-\versionid $Id: faq.but,v 1.16 2001/12/29 17:00:06 simon Exp $
+\define{versionidfaq} \versionid $Id$
\A{faq} PuTTY FAQ
This FAQ is published on the PuTTY web site, and also provided as an
appendix in the manual.
+\H{faq-intro} Introduction
+
+\S{faq-what}{Question} What is PuTTY?
+
+PuTTY is a client program for the SSH, Telnet and Rlogin network
+protocols.
+
+These protocols are all used to run a remote session on a computer,
+over a network. PuTTY implements the client end of that session: the
+end at which the session is displayed, rather than the end at which
+it runs.
+
+In really simple terms: you run PuTTY on a Windows machine, and tell
+it to connect to (for example) a Unix machine. PuTTY opens a window.
+Then, anything you type into that window is sent straight to the
+Unix machine, and everything the Unix machine sends back is
+displayed in the window. So you can work on the Unix machine as if
+you were sitting at its console, while actually sitting somewhere
+else.
+
\H{faq-support} Features supported in PuTTY
In general, if you want to know if PuTTY supports a particular
development snapshots, in which case testing will be very welcome.
\b try the
-\W{http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist.html}{Wishlist
+\W{http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/}{Wishlist
page}, and see if you can find the feature there. If it's on there,
-it probably \e{hasn't} been implemented.
+and not in the \q{Recently fixed} section, it probably \e{hasn't} been
+implemented.
-\S{faq-ssh2}{Question} Does PuTTY support SSH v2?
+\S{faq-ssh2}{Question} Does PuTTY support SSH-2?
-Yes. SSH v2 support has been available in PuTTY since version 0.50.
-However, currently the \e{default} SSH protocol is v1; to select SSH
-v2 if your server supports both, go to the SSH panel and change the
-\e{Preferred SSH protocol version} option.
+Yes. SSH-2 support has been available in PuTTY since version 0.50.
-Public key authentication (both RSA and DSA) in SSH v2 has been
-added since version 0.51.
+Public key authentication (both RSA and DSA) in SSH-2 is new in
+version 0.52.
\S{faq-ssh2-keyfmt}{Question} Does PuTTY support reading OpenSSH or
-\cw{ssh.com} SSHv2 private key files?
+\cw{ssh.com} SSH-2 private key files?
-Not at present. OpenSSH and \cw{ssh.com} have totally different
-formats for private key files, and neither one is particularly
-pleasant, so PuTTY has its own. We do plan to write a converter at
-some stage.
+PuTTY doesn't support this natively, but as of 0.53
+PuTTYgen can convert both OpenSSH and \cw{ssh.com} private key
+files into PuTTY's format.
-\S{faq-ssh1}{Question} Does PuTTY support SSH v1?
+\S{faq-ssh1}{Question} Does PuTTY support SSH-1?
-Yes. SSH 1 support has always been available in PuTTY.
+Yes. SSH-1 support has always been available in PuTTY.
\S{faq-localecho}{Question} Does PuTTY support local echo?
-Yes.
+Yes. Version 0.52 has proper support for local echo.
-In version 0.51 and before, local echo cannot be separated from
+In version 0.51 and before, local echo could not be separated from
local line editing (where you type a line of text locally, and it is
not sent to the server until you press Return, so you have the
chance to edit it and correct mistakes \e{before} the server sees
-it). The two features can be enabled and disabled from the Terminal
-panel, using the checkbox marked \q{Use local terminal line
-discipline}. Note that due to a bug in those versions of PuTTY,
-changing this feature in mid-session will have no effect; you have
-to enable it \e{before} you open the connection.
-
-In later versions, local echo and local line editing are separate
-options, and by default PuTTY will try to determine automatically
-whether to enable them or not, based on which protocol you have
-selected and also based on hints from the server. If you have a
-problem with PuTTY's default choice, you can force each option to be
-enabled or disabled as you choose. The controls are in the Terminal
-panel, in the section marked \q{Line discipline options}.
+it). New in version 0.52, local echo and local line editing are
+separate options, and by default PuTTY will try to determine
+automatically whether to enable them or not, based on which protocol
+you have selected and also based on hints from the server. If you
+have a problem with PuTTY's default choice, you can force each
+option to be enabled or disabled as you choose. The controls are in
+the Terminal panel, in the section marked \q{Line discipline
+options}.
+
+\S{faq-savedsettings}{Question} Does PuTTY support storing settings,
+so I don't have to change them every time?
+
+Yes, all of PuTTY's settings can be saved in named session profiles.
+See \k{config-saving} in the documentation for how to do this.
\S{faq-disksettings}{Question} Does PuTTY support storing its
settings in a disk file?
