o‘1k’ specifies 1 kilobyte (1024 bytes).
o‘1M’ specifies 1 megabyte (1024 kilobytes).
o‘1G’ specifies 1 gigabyte (1024 megabytes).
Disabling data-based rekeys entirely is a bad idea. The integrity, and to a lesser extent, confidentiality of the SSH-2 protocol depend in part on rekeys occuring before a 32-bit packet sequence number wraps around. Unlike time-based rekeys, data-based rekeys won't occur when the SSH connection is idle, so they shouldn't cause the same problems. The SSH-1 protocol, incidentally, has even weaker integrity protection than SSH-2 without rekeys. 4.19.3 Manually configuring host keys In some situations, if PuTTY's automated host key management is not doing what you need, you might need to manually configure PuTTY to accept a specific host key, or one of a specific set of host keys.
One reason why you might want to do this is because the host name PuTTY is connecting to is using round-robin DNS to return one of multiple actual servers, and they all have different host keys. In that situation, you might need to configure PuTTY to accept any of a list of host keys for the possible servers, while still rejecting any key not in that list.
Another reason is if PuTTY's automated host key management is completely unavailable, e.g. because PuTTY (or Plink or PSFTP, etc) is running in a Windows environment without access to the Registry. In that situation, you will probably want to use the -hostkey command-line option to configure the expected host key(s); see section 3.8.3.20
. For situations where PuTTY's automated host key management simply picks the wrong host name to store a key under, you may want to consider setting a ‘logical host name’ instead; see section 4.13.5
. To configure manual host keys via the GUI, enter some text describing the host key into the edit box in the ‘Manually configure host keys for this connection’ container, and press the ‘Add’ button. The text will appear in the ‘Host keys or fingerprints to accept’ list box. You can remove keys again with the ‘Remove’ button.
The text describing a host key can be in one of the following formats:
•An MD5-based host key fingerprint of the form displayed in PuTTY's Event Log and host key dialog boxes, i.e. sixteen 2-digit hex numbers separated by colons.
•A base64-encoded blob describing an SSH-2 public key in OpenSSH's one-line public key format. How you acquire a public key in this format is server-dependent; on an OpenSSH server it can typically be found in a location like /etc/ssh/ssh_host_rsa_key.pub.
If this box contains at least one host key or fingerprint when PuTTY makes an SSH connection, then PuTTY's automated host key management is completely bypassed: the connection will be permitted if and only if the host key presented by the server is one of the keys listed in this box, and the host key store in the Registry will be neither read nor written.
If the box is empty (as it usually is), then PuTTY's automated host key management will work as normal.
PuTTY supports a variety of different encryption algorithms, and allows you to choose which one you prefer to use. You can do this by dragging the algorithms up and down in the list box (or moving them using the Up and Down buttons) to specify a preference order. When you make an SSH connection, PuTTY will search down the list from the top until it finds an algorithm supported by the server, and then use that. PuTTY currently supports the following algorithms:
•AES (Rijndael) - 256, 192, or 128-bit SDCTR or CBC (SSH-2 only) •Arcfour (RC4) - 256 or 128-bit stream cipher (SSH-2 only) •Blowfish - 256-bit SDCTR (SSH-2 only) or 128-bit CBC •Triple-DES - 168-bit SDCTR (SSH-2 only) or CBC •Single-DES - 56-bit CBC (see below for SSH-2) If the algorithm PuTTY finds is below the ‘warn below here’ line, you will see a warning box when you make the connection: