| 1 | \versionid $Id: gs.but,v 1.6 2001/12/06 20:05:39 simon Exp $ |
| 2 | |
| 3 | \C{gs} Getting started with PuTTY |
| 4 | |
| 5 | This chapter gives a quick guide to the simplest types of |
| 6 | interactive login session using PuTTY. |
| 7 | |
| 8 | \H{gs-insecure} Starting a session |
| 9 | |
| 10 | When you start PuTTY, you will see a dialog box. This dialog box |
| 11 | allows you to control everything PuTTY can do. See \k{config} for |
| 12 | details of all the things you can control. |
| 13 | |
| 14 | You don't usually need to change most of the configuration options. |
| 15 | To start the simplest kind of session, all you need to do is to |
| 16 | enter a few basic parameters. |
| 17 | |
| 18 | In the \q{Host Name} box, enter the Internet host name of the server |
| 19 | you want to connect to. You should have been told this by the |
| 20 | provider of your login account. |
| 21 | |
| 22 | Now select a login protocol to use, from the \q{Protocol} buttons. |
| 23 | For a login session, you should select Telnet, Rlogin or SSH. See |
| 24 | \k{which-one} for a description of the differences between the three |
| 25 | protocols, and advice on which one to use. The fourth protocol, |
| 26 | \e{Raw}, is not used for interactive login sessions; you would |
| 27 | usually use this for debugging other Internet services. |
| 28 | |
| 29 | When you change the selected protocol, the number in the \q{Port} |
| 30 | box will change. This is normal: it happens because the various |
| 31 | login services are usually provided on different network ports by |
| 32 | the server machine. Most servers will use the standard port numbers, |
| 33 | so you will not need to change the port setting. If your server |
| 34 | provides login services on a non-standard port, your system |
| 35 | administrator should have told you which one. (For example, many |
| 36 | MUDs run Telnet service on a port other than 23.) |
| 37 | |
| 38 | Once you have filled in the \q{Host Name}, \q{Protocol}, and |
| 39 | possibly \q{Port} settings, you are ready to connect. Press the |
| 40 | \q{Open} button at the bottom of the dialog box, and PuTTY will |
| 41 | begin trying to connect you to the server. |
| 42 | |
| 43 | \H{gs-hostkey} Verifying the Host Key (SSH only) |
| 44 | |
| 45 | If you are not using the SSH protocol, you can skip this section. |
| 46 | |
| 47 | If you are using SSH to connect to a server for the first time, you |
| 48 | will probably see a message looking something like this: |
| 49 | |
| 50 | \c The server's host key is not cached in the registry. You |
| 51 | \c have no guarantee that the server is the computer you |
| 52 | \c think it is. |
| 53 | \c The server's key fingerprint is: |
| 54 | \c ssh-rsa 1024 7b:e5:6f:a7:f4:f9:81:62:5c:e3:1f:bf:8b:57:6c:5a |
| 55 | \c If you trust this host, hit Yes to add the key to |
| 56 | \c PuTTY's cache and carry on connecting. |
| 57 | \c If you want to carry on connecting just once, without |
| 58 | \c adding the key to the cache, hit No. |
| 59 | \c If you do not trust this host, hit Cancel to abandon the |
| 60 | \c connection. |
| 61 | |
| 62 | This is a feature of the SSH protocol. It is designed to protect you |
| 63 | against a network attack known as \e{spoofing}: secretly redirecting |
| 64 | your connection to a different computer, so that you send your |
| 65 | password to the wrong machine. Using this technique, an attacker |
| 66 | would be able to learn the password that guards your login account, |
| 67 | and could then log in as if they were you and use the account for |
| 68 | their own purposes. |
| 69 | |
| 70 | To prevent this attack, each server has a unique identifying code, |
| 71 | called a \e{host key}. These keys are created in a way that prevents |
| 72 | one server from forging another server's key. So if you connect to a |
| 73 | server and it sends you a different host key from the one you were |
| 74 | expecting, PuTTY can warn you that the server may have been switched |
| 75 | and that a spoofing attack might be in progress. |
| 76 | |
| 77 | PuTTY records the host key for each server you connect to, in the |
