mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-07-01 03:22:48 -05:00
New option to manually configure the expected host key(s).
This option is available from the command line as '-hostkey', and is also configurable through the GUI. When enabled, it completely replaces all of the automated host key management: the server's host key will be checked against the manually configured list, and the connection will be allowed or disconnected on that basis, and the host key store in the registry will not be either consulted or updated. The main aim is to provide a means of automatically running Plink, PSCP or PSFTP deep inside Windows services where HKEY_CURRENT_USER isn't available to have stored the right host key in. But it also permits you to specify a list of multiple host keys, which means a second use case for the same mechanism will probably be round-robin DNS names that select one of several servers with different host keys. Host keys can be specified as the standard MD5 fingerprint or as an SSH-2 base64 blob, and are canonicalised on input. (The base64 blob is more unwieldy, especially with Windows command-line length limits, but provides a means of specifying the _whole_ public key in case you don't trust MD5. I haven't bothered to provide an analogous mechanism for SSH-1, on the basis that anyone worrying about MD5 should have stopped using SSH-1 already!) [originally from svn r10220]
This commit is contained in:
Simon Tatham
@ -2466,6 +2466,56 @@ when the SSH connection is idle, so they shouldn't cause the same
|
||||
problems. The SSH-1 protocol, incidentally, has even weaker integrity
|
||||
protection than SSH-2 without rekeys.
|
||||
|
||||
\S{config-ssh-kex-manual-hostkeys} \ii{Manually configuring host keys}
|
||||
|
||||
\cfg{winhelp-topic}{ssh.kex.manualhostkeys}
|
||||
|
||||
In some situations, if PuTTY's automated host key management is not
|
||||
doing what you need, you might need to manually configure PuTTY to
|
||||
accept a specific host key, or one of a specific set of host keys.
|
||||
|
||||
One reason why you might want to do this is because the host name
|
||||
PuTTY is connecting to is using round-robin DNS to return one of
|
||||
multiple actual servers, and they all have different host keys. In
|
||||
that situation, you might need to configure PuTTY to accept any of a
|
||||
list of host keys for the possible servers, while still rejecting any
|
||||
key not in that list.
|
||||
|
||||
Another reason is if PuTTY's automated host key management is
|
||||
completely unavailable, e.g. because PuTTY (or Plink or PSFTP, etc) is
|
||||
running in a Windows environment without access to the Registry. In
|
||||
that situation, you will probably want to use the \cw{-hostkey}
|
||||
command-line option to configure the expected host key(s); see FIXME.
|
||||
|
||||
To configure manual host keys via the GUI, enter some text describing
|
||||
the host key into the edit box in the \q{Manually configure host keys
|
||||
for this connection} container, and press the \q{Add} button. The text
|
||||
will appear in the {q Host keys or fingerprints to accept} list box.
|
||||
You can remove keys again with the \q{Remove} button.
|
||||
|
||||
The text describing a host key can be in one of the following formats:
|
||||
|
||||
\b An MD5-based host key fingerprint of the form displayed in PuTTY's
|
||||
Event Log and host key dialog boxes, i.e. sixteen 2-digit hex numbers
|
||||
separated by colons.
|
||||
|
||||
\b A base64-encoded blob describing an SSH-2 public key in the
|
||||
standard way. This can be found in OpenSSH's one-line public key
|
||||
format, or by concatenating all the lines of the public key section in
|
||||
one of PuTTY's \cw{.ppk} files. Alternatively, you can load a key into
|
||||
PuTTYgen, and paste out the OpenSSH-format public key line it
|
||||
displays.
|
||||
|
||||
If this box contains at least one host key or fingerprint when PuTTY
|
||||
makes an SSH connection, then PuTTY's automated host key management is
|
||||
completely bypassed: the connection will be permitted if and only if
|
||||
the host key presented by the server is one of the keys listed in this
|
||||
box, and the host key store in the Registry will be neither read
|
||||
\e{nor written}.
|
||||
|
||||
If the box is empty (as it usually is), then PuTTY's automated host
|
||||
key management will work as normal.
|
||||
|
||||
\H{config-ssh-encryption} The Cipher panel
|
||||
|
||||
\cfg{winhelp-topic}{ssh.ciphers}
|
||||
|
||||
15
doc/faq.but
15
doc/faq.but
@ -151,13 +151,14 @@ military-strength cipher. That insignificant host key prompt really
|
||||
does make \e{that} much difference.
|
||||
|
||||
If you're having a specific problem with host key checking - perhaps
|
||||
you want an automated batch job to make use of PSCP or Plink, and
|
||||
the interactive host key prompt is hanging the batch process - then
|
||||
the right way to fix it is to add the correct host key to the
|
||||
Registry in advance. That way, you retain the \e{important} feature
|
||||
of host key checking: the right key will be accepted and the wrong
|
||||
ones will not. Adding an option to turn host key checking off
|
||||
completely is the wrong solution and we will not do it.
|
||||
you want an automated batch job to make use of PSCP or Plink, and the
|
||||
interactive host key prompt is hanging the batch process - then the
|
||||
right way to fix it is to add the correct host key to the Registry in
|
||||
advance, or if the Registry is not available, to use the \cw{-hostkey}
|
||||
command-line option. That way, you retain the \e{important} feature of
|
||||
host key checking: the right key will be accepted and the wrong ones
|
||||
will not. Adding an option to turn host key checking off completely is
|
||||
the wrong solution and we will not do it.
|
||||
|
||||
If you have host keys available in the common \i\c{known_hosts} format,
|
||||
we have a script called
|
||||
|
||||
@ -913,6 +913,19 @@ connecting to). It can be a plain host name, or a host name followed
|
||||
by a colon and a port number. See \k{config-loghost} for more detail
|
||||
on this.
|
||||
|
||||
\S2{using-cmdline-hostkey} \i\c{-hostkey}: \I{manually configuring
|
||||
host keys}manually specify an expected host key
|
||||
|
||||
This option overrides PuTTY's normal SSH host key caching policy by
|
||||
telling it exactly what host key to expect, which can be useful if the
|
||||
normal automatic host key store in the Registry is unavailable. The
|
||||
argument to this option should be either a host key fingerprint, or an
|
||||
SSH-2 public key blob. See \k{config-ssh-kex-manual-hostkeys} for more
|
||||
information.
|
||||
|
||||
You can specify this option more than once if you want to configure
|
||||
more than one key to be accepted.
|
||||
|
||||
\S2{using-cmdline-pgpfp} \i\c{-pgpfp}: display \i{PGP key fingerprint}s
|
||||
|
||||
This option causes the PuTTY tools not to run as normal, but instead
|
||||
|
||||
Reference in New Issue
Block a user