[u/mdw/putty] / doc / errors.but

\versionid $Id: errors.but,v 1.2 2002/11/25 19:02:23 ben Exp $

\C{errors} Common error messages

This chapter lists a number of common error messages which PuTTY and
its associated tools can produce, and explains what they mean in
more detail.

We do not attempt to list \e{all} error messages here: there are
many which should never occur, and some which should be
self-explanatory. If you get an error message which is not listed in
this chapter and which you don't understand, report it to us as a
bug (see \k{feedback}) and we will add documentation for it.

\H{errors-hostkey-absent} \q{The server's host key is not cached in
the registry}

This error message occurs when PuTTY connects to a new SSH server.
Every server identifies itself by means of a host key; once PuTTY
knows the host key for a server, it will be able to detect if a
malicious attacker redirects your connection to another machine.

If you see this message, it means that PuTTY has not seen this host
key before, and has no way of knowing whether it is correct or not.
You should attempt to verify the host key by other means, such as
asking the machine's administrator.

If you see this message and you know that your installation of PuTTY
\e{has} connected to the same server before, it may have been
recently upgraded to SSH protocol version 2. SSH protocols 1 and 2
use separate host keys, so when you first use SSH 2 with a server
you have only used SSH 1 with before, you will see this message
again. You should verify the correctness of the key as before.

See \k{gs-hostkey} for more information on host keys.

\H{errors-hostkey-wrong} \q{WARNING - POTENTIAL SECURITY BREACH!}

This message, followed by \q{The server's host key does not match
the one PuTTY has cached in the registry}, means that PuTTY has
connected to the SSH server before, knows what its host key
\e{should} be, but has found a different one.

This may mean that a malicious attacker has replaced your server
with a different one, or has redirected your network connection to
their own machine. On the other hand, it may simply mean that the
administrator of your server has accidentally changed the key while
upgrading the SSH software; this \e{shouldn't} happen but it is
unfortunately possible.

You should contact your server's administrator and see whether they
expect the host key to have changed. If so, verify the new host key
in the same way as you would if it was new.

See \k{gs-hostkey} for more information on host keys.

\H{errors-portfwd-space} \q{Out of space for port forwardings}

PuTTY has a fixed-size buffer which it uses to store the details of
all port forwardings you have set up in an SSH session. If you
specify too many port forwardings on the PuTTY or Plink command line
and this buffer becomes full, you will see this error message.

We need to fix this (fixed-size buffers are almost always a mistake)
but we haven't got round to it. If you actually have trouble with
this, let us know and we'll move it up our priority list.

\H{errors-cipher-warning} \q{The first cipher supported by the server is
... below the configured warning threshold}

This occurs when the SSH server does not offer any ciphers which you
have configured PuTTY to consider strong enough.

See \k{config-ssh-encryption} for more information on this message.

\H{errors-memory} \q{Out of memory}

This occurs when PuTTY tries to allocate more memory than the system
can give it. This \e{may} happen for genuine reasons: if the
computer really has run out of memory, or if you have configured an
extremely large number of lines of scrollback in your terminal.
PuTTY is not able to recover from running out of memory; it will
terminate immediately after giving this error.

However, this error can also occur when memory is not running out at
all, because PuTTY receives data in the wrong format. In SSH 2 and
also in SFTP, the server sends the length of each message before the
message itself; so PuTTY will receive the length, try to allocate
space for the message, and then receive the rest of the message. If
the length PuTTY receives is garbage, it will try to allocate a
ridiculous amount of memory, and will terminate with an \q{Out of
memory} error.

This can happen in SSH 2, if PuTTY and the server have not enabled
encryption in the same way (see \k{faq-outofmem} in the FAQ). Some
versions of OpenSSH have a known problem with this: see
\k{faq-openssh-bad-openssl}.

This can also happen in PSCP or PSFTP, if your login scripts on the
server generate output: the client program will be expecting an SFTP
message starting with a length, and if it receives some text from
your login scripts instead it will try to interpret them as a
message length. See \k{faq-outofmem2} for details of this.

\H{errors-internal} \q{Internal error}, \q{Internal fault},
\q{Assertion failed}

Any error beginning with the word \q{Internal} should \e{never}
occur. If it does, there is a bug in PuTTY by definition; please see
\k{feedback} and report it to us.

Similarly, any error message starting with \q{Assertion failed} is a
bug in PuTTY. Please report it to us, and include the exact text
from the error message box.

\H{errors-refused} \q{Server refused our public key} or \q{Key
refused}

Various forms of this error are printed in the PuTTY window, or
written to the PuTTY Event Log (see \k{using-eventlog}) when trying
public-key authentication.

