nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-09 09:27:59 +00:00
Code Issues Projects Releases Wiki Activity

Docs: add some explanation of psusan in the main manual.

Browse Source 
If we're publishing the server, then we should say something about the
fact that this option exists to talk to it. Also, if the option exists
on the front page at all in a released version of PuTTY, it behooves
us to document it slightly more usefully than just a handwave at 'this
is specialist and experimental'.
This commit is contained in:
Simon Tatham 2021-04-17 13:24:11 +01:00
parent 5bc3540fb0
commit a0869fab25
1 changed files with 45 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
doc/config.but
View File

@ -43,9 +43,9 @@ connections.
\b See \k{using-supdup} for information about using SUPDUP.
\b The \q{Bare ssh-connection} option in the \q{Connection type} box
is experimental, for specialist uses, and servers for it are not
widely available.
\b The \q{Bare ssh-connection} option in the \q{Connection type}
control is intended for specialist uses not involving network
connections. See \k{config-psusan} for some information about it.
}
@ -3389,6 +3389,48 @@ will be impossible.
This is an SSH-1-specific bug.
\H{config-psusan} The \q{Bare \cw{ssh-connection}} protocol
In addition to SSH itself, PuTTY also supports a second protocol that
is derived from SSH. It's listed in the PuTTY GUI under the name
\q{Bare \cw{ssh-connection}}.
This protocol consists of just the innermost of SSH's three layers: it
leaves out the cryptography layer providing network security, and it
leaves out the authentication layer where you provide a username and
prove you're allowed to log in as that user.
It is therefore \s{completely unsuited to any network connection}.
Don't try to use it over a network!
The purpose of this protocol is for various specialist circumstances
in which the \q{connection} is not over a real network, but is a pipe
or IPC channel between different processes running on the \e{same}
computer. In these contexts, the operating system will already have
guaranteed that each of the two communicating processes is owned by
the expected user (so that no authentication is necessary), and that
the communications channel cannot be tapped by a hostile user on the
same machine (so that no cryptography is necessary either). Examples
of possible uses involve communicating with a strongly separated
context such as the inside of a container, or a VM, or a different
network namespace.
Explicit support for this protocol is new in PuTTY 0.75. As of
2021-04, the only known server for the bare \cw{ssh-connection}
protocol is the Unix program \cq{psusan} that is also part of the
PuTTY tool suite.
(However, this protocol is also the same one used between instances of
PuTTY to implement connection sharing: see \k{config-ssh-sharing}. In
fact, in the Unix version of PuTTY, when a sharing upstream records
\q{Sharing this connection at [pathname]} in the Event Log, it's
possible to connect another instance of PuTTY directly to that Unix
socket, by entering its pathname in the host name box and selecting
\q{Bare \cw{ssh-connection}} as the protocol!)
I repeat, \s{DON'T TRY TO USE THIS PROTOCOL FOR NETWORK CONNECTIONS!}
That's not what it's for, and it's not at all safe to do it.
\H{config-serial} The Serial panel
The \i{Serial} panel allows you to configure options that only apply