case SSH_KEYTYPE_SSH1:
if (sshver == 2) {
- fprintf(stderr, "puttygen: conversion from SSH1 to SSH2 keys"
+ fprintf(stderr, "puttygen: conversion from SSH-1 to SSH-2 keys"
" not supported\n");
return 1;
}
case SSH_KEYTYPE_OPENSSH:
case SSH_KEYTYPE_SSHCOM:
if (sshver == 1) {
- fprintf(stderr, "puttygen: conversion from SSH2 to SSH1 keys"
+ fprintf(stderr, "puttygen: conversion from SSH-2 to SSH-1 keys"
" not supported\n");
return 1;
}
l = ssh1_read_bignum(blob + n, bloblen - n,
&ssh1key->exponent);
if (l < 0) {
- error = "SSH1 public key blob was too short";
+ error = "SSH-1 public key blob was too short";
} else {
n += l;
l = ssh1_read_bignum(blob + n, bloblen - n,
&ssh1key->modulus);
if (l < 0) {
- error = "SSH1 public key blob was too short";
+ error = "SSH-1 public key blob was too short";
} else
n += l;
}
assert(ssh1key);
ret = saversakey(&outfilename, ssh1key, passphrase);
if (!ret) {
- fprintf(stderr, "puttygen: unable to save SSH1 private key\n");
+ fprintf(stderr, "puttygen: unable to save SSH-1 private key\n");
return 1;
}
} else {
assert(ssh2key);
ret = ssh2_save_userkey(&outfilename, ssh2key, passphrase);
if (!ret) {
- fprintf(stderr, "puttygen: unable to save SSH2 private key\n");
+ fprintf(stderr, "puttygen: unable to save SSH-2 private key\n");
return 1;
}
}
* Change the comment of the key; this _does_ require a
* passphrase owing to the tamperproofing.
*
- * NOTE: In SSH1, this only requires a passphrase because
+ * NOTE: In SSH-1, this only requires a passphrase because
* of inadequacies of the loading and saving mechanisms. In
* _principle_, it should be perfectly possible to modify
- * the comment on an SSH1 key without requiring a
+ * the comment on an SSH-1 key without requiring a
* passphrase; the only reason I can't do it is because my
* loading and saving mechanisms don't include a method of
* loading all the key data without also trying to decrypt
*
* I don't consider this to be a problem worth solving,
* because (a) to fix it would probably end up bloating
- * PuTTY proper, and (b) SSH1 is on the way out anyway so
+ * PuTTY proper, and (b) SSH-1 is on the way out anyway so
* it shouldn't be highly significant. If it seriously
* bothers anyone then perhaps I _might_ be persuadable.
*/
{ "3DES", CIPHER_3DES },
{ "Blowfish", CIPHER_BLOWFISH },
{ "DES", CIPHER_DES },
- { "AES (SSH 2 only)", CIPHER_AES },
+ { "AES (SSH-2 only)", CIPHER_AES },
{ "-- warn below here --", CIPHER_WARN }
};
cipherlist_handler, P(NULL));
c->listbox.height = 6;
- ctrl_checkbox(s, "Enable legacy use of single-DES in SSH 2", 'i',
+ ctrl_checkbox(s, "Enable legacy use of single-DES in SSH-2", 'i',
HELPCTX(ssh_ciphers),
dlg_stdcheckbox_handler,
I(offsetof(Config,ssh2_des_cbc)));
/*
* The Connection/SSH/Kex panel. (Owing to repeat key
* exchange, this is all meaningful in mid-session _if_
- * we're using SSH2 or haven't decided yet.)
+ * we're using SSH-2 or haven't decided yet.)
*/
if (protcfginfo != 1) {
ctrl_settitle(b, "Connection/SSH/Kex",
s = ctrl_getset(b, "Connection/SSH/Auth", "methods",
"Authentication methods");
- ctrl_checkbox(s, "Attempt TIS or CryptoCard auth (SSH1)", 'm',
+ ctrl_checkbox(s, "Attempt TIS or CryptoCard auth (SSH-1)", 'm',
HELPCTX(ssh_auth_tis),
dlg_stdcheckbox_handler,
I(offsetof(Config,try_tis_auth)));
- ctrl_checkbox(s, "Attempt \"keyboard-interactive\" auth (SSH2)",
+ ctrl_checkbox(s, "Attempt \"keyboard-interactive\" auth (SSH-2)",
'i', HELPCTX(ssh_auth_ki),
dlg_stdcheckbox_handler,
I(offsetof(Config,try_ki_auth)));
ctrl_checkbox(s, "Allow agent forwarding", 'f',
HELPCTX(ssh_auth_agentfwd),
dlg_stdcheckbox_handler, I(offsetof(Config,agentfwd)));
- ctrl_checkbox(s, "Allow attempted changes of username in SSH2", 'u',
+ ctrl_checkbox(s, "Allow attempted changes of username in SSH-2", 'u',
HELPCTX(ssh_auth_changeuser),
dlg_stdcheckbox_handler,
I(offsetof(Config,change_username)));
HELPCTX(ssh_tunnels_portfwd_localhost),
dlg_stdcheckbox_handler,
I(offsetof(Config,lport_acceptall)));
- ctrl_checkbox(s, "Remote ports do the same (SSH v2 only)", 'p',
+ ctrl_checkbox(s, "Remote ports do the same (SSH-2 only)", 'p',
HELPCTX(ssh_tunnels_portfwd_localhost),
dlg_stdcheckbox_handler,
I(offsetof(Config,rport_acceptall)));
s = ctrl_getset(b, "Connection/SSH/Bugs", "main",
"Detection of known bugs in SSH servers");
- ctrl_droplist(s, "Chokes on SSH1 ignore messages", 'i', 20,
+ ctrl_droplist(s, "Chokes on SSH-1 ignore messages", 'i', 20,
HELPCTX(ssh_bugs_ignore1),
sshbug_handler, I(offsetof(Config,sshbug_ignore1)));
- ctrl_droplist(s, "Refuses all SSH1 password camouflage", 's', 20,
+ ctrl_droplist(s, "Refuses all SSH-1 password camouflage", 's', 20,
HELPCTX(ssh_bugs_plainpw1),
sshbug_handler, I(offsetof(Config,sshbug_plainpw1)));
- ctrl_droplist(s, "Chokes on SSH1 RSA authentication", 'r', 20,
+ ctrl_droplist(s, "Chokes on SSH-1 RSA authentication", 'r', 20,
HELPCTX(ssh_bugs_rsa1),
sshbug_handler, I(offsetof(Config,sshbug_rsa1)));
- ctrl_droplist(s, "Miscomputes SSH2 HMAC keys", 'm', 20,
+ ctrl_droplist(s, "Miscomputes SSH-2 HMAC keys", 'm', 20,
HELPCTX(ssh_bugs_hmac2),
sshbug_handler, I(offsetof(Config,sshbug_hmac2)));
- ctrl_droplist(s, "Miscomputes SSH2 encryption keys", 'e', 20,
+ ctrl_droplist(s, "Miscomputes SSH-2 encryption keys", 'e', 20,
HELPCTX(ssh_bugs_derivekey2),
sshbug_handler, I(offsetof(Config,sshbug_derivekey2)));
- ctrl_droplist(s, "Requires padding on SSH2 RSA signatures", 'p', 20,
+ ctrl_droplist(s, "Requires padding on SSH-2 RSA signatures", 'p', 20,
HELPCTX(ssh_bugs_rsapad2),
sshbug_handler, I(offsetof(Config,sshbug_rsapad2)));
ctrl_droplist(s, "Misuses the session ID in PK auth", 'n', 20,
#! /usr/bin/env python
-# $Id: kh2reg.py,v 1.3 2003/10/21 13:26:12 jacob Exp $
+# $Id$
# Convert OpenSSH known_hosts and known_hosts2 files to "new format" PuTTY
# host keys.
# usage:
# is second field entirely decimal digits?
if re.match (r"\d*$", fields[1]):
- # Treat as SSH1-type host key.
+ # Treat as SSH-1-type host key.
# Format: hostpat bits10 exp10 mod10 comment...
# (PuTTY doesn't store the number of bits.)
magicnumbers = map (long, fields[2:4])
else:
- # Treat as SSH2-type host key.
+ # Treat as SSH-2-type host key.
# Format: hostpat keytype keyblob64 comment...
sshkeytype, blob = fields[1], base64.decodestring (fields[2])
protocols offer no way of implementing them. (For an alternative, see
\k{config-tcp-keepalives}.)
-Note that if you are using SSH1 and the server has a bug that makes
-it unable to deal with SSH1 ignore messages (see
+Note that if you are using SSH-1 and the server has a bug that makes
+it unable to deal with SSH-1 ignore messages (see
\k{config-ssh-bug-ignore1}), enabling keepalives will have no effect.
\S{config-nodelay} \q{Disable Nagle's algorithm}
whole mechanism.
