Apparently Vista's printf-like functions don't support %n by default.
[u/mdw/putty] / doc / faq.but
1 \define{versionidfaq} \versionid $Id$
2
3 \A{faq} PuTTY \i{FAQ}
4
5 This FAQ is published on the PuTTY web site, and also provided as an
6 appendix in the manual.
7
8 \H{faq-intro} Introduction
9
10 \S{faq-what}{Question} What is PuTTY?
11
12 PuTTY is a client program for the SSH, Telnet and Rlogin network
13 protocols.
14
15 These protocols are all used to run a remote session on a computer,
16 over a network. PuTTY implements the client end of that session: the
17 end at which the session is displayed, rather than the end at which
18 it runs.
19
20 In really simple terms: you run PuTTY on a Windows machine, and tell
21 it to connect to (for example) a Unix machine. PuTTY opens a window.
22 Then, anything you type into that window is sent straight to the
23 Unix machine, and everything the Unix machine sends back is
24 displayed in the window. So you can work on the Unix machine as if
25 you were sitting at its console, while actually sitting somewhere
26 else.
27
28 \H{faq-support} Features supported in PuTTY
29
30 \I{supported features}In general, if you want to know if PuTTY supports
31 a particular feature, you should look for it on the
32 \W{http://www.chiark.greenend.org.uk/~sgtatham/putty/}{PuTTY web site}.
33 In particular:
34
35 \b try the
36 \W{http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html}{changes
37 page}, and see if you can find the feature on there. If a feature is
38 listed there, it's been implemented. If it's listed as a change made
39 \e{since} the latest version, it should be available in the
40 development snapshots, in which case testing will be very welcome.
41
42 \b try the
43 \W{http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/}{Wishlist
44 page}, and see if you can find the feature there. If it's on there,
45 and not in the \q{Recently fixed} section, it probably \e{hasn't} been
46 implemented.
47
48 \S{faq-ssh2}{Question} Does PuTTY support SSH-2?
49
50 Yes. SSH-2 support has been available in PuTTY since version 0.50.
51
52 Public key authentication (both RSA and DSA) in SSH-2 is new in
53 version 0.52.
54
55 \S{faq-ssh2-keyfmt}{Question} Does PuTTY support reading OpenSSH or
56 \cw{ssh.com} SSH-2 private key files?
57
58 PuTTY doesn't support this natively (see
59 \W{http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/key-formats-natively.html}{the wishlist entry}
60 for reasons why not), but as of 0.53
61 PuTTYgen can convert both OpenSSH and \cw{ssh.com} private key
62 files into PuTTY's format.
63
64 \S{faq-ssh1}{Question} Does PuTTY support SSH-1?
65
66 Yes. SSH-1 support has always been available in PuTTY.
67
68 \S{faq-localecho}{Question} Does PuTTY support \i{local echo}?
69
70 Yes. Version 0.52 has proper support for local echo.
71
72 In version 0.51 and before, local echo could not be separated from
73 local line editing (where you type a line of text locally, and it is
74 not sent to the server until you press Return, so you have the
75 chance to edit it and correct mistakes \e{before} the server sees
76 it). New in version 0.52, local echo and local line editing are
77 separate options, and by default PuTTY will try to determine
78 automatically whether to enable them or not, based on which protocol
79 you have selected and also based on hints from the server. If you
80 have a problem with PuTTY's default choice, you can force each
81 option to be enabled or disabled as you choose. The controls are in
82 the Terminal panel, in the section marked \q{Line discipline
83 options}.
84
85 \S{faq-savedsettings}{Question} Does PuTTY support storing settings,
86 so I don't have to change them every time?
87
88 Yes, all of PuTTY's settings can be saved in named session profiles.
89 You can also change the default settings that are used for new sessions.
90 See \k{config-saving} in the documentation for how to do this.
91
92 \S{faq-disksettings}{Question} Does PuTTY support storing its
93 settings in a disk file?
94
95 Not at present, although \k{config-file} in the documentation gives
96 a method of achieving the same effect.
97
98 \S{faq-fullscreen}{Question} Does PuTTY support full-screen mode,
99 like a DOS box?
100
101 Yes; this is a new feature in version 0.52.
102
103 \S{faq-password-remember}{Question} Does PuTTY have the ability to
104 \i{remember my password} so I don't have to type it every time?
105
106 No, it doesn't.
107
108 Remembering your password is a bad plan for obvious security
109 reasons: anyone who gains access to your machine while you're away
110 from your desk can find out the remembered password, and use it,
111 abuse it or change it.
112
113 In addition, it's not even \e{possible} for PuTTY to automatically
114 send your password in a Telnet session, because Telnet doesn't give
115 the client software any indication of which part of the login
116 process is the password prompt. PuTTY would have to guess, by
117 looking for words like \q{password} in the session data; and if your
118 login program is written in something other than English, this won't
119 work.
120
121 In SSH, remembering your password would be possible in theory, but
122 there doesn't seem to be much point since SSH supports public key
123 authentication, which is more flexible and more secure. See
124 \k{pubkey} in the documentation for a full discussion of public key
125 authentication.
126
127 \S{faq-hostkeys}{Question} Is there an option to turn off the
128 \I{verifying the host key}annoying host key prompts?
129
130 No, there isn't. And there won't be. Even if you write it yourself
131 and send us the patch, we won't accept it.
132
133 Those annoying host key prompts are the \e{whole point} of SSH.
134 Without them, all the cryptographic technology SSH uses to secure
135 your session is doing nothing more than making an attacker's job
136 slightly harder; instead of sitting between you and the server with
137 a packet sniffer, the attacker must actually subvert a router and
138 start modifying the packets going back and forth. But that's not all
139 that much harder than just sniffing; and without host key checking,
140 it will go completely undetected by client or server.
141
142 Host key checking is your guarantee that the encryption you put on
143 your data at the client end is the \e{same} encryption taken off the
144 data at the server end; it's your guarantee that it hasn't been
145 removed and replaced somewhere on the way. Host key checking makes
146 the attacker's job \e{astronomically} hard, compared to packet
147 sniffing, and even compared to subverting a router. Instead of
148 applying a little intelligence and keeping an eye on Bugtraq, the
149 attacker must now perform a brute-force attack against at least one
150 military-strength cipher. That insignificant host key prompt really
151 does make \e{that} much difference.
152
153 If you're having a specific problem with host key checking - perhaps
154 you want an automated batch job to make use of PSCP or Plink, and
155 the interactive host key prompt is hanging the batch process - then
156 the right way to fix it is to add the correct host key to the
157 Registry in advance. That way, you retain the \e{important} feature
158 of host key checking: the right key will be accepted and the wrong
159 ones will not. Adding an option to turn host key checking off
160 completely is the wrong solution and we will not do it.
161
162 If you have host keys available in the common \i\c{known_hosts} format,
163 we have a script called
164 \W{http://svn.tartarus.org/putty/contrib/kh2reg.py?view=markup}\c{kh2reg.py}
165 to convert them to a Windows .REG file, which can be installed ahead of
166 time by double-clicking or using \c{REGEDIT}.
167
168 \S{faq-server}{Question} Will you write an SSH server for the PuTTY
169 suite, to go with the client?
170
171 No. The only reason we might want to would be if we could easily
172 re-use existing code and significantly cut down the effort. We don't
173 believe this is the case; there just isn't enough common ground
174 between an SSH client and server to make it worthwhile.
175
176 If someone else wants to use bits of PuTTY in the process of writing
177 a Windows SSH server, they'd be perfectly welcome to of course, but
178 I really can't see it being a lot less effort for us to do that than
179 it would be for us to write a server from the ground up. We don't
180 have time, and we don't have motivation. The code is available if
181 anyone else wants to try it.
182
183 \S{faq-pscp-ascii}{Question} Can PSCP or PSFTP transfer files in
184 \i{ASCII} mode?
185
186 Unfortunately not.
187
188 Until recently, this was a limitation of the file transfer protocols:
189 the SCP and SFTP protocols had no notion of transferring a file in
190 anything other than binary mode. (This is still true of SCP.)
