Граф коммитов

83 Коммитов

Автор SHA1 Сообщение Дата
Jacob Nevins 8d48caa849 Note the interaction of jump lists and -cleanup.
Also note that recent installers don't prompt to -cleanup (this started
with 0.67's MSI installer).
2017-02-17 00:03:11 +00:00
Jacob Nevins b14c3443d3 Document -proxycmd in help and man pages.
Also, in the main documentation, note the hazard that backslashes in the
command argument must be doubled.
2017-02-11 23:03:46 +00:00
Jacob Nevins 72c3c23ebd Document '-restrict-acl' vs subprocesses.
(Since we've thought about it.)
2017-02-04 12:12:18 +00:00
Simon Tatham e22120fea8 Turn off Windows process ACL restriction by default.
As documented in bug 'win-process-acl-finesse', we've had enough
assorted complaints about it breaking various non-malicious pieces of
Windows process interaction (ranging from git->plink integration to
screen readers for the vision-impaired) that I think it's more
sensible to set the process back to its default level of protection.

This precaution was never a fully effective protection anyway, due to
the race condition at process startup; the only properly effective
defence would have been to prevent malware running under the same user
ID as PuTTY in the first place, so in that sense, nothing has changed.
But people who want the arguable defence-in-depth advantage of the ACL
restriction can now turn it on with the '-restrict-acl' command-line
option, and it's up to them whether they can live with the assorted
inconveniences that come with it.

In the course of this change, I've centralised a bit more of the
restriction code into winsecur.c, to avoid repeating the error
handling in multiple places.
2017-01-29 23:08:19 +00:00
Simon Tatham e65e5d165f Add a '-proxycmd' command-line option.
This is equivalent to selecting 'Local' as the proxy type and entering
the argument string in the proxy command box, in the GUI.

I've pulled this out of all the other proxy options to promote to a
named command-line option, partly because it's the proxy option with
the most natural command-line expression in the first place (any shell
command you might want to use is already in the form of a single
string), and also because it has uses beyond end-user proxying
applications: in particular, replacing the network connection with a
local process is a convenient way to do testing in the style of
contrib/samplekex.py, avoiding the need to run a separate command to
make the test 'server' listen on a port.
2016-05-03 15:59:15 +01:00
Jacob Nevins 16dfefcbde Stop supporting fallback between SSH versions.
The UI now only has "1" and "2" options for SSH protocol version, which
behave like the old "1 only" and "2 only" options; old
SSH-N-with-fallback settings are interpreted as SSH-N-only.

This prevents any attempt at a protocol downgrade attack.
Most users should see no difference; those poor souls who still have to
work with SSH-1 equipment now have to explicitly opt in.
2016-04-02 12:46:04 +01:00
Jacob Nevins 97245ec23b Missed a host key doc cross-reference.
Also, fix a mangled sentence.
2016-03-27 10:57:25 +01:00
Jacob Nevins 15386cbe92 Cross-reference all the host key docs.
And tweak some of the words a bit.
2016-03-26 17:38:49 +00:00
Jacob Nevins 28f67586f5 Document host key cross-certification. 2016-03-25 15:43:28 +00:00
Jacob Nevins 8b4c43d6d2 Docs: character sets are awful. 2016-03-25 13:15:51 +00:00
Jacob Nevins 4782d0db91 Cross-reference Event Log and logfile docs. 2016-03-25 13:15:43 +00:00
Jacob Nevins 2aa8d81c2d Document that -i etc now accept public key files.
(This was added in 4204a53.)
2016-03-19 23:43:21 +00:00
Simon Tatham 986b8f87be Document the new session-logging command line options.
If I'm going to announce them as a feature in 0.66, it would be
embarrassing to forget to mention them in the documentation.
2015-11-07 09:53:03 +00:00
Jacob Nevins 1f45273655 Clarify that port forwarding is of TCP connections.
(Rather than just the generic 'network connections'.)
2014-11-08 18:38:32 +00:00
Jacob Nevins 8ba3e8ce77 Refer to X11 'graphical applications'.
For people who know they need graphical applications but don't know what
X11 is.
2014-11-08 18:38:32 +00:00
Jacob Nevins dd933200d2 Correct default lines of scrollback in the docs.
The default was increased in fd266a3 (just before 0.63).
2014-11-08 18:38:32 +00:00
Simon Tatham 4d8782e74f Rework versioning system to not depend on Subversion.
I've shifted away from using the SVN revision number as a monotonic
version identifier (replacing it in the Windows version resource with
a count of days since an arbitrary epoch), and I've removed all uses
of SVN keyword expansion (replacing them with version information
written out by Buildscr).

