Differences
This shows you the differences between the selected revisions of the page.
security 2006-03-20 | security 2024-04-07 (current) | ||
Line 1: | Line 1: | ||
====== A word of warning ====== | ====== A word of warning ====== | ||
- | As with any security or cryptographic product, there are a number | + | Like any security or cryptographic product, there are a number |
- | of concerns that should be addressed. In order to use this product | + | of concerns that should be addressed. To use WinSCP securely, you should understand how the program works and the concepts involved. Improper usage is often |
- | securely, you should make an effort to obtain a thorough understanding | + | |
- | of its operation and the concepts involved. Improper usage is often | + | |
insecure usage, so please be sure to read the manual completely. | insecure usage, so please be sure to read the manual completely. | ||
===== Host Security ===== | ===== Host Security ===== | ||
The security of the computer running WinSCP is a serious | The security of the computer running WinSCP is a serious | ||
- | concern. Trojan Horse and Backdoor programs can potentially be used to | + | concern. Trojan Horse and Backdoor programs can steal authentication credentials such as passwords and [[public_key#private|private keys]] |
- | steal authentication credentials such as passwords and [[public_key#private|private keys]] | + | |
that have been stored or entered on the computer. Public computers | that have been stored or entered on the computer. Public computers | ||
- | often have session monitoring software which may include key loggers, | + | often have session monitoring software--including key loggers--or other malicious software. |
- | or may have malicious software installed by a previous user. | + | |
- | WinSCP can support "keyboard-interactive" authentication | + | WinSCP can support SSH "keyboard-interactive" authentication |
methods if offered by the server. With keyboard-interactive | methods if offered by the server. With keyboard-interactive | ||
authentication, the server can prompt for special credentials such | authentication, the server can prompt for special credentials such | ||
Line 22: | Line 18: | ||
of one-time authentication is offered. | of one-time authentication is offered. | ||
- | ===== Stored Credentials ===== | + | ===== Credentials Security ===== |
- | WinSCP supports storing passwords with saved sessions. This is | + | Learn about choosing compromise between [[security_credentials|security of your credentials]] and convenience of handling them. |
- | provided as a convenience, and is not recommended. If you need to be | + | |
- | able to log in without reentering your credentials, the recommended | + | |
- | method is to use public key authentication and protect your private | + | |
- | key with a pass phrase. The SSH Key Agent provided by PuTTY, Pageant, | + | |
- | can store the decrypted key in memory, allowing you to enter your | + | |
- | credentials once and continue using them until you close down the | + | |
- | agent or log off of Windows entirely. | + | |
- | + | ||
- | Saved passwords are stored in a manner that they can easily be | + | |
- | recovered. It is not possible to securely encrypt passwords in a way | + | |
- | that still allows for automatic use. Do not use the save password | + | |
- | feature if you are not absolutely sure of the physical and | + | |
- | electronic security of the system on which you are storing | + | |
- | passwords. | + | |
- | + | ||
- | Password storing can be [[administration|restricted by system administrator]]. | + |