191
192 The current draft protocol spec of SFTP proposes a means of
193 implementing ASCII transfer. At some point PSCP/PSFTP may implement
194 this proposal.
195
196 \H{faq-ports} Ports to other operating systems
197
198 The eventual goal is for PuTTY to be a multi-platform program, able
199 to run on at least Windows, Mac OS and Unix.
200
201 Porting will become easier once PuTTY has a generalised porting
202 layer, drawing a clear line between platform-dependent and
203 platform-independent code. The general intention was for this
204 porting layer to evolve naturally as part of the process of doing
205 the first port; a Unix port has now been released and the plan
206 seems to be working so far.
207
208 \S{faq-ports-general}{Question} What ports of PuTTY exist?
209
210 Currently, release versions of PuTTY tools only run on full Win32
211 systems and Unix. \q{Win32} includes Windows 95, 98, and ME, and it
212 includes Windows NT, 2000, XP, and Vista.
213
214 In the development code, a partial port to the Mac OS (see
215 \k{faq-mac-port}) is under way.
216
217 Currently PuTTY does \e{not} run on Windows CE (see \k{faq-wince}),
218 and it does not quite run on the Win32s environment under Windows
219 3.1 (see \k{faq-win31}).
220
221 We do not have release-quality ports for any other systems at the
222 present time. If anyone told you we had an EPOC port, or an iPaq port,
223 or any other port of PuTTY, they were mistaken. We don't.
224
225 There are some third-party ports to various platforms, mentioned
226 on the Links page of our website.
227
228 \S{faq-unix}{Question} \I{Unix version}Is there a port to Unix?
229
230 As of 0.54, there are Unix ports of most of the traditional PuTTY
231 tools, and also one entirely new application.
232
233 If you look at the source release, you should find a \c{unix}
234 subdirectory containing \c{Makefile.gtk}, which should build you Unix
235 ports of Plink, PuTTY itself, PuTTYgen, PSCP, PSFTP, and also
236 \i\c{pterm} - an \cw{xterm}-type program which supports the same
237 terminal emulation as PuTTY. We do not yet have a Unix port of
238 Pageant.
239
240 If you don't have \i{Gtk}, you should still be able to build the
241 command-line tools.
242
243 Note that Unix PuTTY has mostly only been tested on Linux so far;
244 portability problems such as BSD-style ptys or different header file
245 requirements are expected.
246
247 \S{faq-unix-why}{Question} What's the point of the Unix port? Unix
248 has OpenSSH.
249
250 All sorts of little things. \c{pterm} is directly useful to anyone
251 who prefers PuTTY's terminal emulation to \c{xterm}'s, which at
252 least some people do. Unix Plink has apparently found a niche among
253 people who find the complexity of OpenSSL makes OpenSSH hard to
254 install (and who don't mind Plink not having as many features). Some
255 users want to generate a large number of SSH keys on Unix and then
256 copy them all into PuTTY, and the Unix PuTTYgen should allow them to
257 automate that conversion process.
258
259 There were development advantages as well; porting PuTTY to Unix was
260 a valuable path-finding effort for other future ports, and also
261 allowed us to use the excellent Linux tool
262 \W{http://valgrind.kde.org/}{Valgrind} to help with debugging, which
263 has already improved PuTTY's stability on \e{all} platforms.
264
265 However, if you're a Unix user and you can see no reason to switch
266 from OpenSSH to PuTTY/Plink, then you're probably right. We don't
267 expect our Unix port to be the right thing for everybody.
268
269 \S{faq-wince}{Question} Will there be a port to Windows CE or PocketPC?
270
271 We have done some work on such a port, but it only reached an early
272 stage, and certainly not a useful one. It's no longer being actively
273 worked on.
274
275 However, there's a third-party port at
276 \W{http://www.pocketputty.net/}\c{http://www.pocketputty.net/}.
277
278 \S{faq-win31}{Question} Is there a port to \i{Windows 3.1}?
279
280 PuTTY is a 32-bit application from the ground up, so it won't run on
281 Windows 3.1 as a native 16-bit program; and it would be \e{very}
282 hard to port it to do so, because of Windows 3.1's vile memory
283 allocation mechanisms.
284
285 However, it is possible in theory to compile the existing PuTTY
286 source in such a way that it will run under \i{Win32s} (an extension to
287 Windows 3.1 to let you run 32-bit programs). In order to do this
288 you'll need the right kind of C compiler - modern versions of Visual
289 C at least have stopped being backwards compatible to Win32s. Also,
290 the last time we tried this it didn't work very well.
291
292 If you're interested in running PuTTY under Windows 3.1, help and
293 testing in this area would be very welcome!
294
295 \S{faq-mac-port}{Question} Will there be a port to the \I{Mac OS}Mac?
296
297 There are several answers to this question:
298
299 \b The Unix/Gtk port is already fully working under Mac OS X as an X11
300 application.
301
302 \b A native (Cocoa) Mac OS X port has been started. It's just about
303 usable, but is of nowhere near release quality yet, and is likely to
304 behave in unexpected ways. Currently it's unlikely to be completed
305 unless someone steps in to help.
306
307 \b A separate port to the classic Mac OS (pre-OSX) is also in
308 progress; it too is not ready yet.
309
310 \S{faq-epoc}{Question} Will there be a port to EPOC?
311
312 I hope so, but given that ports aren't really progressing very fast
313 even on systems the developers \e{do} already know how to program
314 for, it might be a long time before any of us get round to learning
315 a new system and doing the port for that.
316
317 However, some of the work has been done by other people, and a beta
318 port of PuTTY for the Nokia 9200 Communicator series is available
319 from \W{http://s2putty.sourceforge.net/}\cw{http://s2putty.sourceforge.net/}
320
321 \H{faq-embedding} Embedding PuTTY in other programs
322
323 \S{faq-dll}{Question} Is the SSH or Telnet code available as a DLL?
324
325 No, it isn't. It would take a reasonable amount of rewriting for
326 this to be possible, and since the PuTTY project itself doesn't
327 believe in DLLs (they make installation more error-prone) none of us
328 has taken the time to do it.
329
330 Most of the code cleanup work would be a good thing to happen in
331 general, so if anyone feels like helping, we wouldn't say no.
332
333 \S{faq-vb}{Question} Is the SSH or Telnet code available as a Visual
334 Basic component?
335
336 No, it isn't. None of the PuTTY team uses Visual Basic, and none of
337 us has any particular need to make SSH connections from a Visual
338 Basic application. In addition, all the preliminary work to turn it
339 into a DLL would be necessary first; and furthermore, we don't even
340 know how to write VB components.
341
342 If someone offers to do some of this work for us, we might consider
343 it, but unless that happens I can't see VB integration being
344 anywhere other than the very bottom of our priority list.
345
346 \S{faq-ipc}{Question} How can I use PuTTY to make an SSH connection
347 from within another program?
348
349 Probably your best bet is to use Plink, the command-line connection
350 tool. If you can start Plink as a second Windows process, and
351 arrange for your primary process to be able to send data to the
352 Plink process, and receive data from it, through pipes, then you
353 should be able to make SSH connections from your program.
354
355 This is what CVS for Windows does, for example.
356
357 \H{faq-details} Details of PuTTY's operation
358
359 \S{faq-term}{Question} What \i{terminal type} does PuTTY use?
360
361 For most purposes, PuTTY can be considered to be an \cw{xterm}
362 terminal.
363
364 PuTTY also supports some terminal \i{control sequences} not supported by
365 the real \cw{xterm}: notably the Linux console sequences that
366 reconfigure the colour palette, and the title bar control sequences
367 used by \i\cw{DECterm} (which are different from the \cw{xterm} ones;
368 PuTTY supports both).
369
370 By default, PuTTY announces its terminal type to the server as
371 \c{xterm}. If you have a problem with this, you can reconfigure it
372 to say something else; \c{vt220} might help if you have trouble.
373
374 \S{faq-settings}{Question} Where does PuTTY store its data?
