cmdline_password = value;
}
+ if (!strcmp(p, "-agent") || !strcmp(p, "-pagent") ||
+ !strcmp(p, "-pageant")) {
+ RETURN(1);
+ UNAVAILABLE_IN(TOOLTYPE_NONNETWORK);
+ cfg->tryagent = TRUE;
+ }
+ if (!strcmp(p, "-noagent") || !strcmp(p, "-nopagent") ||
+ !strcmp(p, "-nopageant")) {
+ RETURN(1);
+ UNAVAILABLE_IN(TOOLTYPE_NONNETWORK);
+ cfg->tryagent = FALSE;
+ }
+
if (!strcmp(p, "-A")) {
RETURN(1);
UNAVAILABLE_IN(TOOLTYPE_FILETRANSFER | TOOLTYPE_NONNETWORK);
s = ctrl_getset(b, "Connection/SSH/Auth", "methods",
"Authentication methods");
+ ctrl_checkbox(s, "Attempt authentication using Pageant", 'p',
+ HELPCTX(ssh_auth_pageant),
+ dlg_stdcheckbox_handler,
+ I(offsetof(Config,tryagent)));
ctrl_checkbox(s, "Attempt TIS or CryptoCard auth (SSH-1)", 'm',
HELPCTX(ssh_auth_tis),
dlg_stdcheckbox_handler,
This option only affects SSH-2 connections. SSH-1 connections always
require an authentication step.
+\S{config-ssh-tryagent} \q{Attempt authentication using Pageant}
+
+\cfg{winhelp-topic}{ssh.auth.pageant}
+
+If this option is enabled, then PuTTY will look for Pageant (the SSH
+private-key storage agent) and attempt to authenticate with any
+suitable public keys Pageant currently holds.
+
+This behaviour is almost always desirable, and is therefore enabled
+by default. In rare cases you might need to turn it off in order to
+force authentication by some non-public-key method such as
+passwords.
+
+This option can also be controlled using the \c{-noagent}
+command-line option. See \k{using-cmdline-agentauth}.
+
+See \k{pageant} for more information about Pageant in general.
+
\S{config-ssh-tis} \q{Attempt \I{TIS authentication}TIS or
\i{CryptoCard authentication}}
open as many PuTTY sessions as you like without having to type your
passphrase again.
+(PuTTY can be configured not to try to use Pageant, but it will try
+by default. See \k{config-ssh-tryagent} and
+\k{using-cmdline-agentauth} for more information.)
+
When you want to shut down Pageant, click the right button on the
Pageant icon in the System tray, and select \q{Exit} from the menu.
Closing the Pageant main window does \e{not} shut down Pageant.
protocol. Due to fundamental limitations of Telnet and Rlogin, these
protocols do not support automated password authentication.
+\S2{using-cmdline-agentauth} \i\c{-agent} and \i\c{-noagent}:
+control use of Pageant for authentication
+
+The \c{-agent} option turns on SSH authentication using Pageant, and
+\c{-noagent} turns it off. These options are only meaningful if you
+are using SSH.
+
+See \k{pageant} for general information on \i{Pageant}
+
+These options are equivalent to the agent authentication checkbox in
+the Auth panel of the PuTTY configuration box (see
+\k{config-ssh-tryagent}).
+
+These options are not available in the file transfer tools PSCP and
+PSFTP.
+
\S2{using-cmdline-agent} \I{-A-upper}\c{-A} and \i\c{-a}: control \i{agent
forwarding}
int ssh_kexlist[KEX_MAX];
int ssh_rekey_time; /* in minutes */
char ssh_rekey_data[16];
+ int tryagent;
int agentfwd;
int change_username; /* allow username switching in SSH-2 */
int ssh_cipherlist[CIPHER_MAX];
write_setting_s(sesskey, "LocalUserName", cfg->localusername);
write_setting_i(sesskey, "NoPTY", cfg->nopty);
write_setting_i(sesskey, "Compression", cfg->compression);
+ write_setting_i(sesskey, "TryAgent", cfg->tryagent);
write_setting_i(sesskey, "AgentFwd", cfg->agentfwd);
write_setting_i(sesskey, "ChangeUsername", cfg->change_username);
wprefs(sesskey, "Cipher", ciphernames, CIPHER_MAX,
sizeof(cfg->localusername));
gppi(sesskey, "NoPTY", 0, &cfg->nopty);
gppi(sesskey, "Compression", 0, &cfg->compression);
+ gppi(sesskey, "TryAgent", 1, &cfg->tryagent);
gppi(sesskey, "AgentFwd", 0, &cfg->agentfwd);
gppi(sesskey, "ChangeUsername", 0, &cfg->change_username);
gprefs(sesskey, "Cipher", "\0",
while (pktin->type == SSH1_SMSG_FAILURE) {
s->pwpkt_type = SSH1_CMSG_AUTH_PASSWORD;
- if (agent_exists() && !s->tried_agent) {
+ if (ssh->cfg.tryagent && agent_exists() && !s->tried_agent) {
/*
* Attempt RSA authentication using Pageant.
*/
s->nkeys = 0;
s->agent_response = NULL;
s->pkblob_in_agent = NULL;
- if (agent_exists()) {
+ if (ssh->cfg.tryagent && agent_exists() && ssh->cfg.tryagent) {
void *r;
if (!*cfg.host) {
char *q = p;
- do_defaults(NULL, &cfg);
-
/*
* If the hostname starts with "telnet:", set the
* protocol to Telnet and process the string as a
#define WINHELP_CTX_ssh_auth_privkey "ssh.auth.privkey"
#define WINHELP_CTX_ssh_auth_agentfwd "ssh.auth.agentfwd"
#define WINHELP_CTX_ssh_auth_changeuser "ssh.auth.changeuser"
+#define WINHELP_CTX_ssh_auth_pageant "ssh.auth.pageant"
#define WINHELP_CTX_ssh_auth_tis "ssh.auth.tis"
#define WINHELP_CTX_ssh_auth_ki "ssh.auth.ki"
#define WINHELP_CTX_selection_buttons "selection.buttons"