Version 2 of the SSH protocol also provides a similar mechanism,
-which is easier to implement without security flaws. Newer SSH2
+which is easier to implement without security flaws. Newer SSH-2
servers are more likely to support it than older ones.
-This configuration data is not used in the SSHv1, rlogin or raw
+This configuration data is not used in the SSH-1, rlogin or raw
protocols.
To add an environment variable to the list transmitted down the
get two warnings similar to the one above, possibly with different
encryptions.
-Single-DES is not recommended in the SSH 2 draft protocol
+Single-DES is not recommended in the SSH-2 draft protocol
standards, but one or two server implementations do support it.
PuTTY can use single-DES to interoperate with
these servers if you enable the \q{Enable legacy use of single-DES in
-SSH 2} option; by default this is disabled and PuTTY will stick to
+SSH-2} option; by default this is disabled and PuTTY will stick to
recommended ciphers.
\H{config-ssh-kex} The Kex panel
\cfg{winhelp-topic}{ssh.auth.ki}
-The SSH 2 equivalent of TIS authentication is called
+The SSH-2 equivalent of TIS authentication is called
\q{keyboard-interactive}. It is a flexible authentication method
using an arbitrary sequence of requests and responses; so it is not
only useful for challenge/response mechanisms such as S/Key, but it
there is a security risk involved with enabling this option; see
\k{pageant-security} for details.
-\S{config-ssh-changeuser} \q{Allow attempted changes of username in SSH2}
+\S{config-ssh-changeuser} \q{Allow attempted changes of username in SSH-2}
\cfg{winhelp-topic}{ssh.auth.changeuser}
-In the SSH 1 protocol, it is impossible to change username after
+In the SSH-1 protocol, it is impossible to change username after
failing to authenticate. So if you mis-type your username at the
PuTTY \q{login as:} prompt, you will not be able to change it except
by restarting PuTTY.
-The SSH 2 protocol \e{does} allow changes of username, in principle,
-but does not make it mandatory for SSH 2 servers to accept them. In
+The SSH-2 protocol \e{does} allow changes of username, in principle,
+but does not make it mandatory for SSH-2 servers to accept them. In
particular, OpenSSH does not accept a change of username; once you
have sent one username, it will reject attempts to try to
authenticate as another user. (Depending on the version of OpenSSH,
\cw{XDM-AUTHORIZATION-1}, so they will not know what to do with the
data PuTTY has provided.
-\b This authentication mechanism will only work in SSH v2. In SSH
+\b This authentication mechanism will only work in SSH-2. In SSH
v1, the SSH server does not tell the client the source address of
a forwarded connection in a machine-readable format, so it's
impossible to verify the \cw{XDM-AUTHORIZATION-1} data.
will stop listening for connections on that port, so it can be re-used
by another program. If you delete a remote port forwarding, note that:
-\b The SSHv1 protocol contains no mechanism for asking the server to
+\b The SSH-1 protocol contains no mechanism for asking the server to
stop listening on a remote port.
-\b The SSHv2 protocol does contain such a mechanism, but not all SSH
+\b The SSH-2 protocol does contain such a mechanism, but not all SSH
servers support it. (In particular, OpenSSH does not support it in
any version earlier than 3.9.)
\b The \q{Remote ports do the same} option does the same thing for
remote-to-local port forwardings (so that machines other than the
SSH server machine can connect to the forwarded port.) Note that
-this feature is only available in the SSH 2 protocol, and not all
-SSH 2 servers support it (OpenSSH 3.0 does not, for example).
+this feature is only available in the SSH-2 protocol, and not all
+SSH-2 servers support it (OpenSSH 3.0 does not, for example).
\S{config-ssh-portfwd-address-family} Selecting Internet protocol
version for forwarded ports
\b \q{Auto}: PuTTY will use the server's version number announcement
to try to guess whether or not the server has the bug.
-\S{config-ssh-bug-ignore1} \q{Chokes on SSH1 ignore messages}
+\S{config-ssh-bug-ignore1} \q{Chokes on SSH-1 ignore messages}
\cfg{winhelp-topic}{ssh.bugs.ignore1}
which can be sent from the client to the server, or from the server
to the client, at any time. Either side is required to ignore the
message whenever it receives it. PuTTY uses ignore messages to hide
-the password packet in SSH1, so that a listener cannot tell the
+the password packet in SSH-1, so that a listener cannot tell the
length of the user's password; it also uses ignore messages for
connection keepalives (see \k{config-keepalive}).
If this bug is detected, PuTTY will stop using ignore messages. This
means that keepalives will stop working, and PuTTY will have to fall
-back to a secondary defence against SSH1 password-length
+back to a secondary defence against SSH-1 password-length
eavesdropping. See \k{config-ssh-bug-plainpw1}. If this bug is
enabled when talking to a correct server, the session will succeed,
but keepalives will not work and the session might be more
vulnerable to eavesdroppers than it could be.
-This is an SSH1-specific bug. No known SSH2 server fails to deal
-with SSH2 ignore messages.
+This is an SSH-1-specific bug. No known SSH-2 server fails to deal
+with SSH-2 ignore messages.
-\S{config-ssh-bug-plainpw1} \q{Refuses all SSH1 password camouflage}
+\S{config-ssh-bug-plainpw1} \q{Refuses all SSH-1 password camouflage}
\cfg{winhelp-topic}{ssh.bugs.plainpw1}
-When talking to an SSH1 server which cannot deal with ignore
+When talking to an SSH-1 server which cannot deal with ignore
messages (see \k{config-ssh-bug-ignore1}), PuTTY will attempt to
disguise the length of the user's password by sending additional
padding \e{within} the password packet. This is technically a
-violation of the SSH1 specification, and so PuTTY will only do it
+violation of the SSH-1 specification, and so PuTTY will only do it
when it cannot use standards-compliant ignore messages as
camouflage. In this sense, for a server to refuse to accept a padded
password packet is not really a bug, but it does make life
server, the session will succeed, but will be more vulnerable to
eavesdroppers than it could be.
-This is an SSH1-specific bug. SSH2 is secure against this type of
+This is an SSH-1-specific bug. SSH-2 is secure against this type of
attack.
-\S{config-ssh-bug-rsa1} \q{Chokes on SSH1 RSA authentication}
+\S{config-ssh-bug-rsa1} \q{Chokes on SSH-1 RSA authentication}
\cfg{winhelp-topic}{ssh.bugs.rsa1}
-Some SSH1 servers cannot deal with RSA authentication messages at
-all. If Pageant is running and contains any SSH1 keys, PuTTY will
+Some SSH-1 servers cannot deal with RSA authentication messages at
+all. If Pageant is running and contains any SSH-1 keys, PuTTY will
normally automatically try RSA authentication before falling back to
passwords, so these servers will crash when they see the RSA attempt.
server, the session will succeed, but of course RSA authentication
will be impossible.
-This is an SSH1-specific bug.
+This is an SSH-1-specific bug.
-\S{config-ssh-bug-hmac2} \q{Miscomputes SSH2 HMAC keys}
+\S{config-ssh-bug-hmac2} \q{Miscomputes SSH-2 HMAC keys}
\cfg{winhelp-topic}{ssh.bugs.hmac2}
possible. If this bug is enabled when talking to a correct server,
communication will fail.
-This is an SSH2-specific bug.
+This is an SSH-2-specific bug.
-\S{config-ssh-bug-derivekey2} \q{Miscomputes SSH2 encryption keys}
+\S{config-ssh-bug-derivekey2} \q{Miscomputes SSH-2 encryption keys}
\cfg{winhelp-topic}{ssh.bugs.derivekey2}
be possible. If this bug is enabled when talking to a correct
server, communication will fail.
-This is an SSH2-specific bug.
+This is an SSH-2-specific bug.
-\S{config-ssh-bug-sig} \q{Requires padding on SSH2 RSA signatures}
+\S{config-ssh-bug-sig} \q{Requires padding on SSH-2 RSA signatures}
\cfg{winhelp-topic}{ssh.bugs.rsapad2}
-Versions below 3.3 of OpenSSH require SSH2 RSA signatures to be
+Versions below 3.3 of OpenSSH require SSH-2 RSA signatures to be
padded with zero bytes to the same length as the RSA key modulus.
-The SSH2 draft specification says that an unpadded signature MUST be
+The SSH-2 draft specification says that an unpadded signature MUST be
accepted, so this is a bug. A typical symptom of this problem is
that PuTTY mysteriously fails RSA authentication once in every few
hundred attempts, and falls back to passwords.
servers usually still accept padded signatures because they're used
to talking to OpenSSH.
-This is an SSH2-specific bug.
+This is an SSH-2-specific bug.
\S{config-ssh-bug-pksessid2} \q{Misuses the session ID in PK auth}
\cfg{winhelp-topic}{ssh.bugs.pksessid2}
-Versions below 2.3 of OpenSSH require SSH2 public-key authentication
+Versions below 2.3 of OpenSSH require SSH-2 public-key authentication
to be done slightly differently: the data to be signed by the client
contains the session ID formatted in a different way. If public-key
authentication mysteriously does not work but the Event Log (see
If this bug is detected, PuTTY will sign data in the way OpenSSH
expects. If this bug is enabled when talking to a correct server,
-SSH2 public-key authentication will fail.
