X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/f2003e3230fa6f3a1cc5d60256d1a19c8b0022d5..f1453e5c27f7510165ddea0fef82c7c38751c6d5:/doc/faq.but

diff --git a/doc/faq.but b/doc/faq.but
index dd48c8b9..2b6dc8c9 100644
--- a/doc/faq.but
+++ b/doc/faq.but
@@ -101,6 +101,41 @@ authentication, which is more flexible and more secure. See
 \k{pubkey} in the documentation for a full discussion of public key
 authentication.
 
+\S{faq-hostkeys} Is there an option to turn off the annoying host
+key prompts?
+
+No, there isn't. And there won't be. Even if you write it yourself
+and send us the patch, we won't accept it.
+
+Those annoying host key prompts are the \e{whole point} of SSH.
+Without them, all the cryptographic technology SSH uses to secure
+your session is doing nothing more than making an attacker's job
+slightly harder; instead of sitting between you and the server with
+a packet sniffer, the attacker must actually subvert a router and
+start modifying the packets going back and forth. But that's not all
+that much harder than just sniffing; and without host key checking,
+it will go completely undetected by client or server.
+
+Host key checking is your guarantee that the encryption you put on
+your data at the client end is the \e{same} encryption taken off the
+data at the server end; it's your guarantee that it hasn't been
+removed and replaced somewhere on the way. Host key checking makes
+the attacker's job \e{astronomically} hard, compared to packet
+sniffing, and even compared to subverting a router. Instead of
+applying a little intelligence and keeping an eye on Bugtraq, the
+attacker must now perform a brute-force attack against at least one
+military-strength cipher. That insignificant host key prompt really
+does make \e{that} much difference.
+
+If you're having a specific problem with host key checking - perhaps
+you want an automated batch job to make use of PSCP or Plink, and
+the interactive host key prompt is hanging the batch process - then
+the right way to fix it is to add the correct host key to the
+Registry in advance. That way, you retain the \e{important} feature
+of host key checking: the right key will be accepted and the wrong
+ones will not. Adding an option to turn host key checking off
+completely is the wrong solution and we will not do it.
+
 \S{faq-server} Will you write an SSH server for the PuTTY suite, to
 go with the client?
 
@@ -294,13 +329,15 @@ If you're looking in the 0.51 release or earlier, the Tunnels panel
 isn't there. It was added in the development snapshots after 0.51,
 and releases 0.52 and onwards will contain it.
 
-\S{faq-options} How do I use all PuTTY's features (port forwarding,
-SSH v2 etc) in Plink?
+\S{faq-options} How do I use all PuTTY's features (public keys, port
+forwarding, SSH v2, etc.) in PSCP, PSFTP and Plink?
 
-Plink is currently rather short of command line options to enable
-this sort of thing. You can use these features if you create a PuTTY
-saved session, and then use the name of the saved session on Plink's
-command line in place of a hostname.
+The command-line tools are currently rather short of command line
+options to enable this sort of thing. However, you can use most of
+PuTTY's features if you create a PuTTY saved session, and then use
+the name of the saved session on the command line in place of a
+hostname. This works for PSCP, PSFTP and Plink (but don't expect
+port forwarding in the file transfer applications!).
 
 \S{faq-pscp} How do I use PSCP.EXE? When I double-click it gives me
 a command prompt window which then closes instantly.
@@ -440,6 +477,28 @@ and you should report it (although it might be a bug in your SSH
 server instead); but it doesn't necessarily mean you've actually run
 out of memory.
 
+\S{faq-bce} When I run full-colour applications, I see areas of
+black space where colour ought to be.
+
+You almost certainly need to enable the \q{Use background colour to
+erase screen} setting in the Terminal panel. Note that if you do
+this in mid-session, it won't take effect until you reset the
+terminal (see \k{faq-resetterm}).
+
+\S{faq-resetterm} When I change some terminal settings, nothing
+happens.
+
+Some of the terminal options (notably Auto Wrap and
+background-colour screen erase) actually represent the \e{default}
+setting, rather than the currently active setting. The server can
+send sequences that modify these options in mid-session, but when
+the terminal is reset (by server action, or by you choosing \q{Reset
+Terminal} from the System menu) the defaults are restored.
+
+If you want to change one of these options in the middle of a
+session, you will find that the change does not immediately take
+effect. It will only take effect once you reset the terminal.
+
 \S{faq-altgr} I can't type characters that require the AltGr key.
 
 In PuTTY version 0.51, the AltGr key was broken. The bug has been