While I'm at it, I've done a major rewrite of the affected code which
centralises all the computation of the assorted version numbers and
strings into Buildscr, so that they're all more or less alongside each
other rather than scattered across multiple source files.

I've also retired the MD5-based manifest file system. A long time ago,
it seemed like a good idea to arrange that binaries of PuTTY would
automatically cease to identify themselves as a particular upstream
version number if any changes were made to the source code, so that if
someone made a local tweak and distributed the result then I wouldn't
get blamed for the results. Since then I've decided the whole idea is
more trouble than it's worth, so now distribution tarballs will have
version information baked in and people can just cope with that.

[originally from svn r10262]
2014-09-24 10:33:13 +00:00
Simon Tatham 70ab076d83 New option to manually configure the expected host key(s).
This option is available from the command line as '-hostkey', and is
also configurable through the GUI. When enabled, it completely
replaces all of the automated host key management: the server's host
key will be checked against the manually configured list, and the
connection will be allowed or disconnected on that basis, and the host
key store in the registry will not be either consulted or updated.

The main aim is to provide a means of automatically running Plink,
PSCP or PSFTP deep inside Windows services where HKEY_CURRENT_USER
isn't available to have stored the right host key in. But it also
permits you to specify a list of multiple host keys, which means a
second use case for the same mechanism will probably be round-robin
DNS names that select one of several servers with different host keys.

Host keys can be specified as the standard MD5 fingerprint or as an
SSH-2 base64 blob, and are canonicalised on input. (The base64 blob is
more unwieldy, especially with Windows command-line length limits, but
provides a means of specifying the _whole_ public key in case you
don't trust MD5. I haven't bothered to provide an analogous mechanism
for SSH-1, on the basis that anyone worrying about MD5 should have
stopped using SSH-1 already!)

[originally from svn r10220]
2014-09-09 11:46:24 +00:00
Jacob Nevins e70878bd3a The documentation was still claiming that we don't support x11-auth.
[originally from svn r9149]
2011-04-08 15:52:02 +00:00
Jacob Nevins 12b6a4e7dd Tweak description of dynamic port forwarding, and point people running into
'Out of space for port forwardings' at it.

[originally from svn r8897]
[this svn revision also touched putty-wishlist]
2010-03-13 14:47:14 +00:00
Simon Tatham f3ac927d33 Patch from Alan Clucas (somewhat polished) providing command-line
options to select and configure serial port mode.

[originally from svn r8617]
2009-08-10 20:55:19 +00:00
Simon Tatham 322df43e4d Manfred Schwarb also mentions that Alt+drag is captured by at least
one well known window manager (KDE's); document that Shift+Alt+drag
is worth trying as a workaround.

[originally from svn r8059]
2008-06-07 16:30:45 +00:00
Simon Tatham e81a8cf795 Been meaning to do this for years: introduce a configuration option
to manually tweak the host name and port number under which the SSH
host key is read and written.

I've put it in the cross-platform Connection panel. Partly under the
flimsy pretext that other backends _can_ use it if they so wish (and
in fact it overrides the host name for title-bar purposes in all
network backends, though it has no other effect in anything but
SSH); but mostly because the SSH panel was too full already :-)

[originally from svn r8033]
2008-06-01 11:16:32 +00:00
Jacob Nevins 98c0039a83 Attempt to clarify what the various IP version selection options do.
[originally from svn r7882]
2008-02-23 23:56:22 +00:00
Jacob Nevins d6fdbfbd2f Tunnels: more explicit link from introductory to reference section.
[originally from svn r7880]
2008-02-23 22:00:48 +00:00
Jacob Nevins 439b72d947 Marc TERRIER pointed out a couple of places that claim there is an X11
forwarding checkbox on the Tunnels panel, which hasn't been the case for
a while.

[originally from svn r7771]
2007-10-19 21:47:47 +00:00
Jacob Nevins c5374da822 Ctrl-Break now sends a Break signal (previously it was equivalent to Ctrl-C).
[originally from svn r7295]
[this svn revision also touched putty-wishlist]
2007-02-18 14:02:39 +00:00
Jacob Nevins de84239159 Updates for today's changes:
- changes to Logging panel
 - breaks in serial backend
(Plus, completely unrelated, an index term entry related to port forwarding
which seems to have been sitting around for ages, possibly waiting for me to
think about `see also' index terms in Halibut.)

