Differences
This shows you the differences between the selected revisions of the page.
| 2016-05-24 | 2016-05-24 | ||
| 5.8.3 Change: Fallback between SSH versions is not supported anymore. (martin) | &beta tag (martin) | ||
| Line 22: | Line 22: | ||
| If a server offers both versions, prefer //2//. If you have some server or piece of equipment that only talks SSH-1, select //1// here, and do not treat the resulting connection as secure. | If a server offers both versions, prefer //2//. If you have some server or piece of equipment that only talks SSH-1, select //1// here, and do not treat the resulting connection as secure. | ||
| - | WinSCP will not automatically fall back to the other version of the protocol if the server turns out not to match your selection here; instead, it will put up an error message and abort the connection. This prevents an active attacker downgrading an intended SSH-2 connection to %%SSH-1%%. ((&puttydoccite)) | + | WinSCP will not automatically fall back to the other version of the protocol if the server turns out not to match your selection here; instead, it will put up an error message and abort the connection. This prevents an active attacker downgrading an intended SSH-2 connection to %%SSH-1%%. ((&puttydoccite)) &beta |
| //In the latest stable version//, the //Preferred %%SSH%% protocol version// selection allows you to select whether you would like to use SSH protocol version 2 or legacy version 1, and whether to permit falling back to the other version. If you select //2 only// or //1 only// here, WinSCP will only connect if the server you connect to offers the %%SSH%% protocol version you have specified. With the settings //2// and //1//, WinSCP will attempt to use protocol 1 if the server you connect to does not offer protocol 2, and vice versa. | //In the latest stable version//, the //Preferred %%SSH%% protocol version// selection allows you to select whether you would like to use SSH protocol version 2 or legacy version 1, and whether to permit falling back to the other version. If you select //2 only// or //1 only// here, WinSCP will only connect if the server you connect to offers the %%SSH%% protocol version you have specified. With the settings //2// and //1//, WinSCP will attempt to use protocol 1 if the server you connect to does not offer protocol 2, and vice versa. | ||
| - | You should normally leave this at the default, //2 only//. The older %%SSH-1%% protocol is no longer developed, has many known cryptographic weaknesses, and is generally not considered to be secure. If you permit use of %%SSH-1%% by selecting //2// instead of //2 only//, an active attacker can force downgrade to %%SSH-1%% even if the server you're connecting to supports %%SSH-2%%. ((&puttydoccite)) | + | You should normally leave this at the default, //2 only//. The older %%SSH-1%% protocol is no longer developed, has many known cryptographic weaknesses, and is generally not considered to be secure. If you permit use of %%SSH-1%% by selecting //2// instead of //2 only//, an active attacker can force downgrade to %%SSH-1%% even if the server you're connecting to supports %%SSH-2%%. ((&puttydoccite)) &beta |
| You can see actually used protocol version on [[ui_fsinfo|Server and Protocol Information Dialog]]. | You can see actually used protocol version on [[ui_fsinfo|Server and Protocol Information Dialog]]. | ||