1 \versionid $Id: faq.but,v 1.54 2004/02/04 18:39:14 jacob Exp $
5 This FAQ is published on the PuTTY web site, and also provided as an
6 appendix in the manual.
8 \H{faq-intro} Introduction
10 \S{faq-what} What is PuTTY?
12 PuTTY is a client program for the SSH, Telnet and Rlogin network
15 These protocols are all used to run a remote session on a computer,
16 over a network. PuTTY implements the client end of that session: the
17 end at which the session is displayed, rather than the end at which
20 In really simple terms: you run PuTTY on a Windows machine, and tell
21 it to connect to (for example) a Unix machine. PuTTY opens a window.
22 Then, anything you type into that window is sent straight to the
23 Unix machine, and everything the Unix machine sends back is
24 displayed in the window. So you can work on the Unix machine as if
25 you were sitting at its console, while actually sitting somewhere
28 \H{faq-support} Features supported in PuTTY
30 In general, if you want to know if PuTTY supports a particular
31 feature, you should look for it on the
32 \W{http://www.chiark.greenend.org.uk/~sgtatham/putty/}{PuTTY web site}.
36 \W{http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html}{changes
37 page}, and see if you can find the feature on there. If a feature is
38 listed there, it's been implemented. If it's listed as a change made
39 \e{since} the latest version, it should be available in the
40 development snapshots, in which case testing will be very welcome.
43 \W{http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/}{Wishlist
44 page}, and see if you can find the feature there. If it's on there,
45 and not in the \q{Recently fixed} section, it probably \e{hasn't} been
48 \S{faq-ssh2}{Question} Does PuTTY support SSH v2?
50 Yes. SSH v2 support has been available in PuTTY since version 0.50.
52 Public key authentication (both RSA and DSA) in SSH v2 is new in
55 \S{faq-ssh2-keyfmt}{Question} Does PuTTY support reading OpenSSH or
56 \cw{ssh.com} SSHv2 private key files?
58 PuTTY doesn't support this natively, but as of 0.53
59 PuTTYgen can convert both OpenSSH and \cw{ssh.com} private key
60 files into PuTTY's format.
62 \S{faq-ssh1}{Question} Does PuTTY support SSH v1?
64 Yes. SSH 1 support has always been available in PuTTY.
66 \S{faq-localecho}{Question} Does PuTTY support local echo?
68 Yes. Version 0.52 has proper support for local echo.
70 In version 0.51 and before, local echo could not be separated from
71 local line editing (where you type a line of text locally, and it is
72 not sent to the server until you press Return, so you have the
73 chance to edit it and correct mistakes \e{before} the server sees
74 it). New in version 0.52, local echo and local line editing are
75 separate options, and by default PuTTY will try to determine
76 automatically whether to enable them or not, based on which protocol
77 you have selected and also based on hints from the server. If you
78 have a problem with PuTTY's default choice, you can force each
79 option to be enabled or disabled as you choose. The controls are in
80 the Terminal panel, in the section marked \q{Line discipline
83 \S{faq-disksettings}{Question} Does PuTTY support storing its
84 settings in a disk file?
86 Not at present, although \k{config-file} in the documentation gives
87 a method of achieving the same effect.
89 \S{faq-fullscreen}{Question} Does PuTTY support full-screen mode,
92 Yes; this is a new feature in version 0.52.
94 \S{faq-password-remember}{Question} Does PuTTY have the ability to
95 remember my password so I don't have to type it every time?
99 Remembering your password is a bad plan for obvious security
100 reasons: anyone who gains access to your machine while you're away
101 from your desk can find out the remembered password, and use it,
102 abuse it or change it.
104 In addition, it's not even \e{possible} for PuTTY to automatically
105 send your password in a Telnet session, because Telnet doesn't give
106 the client software any indication of which part of the login
107 process is the password prompt. PuTTY would have to guess, by
108 looking for words like \q{password} in the session data; and if your
109 login program is written in something other than English, this won't
112 In SSH, remembering your password would be possible in theory, but
113 there doesn't seem to be much point since SSH supports public key
114 authentication, which is more flexible and more secure. See
115 \k{pubkey} in the documentation for a full discussion of public key
118 \S{faq-hostkeys}{Question} Is there an option to turn off the
119 annoying host key prompts?
121 No, there isn't. And there won't be. Even if you write it yourself
122 and send us the patch, we won't accept it.
124 Those annoying host key prompts are the \e{whole point} of SSH.
125 Without them, all the cryptographic technology SSH uses to secure
126 your session is doing nothing more than making an attacker's job
127 slightly harder; instead of sitting between you and the server with
128 a packet sniffer, the attacker must actually subvert a router and
129 start modifying the packets going back and forth. But that's not all
130 that much harder than just sniffing; and without host key checking,
131 it will go completely undetected by client or server.
133 Host key checking is your guarantee that the encryption you put on
134 your data at the client end is the \e{same} encryption taken off the
135 data at the server end; it's your guarantee that it hasn't been
136 removed and replaced somewhere on the way. Host key checking makes
137 the attacker's job \e{astronomically} hard, compared to packet
138 sniffing, and even compared to subverting a router. Instead of
139 applying a little intelligence and keeping an eye on Bugtraq, the
140 attacker must now perform a brute-force attack against at least one
141 military-strength cipher. That insignificant host key prompt really
142 does make \e{that} much difference.