If you see one of these messages, it means that PuTTY has sent a
public key to the server and offered to authenticate with it, and
the server has refused to accept authentication. This usually means
that the server is not configured to accept this key to authenticate
this user.

This is almost certainly not a problem with PuTTY. If you see this
type of message, the first thing you should do is check your
\e{server} configuration carefully. Also, read the PuTTY Event Log;
the server may have sent diagnostic messages explaining exactly what
problem it had with your setup.

\H{errors-crc} \q{Incorrect CRC received on packet} or \q{Incorrect
MAC received on packet}

This error occurs when PuTTY decrypts an SSH packet and its checksum
is not correct. This probably means something has gone wrong in the
encryption or decryption process. It's difficult to tell from this
error message whether the problem is in the client or in the server.

A known server problem which can cause this error is described in
\k{faq-openssh-bad-openssl} in the FAQ.

\H{errors-garbled} \q{Incoming packet was garbled on decryption}

This error occurs when PuTTY decrypts an SSH packet and the
decrypted data makes no sense. This probably means something has
gone wrong in the encryption or decryption process. It's difficult
to tell from this error message whether the problem is in the client
or in the server.

A known server problem which can cause this error is described in
\k{faq-openssh-bad-openssl} in the FAQ.

\H{errors-x11-proxy} \q{Authentication failed at PuTTY X11 proxy}

This error is reported when PuTTY is doing X forwarding. It is sent
back to the X application running on the SSH server, which will
usually report the error to the user.

When PuTTY enables X forwarding (see \k{using-x-forwarding}) it
creates a virtual X display running on the SSH server. This display
requires authentication to connect to it (this is how PuTTY prevents
other users on your server machine from connecting through the PuTTY
proxy to your real X display). PuTTY also sends the server the
details it needs to enable clients to connect, and the server should
put this mechanism in place automatically, so your X applications
should just work.

A common reason why people see this message is because they used SSH
to log in as one user (let's say \q{fred}), and then used the Unix
\c{su} command to become another user (typically \q{root}). The
original user, \q{fred}, has access to the X authentication data
provided by the SSH server, and can run X applications which are
forwarded over the SSH connection. However, the second user
(\q{root}) does not automatically have the authentication data
passed on to it, so attempting to run an X application as that user
often fails with this error.

If this happens, \e{it is not a problem with PuTTY}. You need to
arrange for your X authentication data to be passed from the user
you logged in as to the user you used \c{su} to become. How you do
this depends on your particular system; in fact many modern versions
of \c{su} do it automatically.

\H{errors-connaborted} \q{Network error: Software caused connection
abort}

In modern versions of PuTTY, you should not see this error.

Windows's documentation about this error condition is not very good,
but as far as we can tell, this error occurs when PuTTY is listening
on a port, another program makes a connection to that port, but
closes the connection so fast that PuTTY has no time to answer it.

PuTTY only ever listens on a port when it is doing local-to-remote
port forwarding (see \k{using-port-forwarding}); and if an incoming
connection on that port receives this error, PuTTY should simply
close the connection and continue without error.

If you see this error in PuTTY 0.53 or above, we would welcome a
report of the circumstances.

\H{errors-connreset} \q{Network error: Connection reset by peer}

This error occurs when the machines at each end of a network
connection lose track of the state of the connection between them.
For example, you might see it if your SSH server crashes, and
manages to reboot fully before you next attempt to send data to it.

However, the most common reason to see this message is if you are
connecting through a firewall or a NAT router which has timed the
connection out. See \k{faq-idleout} in the FAQ for more details. You
may be able to improve the situation by using keepalives; see
\k{config-keepalive} for details on this.

\H{errors-connrefused} \q{Network error: Connection refused}

This error means that the network connection PuTTY tried to make to
your server was rejected by the server. Usually this happens because
the server does not provide the service which PuTTY is trying to
access.

