X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/9dda64599614c85260f2559f6b9688c0e971edb9..c5e438ecf3f6d7b8caab10e43a452f3555149309:/doc/faq.but

diff --git a/doc/faq.but b/doc/faq.but
index 1aa42760..3459826f 100644
--- a/doc/faq.but
+++ b/doc/faq.but
@@ -1,4 +1,4 @@
-\versionid $Id: faq.but,v 1.25 2002/05/11 16:45:29 simon Exp $
+\versionid $Id: faq.but,v 1.36 2002/10/10 14:39:35 jacob Exp $
 
 \A{faq} PuTTY FAQ
 
@@ -37,10 +37,9 @@ version 0.52.
 \S{faq-ssh2-keyfmt}{Question} Does PuTTY support reading OpenSSH or
 \cw{ssh.com} SSHv2 private key files?
 
-Version 0.52 doesn't, but in the latest development snapshots
-PuTTYgen can load OpenSSH private keys. We plan to add an export
-feature so that it can save them as well, and we also plan to
-support the \cw{ssh.com} key format.
+PuTTY doesn't support this natively, but as of 0.53
+PuTTYgen can convert both OpenSSH and \cw{ssh.com} private key
+files into PuTTY's format.
 
 \S{faq-ssh1}{Question} Does PuTTY support SSH v1?
 
@@ -194,7 +193,7 @@ We do not have ports for any other systems at the present time. If
 anyone told you we had a Unix port, or an iPaq port, or any other
 port of PuTTY, they were mistaken. We don't.
 
-\S{faq-wince}{Question} Will there be a port to Windows CE?
+\S{faq-wince}{Question} Will there be a port to Windows CE or PocketPC?
 
 Probably not in the particularly near future. Despite sharing large
 parts of the Windows API, in practice WinCE doesn't appear to be
@@ -331,7 +330,10 @@ To run a PuTTY session saved under the name \q{\cw{mysession}},
 create a Windows shortcut that invokes PuTTY with a command line
 like
 
-\c \path\name\to\putty.exe @mysession
+\c \path\name\to\putty.exe -load mysession
+
+(Note: prior to 0.53, the syntax was \c{@session}. This is now
+deprecated and may be removed at some point.)
 
 \S{faq-startssh}{Question} How can I start an SSH session straight
 from the command line?
@@ -366,10 +368,13 @@ forwarding? I can't find the Tunnels panel.
 This is a new feature in version 0.52. You should upgrade.
 
 \S{faq-options}{Question} How do I use all PuTTY's features (public
-keys, port forwarding, SSH v2, etc.) in PSCP, PSFTP and Plink?
+keys, proxying, cipher selection, etc.) in PSCP, PSFTP and Plink?
+
+Most major features (e.g., public keys, port forwarding) are available
+through command line options. See the documentation.
 
-The command-line tools are currently rather short of command line
-options to enable this sort of thing. However, you can use most of
+Not all features are accessible from the command line yet, although
+we'd like to fix this. In the meantime, you can use most of
 PuTTY's features if you create a PuTTY saved session, and then use
 the name of the saved session on the command line in place of a
 hostname. This works for PSCP, PSFTP and Plink (but don't expect
@@ -507,7 +512,7 @@ v2 servers from \cw{ssh.com} will require the key exchange to be
 repeated one hour after the start of the connection, and PuTTY will
 get this wrong.
 
-Upgrade to version 0.52 and the problem should go away.
+Upgrade to version 0.52 or better and the problem should go away.
 
 \S{faq-outofmem}{Question} After trying to establish an SSH 2
 connection, PuTTY says \q{Out of memory} and dies.
@@ -588,7 +593,7 @@ effect. It will only take effect once you reset the terminal.
 AltGr key.
 
 In PuTTY version 0.51, the AltGr key was broken. Upgrade to version
-0.52.
+0.52 or better.
 
 \S{faq-idleout}{Question} My PuTTY sessions unexpectedly close after
 they are idle for a while.
@@ -713,17 +718,22 @@ You should still read the
 page} on the PuTTY website (also provided as \k{feedback} in the
 manual), and follow the guidelines contained in that.
 
