b The SSHv1 protocol contains no mechanism for asking the server to
|
||||
\b The SSH-1 protocol contains no mechanism for asking the server to
|
||||
stop listening on a remote port.
|
||||
|
||||
\b The SSHv2 protocol does contain such a mechanism, but not all SSH
|
||||
\b The SSH-2 protocol does contain such a mechanism, but not all SSH
|
||||
servers support it. (In particular, OpenSSH does not support it in
|
||||
any version earlier than 3.9.)
|
||||
|
||||
@ -2502,8 +2502,8 @@ port. (This also applies to dynamic SOCKS forwarding.)
|
||||
\b The \q{Remote ports do the same} option does the same thing for
|
||||
remote-to-local port forwardings (so that machines other than the
|
||||
SSH server machine can connect to the forwarded port.) Note that
|
||||
this feature is only available in the SSH 2 protocol, and not all
|
||||
SSH 2 servers support it (OpenSSH 3.0 does not, for example).
|
||||
this feature is only available in the SSH-2 protocol, and not all
|
||||
SSH-2 servers support it (OpenSSH 3.0 does not, for example).
|
||||
|
||||
\S{config-ssh-portfwd-address-family} Selecting Internet protocol
|
||||
version for forwarded ports
|
||||
@ -2555,7 +2555,7 @@ states:
|
||||
\b \q{Auto}: PuTTY will use the server's version number announcement
|
||||
to try to guess whether or not the server has the bug.
|
||||
|
||||
\S{config-ssh-bug-ignore1} \q{Chokes on SSH1 ignore messages}
|
||||
\S{config-ssh-bug-ignore1} \q{Chokes on SSH-1 ignore messages}
|
||||
|
||||
\cfg{winhelp-topic}{ssh.bugs.ignore1}
|
||||
|
||||
@ -2563,30 +2563,30 @@ An ignore message (SSH_MSG_IGNORE) is a message in the SSH protocol
|
||||
which can be sent from the client to the server, or from the server
|
||||
to the client, at any time. Either side is required to ignore the
|
||||
message whenever it receives it. PuTTY uses ignore messages to hide
|
||||
the password packet in SSH1, so that a listener cannot tell the
|
||||
the password packet in SSH-1, so that a listener cannot tell the
|
||||
length of the user's password; it also uses ignore messages for
|
||||
connection keepalives (see \k{config-keepalive}).
|
||||
|
||||
If this bug is detected, PuTTY will stop using ignore messages. This
|
||||
means that keepalives will stop working, and PuTTY will have to fall
|
||||
back to a secondary defence against SSH1 password-length
|
||||
back to a secondary defence against SSH-1 password-length
|
||||
eavesdropping. See \k{config-ssh-bug-plainpw1}. If this bug is
|
||||
enabled when talking to a correct server, the session will succeed,
|
||||
but keepalives will not work and the session might be more
|
||||
vulnerable to eavesdroppers than it could be.
|
||||
|
||||
This is an SSH1-specific bug. No known SSH2 server fails to deal
|
||||
with SSH2 ignore messages.
|
||||
This is an SSH-1-specific bug. No known SSH-2 server fails to deal
|
||||
with SSH-2 ignore messages.
|
||||
|
||||
\S{config-ssh-bug-plainpw1} \q{Refuses all SSH1 password camouflage}
|
||||
\S{config-ssh-bug-plainpw1} \q{Refuses all SSH-1 password camouflage}
|
||||
|
||||
\cfg{winhelp-topic}{ssh.bugs.plainpw1}
|
||||
|
||||
When talking to an SSH1 server which cannot deal with ignore
|
||||
When talking to an SSH-1 server which cannot deal with ignore
|
||||
messages (see \k{config-ssh-bug-ignore1}), PuTTY will attempt to
|
||||
disguise the length of the user's password by sending additional
|
||||
padding \e{within} the password packet. This is technically a
|
||||
violation of the SSH1 specification, and so PuTTY will only do it
|
||||
violation of the SSH-1 specification, and so PuTTY will only do it
|
||||
when it cannot use standards-compliant ignore messages as
|
||||
camouflage. In this sense, for a server to refuse to accept a padded
|
||||
password packet is not really a bug, but it does make life
|
||||
@ -2599,15 +2599,15 @@ of the password. If this bug is enabled when talking to a correct
|
||||
server, the session will succeed, but will be more vulnerable to
|
||||
eavesdroppers than it could be.
|
||||
|
||||
This is an SSH1-specific bug. SSH2 is secure against this type of
|
||||
This is an SSH-1-specific bug. SSH-2 is secure against this type of
|
||||
attack.
|
||||
|
||||
\S{config-ssh-bug-rsa1} \q{Chokes on SSH1 RSA authentication}
|
||||
\S{config-ssh-bug-rsa1} \q{Chokes on SSH-1 RSA authentication}
|
||||
|
||||
\cfg{winhelp-topic}{ssh.bugs.rsa1}
|
||||
|
||||
Some SSH1 servers cannot deal with RSA authentication messages at
|
||||
all. If Pageant is running and contains any SSH1 keys, PuTTY will
|
||||
Some SSH-1 servers cannot deal with RSA authentication messages at
|
||||
all. If Pageant is running and contains any SSH-1 keys, PuTTY will
|
||||
normally automatically try RSA authentication before falling back to
|
||||
passwords, so these servers will crash when they see the RSA attempt.
|
||||
|
||||
@ -2616,9 +2616,9 @@ authentication. If this bug is enabled when talking to a correct
|
||||
server, the session will succeed, but of course RSA authentication
|
||||
will be impossible.
|
||||
|
||||
This is an SSH1-specific bug.
|
||||
This is an SSH-1-specific bug.
|
||||
|
||||
\S{config-ssh-bug-hmac2} \q{Miscomputes SSH2 HMAC keys}
|
||||
\S{config-ssh-bug-hmac2} \q{Miscomputes SSH-2 HMAC keys}
|
||||
|
||||
\cfg{winhelp-topic}{ssh.bugs.hmac2}
|
||||
|
||||
@ -2633,9 +2633,9 @@ same way as the buggy server, so that communication will still be
|
||||
possible. If this bug is enabled when talking to a correct server,
|
||||
communication will fail.
|
||||
|
||||
This is an SSH2-specific bug.
|
||||
This is an SSH-2-specific bug.
|
||||
|
||||
\S{config-ssh-bug-derivekey2} \q{Miscomputes SSH2 encryption keys}
|
||||
\S{config-ssh-bug-derivekey2} \q{Miscomputes SSH-2 encryption keys}
|
||||
|
||||
\cfg{winhelp-topic}{ssh.bugs.derivekey2}
|
||||
|
||||
@ -2649,15 +2649,15 @@ the same way as the buggy server, so that communication will still
|
||||
be possible. If this bug is enabled when talking to a correct
|
||||
server, communication will fail.
|
||||
|
||||
This is an SSH2-specific bug.
|
||||
This is an SSH-2-specific bug.
|
||||
|
||||
\S{config-ssh-bug-sig} \q{Requires padding on SSH2 RSA signatures}
|
||||
\S{config-ssh-bug-sig} \q{Requires padding on SSH-2 RSA signatures}
|
||||
|
||||
\cfg{winhelp-topic}{ssh.bugs.rsapad2}
|
||||
|
||||
Versions below 3.3 of OpenSSH require SSH2 RSA signatures to be
|
||||
Versions below 3.3 of OpenSSH require SSH-2 RSA signatures to be
|
||||
padded with zero bytes to the same length as the RSA key modulus.
|
||||
The SSH2 draft specification says that an unpadded signature MUST be
|
||||
The SSH-2 draft specification says that an unpadded signature MUST be
|
||||
accepted, so this is a bug. A typical symptom of this problem is
|
||||
that PuTTY mysteriously fails RSA authentication once in every few
|
||||
hundred attempts, and falls back to passwords.
|
||||
@ -2668,13 +2668,13 @@ server, it is likely that no damage will be done, since correct
|
||||
servers usually still accept padded signatures because they're used
|
||||
to talking to OpenSSH.
|
||||
|
||||
This is an SSH2-specific bug.
|
||||
This is an SSH-2-specific bug.
|
||||
|
||||
\S{config-ssh-bug-pksessid2} \q{Misuses the session ID in PK auth}
|
||||
|
||||
\cfg{winhelp-topic}{ssh.bugs.pksessid2}
|
||||
|
||||
Versions below 2.3 of OpenSSH require SSH2 public-key authentication
|
||||
Versions below 2.3 of OpenSSH require SSH-2 public-key authentication
|
||||
to be done slightly differently: the data to be signed by the client
|
||||
contains the session ID formatted in a different way. If public-key
|
||||
authentication mysteriously does not work but the Event Log (see
|
||||
@ -2684,9 +2684,9 @@ helps.
|
||||
|
||||
If this bug is detected, PuTTY will sign data in the way OpenSSH
|
||||
expects. If this bug is enabled when talking to a correct server,
|
||||
SSH2 public-key authentication will fail.
|
||||
SSH-2 public-key authentication will fail.
|
||||
|
||||
This is an SSH2-specific bug.
|
||||
This is an SSH-2-specific bug.
|
||||
|
||||
\S{config-ssh-bug-rekey} \q{Handles key re-exchange badly}
|
||||
|
||||
@ -2706,7 +2706,7 @@ exchange. If this bug is enabled when talking to a correct server,
|
||||
the session should still function, but may be less secure than you
|
||||
would expect.
|
||||
|
||||
This is an SSH2-specific bug.
|
||||
This is an SSH-2-specific bug.
|
||||
|
||||
\H{config-file} Storing configuration in a file
|
||||
|
||||
|
@ -30,8 +30,8 @@ asking the machine's administrator.
|
||||
If you see this message and you know that your installation of PuTTY
|
||||
\e{has} connected to the same server before, it may have been
|
||||
recently upgraded to SSH protocol version 2. SSH protocols 1 and 2
|
||||
use separate host keys, so when you first use SSH 2 with a server
|
||||
you have only used SSH 1 with before, you will see this message
|
||||
use separate host keys, so when you first use SSH-2 with a server
|
||||
you have only used SSH-1 with before, you will see this message
|
||||
again. You should verify the correctness of the key as before.
|
||||
|
||||
See \k{gs-hostkey} for more information on host keys.
|
||||
@ -100,7 +100,7 @@ PuTTY is not able to recover from running out of memory; it will
|
||||
terminate immediately after giving this error.
|
||||
|
||||
However, this error can also occur when memory is not running out at
|
||||
all, because PuTTY receives data in the wrong format. In SSH 2 and
|
||||
all, because PuTTY receives data in the wrong format. In SSH-2 and
|
||||
also in SFTP, the server sends the length of each message before the
|
||||
message itself; so PuTTY will receive the length, try to allocate
|
||||
space for the message, and then receive the rest of the message. If
|
||||
@ -108,7 +108,7 @@ the length PuTTY receives is garbage, it will try to allocate a
|
||||
ridiculous amount of memory, and will terminate with an \q{Out of
|
||||
memory} error.
|
||||
|
||||
This can happen in SSH 2, if PuTTY and the server have not enabled
|
||||
This can happen in SSH-2, if PuTTY and the server have not enabled
|
||||
encryption in the same way (see \k{faq-outofmem} in the FAQ). Some
|
||||
versions of OpenSSH have a known problem with this: see
|
||||
\k{faq-openssh-bad-openssl}.
