mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-09 09:27:59 +00:00
Introduce a new checkbox and command-line option to inhibit use of
Pageant for local authentication. (This is a `don't use Pageant for authentication at session startup' button rather than a `pretend Pageant doesn't exist' button: that is, agent forwarding is independent of this option.) [originally from svn r6572]
This commit is contained in:
Simon Tatham
parent
9432d92b91
commit
c2b2d9c539
13
cmdline.c
13
cmdline.c
@ -291,6 +291,19 @@ int cmdline_process_param(char *p, char *value, int need_save, Config *cfg)
|
||||
cmdline_password = value;
|
||||
}
|
||||
|
||||
if (!strcmp(p, "-agent") || !strcmp(p, "-pagent") ||
|
||||
!strcmp(p, "-pageant")) {
|
||||
RETURN(1);
|
||||
UNAVAILABLE_IN(TOOLTYPE_NONNETWORK);
|
||||
cfg->tryagent = TRUE;
|
||||
}
|
||||
if (!strcmp(p, "-noagent") || !strcmp(p, "-nopagent") ||
|
||||
!strcmp(p, "-nopageant")) {
|
||||
RETURN(1);
|
||||
UNAVAILABLE_IN(TOOLTYPE_NONNETWORK);
|
||||
cfg->tryagent = FALSE;
|
||||
}
|
||||
|
||||
if (!strcmp(p, "-A")) {
|
||||
RETURN(1);
|
||||
UNAVAILABLE_IN(TOOLTYPE_FILETRANSFER | TOOLTYPE_NONNETWORK);
|
||||
|
||||
4
config.c
4
config.c
@ -1841,6 +1841,10 @@ void setup_config_box(struct controlbox *b, int midsession,
|
||||
|
||||
s = ctrl_getset(b, "Connection/SSH/Auth", "methods",
|
||||
"Authentication methods");
|
||||
ctrl_checkbox(s, "Attempt authentication using Pageant", 'p',
|
||||
HELPCTX(ssh_auth_pageant),
|
||||
dlg_stdcheckbox_handler,
|
||||
I(offsetof(Config,tryagent)));
|
||||
ctrl_checkbox(s, "Attempt TIS or CryptoCard auth (SSH-1)", 'm',
|
||||
HELPCTX(ssh_auth_tis),
|
||||
dlg_stdcheckbox_handler,
|
||||
|
||||
@ -2310,6 +2310,24 @@ unwanted username prompts, you could try checking this option.
|
||||
This option only affects SSH-2 connections. SSH-1 connections always
|
||||
require an authentication step.
|
||||
|
||||
\S{config-ssh-tryagent} \q{Attempt authentication using Pageant}
|
||||
|
||||
\cfg{winhelp-topic}{ssh.auth.pageant}
|
||||
|
||||
If this option is enabled, then PuTTY will look for Pageant (the SSH
|
||||
private-key storage agent) and attempt to authenticate with any
|
||||
suitable public keys Pageant currently holds.
|
||||
|
||||
This behaviour is almost always desirable, and is therefore enabled
|
||||
by default. In rare cases you might need to turn it off in order to
|
||||
force authentication by some non-public-key method such as
|
||||
passwords.
|
||||
|
||||
This option can also be controlled using the \c{-noagent}
|
||||
command-line option. See \k{using-cmdline-agentauth}.
|
||||
|
||||
See \k{pageant} for more information about Pageant in general.
|
||||
|
||||
\S{config-ssh-tis} \q{Attempt \I{TIS authentication}TIS or
|
||||
\i{CryptoCard authentication}}
|
||||
|
||||
|
||||
@ -42,6 +42,10 @@ automatically from Pageant, and use it to authenticate. You can now
|
||||
open as many PuTTY sessions as you like without having to type your
|
||||
passphrase again.
|
||||
|
||||
(PuTTY can be configured not to try to use Pageant, but it will try
|
||||
by default. See \k{config-ssh-tryagent} and
|
||||
\k{using-cmdline-agentauth} for more information.)
|
||||
|
||||
When you want to shut down Pageant, click the right button on the
|
||||
Pageant icon in the System tray, and select \q{Exit} from the menu.
|
||||
Closing the Pageant main window does \e{not} shut down Pageant.
|
||||
|
||||
@ -685,6 +685,22 @@ Note that the \c{-pw} option only works when you are using the SSH
|
||||
protocol. Due to fundamental limitations of Telnet and Rlogin, these
|
||||
protocols do not support automated password authentication.
|
||||
|
||||
\S2{using-cmdline-agentauth} \i\c{-agent} and \i\c{-noagent}:
|
||||
control use of Pageant for authentication
|
||||
|
||||
The \c{-agent} option turns on SSH authentication using Pageant, and
|
||||
\c{-noagent} turns it off. These options are only meaningful if you
|
||||
are using SSH.