375
376 On Windows, PuTTY stores most of its data (saved sessions, SSH host
377 keys) in the \i{Registry}. The precise location is
378
379 \c HKEY_CURRENT_USER\Software\SimonTatham\PuTTY
380
381 and within that area, saved sessions are stored under \c{Sessions}
382 while host keys are stored under \c{SshHostKeys}.
383
384 PuTTY also requires a random number seed file, to improve the
385 unpredictability of randomly chosen data needed as part of the SSH
386 cryptography. This is stored by default in a file called \i\c{PUTTY.RND};
387 this is stored by default in the \q{Application Data} directory,
388 or failing that, one of a number of fallback locations. If you
389 want to change the location of the random number seed file, you can
390 put your chosen pathname in the Registry, at
391
392 \c HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\RandSeedFile
393
394 You can ask PuTTY to delete all this data; see \k{faq-cleanup}.
395
396 On Unix, PuTTY stores all of this data in a directory \cw{~/.putty}.
397
398 \H{faq-howto} HOWTO questions
399
400 \S{faq-login}{Question} What login name / password should I use?
401
402 This is not a question you should be asking \e{us}.
403
404 PuTTY is a communications tool, for making connections to other
405 computers. We maintain the tool; we \e{don't} administer any computers
406 that you're likely to be able to use, in the same way that the people
407 who make web browsers aren't responsible for most of the content you can
408 view in them. \#{FIXME: less technical analogy?} We cannot help with
409 questions of this sort.
410
411 If you know the name of the computer you want to connect to, but don't
412 know what login name or password to use, you should talk to whoever
413 administers that computer. If you don't know who that is, see the next
414 question for some possible ways to find out.
415
416 \# FIXME: some people ask us to provide them with a login name
417 apparently as random members of the public rather than in the
418 belief that we run a server belonging to an organisation they already
419 have some relationship with. Not sure what to say to such people.
420
421 \S{faq-commands}{Question} \I{commands on the server}What commands
422 can I type into my PuTTY terminal window?
423
424 Again, this is not a question you should be asking \e{us}. You need
425 to read the manuals, or ask the administrator, of \e{the computer
426 you have connected to}.
427
428 PuTTY does not process the commands you type into it. It's only a
429 communications tool. It makes a connection to another computer; it
430 passes the commands you type to that other computer; and it passes
431 the other computer's responses back to you. Therefore, the precise
432 range of commands you can use will not depend on PuTTY, but on what
433 kind of computer you have connected to and what software is running
434 on it. The PuTTY team cannot help you with that.
435
436 (Think of PuTTY as being a bit like a telephone. If you phone
437 somebody up and you don't know what language to speak to make them
438 understand you, it isn't \e{the telephone company}'s job to find
439 that out for you. We just provide the means for you to get in touch;
440 making yourself understood is somebody else's problem.)
441
442 If you are unsure of where to start looking for the administrator of
443 your server, a good place to start might be to remember how you
444 found out the host name in the PuTTY configuration. If you were
445 given that host name by e-mail, for example, you could try asking
446 the person who sent you that e-mail. If your company's IT department
447 provided you with ready-made PuTTY saved sessions, then that IT
448 department can probably also tell you something about what commands
449 you can type during those sessions. But the PuTTY maintainer team
450 does not administer any server you are likely to be connecting to,
451 and cannot help you with questions of this type.
452
453 \S{faq-startmax}{Question} How can I make PuTTY start up \i{maximise}d?
454
455 Create a Windows shortcut to start PuTTY from, and set it as \q{Run
456 Maximized}.
457
458 \S{faq-startsess}{Question} How can I create a \i{Windows shortcut} to
459 start a particular saved session directly?
460
461 To run a PuTTY session saved under the name \q{\cw{mysession}},
462 create a Windows shortcut that invokes PuTTY with a command line
463 like
464
465 \c \path\name\to\putty.exe -load "mysession"
466
467 (Note: prior to 0.53, the syntax was \c{@session}. This is now
468 deprecated and may be removed at some point.)
469
470 \S{faq-startssh}{Question} How can I start an SSH session straight
471 from the command line?
472
473 Use the command line \c{putty -ssh host.name}. Alternatively, create
474 a saved session that specifies the SSH protocol, and start the saved
475 session as shown in \k{faq-startsess}.
476
477 \S{faq-cutpaste}{Question} How do I \i{copy and paste} between PuTTY and
478 other Windows applications?
479
480 Copy and paste works similarly to the X Window System. You use the
481 left mouse button to select text in the PuTTY window. The act of
482 selection \e{automatically} copies the text to the clipboard: there
483 is no need to press Ctrl-Ins or Ctrl-C or anything else. In fact,
484 pressing Ctrl-C will send a Ctrl-C character to the other end of
485 your connection (just like it does the rest of the time), which may
486 have unpleasant effects. The \e{only} thing you need to do, to copy
487 text to the clipboard, is to select it.
488
489 To paste the clipboard contents into a PuTTY window, by default you
490 click the right mouse button. If you have a three-button mouse and
491 are used to X applications, you can configure pasting to be done by
492 the middle button instead, but this is not the default because most
493 Windows users don't have a middle button at all.
494
495 You can also paste by pressing Shift-Ins.
496
497 \S{faq-options}{Question} How do I use all PuTTY's features (public
498 keys, proxying, cipher selection, etc.) in PSCP, PSFTP and Plink?
499
500 Most major features (e.g., public keys, port forwarding) are available
501 through command line options. See the documentation.
502
503 Not all features are accessible from the command line yet, although
504 we'd like to fix this. In the meantime, you can use most of
505 PuTTY's features if you create a PuTTY saved session, and then use
506 the name of the saved session on the command line in place of a
507 hostname. This works for PSCP, PSFTP and Plink (but don't expect
508 port forwarding in the file transfer applications!).
509
510 \S{faq-pscp}{Question} How do I use PSCP.EXE? When I double-click it
511 gives me a command prompt window which then closes instantly.
512
513 PSCP is a command-line application, not a GUI application. If you
514 run it without arguments, it will simply print a help message and
515 terminate.
516
517 To use PSCP properly, run it from a Command Prompt window. See
518 \k{pscp} in the documentation for more details.
519
520 \S{faq-pscp-spaces}{Question} \I{spaces in filenames}How do I use
521 PSCP to copy a file whose name has spaces in?
522
523 If PSCP is using the traditional SCP protocol, this is confusing. If
524 you're specifying a file at the local end, you just use one set of
525 quotes as you would normally do:
526
527 \c pscp "local filename with spaces" user@host:
528 \c pscp user@host:myfile "local filename with spaces"
529
530 But if the filename you're specifying is on the \e{remote} side, you
531 have to use backslashes and two sets of quotes:
532
533 \c pscp user@host:"\"remote filename with spaces\"" local_filename
534 \c pscp local_filename user@host:"\"remote filename with spaces\""
535
536 Worse still, in a remote-to-local copy you have to specify the local
537 file name explicitly, otherwise PSCP will complain that they don't
538 match (unless you specified the \c{-unsafe} option). The following
539 command will give an error message:
540
541 \c c:\>pscp user@host:"\"oo er\"" .
542 \c warning: remote host tried to write to a file called 'oo er'
543 \c when we requested a file called '"oo er"'.
544
545 Instead, you need to specify the local file name in full:
546
547 \c c:\>pscp user@host:"\"oo er\"" "oo er"
548
549 If PSCP is using the newer SFTP protocol, none of this is a problem,
550 and all filenames with spaces in are specified using a single pair
551 of quotes in the obvious way:
552
553 \c pscp "local file" user@host:
554 \c pscp user@host:"remote file" .
555
556 \H{faq-trouble} Troubleshooting
557
558 \S{faq-incorrect-mac}{Question} Why do I see \q{Incorrect MAC
559 received on packet}?
560
561 One possible cause of this that used to be common is a bug in old
562 SSH-2 servers distributed by \cw{ssh.com}. (This is not the only
563 possible cause; see \k{errors-crc} in the documentation.)
564 Version 2.3.0 and below of their SSH-2 server
565 constructs Message Authentication Codes in the wrong way, and
566 expects the client to construct them in the same wrong way. PuTTY
567 constructs the MACs correctly by default, and hence these old
568 servers will fail to work with it.
