Differences
This shows you the differences between the selected revisions of the page.
| 2005-01-18 | 2005-01-19 | ||
| created (martin) | subchapters (martin) | ||
| Line 5: | Line 5: | ||
| &screenshotpict(login_authentication) | &screenshotpict(login_authentication) | ||
| - | The //Attempt TIS or CryptoCard authentication// checkbox enables simple challenge/response forms of authentication available in SSH protocol version 1 only. You might use them if you were using S/Key one-time passwords, for example, or if you had a physical security token that generated responses to authentication challenges. | + | ===== Attempt TIS or CryptoCard authentication ===== |
| + | |||
| + | TIS and CryptoCard authentication are simple challenge/response forms of authentication available in SSH protocol version 1 only. You might use them if you were using S/Key one-time passwords, for example, or if you had a physical security token that generated responses to authentication challenges. | ||
| With this switch enabled, WinSCP will attempt these forms of authentication if the server is willing to try them. You will be presented with a challenge string (which will be different every time) and must supply the correct response in order to log in. If your server supports this, you should talk to your system administrator about precisely what form these challenges and responses take. ((&puttydoccite)) | With this switch enabled, WinSCP will attempt these forms of authentication if the server is willing to try them. You will be presented with a challenge string (which will be different every time) and must supply the correct response in order to log in. If your server supports this, you should talk to your system administrator about precisely what form these challenges and responses take. ((&puttydoccite)) | ||
| - | The //Attempt keyboard-interactive authentication// enables SSH 2 equivalent of TIS authentication, called 'keyboard-interactive'. It is a flexible authentication method using an arbitrary sequence of requests and responses; so it is not only useful for challenge/response mechanisms such as S/Key, but it can also be used for (for example) asking the user for a new password when the old one has expired. ·((&puttydoccite))· | + | ===== Attempt keyboard-interactive authentication ===== |
| + | |||
| + | The SSH 2 equivalent of TIS authentication is called 'keyboard-interactive'. It is a flexible authentication method using an arbitrary sequence of requests and responses; so it is not only useful for challenge/response mechanisms such as S/Key, but it can also be used for (for example) asking the user for a new password when the old one has expired. ((&puttydoccite)) | ||
| WinSCP leaves this option enabled by default, but supplies a switch to turn it off in case you should have trouble with it. If your servers uses keyboard-interactive authentication to ask for your password only, and you wish to allow WinSCP to reply with your [[ui_login_save|stored]] password, tick //Respond with password to the first prompt//. | WinSCP leaves this option enabled by default, but supplies a switch to turn it off in case you should have trouble with it. If your servers uses keyboard-interactive authentication to ask for your password only, and you wish to allow WinSCP to reply with your [[ui_login_save|stored]] password, tick //Respond with password to the first prompt//. | ||
| - | The //Attempt MIT Kerberos GSSAPI authentication// checkbox tells WinSCP to attempt Kerberos authentication. To use the Kerberos authentication you need to have [[&url(kerberosforwin)|Kerberos for Windows]] installed. | + | ===== Attempt MIT Kerberos GSSAPI authentication ===== |
| + | |||
| + | The switch tells WinSCP to attempt Kerberos authentication. To use the Kerberos authentication you need to have [[&url(kerberosforwin)|Kerberos for Windows]] installed. | ||
| + | |||
| + | ===== Allow agent forwarding ===== | ||
| - | The //Allow agent forwarding// checkbox allows the SSH server to open forwarded connections back to your local copy of Pageant. If you are not running Pageant, this option will do nothing. Learn more about [[&url(puttyagentfwd)|agent forwarding]]. ((&puttydoccite)) | + | This option allows the SSH server to open forwarded connections back to your local copy of Pageant. If you are not running Pageant, this option will do nothing. Learn more about [[&url(puttyagentfwd)|agent forwarding]]. ((&puttydoccite)) |