| 78 | Windows Registry. Every time you connect to a server, it checks that |
| 79 | the host key presented by the server is the same host key as it was |
| 80 | the last time you connected. If it is not, you will see a warning, |
| 81 | and you will have the chance to abandon your connection before you |
| 82 | type any private information (such as a password) into it. |
| 83 | |
| 84 | However, when you connect to a server you have not connected to |
| 85 | before, PuTTY has no way of telling whether the host key is the |
| 86 | right one or not. So it gives the warning shown above, and asks you |
| 87 | whether you want to trust this host key or not. |
| 88 | |
| 89 | Whether or not to trust the host key is your choice. If you are |
| 90 | connecting within a company network, you might feel that all the |
| 91 | network users are on the same side and spoofing attacks are |
| 92 | unlikely, so you might choose to trust the key without checking it. |
| 93 | If you are connecting across a hostile network (such as the |
| 94 | Internet), you should check with your system administrator, perhaps |
| 95 | by telephone or in person. (Some modern servers have more than one |
| 96 | host key. If the system administrator sends you more than one |
| 97 | fingerprint, you should make sure the one PuTTY shows you is on the |
| 98 | list, but it doesn't matter which one it is.) |
| 99 | |
| 100 | \# FIXME: this is all very fine but of course in practice the world |
| 101 | doesn't work that way. Ask the team if they have any good ideas for |
| 102 | changes to this section! |
| 103 | |
| 104 | \H{gs-login} Logging In |
| 105 | |
| 106 | After you have connected, and perhaps verified the server's host |
| 107 | key, you will be asked to log in, probably using a username and a |
| 108 | password. Your system administrator should have provided you with |
| 109 | these. Enter the username and the password, and the server should |
| 110 | grant you access and begin your session. If you have mistyped your |
| 111 | password, most servers will give you several chances to get it |
| 112 | right. |
| 113 | |
| 114 | If you are using SSH, be careful not to type your username wrongly, |
| 115 | because you will not have a chance to correct it after you press |
| 116 | Return. This is an unfortunate feature of the SSH protocol: it does |
| 117 | not allow you to make two login attempts using different usernames. |
| 118 | If you type your username wrongly, you must close PuTTY and start |
| 119 | again. |
| 120 | |
| 121 | If your password is refused but you are sure you have typed it |
| 122 | correctly, check that Caps Lock is not enabled. Many login servers, |
| 123 | particularly Unix computers, treat upper case and lower case as |
| 124 | different when checking your password; so if Caps Lock is on, your |
| 125 | password will probably be refused. |
| 126 | |
| 127 | \H{gs-session} After Logging In |
| 128 | |
| 129 | After you log in to the server, what happens next is up to the |
| 130 | server! Most servers will print some sort of login message and then |
| 131 | present a prompt, at which you can type commands which the server |
| 132 | will carry out. Some servers will offer you on-line help; others |
| 133 | might not. If you are in doubt about what to do next, consult your |
| 134 | system administrator. |
| 135 | |
| 136 | \H{gs-logout} Logging Out |
| 137 | |
| 138 | When you have finished your session, you should log out by typing |
| 139 | the server's own logout command. This might vary between servers; if |
| 140 | in doubt, try \c{logout} or \c{exit}, or consult a manual or your |
| 141 | system administrator. When the server processes your logout command, |
| 142 | the PuTTY window should close itself automatically. |
| 143 | |
| 144 | You \e{can} close a PuTTY session using the Close button in the |
| 145 | window border, but this might confuse the server - a bit like |
| 146 | hanging up a telephone unexpectedly in the middle of a conversation. |
| 147 | We recommend you do not do this unless the server has stopped |
| 148 | responding to you and you cannot close the window any other way. |