+SSH-2 public-key authentication will fail.
-This is an SSH2-specific bug.
+This is an SSH-2-specific bug.
\S{config-ssh-bug-rekey} \q{Handles key re-exchange badly}
the session should still function, but may be less secure than you
would expect.
-This is an SSH2-specific bug.
+This is an SSH-2-specific bug.
\H{config-file} Storing configuration in a file
If you see this message and you know that your installation of PuTTY
\e{has} connected to the same server before, it may have been
recently upgraded to SSH protocol version 2. SSH protocols 1 and 2
-use separate host keys, so when you first use SSH 2 with a server
-you have only used SSH 1 with before, you will see this message
+use separate host keys, so when you first use SSH-2 with a server
+you have only used SSH-1 with before, you will see this message
again. You should verify the correctness of the key as before.
See \k{gs-hostkey} for more information on host keys.
terminate immediately after giving this error.
However, this error can also occur when memory is not running out at
-all, because PuTTY receives data in the wrong format. In SSH 2 and
+all, because PuTTY receives data in the wrong format. In SSH-2 and
also in SFTP, the server sends the length of each message before the
message itself; so PuTTY will receive the length, try to allocate
space for the message, and then receive the rest of the message. If
ridiculous amount of memory, and will terminate with an \q{Out of
memory} error.
-This can happen in SSH 2, if PuTTY and the server have not enabled
+This can happen in SSH-2, if PuTTY and the server have not enabled
encryption in the same way (see \k{faq-outofmem} in the FAQ). Some
versions of OpenSSH have a known problem with this: see
\k{faq-openssh-bad-openssl}.
in the server, or in between.
If you get this error, one thing you could try would be to fiddle
-with the setting of \q{Miscomputes SSH2 encryption keys} on the Bugs
+with the setting of \q{Miscomputes SSH-2 encryption keys} on the Bugs
panel (see \k{config-ssh-bug-derivekey2}).
Another known server problem which can cause this error is described
and not in the \q{Recently fixed} section, it probably \e{hasn't} been
implemented.
-\S{faq-ssh2}{Question} Does PuTTY support SSH v2?
+\S{faq-ssh2}{Question} Does PuTTY support SSH-2?
-Yes. SSH v2 support has been available in PuTTY since version 0.50.
+Yes. SSH-2 support has been available in PuTTY since version 0.50.
-Public key authentication (both RSA and DSA) in SSH v2 is new in
+Public key authentication (both RSA and DSA) in SSH-2 is new in
version 0.52.
\S{faq-ssh2-keyfmt}{Question} Does PuTTY support reading OpenSSH or
-\cw{ssh.com} SSHv2 private key files?
+\cw{ssh.com} SSH-2 private key files?
PuTTY doesn't support this natively, but as of 0.53
PuTTYgen can convert both OpenSSH and \cw{ssh.com} private key
files into PuTTY's format.
-\S{faq-ssh1}{Question} Does PuTTY support SSH v1?
+\S{faq-ssh1}{Question} Does PuTTY support SSH-1?
-Yes. SSH 1 support has always been available in PuTTY.
+Yes. SSH-1 support has always been available in PuTTY.
\S{faq-localecho}{Question} Does PuTTY support local echo?
received on packet}?
One possible cause of this that used to be common is a bug in old
-SSH 2 servers distributed by \cw{ssh.com}. (This is not the only
+SSH-2 servers distributed by \cw{ssh.com}. (This is not the only
possible cause; see \k{errors-crc} in the documentation.)
-Version 2.3.0 and below of their SSH 2 server
+Version 2.3.0 and below of their SSH-2 server
constructs Message Authentication Codes in the wrong way, and
expects the client to construct them in the same wrong way. PuTTY
constructs the MACs correctly by default, and hence these old
If you are using PuTTY version 0.51 or below, you can enable the
workaround by going to the SSH panel and ticking the box labelled
-\q{Imitate SSH 2 MAC bug}. It's possible that you might have to do
+\q{Imitate SSH-2 MAC bug}. It's possible that you might have to do
this with 0.52 as well, if a buggy server exists that PuTTY doesn't
know about.
\c http://www.microsoft.com/windows95/downloads/contents/
\c wuadmintools/s_wunetworkingtools/w95sockets2/
-\S{faq-outofmem}{Question} After trying to establish an SSH 2
+\S{faq-outofmem}{Question} After trying to establish an SSH-2
connection, PuTTY says \q{Out of memory} and dies.
If this happens just while the connection is starting up, this often
\e{OpenSSH 3.1p1:} configurations known to be broken (and symptoms):
-\b SSH 2 with AES cipher (PuTTY says "Assertion failed! Expression:
+\b SSH-2 with AES cipher (PuTTY says "Assertion failed! Expression:
(len & 15) == 0" in sshaes.c, or "Out of memory", or crashes)
-\b SSH 2 with 3DES (PuTTY says "Incorrect MAC received on packet")
+\b SSH-2 with 3DES (PuTTY says "Incorrect MAC received on packet")
-\b SSH 1 with Blowfish (PuTTY says "Incorrect CRC received on
+\b SSH-1 with Blowfish (PuTTY says "Incorrect CRC received on
packet")
-\b SSH 1 with 3DES
+\b SSH-1 with 3DES
-\e{OpenSSH 3.4p1:} as of 3.4p1, only the problem with SSH 1 and
+\e{OpenSSH 3.4p1:} as of 3.4p1, only the problem with SSH-1 and
Blowfish remains. Rebuild your server, apply the patch linked to from
bug 138 above, or use another cipher (e.g., 3DES) instead.
key from ..."? Why can PuTTYgen load my key but not PuTTY?
It's likely that you've generated an SSH protocol 2 key with PuTTYgen,
-but you're trying to use it in an SSH 1 connection. SSH1 and SSH2 keys
+but you're trying to use it in an SSH-1 connection. SSH-1 and SSH-2 keys
have different formats, and (at least in 0.52) PuTTY's reporting of a
key in the wrong format isn't optimal.
-To connect using SSH 2 to a server that supports both versions, you
+To connect using SSH-2 to a server that supports both versions, you
need to change the configuration from the default (see \k{faq-ssh2}).
\S{faq-rh8-utf8}{Question} When I'm connected to a Red Hat Linux 8.0
No, it isn't. PuTTY is almost completely composed of code written
from scratch for PuTTY. The only code we share with OpenSSH is the
-detector for SSH1 CRC compensation attacks, written by CORE SDI S.A.
+detector for SSH-1 CRC compensation attacks, written by CORE SDI S.A.
\S{faq-sillyputty}{Question} Where can I buy silly putty?
\dt \e{keyfile}
\dd Specify a private key file to be loaded. This private key file can
-be in the (de facto standard) SSH1 key format, or in PuTTY's SSH2
-key format, or in either of the SSH2 private key formats used by
+be in the (de facto standard) SSH-1 key format, or in PuTTY's SSH-2
+key format, or in either of the SSH-2 private key formats used by
OpenSSH and ssh.com's implementation.
\dt \cw{\-t} \e{keytype}
\dd Specify a type of key to generate. The acceptable values here are
-\c{rsa} and \c{dsa} (to generate SSH2 keys), and \c{rsa1} (to
-generate SSH1 keys).
+\c{rsa} and \c{dsa} (to generate SSH-2 keys), and \c{rsa1} (to
+generate SSH-1 keys).
\dt \cw{\-b} \e{bits}
\dt \cw{private}
\dd Save the private key in a format usable by PuTTY. This will either
-be the standard SSH1 key format, or PuTTY's own SSH2 key format.
+be the standard SSH-1 key format, or PuTTY's own SSH-2 key format.
\dt \cw{public}
-\dd Save the public key only. For SSH1 keys, the standard public key
-format will be used (\q{\cw{1024 37 5698745}...}). For SSH2 keys, the
+\dd Save the public key only. For SSH-1 keys, the standard public key
+format will be used (\q{\cw{1024 37 5698745}...}). For SSH-2 keys, the
public key will be output in the format specified in the IETF
drafts, which is a multi-line text file beginning with the line
\q{\cw{---- BEGIN SSH2 PUBLIC KEY ----}}.
\dt \cw{public-openssh}
-\dd Save the public key only, in a format usable by OpenSSH. For SSH1
+\dd Save the public key only, in a format usable by OpenSSH. For SSH-1
keys, this output format behaves identically to \c{public}. For
-SSH2 keys, the public key will be output in the OpenSSH format,
+SSH-2 keys, the public key will be output in the OpenSSH format,
which is a single line (\q{\cw{ssh-rsa AAAAB3NzaC1yc2}...}).
\dt \cw{fingerprint}
\dt \cw{private-openssh}
-\dd Save an SSH2 private key in OpenSSH's format. This option is not
-permitted for SSH1 keys.
+\dd Save an SSH-2 private key in OpenSSH's format. This option is not
+permitted for SSH-1 keys.
\dt \cw{private-sshcom}
-\dd Save an SSH2 private key in ssh.com's format. This option is not
-permitted for SSH1 keys.
+\dd Save an SSH-2 private key in ssh.com's format. This option is not
+permitted for SSH-1 keys.
If no output type is specified, the default is \c{private}.
\S{puttygen-manpage-examples} EXAMPLES
-To generate an SSH2 RSA key pair and save it in PuTTY's own format
+To generate an SSH-2 RSA key pair and save it in PuTTY's own format
(you will be prompted for the passphrase):
\c puttygen -t rsa -C "my home key" -o mykey.ppk
\dt \cw{\-A}, \cw{\-a}
\dd Enable (\cw{\-A}) or disable (\cw{\-a}) SSH agent forwarding.
-Currently this only works with OpenSSH and SSH1.
+Currently this only works with OpenSSH and SSH-1.
\dt \cw{\-X}, \cw{\-x}
\dt \cw{\-i} \e{keyfile}
-\dd Specify a private key file to use for authentication. For SSH2
+\dd Specify a private key file to use for authentication. For SSH-2
keys, this key file must be in PuTTY's format, not OpenSSH's or
anyone else's.
For each key, the list box will tell you:
\b The type of the key. Currently, this can be \c{ssh1} (an RSA key
-for use with the SSH v1 protocol), \c{ssh-rsa} (an RSA key for use
-with the SSH v2 protocol), or \c{ssh-dss} (a DSA key for use with
-the SSH v2 protocol).
+for use with the SSH-1 protocol), \c{ssh-rsa} (an RSA key for use
+with the SSH-2 protocol), or \c{ssh-dss} (a DSA key for use with
+the SSH-2 protocol).
\b The size (in bits) of the key.
Agent forwarding is a mechanism that allows applications on your SSH
server machine to talk to the agent on your client machine.
-Note that at present, agent forwarding in SSH2 is only available
+Note that at present, agent forwarding in SSH-2 is only available
when your SSH server is OpenSSH. The \cw{ssh.com} server uses a
different agent protocol, which PuTTY does not yet support.
\i{PSCP}, the PuTTY Secure Copy client, is a tool for transferring files
securely between computers using an SSH connection.
-If you have an SSH 2 server, you might prefer PSFTP (see \k{psftp})
-for interactive use. PSFTP does not in general work with SSH 1
+If you have an SSH-2 server, you might prefer PSFTP (see \k{psftp})
+for interactive use. PSFTP does not in general work with SSH-1
servers, however.
\H{pscp-starting} Starting PSCP
files) you may see a warning saying something like \q{warning:
remote host tried to write to a file called \cq{terminal.c} when we
requested a file called \cq{*.c}. If this is a wildcard, consider
-upgrading to SSH 2 or using the \cq{-unsafe} option. Renaming of
+upgrading to SSH-2 or using the \cq{-unsafe} option. Renaming of
this file has been disallowed}.
This is due to a fundamental insecurity in the old-style SCP
cannot reliably verify that the filenames sent back match the
pattern.
-PSCP will attempt to use the newer SFTP protocol (part of SSH 2)
+PSCP will attempt to use the newer SFTP protocol (part of SSH-2)
where possible, which does not suffer from this security flaw. If
-you are talking to an SSH 2 server which supports SFTP, you will
+you are talking to an SSH-2 server which supports SFTP, you will
never see this warning. (You can force use of the SFTP protocol,
if available, with \c{-sftp} - see \k{pscp-usage-options-backend}.)
-If you really need to use a server-side wildcard with an SSH 1
+If you really need to use a server-side wildcard with an SSH-1
server, you can use the \c{-unsafe} command line option with PSCP:
\c pscp -unsafe fred@example.com:source/*.c c:\source
quoting (for instance, where filenames contain spaces), and also the
security issue described in \k{pscp-usage-basics}.
-The newer SFTP protocol, which is usually associated with SSH 2
+The newer SFTP protocol, which is usually associated with SSH-2
servers, is specified in a more platform independent way, and leaves
issues such as wildcard syntax up to the client. (PuTTY's SFTP
wildcard syntax is described in \k{psftp-wildcards}.) This makes it
The \c{-sftp} option forces PSCP to use the SFTP protocol or quit.
When this option is specified, PSCP looks harder for an SFTP server,
-which may allow use of SFTP with SSH 1 depending on server setup.
+which may allow use of SFTP with SSH-1 depending on server setup.
\S{pscp-retval} Return value
PSFTP differs from PSCP in the following ways:
\b PSCP should work on virtually every SSH server. PSFTP uses the
-new SFTP protocol, which is a feature of SSH 2 only. (PSCP will also
-use this protocol if it can, but there is an SSH 1 equivalent it can
+new SFTP protocol, which is a feature of SSH-2 only. (PSCP will also
+use this protocol if it can, but there is an SSH-1 equivalent it can
fall back to if it cannot.)
\b PSFTP allows you to run an interactive file transfer session,
which type of key you need. PuTTYgen currently supports three types
of key:
-\b An RSA key for use with the SSH 1 protocol.
+\b An RSA key for use with the SSH-1 protocol.
-\b An RSA key for use with the SSH 2 protocol.
+\b An RSA key for use with the SSH-2 protocol.
-\b A DSA key for use with the SSH 2 protocol.
+\b A DSA key for use with the SSH-2 protocol.
-The SSH 1 protocol only supports RSA keys; if you will be connecting
-using the SSH 1 protocol, you must select the first key type or your
+The SSH-1 protocol only supports RSA keys; if you will be connecting
+using the SSH-1 protocol, you must select the first key type or your
key will be completely useless.
-The SSH 2 protocol supports more than one key type. The two types
+The SSH-2 protocol supports more than one key type. The two types
supported by PuTTY are RSA and DSA.
The PuTTY developers \e{strongly} recommend you use RSA. DSA has an
\cfg{winhelp-topic}{puttygen.savepub}
-The SSH 2 protocol drafts specify a standard format for storing
+The SSH-2 protocol drafts specify a standard format for storing
public keys on disk. Some SSH servers (such as \cw{ssh.com}'s)
require a public key in this format in order to accept
authentication with the corresponding private key. (Others, such as
OpenSSH, use a different format; see \k{puttygen-pastekey}.)
-To save your public key in the SSH 2 standard format, press the
+To save your public key in the SSH-2 standard format, press the
\q{Save public key} button in PuTTYgen. PuTTYgen will put up a
dialog box asking you where to save the file. Select a directory,
type in a file name, and press \q{Save}.
on configuring public-key authentication once you have generated a
key.
-If you use this option with an SSH 1 key, the file PuTTYgen saves
+If you use this option with an SSH-1 key, the file PuTTYgen saves
will contain exactly the same text that appears in the \q{Public key
-for pasting} box. This is the only existing standard for SSH 1
+for pasting} box. This is the only existing standard for SSH-1
public keys.
\S{puttygen-pastekey} \q{Public key for pasting into authorized_keys
\cfg{winhelp-topic}{puttygen.pastekey}
-All SSH 1 servers require your public key to be given to it in a
+All SSH-1 servers require your public key to be given to it in a
one-line format before it will accept authentication with your
-private key. The OpenSSH server also requires this for SSH 2.
+private key. The OpenSSH server also requires this for SSH-2.
The \q{Public key for pasting into authorized_keys file} gives the
public-key data in the correct one-line format. Typically you will
\cfg{winhelp-topic}{puttygen.conversions}
-Most SSH1 clients use a standard format for storing private keys on
+Most SSH-1 clients use a standard format for storing private keys on
disk. PuTTY uses this format as well; so if you have generated an
-SSH1 private key using OpenSSH or \cw{ssh.com}'s client, you can use
+SSH-1 private key using OpenSSH or \cw{ssh.com}'s client, you can use
it with PuTTY, and vice versa.
-However, SSH2 private keys have no standard format. OpenSSH and
+However, SSH-2 private keys have no standard format. OpenSSH and
\cw{ssh.com} have different formats, and PuTTY's is different again.
So a key generated with one client cannot immediately be used with
another.
Using the \q{Import} command from the \q{Conversions} menu, PuTTYgen
-can load SSH2 private keys in OpenSSH's format and \cw{ssh.com}'s
+can load SSH-2 private keys in OpenSSH's format and \cw{ssh.com}'s
format. Once you have loaded one of these key types, you can then
save it back out as a PuTTY-format key (\c{*.PPK}) so that you can use
it with the PuTTY suite. The passphrase will be unchanged by this
process (unless you deliberately change it). You may want to change
-the key comment before you save the key, since OpenSSH's SSH2 key
+the key comment before you save the key, since OpenSSH's SSH-2 key
format contains no space for a comment and \cw{ssh.com}'s default
comment format is long and verbose.
passphrase in beforehand, and you will be warned if you are about to
save a key without a passphrase.
