Differences
This shows you the differences between the selected revisions of the page.
| 2020-05-22 | 2022-04-07 | ||
| grammar (martin) | 5.20.2: http-digestauth: Support for HTTP Digest authentication for proxies + Bug 468 + proxy-password-prompt: Interactive username/password prompts for proxy authentication + GSSAPI and DNS note (martin) | ||
| Line 33: | Line 33: | ||
| * Username and password authentication is supported for HTTP proxies and SOCKS5 proxies. | * Username and password authentication is supported for HTTP proxies and SOCKS5 proxies. | ||
| * With SOCKS5, authentication is via CHAP if the proxy supports it, otherwise the password is sent to the proxy in plain text. | * With SOCKS5, authentication is via CHAP if the proxy supports it, otherwise the password is sent to the proxy in plain text. | ||
| - | * With HTTP proxying, the only currently supported authentication method is "basic", where the password is sent to the proxy in plain text. | + | * With HTTP proxying, authentication is via "HTTP Digest" if possible //(in the latest beta release only)//, &beta or "HTTP Basic". In the latter case, the password is sent to the proxy in plain text. |
| * SOCKS4 can use the //Username// field, but does not support passwords. | * SOCKS4 can use the //Username// field, but does not support passwords. | ||
| - | * You can specify a way to include a username and password in the //Telnet/Local// proxy command. | + | * You can specify a way to include a username and password in the //Telnet/Local// proxy command. \\ If WinSCP discovers that it needs a proxy username or password and you have not specified one in the configuration, it will [[ui_authenticate|prompt for it interactively]]. &beta_feature |
| * Most FTP proxy methods do require authentication. | * Most FTP proxy methods do require authentication. | ||
| Line 62: | Line 62: | ||
| The //Do DNS name lookup at proxy end// configuration option allows you to control this. If you set it to //No//, WinSCP will always do its own DNS, and will always pass an IP address to the proxy. If you set it to //Yes//, WinSCP will always pass host names straight to the proxy without trying to look them up first. | The //Do DNS name lookup at proxy end// configuration option allows you to control this. If you set it to //No//, WinSCP will always do its own DNS, and will always pass an IP address to the proxy. If you set it to //Yes//, WinSCP will always pass host names straight to the proxy without trying to look them up first. | ||
| - | If you set this option to //Auto// (the default), WinSCP will do something it considers appropriate for each type of proxy. Telnet, HTTP and SOCKS5 proxies will have host names passed straight to them; SOCKS4 proxies will not.· | + | If you set this option to //Auto// (the default), WinSCP will do something it considers appropriate for each type of proxy. Most types of proxy (HTTP, SOCK5, Telnet, and local) will have host names passed straight to them; SOCKS4 proxies will not. |
| The original SOCKS4 protocol does not support proxy-side DNS. There is a protocol extension (SOCKS4A) which does support it, but not all SOCKS4 servers provide this extension. If you enable proxy DNS and your SOCKS4 server cannot deal with it, this might be why. | The original SOCKS4 protocol does not support proxy-side DNS. There is a protocol extension (SOCKS4A) which does support it, but not all SOCKS4 servers provide this extension. If you enable proxy DNS and your SOCKS4 server cannot deal with it, this might be why. | ||
| + | |||
| + | If you want to avoid WinSCP making any DNS query related to your destination host name (for example, because your local DNS resolver is very slow to return a negative response in that situation), then as well as setting this control to //Yes//, you may also need to turn off [[ui_login_authentication#gssapi|GSSAPI authentication]] and [[ui_login_kex#gssapi|GSSAPI key exchange]] in SSH. This is because GSSAPI setup also involves a DNS query for the destination host name, and that query is performed by the separate GSSAPI library, so WinSCP can't override or reconfigure it. | ||
| These options are not available for [[ftp|FTP protocol]]. | These options are not available for [[ftp|FTP protocol]]. | ||