-\S{faq-broken-openssh31}{Question} Since my SSH server was upgraded to
-OpenSSH 3.1p1, I can no longer connect with PuTTY.
+\S{faq-openssh-bad-openssl}{Question} Since my SSH server was upgraded
+to OpenSSH 3.1p1/3.4p1, I can no longer connect with PuTTY.
 
 There is a known problem when OpenSSH has been built against an
 incorrect version of OpenSSL; the quick workaround is to configure
 PuTTY to use SSH protocol 2 and the Blowfish cipher.
 
+For more details and OpenSSH patches, see
+\W{http://bugzilla.mindrot.org/show_bug.cgi?id=138}{bug 138} in the
+OpenSSH BTS.
+
 This is not a PuTTY-specific problem; if you try to connect with
-another client you'll likely have similar problems.
+another client you'll likely have similar problems. (Although PuTTY's
+default cipher differs from many other clients.)
 
-Configurations known to be broken (and symptoms):
+\e{OpenSSH 3.1p1:} configurations known to be broken (and symptoms):
 
 \b SSH 2 with AES cipher (PuTTY says "Assertion failed! Expression:
 (len & 15) == 0" in sshaes.c, or "Out of memory", or crashes)
@@ -735,9 +745,24 @@ packet")
 
 \b SSH 1 with 3DES
 
-For more details and OpenSSH patches, see
-\W{http://bugzilla.mindrot.org/show_bug.cgi?id=138}{bug 138} in the
-OpenSSH BTS.
+\e{OpenSSH 3.4p1:} as of 3.4p1, only the problem with SSH 1 and
+Blowfish remains. Rebuild your server, apply the patch linked to from
+bug 138 above, or use another cipher (e.g., 3DES) instead.
+
+\e{Other versions:} we occasionally get reports of the same symptom
+and workarounds with older versions of OpenSSH, although it's not
+clear the underlying cause is the same.
+
+\S{faq-ssh2key-ssh1conn}{Question} Why do I see "Couldn't load private
+key from ..."? Why can PuTTYgen load my key but not PuTTY?
+
+It's likely that you've generated an SSH protocol 2 key with PuTTYgen,
+but you're trying to use it in an SSH 1 connection. SSH1 and SSH2 keys
+have different formats, and (at least in 0.52) PuTTY's reporting of a
+key in the wrong format isn't optimal.
+
+To connect using SSH 2 to a server that supports both versions, you
+need to change the configuration from the default (see \k{faq-ssh2}).
 
 \H{faq-secure} Security questions
 
@@ -781,6 +806,16 @@ all. For this reason we now believe PuTTY's DSA implementation is
 probably OK. However, if you have the choice, we still recommend you
 use RSA instead.
 
+\S{faq-virtuallock}{Question} Couldn't Pageant use
+\cw{VirtualLock()} to stop private keys being written to disk?
+
+Unfortunately not. The \cw{VirtualLock()} function in the Windows
+API doesn't do a proper job: it may prevent small pieces of a
+process's memory from being paged to disk while the process is
+running, but it doesn't stop the process's memory as a whole from
+being swapped completely out to disk when the process is long-term
+inactive. And Pageant spends most of its time inactive.
+
 \H{faq-admin} Administrative questions
 
 \S{faq-domain}{Question} Would you like me to register you a nicer
@@ -878,6 +913,15 @@ developers. If you want to be sure your donation is going towards
 something worthwhile, ask us first. If you don't like these terms,
 feel perfectly free not to donate. We don't mind.
 
+\H{faq-misc} Miscellaneous questions
+
+\S{faq-openssh}{Question} Is PuTTY a port of OpenSSH, or based on
+OpenSSH?
+
+No, it isn't. PuTTY is almost completely composed of code written
+from scratch for PuTTY. The only code we share with OpenSSH is the
+detector for SSH1 CRC compensation attacks, written by CORE SDI S.A.
+
 \S{faq-sillyputty}{Question} Where can I buy silly putty?
 
 You're looking at the wrong web site; the only PuTTY we know about