-\versionid $Id: faq.but,v 1.20 2002/02/04 13:52:05 simon Exp $
+\versionid $Id: faq.but,v 1.31 2002/08/09 09:11:09 simon Exp $
\A{faq} PuTTY FAQ
\S{faq-ssh2-keyfmt}{Question} Does PuTTY support reading OpenSSH or
\cw{ssh.com} SSHv2 private key files?
-Not at present. OpenSSH and \cw{ssh.com} have totally different
-formats for private key files, and neither one is particularly
-pleasant, so PuTTY has its own. We do plan to write a converter at
-some stage.
+Version 0.52 doesn't, but in the latest development snapshots
+PuTTYgen can load and save both OpenSSH and \cw{ssh.com} private key
+files.
\S{faq-ssh1}{Question} Does PuTTY support SSH v1?
server instead); but it doesn't necessarily mean you've actually run
out of memory.
+\S{faq-outofmem2}{Question} When attempting a file transfer, either
+PSCP or PSFTP says \q{Out of memory} and dies.
+
+This is almost always caused by your login scripts on the server
+generating output. PSCP or PSFTP will receive that output when they
+were expecting to see the start of a file transfer protocol, and
+they will attempt to interpret the output as file-transfer protocol.
+This will usually lead to an \q{out of memory} error for much the
+same reasons as given in \k{faq-outofmem}.
+
+This is a setup problem in your account on your server, \e{not} a
+PSCP/PSFTP bug. Your login scripts should \e{never} generate output
+during non-interactive sessions; secure file transfer is not the
+only form of remote access that will break if they do.
+
+On Unix, a simple fix is to ensure that all the parts of your login
+script that might generate output are in \c{.profile} (if you use a
+Bourne shell derivative) or \c{.login} (if you use a C shell).
+Putting them in more general files such as \c{.bashrc} or \c{.cshrc}
+is liable to lead to problems.
+
+\S{faq-psftp-slow} PSFTP transfers files much slower than PSCP.
+
+We believe this is because the SFTP and SSH2 protocols are less
+efficient at bulk data transfer than SCP and SSH1, because every
+block of data transferred requires an acknowledgment from the far
+end. It would in theory be possible to queue several blocks of data
+to get round this speed problem, but as yet we haven't done the
+coding. If you really want this fixed, feel free to offer to help.
+
\S{faq-bce}{Question} When I run full-colour applications, I see
areas of black space where colour ought to be.
page} on the PuTTY website (also provided as \k{feedback} in the
manual), and follow the guidelines contained in that.
+\S{faq-broken-openssh31}{Question} Since my SSH server was upgraded to
+OpenSSH 3.1p1, I can no longer connect with PuTTY.
+
+There is a known problem when OpenSSH has been built against an
+incorrect version of OpenSSL; the quick workaround is to configure
+PuTTY to use SSH protocol 2 and the Blowfish cipher.
+
+This is not a PuTTY-specific problem; if you try to connect with
+another client you'll likely have similar problems.
+
+Configurations known to be broken (and symptoms):
+
+\b SSH 2 with AES cipher (PuTTY says "Assertion failed! Expression:
+(len & 15) == 0" in sshaes.c, or "Out of memory", or crashes)
+
+\b SSH 2 with 3DES (PuTTY says "Incorrect MAC received on packet")
+
+\b SSH 1 with Blowfish (PuTTY says "Incorrect CRC received on
+packet")
+
+\b SSH 1 with 3DES
+
+For more details and OpenSSH patches, see
+\W{http://bugzilla.mindrot.org/show_bug.cgi?id=138}{bug 138} in the
+OpenSSH BTS.
+
+\e{Update:} As of OpenSSH 3.4p1 the problem with SSH 1 and Blowfish
+remains. Apply the patch linked to from bug 138, or use another cipher
+(e.g., 3DES) instead.
+
+\S{faq-ssh2key-ssh1conn}{Question} Why do I see "Couldn't load private
+key from ..."? Why can PuTTYgen load my key but not PuTTY?
+
+It's likely that you've generated an SSH protocol 2 key with PuTTYgen,
+but you're trying to use it in an SSH 1 connection. SSH1 and SSH2 keys
+have different formats, and (at least in 0.52) PuTTY's reporting of a
+key in the wrong format isn't optimal.
+
+To connect using SSH 2 to a server that supports both versions, you
+need to change the configuration from the default (see \k{faq-ssh2}).
+
\H{faq-secure} Security questions
\S{faq-publicpc}{Question} Is it safe for me to download PuTTY and
probably OK. However, if you have the choice, we still recommend you
use RSA instead.
+\S{faq-virtuallock}{Question} Couldn't Pageant use \c{VirtualLock()}
+to stop private keys being written to disk?
+
+Unfortunately not. The \c{VirtualLock()} function in the Windows API
+doesn't do a proper job: it may prevent small pieces of a process's
+memory from being paged to disk while the process is running, but it
+doesn't stop the process's memory as a whole from being swapped
+completely out to disk when the process is long-term inactive. And
+Pageant spends most of its time inactive.
+
\H{faq-admin} Administrative questions
\S{faq-domain}{Question} Would you like me to register you a nicer
you go to \W{http://www.e-gold.com}\cw{www.e-gold.com}, and deposit
your donation in account number 174769. Then send us e-mail to let
us know you've done so (otherwise we might not notice for months!).
+Alternatively, if e-gold isn't convenient for you, you can donate to
+\cw{<anakin@pobox.com>} using PayPal
+(\W{http://www.paypal.com/}\cw{www.paypal.com}).
Small donations (tens of dollars or tens of euros) will probably be
spent on beer or curry, which helps motivate our volunteer team to
continue doing this for the world. Larger donations will be spent on
something that actually helps development, if we can find anything
-(perhaps new hardware, or a copy of Windows 2000), but if we can't
+(perhaps new hardware, or a copy of Windows XP), but if we can't
find anything then we'll just distribute the money among the
developers. If you want to be sure your donation is going towards
something worthwhile, ask us first. If you don't like these terms,
feel perfectly free not to donate. We don't mind.
+\H{faq-misc} Miscellaneous questions
+
+\S{faq-openssh}{Question} Is PuTTY a port of OpenSSH, or based on
+OpenSSH?
+
+No, it isn't. PuTTY is almost completely composed of code written
+from scratch for PuTTY. The only code we share with OpenSSH is the
+detector for SSH1 CRC compensation attacks, written by CORE SDI S.A.
+
\S{faq-sillyputty}{Question} Where can I buy silly putty?
You're looking at the wrong web site; the only PuTTY we know about
projects / u / mdw / putty / blobdiff