The first cipher supported by the serveris single-DES, which is below the configured
warning threshold.
Do you want to continue with this connection?
This warns you that the first available encryption is not a very secure one. Typically you would put the ‘warn below here’ line between the encryptions you consider secure and the ones you consider substandard. By default, PuTTY supplies a preference order intended to reflect a reasonable preference in terms of security and speed.
In SSH-2, the encryption algorithm is negotiated independently for each direction of the connection, although PuTTY does not support separate configuration of the preference orders. As a result you may get two warnings similar to the one above, possibly with different encryptions.
Single-DES is not recommended in the SSH-2 protocol standards, but one or two server implementations do support it. PuTTY can use single-DES to interoperate with these servers if you enable the ‘Enable legacy use of single-DES in SSH-2’ option; by default this is disabled and PuTTY will stick to recommended ciphers.
The Auth panel allows you to configure authentication options for SSH sessions. 4.21.1 ‘Bypass authentication entirely’ In SSH-2, it is possible to establish a connection without using SSH's mechanisms to identify or authenticate oneself to the server. Some servers may prefer to handle authentication in the data channel, for instance, or may simply require no authentication whatsoever.
By default, PuTTY assumes the server requires authentication (most do), and thus must provide a username. If you find you are getting unwanted username prompts, you could try checking this option.
This option only affects SSH-2 connections. SSH-1 connections always require an authentication step.
4.21.2 ‘Display pre-authentication banner’ SSH-2 servers can provide a message for clients to display to the prospective user before the user logs in; this is sometimes known as a pre-authentication ‘banner’. Typically this is used to provide information about the server and legal notices. By default, PuTTY displays this message before prompting for a password or similar credentials (although, unfortunately, not before prompting for a login name, due to the nature of the protocol design). By unchecking this option, display of the banner can be suppressed entirely.
4.21.3 ‘Attempt authentication using Pageant’ If this option is enabled, then PuTTY will look for Pageant (the SSH private-key storage agent) and attempt to authenticate with any suitable public keys Pageant currently holds.
This behaviour is almost always desirable, and is therefore enabled by default. In rare cases you might need to turn it off in order to force authentication by some non-public-key method such as passwords.
This option can also be controlled using the -noagent command-line option. See section 3.8.3.9
.