diff options
author | Faryan Rezagholi <faryan.rezagholi@siedle.de> | 2021-12-25 14:12:44 +0300 |
---|---|---|
committer | Faryan Rezagholi <faryan.rezagholi@siedle.de> | 2021-12-25 14:12:44 +0300 |
commit | 8becbae2cdbb7cee86abc238f5eace33e87baea1 (patch) | |
tree | 5f6070824f2abe2427cd8922c0ddca1c561ce17e /DOC | |
parent | dc1b3ceb8b8d86a9c3cedaa257a1bd2cf69d819f (diff) |
merged from tags/0.76
Diffstat (limited to 'DOC')
-rw-r--r-- | DOC/CONFIG.BUT | 43 | ||||
-rw-r--r-- | DOC/MAN-PSCP.BUT | 8 | ||||
-rw-r--r-- | DOC/PLINK.BUT | 4 | ||||
-rw-r--r-- | DOC/PSCP.BUT | 4 | ||||
-rw-r--r-- | DOC/USING.BUT | 9 | ||||
-rw-r--r-- | DOC/man-plink.but | 9 | ||||
-rw-r--r-- | DOC/man-psftp.but | 9 | ||||
-rw-r--r-- | DOC/man-putty.but | 9 |
8 files changed, 93 insertions, 2 deletions
diff --git a/DOC/CONFIG.BUT b/DOC/CONFIG.BUT index a00ae476..77313282 100644 --- a/DOC/CONFIG.BUT +++ b/DOC/CONFIG.BUT @@ -2623,6 +2623,49 @@ interact with them.) This option only affects SSH-2 connections. SSH-1 connections always require an authentication step. +\S{config-ssh-notrivialauth} \q{Disconnect if authentication succeeds +trivially} + +This option causes PuTTY to abandon an SSH session and disconnect from +the server, if the server accepted authentication without ever having +asked for any kind of password or signature or token. + +This might be used as a security measure. There are some forms of +attack against an SSH client user which work by terminating the SSH +authentication stage early, and then doing something in the main part +of the SSH session which \e{looks} like part of the authentication, +but isn't really. + +For example, instead of demanding a signature from your public key, +for which PuTTY would ask for your key's passphrase, a compromised or +malicious server might allow you to log in with no signature or +password at all, and then print a message that \e{imitates} PuTTY's +request for your passphrase, in the hope that you would type it in. +(In fact, the passphrase for your public key should not be sent to any +server.) + +PuTTY's main defence against attacks of this type is the \q{trust +sigil} system: messages in the PuTTY window that are truly originated +by PuTTY itself are shown next to a small copy of the PuTTY icon, +which the server cannot fake when it tries to imitate the same message +using terminal output. + +However, if you think you might be at risk of this kind of thing +anyway (if you don't watch closely for the trust sigils, or if you +think you're at extra risk of one of your servers being malicious), +then you could enable this option as an extra defence. Then, if the +server tries any of these attacks involving letting you through the +authentication stage, PuTTY will disconnect from the server before it +can send a follow-up fake prompt or other type of attack. + +On the other hand, some servers \e{legitimately} let you through the +SSH authentication phase trivially, either because they are genuinely +public, or because the important authentication step happens during +the terminal session. (An example might be an SSH server that connects +you directly to the terminal login prompt of a legacy mainframe.) So +enabling this option might cause some kinds of session to stop +working. It's up to you. + \S{config-ssh-tryagent} \q{Attempt authentication using Pageant} If this option is enabled, then PuTTY will look for Pageant (the SSH diff --git a/DOC/MAN-PSCP.BUT b/DOC/MAN-PSCP.BUT index b62e8cc2..60ce4f5e 100644 --- a/DOC/MAN-PSCP.BUT +++ b/DOC/MAN-PSCP.BUT @@ -155,6 +155,14 @@ which of the agent's keys to use. } \dd Allow use of an authentication agent. (This option is only necessary to override a setting in a saved session.) +\dt \cw{\-no\-trivial\-auth} + +\dd Disconnect from any SSH server which accepts authentication without +ever having asked for any kind of password or signature or token. (You +might want to enable this for a server you always expect to challenge +you, for instance to ensure you don't accidentally type your key file's +passphrase into a compromised server spoofing PSCP's passphrase prompt.) + \dt \cw{\-hostkey} \e{key} \dd Specify an acceptable host public key. This option may be specified diff --git a/DOC/PLINK.BUT b/DOC/PLINK.BUT index fcfb5f68..30dcead1 100644 --- a/DOC/PLINK.BUT +++ b/DOC/PLINK.BUT @@ -41,7 +41,7 @@ use