-Note that since only SSH2 keys come in different formats, the export
-options are not available if you have generated an SSH1 key.
+Note that since only SSH-2 keys come in different formats, the export
+options are not available if you have generated an SSH-1 key.
\H{pubkey-gettingready} Getting ready for public key authentication
password to login. Once logged in, you must configure the server to
accept your public key for authentication:
-\b If your server is using the SSH 1 protocol, you should change
+\b If your server is using the SSH-1 protocol, you should change
into the \c{.ssh} directory and open the file \c{authorized_keys}
with your favourite editor. (You may have to create this file if
this is the first key you have put in it). Then switch to the
PuTTY window and insert the data into the open file, making sure it
ends up all on one line. Save the file.
-\b If your server is OpenSSH and is using the SSH 2 protocol, you
+\b If your server is OpenSSH and is using the SSH-2 protocol, you
should follow the same instructions, except that in earlier versions
of OpenSSH 2 the file might be called \c{authorized_keys2}. (In
modern versions the same \c{authorized_keys} file is used for both
-SSH 1 and SSH 2 keys.)
+SSH-1 and SSH-2 keys.)
\b If your server is \cw{ssh.com}'s SSH 2 product, you need to save
a \e{public} key file from PuTTYgen (see \k{puttygen-savepub}), and
\b The \q{Remote ports do the same} option does the same thing for
remote-to-local port forwardings (so that machines other than the
SSH server machine can connect to the forwarded port.) Note that
-this feature is only available in the SSH 2 protocol, and not all
-SSH 2 servers honour it (in OpenSSH, for example, it's usually
+this feature is only available in the SSH-2 protocol, and not all
+SSH-2 servers honour it (in OpenSSH, for example, it's usually
disabled by default).
You can also specify an \i{IP address} to listen on. Typically a
should be able to run commands such as \c{finger fred@127.0.0.5}.
This can be useful if the program connecting to the forwarded port
doesn't allow you to change the port number it uses. This feature is
-available for local-to-remote forwarded ports; SSH1 is unable to
-support it for remote-to-local ports, while SSH2 can support it in
+available for local-to-remote forwarded ports; SSH-1 is unable to
+support it for remote-to-local ports, while SSH-2 can support it in
theory but servers will not necessarily cooperate.
(Note that if you're using Windows XP Service Pack 2, you may need
\S2{using-cmdline-sshprot} \i\c{-1} and \i\c{-2}: specify an \i{SSH
protocol version}
-The \c{-1} and \c{-2} options force PuTTY to use version \I{SSH1}1
-or version \I{SSH2}2 of the SSH protocol. These options are only
+The \c{-1} and \c{-2} options force PuTTY to use version \I{SSH-1}1
+or version \I{SSH-2}2 of the SSH protocol. These options are only
meaningful if you are using SSH.
These options are equivalent to selecting your preferred SSH
int import_target_type(int type)
{
/*
- * There are no known foreign SSH1 key formats.
+ * There are no known foreign SSH-1 key formats.
*/
return SSH_KEYTYPE_SSH2;
}
}
/*
- * Import an SSH1 key.
+ * Import an SSH-1 key.
*/
int import_ssh1(const Filename *filename, int type,
struct RSAKey *key, char *passphrase, const char **errmsg_p)
}
/*
- * Import an SSH2 key.
+ * Import an SSH-2 key.
*/
struct ssh2_userkey *import_ssh2(const Filename *filename, int type,
char *passphrase, const char **errmsg_p)
}
/*
- * Export an SSH1 key.
+ * Export an SSH-1 key.
*/
int export_ssh1(const Filename *filename, int type, struct RSAKey *key,
char *passphrase)
}
/*
- * Export an SSH2 key.
+ * Export an SSH-2 key.
*/
int export_ssh2(const Filename *filename, int type,
struct ssh2_userkey *key, char *passphrase)
*/
/*
- * The format of the base64 blob is largely ssh2-packet-formatted,
+ * The format of the base64 blob is largely SSH-2-packet-formatted,
* except that mpints are a bit different: they're more like the
- * old ssh1 mpint. You have a 32-bit bit count N, followed by
+ * old SSH-1 mpint. You have a 32-bit bit count N, followed by
* (N+7)/8 bytes of data.
*
* So. The blob contains:
* - string encrypted-blob
*
* (The first size field includes the size field itself and the
- * magic number before it. All other size fields are ordinary ssh2
+ * magic number before it. All other size fields are ordinary SSH-2
* strings, so the size field indicates how much data is to
* _follow_.)
*
* `dl-modp{sign{dsa' prefixes.
*
* Finally, the encryption. The cipher-type string appears to be
- * either `none' or `3des-cbc'. Looks as if this is SSH2-style
+ * either `none' or `3des-cbc'. Looks as if this is SSH-2-style
* 3des-cbc (i.e. outer cbc rather than inner). The key is created
* from the passphrase by means of yet another hashing faff:
*
tell_user(stderr, " when we requested a file "
"called '%s'.", stripsrc);
tell_user(stderr, " If this is a wildcard, "
- "consider upgrading to SSH 2 or using");
+ "consider upgrading to SSH-2 or using");
tell_user(stderr, " the '-unsafe' option. Renaming"
" of this file has been disallowed.");
/* Override the name the server provided with our own. */
cfg.nopty = TRUE;
/*
- * Set up fallback option, for SSH1 servers or servers with the
+ * Set up fallback option, for SSH-1 servers or servers with the
* sftp subsystem not enabled but the server binary installed
* in the usual place. We only support fallback on Unix
* systems, and we use a kludgy piece of shellery which should
enum {
/*
- * SSH ciphers (both SSH1 and SSH2)
+ * SSH ciphers (both SSH-1 and SSH-2)
*/
CIPHER_WARN, /* pseudo 'cipher' */
CIPHER_3DES,
CIPHER_BLOWFISH,
- CIPHER_AES, /* (SSH 2 only) */
+ CIPHER_AES, /* (SSH-2 only) */
CIPHER_DES,
CIPHER_MAX /* no. ciphers (inc warn) */
};
int ssh_rekey_time; /* in minutes */
char ssh_rekey_data[16];
int agentfwd;
- int change_username; /* allow username switching in SSH2 */
+ int change_username; /* allow username switching in SSH-2 */
int ssh_cipherlist[CIPHER_MAX];
Filename keyfile;
int sshprot; /* use v1 or v2 when both available */
- int ssh2_des_cbc; /* "des-cbc" nonstandard SSH2 cipher */
+ int ssh2_des_cbc; /* "des-cbc" unrecommended SSH-2 cipher */
int try_tis_auth;
int try_ki_auth;
int ssh_subsys; /* run a subsystem rather than a command */
int x11_auth;
/* port forwarding */
int lport_acceptall; /* accept conns from hosts other than localhost */
- int rport_acceptall; /* same for remote forwarded ports (SSH2 only) */
+ int rport_acceptall; /* same for remote forwarded ports (SSH-2 only) */
/*
* The port forwarding string contains a number of
* NUL-terminated substrings, terminated in turn by an empty
*
* - SSH1_BUFFER_LIMIT is the amount of backlog that must build up
* on a local data stream before we throttle the whole SSH
- * connection (in SSH1 only). Throttling the whole connection is
+ * connection (in SSH-1 only). Throttling the whole connection is
* pretty drastic so we set this high in the hope it won't
* happen very often.
*
* - SSH_MAX_BACKLOG is the amount of backlog that must build up
* on the SSH connection itself before we defensively throttle
* _all_ local data streams. This is pretty drastic too (though
- * thankfully unlikely in SSH2 since the window mechanism should
+ * thankfully unlikely in SSH-2 since the window mechanism should
* ensure that the server never has any need to throttle its end
* of the connection), so we set this high as well.
*
- * - OUR_V2_WINSIZE is the maximum window size we present on SSH2
+ * - OUR_V2_WINSIZE is the maximum window size we present on SSH-2
* channels.
*/
/* True if we opened this channel but server hasn't confirmed. */
int halfopen;
/*
- * In SSH1, this value contains four bits:
+ * In SSH-1, this value contains four bits:
*
* 1 We have sent SSH1_MSG_CHANNEL_CLOSE.
* 2 We have sent SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION.
};
/*
- * 2-3-4 tree storing remote->local port forwardings. SSH 1 and SSH
- * 2 use this structure in different ways, reflecting SSH 2's
+ * 2-3-4 tree storing remote->local port forwardings. SSH-1 and SSH-2
+ * use this structure in different ways, reflecting SSH-2's
* altogether saner approach to port forwarding.
*
- * In SSH 1, you arrange a remote forwarding by sending the server
+ * In SSH-1, you arrange a remote forwarding by sending the server
* the remote port number, and the local destination host:port.
* When a connection comes in, the server sends you back that
* host:port pair, and you connect to it. This is a ready-made
* host:port pairs we _are_ trying to forward to, and reject a
* connection request from the server if it's not in the list.