569
570 If you are using PuTTY version 0.52 or better, this should work
571 automatically: PuTTY should detect the buggy servers from their
572 version number announcement, and automatically start to construct
573 its MACs in the same incorrect manner as they do, so it will be able
574 to work with them.
575
576 If you are using PuTTY version 0.51 or below, you can enable the
577 workaround by going to the SSH panel and ticking the box labelled
578 \q{Imitate SSH2 MAC bug}. It's possible that you might have to do
579 this with 0.52 as well, if a buggy server exists that PuTTY doesn't
580 know about.
581
582 In this context MAC stands for \ii{Message Authentication Code}. It's a
583 cryptographic term, and it has nothing at all to do with Ethernet
584 MAC (Media Access Control) addresses.
585
586 \S{faq-pscp-protocol}{Question} Why do I see \q{Fatal: Protocol
587 error: Expected control record} in PSCP?
588
589 This happens because PSCP was expecting to see data from the server
590 that was part of the PSCP protocol exchange, and instead it saw data
591 that it couldn't make any sense of at all.
592
593 This almost always happens because the \i{startup scripts} in your
594 account on the server machine are generating output. This is
595 impossible for PSCP, or any other SCP client, to work around. You
596 should never use startup files (\c{.bashrc}, \c{.cshrc} and so on)
597 which generate output in non-interactive sessions.
598
599 This is not actually a PuTTY problem. If PSCP fails in this way,
600 then all other SCP clients are likely to fail in exactly the same
601 way. The problem is at the server end.
602
603 \S{faq-colours}{Question} I clicked on a colour in the \ii{Colours}
604 panel, and the colour didn't change in my terminal.
605
606 That isn't how you're supposed to use the Colours panel.
607
608 During the course of a session, PuTTY potentially uses \e{all} the
609 colours listed in the Colours panel. It's not a question of using
610 only one of them and you choosing which one; PuTTY will use them
611 \e{all}. The purpose of the Colours panel is to let you adjust the
612 appearance of all the colours. So to change the colour of the
613 cursor, for example, you would select \q{Cursor Colour}, press the
614 \q{Modify} button, and select a new colour from the dialog box that
615 appeared. Similarly, if you want your session to appear in green,
616 you should select \q{Default Foreground} and press \q{Modify}.
617 Clicking on \q{ANSI Green} won't turn your session green; it will
618 only allow you to adjust the \e{shade} of green used when PuTTY is
619 instructed by the server to display green text.
620
621 \S{faq-winsock2}{Question} Plink on \i{Windows 95} says it can't find
622 \i\cw{WS2_32.DLL}.
623
624 Plink requires the extended Windows network library, WinSock version
625 2. This is installed as standard on Windows 98 and above, and on
626 Windows NT, and even on later versions of Windows 95; but early
627 Win95 installations don't have it.
628
629 In order to use Plink on these systems, you will need to download
630 the
631 \W{http://www.microsoft.com/windows95/downloads/contents/wuadmintools/s_wunetworkingtools/w95sockets2/}{WinSock 2 upgrade}:
632
633 \c http://www.microsoft.com/windows95/downloads/contents/
634 \c wuadmintools/s_wunetworkingtools/w95sockets2/
635
636 \S{faq-outofmem}{Question} After trying to establish an SSH-2
637 connection, PuTTY says \q{\ii{Out of memory}} and dies.
638
639 If this happens just while the connection is starting up, this often
640 indicates that for some reason the client and server have failed to
641 establish a session encryption key. Somehow, they have performed
642 calculations that should have given each of them the same key, but
643 have ended up with different keys; so data encrypted by one and
644 decrypted by the other looks like random garbage.
645
646 This causes an \q{out of memory} error because the first encrypted
647 data PuTTY expects to see is the length of an SSH message. Normally
648 this will be something well under 100 bytes. If the decryption has
649 failed, PuTTY will see a completely random length in the region of
650 two \e{gigabytes}, and will try to allocate enough memory to store
651 this non-existent message. This will immediately lead to it thinking
652 it doesn't have enough memory, and panicking.
653
654 If this happens to you, it is quite likely to still be a PuTTY bug
655 and you should report it (although it might be a bug in your SSH
656 server instead); but it doesn't necessarily mean you've actually run
657 out of memory.
658
659 \S{faq-outofmem2}{Question} When attempting a file transfer, either
660 PSCP or PSFTP says \q{\ii{Out of memory}} and dies.
661
662 This is almost always caused by your \i{login scripts} on the server
663 generating output. PSCP or PSFTP will receive that output when they
664 were expecting to see the start of a file transfer protocol, and
665 they will attempt to interpret the output as file-transfer protocol.
666 This will usually lead to an \q{out of memory} error for much the
667 same reasons as given in \k{faq-outofmem}.
668
669 This is a setup problem in your account on your server, \e{not} a
670 PSCP/PSFTP bug. Your login scripts should \e{never} generate output
671 during non-interactive sessions; secure file transfer is not the
672 only form of remote access that will break if they do.
673
674 On Unix, a simple fix is to ensure that all the parts of your login
675 script that might generate output are in \c{.profile} (if you use a
676 Bourne shell derivative) or \c{.login} (if you use a C shell).
677 Putting them in more general files such as \c{.bashrc} or \c{.cshrc}
678 is liable to lead to problems.
679
680 \S{faq-psftp-slow}{Question} PSFTP transfers files much slower than PSCP.
681
682 The throughput of PSFTP 0.54 should be much better than 0.53b and
683 prior; we've added code to the SFTP backend to queue several blocks
684 of data rather than waiting for an acknowledgement for each. (The
685 SCP backend did not suffer from this performance issue because SCP
686 is a much simpler protocol.)
687
688 \S{faq-bce}{Question} When I run full-colour applications, I see
689 areas of black space where colour ought to be, or vice versa.
690
691 You almost certainly need to change the \q{Use \i{background colour} to
692 erase screen} setting in the Terminal panel. If there is too much
693 black space (the commoner situation), you should enable it, while if
694 there is too much colour, you should disable it. (See \k{config-erase}.)
695
696 In old versions of PuTTY, this was disabled by default, and would not
697 take effect until you reset the terminal (see \k{faq-resetterm}).
698 Since 0.54, it is enabled by default, and changes take effect
699 immediately.
700
701 \S{faq-resetterm}{Question} When I change some terminal settings,
702 nothing happens.
703
704 Some of the terminal options (notably \ii{Auto Wrap} and
705 background-colour screen erase) actually represent the \e{default}
706 setting, rather than the currently active setting. The server can
707 send sequences that modify these options in mid-session, but when
708 the terminal is reset (by server action, or by you choosing \q{Reset
709 Terminal} from the System menu) the defaults are restored.
710
711 In versions 0.53b and prior, if you change one of these options in
712 the middle of a session, you will find that the change does not
713 immediately take effect. It will only take effect once you reset
714 the terminal.
715
716 In version 0.54, the behaviour has changed - changes to these
717 settings take effect immediately.
718
719 \S{faq-idleout}{Question} My PuTTY sessions unexpectedly close after
720 they are \I{idle connections}idle for a while.
721
722 Some types of \i{firewall}, and almost any router doing Network Address
723 Translation (\i{NAT}, also known as IP masquerading), will forget about
724 a connection through them if the connection does nothing for too
725 long. This will cause the connection to be rudely cut off when
726 contact is resumed.
727
728 You can try to combat this by telling PuTTY to send \e{keepalives}:
729 packets of data which have no effect on the actual session, but
730 which reassure the router or firewall that the network connection is
731 still active and worth remembering about.
732
733 Keepalives don't solve everything, unfortunately; although they
734 cause greater robustness against this sort of router, they can also
735 cause a \e{loss} of robustness against network dropouts. See
736 \k{config-keepalive} in the documentation for more discussion of
737 this.
738
739 \S{faq-timeout}{Question} PuTTY's network connections time out too
740 quickly when \I{breaks in connectivity}network connectivity is
741 temporarily lost.