Check that you are connecting with the correct protocol (SSH, Telnet
or Rlogin), and check that the port number is correct. If that
fails, consult the administrator of your server.
Commit	Line	Data
c7f9fab3	1	\versionid $Id: errors.but,v 1.2 2002/11/25 19:02:23 ben Exp $
91f80e36	2
	3	\C{errors} Common error messages
	4
	5	This chapter lists a number of common error messages which PuTTY and
	6	its associated tools can produce, and explains what they mean in
	7	more detail.
	8
	9	We do not attempt to list \e{all} error messages here: there are
	10	many which should never occur, and some which should be
	11	self-explanatory. If you get an error message which is not listed in
	12	this chapter and which you don't understand, report it to us as a
	13	bug (see \k{feedback}) and we will add documentation for it.
	14
	15	\H{errors-hostkey-absent} \q{The server's host key is not cached in
	16	the registry}
	17
	18	This error message occurs when PuTTY connects to a new SSH server.
	19	Every server identifies itself by means of a host key; once PuTTY
	20	knows the host key for a server, it will be able to detect if a
	21	malicious attacker redirects your connection to another machine.
	22
	23	If you see this message, it means that PuTTY has not seen this host
	24	key before, and has no way of knowing whether it is correct or not.
	25	You should attempt to verify the host key by other means, such as
	26	asking the machine's administrator.
	27
	28	If you see this message and you know that your installation of PuTTY
	29	\e{has} connected to the same server before, it may have been
	30	recently upgraded to SSH protocol version 2. SSH protocols 1 and 2
	31	use separate host keys, so when you first use SSH 2 with a server
	32	you have only used SSH 1 with before, you will see this message
	33	again. You should verify the correctness of the key as before.
	34
	35	See \k{gs-hostkey} for more information on host keys.
	36
	37	\H{errors-hostkey-wrong} \q{WARNING - POTENTIAL SECURITY BREACH!}
	38
	39	This message, followed by \q{The server's host key does not match
	40	the one PuTTY has cached in the registry}, means that PuTTY has
	41	connected to the SSH server before, knows what its host key
	42	\e{should} be, but has found a different one.
	43
	44	This may mean that a malicious attacker has replaced your server
	45	with a different one, or has redirected your network connection to
	46	their own machine. On the other hand, it may simply mean that the
	47	administrator of your server has accidentally changed the key while
	48	upgrading the SSH software; this \e{shouldn't} happen but it is
	49	unfortunately possible.
	50
	51	You should contact your server's administrator and see whether they
	52	expect the host key to have changed. If so, verify the new host key
	53	in the same way as you would if it was new.
	54
	55	See \k{gs-hostkey} for more information on host keys.
	56
	57	\H{errors-portfwd-space} \q{Out of space for port forwardings}
	58
	59	PuTTY has a fixed-size buffer which it uses to store the details of
	60	all port forwardings you have set up in an SSH session. If you
	61	specify too many port forwardings on the PuTTY or Plink command line
	62	and this buffer becomes full, you will see this error message.
	63
	64	We need to fix this (fixed-size buffers are almost always a mistake)
	65	but we haven't got round to it. If you actually have trouble with
66	this, let us know and we'll move it up our priority list.
67
68	\H{errors-cipher-warning} \q{The first cipher supported by the server is
69	... below the configured warning threshold}
70
71	This occurs when the SSH server does not offer any ciphers which you
72	have configured PuTTY to consider strong enough.
73
74	See \k{config-ssh-encryption} for more information on this message.
75
76	\H{errors-memory} \q{Out of memory}
77
78	This occurs when PuTTY tries to allocate more memory than the system
79	can give it. This \e{may} happen for genuine reasons: if the
80	computer really has run out of memory, or if you have configured an
81	extremely large number of lines of scrollback in your terminal.
82	PuTTY is not able to recover from running out of memory; it will
83	terminate immediately after giving this error.
84
85	However, this error can also occur when memory is not running out at
86	all, because PuTTY receives data in the wrong format. In SSH 2 and
87	also in SFTP, the server sends the length of each message before the
88	message itself; so PuTTY will receive the length, try to allocate
89	space for the message, and then receive the rest of the message. If
90	the length PuTTY receives is garbage, it will try to allocate a
91	ridiculous amount of memory, and will terminate with an \q{Out of
92	memory} error.
93
94	This can happen in SSH 2, if PuTTY and the server have not enabled
95	encryption in the same way (see \k{faq-outofmem} in the FAQ). Some
c7f9fab3	96	versions of OpenSSH have a known problem with this: see
91f80e36	97	\k{faq-openssh-bad-openssl}.
	98
	99	This can also happen in PSCP or PSFTP, if your login scripts on the
	100	server generate output: the client program will be expecting an SFTP
	101	message starting with a length, and if it receives some text from
	102	your login scripts instead it will try to interpret them as a
	103	message length. See \k{faq-outofmem2} for details of this.
	104
	105	\H{errors-internal} \q{Internal error}, \q{Internal fault},
	106	\q{Assertion failed}
	107
	108	Any error beginning with the word \q{Internal} should \e{never}
	109	occur. If it does, there is a bug in PuTTY by definition; please see
	110	\k{feedback} and report it to us.
	111
	112	Similarly, any error message starting with \q{Assertion failed} is a