|
||||
@ -213,7 +213,7 @@ to tell from this error message whether the problem is in the client,
|
||||
in the server, or in between.
|
||||
|
||||
If you get this error, one thing you could try would be to fiddle
|
||||
with the setting of \q{Miscomputes SSH2 encryption keys} on the Bugs
|
||||
with the setting of \q{Miscomputes SSH-2 encryption keys} on the Bugs
|
||||
panel (see \k{config-ssh-bug-derivekey2}).
|
||||
|
||||
Another known server problem which can cause this error is described
|
||||
|
36
doc/faq.but
36
doc/faq.but
@ -45,23 +45,23 @@ page}, and see if you can find the feature there. If it's on there,
|
||||
and not in the \q{Recently fixed} section, it probably \e{hasn't} been
|
||||
implemented.
|
||||
|
||||
\S{faq-ssh2}{Question} Does PuTTY support SSH v2?
|
||||
\S{faq-ssh2}{Question} Does PuTTY support SSH-2?
|
||||
|
||||
Yes. SSH v2 support has been available in PuTTY since version 0.50.
|
||||
Yes. SSH-2 support has been available in PuTTY since version 0.50.
|
||||
|
||||
Public key authentication (both RSA and DSA) in SSH v2 is new in
|
||||
Public key authentication (both RSA and DSA) in SSH-2 is new in
|
||||
version 0.52.
|
||||
|
||||
\S{faq-ssh2-keyfmt}{Question} Does PuTTY support reading OpenSSH or
|
||||
\cw{ssh.com} SSHv2 private key files?
|
||||
\cw{ssh.com} SSH-2 private key files?
|
||||
|
||||
PuTTY doesn't support this natively, but as of 0.53
|
||||
PuTTYgen can convert both OpenSSH and \cw{ssh.com} private key
|
||||
files into PuTTY's format.
|
||||
|
||||
\S{faq-ssh1}{Question} Does PuTTY support SSH v1?
|
||||
\S{faq-ssh1}{Question} Does PuTTY support SSH-1?
|
||||
|
||||
Yes. SSH 1 support has always been available in PuTTY.
|
||||
Yes. SSH-1 support has always been available in PuTTY.
|
||||
|
||||
\S{faq-localecho}{Question} Does PuTTY support local echo?
|
||||
|
||||
@ -534,9 +534,9 @@ of quotes in the obvious way:
|
||||
received on packet}?
|
||||
|
||||
One possible cause of this that used to be common is a bug in old
|
||||
SSH 2 servers distributed by \cw{ssh.com}. (This is not the only
|
||||
SSH-2 servers distributed by \cw{ssh.com}. (This is not the only
|
||||
possible cause; see \k{errors-crc} in the documentation.)
|
||||
Version 2.3.0 and below of their SSH 2 server
|
||||
Version 2.3.0 and below of their SSH-2 server
|
||||
constructs Message Authentication Codes in the wrong way, and
|
||||
expects the client to construct them in the same wrong way. PuTTY
|
||||
constructs the MACs correctly by default, and hence these old
|
||||
@ -550,7 +550,7 @@ to work with them.
|
||||
|
||||
If you are using PuTTY version 0.51 or below, you can enable the
|
||||
workaround by going to the SSH panel and ticking the box labelled
|
||||
\q{Imitate SSH 2 MAC bug}. It's possible that you might have to do
|
||||
\q{Imitate SSH-2 MAC bug}. It's possible that you might have to do
|
||||
this with 0.52 as well, if a buggy server exists that PuTTY doesn't
|
||||
know about.
|
||||
|
||||
@ -608,7 +608,7 @@ the
|
||||
\c http://www.microsoft.com/windows95/downloads/contents/
|
||||
\c wuadmintools/s_wunetworkingtools/w95sockets2/
|
||||
|
||||
\S{faq-outofmem}{Question} After trying to establish an SSH 2
|
||||
\S{faq-outofmem}{Question} After trying to establish an SSH-2
|
||||
connection, PuTTY says \q{Out of memory} and dies.
|
||||
|
||||
If this happens just while the connection is starting up, this often
|
||||
@ -838,17 +838,17 @@ default cipher differs from many other clients.)
|
||||
|
||||
\e{OpenSSH 3.1p1:} configurations known to be broken (and symptoms):
|
||||
|
||||
\b SSH 2 with AES cipher (PuTTY says "Assertion failed! Expression:
|
||||
\b SSH-2 with AES cipher (PuTTY says "Assertion failed! Expression:
|
||||
(len & 15) == 0" in sshaes.c, or "Out of memory", or crashes)
|
||||
|
||||
\b SSH 2 with 3DES (PuTTY says "Incorrect MAC received on packet")
|
||||
\b SSH-2 with 3DES (PuTTY says "Incorrect MAC received on packet")
|
||||
|
||||
\b SSH 1 with Blowfish (PuTTY says "Incorrect CRC received on
|
||||
\b SSH-1 with Blowfish (PuTTY says "Incorrect CRC received on
|
||||
packet")
|
||||
|
||||
\b SSH 1 with 3DES
|
||||
\b SSH-1 with 3DES
|
||||
|
||||
\e{OpenSSH 3.4p1:} as of 3.4p1, only the problem with SSH 1 and
|
||||
\e{OpenSSH 3.4p1:} as of 3.4p1, only the problem with SSH-1 and
|
||||
Blowfish remains. Rebuild your server, apply the patch linked to from
|
||||
bug 138 above, or use another cipher (e.g., 3DES) instead.
|
||||
|
||||
@ -860,11 +860,11 @@ clear the underlying cause is the same.
|
||||
key from ..."? Why can PuTTYgen load my key but not PuTTY?
|
||||
|
||||
It's likely that you've generated an SSH protocol 2 key with PuTTYgen,
|
||||
but you're trying to use it in an SSH 1 connection. SSH1 and SSH2 keys
|
||||
but you're trying to use it in an SSH-1 connection. SSH-1 and SSH-2 keys
|
||||
have different formats, and (at least in 0.52) PuTTY's reporting of a
|
||||
key in the wrong format isn't optimal.
|
||||
|
||||
To connect using SSH 2 to a server that supports both versions, you
|
||||
To connect using SSH-2 to a server that supports both versions, you
|
||||
need to change the configuration from the default (see \k{faq-ssh2}).
|
||||
|
||||
\S{faq-rh8-utf8}{Question} When I'm connected to a Red Hat Linux 8.0
|
||||
@ -1177,7 +1177,7 @@ OpenSSH?
|
||||
|
||||
No, it isn't. PuTTY is almost completely composed of code written
|
||||
from scratch for PuTTY. The only code we share with OpenSSH is the
|
||||
detector for SSH1 CRC compensation attacks, written by CORE SDI S.A.
|
||||
detector for SSH-1 CRC compensation attacks, written by CORE SDI S.A.
|
||||
|
||||
\S{faq-sillyputty}{Question} Where can I buy silly putty?
|
||||
|
||||
|
@ -42,15 +42,15 @@ The options to control this are:
|
||||
\dt \e{keyfile}
|
||||
|
||||
\dd Specify a private key file to be loaded. This private key file can
|
||||
be in the (de facto standard) SSH1 key format, or in PuTTY's SSH2
|
||||
key format, or in either of the SSH2 private key formats used by
|
||||
be in the (de facto standard) SSH-1 key format, or in PuTTY's SSH-2
|
||||
key format, or in either of the SSH-2 private key formats used by
|
||||
OpenSSH and ssh.com's implementation.
|
||||
|
||||
\dt \cw{\-t} \e{keytype}
|
||||
|
||||
\dd Specify a type of key to generate. The acceptable values here are
|
||||
\c{rsa} and \c{dsa} (to generate SSH2 keys), and \c{rsa1} (to
|
||||
generate SSH1 keys).
|
||||
\c{rsa} and \c{dsa} (to generate SSH-2 keys), and \c{rsa1} (to
|
||||
generate SSH-1 keys).
|
||||
|
||||
\dt \cw{\-b} \e{bits}
|
||||
|
||||
@ -85,21 +85,21 @@ Acceptable options are:
|
||||
\dt \cw{private}
|
||||
|
||||
\dd Save the private key in a format usable by PuTTY. This will either
|
||||
be the standard SSH1 key format, or PuTTY's own SSH2 key format.
|
||||
be the standard SSH-1 key format, or PuTTY's own SSH-2 key format.
|
||||
|
||||
\dt \cw{public}
|
||||
|
||||
\dd Save the public key only. For SSH1 keys, the standard public key
|
||||
format will be used (\q{\cw{1024 37 5698745}...}). For SSH2 keys, the
|
||||
\dd Save the public key only. For SSH-1 keys, the standard public key
|
||||
format will be used (\q{\cw{1024 37 5698745}...}). For SSH-2 keys, the
|
||||
public key will be output in the format specified in the IETF
|
||||
drafts, which is a multi-line text file beginning with the line
|
||||
\q{\cw{---- BEGIN SSH2 PUBLIC KEY ----}}.
|
||||
|
||||
\dt \cw{public-openssh}
|
||||
|
||||
\dd Save the public key only, in a format usable by OpenSSH. For SSH1
|
||||
\dd Save the public key only, in a format usable by OpenSSH. For SSH-1
|
||||
keys, this output format behaves identically to \c{public}. For
|
||||
SSH2 keys, the public key will be output in the OpenSSH format,
|
||||
SSH-2 keys, the public key will be output in the OpenSSH format,
|
||||
which is a single line (\q{\cw{ssh-rsa AAAAB3NzaC1yc2}...}).
|
||||
|
||||
\dt \cw{fingerprint}
|
||||
@ -109,13 +109,13 @@ algorithms are believed compatible with OpenSSH.
|
||||
|
||||
\dt \cw{private-openssh}
|
||||
|
||||
\dd Save an SSH2 private key in OpenSSH's format. This option is not
|
||||
permitted for SSH1 keys.
|
||||
\dd Save an SSH-2 private key in OpenSSH's format. This option is not
|
||||
permitted for SSH-1 keys.
|
||||
|
||||
\dt \cw{private-sshcom}
|
||||
|
||||
\dd Save an SSH2 private key in ssh.com's format. This option is not
|
||||
permitted for SSH1 keys.
|
||||
\dd Save an SSH-2 private key in ssh.com's format. This option is not
|
||||
permitted for SSH-1 keys.
|
||||
|
||||
If no output type is specified, the default is \c{private}.
|
||||
|
||||
@ -144,7 +144,7 @@ fingerprint. Otherwise, the \c{\-o} option is required.
|
||||
|
||||
\S{puttygen-manpage-examples} EXAMPLES
|
||||
|
||||
To generate an SSH2 RSA key pair and save it in PuTTY's own format
|
||||
To generate an SSH-2 RSA key pair and save it in PuTTY's own format
|
||||
(you will be prompted for the passphrase):
|
||||
|
||||
\c puttygen -t rsa -C "my home key" -o mykey.ppk
|
||||
|
@ -193,7 +193,7 @@ tunnel all their connections. Only works in SSH.
|
||||
\dt \cw{\-A}, \cw{\-a}
|
||||
|
||||
\dd Enable (\cw{\-A}) or disable (\cw{\-a}) SSH agent forwarding.
|
||||
Currently this only works with OpenSSH and SSH1.
|
||||
Currently this only works with OpenSSH and SSH-1.
|
||||
|
||||
\dt \cw{\-X}, \cw{\-x}
|
||||
|
||||
@ -214,7 +214,7 @@ pseudo-terminal at the server end.