144 If you're having a specific problem with host key checking - perhaps
145 you want an automated batch job to make use of PSCP or Plink, and
146 the interactive host key prompt is hanging the batch process - then
147 the right way to fix it is to add the correct host key to the
148 Registry in advance. That way, you retain the \e{important} feature
149 of host key checking: the right key will be accepted and the wrong
150 ones will not. Adding an option to turn host key checking off
151 completely is the wrong solution and we will not do it.
153 If you have host keys available in the common \c{known_hosts} format,
154 we have a script called
155 \W{http://cvs.tartarus.org/putty/contrib/kh2reg.py}\c{kh2reg.py}
156 to convert them to a Windows .REG file, which can be installed ahead of
157 time by double-clicking or using \c{REGEDIT}.
159 \S{faq-server}{Question} Will you write an SSH server for the PuTTY
160 suite, to go with the client?
162 No. The only reason we might want to would be if we could easily
163 re-use existing code and significantly cut down the effort. We don't
164 believe this is the case; there just isn't enough common ground
165 between an SSH client and server to make it worthwhile.
167 If someone else wants to use bits of PuTTY in the process of writing
168 a Windows SSH server, they'd be perfectly welcome to of course, but
169 I really can't see it being a lot less effort for us to do that than
170 it would be for us to write a server from the ground up. We don't
171 have time, and we don't have motivation. The code is available if
172 anyone else wants to try it.
174 \S{faq-pscp-ascii}{Question} Can PSCP or PSFTP transfer files in
179 Until recently, this was a limitation of the file transfer protocols:
180 the SCP and SFTP protocols had no notion of transferring a file in
181 anything other than binary mode. (This is still true of SCP.)
183 The current draft protocol spec of SFTP proposes a means of
184 implementing ASCII transfer. At some point PSCP/PSFTP may implement
187 \H{faq-ports} Ports to other operating systems
189 The eventual goal is for PuTTY to be a multi-platform program, able
190 to run on at least Windows, Mac OS and Unix.
192 Porting will become easier once PuTTY has a generalised porting
193 layer, drawing a clear line between platform-dependent and
194 platform-independent code. The general intention was for this
195 porting layer to evolve naturally as part of the process of doing
196 the first port; a Unix port is now under way and the plan seems to
199 \S{faq-ports-general}{Question} What ports of PuTTY exist?
201 Currently, release versions of PuTTY only run on full Win32 systems.
202 This includes Windows 95, 98, and ME, and it includes Windows NT,
203 Windows 2000 and Windows XP. In the development code, partial ports
204 to Unix (see \k{faq-unix}) and the Mac OS (see \k{faq-mac-port}).
207 Currently PuTTY does \e{not} run on Windows CE (see \k{faq-wince}),
208 and it does not quite run on the Win32s environment under Windows
209 3.1 (see \k{faq-win31}).
211 We do not have release-quality ports for any other systems at the
212 present time. If anyone told you we had a Mac port, or an iPaq port,
213 or any other port of PuTTY, they were mistaken. We don't.
215 \S{faq-unix}{Question} Will there be a port to Unix?
217 It's currently being worked on. If you look at the nightly source
218 snapshots, you should find a \c{unix} subdirectory, which should
219 build you Unix ports of Plink, PuTTY itself, PuTTYgen, PSCP, PSFTP,
220 and also \c{pterm} - an \cw{xterm}-type program which supports the
221 same terminal emulation as PuTTY. We do not yet have a Unix port of
224 \S{faq-wince}{Question} Will there be a port to Windows CE or PocketPC?
226 It's currently being worked on, but it's only in its early stages yet,
227 and certainly isn't yet useful. PuTTY on portable devices would
228 clearly be a useful thing, so in the long term I hope it can be
229 brought up to release quality.
231 \S{faq-win31}{Question} Is there a port to Windows 3.1?
233 PuTTY is a 32-bit application from the ground up, so it won't run on
234 Windows 3.1 as a native 16-bit program; and it would be \e{very}
235 hard to port it to do so, because of Windows 3.1's vile memory
236 allocation mechanisms.
238 However, it is possible in theory to compile the existing PuTTY
239 source in such a way that it will run under Win32s (an extension to
240 Windows 3.1 to let you run 32-bit programs). In order to do this
241 you'll need the right kind of C compiler - modern versions of Visual
242 C at least have stopped being backwards compatible to Win32s. Also,
243 the last time we tried this it didn't work very well.
245 If you're interested in running PuTTY under Windows 3.1, help and
246 testing in this area would be very welcome!
248 \S{faq-mac-port}{Question} Will there be a port to the Mac?
250 There is a port to the Mac OS in progress. It's just about usable, but
251 has an awful lot of gaps and rough edges that will need cleaning up
254 \S{faq-epoc}{Question} Will there be a port to EPOC?