742
743 This is a Windows problem, not a PuTTY problem. The timeout value
744 can't be set on per application or per session basis. To increase
745 the TCP timeout globally, you need to tinker with the Registry.
746
747 On Windows 95, 98 or ME, the registry key you need to create or
748 change is
749
750 \c HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\
751 \c MSTCP\MaxDataRetries
752
753 (it must be of type DWORD in Win95, or String in Win98/ME).
754 (See MS Knowledge Base article
755 \W{http://support.microsoft.com/default.aspx?scid=kb;en-us;158474}{158474}
756 for more information.)
757
758 On Windows NT, 2000, or XP, the registry key to create or change is
759
760 \c HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\
761 \c Parameters\TcpMaxDataRetransmissions
762
763 and it must be of type DWORD.
764 (See MS Knowledge Base articles
765 \W{http://support.microsoft.com/default.aspx?scid=kb;en-us;120642}{120642}
766 and
767 \W{http://support.microsoft.com/default.aspx?scid=kb;en-us;314053}{314053}
768 for more information.)
769
770 Set the key's value to something like 10. This will cause Windows to
771 try harder to keep connections alive instead of abandoning them.
772
773 \S{faq-puttyputty}{Question} When I \cw{cat} a binary file, I get
774 \q{PuTTYPuTTYPuTTY} on my command line.
775
776 Don't do that, then.
777
778 This is designed behaviour; when PuTTY receives the character
779 Control-E from the remote server, it interprets it as a request to
780 identify itself, and so it sends back the string \q{\cw{PuTTY}} as
781 if that string had been entered at the keyboard. Control-E should
782 only be sent by programs that are prepared to deal with the
783 response. Writing a binary file to your terminal is likely to output
784 many Control-E characters, and cause this behaviour. Don't do it.
785 It's a bad plan.
786
787 To mitigate the effects, you could configure the answerback string
788 to be empty (see \k{config-answerback}); but writing binary files to
789 your terminal is likely to cause various other unpleasant behaviour,
790 so this is only a small remedy.
791
792 \S{faq-wintitle}{Question} When I \cw{cat} a binary file, my \i{window
793 title} changes to a nonsense string.
794
795 Don't do that, then.
796
797 It is designed behaviour that PuTTY should have the ability to
798 adjust the window title on instructions from the server. Normally
799 the control sequence that does this should only be sent
800 deliberately, by programs that know what they are doing and intend
801 to put meaningful text in the window title. Writing a binary file to
802 your terminal runs the risk of sending the same control sequence by
803 accident, and cause unexpected changes in the window title. Don't do
804 it.
805
806 \S{faq-password-fails}{Question} My \i{keyboard} stops working once
807 PuTTY displays the \i{password prompt}.
808
809 No, it doesn't. PuTTY just doesn't display the password you type, so
810 that someone looking at your screen can't see what it is.
811
812 Unlike the Windows login prompts, PuTTY doesn't display the password
813 as a row of asterisks either. This is so that someone looking at
814 your screen can't even tell how \e{long} your password is, which
815 might be valuable information.
816
817 \S{faq-keyboard}{Question} One or more \I{keyboard}\i{function keys}
818 don't do what I expected in a server-side application.
819
820 If you've already tried all the relevant options in the PuTTY
821 Keyboard panel, you may need to mail the PuTTY maintainers and ask.
822
823 It is \e{not} usually helpful just to tell us which application,
824 which server operating system, and which key isn't working; in order
825 to replicate the problem we would need to have a copy of every
826 operating system, and every application, that anyone has ever
827 complained about.
828
829 PuTTY responds to function key presses by sending a sequence of
830 control characters to the server. If a function key isn't doing what
831 you expect, it's likely that the character sequence your application
832 is expecting to receive is not the same as the one PuTTY is sending.
833 Therefore what we really need to know is \e{what} sequence the
834 application is expecting.
835
836 The simplest way to investigate this is to find some other terminal
837 environment, in which that function key \e{does} work; and then
838 investigate what sequence the function key is sending in that
839 situation. One reasonably easy way to do this on a \i{Unix} system is to
840 type the command \i\c{cat}, and then press the function key. This is
841 likely to produce output of the form \c{^[[11~}. You can also do
842 this in PuTTY, to find out what sequence the function key is
843 producing in that. Then you can mail the PuTTY maintainers and tell
844 us \q{I wanted the F1 key to send \c{^[[11~}, but instead it's
845 sending \c{^[OP}, can this be done?}, or something similar.
846
847 You should still read the
848 \W{http://www.chiark.greenend.org.uk/~sgtatham/putty/feedback.html}{Feedback
849 page} on the PuTTY website (also provided as \k{feedback} in the
850 manual), and follow the guidelines contained in that.
851
852 \S{faq-openssh-bad-openssl}{Question} Since my SSH server was upgraded
853 to \i{OpenSSH} 3.1p1/3.4p1, I can no longer connect with PuTTY.
854
855 There is a known problem when OpenSSH has been built against an
856 incorrect version of OpenSSL; the quick workaround is to configure
857 PuTTY to use SSH protocol 2 and the Blowfish cipher.
858
859 For more details and OpenSSH patches, see
860 \W{http://bugzilla.mindrot.org/show_bug.cgi?id=138}{bug 138} in the
861 OpenSSH BTS.
862
863 This is not a PuTTY-specific problem; if you try to connect with
864 another client you'll likely have similar problems. (Although PuTTY's
865 default cipher differs from many other clients.)
866
867 \e{OpenSSH 3.1p1:} configurations known to be broken (and symptoms):
868
869 \b SSH-2 with AES cipher (PuTTY says \q{Assertion failed! Expression:
870 (len & 15) == 0} in \cw{sshaes.c}, or \q{Out of memory}, or crashes)
871
872 \b SSH-2 with 3DES (PuTTY says \q{Incorrect MAC received on packet})
873
874 \b SSH-1 with Blowfish (PuTTY says \q{Incorrect CRC received on
875 packet})
876
877 \b SSH-1 with 3DES
878
879 \e{OpenSSH 3.4p1:} as of 3.4p1, only the problem with SSH-1 and
880 Blowfish remains. Rebuild your server, apply the patch linked to from
881 bug 138 above, or use another cipher (e.g., 3DES) instead.
882
883 \e{Other versions:} we occasionally get reports of the same symptom
884 and workarounds with older versions of OpenSSH, although it's not
885 clear the underlying cause is the same.
886
887 \S{faq-ssh2key-ssh1conn}{Question} Why do I see \q{Couldn't load
888 private key from ...}? Why can PuTTYgen load my key but not PuTTY?
889
890 It's likely that you've generated an SSH protocol 2 key with PuTTYgen,
891 but you're trying to use it in an SSH-1 connection. SSH-1 and SSH-2 keys
892 have different formats, and (at least in 0.52) PuTTY's reporting of a
893 key in the wrong format isn't optimal.
894
895 To connect using SSH-2 to a server that supports both versions, you
896 need to change the configuration from the default (see \k{faq-ssh2}).
897
898 \S{faq-rh8-utf8}{Question} When I'm connected to a \i{Red Hat Linux} 8.0
899 system, some characters don't display properly.
900
901 A common complaint is that hyphens in man pages show up as a-acute.
902
903 With release 8.0, Red Hat appear to have made \i{UTF-8} the default
904 character set. There appears to be no way for terminal emulators such
905 as PuTTY to know this (as far as we know, the appropriate escape
906 sequence to switch into UTF-8 mode isn't sent).
907
908 A fix is to configure sessions to RH8 systems to use UTF-8
909 translation - see \k{config-charset} in the documentation. (Note that
910 if you use \q{Change Settings}, changes may not take place immediately
911 - see \k{faq-resetterm}.)
912
913 If you really want to change the character set used by the server, the
914 right place is \c{/etc/sysconfig/i18n}, but this shouldn't be
915 necessary.
916
917 \S{faq-screen}{Question} Since I upgraded to PuTTY 0.54, the
918 scrollback has stopped working when I run \c{screen}.
919
920 PuTTY's terminal emulator has always had the policy that when the
921 \q{\i{alternate screen}} is in use, nothing is added to the scrollback.
