If connection startup is too slow, or the connection hangs periodically, you may want to try changing these settings. If you don't understand what any of this means, it's safe to leave these settings alone.
This entire panel is only relevant to SSH protocol version 2; none of these settings affect SSH-1 at all.
4.19.1 Key exchange algorithm selection PuTTY supports a variety of SSH-2 key exchange methods, and allows you to choose which one you prefer to use; configuration is similar to cipher selection (see section 4.20
). PuTTY currently supports the following varieties of Diffie-Hellman key exchange: •‘Group 14’: a well-known 2048-bit group.
•‘Group 1’: a well-known 1024-bit group. This is less secure than group 14, but may be faster with slow client or server machines, and may be the only method supported by older server software.
•‘Group exchange’: with this method, instead of using a fixed group, PuTTY requests that the server suggest a group to use for key exchange; the server can avoid groups known to be weak, and possibly invent new ones over time, without any changes required to PuTTY's configuration. We recommend use of this method, if possible. In addition, PuTTY supports RSA key exchange, which requires much less computational effort on the part of the client, and somewhat less on the part of the server, than Diffie-Hellman key exchange. If the first algorithm PuTTY finds is below the ‘warn below here’ line, you will see a warning box when you make the connection, similar to that for cipher selection (see section 4.20
). 4.19.2 Repeat key exchange If the session key negotiated at connection startup is used too much or for too long, it may become feasible to mount attacks against the SSH connection. Therefore, the SSH-2 protocol specifies that a new key exchange should take place every so often; this can be initiated by either the client or the server.
While this renegotiation is taking place, no data can pass through the SSH connection, so it may appear to ‘freeze’. (The occurrence of repeat key exchange is noted in the Event Log; see section 3.1.3.1
.) Usually the same algorithm is used as at the start of the connection, with a similar overhead. These options control how often PuTTY will initiate a repeat key exchange (‘rekey’). You can also force a key exchange at any time from the Special Commands menu (see section 3.1.3.2
). •‘Max minutes before rekey’ specifies the amount of time that is allowed to elapse before a rekey is initiated. If this is set to zero, PuTTY will not rekey due to elapsed time. The SSH-2 protocol specification recommends a timeout of at most 60 minutes.
You might have a need to disable time-based rekeys completely for the same reasons that keepalives aren't always helpful. If you anticipate suffering a network dropout of several hours in the middle of an SSH connection, but were not actually planning to send data down that connection during those hours, then an attempted rekey in the middle of the dropout will probably cause the connection to be abandoned, whereas if rekeys are disabled then the connection should in principle survive (in the absence of interfering firewalls). See section 4.13.1
for more discussion of these issues; for these purposes, rekeys have much the same properties as keepalives. (Except that rekeys have cryptographic value in themselves, so you should bear that in mind when deciding whether to turn them off.) Note, however, the the SSH server can still initiate rekeys. •‘Max data before rekey’ specifies the amount of data (in bytes) that is permitted to flow in either direction before a rekey is initiated. If this is set to zero, PuTTY will not rekey due to transferred data. The SSH-2 protocol specification recommends a limit of at most 1 gigabyte.
As well as specifying a value in bytes, the following shorthand can be used: