Differences
This shows you the differences between the selected revisions of the page.
| ui_login_ssh 2021-12-06 | ui_login_ssh 2023-05-24 (current) | ||
| Line 15: | Line 15: | ||
| ===== [[protocol_options]] Protocol Options ===== | ===== [[protocol_options]] Protocol Options ===== | ||
| The //Enable compression// checkbox enables [[ssh#compression|data compression]] in the SSH connection: data sent by the server is compressed before sending, and decompressed at the client end. | The //Enable compression// checkbox enables [[ssh#compression|data compression]] in the SSH connection: data sent by the server is compressed before sending, and decompressed at the client end. | ||
| - | |||
| - | The //%%SSH%% protocol version// selection allows you to select whether to use SSH protocol version 2 or the older version 1. | ||
| - | |||
| - | You should normally leave this at the default of //2//. As well as having fewer features, the older SSH-1 protocol is no longer developed, has many known cryptographic weaknesses, and is generally not considered to be secure. WinSCP's protocol 1 implementation is provided mainly for compatibility, and is no longer being enhanced. | ||
| - | |||
| - | If a server offers both versions, prefer //2//. If you have some server or piece of equipment that only talks SSH-1, select //1// here, and do not treat the resulting connection as secure. | ||
| - | |||
| - | WinSCP will not automatically fall back to the other version of the protocol if the server turns out not to match your selection here; instead, it will put up an error message and abort the connection. This prevents an active attacker downgrading an intended SSH-2 connection to %%SSH-1%%. ((&puttydoccite)) | ||
| - | |||
| - | //The SSH-1 support has been removed in the latest beta version.// &beta | ||
| ===== [[encryption_options]] Encryption Options ===== | ===== [[encryption_options]] Encryption Options ===== | ||
| Line 31: | Line 21: | ||
| WinSCP currently supports the following algorithms: | WinSCP currently supports the following algorithms: | ||
| - | * //AES// (Rijndael) -- 256, 192, or 128-bit SDCTR or CBC | + | * //AES// (Rijndael) -- 256, 192, or 128-bit SDCTR or CBC, or 256 or 128-bit GCM |
| * //ChaCha20-Poly1305//, a combined cipher and MAC | * //ChaCha20-Poly1305//, a combined cipher and MAC | ||
| * //Blowfish// -- 256-bit SDCTR or 128-bit CBC | * //Blowfish// -- 256-bit SDCTR or 128-bit CBC | ||