Plink: \c C:\>plink \c Plink: command-line connection utility -\c Release 0.75 +\c Release 0.76 \c Usage: plink [options] [user@]host [command] \c ("host" can also be a PuTTY saved session name) \c Options: @@ -77,6 +77,8 @@ use Plink: \c -i key private key file for user authentication \c -noagent disable use of Pageant \c -agent enable use of Pageant +\c -no-trivial-auth +\c disconnect if SSH authentication succeeds trivially \c -noshare disable use of connection sharing \c -share enable use of connection sharing \c -hostkey keyid diff --git a/DOC/PSCP.BUT b/DOC/PSCP.BUT index 9d8daccd..e816f3e5 100644 --- a/DOC/PSCP.BUT +++ b/DOC/PSCP.BUT @@ -39,7 +39,7 @@ use PSCP: \c C:\>pscp \c PuTTY Secure Copy client -\c Release 0.75 +\c Release 0.76 \c Usage: pscp [options] [user@]host:source target \c pscp [options] source [source...] [user@]host:target \c pscp [options] -ls [user@]host:filespec @@ -62,6 +62,8 @@ use PSCP: \c -i key private key file for user authentication \c -noagent disable use of Pageant \c -agent enable use of Pageant +\c -no-trivial-auth +\c disconnect if SSH authentication succeeds trivially \c -hostkey keyid \c manually specify a host key (may be repeated) \c -batch disable all interactive prompts diff --git a/DOC/USING.BUT b/DOC/USING.BUT index b583dc8c..02a67808 100644 --- a/DOC/USING.BUT +++ b/DOC/USING.BUT @@ -1014,6 +1014,15 @@ This option is equivalent to the \q{Private key file for authentication} box in the Auth panel of the PuTTY configuration box (see \k{config-ssh-privkey}). +\S2{using-cmdline-no-trivial-auth} \i\c{-no-trivial-auth}: disconnect +if SSH authentication succeeds trivially + +This option causes PuTTY to abandon an SSH session if the server +accepts authentication without ever having asked for any kind of +password or signature or token. + +See \k{config-ssh-notrivialauth} for why you might want this. + \S2{using-cmdline-loghost} \i\c{-loghost}: specify a \i{logical host name} diff --git a/DOC/man-plink.but b/DOC/man-plink.but index 33386227..26e65f71 100644 --- a/DOC/man-plink.but +++ b/DOC/man-plink.but @@ -203,6 +203,15 @@ which of the agent's keys to use. } \dd Allow use of an authentication agent. (This option is only necessary to override a setting in a saved session.) +\dt \cw{\-no\-trivial\-auth} + +\dd Disconnect from any SSH server which accepts authentication without +ever having asked for any kind of password or signature or token. (You +might want to enable this for a server you always expect to challenge +you, for instance to ensure you don't accidentally type your key file's +passphrase into a compromised server spoofing Plink's passphrase +prompt.) + \dt \cw{\-noshare} \dd Don't test and try to share an existing connection, always make diff --git a/DOC/man-psftp.but b/DOC/man-psftp.but index 19f820e3..52617291 100644 --- a/DOC/man-psftp.but +++ b/DOC/man-psftp.but @@ -143,6 +143,15 @@ which of the agent's keys to use. } \dd Allow use of an authentication agent. (This option is only necessary to override a setting in a saved session.) +\dt \cw{\-no\-trivial\-auth} + +\dd Disconnect from any SSH server which accepts authentication without +ever having asked for any kind of password or signature or token. (You +might want to enable this for a server you always expect to challenge +you, for instance to ensure you don't accidentally type your key file's +passphrase into a compromised server spoofing PSFTP's passphrase +prompt.) + \dt \cw{\-hostkey} \e{key} \dd Specify an acceptable host public key. This option may be specified diff --git a/DOC/man-putty.but b/DOC/man-putty.but index a1656d6c..858ec0b0 100644 --- a/DOC/man-putty.but +++ b/DOC/man-putty.but @@ -287,6 +287,15 @@ which of the agent's keys to use. } \dd Allow use of an authentication agent. (This option is only necessary to override a setting in a saved session.) +\dt \cw{\-no\-trivial\-auth} + +\dd Disconnect from any SSH server which accepts authentication without +ever having asked for any kind of password or signature or token. (You +might want to enable this for a server you always expect to challenge +you, for instance to ensure you don't accidentally type your key file's +passphrase into a compromised server spoofing PuTTY's passphrase +prompt.) + \dt \cw{\-hostkey} \e{key} \dd Specify an acceptable host public key. This option may be specified |