X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/bf98289914f47f394aa0cc442c267e56490c9e70..934dbf050b7f8043eab8f0f04365f18a6b9055f3:/doc/config.but diff --git a/doc/config.but b/doc/config.but index 18c9d9fb..3b744356 100644 --- a/doc/config.but +++ b/doc/config.but @@ -184,6 +184,11 @@ compressed, etc) packets are \e{also} logged. This could be useful to diagnose corruption in transit. (The same caveats as the previous mode apply, of course.) +Note that the non-SSH logging options (\q{Printable output} and +\q{All session output}) only work with PuTTY proper; in programs +without terminal emulation (such as Plink), they will have no effect, +even if enabled via saved settings. + \S{config-logfilename} \q{Log file name} \cfg{winhelp-topic}{logging.filename} @@ -882,7 +887,7 @@ commands from the server. If you find PuTTY is doing this unexpectedly or inconveniently, you can tell PuTTY not to respond to those server commands. -\S{config-features-qtitle} Disabling remote \i{window title} querying +\S{config-features-qtitle} Response to remote \i{window title} querying \cfg{winhelp-topic}{features.qtitle} @@ -899,8 +904,28 @@ service to have the new window title sent back to the server as if typed at the keyboard. This allows an attacker to fake keypresses and potentially cause your server-side applications to do things you didn't want. Therefore this feature is disabled by default, and we -recommend you do not turn it on unless you \e{really} know what you -are doing. +recommend you do not set it to \q{Window title} unless you \e{really} +know what you are doing. + +There are three settings for this option: + +\dt \q{None} + +\dd PuTTY makes no response whatsoever to the relevant escape +sequence. This may upset server-side software that is expecting some +sort of response. + +\dt \q{Empty string} + +\dd PuTTY makes a well-formed response, but leaves it blank. Thus, +server-side software that expects a response is kept happy, but an +attacker cannot influence the response string. This is probably the +setting you want if you have no better ideas. + +\dt \q{Window title} + +\dd PuTTY responds with the actual window title. This is dangerous for +the reasons described above. \S{config-features-dbackspace} Disabling \i{destructive backspace} @@ -978,7 +1003,7 @@ The Window configuration panel allows you to control aspects of the \cfg{winhelp-topic}{window.size} -The \q{\ii{Rows}} and \q{\ii{Columns}} boxes let you set the PuTTY +The \q{\ii{Columns}} and \q{\ii{Rows}} boxes let you set the PuTTY window to a precise size. Of course you can also \I{window resizing}drag the window to a new size while a session is running. @@ -2200,7 +2225,7 @@ separate configuration of the preference orders. As a result you may get two warnings similar to the one above, possibly with different encryptions. -Single-DES is not recommended in the SSH-2 draft protocol +Single-DES is not recommended in the SSH-2 protocol standards, but one or two server implementations do support it. PuTTY can use single-DES to interoperate with these servers if you enable the \q{Enable legacy use of single-DES in @@ -2281,7 +2306,7 @@ These options control how often PuTTY will initiate a repeat key exchange (\q{rekey}). You can also force a key exchange at any time from the Special Commands menu (see \k{using-specials}). -\# FIXME: do we have any additions to the SSH-2 drafts' advice on +\# FIXME: do we have any additions to the SSH-2 specs' advice on these values? Do we want to enforce any limits? \b \q{Max minutes before rekey} specifies the amount of time that is @@ -2886,7 +2911,7 @@ This is an SSH-2-specific bug. Versions below 3.3 of \i{OpenSSH} require SSH-2 RSA signatures to be padded with zero bytes to the same length as the RSA key modulus. -The SSH-2 draft specification says that an unpadded signature MUST be +The SSH-2 specification says that an unpadded signature MUST be accepted, so this is a bug. A typical symptom of this problem is that PuTTY mysteriously fails RSA authentication once in every few hundred attempts, and falls back to passwords. @@ -2950,7 +2975,7 @@ The \q{Serial line to connect to} box allows you to choose which serial line you want PuTTY to talk to, if your computer has more than one serial port. -On Windows, the first serial line is called \cw{COM1}, and if there +On Windows, the first serial line is called \i\cw{COM1}, and if there is a second it is called \cw{COM2}, and so on. This configuration setting is also visible on the Session panel,