*
- * In SSH 2, each side of the connection minds its own business and
+ * In SSH-2, each side of the connection minds its own business and
* doesn't send unnecessary information to the other. You arrange a
* remote forwarding by sending the server just the remote port
* number. When a connection comes in, the server tells you which
* of its ports was connected to; and _you_ have to remember what
* local host:port pair went with that port number.
*
- * Hence, in SSH 1 this structure is indexed by destination
- * host:port pair, whereas in SSH 2 it is indexed by source port.
+ * Hence, in SSH-1 this structure is indexed by destination
+ * host:port pair, whereas in SSH-2 it is indexed by source port.
*/
struct ssh_portfwd; /* forward declaration */
unsigned char *body;
long savedpos;
long maxlen;
- long encrypted_len; /* for SSH2 total-size counting */
+ long encrypted_len; /* for SSH-2 total-size counting */
/*
* State associated with packet logging
struct rdpkt1_state_tag rdpkt1_state;
struct rdpkt2_state_tag rdpkt2_state;
- /* ssh1 and ssh2 use this for different things, but both use it */
+ /* SSH-1 and SSH-2 use this for different things, but both use it */
int protocol_initial_phase_done;
void (*protocol) (Ssh ssh, void *vin, int inlen,
}
/*
- * SSH2 packet construction functions.
+ * SSH-2 packet construction functions.
*/
static void ssh2_pkt_ensure(struct Packet *pkt, int length)
{
}
/*
- * Construct an SSH2 final-form packet: compress it, encrypt it,
+ * Construct an SSH-2 final-form packet: compress it, encrypt it,
* put the MAC on it. Final packet, ready to be sent, is stored in
* pkt->data. Total length is returned.
*/
*/
/*
- * Send an SSH2 packet immediately, without queuing or deferring.
+ * Send an SSH-2 packet immediately, without queuing or deferring.
*/
static void ssh2_pkt_send_noqueue(Ssh ssh, struct Packet *pkt)
{
}
/*
- * Defer an SSH2 packet.
+ * Defer an SSH-2 packet.
*/
static void ssh2_pkt_defer_noqueue(Ssh ssh, struct Packet *pkt)
{
}
/*
- * Queue an SSH2 packet.
+ * Queue an SSH-2 packet.
*/
static void ssh2_pkt_queue(Ssh ssh, struct Packet *pkt)
{
/*
* Send the whole deferred data block constructed by
- * ssh2_pkt_defer() or SSH1's defer_packet().
+ * ssh2_pkt_defer() or SSH-1's defer_packet().
*
* The expected use of the defer mechanism is that you call
* ssh2_pkt_defer() a few times, then call ssh_pkt_defersend(). If
}
/*
- * Send all queued SSH2 packets. We send them by means of
+ * Send all queued SSH-2 packets. We send them by means of
* ssh2_pkt_defer_noqueue(), in case they included a pair of
* packets that needed to be lumped together.
*/
}
/*
- * Packet decode functions for both SSH1 and SSH2.
+ * Packet decode functions for both SSH-1 and SSH-2.
*/
static unsigned long ssh_pkt_getuint32(struct Packet *pkt)
{
}
/*
- * Helper function to add an SSH2 signature blob to a packet.
+ * Helper function to add an SSH-2 signature blob to a packet.
* Expects to be shown the public key blob as well as the signature
* blob. Normally works just like ssh2_pkt_addstring, but will
* fiddle with the signature packet if necessary for
* sniffing.
*/
ssh->remote_bugs |= BUG_CHOKES_ON_SSH1_IGNORE;
- logevent("We believe remote version has SSH1 ignore bug");
+ logevent("We believe remote version has SSH-1 ignore bug");
}
if (ssh->cfg.sshbug_plainpw1 == FORCE_ON ||
* the password.
*/
ssh->remote_bugs |= BUG_NEEDS_SSH1_PLAIN_PASSWORD;
- logevent("We believe remote version needs a plain SSH1 password");
+ logevent("We believe remote version needs a plain SSH-1 password");
}
if (ssh->cfg.sshbug_rsa1 == FORCE_ON ||
* These versions have the HMAC bug.
*/
ssh->remote_bugs |= BUG_SSH2_HMAC;
- logevent("We believe remote version has SSH2 HMAC bug");
+ logevent("We believe remote version has SSH-2 HMAC bug");
}
if (ssh->cfg.sshbug_derivekey2 == FORCE_ON ||
* generate the keys).
*/
ssh->remote_bugs |= BUG_SSH2_DERIVEKEY;
- logevent("We believe remote version has SSH2 key-derivation bug");
+ logevent("We believe remote version has SSH-2 key-derivation bug");
}
if (ssh->cfg.sshbug_rsapad2 == FORCE_ON ||
(wc_match("OpenSSH_2.[5-9]*", imp) ||
wc_match("OpenSSH_3.[0-2]*", imp)))) {
/*
- * These versions have the SSH2 RSA padding bug.
+ * These versions have the SSH-2 RSA padding bug.
*/
ssh->remote_bugs |= BUG_SSH2_RSA_PADDING;
- logevent("We believe remote version has SSH2 RSA padding bug");
+ logevent("We believe remote version has SSH-2 RSA padding bug");
}
if (ssh->cfg.sshbug_pksessid2 == FORCE_ON ||
(ssh->cfg.sshbug_pksessid2 == AUTO &&
wc_match("OpenSSH_2.[0-2]*", imp))) {
/*
- * These versions have the SSH2 session-ID bug in
+ * These versions have the SSH-2 session-ID bug in
* public-key authentication.
*/
ssh->remote_bugs |= BUG_SSH2_PK_SESSIONID;
- logevent("We believe remote version has SSH2 public-key-session-ID bug");
+ logevent("We believe remote version has SSH-2 public-key-session-ID bug");
}
if (ssh->cfg.sshbug_rekey2 == FORCE_ON ||
wc_match("Sun_SSH_1.0", imp) ||
wc_match("Sun_SSH_1.0.1", imp)))) {
/*
- * These versions have the SSH2 rekey bug.
+ * These versions have the SSH-2 rekey bug.
*/
ssh->remote_bugs |= BUG_SSH2_REKEY;
- logevent("We believe remote version has SSH2 rekey bug");
+ logevent("We believe remote version has SSH-2 rekey bug");
}
}
strcspn(s->vstring, "\015\012"));
/*
- * Initialise SSHv2 protocol.
+ * Initialise SSH-2 protocol.
*/
ssh->protocol = ssh2_protocol;
ssh2_protocol_setup(ssh);
ssh->s_rdpkt = ssh2_rdpkt;
} else {
/*
- * Initialise SSHv1 protocol.
+ * Initialise SSH-1 protocol.
*/
ssh->protocol = ssh1_protocol;
ssh1_protocol_setup(ssh);
/*
* Username and password input, abstracted off into routines
- * reusable in several places - even between SSH1 and SSH2.
+ * reusable in several places - even between SSH-1 and SSH-2.
*/
/* Set up a username or password input loop on a given buffer. */
ptr = ssh_pkt_getdata(pktin, 8);
if (!ptr) {
- bombout(("SSH1 public key packet stopped before random cookie"));
+ bombout(("SSH-1 public key packet stopped before random cookie"));
crStop(0);
}
memcpy(cookie, ptr, 8);
if (!ssh1_pkt_getrsakey(pktin, &servkey, &s->keystr1) ||
!ssh1_pkt_getrsakey(pktin, &hostkey, &s->keystr2)) {
- bombout(("Failed to read SSH1 public keys from public key packet"));
+ bombout(("Failed to read SSH-1 public keys from public key packet"));
crStop(0);
}
*/
if (hostkey.bits > hostkey.bytes * 8 ||
servkey.bits > servkey.bytes * 8) {
- bombout(("SSH1 public keys were badly formatted"));
+ bombout(("SSH-1 public keys were badly formatted"));
crStop(0);
}
ret = rsaencrypt(s->rsabuf, hostkey.bytes, &servkey);
}
if (!ret) {
- bombout(("SSH1 public key encryptions failed due to bad formatting"));
+ bombout(("SSH-1 public key encryptions failed due to bad formatting"));
crStop(0);
}
warn = 1;
} else if (next_cipher == CIPHER_AES) {
/* XXX Probably don't need to mention this. */
- logevent("AES not supported in SSH1, skipping");
+ logevent("AES not supported in SSH-1, skipping");
} else {
switch (next_cipher) {
case CIPHER_3DES: s->cipher_type = SSH_CIPHER_3DES;
}
if (!cipher_chosen) {
if ((s->supported_ciphers_mask & (1 << SSH_CIPHER_3DES)) == 0)
- bombout(("Server violates SSH 1 protocol by not "
+ bombout(("Server violates SSH-1 protocol by not "
"supporting 3DES encryption"));
else
/* shouldn't happen */
s->p = s->response + 5;
s->nkeys = GET_32BIT(s->p);
s->p += 4;
- logeventf(ssh, "Pageant has %d SSH1 keys", s->nkeys);
+ logeventf(ssh, "Pageant has %d SSH-1 keys", s->nkeys);
for (s->keyi = 0; s->keyi < s->nkeys; s->keyi++) {
logeventf(ssh, "Trying Pageant key #%d", s->keyi);
if (s->publickey_blob &&
PKT_INT, len, PKT_DATA, buf, len,
PKTT_OTHER, PKT_END);
/*
- * In SSH1 we can return 0 here - implying that forwarded
+ * In SSH-1 we can return 0 here - implying that forwarded
* connections are never individually throttled - because
* the only circumstance that can cause throttling will be
* the whole SSH connection backing up, in which case
portfwd_strptr++;
sports[n] = '\0';
if (ssh->version == 1 && type == 'R') {
- logeventf(ssh, "SSH1 cannot handle remote source address "
+ logeventf(ssh, "SSH-1 cannot handle remote source address "
"spec \"%s\"; ignoring", sports);
} else
strcpy(saddr, sports);
if (ssh->version == 1) {
/*
* We cannot cancel listening ports on the
- * server side in SSH1! There's no message
+ * server side in SSH-1! There's no message
* to support it. Instead, we simply remove
* the rportfwd record from the local end
* so that any connections the server tries
/*
* Start the shell or command.