|
||||
|
||||
\dt \cw{\-i} \e{keyfile}
|
||||
|
||||
\dd Specify a private key file to use for authentication. For SSH2
|
||||
\dd Specify a private key file to use for authentication. For SSH-2
|
||||
keys, this key file must be in PuTTY's format, not OpenSSH's or
|
||||
anyone else's.
|
||||
|
||||
|
@ -68,9 +68,9 @@ something like this:
|
||||
For each key, the list box will tell you:
|
||||
|
||||
\b The type of the key. Currently, this can be \c{ssh1} (an RSA key
|
||||
for use with the SSH v1 protocol), \c{ssh-rsa} (an RSA key for use
|
||||
with the SSH v2 protocol), or \c{ssh-dss} (a DSA key for use with
|
||||
the SSH v2 protocol).
|
||||
for use with the SSH-1 protocol), \c{ssh-rsa} (an RSA key for use
|
||||
with the SSH-2 protocol), or \c{ssh-dss} (a DSA key for use with
|
||||
the SSH-2 protocol).
|
||||
|
||||
\b The size (in bits) of the key.
|
||||
|
||||
@ -152,7 +152,7 @@ like this:
|
||||
Agent forwarding is a mechanism that allows applications on your SSH
|
||||
server machine to talk to the agent on your client machine.
|
||||
|
||||
Note that at present, agent forwarding in SSH2 is only available
|
||||
Note that at present, agent forwarding in SSH-2 is only available
|
||||
when your SSH server is OpenSSH. The \cw{ssh.com} server uses a
|
||||
different agent protocol, which PuTTY does not yet support.
|
||||
|
||||
|
16
doc/pscp.but
16
doc/pscp.but
@ -7,8 +7,8 @@
|
||||
\i{PSCP}, the PuTTY Secure Copy client, is a tool for transferring files
|
||||
securely between computers using an SSH connection.
|
||||
|
||||
If you have an SSH 2 server, you might prefer PSFTP (see \k{psftp})
|
||||
for interactive use. PSFTP does not in general work with SSH 1
|
||||
If you have an SSH-2 server, you might prefer PSFTP (see \k{psftp})
|
||||
for interactive use. PSFTP does not in general work with SSH-1
|
||||
servers, however.
|
||||
|
||||
\H{pscp-starting} Starting PSCP
|
||||
@ -98,7 +98,7 @@ However, in the second case (using a wildcard for multiple remote
|
||||
files) you may see a warning saying something like \q{warning:
|
||||
remote host tried to write to a file called \cq{terminal.c} when we
|
||||
requested a file called \cq{*.c}. If this is a wildcard, consider
|
||||
upgrading to SSH 2 or using the \cq{-unsafe} option. Renaming of
|
||||
upgrading to SSH-2 or using the \cq{-unsafe} option. Renaming of
|
||||
this file has been disallowed}.
|
||||
|
||||
This is due to a fundamental insecurity in the old-style SCP
|
||||
@ -112,13 +112,13 @@ the wildcard matching rules are decided by the server, the client
|
||||
cannot reliably verify that the filenames sent back match the
|
||||
pattern.
|
||||
|
||||
PSCP will attempt to use the newer SFTP protocol (part of SSH 2)
|
||||
PSCP will attempt to use the newer SFTP protocol (part of SSH-2)
|
||||
where possible, which does not suffer from this security flaw. If
|
||||
you are talking to an SSH 2 server which supports SFTP, you will
|
||||
you are talking to an SSH-2 server which supports SFTP, you will
|
||||
never see this warning. (You can force use of the SFTP protocol,
|
||||
if available, with \c{-sftp} - see \k{pscp-usage-options-backend}.)
|
||||
|
||||
If you really need to use a server-side wildcard with an SSH 1
|
||||
If you really need to use a server-side wildcard with an SSH-1
|
||||
server, you can use the \c{-unsafe} command line option with PSCP:
|
||||
|
||||
\c pscp -unsafe fred@example.com:source/*.c c:\source
|
||||
@ -244,7 +244,7 @@ used, but also leads to interoperability issues such as with filename
|
||||
quoting (for instance, where filenames contain spaces), and also the
|
||||
security issue described in \k{pscp-usage-basics}.
|
||||
|
||||
The newer SFTP protocol, which is usually associated with SSH 2
|
||||
The newer SFTP protocol, which is usually associated with SSH-2
|
||||
servers, is specified in a more platform independent way, and leaves
|
||||
issues such as wildcard syntax up to the client. (PuTTY's SFTP
|
||||
wildcard syntax is described in \k{psftp-wildcards}.) This makes it
|
||||
@ -258,7 +258,7 @@ The \c{-scp} option forces PSCP to use the SCP protocol or quit.
|
||||
|
||||
The \c{-sftp} option forces PSCP to use the SFTP protocol or quit.
|
||||
When this option is specified, PSCP looks harder for an SFTP server,
|
||||
which may allow use of SFTP with SSH 1 depending on server setup.
|
||||
which may allow use of SFTP with SSH-1 depending on server setup.
|
||||
|
||||
\S{pscp-retval} Return value
|
||||
|
||||
|
@ -8,8 +8,8 @@ securely between computers using an SSH connection.
|
||||
PSFTP differs from PSCP in the following ways:
|
||||
|
||||
\b PSCP should work on virtually every SSH server. PSFTP uses the
|
||||
new SFTP protocol, which is a feature of SSH 2 only. (PSCP will also
|
||||
use this protocol if it can, but there is an SSH 1 equivalent it can
|
||||
new SFTP protocol, which is a feature of SSH-2 only. (PSCP will also
|
||||
use this protocol if it can, but there is an SSH-1 equivalent it can
|
||||
fall back to if it cannot.)
|
||||
|
||||
\b PSFTP allows you to run an interactive file transfer session,
|
||||
|
@ -114,17 +114,17 @@ Before generating a key pair using PuTTYgen, you need to select
|
||||
which type of key you need. PuTTYgen currently supports three types
|
||||
of key:
|
||||
|
||||
\b An RSA key for use with the SSH 1 protocol.
|
||||
\b An RSA key for use with the SSH-1 protocol.
|
||||
|
||||
\b An RSA key for use with the SSH 2 protocol.
|
||||
\b An RSA key for use with the SSH-2 protocol.
|
||||
|
||||
\b A DSA key for use with the SSH 2 protocol.
|
||||
\b A DSA key for use with the SSH-2 protocol.
|
||||
|
||||
The SSH 1 protocol only supports RSA keys; if you will be connecting
|
||||
using the SSH 1 protocol, you must select the first key type or your
|
||||
The SSH-1 protocol only supports RSA keys; if you will be connecting
|
||||
using the SSH-1 protocol, you must select the first key type or your
|
||||
key will be completely useless.
|
||||
|
||||
The SSH 2 protocol supports more than one key type. The two types
|
||||
The SSH-2 protocol supports more than one key type. The two types
|
||||
supported by PuTTY are RSA and DSA.
|
||||
|
||||
The PuTTY developers \e{strongly} recommend you use RSA. DSA has an
|
||||
@ -289,13 +289,13 @@ will need to tell PuTTY to use for authentication (see
|
||||
|
||||
\cfg{winhelp-topic}{puttygen.savepub}
|
||||
|
||||
The SSH 2 protocol drafts specify a standard format for storing
|
||||
The SSH-2 protocol drafts specify a standard format for storing
|
||||
public keys on disk. Some SSH servers (such as \cw{ssh.com}'s)
|
||||
require a public key in this format in order to accept
|
||||
authentication with the corresponding private key. (Others, such as
|
||||
OpenSSH, use a different format; see \k{puttygen-pastekey}.)
|
||||
|
||||
To save your public key in the SSH 2 standard format, press the
|
||||
To save your public key in the SSH-2 standard format, press the
|
||||
\q{Save public key} button in PuTTYgen. PuTTYgen will put up a
|
||||
dialog box asking you where to save the file. Select a directory,
|
||||
type in a file name, and press \q{Save}.
|
||||
@ -305,9 +305,9 @@ server machine. See \k{pubkey-gettingready} for general instructions
|
||||
on configuring public-key authentication once you have generated a
|
||||
key.
|
||||
|
||||
If you use this option with an SSH 1 key, the file PuTTYgen saves
|
||||
If you use this option with an SSH-1 key, the file PuTTYgen saves
|
||||
will contain exactly the same text that appears in the \q{Public key
|
||||
for pasting} box. This is the only existing standard for SSH 1
|
||||
for pasting} box. This is the only existing standard for SSH-1
|
||||
public keys.
|
||||
|
||||
\S{puttygen-pastekey} \q{Public key for pasting into authorized_keys
|
||||
@ -315,9 +315,9 @@ file}
|
||||
|
||||
\cfg{winhelp-topic}{puttygen.pastekey}
|
||||
|
||||
All SSH 1 servers require your public key to be given to it in a
|
||||
All SSH-1 servers require your public key to be given to it in a
|
||||
one-line format before it will accept authentication with your
|
||||
private key. The OpenSSH server also requires this for SSH 2.
|
||||
private key. The OpenSSH server also requires this for SSH-2.
|
||||
|
||||
The \q{Public key for pasting into authorized_keys file} gives the
|
||||
public-key data in the correct one-line format. Typically you will
|
||||
@ -352,23 +352,23 @@ for information about importing foreign key formats.
|
||||
|
||||
\cfg{winhelp-topic}{puttygen.conversions}
|
||||
|
||||
Most SSH1 clients use a standard format for storing private keys on
|
||||
Most SSH-1 clients use a standard format for storing private keys on
|
||||
disk. PuTTY uses this format as well; so if you have generated an
|
||||
SSH1 private key using OpenSSH or \cw{ssh.com}'s client, you can use
|
||||
SSH-1 private key using OpenSSH or \cw{ssh.com}'s client, you can use
|
||||
it with PuTTY, and vice versa.
|
||||
|
||||
However, SSH2 private keys have no standard format. OpenSSH and
|
||||
However, SSH-2 private keys have no standard format. OpenSSH and
|
||||
\cw{ssh.com} have different formats, and PuTTY's is different again.
|
||||
So a key generated with one client cannot immediately be used with
|
||||
another.
|
||||
|
||||
Using the \q{Import} command from the \q{Conversions} menu, PuTTYgen
|
||||
can load SSH2 private keys in OpenSSH's format and \cw{ssh.com}'s
|
||||
can load SSH-2 private keys in OpenSSH's format and \cw{ssh.com}'s
|
||||
format. Once you have loaded one of these key types, you can then
|
||||
save it back out as a PuTTY-format key (\c{*.PPK}) so that you can use
|
||||
it with the PuTTY suite. The passphrase will be unchanged by this
|
||||
process (unless you deliberately change it). You may want to change
|
||||
the key comment before you save the key, since OpenSSH's SSH2 key
|
||||
the key comment before you save the key, since OpenSSH's SSH-2 key
|
||||
format contains no space for a comment and \cw{ssh.com}'s default
|
||||
comment format is long and verbose.
|
||||
|
||||
@ -379,8 +379,8 @@ saving it (see \k{puttygen-savepriv}) - you need to have typed your
|
||||
passphrase in beforehand, and you will be warned if you are about to
|
||||
save a key without a passphrase.
|
||||
|
||||
Note that since only SSH2 keys come in different formats, the export
|
||||
options are not available if you have generated an SSH1 key.
