X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/421406a46c2afcbfbb2ae69e9aa4b256db80e283..HEAD:/doc/errors.but diff --git a/doc/errors.but b/doc/errors.but index bc352ce5..48250d6b 100644 --- a/doc/errors.but +++ b/doc/errors.but @@ -58,37 +58,33 @@ in the same way as you would if it was new. See \k{gs-hostkey} for more information on host keys. -\H{errors-portfwd-space} \q{Out of space for port forwardings} - -PuTTY has a fixed-size buffer which it uses to store the details of -all \i{port forwardings} you have set up in an SSH session. If you -specify too many port forwardings on the PuTTY or Plink command line -and this buffer becomes full, you will see this error message. - -We need to fix this (fixed-size buffers are almost always a mistake) -but we haven't got round to it. If you actually have trouble with -this, let us know and we'll move it up our priority list. - \H{errors-cipher-warning} \q{The first cipher supported by the server is ... below the configured warning threshold} This occurs when the SSH server does not offer any ciphers which you have configured PuTTY to consider strong enough. By default, PuTTY -puts up this warning only for \ii{single-DES} encryption. +puts up this warning only for \ii{single-DES} and \i{Arcfour} encryption. See \k{config-ssh-encryption} for more information on this message. \H{errors-toomanyauth} \q{Server sent disconnect message type 2 -(SSH_DISCONNECT_PROTOCOL_ERROR): "Too many authentication failures for root"} +(protocol error): "Too many authentication failures for root"} This message is produced by an \i{OpenSSH} (or \i{Sun SSH}) server if it receives more failed authentication attempts than it is willing to -tolerate. This can easily happen if you are using Pageant and have a -large number of keys loaded into it. This can be worked around on the -server by disabling public-key authentication or (for Sun SSH only) by -increasing \c{MaxAuthTries} in \c{sshd_config}. Neither of these is a -really satisfactory solution, and we hope to provide a better one in a -future version of PuTTY. +tolerate. + +This can easily happen if you are using Pageant and have a +large number of keys loaded into it, since these servers count each +offer of a public key as an authentication attempt. This can be worked +around by specifying the key that's required for the authentication in +the PuTTY configuration (see \k{config-ssh-privkey}); PuTTY will ignore +any other keys Pageant may have, but will ask Pageant to do the +authentication, so that you don't have to type your passphrase. + +On the server, this can be worked around by disabling public-key +authentication or (for Sun SSH only) by increasing \c{MaxAuthTries} in +\c{sshd_config}. \H{errors-memory} \q{\ii{Out of memory}} @@ -175,6 +171,9 @@ user's home directory on the server. Also, read the PuTTY Event Log; the server may have sent diagnostic messages explaining exactly what problem it had with your setup. +\K{pubkey-gettingready} has some hints on server-side public key +setup. + \H{errors-access-denied} \q{Access denied}, \q{Authentication refused} Various forms of this error are printed in the PuTTY window, or @@ -193,8 +192,15 @@ the various strategies we use for camouflaging passwords in transit. Upgrade your server, or use the workarounds described in \k{config-ssh-bug-ignore1} and possibly \k{config-ssh-bug-plainpw1}. +\H{errors-no-auth} \q{No supported authentication methods available} + +This error indicates that PuTTY has run out of ways to authenticate +you to an SSH server. This may be because PuTTY has TIS or +keyboard-interactive authentication disabled, in which case +\k{config-ssh-tis} and \k{config-ssh-ki}. + \H{errors-crc} \q{Incorrect \i{CRC} received on packet} or \q{Incorrect -MAC received on packet} +\i{MAC} received on packet} This error occurs when PuTTY decrypts an SSH packet and its checksum is not correct. This probably means something has gone wrong in the @@ -202,6 +208,14 @@ encryption or decryption process. It's difficult to tell from this error message whether the problem is in the client, in the server, or in between. +In particular, if the network is corrupting data at the TCP level, it +may only be obvious with cryptographic protocols such as SSH, which +explicitly check the integrity of the transferred data and complain +loudly if the checks fail. Corruption of protocols without integrity +protection (such as HTTP) will manifest in more subtle failures (such +as misdisplayed text or images in a web browser) which may not be +noticed. + A known server problem which can cause this error is described in \k{faq-openssh-bad-openssl} in the FAQ. @@ -213,9 +227,10 @@ gone wrong in the encryption or decryption process. It's difficult to tell from this error message whether the problem is in the client, in the server, or in between. -If you get this error, one thing you could try would be to fiddle -with the setting of \q{Miscomputes SSH-2 encryption keys} on the Bugs -panel (see \k{config-ssh-bug-derivekey2}). +If you get this error, one thing you could try would be to fiddle with +the setting of \q{Miscomputes SSH-2 encryption keys} (see +\k{config-ssh-bug-derivekey2}) or \q{Ignores SSH-2 maximum packet +size} (see \k{config-ssh-bug-maxpkt2}) on the Bugs panel . Another known server problem which can cause this error is described in \k{faq-openssh-bad-openssl} in the FAQ.