[originally from svn r6836]
2006-08-29 21:46:56 +00:00
Simon Tatham 631b494807 New command-line option in Plink (and PuTTY, though it's less useful
there): `plink host -nc host2:port' causes the SSH connection's main
channel to be replaced with a direct-tcpip connection to the
specified destination. This feature is mainly designed for use as a
local proxy: setting your local proxy command to `plink %proxyhost
-nc %host:%port' lets you tunnel SSH over SSH with a minimum of
fuss. Works on all platforms.

[originally from svn r6823]
2006-08-28 15:12:37 +00:00
Simon Tatham 34f747421d Support for Windows PuTTY connecting straight to a local serial port
in place of making a network connection. This has involved a couple
of minor infrastructure changes:
 - New dlg_label_change() function in the dialog.h interface, which
   alters the label on a control. Only used, at present, to switch
   the Host Name and Port boxes into Serial Line and Speed, which
   means that any platform not implementing serial connections (i.e.
   currently all but Windows) does not need to actually do anything
   in this function. Yet.
 - New small piece of infrastructure: cfg_launchable() determines
   whether a Config structure describes a session ready to be
   launched. This was previously determined by seeing if it had a
   non-empty host name, but it has to check the serial line as well
   so there's a centralised function for it. I haven't gone through
   all front ends and arranged for this function to be used
   everywhere it needs to be; so far I've only checked Windows.
 - Similarly, cfg_dest() returns the destination of a connection
   (host name or serial line) in a text format suitable for putting
   into messages such as `Unable to connect to %s'.

[originally from svn r6815]
2006-08-28 10:35:12 +00:00
Jacob Nevins 7633e06f45 Flesh out `-m' caveats slightly.
[originally from svn r6595]
2006-03-08 23:16:52 +00:00
Jacob Nevins 5e59d81947 Fix up documentation/usage messages for r6572.
[originally from svn r6574]
[r6572 == c2b2d9c539]
2006-02-19 12:52:28 +00:00
Simon Tatham c2b2d9c539 Introduce a new checkbox and command-line option to inhibit use of
Pageant for local authentication. (This is a `don't use Pageant for
authentication at session startup' button rather than a `pretend
Pageant doesn't exist' button: that is, agent forwarding is
independent of this option.)

[originally from svn r6572]
2006-02-19 12:05:12 +00:00
Jacob Nevins af0d8cf872 Mention that sessions can be saved from "Change Settings" in using.but.
[originally from svn r6332]
2005-09-19 14:34:01 +00:00
Jacob Nevins 0e82598a35 Index the complete PuTTY manual.
This was a bit rushed, and could doubtless be improved.
Also fix a couple of things I noted on the way, including:
 - "pscp -ls" wasn't documented
 - Windows XP wasn't mentioned enough

[originally from svn r5593]
2005-04-05 18:01:32 +00:00
Jacob Nevins 36fc6c0a76 Try to make our PGP signing more useful:
* All the PuTTY tools for Windows and Unix now contain the fingerprints of
   the Master Keys. The method for accessing them is crude but universal:
   a new "-pgpfp" command-line option. (Except Unix PuTTYgen, which takes
   "--pgpfp" just to be awkward.)

 * Move the key policy discussion from putty-website/keys.html to
   putty/doc/pgpkeys.but, and autogenerate the former from the latter.
   Also tweak the text somewhat and include the fingerprints of the
   Master Keys themselves.
   (I've merged the existing autogeneration scripts into a single new
   one; I've left the old scripts and keys.html around until such time
   as the webmonster reviews the changes and plumbs in the new script;
   he should remove the old files then.)

[originally from svn r5524]
[this svn revision also touched putty-website]
2005-03-19 02:26:58 +00:00
Jacob Nevins e4a5884636 punctuation nit
[originally from svn r5495]
2005-03-11 21:05:12 +00:00
Jacob Nevins 5aa719d16e Consistently use a single notation to refer to SSH protocol versions, as
discussed. Use Barrett and Silverman's convention of "SSH-1" for SSH protocol
version 1 and "SSH-2" for protocol 2 ("SSH1"/"SSH2" refer to ssh.com
implementations in this scheme). <http://www.snailbook.com/terms.html>

[originally from svn r5480]
2005-03-10 16:36:05 +00:00
Jacob Nevins 1e0aeea460 Mention `-cleanup' caveats on multi-user systems.
Mention installer in faq-cleanup.
Fix indexing snafu.