922 This is because the usual sorts of programs which use the alternate
923 screen are things like text editors, which tend to scroll back and
924 forth in the same document a lot; so (a) they would fill up the
925 scrollback with a large amount of unhelpfully disordered text, and
926 (b) they contain their \e{own} method for the user to scroll back to
927 the bit they were interested in. We have generally found this policy
928 to do the Right Thing in almost all situations.
929
930 Unfortunately, \c{screen} is one exception: it uses the alternate
931 screen, but it's still usually helpful to have PuTTY's scrollback
932 continue working. The simplest solution is to go to the Features
933 control panel and tick \q{Disable switching to alternate terminal
934 screen}. (See \k{config-features-altscreen} for more details.)
935 Alternatively, you can tell \c{screen} itself not to use the
936 alternate screen: the
937 \W{http://www4.informatik.uni-erlangen.de/~jnweiger/screen-faq.html}{\c{screen}
938 FAQ} suggests adding the line \cq{termcapinfo xterm ti@:te@} to your
939 \cw{.screenrc} file.
940
941 The reason why this only started to be a problem in 0.54 is because
942 \c{screen} typically uses an unusual control sequence to switch to
943 the alternate screen, and previous versions of PuTTY did not support
944 this sequence.
945
946 \S{faq-alternate-localhost}{Question} Since I upgraded \i{Windows XP}
947 to Service Pack 2, I can't use addresses like \cw{127.0.0.2}.
948
949 Some people who ask PuTTY to listen on \i{localhost} addresses other
950 than \cw{127.0.0.1} to forward services such as \i{SMB} and \i{Windows
951 Terminal Services} have found that doing so no longer works since
952 they upgraded to WinXP SP2.
953
954 This is apparently an issue with SP2 that is acknowledged by Microsoft
955 in MS Knowledge Base article
956 \W{http://support.microsoft.com/default.aspx?scid=kb;en-us;884020}{884020}.
957 The article links to a fix you can download.
958
959 (\e{However}, we've been told that SP2 \e{also} fixes the bug that
960 means you need to use non-\cw{127.0.0.1} addresses to forward
961 Terminal Services in the first place.)
962
963 \S{faq-missing-slash}{Question} PSFTP commands seem to be missing a
964 directory separator (slash).
965
966 Some people have reported the following incorrect behaviour with
967 PSFTP:
968
969 \c psftp> pwd
970 \e iii
971 \c Remote directory is /dir1/dir2
972 \c psftp> get filename.ext
973 \e iiiiiiiiiiiiiiii
974 \c /dir1/dir2filename.ext: no such file or directory
975
976 This is not a bug in PSFTP. There is a known bug in some versions of
977 portable \i{OpenSSH}
978 (\W{http://bugzilla.mindrot.org/show_bug.cgi?id=697}{bug 697}) that
979 causes these symptoms; it appears to have been introduced around
980 3.7.x. It manifests only on certain platforms (AIX is what has been
981 reported to us).
982
983 There is a patch for OpenSSH attached to that bug; it's also fixed in
984 recent versions of portable OpenSSH (from around 3.8).
985
986 \S{faq-connaborted}{Question} Do you want to hear about \q{Software
987 caused connection abort}?
988
989 In the documentation for PuTTY 0.53 and 0.53b, we mentioned that we'd
990 like to hear about any occurrences of this error. Since the release
991 of PuTTY 0.54, however, we've been convinced that this error doesn't
992 indicate that PuTTY's doing anything wrong, and we don't need to hear
993 about further occurrences. See \k{errors-connaborted} for our current
994 documentation of this error.
995
996 \S{faq-rekey}{Question} My SSH-2 session \I{locking up, SSH-2
997 sessions}locks up for a few seconds every so often.
998
999 Recent versions of PuTTY automatically initiate \i{repeat key
1000 exchange} once per hour, to improve session security. If your client
1001 or server machine is slow, you may experience this as a delay of
1002 anything up to thirty seconds or so.
1003
1004 These \I{delays, in SSH-2 sessions}delays are inconvenient, but they
1005 are there for your protection. If they really cause you a problem,
1006 you can choose to turn off periodic rekeying using the \q{Kex}
1007 configuration panel (see \k{config-ssh-kex}), but be aware that you
1008 will be sacrificing security for this. (Falling back to SSH-1 would
1009 also remove the delays, but would lose a \e{lot} more security
1010 still. We do not recommend it.)
1011
1012 \S{faq-xpwontrun}{Question} PuTTY fails to start up. Windows claims that
1013 \q{the application configuration is incorrect}.
1014
1015 This is caused by a bug in certain versions of \i{Windows XP} which
1016 is triggered by PuTTY 0.58. This was fixed in 0.59. The
1017 \W{http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/xp-wont-run}{\q{xp-wont-run}}
1018 entry in PuTTY's wishlist has more details.
1019
1020 \H{faq-secure} Security questions
1021
1022 \S{faq-publicpc}{Question} Is it safe for me to download PuTTY and
1023 use it on a public PC?
1024
1025 It depends on whether you trust that PC. If you don't trust the
1026 public PC, don't use PuTTY on it, and don't use any other software
1027 you plan to type passwords into either. It might be watching your
1028 keystrokes, or it might tamper with the PuTTY binary you download.
1029 There is \e{no} program safe enough that you can run it on an
1030 actively malicious PC and get away with typing passwords into it.
1031
1032 If you do trust the PC, then it's probably OK to use PuTTY on it
1033 (but if you don't trust the network, then the PuTTY download might
1034 be tampered with, so it would be better to carry PuTTY with you on a
1035 floppy).
1036
1037 \S{faq-cleanup}{Question} What does PuTTY leave on a system? How can
1038 I \i{clean up} after it?
1039
1040 PuTTY will leave some Registry entries, and a random seed file, on
1041 the PC (see \k{faq-settings}). If you are using PuTTY on a public
1042 PC, or somebody else's PC, you might want to clean these up when you
1043 leave. You can do that automatically, by running the command
1044 \c{putty -cleanup}. (Note that this only removes settings for
1045 the currently logged-in user on \i{multi-user systems}.)
1046
1047 If PuTTY was installed from the installer package, it will also
1048 appear in \q{Add/Remove Programs}. Older versions of the uninstaller
1049 do not remove the above-mentioned registry entries and file.
1050
1051 \S{faq-dsa}{Question} How come PuTTY now supports \i{DSA}, when the
1052 website used to say how insecure it was?
1053
1054 DSA has a major weakness \e{if badly implemented}: it relies on a
1055 random number generator to far too great an extent. If the random
1056 number generator produces a number an attacker can predict, the DSA
1057 private key is exposed - meaning that the attacker can log in as you
1058 on all systems that accept that key.
1059
1060 The PuTTY policy changed because the developers were informed of
1061 ways to implement DSA which do not suffer nearly as badly from this
1062 weakness, and indeed which don't need to rely on random numbers at
1063 all. For this reason we now believe PuTTY's DSA implementation is
1064 probably OK. However, if you have the choice, we still recommend you
1065 use RSA instead.
1066
1067 \S{faq-virtuallock}{Question} Couldn't Pageant use
1068 \cw{VirtualLock()} to stop private keys being written to disk?
1069
1070 Unfortunately not. The \cw{VirtualLock()} function in the Windows
1071 API doesn't do a proper job: it may prevent small pieces of a
1072 process's memory from being paged to disk while the process is
1073 running, but it doesn't stop the process's memory as a whole from
1074 being swapped completely out to disk when the process is long-term
1075 inactive. And Pageant spends most of its time inactive.
1076
1077 \H{faq-admin} Administrative questions
1078
1079 \S{faq-domain}{Question} Would you like me to register you a nicer
1080 domain name?
1081
1082 No, thank you. Even if you can find one (most of them seem to have
1083 been registered already, by people who didn't ask whether we
1084 actually wanted it before they applied), we're happy with the PuTTY
1085 web site being exactly where it is. It's not hard to find (just type
1086 \q{putty} into \W{http://www.google.com/}{google.com} and we're the
1087 first link returned), and we don't believe the administrative hassle
1088 of moving the site would be worth the benefit.