|
||||
Note that since only SSH-2 keys come in different formats, the export
|
||||
options are not available if you have generated an SSH-1 key.
|
||||
|
||||
\H{pubkey-gettingready} Getting ready for public key authentication
|
||||
|
||||
@ -389,7 +389,7 @@ connection succeeds you will be prompted for your user name and
|
||||
password to login. Once logged in, you must configure the server to
|
||||
accept your public key for authentication:
|
||||
|
||||
\b If your server is using the SSH 1 protocol, you should change
|
||||
\b If your server is using the SSH-1 protocol, you should change
|
||||
into the \c{.ssh} directory and open the file \c{authorized_keys}
|
||||
with your favourite editor. (You may have to create this file if
|
||||
this is the first key you have put in it). Then switch to the
|
||||
@ -399,11 +399,11 @@ and copy it to the clipboard (\c{Ctrl+C}). Then, switch back to the
|
||||
PuTTY window and insert the data into the open file, making sure it
|
||||
ends up all on one line. Save the file.
|
||||
|
||||
\b If your server is OpenSSH and is using the SSH 2 protocol, you
|
||||
\b If your server is OpenSSH and is using the SSH-2 protocol, you
|
||||
should follow the same instructions, except that in earlier versions
|
||||
of OpenSSH 2 the file might be called \c{authorized_keys2}. (In
|
||||
modern versions the same \c{authorized_keys} file is used for both
|
||||
SSH 1 and SSH 2 keys.)
|
||||
SSH-1 and SSH-2 keys.)
|
||||
|
||||
\b If your server is \cw{ssh.com}'s SSH 2 product, you need to save
|
||||
a \e{public} key file from PuTTYgen (see \k{puttygen-savepub}), and
|
||||
|
@ -431,8 +431,8 @@ your client PC can connect to the forwarded port.
|
||||
\b The \q{Remote ports do the same} option does the same thing for
|
||||
remote-to-local port forwardings (so that machines other than the
|
||||
SSH server machine can connect to the forwarded port.) Note that
|
||||
this feature is only available in the SSH 2 protocol, and not all
|
||||
SSH 2 servers honour it (in OpenSSH, for example, it's usually
|
||||
this feature is only available in the SSH-2 protocol, and not all
|
||||
SSH-2 servers honour it (in OpenSSH, for example, it's usually
|
||||
disabled by default).
|
||||
|
||||
You can also specify an \i{IP address} to listen on. Typically a
|
||||
@ -443,8 +443,8 @@ available only to the local machine. So if you forward (for example)
|
||||
should be able to run commands such as \c{finger fred@127.0.0.5}.
|
||||
This can be useful if the program connecting to the forwarded port
|
||||
doesn't allow you to change the port number it uses. This feature is
|
||||
available for local-to-remote forwarded ports; SSH1 is unable to
|
||||
support it for remote-to-local ports, while SSH2 can support it in
|
||||
available for local-to-remote forwarded ports; SSH-1 is unable to
|
||||
support it for remote-to-local ports, while SSH-2 can support it in
|
||||
theory but servers will not necessarily cooperate.
|
||||
|
||||
(Note that if you're using Windows XP Service Pack 2, you may need
|
||||
@ -752,8 +752,8 @@ the SSH panel of the PuTTY configuration box (see
|
||||
\S2{using-cmdline-sshprot} \i\c{-1} and \i\c{-2}: specify an \i{SSH
|
||||
protocol version}
|
||||
|
||||
The \c{-1} and \c{-2} options force PuTTY to use version \I{SSH1}1
|
||||
or version \I{SSH2}2 of the SSH protocol. These options are only
|
||||
The \c{-1} and \c{-2} options force PuTTY to use version \I{SSH-1}1
|
||||
or version \I{SSH-2}2 of the SSH protocol. These options are only
|
||||
meaningful if you are using SSH.
|
||||
|
||||
These options are equivalent to selecting your preferred SSH
|
||||
|
18
import.c
18
import.c
@ -56,7 +56,7 @@ int import_possible(int type)
|
||||
int import_target_type(int type)
|
||||
{
|
||||
/*
|
||||
* There are no known foreign SSH1 key formats.
|
||||
* There are no known foreign SSH-1 key formats.
|
||||
*/
|
||||
return SSH_KEYTYPE_SSH2;
|
||||
}
|
||||
@ -78,7 +78,7 @@ int import_encrypted(const Filename *filename, int type, char **comment)
|
||||
}
|
||||
|
||||
/*
|
||||
* Import an SSH1 key.
|
||||
* Import an SSH-1 key.
|
||||
*/
|
||||
int import_ssh1(const Filename *filename, int type,
|
||||
struct RSAKey *key, char *passphrase, const char **errmsg_p)
|
||||
@ -87,7 +87,7 @@ int import_ssh1(const Filename *filename, int type,
|
||||
}
|
||||
|
||||
/*
|
||||
* Import an SSH2 key.
|
||||
* Import an SSH-2 key.
|
||||
*/
|
||||
struct ssh2_userkey *import_ssh2(const Filename *filename, int type,
|
||||
char *passphrase, const char **errmsg_p)
|
||||
@ -100,7 +100,7 @@ struct ssh2_userkey *import_ssh2(const Filename *filename, int type,
|
||||
}
|
||||
|
||||
/*
|
||||
* Export an SSH1 key.
|
||||
* Export an SSH-1 key.
|
||||
*/
|
||||
int export_ssh1(const Filename *filename, int type, struct RSAKey *key,
|
||||
char *passphrase)
|
||||
@ -109,7 +109,7 @@ int export_ssh1(const Filename *filename, int type, struct RSAKey *key,
|
||||
}
|
||||
|
||||
/*
|
||||
* Export an SSH2 key.
|
||||
* Export an SSH-2 key.
|
||||
*/
|
||||
int export_ssh2(const Filename *filename, int type,
|
||||
struct ssh2_userkey *key, char *passphrase)
|
||||
@ -918,9 +918,9 @@ int openssh_write(const Filename *filename, struct ssh2_userkey *key,
|
||||
*/
|
||||
|
||||
/*
|
||||
* The format of the base64 blob is largely ssh2-packet-formatted,
|
||||
* The format of the base64 blob is largely SSH-2-packet-formatted,
|
||||
* except that mpints are a bit different: they're more like the
|
||||
* old ssh1 mpint. You have a 32-bit bit count N, followed by
|
||||
* old SSH-1 mpint. You have a 32-bit bit count N, followed by
|
||||
* (N+7)/8 bytes of data.
|
||||
*
|
||||
* So. The blob contains:
|
||||
@ -932,7 +932,7 @@ int openssh_write(const Filename *filename, struct ssh2_userkey *key,
|
||||
* - string encrypted-blob
|
||||
*
|
||||
* (The first size field includes the size field itself and the
|
||||
* magic number before it. All other size fields are ordinary ssh2
|
||||
* magic number before it. All other size fields are ordinary SSH-2
|
||||
* strings, so the size field indicates how much data is to
|
||||
* _follow_.)
|
||||
*
|
||||
@ -977,7 +977,7 @@ int openssh_write(const Filename *filename, struct ssh2_userkey *key,
|
||||
* `dl-modp{sign{dsa' prefixes.
|
||||
*
|
||||
* Finally, the encryption. The cipher-type string appears to be
|
||||
* either `none' or `3des-cbc'. Looks as if this is SSH2-style
|
||||
* either `none' or `3des-cbc'. Looks as if this is SSH-2-style
|
||||
* 3des-cbc (i.e. outer cbc rather than inner). The key is created
|
||||
* from the passphrase by means of yet another hashing faff:
|
||||
*
|
||||
|
2
pscp.c
2
pscp.c
@ -1827,7 +1827,7 @@ static void sink(char *targ, char *src)
|
||||
tell_user(stderr, " when we requested a file "
|
||||
"called '%s'.", stripsrc);
|
||||
tell_user(stderr, " If this is a wildcard, "
|
||||
"consider upgrading to SSH 2 or using");
|
||||
"consider upgrading to SSH-2 or using");
|
||||
tell_user(stderr, " the '-unsafe' option. Renaming"
|
||||
" of this file has been disallowed.");
|
||||
/* Override the name the server provided with our own. */
|
||||
|
2
psftp.c
2
psftp.c
@ -2743,7 +2743,7 @@ static int psftp_connect(char *userhost, char *user, int portnumber)
|
||||
cfg.nopty = TRUE;
|
||||
|
||||
/*
|
||||
* Set up fallback option, for SSH1 servers or servers with the
|
||||
* Set up fallback option, for SSH-1 servers or servers with the
|
||||
* sftp subsystem not enabled but the server binary installed
|
||||
* in the usual place. We only support fallback on Unix
|
||||
* systems, and we use a kludgy piece of shellery which should
|
||||
|
10
putty.h
10
putty.h
@ -245,12 +245,12 @@ enum {
|
||||
|
||||
enum {
|
||||
/*
|
||||
* SSH ciphers (both SSH1 and SSH2)
|
||||
* SSH ciphers (both SSH-1 and SSH-2)
|
||||
*/
|
||||
CIPHER_WARN, /* pseudo 'cipher' */
|
||||
CIPHER_3DES,
|
||||
CIPHER_BLOWFISH,
|
||||
CIPHER_AES, /* (SSH 2 only) */
|
||||
CIPHER_AES, /* (SSH-2 only) */
|
||||
CIPHER_DES,
|
||||
CIPHER_MAX /* no. ciphers (inc warn) */
|
||||
};
|
||||
@ -415,11 +415,11 @@ struct config_tag {
|
||||
int ssh_rekey_time; /* in minutes */
|
||||
char ssh_rekey_data[16];
|
||||
int agentfwd;
|
||||
int change_username; /* allow username switching in SSH2 */
|
||||
int change_username; /* allow username switching in SSH-2 */
|
||||
int ssh_cipherlist[CIPHER_MAX];
|
||||
Filename keyfile;
|
||||
int sshprot; /* use v1 or v2 when both available */
|
||||
int ssh2_des_cbc; /* "des-cbc" nonstandard SSH2 cipher */
|
||||
int ssh2_des_cbc; /* "des-cbc" unrecommended SSH-2 cipher */
|
||||
int try_tis_auth;
|
||||
int try_ki_auth;
|
||||
int ssh_subsys; /* run a subsystem rather than a command */
|
||||
@ -524,7 +524,7 @@ struct config_tag {
|
||||
int x11_auth;
|
||||
/* port forwarding */
|
||||
int lport_acceptall; /* accept conns from hosts other than localhost */
|
||||
int rport_acceptall; /* same for remote forwarded ports (SSH2 only) */
|
||||
int rport_acceptall; /* same for remote forwarded ports (SSH-2 only) */
|
||||
/*
|
||||
* The port forwarding string contains a number of
|
||||
* NUL-terminated substrings, terminated in turn by an empty
|
||||
|
116
ssh.c
116
ssh.c
@ -342,18 +342,18 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
|
||||
*
|
||||
* - SSH1_BUFFER_LIMIT is the amount of backlog that must build up
|
||||
* on a local data stream before we throttle the whole SSH
|
||||
* connection (in SSH1 only). Throttling the whole connection is
|
||||
* connection (in SSH-1 only). Throttling the whole connection is
|
||||
* pretty drastic so we set this high in the hope it won't
|
||||
* happen very often.