[originally from svn r5422]
2005-03-01 15:18:34 +00:00
Jacob Nevins a2b583f137 Add context help to a couple of message boxes. Unfortunately the ones
I wanted to get to -- "software caused connection abort" and friends --
are going to be more involved (probably requiring some cross-platform
notion of help contexts), and these ones hardly seem worth the effort.
Still, I've done it now.

Side-effect: Pageant now uses the same `hinst' and `hwnd' globals as
everything else. Tested basic functionality.

[originally from svn r5417]
2005-03-01 01:16:57 +00:00
Ben Harris a78e7271ee Mention Cygwin/X as a potential X server, since it's free.
[originally from svn r5107]
2005-01-13 21:50:41 +00:00
Simon Tatham 6daf6faede Integrate unfix.org's IPv6 patches up to level 10, with rather a lot
of polishing to bring them to what I think should in principle be
release quality. Unlike the unfix.org patches themselves, this
checkin enables IPv6 by default; if you want to leave it out, you
have to build with COMPAT=-DNO_IPV6.

I have tested that this compiles on Visual C 7 (so the nightlies
_should_ acquire IPv6 support without missing a beat), but since I
don't have IPv6 set up myself I haven't actually tested that it
_works_. It still seems to make correct IPv4 connections, but that's
all I've been able to verify for myself. Further testing is needed.

[originally from svn r5047]
[this svn revision also touched putty-wishlist]
2004-12-30 16:45:11 +00:00
Jacob Nevins 30896d650e Basic configurability for client-initiated rekeys.
[originally from svn r5027]
2004-12-24 13:39:32 +00:00
Jacob Nevins 912566e106 Minimally document "repeat key exchange" special command.
[originally from svn r5023]
2004-12-23 05:54:09 +00:00
Simon Tatham 785c6321e3 Minor index tweakery.
[originally from svn r4880]
2004-11-22 12:42:33 +00:00
Simon Tatham 5d32d4af14 Now we use Subversion, it seems excessive to have an individual $Id$
line for every single .but file at the bottom of each page of the
HTML PuTTY docs. However, we can't _always_ replace that with a
single SVN revision, because there isn't always one available (SVN
still allows mixed working copies in which some files are
deliberately checked out against a different revision).

Hence, here's a mechanism for doing better. It uses `svnversion .'
to determine _whether_ a single revision number adequately describes
the current directory, and replaces all the version IDs with that if
so. If it can't do that, it uses the version IDs as before.

Also, this allows an explicit version string to be passed on the
make command line which will override _both_ these possibilities, so
that release documentation can be clearly labelled with the release
version number.

[originally from svn r4804]
2004-11-17 18:16:59 +00:00
Jacob Nevins b9728ebfb6 Freshness tweaks:
- mention `Restart Session'
 - tweak language of `-N' (plural->singular)

[originally from svn r4684]
2004-10-24 16:48:43 +00:00
Jacob Nevins 83e15f8082 Munge line-drawing description to match current naming and order of options
(in the Windows version), and hopefully to clarify distinction between line
charset and local font, which has occasionally foxed me.

Cross-reference the Translation panel reference section from the intro
section in using.but and mention line-drawing characters there also.

[originally from svn r4654]
2004-10-19 13:54:50 +00:00
Jacob Nevins 17b0d8c58e Support the SSH-2 mechanism for sending signals to a running session. Neither
of the SSH servers I conveniently have access to (Debian stable OpenSSH --
3.4p1 -- and lshd) seem to take a blind bit of notice, but the channel
requests look fine to me in the packet log.

I've included all the signals explicitly defined by
draft-ietf-secsh-connect-19, but I've put the more obscure ones in a submenu
of the specials menu; there's therefore been some minor upheaval to support
such submenus.

[originally from svn r4652]
2004-10-17 21:22:22 +00:00
Simon Tatham dd279dffc2 Implement part of `ssh2-generality': introduce the ability to tell
PuTTY / Plink not to run a remote shell/command at all. Supported in
the GUI configuration and via the (OpenSSH-like) -N command-line
option.

No effort is currently made to arrange `nice' UI properties. If you
do this in GUI PuTTY, a full-size terminal window will still be
created, and will sit there with almost nothing in it throughout
your session. If you do it in Plink, Plink will not accept any kind
of request to terminate gracefully; you'll have to ^C or kill it.
Nonetheless, even this little will be useful to some people...

[originally from svn r4614]
2004-10-13 13:43:11 +00:00