256 I hope so, but given that ports aren't really progressing very fast
257 even on systems the developers \e{do} already know how to program
258 for, it might be a long time before any of us get round to learning
259 a new system and doing the port for that.
261 However, some of the work has been done by other people, and a beta
262 port of PuTTY for the Nokia 9200 Communicator series is available
263 from \W{http://www.s2.org/putty/}\cw{http://www.s2.org/putty/}
265 \H{faq-embedding} Embedding PuTTY in other programs
267 \S{faq-dll}{Question} Is the SSH or Telnet code available as a DLL?
269 No, it isn't. It would take a reasonable amount of rewriting for
270 this to be possible, and since the PuTTY project itself doesn't
271 believe in DLLs (they make installation more error-prone) none of us
272 has taken the time to do it.
274 Most of the code cleanup work would be a good thing to happen in
275 general, so if anyone feels like helping, we wouldn't say no.
277 \S{faq-vb}{Question} Is the SSH or Telnet code available as a Visual
280 No, it isn't. None of the PuTTY team uses Visual Basic, and none of
281 us has any particular need to make SSH connections from a Visual
282 Basic application. In addition, all the preliminary work to turn it
283 into a DLL would be necessary first; and furthermore, we don't even
284 know how to write VB components.
286 If someone offers to do some of this work for us, we might consider
287 it, but unless that happens I can't see VB integration being
288 anywhere other than the very bottom of our priority list.
290 \S{faq-ipc}{Question} How can I use PuTTY to make an SSH connection
291 from within another program?
293 Probably your best bet is to use Plink, the command-line connection
294 tool. If you can start Plink as a second Windows process, and
295 arrange for your primary process to be able to send data to the
296 Plink process, and receive data from it, through pipes, then you
297 should be able to make SSH connections from your program.
299 This is what CVS for Windows does, for example.
301 \H{faq-details} Details of PuTTY's operation
303 \S{faq-term}{Question} What terminal type does PuTTY use?
305 For most purposes, PuTTY can be considered to be an \cw{xterm}
308 PuTTY also supports some terminal control sequences not supported by
309 the real \cw{xterm}: notably the Linux console sequences that
310 reconfigure the colour palette, and the title bar control sequences
311 used by \cw{DECterm} (which are different from the \cw{xterm} ones;
312 PuTTY supports both).
314 By default, PuTTY announces its terminal type to the server as
315 \c{xterm}. If you have a problem with this, you can reconfigure it
316 to say something else; \c{vt220} might help if you have trouble.
318 \S{faq-settings}{Question} Where does PuTTY store its data?
320 PuTTY stores most of its data (saved sessions, SSH host keys) in the
321 Registry. The precise location is
323 \c HKEY_CURRENT_USER\Software\SimonTatham\PuTTY
325 and within that area, saved sessions are stored under \c{Sessions}
326 while host keys are stored under \c{SshHostKeys}.
328 PuTTY also requires a random number seed file, to improve the
329 unpredictability of randomly chosen data needed as part of the SSH
330 cryptography. This is stored by default in your Windows home
331 directory (\c{%HOMEDRIVE%\\%HOMEPATH%}), or in the actual Windows
332 directory (such as \c{C:\\WINDOWS}) if the home directory doesn't
333 exist, for example if you're using Win95. If you want to change the
334 location of the random number seed file, you can put your chosen
335 pathname in the Registry, at
337 \c HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\RandSeedFile
339 \H{faq-howto} HOWTO questions
341 \S{faq-startmax}{Question} How can I make PuTTY start up maximised?
343 Create a Windows shortcut to start PuTTY from, and set it as \q{Run
346 \S{faq-startsess}{Question} How can I create a Windows shortcut to
347 start a particular saved session directly?
349 To run a PuTTY session saved under the name \q{\cw{mysession}},
350 create a Windows shortcut that invokes PuTTY with a command line
353 \c \path\name\to\putty.exe -load mysession
355 (Note: prior to 0.53, the syntax was \c{@session}. This is now
356 deprecated and may be removed at some point.)
358 \S{faq-startssh}{Question} How can I start an SSH session straight
359 from the command line?
361 Use the command line \c{putty -ssh host.name}. Alternatively, create
362 a saved session that specifies the SSH protocol, and start the saved
363 session as shown in \k{faq-startsess}.
365 \S{faq-cutpaste}{Question} How do I copy and paste between PuTTY and
366 other Windows applications?
368 Copy and paste works similarly to the X Window System. You use the
369 left mouse button to select text in the PuTTY window. The act of
370 selection \e{automatically} copies the text to the clipboard: there
371 is no need to press Ctrl-Ins or Ctrl-C or anything else. In fact,
372 pressing Ctrl-C will send a Ctrl-C character to the other end of
373 your connection (just like it does the rest of the time), which may
374 have unpleasant effects. The \e{only} thing you need to do, to copy
375 text to the clipboard, is to select it.
377 To paste the clipboard contents into a PuTTY window, by default you
378 click the right mouse button. If you have a three-button mouse and
379 are used to X applications, you can configure pasting to be done by
380 the middle button instead, but this is not the default because most
381 Windows users don't have a middle button at all.
383 You can also paste by pressing Shift-Ins.
385 \S{faq-tunnels}{Question} How do I use X forwarding and port
386 forwarding? I can't find the Tunnels panel.
