-\versionid $Id: faq.but,v 1.18 2002/01/14 12:16:58 simon Exp $
+\versionid $Id: faq.but,v 1.35 2002/09/14 10:24:27 jacob Exp $
\A{faq} PuTTY FAQ
\S{faq-ssh2-keyfmt}{Question} Does PuTTY support reading OpenSSH or
\cw{ssh.com} SSHv2 private key files?
-Not at present. OpenSSH and \cw{ssh.com} have totally different
-formats for private key files, and neither one is particularly
-pleasant, so PuTTY has its own. We do plan to write a converter at
-some stage.
+Version 0.52 doesn't, but in the latest development snapshots
+PuTTYgen can load and save both OpenSSH and \cw{ssh.com} private key
+files.
\S{faq-ssh1}{Question} Does PuTTY support SSH v1?
have time, and we don't have motivation. The code is available if
anyone else wants to try it.
+\S{faq-pscp-ascii}{Question} Can PSCP or PSFTP transfer files in
+ASCII mode?
+
+Unfortunately not. This is a limitation of the file transfer
+protocols: the SCP and SFTP protocols have no notion of transferring
+a file in anything other than binary mode.
+
+SFTP is designed to be extensible, so it's possible that an
+extension might be proposed at some later date that implements ASCII
+transfer. But the PuTTY team can't do anything about it until that
+happens.
+
\H{faq-ports} Ports to other operating systems
The eventual goal is for PuTTY to be a multi-platform program, able
Mode is universal and shouldn't need to be specified once for each
platform.
-\S{faq-wince}{Question} Will there be a port to Windows CE?
+\S{faq-ports-general}{Question} What ports of PuTTY exist?
+
+Currently, PuTTY only runs on full Win32 systems. This includes
+Windows 95, 98, and ME, and it includes Windows NT, Windows 2000 and
+Windows XP.
+
+It does \e{not} include Windows CE (see \k{faq-wince}), and it does
+not quite include the Win32s environment under Windows 3.1 (see
+\k{faq-win31}).
+
+We do not have ports for any other systems at the present time. If
+anyone told you we had a Unix port, or an iPaq port, or any other
+port of PuTTY, they were mistaken. We don't.
+
+\S{faq-wince}{Question} Will there be a port to Windows CE or PocketPC?
Probably not in the particularly near future. Despite sharing large
parts of the Windows API, in practice WinCE doesn't appear to be
cryptographic term, and it has nothing at all to do with Ethernet
MAC (Media Access Control) addresses.
+\S{faq-pscp-protocol}{Question} Why do I see \q{Fatal: Protocol
+error: Expected control record} in PSCP?
+
+This happens because PSCP was expecting to see data from the server
+that was part of the PSCP protocol exchange, and instead it saw data
+that it couldn't make any sense of at all.
+
+This almost always happens because the startup scripts in your
+account on the server machine are generating output. This is
+impossible for PSCP, or any other SCP client, to work around. You
+should never use startup files (\c{.bashrc}, \c{.cshrc} and so on)
+which generate output in non-interactive sessions.
+
+This is not actually a PuTTY problem. If PSCP fails in this way,
+then all other SCP clients are likely to fail in exactly the same
+way. The problem is at the server end.
+
\S{faq-colours}{Question} I clicked on a colour in the Colours
panel, and the colour didn't change in my terminal.
server instead); but it doesn't necessarily mean you've actually run
out of memory.
+\S{faq-outofmem2}{Question} When attempting a file transfer, either
+PSCP or PSFTP says \q{Out of memory} and dies.
+
+This is almost always caused by your login scripts on the server
+generating output. PSCP or PSFTP will receive that output when they
+were expecting to see the start of a file transfer protocol, and
+they will attempt to interpret the output as file-transfer protocol.
+This will usually lead to an \q{out of memory} error for much the
+same reasons as given in \k{faq-outofmem}.
+
+This is a setup problem in your account on your server, \e{not} a
+PSCP/PSFTP bug. Your login scripts should \e{never} generate output
+during non-interactive sessions; secure file transfer is not the
+only form of remote access that will break if they do.
+
+On Unix, a simple fix is to ensure that all the parts of your login
+script that might generate output are in \c{.profile} (if you use a
+Bourne shell derivative) or \c{.login} (if you use a C shell).
+Putting them in more general files such as \c{.bashrc} or \c{.cshrc}
+is liable to lead to problems.
+
+\S{faq-psftp-slow} PSFTP transfers files much slower than PSCP.
+
+We believe this is because the SFTP and SSH2 protocols are less
+efficient at bulk data transfer than SCP and SSH1, because every
+block of data transferred requires an acknowledgment from the far
+end. It would in theory be possible to queue several blocks of data
+to get round this speed problem, but as yet we haven't done the
+coding. If you really want this fixed, feel free to offer to help.
