X-Git-Url: https://git.distorted.org.uk/~mdw/sgt/putty/blobdiff_plain/72be5b5ec697d1a93ed091721031b9979c6d9633..8ad3d7a26d9aa6b8a8d36d15abcab6996677ff94:/doc/faq.but

diff --git a/doc/faq.but b/doc/faq.but
index 8acd6364..2b6dc8c9 100644
--- a/doc/faq.but
+++ b/doc/faq.but
@@ -101,6 +101,41 @@ authentication, which is more flexible and more secure. See
 \k{pubkey} in the documentation for a full discussion of public key
 authentication.
 
+\S{faq-hostkeys} Is there an option to turn off the annoying host
+key prompts?
+
+No, there isn't. And there won't be. Even if you write it yourself
+and send us the patch, we won't accept it.
+
+Those annoying host key prompts are the \e{whole point} of SSH.
+Without them, all the cryptographic technology SSH uses to secure
+your session is doing nothing more than making an attacker's job
+slightly harder; instead of sitting between you and the server with
+a packet sniffer, the attacker must actually subvert a router and
+start modifying the packets going back and forth. But that's not all
+that much harder than just sniffing; and without host key checking,
+it will go completely undetected by client or server.
+
+Host key checking is your guarantee that the encryption you put on
+your data at the client end is the \e{same} encryption taken off the
+data at the server end; it's your guarantee that it hasn't been
+removed and replaced somewhere on the way. Host key checking makes
+the attacker's job \e{astronomically} hard, compared to packet
+sniffing, and even compared to subverting a router. Instead of
+applying a little intelligence and keeping an eye on Bugtraq, the
+attacker must now perform a brute-force attack against at least one
+military-strength cipher. That insignificant host key prompt really
+does make \e{that} much difference.
+
+If you're having a specific problem with host key checking - perhaps
+you want an automated batch job to make use of PSCP or Plink, and
+the interactive host key prompt is hanging the batch process - then
+the right way to fix it is to add the correct host key to the
+Registry in advance. That way, you retain the \e{important} feature
+of host key checking: the right key will be accepted and the wrong
+ones will not. Adding an option to turn host key checking off
+completely is the wrong solution and we will not do it.
+
 \S{faq-server} Will you write an SSH server for the PuTTY suite, to
 go with the client?
 
@@ -442,6 +477,28 @@ and you should report it (although it might be a bug in your SSH
 server instead); but it doesn't necessarily mean you've actually run
 out of memory.
 
+\S{faq-bce} When I run full-colour applications, I see areas of
+black space where colour ought to be.
+
+You almost certainly need to enable the \q{Use background colour to
+erase screen} setting in the Terminal panel. Note that if you do
+this in mid-session, it won't take effect until you reset the
+terminal (see \k{faq-resetterm}).
+
+\S{faq-resetterm} When I change some terminal settings, nothing
+happens.
+
+Some of the terminal options (notably Auto Wrap and
+background-colour screen erase) actually represent the \e{default}
+setting, rather than the currently active setting. The server can
+send sequences that modify these options in mid-session, but when
+the terminal is reset (by server action, or by you choosing \q{Reset
+Terminal} from the System menu) the defaults are restored.
+
+If you want to change one of these options in the middle of a
+session, you will find that the change does not immediately take
+effect. It will only take effect once you reset the terminal.
+
 \S{faq-altgr} I can't type characters that require the AltGr key.
 
 In PuTTY version 0.51, the AltGr key was broken. The bug has been