388 This is a new feature in version 0.52. You should upgrade.
390 \S{faq-options}{Question} How do I use all PuTTY's features (public
391 keys, proxying, cipher selection, etc.) in PSCP, PSFTP and Plink?
393 Most major features (e.g., public keys, port forwarding) are available
394 through command line options. See the documentation.
396 Not all features are accessible from the command line yet, although
397 we'd like to fix this. In the meantime, you can use most of
398 PuTTY's features if you create a PuTTY saved session, and then use
399 the name of the saved session on the command line in place of a
400 hostname. This works for PSCP, PSFTP and Plink (but don't expect
401 port forwarding in the file transfer applications!).
403 \S{faq-pscp}{Question} How do I use PSCP.EXE? When I double-click it
404 gives me a command prompt window which then closes instantly.
406 PSCP is a command-line application, not a GUI application. If you
407 run it without arguments, it will simply print a help message and
410 To use PSCP properly, run it from a Command Prompt window. See
411 \k{pscp} in the documentation for more details.
413 \S{faq-pscp-spaces}{Question} How do I use PSCP to copy a file whose
416 If PSCP is using the traditional SCP protocol, this is confusing. If
417 you're specifying a file at the local end, you just use one set of
418 quotes as you would normally do:
420 \c pscp "local filename with spaces" user@host:
421 \c pscp user@host:myfile "local filename with spaces"
423 But if the filename you're specifying is on the \e{remote} side, you
424 have to use backslashes and two sets of quotes:
426 \c pscp user@host:"\"remote filename with spaces\"" local_filename
427 \c pscp local_filename user@host:"\"remote filename with spaces\""
429 Worse still, in a remote-to-local copy you have to specify the local
430 file name explicitly, otherwise PSCP will complain that they don't
431 match (unless you specified the \c{-unsafe} option). The following
432 command will give an error message:
434 \c c:\>pscp user@host:"\"oo er\"" .
435 \c warning: remote host tried to write to a file called 'oo er'
436 \c when we requested a file called '"oo er"'.
438 Instead, you need to specify the local file name in full:
440 \c c:\>pscp user@host:"\"oo er\"" "oo er"
442 If PSCP is using the newer SFTP protocol, none of this is a problem,
443 and all filenames with spaces in are specified using a single pair
444 of quotes in the obvious way:
446 \c pscp "local file" user@host:
447 \c pscp user@host:"remote file" .
449 \H{faq-trouble} Troubleshooting
451 \S{faq-incorrect-mac}{Question} Why do I see \q{Incorrect MAC
454 One possible cause of this that used to be common is a bug in old
455 SSH 2 servers distributed by \cw{ssh.com}. (This is not the only
456 possible cause; see \k{errors-crc} in the documentation.)
457 Version 2.3.0 and below of their SSH 2 server
458 constructs Message Authentication Codes in the wrong way, and
459 expects the client to construct them in the same wrong way. PuTTY
460 constructs the MACs correctly by default, and hence these old
461 servers will fail to work with it.
463 If you are using PuTTY version 0.52 or better, this should work
464 automatically: PuTTY should detect the buggy servers from their
465 version number announcement, and automatically start to construct
466 its MACs in the same incorrect manner as they do, so it will be able
469 If you are using PuTTY version 0.51 or below, you can enable the
470 workaround by going to the SSH panel and ticking the box labelled
471 \q{Imitate SSH 2 MAC bug}. It's possible that you might have to do
472 this with 0.52 as well, if a buggy server exists that PuTTY doesn't
475 In this context MAC stands for Message Authentication Code. It's a
476 cryptographic term, and it has nothing at all to do with Ethernet
477 MAC (Media Access Control) addresses.
479 \S{faq-pscp-protocol}{Question} Why do I see \q{Fatal: Protocol
480 error: Expected control record} in PSCP?
482 This happens because PSCP was expecting to see data from the server
483 that was part of the PSCP protocol exchange, and instead it saw data
484 that it couldn't make any sense of at all.
486 This almost always happens because the startup scripts in your
487 account on the server machine are generating output. This is
488 impossible for PSCP, or any other SCP client, to work around. You
489 should never use startup files (\c{.bashrc}, \c{.cshrc} and so on)
490 which generate output in non-interactive sessions.
492 This is not actually a PuTTY problem. If PSCP fails in this way,
493 then all other SCP clients are likely to fail in exactly the same
494 way. The problem is at the server end.
496 \S{faq-colours}{Question} I clicked on a colour in the Colours
497 panel, and the colour didn't change in my terminal.
499 That isn't how you're supposed to use the Colours panel.
501 During the course of a session, PuTTY potentially uses \e{all} the
502 colours listed in the Colours panel. It's not a question of using
503 only one of them and you choosing which one; PuTTY will use them
504 \e{all}. The purpose of the Colours panel is to let you adjust the
505 appearance of all the colours. So to change the colour of the
506 cursor, for example, you would select \q{Cursor Colour}, press the
507 \q{Modify} button, and select a new colour from the dialog box that
508 appeared. Similarly, if you want your session to appear in green,
509 you should select \q{Default Foreground} and press \q{Modify}.