1089
1090 In addition, if we \e{did} want a custom domain name, we would want
1091 to run it ourselves, so we knew for certain that it would continue
1092 to point where we wanted it, and wouldn't suddenly change or do
1093 strange things. Having it registered for us by a third party who we
1094 don't even know is not the best way to achieve this.
1095
1096 \S{faq-webhosting}{Question} Would you like free web hosting for the
1097 PuTTY web site?
1098
1099 We already have some, thanks.
1100
1101 \S{faq-link}{Question} Would you link to my web site from the PuTTY
1102 web site?
1103
1104 Only if the content of your web page is of definite direct interest
1105 to PuTTY users. If your content is unrelated, or only tangentially
1106 related, to PuTTY, then the link would simply be advertising for
1107 you.
1108
1109 One very nice effect of the Google ranking mechanism is that by and
1110 large, the most popular web sites get the highest rankings. This
1111 means that when an ordinary person does a search, the top item in
1112 the search is very likely to be a high-quality site or the site they
1113 actually wanted, rather than the site which paid the most money for
1114 its ranking.
1115
1116 The PuTTY web site is held in high esteem by Google, for precisely
1117 this reason: lots of people have linked to it simply because they
1118 like PuTTY, without us ever having to ask anyone to link to us. We
1119 feel that it would be an abuse of this esteem to use it to boost the
1120 ranking of random advertisers' web sites. If you want your web site
1121 to have a high Google ranking, we'd prefer that you achieve this the
1122 way we did - by being good enough at what you do that people will
1123 link to you simply because they like you.
1124
1125 In particular, we aren't interested in trading links for money (see
1126 above), and we \e{certainly} aren't interested in trading links for
1127 other links (since we have no advertising on our web site, our
1128 Google ranking is not even directly worth anything to us). If we
1129 don't want to link to you for free, then we probably won't want to
1130 link to you at all.
1131
1132 If you have software based on PuTTY, or specifically designed to
1133 interoperate with PuTTY, or in some other way of genuine interest to
1134 PuTTY users, then we will probably be happy to add a link to you on
1135 our Links page. And if you're running a particularly valuable mirror
1136 of the PuTTY web site, we might be interested in linking to you from
1137 our Mirrors page.
1138
1139 \S{faq-sourceforge}{Question} Why don't you move PuTTY to
1140 SourceForge?
1141
1142 Partly, because we don't want to move the web site location (see
1143 \k{faq-domain}).
1144
1145 Also, security reasons. PuTTY is a security product, and as such it
1146 is particularly important to guard the code and the web site against
1147 unauthorised modifications which might introduce subtle security
1148 flaws. Therefore, we prefer that the Subversion repository, web site and
1149 FTP site remain where they are, under the direct control of system
1150 administrators we know and trust personally, rather than being run
1151 by a large organisation full of people we've never met and which is
1152 known to have had breakins in the past.
1153
1154 No offence to SourceForge; I think they do a wonderful job. But
1155 they're not ideal for everyone, and in particular they're not ideal
1156 for us.
1157
1158 \S{faq-mailinglist1}{Question} Why can't I subscribe to the
1159 putty-bugs mailing list?
1160
1161 Because you're not a member of the PuTTY core development team. The
1162 putty-bugs mailing list is not a general newsgroup-like discussion
1163 forum; it's a contact address for the core developers, and an
1164 \e{internal} mailing list for us to discuss things among ourselves.
1165 If we opened it up for everybody to subscribe to, it would turn into
1166 something more like a newsgroup and we would be completely
1167 overwhelmed by the volume of traffic. It's hard enough to keep up
1168 with the list as it is.
1169
1170 \S{faq-mailinglist2}{Question} If putty-bugs isn't a
1171 general-subscription mailing list, what is?
1172
1173 There isn't one, that we know of.
1174
1175 If someone else wants to set up a mailing list or other forum for
1176 PuTTY users to help each other with common problems, that would be
1177 fine with us, though the PuTTY team would almost certainly not have the
1178 time to read it. It's probably better to use one of the established
1179 newsgroups for this purpose (see \k{feedback-other-fora}).
1180
1181 \S{faq-donations}{Question} How can I donate to PuTTY development?
1182
1183 Please, \e{please} don't feel you have to. PuTTY is completely free
1184 software, and not shareware. We think it's very important that
1185 \e{everybody} who wants to use PuTTY should be able to, whether they
1186 have any money or not; so the last thing we would want is for a
1187 PuTTY user to feel guilty because they haven't paid us any money. If
1188 you want to keep your money, please do keep it. We wouldn't dream of
1189 asking for any.
1190
1191 Having said all that, if you still really \e{want} to give us money,
1192 we won't argue :-) The easiest way for us to accept donations is if
1193 you send money to \cw{<anakin@pobox.com>} using PayPal
1194 (\W{http://www.paypal.com/}\cw{www.paypal.com}). If you don't like
1195 PayPal, talk to us; we can probably arrange some alternative means.
1196
1197 Small donations (tens of dollars or tens of euros) will probably be
1198 spent on beer or curry, which helps motivate our volunteer team to
1199 continue doing this for the world. Larger donations will be spent on
1200 something that actually helps development, if we can find anything
1201 (perhaps new hardware, or a copy of Windows XP), but if we can't
1202 find anything then we'll just distribute the money among the
1203 developers. If you want to be sure your donation is going towards
1204 something worthwhile, ask us first. If you don't like these terms,
1205 feel perfectly free not to donate. We don't mind.
1206
1207 \S{faq-permission}{Question} Can I have permission to put PuTTY on a
1208 cover disk / distribute it with other software / etc?
1209
1210 Yes. For most things, you need not bother asking us explicitly for
1211 permission; our licence already grants you permission.
1212
1213 See \k{feedback-permission} for more details.
1214
1215 \S{faq-indemnity}{Question} Can you sign an agreement indemnifying
1216 us against security problems in PuTTY?
1217
1218 No!
1219
1220 A vendor of physical security products (e.g. locks) might plausibly
1221 be willing to accept financial liability for a product that failed
1222 to perform as advertised and resulted in damage (e.g. valuables
1223 being stolen). The reason they can afford to do this is because they
1224 sell a \e{lot} of units, and only a small proportion of them will
1225 fail; so they can meet their financial liability out of the income
1226 from all the rest of their sales, and still have enough left over to
1227 make a profit. Financial liability is intrinsically linked to
1228 selling your product for money.
1229
1230 There are two reasons why PuTTY is not analogous to a physical lock
1231 in this context. One is that software products don't exhibit random
1232 variation: \e{if} PuTTY has a security hole (which does happen,
1233 although we do our utmost to prevent it and to respond quickly when
1234 it does), every copy of PuTTY will have the same hole, so it's
1235 likely to affect all the users at the same time. So even if our
1236 users were all paying us to use PuTTY, we wouldn't be able to
1237 \e{simultaneously} pay every affected user compensation in excess of
1238 the amount they had paid us in the first place. It just wouldn't
1239 work.
1240
1241 The second, much more important, reason is that PuTTY users
1242 \e{don't} pay us. The PuTTY team does not have an income; it's a
1243 volunteer effort composed of people spending their spare time to try
1244 to write useful software. We aren't even a company or any kind of
1245 legally recognised organisation. We're just a bunch of people who
1246 happen to do some stuff in our spare time.
1247
1248 Therefore, to ask us to assume financial liability is to ask us to
1249 assume a risk of having to pay it out of our own \e{personal}
1250 pockets: out of the same budget from which we buy food and clothes
1251 and pay our rent. That's more than we're willing to give. We're
1252 already giving a lot of our spare \e{time} to developing software
1253 for free; if we had to pay our own \e{money} to do it as well, we'd
1254 start to wonder why we were bothering.
1255
1256 Free software fundamentally does not work on the basis of financial
1257 guarantees. Your guarantee of the software functioning correctly is
1258 simply that you have the source code and can check it before you use
1259 it. If you want to be sure there aren't any security holes, do a
1260 security audit of the PuTTY code, or hire a security engineer if you
1261 don't have the necessary skills yourself: instead of trying to
1262 ensure you can get compensation in the event of a disaster, try to
1263 ensure there isn't a disaster in the first place.
