If you enable this option, then not only will PuTTY be able to log in automatically to a server that accepts your Kerberos credentials, but also you will be able to connect out from that server to other Kerberos-supporting services and use the same credentials just as automatically.Ĭonfigure the preferred order of GSSAPI libraries. If it is enabled, GSSAPI authentication will be attempted, and (typically) if your client machine has valid Kerberos credentials loaded, then PuTTY should be able to authenticate automatically to servers that support Kerberos logins. If you know your server can cope with it, you can enable this option. The SSH-2 protocol does allow changes of username, in principle, but does not make it mandatory for SSH-2 servers to accept them. If you are not running Pageant, this option will do nothing.Īllow attempted Changes of Username (SSH-2) This option allows the SSH server to open forwarded connections back to your local copy of Pageant. The SSH-2 equivalent of TIS authentication is called ‘keyboard-interactive’. TIS and CryptoCard authentication are (despite their names) generic forms of simple challenge/response authentication available in SSH protocol version 1 only.Īttempt Keyboard-Interactive Authentication (SSH-2)
If this option is enabled, then PuTTY will look for Pageant (the SSH private-key storage agent) and attempt to authenticate with any suitable public keys Pageant currently holds.Īttempt TIS or CryptoCard Authentication (SSH-1) SSH-2 servers can provide a message for clients to display to the prospective user before the user logs in. In SSH-2, it is possible to establish a connection without using SSH's mechanisms to identify or authenticate oneself to the server.ĭisplay Pre-Authentication Banner (SSH-2) Use 1M for 1 megabyte, 1G for 1 gigabyte, etc. If the first algorithm PuTTY finds is below the ‘warn below here’ line, you will see a warning box when you make the connection.Ĭonfigure the timespan between rekey attempts. PuTTY supports a variety of SSH-2 key exchange methods, and allows you to choose which one you prefer to use. Single-DES is not recommended in the SSH 2 draft protocol standards, but one or two server implementations do support it. If the algorithm PuTTY finds is below the ‘warn below here’ line, you will see a warning box when you make the connection. When you make an SSH connection, PuTTY will search down the list from the top until it finds an algorithm supported by the server, and then use that.
This can help make the most of a low-bandwidth connection.
This enables data compression in the SSH connection. If checked, a session is started but without a pseudo-terminal. If you select ‘1 only’ or ‘2 only’ here, PuTTY will only connect if the server you connect to offers the SSH protocol version you have specified. PuTTY will attempt to use protocol 1 if the server you connect to does not offer protocol 2, and vice versa. Instead, you can choose to run a single specific command (such as a mail user agent, for example). In SSH, you don't have to run a general shell session on the server. Pre-populating the fingerprint can be helpful when connecting through SSH tunnels, proxy servers or secure gateways. Specify an MD5-based host key fingerprint of the form displayed in PuTTY's Event Log and host key dialog box or a base64-encoded blob describing an SSH-2 public key in OpenSSH's one-line public key format.
The SSH Settings page allows you to configure settings specific for SSH connections.