510 Clicking on \q{ANSI Green} won't turn your session green; it will
511 only allow you to adjust the \e{shade} of green used when PuTTY is
512 instructed by the server to display green text.
514 \S{faq-winsock2}{Question} Plink on Windows 95 says it can't find
517 Plink requires the extended Windows network library, WinSock version
518 2. This is installed as standard on Windows 98 and above, and on
519 Windows NT, and even on later versions of Windows 95; but early
520 Win95 installations don't have it.
522 In order to use Plink on these systems, you will need to download
524 \W{http://www.microsoft.com/windows95/downloads/contents/wuadmintools/s_wunetworkingtools/w95sockets2/}{WinSock 2 upgrade}:
526 \c http://www.microsoft.com/windows95/downloads/contents/wuadmintools/
527 \c s_wunetworkingtools/w95sockets2/
529 \S{faq-rekey}{Question} My PuTTY sessions close after an hour and
530 tell me \q{Server failed host key check}.
532 This is a bug in all versions of PuTTY up to and including 0.51. SSH
533 v2 servers from \cw{ssh.com} will require the key exchange to be
534 repeated one hour after the start of the connection, and PuTTY will
537 Upgrade to version 0.52 or better and the problem should go away.
539 \S{faq-outofmem}{Question} After trying to establish an SSH 2
540 connection, PuTTY says \q{Out of memory} and dies.
542 If this happens just while the connection is starting up, this often
543 indicates that for some reason the client and server have failed to
544 establish a session encryption key. Somehow, they have performed
545 calculations that should have given each of them the same key, but
546 have ended up with different keys; so data encrypted by one and
547 decrypted by the other looks like random garbage.
549 This causes an \q{out of memory} error because the first encrypted
550 data PuTTY expects to see is the length of an SSH message. Normally
551 this will be something well under 100 bytes. If the decryption has
552 failed, PuTTY will see a completely random length in the region of
553 two \e{gigabytes}, and will try to allocate enough memory to store
554 this non-existent message. This will immediately lead to it thinking
555 it doesn't have enough memory, and panicking.
557 If this happens to you, it is quite likely to still be a PuTTY bug
558 and you should report it (although it might be a bug in your SSH
559 server instead); but it doesn't necessarily mean you've actually run
562 \S{faq-outofmem2}{Question} When attempting a file transfer, either
563 PSCP or PSFTP says \q{Out of memory} and dies.
565 This is almost always caused by your login scripts on the server
566 generating output. PSCP or PSFTP will receive that output when they
567 were expecting to see the start of a file transfer protocol, and
568 they will attempt to interpret the output as file-transfer protocol.
569 This will usually lead to an \q{out of memory} error for much the
570 same reasons as given in \k{faq-outofmem}.
572 This is a setup problem in your account on your server, \e{not} a
573 PSCP/PSFTP bug. Your login scripts should \e{never} generate output
574 during non-interactive sessions; secure file transfer is not the
575 only form of remote access that will break if they do.
577 On Unix, a simple fix is to ensure that all the parts of your login
578 script that might generate output are in \c{.profile} (if you use a
579 Bourne shell derivative) or \c{.login} (if you use a C shell).
580 Putting them in more general files such as \c{.bashrc} or \c{.cshrc}
581 is liable to lead to problems.
583 \S{faq-psftp-slow}{Question} PSFTP transfers files much slower than PSCP.
585 We believe this is because the SFTP and SSH2 protocols are less
586 efficient at bulk data transfer than SCP and SSH1, because every
587 block of data transferred requires an acknowledgment from the far
588 end. It would in theory be possible to queue several blocks of data
589 to get round this speed problem, but as yet we haven't done the
590 coding. If you really want this fixed, feel free to offer to help.
592 \S{faq-bce}{Question} When I run full-colour applications, I see
593 areas of black space where colour ought to be.
595 You almost certainly need to enable the \q{Use background colour to
596 erase screen} setting in the Terminal panel. Note that if you do
597 this in mid-session, it won't take effect until you reset the
598 terminal (see \k{faq-resetterm}).
600 \S{faq-resetterm}{Question} When I change some terminal settings,
603 Some of the terminal options (notably Auto Wrap and
604 background-colour screen erase) actually represent the \e{default}
605 setting, rather than the currently active setting. The server can
606 send sequences that modify these options in mid-session, but when
607 the terminal is reset (by server action, or by you choosing \q{Reset
608 Terminal} from the System menu) the defaults are restored.
610 If you want to change one of these options in the middle of a
611 session, you will find that the change does not immediately take
612 effect. It will only take effect once you reset the terminal.
614 \S{faq-altgr}{Question} I can't type characters that require the
617 In PuTTY version 0.51, the AltGr key was broken. Upgrade to version
620 \S{faq-idleout}{Question} My PuTTY sessions unexpectedly close after
621 they are idle for a while.
