Differences
This shows you the differences between the selected revisions of the page.
| ui_login_ssh 2008-04-28 | ui_login_ssh 2023-05-24 (current) | ||
| Line 1: | Line 1: | ||
| - | ====== SSH Tab (Login Dialog) ====== | + | ====== The SSH Page (Advanced Site Settings dialog) ====== |
| - | The //SSH tab// allows you to configure options of [[ssh|SSH protocol]] and encryption. | + | The //SSH page// on the [[ui_login_advanced|Advanced Site Settings dialog]] allows you to configure options of [[ssh|SSH protocol]] and encryption. |
| &screenshotpict(login_ssh) | &screenshotpict(login_ssh) | ||
| - | The tab is not available for [[protocols#ftp|FTP protocol]]. | + | To reveal this page you need to select SCP or SFTP file protocol on [[ui_login|Login dialog]]. |
| - | More SSH options are available on subtabs: | + | More SSH options are available on subpages: |
| * [[ui_login_kex|Key exchange]] (key exchange and reexchange options) | * [[ui_login_kex|Key exchange]] (key exchange and reexchange options) | ||
| * [[ui_login_authentication|Authentication]] (advanced authentication options) | * [[ui_login_authentication|Authentication]] (advanced authentication options) | ||
| * [[ui_login_bugs|Bugs]] (detections of known bugs in SSH servers) | * [[ui_login_bugs|Bugs]] (detections of known bugs in SSH servers) | ||
| - | ===== Protocol Options ===== | + | &toc_title_page_sections |
| - | The //Enable compression// checkbox enables [[ssh#compression|data compression]] in the SSH connection: data sent by the server is compressed before sending, and decompressed at the client end. | + | |
| - | The //Preferred SSH protocol version// selection allows you to select whether you would like to use SSH protocol version 1 or version 2. WinSCP will attempt to use protocol 1 if the server you connect to does not offer protocol 2, and vice versa. If you select //1 only// or //2 only// here, WinSCP will only connect if the server you connect to offers the SSH protocol version you have specified. ((&puttydoccite)) | + | ===== [[protocol_options]] Protocol Options ===== |
| + | The //Enable compression// checkbox enables [[ssh#compression|data compression]] in the SSH connection: data sent by the server is compressed before sending, and decompressed at the client end. | ||
| - | You can see actually used protocol version on [[ui_fsinfo|Server and Protocol Information Dialog]]. | + | ===== [[encryption_options]] Encryption Options ===== |
| - | + | ||
| - | ===== Encryption Options ===== | + | |
| WinSCP supports a variety of different encryption algorithms, and allows you to choose which one you prefer to use. You can do this by dragging the algorithms up and down in the list box (or moving them using the //Up// and //Down// buttons) to specify a preference order. When you make an SSH connection, WinSCP will search down the list from the top until it finds an algorithm supported by the server, and then use that. | WinSCP supports a variety of different encryption algorithms, and allows you to choose which one you prefer to use. You can do this by dragging the algorithms up and down in the list box (or moving them using the //Up// and //Down// buttons) to specify a preference order. When you make an SSH connection, WinSCP will search down the list from the top until it finds an algorithm supported by the server, and then use that. | ||
| WinSCP currently supports the following algorithms: | WinSCP currently supports the following algorithms: | ||
| - | * //AES// (Rijndael) - 256, 192, or 128-bit SDCTR or CBC (SSH-2 only) | + | * //AES// (Rijndael) -- 256, 192, or 128-bit SDCTR or CBC, or 256 or 128-bit GCM |
| - | * //Arcfour// (RC4) - 256 or 128-bit stream cipher (SSH-2 only) | + | * //ChaCha20-Poly1305//, a combined cipher and MAC |
| - | * //Blowfish// - 256-bit SDCTR (SSH-2 only) or 128-bit CBC | + | * //Blowfish// -- 256-bit SDCTR or 128-bit CBC |
| - | * //Triple-DES// - 168-bit SDCTR (SSH-2 only) or CBC | + | * //Triple-DES// -- 168-bit SDCTR or CBC |
| - | * //Single-DES// - 56-bit CBC (see below for SSH-2) | + | ··* //Arcfour// (RC4) -- 256 or 128-bit stream cipher |
| + | * //Single-%%DES%%// -- 56-bit CBC (see below) | ||
| If the algorithm WinSCP finds is below the //warn below here// line, you will see a warning box when you make the connection: | If the algorithm WinSCP finds is below the //warn below here// line, you will see a warning box when you make the connection: | ||
| - | > The first cipher supported by the server is single-DES, which is below the configured warning threshold. | + | > The first cipher supported by the server is single-%%DES%%, which is below the configured warning threshold. |
| > | > | ||
| > Do you want to continue with this connection? | > Do you want to continue with this connection? | ||
| Line 37: | Line 36: | ||
| This warns you that the first available encryption is not a very secure one. Typically you would put the //warn below here// line between the encryptions you consider secure and the ones you consider substandard. By default, WinSCP supplies a preference order intended to reflect a reasonable preference in terms of security and speed. | This warns you that the first available encryption is not a very secure one. Typically you would put the //warn below here// line between the encryptions you consider secure and the ones you consider substandard. By default, WinSCP supplies a preference order intended to reflect a reasonable preference in terms of security and speed. | ||
| - | In SSH-2, the encryption algorithm is negotiated independently for each direction of the connection, although WinSCP does not support separate configuration of the preference orders. As a result you may get two warnings similar to the one above, possibly with different encryptions. | + | In SSH, the encryption algorithm is negotiated independently for each direction of the connection, although WinSCP does not support separate configuration of the preference orders. As a result you may get two warnings similar to the one above, possibly with different encryptions. |
| - | Single-DES is not recommended in the SSH-2 protocol standards, but one or two server implementations do support it. WinSCP can use single-DES to interoperate with these servers if you enable the //Enable legacy use of single-DES in SSH-2// option; by default this is disabled and WinSCP will stick to recommended ciphers.·((&puttydoccite)) | + | Single-DES is not recommended in the %%SSH%% protocol standards, but one or two server implementations do support it. WinSCP can use single-%%DES%% to interoperate with these servers if you enable the //Enable legacy use of single-%%DES%%// option; by default this is disabled and WinSCP will stick to recommended ciphers.((&puttydoccite)) |
| You can see actually used encryption algorithm on [[ui_fsinfo|Server and Protocol Information Dialog]]. | You can see actually used encryption algorithm on [[ui_fsinfo|Server and Protocol Information Dialog]]. | ||
| + | |||
| + | ===== Further Reading ===== | ||
| + | |||
| + | Read more about [[ui_login|Login dialog]] and [[ui_login_advanced|Advanced Site Settings dialog]]. | ||