-\versionid $Id: faq.but,v 1.25 2002/05/11 16:45:29 simon Exp $
+\versionid $Id: faq.but,v 1.37 2002/11/02 16:27:17 simon Exp $
\A{faq} PuTTY FAQ
\S{faq-ssh2-keyfmt}{Question} Does PuTTY support reading OpenSSH or
\cw{ssh.com} SSHv2 private key files?
-Version 0.52 doesn't, but in the latest development snapshots
-PuTTYgen can load OpenSSH private keys. We plan to add an export
-feature so that it can save them as well, and we also plan to
-support the \cw{ssh.com} key format.
+PuTTY doesn't support this natively, but as of 0.53
+PuTTYgen can convert both OpenSSH and \cw{ssh.com} private key
+files into PuTTY's format.
\S{faq-ssh1}{Question} Does PuTTY support SSH v1?
\H{faq-ports} Ports to other operating systems
The eventual goal is for PuTTY to be a multi-platform program, able
-to run on at least Windows, MacOS and Unix. Whether this will
-actually ever happen I have no idea, but it is the plan. A Mac port
-has been started, but is only half-finished and currently not moving
-very fast.
+to run on at least Windows, MacOS and Unix.
Porting will become easier once PuTTY has a generalised porting
layer, drawing a clear line between platform-dependent and
-platform-independent code. The general intention is for this porting
-layer to evolve naturally as part of the process of doing the first
-port. One particularly nasty part of this will be separating the
-many configuration options into platform-dependent and
-platform-independent ones; for example, the options controlling when
-the Windows System menu appears will be pretty much meaningless
-under X11 or perhaps other windowing systems, whereas Telnet Passive
-Mode is universal and shouldn't need to be specified once for each
-platform.
+platform-independent code. The general intention was for this
+porting layer to evolve naturally as part of the process of doing
+the first port; a Unix port is now under way and the plan seems to
+be working so far.
\S{faq-ports-general}{Question} What ports of PuTTY exist?
-Currently, PuTTY only runs on full Win32 systems. This includes
-Windows 95, 98, and ME, and it includes Windows NT, Windows 2000 and
-Windows XP.
+Currently, release versions of PuTTY only run on full Win32 systems.
+This includes Windows 95, 98, and ME, and it includes Windows NT,
+Windows 2000 and Windows XP. In the development code, a partial port
+to Unix is under way (see \k{faq-unix}).
-It does \e{not} include Windows CE (see \k{faq-wince}), and it does
-not quite include the Win32s environment under Windows 3.1 (see
-\k{faq-win31}).
+Currently PuTTY does \e{not} run on Windows CE (see \k{faq-wince}),
+and it does not quite run on the Win32s environment under Windows
+3.1 (see \k{faq-win31}).
-We do not have ports for any other systems at the present time. If
-anyone told you we had a Unix port, or an iPaq port, or any other
-port of PuTTY, they were mistaken. We don't.
+We do not have release-quality ports for any other systems at the
+present time. If anyone told you we had a Mac port, or an iPaq port,
+or any other port of PuTTY, they were mistaken. We don't.
-\S{faq-wince}{Question} Will there be a port to Windows CE?
+\S{faq-unix}{Question} Will there be a port to Unix?
+
+It's currently being worked on. If you look at the nightly source
+snapshots, you should find a \c{unix} subdirectory, which should
+build you a Unix port of Plink, and also \c{pterm} - an
+\cw{xterm}-type program which supports the same terminal emulation
+as PuTTY.
+
+It isn't yet clear whether we will bother combining the terminal
+emulator and network back end into the same process, to provide a
+Unix port of the full GUI form of PuTTY. It wouldn't be as useful a
+thing on Unix as it would be on Windows; its major value would
+probably be as a pathfinding effort for other ports. If anyone
+really wants it, we'd be interested to know why :-)
+
+\S{faq-wince}{Question} Will there be a port to Windows CE or PocketPC?
Probably not in the particularly near future. Despite sharing large
parts of the Windows API, in practice WinCE doesn't appear to be
so it's not clear how quickly development would resume even if
developer effort were available.
-\S{faq-unix}{Question} Will there be a port to Unix?
-
-I hope so, if only so that I can have an \cw{xterm}-like program
-that supports exactly the same terminal emulation as PuTTY. If and
-when we do do a Unix port, it will have a local-terminal back end so
-it can be used like an \cw{xterm}, rather than only being usable as
-a network utility.
-
\S{faq-epoc}{Question} Will there be a port to EPOC?
I hope so, but given that ports aren't really progressing very fast
create a Windows shortcut that invokes PuTTY with a command line
like
-\c \path\name\to\putty.exe @mysession
+\c \path\name\to\putty.exe -load mysession
+
+(Note: prior to 0.53, the syntax was \c{@session}. This is now
+deprecated and may be removed at some point.)
\S{faq-startssh}{Question} How can I start an SSH session straight
from the command line?
This is a new feature in version 0.52. You should upgrade.