623 Some types of firewall, and almost any router doing Network Address
624 Translation (NAT, also known as IP masquerading), will forget about
625 a connection through them if the connection does nothing for too
626 long. This will cause the connection to be rudely cut off when
629 You can try to combat this by telling PuTTY to send \e{keepalives}:
630 packets of data which have no effect on the actual session, but
631 which reassure the router or firewall that the network connection is
632 still active and worth remembering about.
634 Keepalives don't solve everything, unfortunately; although they
635 cause greater robustness against this sort of router, they can also
636 cause a \e{loss} of robustness against network dropouts. See
637 \k{config-keepalive} in the documentation for more discussion of
640 \S{faq-timeout}{Question} PuTTY's network connections time out too
641 quickly when network connectivity is temporarily lost.
643 This is a Windows problem, not a PuTTY problem. The timeout value
644 can't be set on per application or per session basis. To increase
645 the TCP timeout globally, you need to tinker with the Registry.
647 On Windows 95, 98 or ME, the registry key you need to change is
649 \c HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\
650 \c MSTCP\MaxDataRetries
652 (it must be of type DWORD in Win95, or String in Win98/ME).
654 On Windows NT or 2000, the registry key is
656 \c HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\
657 \c Parameters\TcpMaxDataRetransmissions
659 and it must be of type DWORD.
661 Set the key's value to something like 10. This will cause Windows to
662 try harder to keep connections alive instead of abandoning them.
664 \S{faq-puttyputty}{Question} When I \cw{cat} a binary file, I get
665 `PuTTYPuTTYPuTTY' on my command line.
669 This is designed behaviour; when PuTTY receives the character
670 Control-E from the remote server, it interprets it as a request to
671 identify itself, and so it sends back the string \q{\cw{PuTTY}} as
672 if that string had been entered at the keyboard. Control-E should
673 only be sent by programs that are prepared to deal with the
674 response. Writing a binary file to your terminal is likely to output
675 many Control-E characters, and cause this behaviour. Don't do it.
678 To mitigate the effects, you could configure the answerback string
679 to be empty (see \k{config-answerback}); but writing binary files to
680 your terminal is likely to cause various other unpleasant behaviour,
681 so this is only a small remedy.
683 \S{faq-wintitle}{Question} When I \cw{cat} a binary file, my window
684 title changes to a nonsense string.
688 It is designed behaviour that PuTTY should have the ability to
689 adjust the window title on instructions from the server. Normally
690 the control sequence that does this should only be sent
691 deliberately, by programs that know what they are doing and intend
692 to put meaningful text in the window title. Writing a binary file to
693 your terminal runs the risk of sending the same control sequence by
694 accident, and cause unexpected changes in the window title. Don't do
697 \S{faq-password-fails}{Question} My keyboard stops working once
698 PuTTY displays the password prompt.
700 No, it doesn't. PuTTY just doesn't display the password you type, so
701 that someone looking at your screen can't see what it is.
703 Unlike the Windows login prompts, PuTTY doesn't display the password
704 as a row of asterisks either. This is so that someone looking at
705 your screen can't even tell how \e{long} your password is, which
706 might be valuable information.
708 \S{faq-keyboard}{Question} One or more function keys don't do what I
709 expected in a server-side application.
711 If you've already tried all the relevant options in the PuTTY
712 Keyboard panel, you may need to mail the PuTTY maintainers and ask.
714 It is \e{not} usually helpful just to tell us which application,
715 which server operating system, and which key isn't working; in order
716 to replicate the problem we would need to have a copy of every
717 operating system, and every application, that anyone has ever
720 PuTTY responds to function key presses by sending a sequence of
721 control characters to the server. If a function key isn't doing what
722 you expect, it's likely that the character sequence your application
723 is expecting to receive is not the same as the one PuTTY is sending.
724 Therefore what we really need to know is \e{what} sequence the
725 application is expecting.
727 The simplest way to investigate this is to find some other terminal
728 environment, in which that function key \e{does} work; and then
729 investigate what sequence the function key is sending in that
730 situation. One reasonably easy way to do this on a Unix system is to
731 type the command \c{cat}, and then press the function key. This is
732 likely to produce output of the form \c{^[[11~}. You can also do
733 this in PuTTY, to find out what sequence the function key is
734 producing in that. Then you can mail the PuTTY maintainers and tell
735 us \q{I wanted the F1 key to send \c{^[[11~}, but instead it's
736 sending \c{^[OP}, can this be done?}, or something similar.
738 You should still read the
739 \W{http://www.chiark.greenend.org.uk/~sgtatham/putty/feedback.html}{Feedback
740 page} on the PuTTY website (also provided as \k{feedback} in the
741 manual), and follow the guidelines contained in that.
743 \S{faq-openssh-bad-openssl}{Question} Since my SSH server was upgraded
744 to OpenSSH 3.1p1/3.4p1, I can no longer connect with PuTTY.
746 There is a known problem when OpenSSH has been built against an
747 incorrect version of OpenSSL; the quick workaround is to configure
748 PuTTY to use SSH protocol 2 and the Blowfish cipher.
750 For more details and OpenSSH patches, see
751 \W{http://bugzilla.mindrot.org/show_bug.cgi?id=138}{bug 138} in the
754 This is not a PuTTY-specific problem; if you try to connect with
755 another client you'll likely have similar problems. (Although PuTTY's
756 default cipher differs from many other clients.)
758 \e{OpenSSH 3.1p1:} configurations known to be broken (and symptoms):
760 \b SSH 2 with AES cipher (PuTTY says "Assertion failed! Expression:
761 (len & 15) == 0" in sshaes.c, or "Out of memory", or crashes)
763 \b SSH 2 with 3DES (PuTTY says "Incorrect MAC received on packet")
765 \b SSH 1 with Blowfish (PuTTY says "Incorrect CRC received on
770 \e{OpenSSH 3.4p1:} as of 3.4p1, only the problem with SSH 1 and
771 Blowfish remains. Rebuild your server, apply the patch linked to from
772 bug 138 above, or use another cipher (e.g., 3DES) instead.
774 \e{Other versions:} we occasionally get reports of the same symptom
775 and workarounds with older versions of OpenSSH, although it's not
776 clear the underlying cause is the same.
778 \S{faq-ssh2key-ssh1conn}{Question} Why do I see "Couldn't load private
779 key from ..."? Why can PuTTYgen load my key but not PuTTY?
781 It's likely that you've generated an SSH protocol 2 key with PuTTYgen,
782 but you're trying to use it in an SSH 1 connection. SSH1 and SSH2 keys
783 have different formats, and (at least in 0.52) PuTTY's reporting of a
784 key in the wrong format isn't optimal.
786 To connect using SSH 2 to a server that supports both versions, you
787 need to change the configuration from the default (see \k{faq-ssh2}).
789 \S{faq-rh8-utf8}{Question} When I'm connected to a Red Hat Linux 8.0
790 system, some characters don't display properly.
792 A common complaint is that hyphens in man pages show up as a-acute.
794 With release 8.0, Red Hat appear to have made UTF-8 the default
795 character set. There appears to be no way for terminal emulators such
796 as PuTTY to know this (as far as we know, the appropriate escape
797 sequence to switch into UTF-8 mode isn't sent).
799 A fix is to configure sessions to RH8 systems to use UTF-8
800 translation - see \k{config-charset} in the documentation. (Note that
801 if you use \q{Change Settings}, changes may not take place immediately
802 - see \k{faq-resetterm}.)
804 If you really want to change the character set used by the server, the
805 right place is \c{/etc/sysconfig/i18n}, but this shouldn't be
808 \H{faq-secure} Security questions
810 \S{faq-publicpc}{Question} Is it safe for me to download PuTTY and
811 use it on a public PC?
813 It depends on whether you trust that PC. If you don't trust the
814 public PC, don't use PuTTY on it, and don't use any other software
815 you plan to type passwords into either. It might be watching your
816 keystrokes, or it might tamper with the PuTTY binary you download.
817 There is \e{no} program safe enough that you can run it on an
818 actively malicious PC and get away with typing passwords into it.
820 If you do trust the PC, then it's probably OK to use PuTTY on it
821 (but if you don't trust the network, then the PuTTY download might
822 be tampered with, so it would be better to carry PuTTY with you on a
825 \S{faq-cleanup}{Question} What does PuTTY leave on a system? How can
828 PuTTY will leave some Registry entries, and a random seed file, on
829 the PC (see \k{faq-settings}). If you are using PuTTY on a public
830 PC, or somebody else's PC, you might want to clean these up when you
831 leave. You can do that automatically, by running the command
834 \S{faq-dsa}{Question} How come PuTTY now supports DSA, when the
835 website used to say how insecure it was?
837 DSA has a major weakness \e{if badly implemented}: it relies on a
838 random number generator to far too great an extent. If the random
839 number generator produces a number an attacker can predict, the DSA
840 private key is exposed - meaning that the attacker can log in as you
841 on all systems that accept that key.
843 The PuTTY policy changed because the developers were informed of
844 ways to implement DSA which do not suffer nearly as badly from this
845 weakness, and indeed which don't need to rely on random numbers at
846 all. For this reason we now believe PuTTY's DSA implementation is
847 probably OK. However, if you have the choice, we still recommend you
850 \S{faq-virtuallock}{Question} Couldn't Pageant use
851 \cw{VirtualLock()} to stop private keys being written to disk?
853 Unfortunately not. The \cw{VirtualLock()} function in the Windows
854 API doesn't do a proper job: it may prevent small pieces of a
855 process's memory from being paged to disk while the process is
856 running, but it doesn't stop the process's memory as a whole from
857 being swapped completely out to disk when the process is long-term
858 inactive. And Pageant spends most of its time inactive.
860 \H{faq-admin} Administrative questions
862 \S{faq-domain}{Question} Would you like me to register you a nicer
865 No, thank you. Even if you can find one (most of them seem to have
866 been registered already, by people who didn't ask whether we
867 actually wanted it before they applied), we're happy with the PuTTY
868 web site being exactly where it is. It's not hard to find (just type
869 \q{putty} into \W{http://www.google.com/}{google.com} and we're the
870 first link returned), and we don't believe the administrative hassle
871 of moving the site would be worth the benefit.