*
- * Special case: if the first-choice command is an SSH2
+ * Special case: if the first-choice command is an SSH-2
* subsystem (hence not usable here) and the second choice
* exists, we fall straight back to that.
*/
}
/*
- * Handle the top-level SSH2 protocol.
+ * Handle the top-level SSH-2 protocol.
*/
static void ssh1_msg_debug(Ssh ssh, struct Packet *pktin)
{
/*
- * SSH2 key creation method.
+ * SSH-2 key creation method.
*/
static void ssh2_mkkey(Ssh ssh, Bignum K, unsigned char *H,
unsigned char *sessid, char chr,
}
/*
- * Handle the SSH2 transport layer.
+ * Handle the SSH-2 transport layer.
*/
static int do_ssh2_transport(Ssh ssh, void *vin, int inlen,
struct Packet *pktin)
}
/*
- * Add data to an SSH2 channel output buffer.
+ * Add data to an SSH-2 channel output buffer.
*/
static void ssh2_add_channel_data(struct ssh_channel *c, char *buf,
int len)
}
/*
- * Attempt to send data on an SSH2 channel.
+ * Attempt to send data on an SSH-2 channel.
*/
static int ssh2_try_send(struct ssh_channel *c)
{
}
/*
- * Potentially enlarge the window on an SSH2 channel.
+ * Potentially enlarge the window on an SSH-2 channel.
*/
static void ssh2_set_window(struct ssh_channel *c, unsigned newwin)
{
/*
* We used to send SSH_MSG_DISCONNECT here,
* because I'd believed that _every_ conforming
- * SSH2 connection had to end with a disconnect
+ * SSH-2 connection had to end with a disconnect
* being sent by at least one side; apparently
* I was wrong and it's perfectly OK to
* unceremoniously slam the connection shut
}
/*
- * Handle the SSH2 userauth and connection layers.
+ * Handle the SSH-2 userauth and connection layers.
*/
static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
struct Packet *pktin)
s->p = s->response + 5;
s->nkeys = GET_32BIT(s->p);
s->p += 4;
- logeventf(ssh, "Pageant has %d SSH2 keys", s->nkeys);
+ logeventf(ssh, "Pageant has %d SSH-2 keys", s->nkeys);
for (s->keyi = 0; s->keyi < s->nkeys; s->keyi++) {
void *vret;
}
/*
- * Handlers for SSH2 messages that might arrive at any moment.
+ * Handlers for SSH-2 messages that might arrive at any moment.
*/
static void ssh2_msg_disconnect(Ssh ssh, struct Packet *pktin)
{
}
/*
- * Handle the top-level SSH2 protocol.
+ * Handle the top-level SSH-2 protocol.
*/
static void ssh2_protocol_setup(Ssh ssh)
{
* These special message types we install handlers for.
*/
ssh->packet_dispatch[SSH2_MSG_DISCONNECT] = ssh2_msg_disconnect;
- ssh->packet_dispatch[SSH2_MSG_IGNORE] = ssh_msg_ignore; /* shared with ssh1 */
+ ssh->packet_dispatch[SSH2_MSG_IGNORE] = ssh_msg_ignore; /* shared with SSH-1 */
ssh->packet_dispatch[SSH2_MSG_DEBUG] = ssh2_msg_debug;
}
if (ssh->state == SSH_STATE_CLOSED
|| ssh->state == SSH_STATE_PREPACKET) return;
if (ssh->version == 1) {
- logevent("Unable to send BREAK signal in SSH1");
+ logevent("Unable to send BREAK signal in SSH-1");
} else if (ssh->mainchan) {
pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
ssh2_pkt_adduint32(pktout, ssh->mainchan->remoteid);
struct ssh_cipher {
void *(*make_context)(void);
void (*free_context)(void *);
- void (*sesskey) (void *, unsigned char *key); /* for ssh 1 */
+ void (*sesskey) (void *, unsigned char *key); /* for SSH-1 */
void (*encrypt) (void *, unsigned char *blk, int len);
void (*decrypt) (void *, unsigned char *blk, int len);
int blksize;
struct ssh2_cipher {
void *(*make_context)(void);
void (*free_context)(void *);
- void (*setiv) (void *, unsigned char *key); /* for ssh 2 */
- void (*setkey) (void *, unsigned char *key);/* for ssh 2 */
+ void (*setiv) (void *, unsigned char *key); /* for SSH-2 */
+ void (*setkey) (void *, unsigned char *key);/* for SSH-2 */
void (*encrypt) (void *, unsigned char *blk, int len);
void (*decrypt) (void *, unsigned char *blk, int len);
char *name;
unsigned char **outblock, int *outlen);
/*
- * SSH1 agent messages.
+ * SSH-1 agent messages.
*/
#define SSH1_AGENTC_REQUEST_RSA_IDENTITIES 1
#define SSH1_AGENT_RSA_IDENTITIES_ANSWER 2
#define SSH1_AGENTC_REMOVE_ALL_RSA_IDENTITIES 9 /* openssh private? */
/*
- * Messages common to SSH1 and OpenSSH's SSH2.
+ * Messages common to SSH-1 and OpenSSH's SSH-2.
*/
#define SSH_AGENT_FAILURE 5
#define SSH_AGENT_SUCCESS 6
/*
- * OpenSSH's SSH2 agent messages.
+ * OpenSSH's SSH-2 agent messages.
*/
#define SSH2_AGENTC_REQUEST_IDENTITIES 11
#define SSH2_AGENT_IDENTITIES_ANSWER 12
#define SSH2_AGENTC_REMOVE_ALL_IDENTITIES 19
/*
- * Need this to warn about support for the original SSH2 keyfile
+ * Need this to warn about support for the original SSH-2 keyfile
* format.
*/
void old_keyfile_warning(void);
static void *blowfish_ssh1_make_context(void)
{
- /* In SSH1, need one key for each direction */
+ /* In SSH-1, need one key for each direction */
return snewn(2, BlowfishContext);
}
}
/*
- * Read an ssh1-format bignum from a data buffer. Return the number
+ * Read an SSH-1-format bignum from a data buffer. Return the number
* of bytes consumed, or -1 if there wasn't enough data.
*/
int ssh1_read_bignum(const unsigned char *data, int len, Bignum * result)
}
/*
- * Return the bit count of a bignum, for ssh1 encoding.
+ * Return the bit count of a bignum, for SSH-1 encoding.
*/
int bignum_bitcount(Bignum bn)
{
}
/*
- * Return the byte length of a bignum when ssh1 encoded.
+ * Return the byte length of a bignum when SSH-1 encoded.
*/
int ssh1_bignum_length(Bignum bn)
{
}
/*
- * Return the byte length of a bignum when ssh2 encoded.
+ * Return the byte length of a bignum when SSH-2 encoded.
*/
int ssh2_bignum_length(Bignum bn)
{
}
/*
- * Write a ssh1-format bignum into a buffer. It is assumed the
+ * Write a SSH-1-format bignum into a buffer. It is assumed the
* buffer is big enough. Returns the number of bytes used.
*/
int ssh1_write_bignum(void *data, Bignum bn)
static void *des3_ssh1_make_context(void)
{
- /* Need 3 keys for each direction, in SSH1 */
+ /* Need 3 keys for each direction, in SSH-1 */
return snewn(6, DESContext);
}
static void *des_ssh1_make_context(void)
{
- /* Need one key for each direction, in SSH1 */
+ /* Need one key for each direction, in SSH-1 */
return snewn(2, DESContext);
}
};
/*
- * Single DES in ssh2. "des-cbc" is marked as HISTORIC in
+ * Single DES in SSH-2. "des-cbc" is marked as HISTORIC in
* draft-ietf-secsh-assignednumbers-04.txt, referring to
* FIPS-46-3. ("Single DES (i.e., DES) will be permitted
* for legacy systems only.") , but ssh.com support it and
/*
* Generic SSH public-key handling operations. In particular,
* reading of SSH public-key files, and also the generic `sign'
- * operation for ssh2 (which checks the type of the key and
+ * operation for SSH-2 (which checks the type of the key and
* dispatches to the appropriate key-type specific function).
