1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-25 01:02:24 +00:00

Docs: add some explanation of psusan in the main manual.

If we're publishing the server, then we should say something about the
fact that this option exists to talk to it. Also, if the option exists
on the front page at all in a released version of PuTTY, it behooves
us to document it slightly more usefully than just a handwave at 'this
is specialist and experimental'.
This commit is contained in:
Simon Tatham 2021-04-17 13:24:11 +01:00
parent 5bc3540fb0
commit a0869fab25

View File

@ -43,9 +43,9 @@ connections.
\b See \k{using-supdup} for information about using SUPDUP. \b See \k{using-supdup} for information about using SUPDUP.
\b The \q{Bare ssh-connection} option in the \q{Connection type} box \b The \q{Bare ssh-connection} option in the \q{Connection type}
is experimental, for specialist uses, and servers for it are not control is intended for specialist uses not involving network
widely available. connections. See \k{config-psusan} for some information about it.
} }
@ -3389,6 +3389,48 @@ will be impossible.
This is an SSH-1-specific bug. This is an SSH-1-specific bug.
\H{config-psusan} The \q{Bare \cw{ssh-connection}} protocol
In addition to SSH itself, PuTTY also supports a second protocol that
is derived from SSH. It's listed in the PuTTY GUI under the name
\q{Bare \cw{ssh-connection}}.
This protocol consists of just the innermost of SSH's three layers: it
leaves out the cryptography layer providing network security, and it
leaves out the authentication layer where you provide a username and
prove you're allowed to log in as that user.
It is therefore \s{completely unsuited to any network connection}.
Don't try to use it over a network!
The purpose of this protocol is for various specialist circumstances
in which the \q{connection} is not over a real network, but is a pipe
or IPC channel between different processes running on the \e{same}
computer. In these contexts, the operating system will already have
guaranteed that each of the two communicating processes is owned by
the expected user (so that no authentication is necessary), and that
the communications channel cannot be tapped by a hostile user on the
same machine (so that no cryptography is necessary either). Examples
of possible uses involve communicating with a strongly separated
context such as the inside of a container, or a VM, or a different
network namespace.
Explicit support for this protocol is new in PuTTY 0.75. As of
2021-04, the only known server for the bare \cw{ssh-connection}
protocol is the Unix program \cq{psusan} that is also part of the
PuTTY tool suite.
(However, this protocol is also the same one used between instances of
PuTTY to implement connection sharing: see \k{config-ssh-sharing}. In
fact, in the Unix version of PuTTY, when a sharing upstream records
\q{Sharing this connection at [pathname]} in the Event Log, it's
possible to connect another instance of PuTTY directly to that Unix
socket, by entering its pathname in the host name box and selecting
\q{Bare \cw{ssh-connection}} as the protocol!)
I repeat, \s{DON'T TRY TO USE THIS PROTOCOL FOR NETWORK CONNECTIONS!}
That's not what it's for, and it's not at all safe to do it.
\H{config-serial} The Serial panel \H{config-serial} The Serial panel
The \i{Serial} panel allows you to configure options that only apply The \i{Serial} panel allows you to configure options that only apply