PuTTY wish hostkey-policy

This is a mirror. Follow this link to find the primary PuTTY web site.

Home | FAQ | Feedback | Licence | Updates | Mirrors | Keys | Links | Team
Download: Stable · Snapshot | Docs | Changes | Wishlist

summary: Enhanced flexibility in SSH host key selection policy
class: wish: This is a request for an enhancement.
difficulty: tricky: Needs many tuits.
priority: medium: This should be fixed one day.
fixed-in: 940a82fd377757ffb792648f561dfa70d8d99b01 2016-03-28 (0.68)

PuTTY's SSH-2 host key selection policy for new hosts currently involves a fixed preference order of RSA then DSA. I occasionally think it would be good to add a preference list to tweak the policy, either to put DSA first (if you're really mad) or to move DSA to below the "warn below this line" line.

When a new host key prompt is given, PuTTY should mention if it already has host keys for a host in other formats - particularly important when the default protocol changes to SSH-2.

Update, March 2016: we've finally implemented a preference list. We also sometimes list better algorithms in the host key prompt, but only in the specific case where we're using an algorithm below the "warn below this line" line due to hostkey-prefer-cached.

(We still don't mention SSH-1 keys when showing an SSH-2 key prompt. SSH-2 became the default over a decade ago, so that ship has sailed.)


If you want to comment on this web site, see the Feedback page.
Audit trail for this wish.
(last revision of this bug record was at 2017-04-28 16:52:45 +0100)