mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-25 09:12:24 +00:00
Demote SSH bypass-auth option; downplay in docs.
It's too esoteric to be the first thing on the Auth panel; I've never heard of any SSH server that supports it in the decade since I implemented it. The only Google hits are lost souls mistakenly believing they need it for passwordless public-key login and the like.
This commit is contained in:
parent
e74f19cb6f
commit
98e5eeedd1
8
config.c
8
config.c
@ -2321,14 +2321,14 @@ void setup_config_box(struct controlbox *b, int midsession,
|
|||||||
"Options controlling SSH authentication");
|
"Options controlling SSH authentication");
|
||||||
|
|
||||||
s = ctrl_getset(b, "Connection/SSH/Auth", "main", NULL);
|
s = ctrl_getset(b, "Connection/SSH/Auth", "main", NULL);
|
||||||
ctrl_checkbox(s, "Bypass authentication entirely (SSH-2 only)", 'b',
|
|
||||||
HELPCTX(ssh_auth_bypass),
|
|
||||||
conf_checkbox_handler,
|
|
||||||
I(CONF_ssh_no_userauth));
|
|
||||||
ctrl_checkbox(s, "Display pre-authentication banner (SSH-2 only)",
|
ctrl_checkbox(s, "Display pre-authentication banner (SSH-2 only)",
|
||||||
'd', HELPCTX(ssh_auth_banner),
|
'd', HELPCTX(ssh_auth_banner),
|
||||||
conf_checkbox_handler,
|
conf_checkbox_handler,
|
||||||
I(CONF_ssh_show_banner));
|
I(CONF_ssh_show_banner));
|
||||||
|
ctrl_checkbox(s, "Bypass authentication entirely (SSH-2 only)", 'b',
|
||||||
|
HELPCTX(ssh_auth_bypass),
|
||||||
|
conf_checkbox_handler,
|
||||||
|
I(CONF_ssh_no_userauth));
|
||||||
|
|
||||||
s = ctrl_getset(b, "Connection/SSH/Auth", "methods",
|
s = ctrl_getset(b, "Connection/SSH/Auth", "methods",
|
||||||
"Authentication methods");
|
"Authentication methods");
|
||||||
|
@ -2596,22 +2596,6 @@ recommended ciphers.
|
|||||||
The Auth panel allows you to configure \i{authentication} options for
|
The Auth panel allows you to configure \i{authentication} options for
|
||||||
SSH sessions.
|
SSH sessions.
|
||||||
|
|
||||||
\S{config-ssh-noauth} \q{Bypass authentication entirely}
|
|
||||||
|
|
||||||
\cfg{winhelp-topic}{ssh.auth.bypass}
|
|
||||||
|
|
||||||
In SSH-2, it is possible to establish a connection without using SSH's
|
|
||||||
mechanisms to identify or authenticate oneself to the server. Some
|
|
||||||
servers may prefer to handle authentication in the data channel, for
|
|
||||||
instance, or may simply require no authentication whatsoever.
|
|
||||||
|
|
||||||
By default, PuTTY assumes the server requires authentication (most
|
|
||||||
do), and thus must provide a username. If you find you are getting
|
|
||||||
unwanted username prompts, you could try checking this option.
|
|
||||||
|
|
||||||
This option only affects SSH-2 connections. SSH-1 connections always
|
|
||||||
require an authentication step.
|
|
||||||
|
|
||||||
\S{config-ssh-banner} \q{Display pre-authentication banner}
|
\S{config-ssh-banner} \q{Display pre-authentication banner}
|
||||||
|
|
||||||
\cfg{winhelp-topic}{ssh.auth.banner}
|
\cfg{winhelp-topic}{ssh.auth.banner}
|
||||||
@ -2627,6 +2611,34 @@ prompting for a login name, due to the nature of the protocol design).
|
|||||||
By unchecking this option, display of the banner can be suppressed
|
By unchecking this option, display of the banner can be suppressed
|
||||||
entirely.
|
entirely.
|
||||||
|
|
||||||
|
\S{config-ssh-noauth} \q{Bypass authentication entirely}
|
||||||
|
|
||||||
|
\cfg{winhelp-topic}{ssh.auth.bypass}
|
||||||
|
|
||||||
|
In SSH-2, it is in principle possible to establish a connection
|
||||||
|
without using SSH's mechanisms to identify or prove who you are
|
||||||
|
to the server. An SSH server could prefer to handle authentication
|
||||||
|
in the data channel, for instance, or simply require no user
|
||||||
|
authentication whatsoever.
|
||||||
|
|
||||||
|
By default, PuTTY assumes the server requires authentication (we've
|
||||||
|
never heard of one that doesn't), and thus must start this process
|
||||||
|
with a username. If you find you are getting username prompts that
|
||||||
|
you cannot answer, you could try enabling this option. However,
|
||||||
|
most SSH servers will reject this.
|
||||||
|
|
||||||
|
This is not the option you want if you have a username and just want
|
||||||
|
PuTTY to remember it; for that see \k{config-username}.
|
||||||
|
It's also probably not what if you're trying to set up passwordless
|
||||||
|
login to a mainstream SSH server; depending on the server, you
|
||||||
|
probably wanted public-key authentication (\k{pubkey})
|
||||||
|
or perhaps GSSAPI authentication (\k{config-ssh-auth-gssapi}).
|
||||||
|
(These are still forms of authentication, even if you don't have to
|
||||||
|
interact with them.)
|
||||||
|
|
||||||
|
This option only affects SSH-2 connections. SSH-1 connections always
|
||||||
|
require an authentication step.
|
||||||
|
|
||||||
\S{config-ssh-tryagent} \q{Attempt authentication using Pageant}
|
\S{config-ssh-tryagent} \q{Attempt authentication using Pageant}
|
||||||
|
|
||||||
\cfg{winhelp-topic}{ssh.auth.pageant}
|
\cfg{winhelp-topic}{ssh.auth.pageant}
|
||||||
@ -2748,7 +2760,7 @@ GSSAPI authentication. This is a mechanism which delegates the
|
|||||||
authentication exchange to a library elsewhere on the client
|
authentication exchange to a library elsewhere on the client
|
||||||
machine, which in principle can authenticate in many different ways
|
machine, which in principle can authenticate in many different ways
|
||||||
but in practice is usually used with the \i{Kerberos} \i{single sign-on}
|
but in practice is usually used with the \i{Kerberos} \i{single sign-on}
|
||||||
protocol.
|
protocol to implement \i{passwordless login}.
|
||||||
|
|
||||||
GSSAPI is only available in the SSH-2 protocol.
|
GSSAPI is only available in the SSH-2 protocol.
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user