Differences

This shows you the differences between the selected revisions of the page.

ui_authenticate 2017-02-02 ui_authenticate 2024-10-22 (current)
Line 10: Line 10:
===== [[password]] Password ===== ===== [[password]] Password =====
-If you are using password authentication, you can enter your password directly on [[ui_login#session_settings|Login dialog]]. Otherwise WinSCP will prompt you once a server asks for it. You will be prompted again, if you enter invalid password. Also note that most of the servers will "prompt" for password when you use invalid username, not to allow attacker to learn if particular account exists.+If you are using password authentication, you can enter your password directly on [[ui_login#session_settings|Login dialog]]. Otherwise, WinSCP will prompt you once a server asks for it. You will be prompted again if you enter invalid password. Also note that most of the servers will "prompt" for a password when you use invalid username, not to allow an attacker to learn if the particular account exists.
&screenshotpict(authenticate_password) &screenshotpict(authenticate_password)
-You can opt to //Remember password for the session// to avoid getting prompted for password again [[security_credentials#password_memory|when reconnecting or opening additional connection]]. The option is available only, if you have opted not to remember the password by default in [[ui_pref_security|preferences]].+You can opt to //Remember password for the session// to avoid getting prompted for password again [[security_credentials#password_memory|when reconnecting or opening additional connection]]. The option is available only if you have opted not to remember the password by default in [[ui_pref_security|preferences]].
-When authentication with [[security_credentials#storing_password|stored password]] (if any) has failed before, the prompt will include //Change stored password to this one// check. Use it to overwrite stored password with new one.+When authentication with [[security_credentials#storing_password|stored password]] (if any) has failed before, the prompt will include //Change stored password to this one// check. Use it to overwrite stored password with a new one.
===== [[keyboard_interactive]] Keyboard Interactive ===== ===== [[keyboard_interactive]] Keyboard Interactive =====
-For SSH keyboard-interactive, TIS or Cryptocard authentication methods the server can issue its own prompt. Most of the SSH servers use keyboard-interactive authentication just as a different method for getting the account password; for this reason, WinSCP by default responds to the first keyboard-interactive prompt with the password entered on the Login dialog (if any). To disable this behavior unset the keyboard-interactive authentication option //[[ui_login_authentication#ki|Respond with password to the first prompt]]//.+For SSH keyboard-interactive authentication method the server can issue its own prompt. Most of the SSH servers use keyboard-interactive authentication just as a different method for getting the account password; for this reason, WinSCP by default responds to the first keyboard-interactive prompt with the password entered on the Login dialog (if any). To disable this behavior unset the keyboard-interactive authentication option //[[ui_login_authentication#ki|Respond with a password to the first prompt]]//.
&screenshotpict(authenticate_keybinter) &screenshotpict(authenticate_keybinter)
-The server may also issue multiple prompts at once. Some servers will use such prompt to request a password change.+The prompt context menu contains //Copy// command to copy the prompt text to the clipboard. If the prompt contains a URL, there is also //Open Link// command to follow the link (clicking such prompt has the same effect).
-The prompt may also include instructions only, with no inputs expected, as a form of announcement -- for example, to announce an expiring password.+The server may also issue multiple prompts at once. Some servers will use such prompt to request a [[task_change_password|password change]]. 
 + 
 +The prompt may also include instructions only, with no inputs expected, as a form of an announcement -- for example, to announce an expiring password.
&screenshotpict(authenticate_instructions_only) &screenshotpict(authenticate_instructions_only)
Line 37: Line 39:
During [[ssh#authentication|authentication against SSH server]], the server can issue authentication banner. It can contain various information, generally regarding security and server usage. After reviewing the text, press //Continue// button to continue. During [[ssh#authentication|authentication against SSH server]], the server can issue authentication banner. It can contain various information, generally regarding security and server usage. After reviewing the text, press //Continue// button to continue.
-If you want to avoid seeing the banner each time you login, check //Never show this banner again//. It will make WinSCP ignore the same banner for the particular account and server the next time. However if the banner content changes you will see it again. Suppression of banners can be [[administration|restricted by system administrator]].+If you want to avoid seeing the banner each time you login, check //Never show this banner again//. It will make WinSCP ignore the same banner for the particular account and server the next time. However if the banner content changes you will see it again. Suppression of banners can be [[administration|restricted by system administrator]]. You can restore suppressed banners on [[ui_cleanup|Cleanup application data]] dialog. 
 + 
 +If the banner features [[wp>ASCII_art|ASCII art]] or similar pseudo-graphics, you may want to display the banner using a monospaced font. For that select //Use Monospace Font// in a banner context menu. This preference is saved per-session.
&screenshotpict(authenticate_banner) &screenshotpict(authenticate_banner)
===== [[password_change]] Password Change ===== ===== [[password_change]] Password Change =====
-During authentication, the SSH server may request you to change a password, particularly if your password has expired.+During authentication, the SSH server may request you to change a password, particularly if your password has expired, or if you have explicitly requested the [[task_change_password|password change]].
&screenshotpict(authenticate_newpassword) &screenshotpict(authenticate_newpassword)
Line 51: Line 55:
Note that the server may use [[#keyboard_interactive|keyboard interactive]] method for change password request. Then the prompts will differ. Note that the server may use [[#keyboard_interactive|keyboard interactive]] method for change password request. Then the prompts will differ.
 +
 +===== [[proxy]] Proxy Authentication =====
 +If WinSCP discovers that it needs a proxy username or password and you have not specified them in the [[ui_login_proxy|configuration]], it will prompt for the missing credentials.
 +
 +&screenshotpict(authenticate_proxy)
 +
 +===== [[lock]] Lock icon =====
 +
 +A gold lock icon indicates an encrypted connection. A gray lock icon is used for unencrypted connections.

Last modified: by martin