873 In addition, if we \e{did} want a custom domain name, we would want
874 to run it ourselves, so we knew for certain that it would continue
875 to point where we wanted it, and wouldn't suddenly change or do
876 strange things. Having it registered for us by a third party who we
877 don't even know is not the best way to achieve this.
879 \S{faq-webhosting}{Question} Would you like free web hosting for the
882 We already have some, thanks.
884 \S{faq-sourceforge}{Question} Why don't you move PuTTY to
887 Partly, because we don't want to move the web site location (see
890 Also, security reasons. PuTTY is a security product, and as such it
891 is particularly important to guard the code and the web site against
892 unauthorised modifications which might introduce subtle security
893 flaws. Therefore, we prefer that the CVS repository, web site and
894 FTP site remain where they are, under the direct control of system
895 administrators we know and trust personally, rather than being run
896 by a large organisation full of people we've never met and which is
897 known to have had breakins in the past.
899 No offence to SourceForge; I think they do a wonderful job. But
900 they're not ideal for everyone, and in particular they're not ideal
903 \S{faq-mailinglist1}{Question} Why can't I subscribe to the
904 putty-bugs mailing list?
906 Because you're not a member of the PuTTY core development team. The
907 putty-bugs mailing list is not a general newsgroup-like discussion
908 forum; it's a contact address for the core developers, and an
909 \e{internal} mailing list for us to discuss things among ourselves.
910 If we opened it up for everybody to subscribe to, it would turn into
911 something more like a newsgroup and we would be completely
912 overwhelmed by the volume of traffic. It's hard enough to keep up
913 with the list as it is.
915 \S{faq-mailinglist2}{Question} If putty-bugs isn't a
916 general-subscription mailing list, what is?
918 There isn't one, that we know of.
920 If someone else wants to set up a mailing list or other forum for
921 PuTTY users to help each other with common problems, that would be
922 fine with us, though the PuTTY team would almost certainly not have the
923 time to read it. It's probably better to use the established
924 newsgroup \cw{comp.security.ssh} for this purpose.
926 \S{faq-donations}{Question} How can I donate to PuTTY development?
928 Please, \e{please} don't feel you have to. PuTTY is completely free
929 software, and not shareware. We think it's very important that
930 \e{everybody} who wants to use PuTTY should be able to, whether they
931 have any money or not; so the last thing we would want is for a
932 PuTTY user to feel guilty because they haven't paid us any money. If
933 you want to keep your money, please do keep it. We wouldn't dream of
936 Having said all that, if you still really \e{want} to give us money,
937 we won't argue :-) The easiest way for us to accept donations is if
938 you go to \W{http://www.e-gold.com}\cw{www.e-gold.com}, and deposit
939 your donation in account number 174769. Then send us e-mail to let
940 us know you've done so (otherwise we might not notice for months!).
941 Alternatively, if e-gold isn't convenient for you, you can donate to
942 \cw{<anakin@pobox.com>} using PayPal
943 (\W{http://www.paypal.com/}\cw{www.paypal.com}).
945 Small donations (tens of dollars or tens of euros) will probably be
946 spent on beer or curry, which helps motivate our volunteer team to
947 continue doing this for the world. Larger donations will be spent on
948 something that actually helps development, if we can find anything
949 (perhaps new hardware, or a copy of Windows XP), but if we can't
950 find anything then we'll just distribute the money among the
951 developers. If you want to be sure your donation is going towards
952 something worthwhile, ask us first. If you don't like these terms,
953 feel perfectly free not to donate. We don't mind.
955 \H{faq-misc} Miscellaneous questions
957 \S{faq-openssh}{Question} Is PuTTY a port of OpenSSH, or based on
960 No, it isn't. PuTTY is almost completely composed of code written
961 from scratch for PuTTY. The only code we share with OpenSSH is the
962 detector for SSH1 CRC compensation attacks, written by CORE SDI S.A.
964 \S{faq-sillyputty}{Question} Where can I buy silly putty?
966 You're looking at the wrong web site; the only PuTTY we know about
967 here is the name of a computer program.
969 If you want the kind of putty you can buy as an executive toy, the
970 PuTTY team can personally recommend Thinking Putty, which you can
971 buy from Crazy Aaron's Putty World, at
972 \W{http://www.puttyworld.com}\cw{www.puttyworld.com}.
974 \S{faq-meaning}{Question} What does \q{PuTTY} mean?
976 It's the name of a popular SSH and Telnet client. Any other meaning
977 is in the eye of the beholder. It's been rumoured that \q{PuTTY}
978 is the antonym of \q{\cw{getty}}, or that it's the stuff that makes your
979 Windows useful, or that it's a kind of plutonium Teletype. We
980 couldn't possibly comment on such allegations.
982 \S{faq-pronounce}{Question} How do I pronounce \q{PuTTY}?
984 Exactly like the English word \q{putty}, which we pronounce
985 /\u02C8{'}p\u028C{V}t\u026A{I}/.