	113	bug in PuTTY. Please report it to us, and include the exact text
	114	from the error message box.
	115
	116	\H{errors-refused} \q{Server refused our public key} or \q{Key
	117	refused}
	118
	119	Various forms of this error are printed in the PuTTY window, or
	120	written to the PuTTY Event Log (see \k{using-eventlog}) when trying
	121	public-key authentication.
	122
	123	If you see one of these messages, it means that PuTTY has sent a
	124	public key to the server and offered to authenticate with it, and
	125	the server has refused to accept authentication. This usually means
	126	that the server is not configured to accept this key to authenticate
	127	this user.
	128
	129	This is almost certainly not a problem with PuTTY. If you see this
	130	type of message, the first thing you should do is check your
	131	\e{server} configuration carefully. Also, read the PuTTY Event Log;
	132	the server may have sent diagnostic messages explaining exactly what
	133	problem it had with your setup.
	134
	135	\H{errors-crc} \q{Incorrect CRC received on packet} or \q{Incorrect
	136	MAC received on packet}
	137
	138	This error occurs when PuTTY decrypts an SSH packet and its checksum
	139	is not correct. This probably means something has gone wrong in the
	140	encryption or decryption process. It's difficult to tell from this
	141	error message whether the problem is in the client or in the server.
	142
	143	A known server problem which can cause this error is described in
	144	\k{faq-openssh-bad-openssl} in the FAQ.
	145
	146	\H{errors-garbled} \q{Incoming packet was garbled on decryption}
	147
	148	This error occurs when PuTTY decrypts an SSH packet and the
	149	decrypted data makes no sense. This probably means something has
	150	gone wrong in the encryption or decryption process. It's difficult
	151	to tell from this error message whether the problem is in the client
	152	or in the server.
	153
	154	A known server problem which can cause this error is described in
	155	\k{faq-openssh-bad-openssl} in the FAQ.
	156
	157	\H{errors-x11-proxy} \q{Authentication failed at PuTTY X11 proxy}
	158
	159	This error is reported when PuTTY is doing X forwarding. It is sent
	160	back to the X application running on the SSH server, which will
161	usually report the error to the user.
162
163	When PuTTY enables X forwarding (see \k{using-x-forwarding}) it
164	creates a virtual X display running on the SSH server. This display
165	requires authentication to connect to it (this is how PuTTY prevents
166	other users on your server machine from connecting through the PuTTY
167	proxy to your real X display). PuTTY also sends the server the
168	details it needs to enable clients to connect, and the server should
169	put this mechanism in place automatically, so your X applications
170	should just work.
171
172	A common reason why people see this message is because they used SSH
173	to log in as one user (let's say \q{fred}), and then used the Unix
174	\c{su} command to become another user (typically \q{root}). The
175	original user, \q{fred}, has access to the X authentication data
176	provided by the SSH server, and can run X applications which are
177	forwarded over the SSH connection. However, the second user
178	(\q{root}) does not automatically have the authentication data
179	passed on to it, so attempting to run an X application as that user
180	often fails with this error.
181
182	If this happens, \e{it is not a problem with PuTTY}. You need to
183	arrange for your X authentication data to be passed from the user
184	you logged in as to the user you used \c{su} to become. How you do
185	this depends on your particular system; in fact many modern versions
186	of \c{su} do it automatically.
187
188	\H{errors-connaborted} \q{Network error: Software caused connection
189	abort}
190
191	In modern versions of PuTTY, you should not see this error.
192
193	Windows's documentation about this error condition is not very good,
194	but as far as we can tell, this error occurs when PuTTY is listening
195	on a port, another program makes a connection to that port, but
196	closes the connection so fast that PuTTY has no time to answer it.
197
198	PuTTY only ever listens on a port when it is doing local-to-remote
199	port forwarding (see \k{using-port-forwarding}); and if an incoming
200	connection on that port receives this error, PuTTY should simply
201	close the connection and continue without error.
202
203	If you see this error in PuTTY 0.53 or above, we would welcome a
204	report of the circumstances.
205
206	\H{errors-connreset} \q{Network error: Connection reset by peer}
207
208	This error occurs when the machines at each end of a network
209	connection lose track of the state of the connection between them.
210	For example, you might see it if your SSH server crashes, and
211	manages to reboot fully before you next attempt to send data to it.
212
213	However, the most common reason to see this message is if you are
214	connecting through a firewall or a NAT router which has timed the
215	connection out. See \k{faq-idleout} in the FAQ for more details. You
216	may be able to improve the situation by using keepalives; see
217	\k{config-keepalive} for details on this.
218
219	\H{errors-connrefused} \q{Network error: Connection refused}
220
221	This error means that the network connection PuTTY tried to make to
222	your server was rejected by the server. Usually this happens because
223	the server does not provide the service which PuTTY is trying to
224	access.
225
226	Check that you are connecting with the correct protocol (SSH, Telnet
227	or Rlogin), and check that the port number is correct. If that
228	fails, consult the administrator of your server.