|
||||
*
|
||||
* - SSH_MAX_BACKLOG is the amount of backlog that must build up
|
||||
* on the SSH connection itself before we defensively throttle
|
||||
* _all_ local data streams. This is pretty drastic too (though
|
||||
* thankfully unlikely in SSH2 since the window mechanism should
|
||||
* thankfully unlikely in SSH-2 since the window mechanism should
|
||||
* ensure that the server never has any need to throttle its end
|
||||
* of the connection), so we set this high as well.
|
||||
*
|
||||
* - OUR_V2_WINSIZE is the maximum window size we present on SSH2
|
||||
* - OUR_V2_WINSIZE is the maximum window size we present on SSH-2
|
||||
* channels.
|
||||
*/
|
||||
|
||||
@ -439,7 +439,7 @@ struct ssh_channel {
|
||||
/* True if we opened this channel but server hasn't confirmed. */
|
||||
int halfopen;
|
||||
/*
|
||||
* In SSH1, this value contains four bits:
|
||||
* In SSH-1, this value contains four bits:
|
||||
*
|
||||
* 1 We have sent SSH1_MSG_CHANNEL_CLOSE.
|
||||
* 2 We have sent SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION.
|
||||
@ -475,11 +475,11 @@ struct ssh_channel {
|
||||
};
|
||||
|
||||
/*
|
||||
* 2-3-4 tree storing remote->local port forwardings. SSH 1 and SSH
|
||||
* 2 use this structure in different ways, reflecting SSH 2's
|
||||
* 2-3-4 tree storing remote->local port forwardings. SSH-1 and SSH-2
|
||||
* use this structure in different ways, reflecting SSH-2's
|
||||
* altogether saner approach to port forwarding.
|
||||
*
|
||||
* In SSH 1, you arrange a remote forwarding by sending the server
|
||||
* In SSH-1, you arrange a remote forwarding by sending the server
|
||||
* the remote port number, and the local destination host:port.
|
||||
* When a connection comes in, the server sends you back that
|
||||
* host:port pair, and you connect to it. This is a ready-made
|
||||
@ -491,15 +491,15 @@ struct ssh_channel {
|
||||
* host:port pairs we _are_ trying to forward to, and reject a
|
||||
* connection request from the server if it's not in the list.
|
||||
*
|
||||
* In SSH 2, each side of the connection minds its own business and
|
||||
* In SSH-2, each side of the connection minds its own business and
|
||||
* doesn't send unnecessary information to the other. You arrange a
|
||||
* remote forwarding by sending the server just the remote port
|
||||
* number. When a connection comes in, the server tells you which
|
||||
* of its ports was connected to; and _you_ have to remember what
|
||||
* local host:port pair went with that port number.
|
||||
*
|
||||
* Hence, in SSH 1 this structure is indexed by destination
|
||||
* host:port pair, whereas in SSH 2 it is indexed by source port.
|
||||
* Hence, in SSH-1 this structure is indexed by destination
|
||||
* host:port pair, whereas in SSH-2 it is indexed by source port.
|
||||
*/
|
||||
struct ssh_portfwd; /* forward declaration */
|
||||
|
||||
@ -542,7 +542,7 @@ struct Packet {
|
||||
unsigned char *body;
|
||||
long savedpos;
|
||||
long maxlen;
|
||||
long encrypted_len; /* for SSH2 total-size counting */
|
||||
long encrypted_len; /* for SSH-2 total-size counting */
|
||||
|
||||
/*
|
||||
* State associated with packet logging
|
||||
@ -710,7 +710,7 @@ struct ssh_tag {
|
||||
struct rdpkt1_state_tag rdpkt1_state;
|
||||
struct rdpkt2_state_tag rdpkt2_state;
|
||||
|
||||
/* ssh1 and ssh2 use this for different things, but both use it */
|
||||
/* SSH-1 and SSH-2 use this for different things, but both use it */
|
||||
int protocol_initial_phase_done;
|
||||
|
||||
void (*protocol) (Ssh ssh, void *vin, int inlen,
|
||||
@ -1558,7 +1558,7 @@ static void sha_uint32(SHA_State * s, unsigned i)
|
||||
}
|
||||
|
||||
/*
|
||||
* SSH2 packet construction functions.
|
||||
* SSH-2 packet construction functions.
|
||||
*/
|
||||
static void ssh2_pkt_ensure(struct Packet *pkt, int length)
|
||||
{
|
||||
@ -1650,7 +1650,7 @@ static void ssh2_pkt_addmp(struct Packet *pkt, Bignum b)
|
||||
}
|
||||
|
||||
/*
|
||||
* Construct an SSH2 final-form packet: compress it, encrypt it,
|
||||
* Construct an SSH-2 final-form packet: compress it, encrypt it,
|
||||
* put the MAC on it. Final packet, ready to be sent, is stored in
|
||||
* pkt->data. Total length is returned.
|
||||
*/
|
||||
@ -1748,7 +1748,7 @@ static int ssh2_pkt_construct(Ssh ssh, struct Packet *pkt)
|
||||
*/
|
||||
|
||||
/*
|
||||
* Send an SSH2 packet immediately, without queuing or deferring.
|
||||
* Send an SSH-2 packet immediately, without queuing or deferring.
|
||||
*/
|
||||
static void ssh2_pkt_send_noqueue(Ssh ssh, struct Packet *pkt)
|
||||
{
|
||||
@ -1769,7 +1769,7 @@ static void ssh2_pkt_send_noqueue(Ssh ssh, struct Packet *pkt)
|
||||
}
|
||||
|
||||
/*
|
||||
* Defer an SSH2 packet.
|
||||
* Defer an SSH-2 packet.
|
||||
*/
|
||||
static void ssh2_pkt_defer_noqueue(Ssh ssh, struct Packet *pkt)
|
||||
{
|
||||
@ -1787,7 +1787,7 @@ static void ssh2_pkt_defer_noqueue(Ssh ssh, struct Packet *pkt)
|
||||
}
|
||||
|
||||
/*
|
||||
* Queue an SSH2 packet.
|
||||
* Queue an SSH-2 packet.
|
||||
*/
|
||||
static void ssh2_pkt_queue(Ssh ssh, struct Packet *pkt)
|
||||
{
|
||||
@ -1829,7 +1829,7 @@ static void ssh2_pkt_defer(Ssh ssh, struct Packet *pkt)
|
||||
|
||||
/*
|
||||
* Send the whole deferred data block constructed by
|
||||
* ssh2_pkt_defer() or SSH1's defer_packet().
|
||||
* ssh2_pkt_defer() or SSH-1's defer_packet().
|
||||
*
|
||||
* The expected use of the defer mechanism is that you call
|
||||
* ssh2_pkt_defer() a few times, then call ssh_pkt_defersend(). If
|
||||
@ -1860,7 +1860,7 @@ static void ssh_pkt_defersend(Ssh ssh)
|
||||
}
|
||||
|
||||
/*
|
||||
* Send all queued SSH2 packets. We send them by means of
|
||||
* Send all queued SSH-2 packets. We send them by means of
|
||||
* ssh2_pkt_defer_noqueue(), in case they included a pair of
|
||||
* packets that needed to be lumped together.
|
||||
*/
|
||||
@ -1901,7 +1901,7 @@ static void sha_mpint(SHA_State * s, Bignum b)
|
||||
}
|
||||
|
||||
/*
|
||||
* Packet decode functions for both SSH1 and SSH2.
|
||||
* Packet decode functions for both SSH-1 and SSH-2.
|
||||
*/
|
||||
static unsigned long ssh_pkt_getuint32(struct Packet *pkt)
|
||||
{
|
||||
@ -1992,7 +1992,7 @@ static Bignum ssh2_pkt_getmp(struct Packet *pkt)
|
||||
}
|
||||
|
||||
/*
|
||||
* Helper function to add an SSH2 signature blob to a packet.
|
||||
* Helper function to add an SSH-2 signature blob to a packet.
|
||||
* Expects to be shown the public key blob as well as the signature
|
||||
* blob. Normally works just like ssh2_pkt_addstring, but will
|
||||
* fiddle with the signature packet if necessary for
|
||||
@ -2088,7 +2088,7 @@ static void ssh_detect_bugs(Ssh ssh, char *vstring)
|
||||
* sniffing.
|
||||
*/
|
||||
ssh->remote_bugs |= BUG_CHOKES_ON_SSH1_IGNORE;
|
||||
logevent("We believe remote version has SSH1 ignore bug");
|
||||
logevent("We believe remote version has SSH-1 ignore bug");
|
||||
}
|
||||
|
||||
if (ssh->cfg.sshbug_plainpw1 == FORCE_ON ||
|
||||
@ -2100,7 +2100,7 @@ static void ssh_detect_bugs(Ssh ssh, char *vstring)
|
||||
* the password.
|
||||
*/
|
||||
ssh->remote_bugs |= BUG_NEEDS_SSH1_PLAIN_PASSWORD;
|
||||
logevent("We believe remote version needs a plain SSH1 password");
|
||||
logevent("We believe remote version needs a plain SSH-1 password");
|
||||
}
|
||||
|
||||
if (ssh->cfg.sshbug_rsa1 == FORCE_ON ||
|
||||
@ -2125,7 +2125,7 @@ static void ssh_detect_bugs(Ssh ssh, char *vstring)
|
||||
* These versions have the HMAC bug.
|
||||
*/
|
||||
ssh->remote_bugs |= BUG_SSH2_HMAC;
|
||||
logevent("We believe remote version has SSH2 HMAC bug");
|
||||
logevent("We believe remote version has SSH-2 HMAC bug");
|
||||
}
|
||||
|
||||
if (ssh->cfg.sshbug_derivekey2 == FORCE_ON ||
|
||||
@ -2138,7 +2138,7 @@ static void ssh_detect_bugs(Ssh ssh, char *vstring)
|
||||
* generate the keys).
|
||||
*/
|
||||
ssh->remote_bugs |= BUG_SSH2_DERIVEKEY;
|
||||
logevent("We believe remote version has SSH2 key-derivation bug");
|
||||
logevent("We believe remote version has SSH-2 key-derivation bug");
|
||||
}
|
||||
|
||||
if (ssh->cfg.sshbug_rsapad2 == FORCE_ON ||
|
||||
@ -2146,21 +2146,21 @@ static void ssh_detect_bugs(Ssh ssh, char *vstring)
|
||||
(wc_match("OpenSSH_2.[5-9]*", imp) ||
|
||||
wc_match("OpenSSH_3.[0-2]*", imp)))) {
|
||||
/*
|
||||
* These versions have the SSH2 RSA padding bug.
|
||||
* These versions have the SSH-2 RSA padding bug.
|
||||
*/
|
||||
ssh->remote_bugs |= BUG_SSH2_RSA_PADDING;
|
||||
logevent("We believe remote version has SSH2 RSA padding bug");
|
||||
logevent("We believe remote version has SSH-2 RSA padding bug");
|
||||
}
|
||||
|
||||
if (ssh->cfg.sshbug_pksessid2 == FORCE_ON ||
|
||||
(ssh->cfg.sshbug_pksessid2 == AUTO &&
|
||||
wc_match("OpenSSH_2.[0-2]*", imp))) {
|
||||
/*
|
||||
* These versions have the SSH2 session-ID bug in
|
||||
* These versions have the SSH-2 session-ID bug in
|
||||
* public-key authentication.