\S{faq-options}{Question} How do I use all PuTTY's features (public
-keys, port forwarding, SSH v2, etc.) in PSCP, PSFTP and Plink?
+keys, proxying, cipher selection, etc.) in PSCP, PSFTP and Plink?
+
+Most major features (e.g., public keys, port forwarding) are available
+through command line options. See the documentation.
-The command-line tools are currently rather short of command line
-options to enable this sort of thing. However, you can use most of
+Not all features are accessible from the command line yet, although
+we'd like to fix this. In the meantime, you can use most of
PuTTY's features if you create a PuTTY saved session, and then use
the name of the saved session on the command line in place of a
hostname. This works for PSCP, PSFTP and Plink (but don't expect
repeated one hour after the start of the connection, and PuTTY will
get this wrong.
-Upgrade to version 0.52 and the problem should go away.
+Upgrade to version 0.52 or better and the problem should go away.
\S{faq-outofmem}{Question} After trying to establish an SSH 2
connection, PuTTY says \q{Out of memory} and dies.
AltGr key.
In PuTTY version 0.51, the AltGr key was broken. Upgrade to version
-0.52.
+0.52 or better.
\S{faq-idleout}{Question} My PuTTY sessions unexpectedly close after
they are idle for a while.
page} on the PuTTY website (also provided as \k{feedback} in the
manual), and follow the guidelines contained in that.
-\S{faq-broken-openssh31}{Question} Since my SSH server was upgraded to
-OpenSSH 3.1p1, I can no longer connect with PuTTY.
+\S{faq-openssh-bad-openssl}{Question} Since my SSH server was upgraded
+to OpenSSH 3.1p1/3.4p1, I can no longer connect with PuTTY.
There is a known problem when OpenSSH has been built against an
incorrect version of OpenSSL; the quick workaround is to configure
PuTTY to use SSH protocol 2 and the Blowfish cipher.
+For more details and OpenSSH patches, see
+\W{http://bugzilla.mindrot.org/show_bug.cgi?id=138}{bug 138} in the
+OpenSSH BTS.
+
This is not a PuTTY-specific problem; if you try to connect with
-another client you'll likely have similar problems.
+another client you'll likely have similar problems. (Although PuTTY's
+default cipher differs from many other clients.)
-Configurations known to be broken (and symptoms):
+\e{OpenSSH 3.1p1:} configurations known to be broken (and symptoms):
\b SSH 2 with AES cipher (PuTTY says "Assertion failed! Expression:
(len & 15) == 0" in sshaes.c, or "Out of memory", or crashes)
\b SSH 1 with 3DES
-For more details and OpenSSH patches, see
-\W{http://bugzilla.mindrot.org/show_bug.cgi?id=138}{bug 138} in the
-OpenSSH BTS.
+\e{OpenSSH 3.4p1:} as of 3.4p1, only the problem with SSH 1 and
+Blowfish remains. Rebuild your server, apply the patch linked to from
+bug 138 above, or use another cipher (e.g., 3DES) instead.
+
+\e{Other versions:} we occasionally get reports of the same symptom
+and workarounds with older versions of OpenSSH, although it's not
+clear the underlying cause is the same.
+
+\S{faq-ssh2key-ssh1conn}{Question} Why do I see "Couldn't load private
+key from ..."? Why can PuTTYgen load my key but not PuTTY?
+
+It's likely that you've generated an SSH protocol 2 key with PuTTYgen,
+but you're trying to use it in an SSH 1 connection. SSH1 and SSH2 keys
+have different formats, and (at least in 0.52) PuTTY's reporting of a
+key in the wrong format isn't optimal.
+
+To connect using SSH 2 to a server that supports both versions, you
+need to change the configuration from the default (see \k{faq-ssh2}).
\H{faq-secure} Security questions
probably OK. However, if you have the choice, we still recommend you
use RSA instead.
+\S{faq-virtuallock}{Question} Couldn't Pageant use
+\cw{VirtualLock()} to stop private keys being written to disk?
+
+Unfortunately not. The \cw{VirtualLock()} function in the Windows
+API doesn't do a proper job: it may prevent small pieces of a
+process's memory from being paged to disk while the process is
+running, but it doesn't stop the process's memory as a whole from
+being swapped completely out to disk when the process is long-term
+inactive. And Pageant spends most of its time inactive.
+
\H{faq-admin} Administrative questions
\S{faq-domain}{Question} Would you like me to register you a nicer
something worthwhile, ask us first. If you don't like these terms,
feel perfectly free not to donate. We don't mind.
+\H{faq-misc} Miscellaneous questions
+
+\S{faq-openssh}{Question} Is PuTTY a port of OpenSSH, or based on
+OpenSSH?
+
+No, it isn't. PuTTY is almost completely composed of code written
+from scratch for PuTTY. The only code we share with OpenSSH is the
+detector for SSH1 CRC compensation attacks, written by CORE SDI S.A.
+
\S{faq-sillyputty}{Question} Where can I buy silly putty?
You're looking at the wrong web site; the only PuTTY we know about
projects / u / mdw / putty / blobdiff