|
||||
|
||||
See \k{pageant} for general information on \i{Pageant}
|
||||
|
||||
These options are equivalent to the agent authentication checkbox in
|
||||
the Auth panel of the PuTTY configuration box (see
|
||||
\k{config-ssh-tryagent}).
|
||||
|
||||
These options are not available in the file transfer tools PSCP and
|
||||
PSFTP.
|
||||
|
||||
\S2{using-cmdline-agent} \I{-A-upper}\c{-A} and \i\c{-a}: control \i{agent
|
||||
forwarding}
|
||||
|
||||
|
||||
1
putty.h
1
putty.h
@ -432,6 +432,7 @@ struct config_tag {
|
||||
int ssh_kexlist[KEX_MAX];
|
||||
int ssh_rekey_time; /* in minutes */
|
||||
char ssh_rekey_data[16];
|
||||
int tryagent;
|
||||
int agentfwd;
|
||||
int change_username; /* allow username switching in SSH-2 */
|
||||
int ssh_cipherlist[CIPHER_MAX];
|
||||
|
||||
@ -297,6 +297,7 @@ void save_open_settings(void *sesskey, int do_host, Config *cfg)
|
||||
write_setting_s(sesskey, "LocalUserName", cfg->localusername);
|
||||
write_setting_i(sesskey, "NoPTY", cfg->nopty);
|
||||
write_setting_i(sesskey, "Compression", cfg->compression);
|
||||
write_setting_i(sesskey, "TryAgent", cfg->tryagent);
|
||||
write_setting_i(sesskey, "AgentFwd", cfg->agentfwd);
|
||||
write_setting_i(sesskey, "ChangeUsername", cfg->change_username);
|
||||
wprefs(sesskey, "Cipher", ciphernames, CIPHER_MAX,
|
||||
@ -556,6 +557,7 @@ void load_open_settings(void *sesskey, int do_host, Config *cfg)
|
||||
sizeof(cfg->localusername));
|
||||
gppi(sesskey, "NoPTY", 0, &cfg->nopty);
|
||||
gppi(sesskey, "Compression", 0, &cfg->compression);
|
||||
gppi(sesskey, "TryAgent", 1, &cfg->tryagent);
|
||||
gppi(sesskey, "AgentFwd", 0, &cfg->agentfwd);
|
||||
gppi(sesskey, "ChangeUsername", 0, &cfg->change_username);
|
||||
gprefs(sesskey, "Cipher", "\0",
|
||||
|
||||
4
ssh.c
4
ssh.c
@ -3222,7 +3222,7 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
|
||||
while (pktin->type == SSH1_SMSG_FAILURE) {
|
||||
s->pwpkt_type = SSH1_CMSG_AUTH_PASSWORD;
|
||||
|
||||
if (agent_exists() && !s->tried_agent) {
|
||||
if (ssh->cfg.tryagent && agent_exists() && !s->tried_agent) {
|
||||
/*
|
||||
* Attempt RSA authentication using Pageant.
|
||||
*/
|
||||
@ -6613,7 +6613,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
|
||||
s->nkeys = 0;
|
||||
s->agent_response = NULL;
|
||||
s->pkblob_in_agent = NULL;
|
||||
if (agent_exists()) {
|
||||
if (ssh->cfg.tryagent && agent_exists() && ssh->cfg.tryagent) {
|
||||
|
||||
void *r;
|
||||
|
||||
|
||||
@ -628,8 +628,6 @@ int main(int argc, char **argv)
|
||||
if (!*cfg.host) {
|
||||
char *q = p;
|
||||
|
||||
do_defaults(NULL, &cfg);
|
||||
|
||||
/*
|
||||
* If the hostname starts with "telnet:", set the
|
||||
* protocol to Telnet and process the string as a
|
||||
|
||||
@ -99,6 +99,7 @@
|
||||
#define WINHELP_CTX_ssh_auth_privkey "ssh.auth.privkey"
|
||||
#define WINHELP_CTX_ssh_auth_agentfwd "ssh.auth.agentfwd"
|
||||
#define WINHELP_CTX_ssh_auth_changeuser "ssh.auth.changeuser"
|
||||
#define WINHELP_CTX_ssh_auth_pageant "ssh.auth.pageant"
|
||||
#define WINHELP_CTX_ssh_auth_tis "ssh.auth.tis"
|
||||
#define WINHELP_CTX_ssh_auth_ki "ssh.auth.ki"
|
||||
#define WINHELP_CTX_selection_buttons "selection.buttons"
|
||||
|
||||
Loading…
Reference in New Issue
Block a user