mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-10 01:48:00 +00:00
Demote SSH bypass-auth option; downplay in docs.
It's too esoteric to be the first thing on the Auth panel; I've never heard of any SSH server that supports it in the decade since I implemented it. The only Google hits are lost souls mistakenly believing they need it for passwordless public-key login and the like.
This commit is contained in:
parent
e74f19cb6f
commit
98e5eeedd1
8
config.c
8
config.c
@ -2321,14 +2321,14 @@ void setup_config_box(struct controlbox *b, int midsession,
|
||||
"Options controlling SSH authentication");
|
||||
|
||||
s = ctrl_getset(b, "Connection/SSH/Auth", "main", NULL);
|
||||
ctrl_checkbox(s, "Bypass authentication entirely (SSH-2 only)", 'b',
|
||||
HELPCTX(ssh_auth_bypass),
|
||||
conf_checkbox_handler,
|
||||
I(CONF_ssh_no_userauth));
|
||||
ctrl_checkbox(s, "Display pre-authentication banner (SSH-2 only)",
|
||||
'd', HELPCTX(ssh_auth_banner),
|
||||
conf_checkbox_handler,
|
||||
I(CONF_ssh_show_banner));
|
||||
ctrl_checkbox(s, "Bypass authentication entirely (SSH-2 only)", 'b',
|
||||
HELPCTX(ssh_auth_bypass),
|
||||
conf_checkbox_handler,
|
||||
I(CONF_ssh_no_userauth));
|
||||
|
||||
s = ctrl_getset(b, "Connection/SSH/Auth", "methods",
|
||||
"Authentication methods");
|
||||
|
@ -2596,22 +2596,6 @@ recommended ciphers.
|
||||
The Auth panel allows you to configure \i{authentication} options for
|
||||
SSH sessions.
|
||||
|
||||
\S{config-ssh-noauth} \q{Bypass authentication entirely}
|
||||
|
||||
\cfg{winhelp-topic}{ssh.auth.bypass}
|
||||
|
||||
In SSH-2, it is possible to establish a connection without using SSH's
|
||||
mechanisms to identify or authenticate oneself to the server. Some
|
||||
servers may prefer to handle authentication in the data channel, for
|
||||
instance, or may simply require no authentication whatsoever.
|
||||
|
||||
By default, PuTTY assumes the server requires authentication (most
|
||||
do), and thus must provide a username. If you find you are getting
|
||||
unwanted username prompts, you could try checking this option.
|
||||
|
||||
This option only affects SSH-2 connections. SSH-1 connections always
|
||||
require an authentication step.
|
||||
|
||||
\S{config-ssh-banner} \q{Display pre-authentication banner}
|
||||
|
||||
\cfg{winhelp-topic}{ssh.auth.banner}
|
||||
@ -2627,6 +2611,34 @@ prompting for a login name, due to the nature of the protocol design).
|
||||
By unchecking this option, display of the banner can be suppressed
|
||||
entirely.
|
||||
|
||||
\S{config-ssh-noauth} \q{Bypass authentication entirely}
|
||||
|
||||
\cfg{winhelp-topic}{ssh.auth.bypass}
|
||||
|
||||
In SSH-2, it is in principle possible to establish a connection
|
||||
without using SSH's mechanisms to identify or prove who you are
|
||||
to the server. An SSH server could prefer to handle authentication
|
||||
in the data channel, for instance, or simply require no user
|
||||
authentication whatsoever.
|
||||
|
||||
By default, PuTTY assumes the server requires authentication (we've
|
||||
never heard of one that doesn't), and thus must start this process
|
||||
with a username. If you find you are getting username prompts that
|
||||
you cannot answer, you could try enabling this option. However,
|
||||
most SSH servers will reject this.
|
||||
|
||||
This is not the option you want if you have a username and just want
|
||||
PuTTY to remember it; for that see \k{config-username}.
|
||||
It's also probably not what if you're trying to set up passwordless
|
||||
login to a mainstream SSH server; depending on the server, you
|
||||
probably wanted public-key authentication (\k{pubkey})
|
||||
or perhaps GSSAPI authentication (\k{config-ssh-auth-gssapi}).
|
||||
(These are still forms of authentication, even if you don't have to
|
||||
interact with them.)
|
||||
|
||||
This option only affects SSH-2 connections. SSH-1 connections always
|
||||
require an authentication step.
|
||||
|
||||
\S{config-ssh-tryagent} \q{Attempt authentication using Pageant}
|
||||
|
||||
\cfg{winhelp-topic}{ssh.auth.pageant}
|
||||
@ -2748,7 +2760,7 @@ GSSAPI authentication. This is a mechanism which delegates the
|
||||
authentication exchange to a library elsewhere on the client
|
||||
machine, which in principle can authenticate in many different ways
|
||||
but in practice is usually used with the \i{Kerberos} \i{single sign-on}
|
||||
protocol.
|
||||
protocol to implement \i{passwordless login}.
|
||||
|
||||
GSSAPI is only available in the SSH-2 protocol.
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user