From e4f18ae0fab72c23ad103b2b821523eb6498abf7 Mon Sep 17 00:00:00 2001 From: Jeff Anderson Date: Wed, 6 Nov 2024 00:23:35 -0500 Subject: [PATCH] Make `tsh puttyconfig` disable GSSApi auth (#48323) GSSApi auth can cause PuTTY to go into "Not Responding" mode while waiting on a lookup. We can disable it in the generated PuTTY session to avoid this issue. --- tool/tsh/common/putty_config_windows.go | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tool/tsh/common/putty_config_windows.go b/tool/tsh/common/putty_config_windows.go index 4df114c1259a5..7d202895d3b47 100644 --- a/tool/tsh/common/putty_config_windows.go +++ b/tool/tsh/common/putty_config_windows.go @@ -52,6 +52,8 @@ const puttyDwordProxyLogToTerm = `00000002` // only until session starts const puttyPermitRSASHA1 = `00000000` const puttyPermitRSASHA256 = `00000001` const puttyPermitRSASHA512 = `00000001` +const puttyAuthGSSAPI = `00000000` +const puttyAuthGSSAPIKEX = `00000000` // despite the strings/ints in struct, these are stored in the registry as DWORDs type puttyRegistrySessionDwords struct { @@ -60,6 +62,8 @@ type puttyRegistrySessionDwords struct { ProxyPort int // dword ProxyMethod string // dword ProxyLogToTerm string // dword + AuthGSSAPI string // dword + AuthGSSAPIKEX string // dword } type puttyRegistrySessionStrings struct { @@ -93,6 +97,8 @@ func addPuTTYSession(proxyHostname string, hostname string, port int, login stri ProxyPort: puttyDefaultProxyPort, ProxyMethod: puttyDwordProxyMethod, ProxyLogToTerm: puttyDwordProxyLogToTerm, + AuthGSSAPI: puttyAuthGSSAPI, + AuthGSSAPIKEX: puttyAuthGSSAPIKEX, } sessionStrings := puttyRegistrySessionStrings{ @@ -130,6 +136,12 @@ func addPuTTYSession(proxyHostname string, hostname string, port int, login stri if err := registry.WriteDword(pk, "ProxyLogToTerm", sessionDwords.ProxyLogToTerm); err != nil { return trace.Wrap(err) } + if err := registry.WriteDword(pk, "AuthGSSAPI", sessionDwords.AuthGSSAPI); err != nil { + return trace.Wrap(err) + } + if err := registry.WriteDword(pk, "AuthGSSAPIKEX", sessionDwords.AuthGSSAPIKEX); err != nil { + return trace.Wrap(err) + } // write strings if err := registry.WriteString(pk, "Hostname", sessionStrings.Hostname); err != nil {