*/
|| buf[i + 3] != 0) goto end; /* reserved field nonzero, panic! */
i += 4;
- /* Now the serious stuff. An ordinary SSH 1 public key. */
+ /* Now the serious stuff. An ordinary SSH-1 public key. */
i += makekey(buf + i, len, key, NULL, 1);
if (i < 0)
goto end; /* overran */
p += 4;
/*
- * An ordinary SSH 1 public key consists of: a uint32
+ * An ordinary SSH-1 public key consists of: a uint32
* containing the bit count, then two bignums containing the
* modulus and exponent respectively.
*/
}
/* ----------------------------------------------------------------------
- * SSH2 private key load/store functions.
+ * SSH-2 private key load/store functions.
*/
/*
- * PuTTY's own format for SSH2 keys is as follows:
+ * PuTTY's own format for SSH-2 keys is as follows:
*
* The file is text. Lines are terminated by CRLF, although CR-only
* and LF-only are tolerated on input.
*
* Next there is a line saying "Public-Lines: " plus a number N.
* The following N lines contain a base64 encoding of the public
- * part of the key. This is encoded as the standard SSH2 public key
+ * part of the key. This is encoded as the standard SSH-2 public key
* blob (with no initial length): so for RSA, for example, it will
* read
*
switch (type) {
case SSH_KEYTYPE_UNOPENABLE: return "unable to open file"; break;
case SSH_KEYTYPE_UNKNOWN: return "not a private key"; break;
- case SSH_KEYTYPE_SSH1: return "SSH1 private key"; break;
- case SSH_KEYTYPE_SSH2: return "PuTTY SSH2 private key"; break;
- case SSH_KEYTYPE_OPENSSH: return "OpenSSH SSH2 private key"; break;
- case SSH_KEYTYPE_SSHCOM: return "ssh.com SSH2 private key"; break;
+ case SSH_KEYTYPE_SSH1: return "SSH-1 private key"; break;
+ case SSH_KEYTYPE_SSH2: return "PuTTY SSH-2 private key"; break;
+ case SSH_KEYTYPE_OPENSSH: return "OpenSSH SSH-2 private key"; break;
+ case SSH_KEYTYPE_SSHCOM: return "ssh.com SSH-2 private key"; break;
default: return "INTERNAL ERROR"; break;
}
}
/*
- * SHA1 hash algorithm. Used in SSH2 as a MAC, and the transform is
+ * SHA1 hash algorithm. Used in SSH-2 as a MAC, and the transform is
* also used as a `stirring' function for the PuTTY random number
* pool. Implemented directly from the specification by Simon
* Tatham.
* the remote side needing to wait until term_out() has cleared
* a backlog.
*
- * This is a slightly suboptimal way to deal with SSH2 - in
+ * This is a slightly suboptimal way to deal with SSH-2 - in
* principle, the window mechanism would allow us to continue
* to accept data on forwarded ports and X connections even
* while the terminal processing was going slowly - but we
* can't do the 100% right thing without moving the terminal
* processing into a separate thread, and that might hurt
- * portability. So we manage stdout buffering the old SSH1 way:
+ * portability. So we manage stdout buffering the old SSH-1 way:
* if the terminal processing goes slowly, the whole SSH
* connection stops accepting data until it's ready.
*
void old_keyfile_warning(void)
{
static const char message[] =
- "You are loading an SSH 2 private key which has an\n"
+ "You are loading an SSH-2 private key which has an\n"
"old version of the file format. This means your key\n"
"file is not fully tamperproof. Future versions of\n"
"PuTTY may stop supporting this private key format,\n"
void old_keyfile_warning(void)
{
static const char message[] =
- "You are loading an SSH 2 private key which has an\n"
+ "You are loading an SSH-2 private key which has an\n"
"old version of the file format. This means your key\n"
"file is not fully tamperproof. Future versions of\n"
"PuTTY may stop supporting this private key format,\n"
{
static const char mbtitle[] = "%s Key File Warning";
static const char message[] =
- "You are loading an SSH 2 private key which has an\n"
+ "You are loading an SSH-2 private key which has an\n"
"old version of the file format. This means your key\n"
"file is not fully tamperproof. Future versions of\n"
"%s may stop supporting this private key format,\n"
{
static const char mbtitle[] = "PuTTY Key File Warning";
static const char message[] =
- "You are loading an SSH 2 private key which has an\n"
+ "You are loading an SSH-2 private key which has an\n"
"old version of the file format. This means your key\n"
"file is not fully tamperproof. Future versions of\n"
"PuTTY may stop supporting this private key format,\n"
menu1 = CreateMenu();
AppendMenu(menu1, MF_ENABLED, IDC_GENERATE, "&Generate key pair");
AppendMenu(menu1, MF_SEPARATOR, 0, 0);
- AppendMenu(menu1, MF_ENABLED, IDC_KEYSSH1, "SSH&1 key (RSA)");
- AppendMenu(menu1, MF_ENABLED, IDC_KEYSSH2RSA, "SSH2 &RSA key");
- AppendMenu(menu1, MF_ENABLED, IDC_KEYSSH2DSA, "SSH2 &DSA key");
+ AppendMenu(menu1, MF_ENABLED, IDC_KEYSSH1, "SSH-&1 key (RSA)");
+ AppendMenu(menu1, MF_ENABLED, IDC_KEYSSH2RSA, "SSH-2 &RSA key");
+ AppendMenu(menu1, MF_ENABLED, IDC_KEYSSH2DSA, "SSH-2 &DSA key");
AppendMenu(menu, MF_POPUP | MF_ENABLED, (UINT) menu1, "&Key");
state->keymenu = menu1;
endbox(&cp);
beginbox(&cp, "Parameters", IDC_BOX_PARAMS);
radioline(&cp, "Type of key to generate:", IDC_TYPESTATIC, 3,
- "SSH&1 (RSA)", IDC_KEYSSH1,
- "SSH2 &RSA", IDC_KEYSSH2RSA,
- "SSH2 &DSA", IDC_KEYSSH2DSA, NULL);
+ "SSH-&1 (RSA)", IDC_KEYSSH1,
+ "SSH-2 &RSA", IDC_KEYSSH2RSA,
+ "SSH-2 &DSA", IDC_KEYSSH2DSA, NULL);
staticedit(&cp, "Number of &bits in a generated key:",
IDC_BITSSTATIC, IDC_BITS, 20);
endbox(&cp);
if (type != realtype &&
import_target_type(type) != realtype) {
char msg[256];
- sprintf(msg, "Cannot export an SSH%d key in an SSH%d"
+ sprintf(msg, "Cannot export an SSH-%d key in an SSH-%d"
" format", (state->ssh2 ? 2 : 1),
(state->ssh2 ? 1 : 2));
MessageBox(hwnd, msg,
}
/*
- * Blob structure for passing to the asymmetric SSH2 key compare
+ * Blob structure for passing to the asymmetric SSH-2 key compare
* function, prototyped here.
*/
struct blob {
{
static const char mbtitle[] = "PuTTY Key File Warning";
static const char message[] =
- "You are loading an SSH 2 private key which has an\n"
+ "You are loading an SSH-2 private key which has an\n"
"old version of the file format. This means your key\n"
"file is not fully tamperproof. Future versions of\n"
"PuTTY may stop supporting this private key format,\n"
}
/*
- * Create an SSH1 key list in a malloc'ed buffer; return its
+ * Create an SSH-1 key list in a malloc'ed buffer; return its
* length.
*/
static void *make_keylist1(int *length)
}
/*
- * Create an SSH2 key list in a malloc'ed buffer; return its
+ * Create an SSH-2 key list in a malloc'ed buffer; return its
* length.
*/
static void *make_keylist2(int *length)
break;
case SSH1_AGENTC_REMOVE_ALL_RSA_IDENTITIES:
/*
- * Remove all SSH1 keys. Always returns success.
+ * Remove all SSH-1 keys. Always returns success.
*/
{
struct RSAKey *rkey;
break;
case SSH2_AGENTC_REMOVE_ALL_IDENTITIES:
/*
- * Remove all SSH2 keys. Always returns success.
+ * Remove all SSH-2 keys. Always returns success.
*/
{
struct ssh2_userkey *skey;
}
/*
- * Key comparison function for the 2-3-4 tree of SSH2 keys.
+ * Key comparison function for the 2-3-4 tree of SSH-2 keys.
*/
static int cmpkeys_ssh2(void *av, void *bv)
{
/*
* Key comparison function for looking up a blob in the 2-3-4 tree
- * of SSH2 keys.
+ * of SSH-2 keys.
*/
static int cmpkeys_ssh2_asymm(void *av, void *bv)
{
projects / u / mdw / putty / commitdiff