+
\S{faq-bce}{Question} When I run full-colour applications, I see
areas of black space where colour ought to be.
page} on the PuTTY website (also provided as \k{feedback} in the
manual), and follow the guidelines contained in that.
+\S{faq-openssh-bad-openssl}{Question} Since my SSH server was upgraded
+to OpenSSH 3.1p1/3.4p1, I can no longer connect with PuTTY.
+
+There is a known problem when OpenSSH has been built against an
+incorrect version of OpenSSL; the quick workaround is to configure
+PuTTY to use SSH protocol 2 and the Blowfish cipher.
+
+For more details and OpenSSH patches, see
+\W{http://bugzilla.mindrot.org/show_bug.cgi?id=138}{bug 138} in the
+OpenSSH BTS.
+
+This is not a PuTTY-specific problem; if you try to connect with
+another client you'll likely have similar problems. (Although PuTTY's
+default cipher differs from many other clients.)
+
+\e{OpenSSH 3.1p1:} configurations known to be broken (and symptoms):
+
+\b SSH 2 with AES cipher (PuTTY says "Assertion failed! Expression:
+(len & 15) == 0" in sshaes.c, or "Out of memory", or crashes)
+
+\b SSH 2 with 3DES (PuTTY says "Incorrect MAC received on packet")
+
+\b SSH 1 with Blowfish (PuTTY says "Incorrect CRC received on
+packet")
+
+\b SSH 1 with 3DES
+
+\e{OpenSSH 3.4p1:} as of 3.4p1, only the problem with SSH 1 and
+Blowfish remains. Rebuild your server, apply the patch linked to from
+bug 138 above, or use another cipher (e.g., 3DES) instead.
+
+\e{Other versions:} we occasionally get reports of the same symptom
+and workarounds with older versions of OpenSSH, although it's not
+clear the underlying cause is the same.
+
+\S{faq-ssh2key-ssh1conn}{Question} Why do I see "Couldn't load private
+key from ..."? Why can PuTTYgen load my key but not PuTTY?
+
+It's likely that you've generated an SSH protocol 2 key with PuTTYgen,
+but you're trying to use it in an SSH 1 connection. SSH1 and SSH2 keys
+have different formats, and (at least in 0.52) PuTTY's reporting of a
+key in the wrong format isn't optimal.
+
+To connect using SSH 2 to a server that supports both versions, you
+need to change the configuration from the default (see \k{faq-ssh2}).
+
\H{faq-secure} Security questions
\S{faq-publicpc}{Question} Is it safe for me to download PuTTY and
probably OK. However, if you have the choice, we still recommend you
use RSA instead.
+\S{faq-virtuallock}{Question} Couldn't Pageant use
+\cw{VirtualLock()} to stop private keys being written to disk?
+
+Unfortunately not. The \cw{VirtualLock()} function in the Windows
+API doesn't do a proper job: it may prevent small pieces of a
+process's memory from being paged to disk while the process is
+running, but it doesn't stop the process's memory as a whole from
+being swapped completely out to disk when the process is long-term
+inactive. And Pageant spends most of its time inactive.
+
\H{faq-admin} Administrative questions
\S{faq-domain}{Question} Would you like me to register you a nicer
you go to \W{http://www.e-gold.com}\cw{www.e-gold.com}, and deposit
your donation in account number 174769. Then send us e-mail to let
us know you've done so (otherwise we might not notice for months!).
+Alternatively, if e-gold isn't convenient for you, you can donate to
+\cw{<anakin@pobox.com>} using PayPal
+(\W{http://www.paypal.com/}\cw{www.paypal.com}).
Small donations (tens of dollars or tens of euros) will probably be
spent on beer or curry, which helps motivate our volunteer team to
continue doing this for the world. Larger donations will be spent on
something that actually helps development, if we can find anything
-(perhaps new hardware, or a copy of Windows 2000), but if we can't
+(perhaps new hardware, or a copy of Windows XP), but if we can't
find anything then we'll just distribute the money among the
developers. If you want to be sure your donation is going towards
something worthwhile, ask us first. If you don't like these terms,
feel perfectly free not to donate. We don't mind.
+\H{faq-misc} Miscellaneous questions
+
+\S{faq-openssh}{Question} Is PuTTY a port of OpenSSH, or based on
+OpenSSH?
+
+No, it isn't. PuTTY is almost completely composed of code written
+from scratch for PuTTY. The only code we share with OpenSSH is the
+detector for SSH1 CRC compensation attacks, written by CORE SDI S.A.
+
\S{faq-sillyputty}{Question} Where can I buy silly putty?
You're looking at the wrong web site; the only PuTTY we know about
projects / u / mdw / putty / blobdiff