Home |
Licence |
FAQ |
Docs |
Download |
Keys |
Links
Mirrors |
Updates |
Feedback |
Changes |
Wishlist |
Team
PuTTY's SSH-2 host key selection policy currently involves a fixed preference order of RSA then DSA. I occasionally think it would be good to add a preference list to tweak the policy, either to put DSA first (if you're really mad) or to move DSA to below the "warn below this line" line.
When there's a choice of host keys available for a host, perhaps PuTTY should adjust its stated preferences so that the ones it already has cached come first. Need to think about that a bit. At the very least, when a new host key prompt is given, PuTTY should mention if it already has host keys for a host in other formats - particularly important when the default protocol changes to SSH-2, or a server that previously offered DSS keys starts supporting RSA too.
Finally, there's currently undesirable behaviour in PSFTP if you click "accept once" on a host key at startup and then leave the connection open for long enough to trigger a rekey timeout: since the host key has only been accepted once, PSFTP puts up the confirmation message again, in the middle of a command-line session, which is pretty nasty. Certainly at the very least we should treat "accept once" on a host key to mean accept for the whole of a session rather than for a single KEX; additionally, we probably ought to think about some sort of sensible behaviour if the host key we initially accepted has disappeared by rekey time.
Audit trail for this wish.