|
||||
*/
|
||||
ssh->remote_bugs |= BUG_SSH2_PK_SESSIONID;
|
||||
logevent("We believe remote version has SSH2 public-key-session-ID bug");
|
||||
logevent("We believe remote version has SSH-2 public-key-session-ID bug");
|
||||
}
|
||||
|
||||
if (ssh->cfg.sshbug_rekey2 == FORCE_ON ||
|
||||
@ -2170,10 +2170,10 @@ static void ssh_detect_bugs(Ssh ssh, char *vstring)
|
||||
wc_match("Sun_SSH_1.0", imp) ||
|
||||
wc_match("Sun_SSH_1.0.1", imp)))) {
|
||||
/*
|
||||
* These versions have the SSH2 rekey bug.
|
||||
* These versions have the SSH-2 rekey bug.
|
||||
*/
|
||||
ssh->remote_bugs |= BUG_SSH2_REKEY;
|
||||
logevent("We believe remote version has SSH2 rekey bug");
|
||||
logevent("We believe remote version has SSH-2 rekey bug");
|
||||
}
|
||||
}
|
||||
|
||||
@ -2314,14 +2314,14 @@ static int do_ssh_init(Ssh ssh, unsigned char c)
|
||||
strcspn(s->vstring, "\015\012"));
|
||||
|
||||
/*
|
||||
* Initialise SSHv2 protocol.
|
||||
* Initialise SSH-2 protocol.
|
||||
*/
|
||||
ssh->protocol = ssh2_protocol;
|
||||
ssh2_protocol_setup(ssh);
|
||||
ssh->s_rdpkt = ssh2_rdpkt;
|
||||
} else {
|
||||
/*
|
||||
* Initialise SSHv1 protocol.
|
||||
* Initialise SSH-1 protocol.
|
||||
*/
|
||||
ssh->protocol = ssh1_protocol;
|
||||
ssh1_protocol_setup(ssh);
|
||||
@ -2661,7 +2661,7 @@ static void ssh_throttle_all(Ssh ssh, int enable, int bufsize)
|
||||
|
||||
/*
|
||||
* Username and password input, abstracted off into routines
|
||||
* reusable in several places - even between SSH1 and SSH2.
|
||||
* reusable in several places - even between SSH-1 and SSH-2.
|
||||
*/
|
||||
|
||||
/* Set up a username or password input loop on a given buffer. */
|
||||
@ -2841,14 +2841,14 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
|
||||
|
||||
ptr = ssh_pkt_getdata(pktin, 8);
|
||||
if (!ptr) {
|
||||
bombout(("SSH1 public key packet stopped before random cookie"));
|
||||
bombout(("SSH-1 public key packet stopped before random cookie"));
|
||||
crStop(0);
|
||||
}
|
||||
memcpy(cookie, ptr, 8);
|
||||
|
||||
if (!ssh1_pkt_getrsakey(pktin, &servkey, &s->keystr1) ||
|
||||
!ssh1_pkt_getrsakey(pktin, &hostkey, &s->keystr2)) {
|
||||
bombout(("Failed to read SSH1 public keys from public key packet"));
|
||||
bombout(("Failed to read SSH-1 public keys from public key packet"));
|
||||
crStop(0);
|
||||
}
|
||||
|
||||
@ -2887,7 +2887,7 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
|
||||
*/
|
||||
if (hostkey.bits > hostkey.bytes * 8 ||
|
||||
servkey.bits > servkey.bytes * 8) {
|
||||
bombout(("SSH1 public keys were badly formatted"));
|
||||
bombout(("SSH-1 public keys were badly formatted"));
|
||||
crStop(0);
|
||||
}
|
||||
|
||||
@ -2954,7 +2954,7 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
|
||||
ret = rsaencrypt(s->rsabuf, hostkey.bytes, &servkey);
|
||||
}
|
||||
if (!ret) {
|
||||
bombout(("SSH1 public key encryptions failed due to bad formatting"));
|
||||
bombout(("SSH-1 public key encryptions failed due to bad formatting"));
|
||||
crStop(0);
|
||||
}
|
||||
|
||||
@ -2971,7 +2971,7 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
|
||||
warn = 1;
|
||||
} else if (next_cipher == CIPHER_AES) {
|
||||
/* XXX Probably don't need to mention this. */
|
||||
logevent("AES not supported in SSH1, skipping");
|
||||
logevent("AES not supported in SSH-1, skipping");
|
||||
} else {
|
||||
switch (next_cipher) {
|
||||
case CIPHER_3DES: s->cipher_type = SSH_CIPHER_3DES;
|
||||
@ -2987,7 +2987,7 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
|
||||
}
|
||||
if (!cipher_chosen) {
|
||||
if ((s->supported_ciphers_mask & (1 << SSH_CIPHER_3DES)) == 0)
|
||||
bombout(("Server violates SSH 1 protocol by not "
|
||||
bombout(("Server violates SSH-1 protocol by not "
|
||||
"supporting 3DES encryption"));
|
||||
else
|
||||
/* shouldn't happen */
|
||||
@ -3177,7 +3177,7 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
|
||||
s->p = s->response + 5;
|
||||
s->nkeys = GET_32BIT(s->p);
|
||||
s->p += 4;
|
||||
logeventf(ssh, "Pageant has %d SSH1 keys", s->nkeys);
|
||||
logeventf(ssh, "Pageant has %d SSH-1 keys", s->nkeys);
|
||||
for (s->keyi = 0; s->keyi < s->nkeys; s->keyi++) {
|
||||
logeventf(ssh, "Trying Pageant key #%d", s->keyi);
|
||||
if (s->publickey_blob &&
|
||||
@ -3732,7 +3732,7 @@ int sshfwd_write(struct ssh_channel *c, char *buf, int len)
|
||||
PKT_INT, len, PKT_DATA, buf, len,
|
||||
PKTT_OTHER, PKT_END);
|
||||
/*
|
||||
* In SSH1 we can return 0 here - implying that forwarded
|
||||
* In SSH-1 we can return 0 here - implying that forwarded
|
||||
* connections are never individually throttled - because
|
||||
* the only circumstance that can cause throttling will be
|
||||
* the whole SSH connection backing up, in which case
|
||||
@ -3902,7 +3902,7 @@ static void ssh_setup_portfwd(Ssh ssh, const Config *cfg)
|
||||
portfwd_strptr++;
|
||||
sports[n] = '\0';
|
||||
if (ssh->version == 1 && type == 'R') {
|
||||
logeventf(ssh, "SSH1 cannot handle remote source address "
|
||||
logeventf(ssh, "SSH-1 cannot handle remote source address "
|
||||
"spec \"%s\"; ignoring", sports);
|
||||
} else
|
||||
strcpy(saddr, sports);
|
||||
@ -4023,7 +4023,7 @@ static void ssh_setup_portfwd(Ssh ssh, const Config *cfg)
|
||||
if (ssh->version == 1) {
|
||||
/*
|
||||
* We cannot cancel listening ports on the
|
||||
* server side in SSH1! There's no message
|
||||
* server side in SSH-1! There's no message
|
||||
* to support it. Instead, we simply remove
|
||||
* the rportfwd record from the local end
|
||||
* so that any connections the server tries
|
||||
@ -4612,7 +4612,7 @@ static void do_ssh1_connection(Ssh ssh, unsigned char *in, int inlen,
|
||||
/*
|
||||
* Start the shell or command.
|
||||
*
|
||||
* Special case: if the first-choice command is an SSH2
|
||||
* Special case: if the first-choice command is an SSH-2
|
||||
* subsystem (hence not usable here) and the second choice
|
||||
* exists, we fall straight back to that.
|
||||
*/
|
||||
@ -4677,7 +4677,7 @@ static void do_ssh1_connection(Ssh ssh, unsigned char *in, int inlen,
|
||||
}
|
||||
|
||||
/*
|
||||
* Handle the top-level SSH2 protocol.
|
||||
* Handle the top-level SSH-2 protocol.
|
||||
*/
|
||||
static void ssh1_msg_debug(Ssh ssh, struct Packet *pktin)
|
||||
{
|
||||
@ -4797,7 +4797,7 @@ static int first_in_commasep_string(char *needle, char *haystack, int haylen)
|
||||
|
||||
|
||||
/*
|
||||
* SSH2 key creation method.
|
||||
* SSH-2 key creation method.
|
||||
*/
|
||||
static void ssh2_mkkey(Ssh ssh, Bignum K, unsigned char *H,
|
||||
unsigned char *sessid, char chr,
|
||||
@ -4822,7 +4822,7 @@ static void ssh2_mkkey(Ssh ssh, Bignum K, unsigned char *H,
|
||||
}
|
||||
|
||||
/*
|
||||
* Handle the SSH2 transport layer.
|
||||
* Handle the SSH-2 transport layer.
|
||||
*/
|
||||
static int do_ssh2_transport(Ssh ssh, void *vin, int inlen,
|
||||
struct Packet *pktin)
|
||||
@ -5635,7 +5635,7 @@ static int do_ssh2_transport(Ssh ssh, void *vin, int inlen,
|
||||
}
|
||||
|
||||
/*
|
||||
* Add data to an SSH2 channel output buffer.
|
||||
* Add data to an SSH-2 channel output buffer.
|
||||
*/
|
||||
static void ssh2_add_channel_data(struct ssh_channel *c, char *buf,
|
||||
int len)
|
||||
@ -5644,7 +5644,7 @@ static void ssh2_add_channel_data(struct ssh_channel *c, char *buf,
|
||||
}
|
||||
|
||||
/*
|
||||
* Attempt to send data on an SSH2 channel.
|
||||
* Attempt to send data on an SSH-2 channel.
|
||||
*/
|
||||
static int ssh2_try_send(struct ssh_channel *c)
|
||||
{
|
||||
@ -5678,7 +5678,7 @@ static int ssh2_try_send(struct ssh_channel *c)
|
||||
}
|
||||
|
||||
/*
|
||||
* Potentially enlarge the window on an SSH2 channel.
|
||||
* Potentially enlarge the window on an SSH-2 channel.
|
||||
*/
|
||||
static void ssh2_set_window(struct ssh_channel *c, unsigned newwin)
|
||||
{
|
||||
@ -5875,7 +5875,7 @@ static void ssh2_msg_channel_close(Ssh ssh, struct Packet *pktin)
|
||||
/*
|
||||
* We used to send SSH_MSG_DISCONNECT here,
|
||||
* because I'd believed that _every_ conforming
|
||||
* SSH2 connection had to end with a disconnect
|
||||
* SSH-2 connection had to end with a disconnect
|
||||
* being sent by at least one side; apparently
|
||||
* I was wrong and it's perfectly OK to
|
||||
* unceremoniously slam the connection shut
|
||||
@ -6238,7 +6238,7 @@ static void ssh2_msg_channel_open(Ssh ssh, struct Packet *pktin)
|
||||
}
|
||||
|
||||
/*
|
||||
* Handle the SSH2 userauth and connection layers.
|
||||
* Handle the SSH-2 userauth and connection layers.
|
||||
*/
|
||||
static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
|
||||
struct Packet *pktin)
|
||||
@ -6585,7 +6585,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
|
||||
s->p = s->response + 5;
|
||||
s->nkeys = GET_32BIT(s->p);
|
||||
s->p += 4;
|
||||
logeventf(ssh, "Pageant has %d SSH2 keys", s->nkeys);
|
||||
logeventf(ssh, "Pageant has %d SSH-2 keys", s->nkeys);
|
||||
for (s->keyi = 0; s->keyi < s->nkeys; s->keyi++) {
|
||||
void *vret;
|
||||
|
||||
@ -7445,7 +7445,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
|
||||
}
|
||||
|
||||
/*
|
||||
* Handlers for SSH2 messages that might arrive at any moment.
