-\versionid $Id: faq.but,v 1.22 2002/03/24 13:42:30 jacob Exp $
+\versionid $Id: faq.but,v 1.35 2002/09/14 10:24:27 jacob Exp $
\A{faq} PuTTY FAQ
\S{faq-ssh2-keyfmt}{Question} Does PuTTY support reading OpenSSH or
\cw{ssh.com} SSHv2 private key files?
-Not at present. OpenSSH and \cw{ssh.com} have totally different
-formats for private key files, and neither one is particularly
-pleasant, so PuTTY has its own. We do plan to write a converter at
-some stage.
+Version 0.52 doesn't, but in the latest development snapshots
+PuTTYgen can load and save both OpenSSH and \cw{ssh.com} private key
+files.
\S{faq-ssh1}{Question} Does PuTTY support SSH v1?
anyone told you we had a Unix port, or an iPaq port, or any other
port of PuTTY, they were mistaken. We don't.
-\S{faq-wince}{Question} Will there be a port to Windows CE?
+\S{faq-wince}{Question} Will there be a port to Windows CE or PocketPC?
Probably not in the particularly near future. Despite sharing large
parts of the Windows API, in practice WinCE doesn't appear to be
server instead); but it doesn't necessarily mean you've actually run
out of memory.
+\S{faq-outofmem2}{Question} When attempting a file transfer, either
+PSCP or PSFTP says \q{Out of memory} and dies.
+
+This is almost always caused by your login scripts on the server
+generating output. PSCP or PSFTP will receive that output when they
+were expecting to see the start of a file transfer protocol, and
+they will attempt to interpret the output as file-transfer protocol.
+This will usually lead to an \q{out of memory} error for much the
+same reasons as given in \k{faq-outofmem}.
+
+This is a setup problem in your account on your server, \e{not} a
+PSCP/PSFTP bug. Your login scripts should \e{never} generate output
+during non-interactive sessions; secure file transfer is not the
+only form of remote access that will break if they do.
+
+On Unix, a simple fix is to ensure that all the parts of your login
+script that might generate output are in \c{.profile} (if you use a
+Bourne shell derivative) or \c{.login} (if you use a C shell).
+Putting them in more general files such as \c{.bashrc} or \c{.cshrc}
+is liable to lead to problems.
+
+\S{faq-psftp-slow} PSFTP transfers files much slower than PSCP.
+
+We believe this is because the SFTP and SSH2 protocols are less
+efficient at bulk data transfer than SCP and SSH1, because every
+block of data transferred requires an acknowledgment from the far
+end. It would in theory be possible to queue several blocks of data
+to get round this speed problem, but as yet we haven't done the
+coding. If you really want this fixed, feel free to offer to help.
+
\S{faq-bce}{Question} When I run full-colour applications, I see
areas of black space where colour ought to be.
page} on the PuTTY website (also provided as \k{feedback} in the
manual), and follow the guidelines contained in that.
-\S{faq-broken-openssh31}{Question} Since my SSH server was upgraded to
-OpenSSH 3.1p1, I can no longer connect with PuTTY.
+\S{faq-openssh-bad-openssl}{Question} Since my SSH server was upgraded
+to OpenSSH 3.1p1/3.4p1, I can no longer connect with PuTTY.
There is a known problem when OpenSSH has been built against an
incorrect version of OpenSSL; the quick workaround is to configure
PuTTY to use SSH protocol 2 and the Blowfish cipher.
+For more details and OpenSSH patches, see
+\W{http://bugzilla.mindrot.org/show_bug.cgi?id=138}{bug 138} in the
+OpenSSH BTS.
+
This is not a PuTTY-specific problem; if you try to connect with
-another client you'll likely have similar problems.
+another client you'll likely have similar problems. (Although PuTTY's
+default cipher differs from many other clients.)
-Configurations known to be broken and symptoms:
+\e{OpenSSH 3.1p1:} configurations known to be broken (and symptoms):
\b SSH 2 with AES cipher (PuTTY says "Assertion failed! Expression:
(len & 15) == 0" in sshaes.c, or "Out of memory", or crashes)
+\b SSH 2 with 3DES (PuTTY says "Incorrect MAC received on packet")
+
\b SSH 1 with Blowfish (PuTTY says "Incorrect CRC received on
packet")
\b SSH 1 with 3DES
-For more details and OpenSSH patches, see
-\W{http://bugzilla.mindrot.org/show_bug.cgi?id=138}{bug 138} in the
-OpenSSH BTS.
+\e{OpenSSH 3.4p1:} as of 3.4p1, only the problem with SSH 1 and
+Blowfish remains. Rebuild your server, apply the patch linked to from
+bug 138 above, or use another cipher (e.g., 3DES) instead.
+
+\e{Other versions:} we occasionally get reports of the same symptom
+and workarounds with older versions of OpenSSH, although it's not
+clear the underlying cause is the same.
+
+\S{faq-ssh2key-ssh1conn}{Question} Why do I see "Couldn't load private
+key from ..."? Why can PuTTYgen load my key but not PuTTY?
+
+It's likely that you've generated an SSH protocol 2 key with PuTTYgen,
+but you're trying to use it in an SSH 1 connection. SSH1 and SSH2 keys
+have different formats, and (at least in 0.52) PuTTY's reporting of a
+key in the wrong format isn't optimal.
+
+To connect using SSH 2 to a server that supports both versions, you
+need to change the configuration from the default (see \k{faq-ssh2}).
\H{faq-secure} Security questions
probably OK. However, if you have the choice, we still recommend you
use RSA instead.
+\S{faq-virtuallock}{Question} Couldn't Pageant use
+\cw{VirtualLock()} to stop private keys being written to disk?
+
+Unfortunately not. The \cw{VirtualLock()} function in the Windows
+API doesn't do a proper job: it may prevent small pieces of a
+process's memory from being paged to disk while the process is
+running, but it doesn't stop the process's memory as a whole from
+being swapped completely out to disk when the process is long-term
+inactive. And Pageant spends most of its time inactive.
+
\H{faq-admin} Administrative questions
\S{faq-domain}{Question} Would you like me to register you a nicer
something worthwhile, ask us first. If you don't like these terms,
feel perfectly free not to donate. We don't mind.
+\H{faq-misc} Miscellaneous questions
+
+\S{faq-openssh}{Question} Is PuTTY a port of OpenSSH, or based on
+OpenSSH?
+
+No, it isn't. PuTTY is almost completely composed of code written
+from scratch for PuTTY. The only code we share with OpenSSH is the
+detector for SSH1 CRC compensation attacks, written by CORE SDI S.A.
+
\S{faq-sillyputty}{Question} Where can I buy silly putty?
You're looking at the wrong web site; the only PuTTY we know about
projects / u / mdw / putty / blobdiff