I have a login for a SFTP connection, and I got a prompt that the secure key was to be cached in the registry.
The key is left behind is
HKEY_CURRENT_USER\Software\SimonTatham
I assume it's PuTTys doing, and would much prefer this key to be exported/imported, and removed from the registry on exit.
Thanks
Visit the Community page
Join our forums
Subscribe to our email newsletter
Subscribe with RSS
Follow us on BlueSky
Follow us on Facebook
Follow us on LinkedIn
Follow us on Mastodon
Follow us on Twitter
It is indeed PuTTY's doing (for the unfamiliar, FileZilla uses PuTTY to do SFTP using the file fzsftp.exe).
Any idea if this can be used to spoof something later? (i.e. - is it a security issue or merely a leaving data behind issue?)
I have a working fix. I'll post it shortly for a pre-release test.
EDIT - Nope, not a true security issue... but it does essentially leave a trail of what servers you've connected to via SFTP.
Sometimes, the impossible can become possible, if you're awesome!
This should be fixed here:
https://portableapps.com/node/14534
Sometimes, the impossible can become possible, if you're awesome!
Just tested it and the registry keys are properly imported and exported.
Thanks