|
||||
* Handlers for SSH-2 messages that might arrive at any moment.
|
||||
*/
|
||||
static void ssh2_msg_disconnect(Ssh ssh, struct Packet *pktin)
|
||||
{
|
||||
@ -7503,7 +7503,7 @@ static void ssh2_msg_something_unimplemented(Ssh ssh, struct Packet *pktin)
|
||||
}
|
||||
|
||||
/*
|
||||
* Handle the top-level SSH2 protocol.
|
||||
* Handle the top-level SSH-2 protocol.
|
||||
*/
|
||||
static void ssh2_protocol_setup(Ssh ssh)
|
||||
{
|
||||
@ -7557,7 +7557,7 @@ static void ssh2_protocol_setup(Ssh ssh)
|
||||
* These special message types we install handlers for.
|
||||
*/
|
||||
ssh->packet_dispatch[SSH2_MSG_DISCONNECT] = ssh2_msg_disconnect;
|
||||
ssh->packet_dispatch[SSH2_MSG_IGNORE] = ssh_msg_ignore; /* shared with ssh1 */
|
||||
ssh->packet_dispatch[SSH2_MSG_IGNORE] = ssh_msg_ignore; /* shared with SSH-1 */
|
||||
ssh->packet_dispatch[SSH2_MSG_DEBUG] = ssh2_msg_debug;
|
||||
}
|
||||
|
||||
@ -8070,7 +8070,7 @@ static void ssh_special(void *handle, Telnet_Special code)
|
||||
if (ssh->state == SSH_STATE_CLOSED
|
||||
|| ssh->state == SSH_STATE_PREPACKET) return;
|
||||
if (ssh->version == 1) {
|
||||
logevent("Unable to send BREAK signal in SSH1");
|
||||
logevent("Unable to send BREAK signal in SSH-1");
|
||||
} else if (ssh->mainchan) {
|
||||
pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
|
||||
ssh2_pkt_adduint32(pktout, ssh->mainchan->remoteid);
|
||||
|
14
ssh.h
14
ssh.h
@ -137,7 +137,7 @@ void SHA512_Simple(const void *p, int len, unsigned char *output);
|
||||
struct ssh_cipher {
|
||||
void *(*make_context)(void);
|
||||
void (*free_context)(void *);
|
||||
void (*sesskey) (void *, unsigned char *key); /* for ssh 1 */
|
||||
void (*sesskey) (void *, unsigned char *key); /* for SSH-1 */
|
||||
void (*encrypt) (void *, unsigned char *blk, int len);
|
||||
void (*decrypt) (void *, unsigned char *blk, int len);
|
||||
int blksize;
|
||||
@ -147,8 +147,8 @@ struct ssh_cipher {
|
||||
struct ssh2_cipher {
|
||||
void *(*make_context)(void);
|
||||
void (*free_context)(void *);
|
||||
void (*setiv) (void *, unsigned char *key); /* for ssh 2 */
|
||||
void (*setkey) (void *, unsigned char *key);/* for ssh 2 */
|
||||
void (*setiv) (void *, unsigned char *key); /* for SSH-2 */
|
||||
void (*setkey) (void *, unsigned char *key);/* for SSH-2 */
|
||||
void (*encrypt) (void *, unsigned char *blk, int len);
|
||||
void (*decrypt) (void *, unsigned char *blk, int len);
|
||||
char *name;
|
||||
@ -441,7 +441,7 @@ int zlib_decompress_block(void *, unsigned char *block, int len,
|
||||
unsigned char **outblock, int *outlen);
|
||||
|
||||
/*
|
||||
* SSH1 agent messages.
|
||||
* SSH-1 agent messages.
|
||||
*/
|
||||
#define SSH1_AGENTC_REQUEST_RSA_IDENTITIES 1
|
||||
#define SSH1_AGENT_RSA_IDENTITIES_ANSWER 2
|
||||
@ -452,13 +452,13 @@ int zlib_decompress_block(void *, unsigned char *block, int len,
|
||||
#define SSH1_AGENTC_REMOVE_ALL_RSA_IDENTITIES 9 /* openssh private? */
|
||||
|
||||
/*
|
||||
* Messages common to SSH1 and OpenSSH's SSH2.
|
||||
* Messages common to SSH-1 and OpenSSH's SSH-2.
|
||||
*/
|
||||
#define SSH_AGENT_FAILURE 5
|
||||
#define SSH_AGENT_SUCCESS 6
|
||||
|
||||
/*
|
||||
* OpenSSH's SSH2 agent messages.
|
||||
* OpenSSH's SSH-2 agent messages.
|
||||
*/
|
||||
#define SSH2_AGENTC_REQUEST_IDENTITIES 11
|
||||
#define SSH2_AGENT_IDENTITIES_ANSWER 12
|
||||
@ -469,7 +469,7 @@ int zlib_decompress_block(void *, unsigned char *block, int len,
|
||||
#define SSH2_AGENTC_REMOVE_ALL_IDENTITIES 19
|
||||
|
||||
/*
|
||||
* Need this to warn about support for the original SSH2 keyfile
|
||||
* Need this to warn about support for the original SSH-2 keyfile
|
||||
* format.
|
||||
*/
|
||||
void old_keyfile_warning(void);
|
||||
|
@ -483,7 +483,7 @@ static void *blowfish_make_context(void)
|
||||
|
||||
static void *blowfish_ssh1_make_context(void)
|
||||
{
|
||||
/* In SSH1, need one key for each direction */
|
||||
/* In SSH-1, need one key for each direction */
|
||||
return snewn(2, BlowfishContext);
|
||||
}
|
||||
|
||||
|
10
sshbn.c
10
sshbn.c
@ -558,7 +558,7 @@ Bignum bignum_from_bytes(const unsigned char *data, int nbytes)
|
||||
}
|
||||
|
||||
/*
|
||||
* Read an ssh1-format bignum from a data buffer. Return the number
|
||||
* Read an SSH-1-format bignum from a data buffer. Return the number
|
||||
* of bytes consumed, or -1 if there wasn't enough data.
|
||||
*/
|
||||
int ssh1_read_bignum(const unsigned char *data, int len, Bignum * result)
|
||||
@ -587,7 +587,7 @@ int ssh1_read_bignum(const unsigned char *data, int len, Bignum * result)
|
||||
}
|
||||
|
||||
/*
|
||||
* Return the bit count of a bignum, for ssh1 encoding.
|
||||
* Return the bit count of a bignum, for SSH-1 encoding.
|
||||
*/
|
||||
int bignum_bitcount(Bignum bn)
|
||||
{
|
||||
@ -598,7 +598,7 @@ int bignum_bitcount(Bignum bn)
|
||||
}
|
||||
|
||||
/*
|
||||
* Return the byte length of a bignum when ssh1 encoded.
|
||||
* Return the byte length of a bignum when SSH-1 encoded.
|
||||
*/
|
||||
int ssh1_bignum_length(Bignum bn)
|
||||
{
|
||||
@ -606,7 +606,7 @@ int ssh1_bignum_length(Bignum bn)
|
||||
}
|
||||
|
||||
/*
|
||||
* Return the byte length of a bignum when ssh2 encoded.
|
||||
* Return the byte length of a bignum when SSH-2 encoded.
|
||||
*/
|
||||
int ssh2_bignum_length(Bignum bn)
|
||||
{
|
||||
@ -654,7 +654,7 @@ void bignum_set_bit(Bignum bn, int bitnum, int value)
|
||||
}
|
||||
|
||||
/*
|
||||
* Write a ssh1-format bignum into a buffer. It is assumed the
|
||||
* Write a SSH-1-format bignum into a buffer. It is assumed the
|
||||
* buffer is big enough. Returns the number of bytes used.
|
||||
*/
|
||||
int ssh1_write_bignum(void *data, Bignum bn)
|
||||
|
6
sshdes.c
6
sshdes.c
@ -751,7 +751,7 @@ static void *des3_make_context(void)
|
||||
|
||||
static void *des3_ssh1_make_context(void)
|
||||
{
|
||||
/* Need 3 keys for each direction, in SSH1 */
|
||||
/* Need 3 keys for each direction, in SSH-1 */
|
||||
return snewn(6, DESContext);
|
||||
}
|
||||
|
||||
@ -762,7 +762,7 @@ static void *des_make_context(void)
|
||||
|
||||
static void *des_ssh1_make_context(void)
|
||||
{
|
||||
/* Need one key for each direction, in SSH1 */
|
||||
/* Need one key for each direction, in SSH-1 */
|
||||
return snewn(2, DESContext);
|
||||
}
|
||||
|
||||
@ -942,7 +942,7 @@ static const struct ssh2_cipher ssh_3des_ssh2 = {
|
||||
};
|
||||
|
||||
/*
|
||||
* Single DES in ssh2. "des-cbc" is marked as HISTORIC in
|
||||
* Single DES in SSH-2. "des-cbc" is marked as HISTORIC in
|
||||
* draft-ietf-secsh-assignednumbers-04.txt, referring to
|
||||
* FIPS-46-3. ("Single DES (i.e., DES) will be permitted
|
||||
* for legacy systems only.") , but ssh.com support it and
|
||||
|
20
sshpubk.c
20
sshpubk.c
@ -1,7 +1,7 @@
|
||||
/*
|
||||
* Generic SSH public-key handling operations. In particular,
|
||||
* reading of SSH public-key files, and also the generic `sign'
|
||||
* operation for ssh2 (which checks the type of the key and
|
||||
* operation for SSH-2 (which checks the type of the key and
|
||||
* dispatches to the appropriate key-type specific function).
|
||||
*/
|
||||
|
||||
@ -78,7 +78,7 @@ static int loadrsakey_main(FILE * fp, struct RSAKey *key, int pub_only,
|
||||
|| buf[i + 3] != 0) goto end; /* reserved field nonzero, panic! */
|
||||
i += 4;
|
||||
|
||||
/* Now the serious stuff. An ordinary SSH 1 public key. */
|
||||
/* Now the serious stuff. An ordinary SSH-1 public key. */
|
||||
i += makekey(buf + i, len, key, NULL, 1);
|
||||
if (i < 0)
|
||||
goto end; /* overran */
|
||||
@ -307,7 +307,7 @@ int saversakey(const Filename *filename, struct RSAKey *key, char *passphrase)
|
||||
p += 4;
|
||||
|
||||
/*
|
||||
* An ordinary SSH 1 public key consists of: a uint32
|
||||
* An ordinary SSH-1 public key consists of: a uint32
|
||||
* containing the bit count, then two bignums containing the
|
||||
* modulus and exponent respectively.
|
||||
*/
|
||||
@ -384,11 +384,11 @@ int saversakey(const Filename *filename, struct RSAKey *key, char *passphrase)
|
||||
}
|
||||
|
||||
/* ----------------------------------------------------------------------
|
||||
* SSH2 private key load/store functions.
|
||||
* SSH-2 private key load/store functions.
|
||||
*/
|
||||
|
||||
/*
|
||||
* PuTTY's own format for SSH2 keys is as follows:
|
||||
* PuTTY's own format for SSH-2 keys is as follows:
|
||||
*
|
||||
* The file is text. Lines are terminated by CRLF, although CR-only
|
||||
* and LF-only are tolerated on input.
