diff options
author | Jacob Nevins <jacobn@chiark.greenend.org.uk> | 2022-10-21 21:46:51 +0300 |
---|---|---|
committer | Jacob Nevins <jacobn@chiark.greenend.org.uk> | 2022-10-21 21:46:51 +0300 |
commit | 5716c638a5719fd3268b6fac8cfa533d8af30ee8 (patch) | |
tree | 1cb02e51dd36d01209a324219a81e9be1f439ff8 /doc | |
parent | 8c534c26fd8a8396a5386b416a74d557667357cb (diff) |
Docs: cross-reference host-key warning sections.
The 'certified host key' variant of the host key warning always comes
with a scary 'POTENTIAL SECURITY BREACH!' message. So the error message
section with the scary title that should acknowledge that variant, and
the section about that variant should mention the scary warning.
Diffstat (limited to 'doc')
-rw-r--r-- | doc/errors.but | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/doc/errors.but b/doc/errors.but index cea3201c..e3db184e 100644 --- a/doc/errors.but +++ b/doc/errors.but @@ -39,6 +39,9 @@ the one PuTTY has cached for this server}, means that PuTTY has connected to the SSH server before, knows what its host key \e{should} be, but has found a different one. +(If the message instead talks about a \q{certified host key}, see +instead \k{errors-cert-mismatch}.) + This may mean that a malicious attacker has replaced your server with a different one, or has redirected your network connection to their own machine. On the other hand, it may simply mean that the @@ -60,7 +63,8 @@ If you've configured PuTTY to trust at least one \k{config-ssh-kex-cert}), then it will ask the SSH server to send it any available certified host keys. If the server sends back a certified key signed by a \e{different} certification authority, PuTTY -will present this variant of the host key prompt. +will present this variant of the host key prompt, preceded by +\q{WARNING - POTENTIAL SECURITY BREACH!} One reason why this can happen is a deliberate attack. Just like an ordinary man-in-the-middle attack which substitutes a wrong host key, |