1264
1265 If you \e{really} want financial security, see if you can find a
1266 security engineer who will take financial responsibility for the
1267 correctness of their review. (This might be less likely to suffer
1268 from the everything-failing-at-once problem mentioned above, because
1269 such an engineer would probably be reviewing a lot of \e{different}
1270 products which would tend to fail independently.) Failing that, see
1271 if you can persuade an insurance company to insure you against
1272 security incidents, and if the insurer demands it as a condition
1273 then get our code reviewed by a security engineer they're happy
1274 with.
1275
1276 \S{faq-permission-form}{Question} Can you sign this form granting us
1277 permission to use/distribute PuTTY?
1278
1279 If your form contains any clause along the lines of \q{the
1280 undersigned represents and warrants}, we're not going to sign it.
1281 This is particularly true if it asks us to warrant that PuTTY is
1282 secure; see \k{faq-indemnity} for more discussion of this. But it
1283 doesn't really matter what we're supposed to be warranting: even if
1284 it's something we already believe is true, such as that we don't
1285 infringe any third-party copyright, we will not sign a document
1286 accepting any legal or financial liability. This is simply because
1287 the PuTTY development project has no income out of which to satisfy
1288 that liability, or pay legal costs, should it become necessary. We
1289 cannot afford to be sued. We are assuring you that \e{we have done
1290 our best}; if that isn't good enough for you, tough.
1291
1292 The existing PuTTY licence document already gives you permission to
1293 use or distribute PuTTY in pretty much any way which does not
1294 involve pretending you wrote it or suing us if it goes wrong. We
1295 think that really ought to be enough for anybody.
1296
1297 See also \k{faq-permission-general} for another reason why we don't
1298 want to do this sort of thing.
1299
1300 \S{faq-permission-future}{Question} Can you write us a formal notice
1301 of permission to use PuTTY?
1302
1303 We could, in principle, but it isn't clear what use it would be. If
1304 you think there's a serious chance of one of the PuTTY copyright
1305 holders suing you (which we don't!), you would presumably want a
1306 signed notice from \e{all} of them; and we couldn't provide that
1307 even if we wanted to, because many of the copyright holders are
1308 people who contributed some code in the past and with whom we
1309 subsequently lost contact. Therefore the best we would be able to do
1310 \e{even in theory} would be to have the core development team sign
1311 the document, which wouldn't guarantee you that some other copyright
1312 holder might not sue.
1313
1314 See also \k{faq-permission-general} for another reason why we don't
1315 want to do this sort of thing.
1316
1317 \S{faq-permission-general}{Question} Can you sign \e{anything} for
1318 us?
1319
1320 Not unless there's an incredibly good reason.
1321
1322 We are generally unwilling to set a precedent that involves us
1323 having to enter into individual agreements with PuTTY users. We
1324 estimate that we have literally \e{millions} of users, and we
1325 absolutely would not have time to go round signing specific
1326 agreements with every one of them. So if you want us to sign
1327 something specific for you, you might usefully stop to consider
1328 whether there's anything special that distinguishes you from 999,999
1329 other users, and therefore any reason we should be willing to sign
1330 something for you without it setting such a precedent.
1331
1332 If your company policy requires you to have an individual agreement
1333 with the supplier of any software you use, then your company policy
1334 is simply not well suited to using popular free software, and we
1335 urge you to consider this as a flaw in your policy.
1336
1337 \S{faq-permission-assurance}{Question} If you won't sign anything,
1338 can you give us some sort of assurance that you won't make PuTTY
1339 closed-source in future?
1340
1341 Yes and no.
1342
1343 If what you want is an assurance that some \e{current version} of
1344 PuTTY which you've already downloaded will remain free, then you
1345 already have that assurance: it's called the PuTTY Licence. It
1346 grants you permission to use, distribute and copy the software to
1347 which it applies; once we've granted that permission (which we
1348 have), we can't just revoke it.
1349
1350 On the other hand, if you want an assurance that \e{future} versions
1351 of PuTTY won't be closed-source, that's more difficult. We could in
1352 principle sign a document stating that we would never release a
1353 closed-source PuTTY, but that wouldn't assure you that we \e{would}
1354 keep releasing \e{open}-source PuTTYs: we would still have the
1355 option of ceasing to develop PuTTY at all, which would surely be
1356 even worse for you than making it closed-source! (And we almost
1357 certainly wouldn't \e{want} to sign a document guaranteeing that we
1358 would actually continue to do development work on PuTTY; we
1359 certainly wouldn't sign it for free. Documents like that are called
1360 contracts of employment, and are generally not signed except in
1361 return for a sizeable salary.)
1362
1363 If we \e{were} to stop developing PuTTY, or to decide to make all
1364 future releases closed-source, then you would still be free to copy
1365 the last open release in accordance with the current licence, and in
1366 particular you could start your own fork of the project from that
1367 release. If this happened, I confidently predict that \e{somebody}
1368 would do that, and that some kind of a free PuTTY would continue to
1369 be developed. There's already precedent for that sort of thing
1370 happening in free software. We can't guarantee that somebody
1371 \e{other than you} would do it, of course; you might have to do it
1372 yourself. But we can assure you that there would be nothing
1373 \e{preventing} anyone from continuing free development if we
1374 stopped.
1375
1376 (Finally, we can also confidently predict that if we made PuTTY
1377 closed-source and someone made an open-source fork, most people
1378 would switch to the latter. Therefore, it would be pretty stupid of
1379 us to try it.)
1380
1381 \S{faq-export-cert}{Question} Can you provide us with export control
1382 information / FIPS certification for PuTTY?
1383
1384 Some people have asked us for an Export Control Classification Number
1385 (ECCN) for PuTTY. We don't know whether we have one, and as a team of
1386 free software developers based in the UK we don't have the time,
1387 money, or effort to deal with US bureaucracy to investigate any
1388 further. We believe that PuTTY falls under 5D002 on the US Commerce
1389 Control List, but that shouldn't be taken as definitive. If you need
1390 to know more you should seek professional legal advice. The same
1391 applies to any other country's legal requirements and restrictions.
1392
1393 Similarly, some people have asked us for FIPS certification of the
1394 PuTTY tools. Unless someone else is prepared to do the necessary work
1395 and pay any costs, we can't provide this.
1396
1397 \H{faq-misc} Miscellaneous questions
1398
1399 \S{faq-openssh}{Question} Is PuTTY a port of \i{OpenSSH}, or based on
1400 OpenSSH or OpenSSL?
1401
1402 No, it isn't. PuTTY is almost completely composed of code written
1403 from scratch for PuTTY. The only code we share with OpenSSH is the
1404 detector for SSH-1 CRC compensation attacks, written by CORE SDI
1405 S.A; we share no code at all with OpenSSL.
1406
1407 \S{faq-sillyputty}{Question} Where can I buy silly putty?
1408
1409 You're looking at the wrong web site; the only PuTTY we know about
1410 here is the name of a computer program.
1411
1412 If you want the kind of putty you can buy as an executive toy, the
1413 PuTTY team can personally recommend Thinking Putty, which you can
1414 buy from Crazy Aaron's Putty World, at
1415 \W{http://www.puttyworld.com}\cw{www.puttyworld.com}.
1416
1417 \S{faq-meaning}{Question} What does \q{PuTTY} mean?
1418
1419 It's the name of a popular SSH and Telnet client. Any other meaning
1420 is in the eye of the beholder. It's been rumoured that \q{PuTTY}
1421 is the antonym of \q{\cw{getty}}, or that it's the stuff that makes your
1422 Windows useful, or that it's a kind of plutonium Teletype. We
1423 couldn't possibly comment on such allegations.
1424
1425 \S{faq-pronounce}{Question} How do I pronounce \q{PuTTY}?
1426
1427 Exactly like the English word \q{putty}, which we pronounce
1428 /\u02C8{'}p\u028C{V}ti/.