|
||||
@ -404,7 +404,7 @@ int saversakey(const Filename *filename, struct RSAKey *key, char *passphrase)
|
||||
*
|
||||
* Next there is a line saying "Public-Lines: " plus a number N.
|
||||
* The following N lines contain a base64 encoding of the public
|
||||
* part of the key. This is encoded as the standard SSH2 public key
|
||||
* part of the key. This is encoded as the standard SSH-2 public key
|
||||
* blob (with no initial length): so for RSA, for example, it will
|
||||
* read
|
||||
*
|
||||
@ -1213,10 +1213,10 @@ char *key_type_to_str(int type)
|
||||
switch (type) {
|
||||
case SSH_KEYTYPE_UNOPENABLE: return "unable to open file"; break;
|
||||
case SSH_KEYTYPE_UNKNOWN: return "not a private key"; break;
|
||||
case SSH_KEYTYPE_SSH1: return "SSH1 private key"; break;
|
||||
case SSH_KEYTYPE_SSH2: return "PuTTY SSH2 private key"; break;
|
||||
case SSH_KEYTYPE_OPENSSH: return "OpenSSH SSH2 private key"; break;
|
||||
case SSH_KEYTYPE_SSHCOM: return "ssh.com SSH2 private key"; break;
|
||||
case SSH_KEYTYPE_SSH1: return "SSH-1 private key"; break;
|
||||
case SSH_KEYTYPE_SSH2: return "PuTTY SSH-2 private key"; break;
|
||||
case SSH_KEYTYPE_OPENSSH: return "OpenSSH SSH-2 private key"; break;
|
||||
case SSH_KEYTYPE_SSHCOM: return "ssh.com SSH-2 private key"; break;
|
||||
default: return "INTERNAL ERROR"; break;
|
||||
}
|
||||
}
|
||||
|
2
sshsha.c
2
sshsha.c
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* SHA1 hash algorithm. Used in SSH2 as a MAC, and the transform is
|
||||
* SHA1 hash algorithm. Used in SSH-2 as a MAC, and the transform is
|
||||
* also used as a `stirring' function for the PuTTY random number
|
||||
* pool. Implemented directly from the specification by Simon
|
||||
* Tatham.
|
||||
|
@ -6231,13 +6231,13 @@ int term_data(Terminal *term, int is_stderr, const char *data, int len)
|
||||
* the remote side needing to wait until term_out() has cleared
|
||||
* a backlog.
|
||||
*
|
||||
* This is a slightly suboptimal way to deal with SSH2 - in
|
||||
* This is a slightly suboptimal way to deal with SSH-2 - in
|
||||
* principle, the window mechanism would allow us to continue
|
||||
* to accept data on forwarded ports and X connections even
|
||||
* while the terminal processing was going slowly - but we
|
||||
* can't do the 100% right thing without moving the terminal
|
||||
* processing into a separate thread, and that might hurt
|
||||
* portability. So we manage stdout buffering the old SSH1 way:
|
||||
* portability. So we manage stdout buffering the old SSH-1 way:
|
||||
* if the terminal processing goes slowly, the whole SSH
|
||||
* connection stops accepting data until it's ready.
|
||||
*
|
||||
|
@ -256,7 +256,7 @@ int askappend(void *frontend, Filename filename,
|
||||
void old_keyfile_warning(void)
|
||||
{
|
||||
static const char message[] =
|
||||
"You are loading an SSH 2 private key which has an\n"
|
||||
"You are loading an SSH-2 private key which has an\n"
|
||||
"old version of the file format. This means your key\n"
|
||||
"file is not fully tamperproof. Future versions of\n"
|
||||
"PuTTY may stop supporting this private key format,\n"
|
||||
|
@ -258,7 +258,7 @@ int askappend(void *frontend, Filename filename,
|
||||
void old_keyfile_warning(void)
|
||||
{
|
||||
static const char message[] =
|
||||
"You are loading an SSH 2 private key which has an\n"
|
||||
"You are loading an SSH-2 private key which has an\n"
|
||||
"old version of the file format. This means your key\n"
|
||||
"file is not fully tamperproof. Future versions of\n"
|
||||
"PuTTY may stop supporting this private key format,\n"
|
||||
|
@ -909,7 +909,7 @@ void old_keyfile_warning(void)
|
||||
{
|
||||
static const char mbtitle[] = "%s Key File Warning";
|
||||
static const char message[] =
|
||||
"You are loading an SSH 2 private key which has an\n"
|
||||
"You are loading an SSH-2 private key which has an\n"
|
||||
"old version of the file format. This means your key\n"
|
||||
"file is not fully tamperproof. Future versions of\n"
|
||||
"%s may stop supporting this private key format,\n"
|
||||
|
@ -425,7 +425,7 @@ void old_keyfile_warning(void)
|
||||
{
|
||||
static const char mbtitle[] = "PuTTY Key File Warning";
|
||||
static const char message[] =
|
||||
"You are loading an SSH 2 private key which has an\n"
|
||||
"You are loading an SSH-2 private key which has an\n"
|
||||
"old version of the file format. This means your key\n"
|
||||
"file is not fully tamperproof. Future versions of\n"
|
||||
"PuTTY may stop supporting this private key format,\n"
|
||||
@ -836,9 +836,9 @@ static int CALLBACK MainDlgProc(HWND hwnd, UINT msg,
|
||||
menu1 = CreateMenu();
|
||||
AppendMenu(menu1, MF_ENABLED, IDC_GENERATE, "&Generate key pair");
|
||||
AppendMenu(menu1, MF_SEPARATOR, 0, 0);
|
||||
AppendMenu(menu1, MF_ENABLED, IDC_KEYSSH1, "SSH&1 key (RSA)");
|
||||
AppendMenu(menu1, MF_ENABLED, IDC_KEYSSH2RSA, "SSH2 &RSA key");
|
||||
AppendMenu(menu1, MF_ENABLED, IDC_KEYSSH2DSA, "SSH2 &DSA key");
|
||||
AppendMenu(menu1, MF_ENABLED, IDC_KEYSSH1, "SSH-&1 key (RSA)");
|
||||
AppendMenu(menu1, MF_ENABLED, IDC_KEYSSH2RSA, "SSH-2 &RSA key");
|
||||
AppendMenu(menu1, MF_ENABLED, IDC_KEYSSH2DSA, "SSH-2 &DSA key");
|
||||
AppendMenu(menu, MF_POPUP | MF_ENABLED, (UINT) menu1, "&Key");
|
||||
state->keymenu = menu1;
|
||||
|
||||
@ -915,9 +915,9 @@ static int CALLBACK MainDlgProc(HWND hwnd, UINT msg,
|
||||
endbox(&cp);
|
||||
beginbox(&cp, "Parameters", IDC_BOX_PARAMS);
|
||||
radioline(&cp, "Type of key to generate:", IDC_TYPESTATIC, 3,
|
||||
"SSH&1 (RSA)", IDC_KEYSSH1,
|
||||
"SSH2 &RSA", IDC_KEYSSH2RSA,
|
||||
"SSH2 &DSA", IDC_KEYSSH2DSA, NULL);
|
||||
"SSH-&1 (RSA)", IDC_KEYSSH1,
|
||||
"SSH-2 &RSA", IDC_KEYSSH2RSA,
|
||||
"SSH-2 &DSA", IDC_KEYSSH2DSA, NULL);
|
||||
staticedit(&cp, "Number of &bits in a generated key:",
|
||||
IDC_BITSSTATIC, IDC_BITS, 20);
|
||||
endbox(&cp);
|
||||
@ -1125,7 +1125,7 @@ static int CALLBACK MainDlgProc(HWND hwnd, UINT msg,
|
||||
if (type != realtype &&
|
||||
import_target_type(type) != realtype) {
|
||||
char msg[256];
|
||||
sprintf(msg, "Cannot export an SSH%d key in an SSH%d"
|
||||
sprintf(msg, "Cannot export an SSH-%d key in an SSH-%d"
|
||||
" format", (state->ssh2 ? 2 : 1),
|
||||
(state->ssh2 ? 1 : 2));
|
||||
MessageBox(hwnd, msg,
|
||||
|
@ -147,7 +147,7 @@ int random_byte(void)
|
||||
}
|
||||
|
||||
/*
|
||||
* Blob structure for passing to the asymmetric SSH2 key compare
|
||||
* Blob structure for passing to the asymmetric SSH-2 key compare
|
||||
* function, prototyped here.
|
||||
*/
|
||||
struct blob {
|
||||
@ -321,7 +321,7 @@ void old_keyfile_warning(void)
|
||||
{
|
||||
static const char mbtitle[] = "PuTTY Key File Warning";
|
||||
static const char message[] =
|
||||
"You are loading an SSH 2 private key which has an\n"
|
||||
"You are loading an SSH-2 private key which has an\n"
|
||||
"old version of the file format. This means your key\n"
|
||||
"file is not fully tamperproof. Future versions of\n"
|
||||
"PuTTY may stop supporting this private key format,\n"
|
||||
@ -692,7 +692,7 @@ static void add_keyfile(Filename filename)
|
||||
}
|
||||
|
||||
/*
|
||||
* Create an SSH1 key list in a malloc'ed buffer; return its
|
||||
* Create an SSH-1 key list in a malloc'ed buffer; return its
|
||||
* length.
|
||||
*/
|
||||
static void *make_keylist1(int *length)
|
||||
@ -736,7 +736,7 @@ static void *make_keylist1(int *length)
|
||||
}
|
||||
|
||||
/*
|
||||
* Create an SSH2 key list in a malloc'ed buffer; return its
|
||||
* Create an SSH-2 key list in a malloc'ed buffer; return its
|
||||
* length.
|
||||
*/
|
||||
static void *make_keylist2(int *length)
|
||||
@ -1246,7 +1246,7 @@ static void answer_msg(void *msg)
|
||||
break;
|
||||
case SSH1_AGENTC_REMOVE_ALL_RSA_IDENTITIES:
|
||||
/*
|
||||
* Remove all SSH1 keys. Always returns success.
|
||||
* Remove all SSH-1 keys. Always returns success.
|
||||
*/
|
||||
{
|
||||
struct RSAKey *rkey;
|
||||
@ -1264,7 +1264,7 @@ static void answer_msg(void *msg)
|
||||
break;
|
||||
case SSH2_AGENTC_REMOVE_ALL_IDENTITIES:
|
||||
/*
|
||||
* Remove all SSH2 keys. Always returns success.
|
||||
* Remove all SSH-2 keys. Always returns success.
|
||||
*/
|
||||
{
|
||||
struct ssh2_userkey *skey;
|
||||
@ -1332,7 +1332,7 @@ static int cmpkeys_rsa(void *av, void *bv)
|
||||
}
|
||||
|
||||
/*
|
||||
* Key comparison function for the 2-3-4 tree of SSH2 keys.
|
||||
* Key comparison function for the 2-3-4 tree of SSH-2 keys.
|
||||
*/
|
||||
static int cmpkeys_ssh2(void *av, void *bv)
|
||||
{
|
||||
@ -1372,7 +1372,7 @@ static int cmpkeys_ssh2(void *av, void *bv)
|
||||
|
||||
/*
|
||||
* Key comparison function for looking up a blob in the 2-3-4 tree
|
||||
* of SSH2 keys.
|
||||
* of SSH-2 keys.
|
||||
*/
|
||||
static int cmpkeys_ssh2_asymm(void *av, void *bv)
|
||||
{
|
||||
|
Loading…
Reference in New Issue
Block a user