\S{faq-fullscreen}{Question} Does PuTTY support full-screen mode,
like a DOS box?
-Not in the 0.51 release, but it has been added since then.
+Yes; this is a new feature in version 0.52.
\S{faq-password-remember}{Question} Does PuTTY have the ability to
remember my password so I don't have to type it every time?
ones will not. Adding an option to turn host key checking off
completely is the wrong solution and we will not do it.
+If you have host keys available in the common \c{known_hosts} format,
+we have a script called
+\W{http://www.tartarus.org/~simon-anonsvn/viewcvs.cgi/putty/contrib/kh2reg.py?view=markup}\c{kh2reg.py}
+to convert them to a Windows .REG file, which can be installed ahead of
+time by double-clicking or using \c{REGEDIT}.
+
\S{faq-server}{Question} Will you write an SSH server for the PuTTY
suite, to go with the client?
have time, and we don't have motivation. The code is available if
anyone else wants to try it.
+\S{faq-pscp-ascii}{Question} Can PSCP or PSFTP transfer files in
+ASCII mode?
+
+Unfortunately not.
+
+Until recently, this was a limitation of the file transfer protocols:
+the SCP and SFTP protocols had no notion of transferring a file in
+anything other than binary mode. (This is still true of SCP.)
+
+The current draft protocol spec of SFTP proposes a means of
+implementing ASCII transfer. At some point PSCP/PSFTP may implement
+this proposal.
+
\H{faq-ports} Ports to other operating systems
The eventual goal is for PuTTY to be a multi-platform program, able
-to run on at least Windows, MacOS and Unix. Whether this will
-actually ever happen I have no idea, but it is the plan. A Mac port
-has been started, but is only half-finished and currently not moving
-very fast.
+to run on at least Windows, Mac OS and Unix.
Porting will become easier once PuTTY has a generalised porting
layer, drawing a clear line between platform-dependent and
-platform-independent code. The general intention is for this porting
-layer to evolve naturally as part of the process of doing the first
-port. One particularly nasty part of this will be separating the
-many configuration options into platform-dependent and
-platform-independent ones; for example, the options controlling when
-the Windows System menu appears will be pretty much meaningless
-under X11 or perhaps other windowing systems, whereas Telnet Passive
-Mode is universal and shouldn't need to be specified once for each
-platform.
-
-\S{faq-wince}{Question} Will there be a port to Windows CE?
-
-Probably not in the particularly near future. Despite sharing large
-parts of the Windows API, in practice WinCE doesn't appear to be
-significantly easier to port to than a totally different operating
-system.
-
-However, PuTTY on portable devices would clearly be a useful thing,
-so in the long term I hope there will be a WinCE port.
+platform-independent code. The general intention was for this
+porting layer to evolve naturally as part of the process of doing
+the first port; a Unix port has now been released and the plan
+seems to be working so far.
+
+\S{faq-ports-general}{Question} What ports of PuTTY exist?
+
+Currently, release versions of PuTTY tools only run on full Win32
+systems and Unix. \q{Win32} includes Windows 95, 98, and ME, and it
+includes Windows NT, Windows 2000 and Windows XP.
+
+In the development code, a partial port to the Mac OS (see
+\k{faq-mac-port}) is under way.
+
+Currently PuTTY does \e{not} run on Windows CE (see \k{faq-wince}),
+and it does not quite run on the Win32s environment under Windows
+3.1 (see \k{faq-win31}).
+
+We do not have release-quality ports for any other systems at the
+present time. If anyone told you we had an EPOC port, or an iPaq port,
+or any other port of PuTTY, they were mistaken. We don't.
+
+There are some third-party ports to various platforms, mentioned
+on the Links page of our website.
+
+\S{faq-unix}{Question} Is there a port to Unix?
+
+As of 0.54, there are Unix ports of most of the traditional PuTTY
+tools, and also one entirely new application.
+
+If you look at the source release, you should find a \c{unix}
+subdirectory containing \c{Makefile.gtk}, which should build you Unix
+ports of Plink, PuTTY itself, PuTTYgen, PSCP, PSFTP, and also
+\c{pterm} - an \cw{xterm}-type program which supports the same
+terminal emulation as PuTTY. We do not yet have a Unix port of
+Pageant.
+
+If you don't have Gtk, you should still be able to build the
+command-line tools.
+
+Note that Unix PuTTY has mostly only been tested on Linux so far;
+portability problems such as BSD-style ptys or different header file
+requirements are expected.
+
+\S{faq-unix-why}{Question} What's the point of the Unix port? Unix
+has OpenSSH.
+
+All sorts of little things. \c{pterm} is directly useful to anyone
+who prefers PuTTY's terminal emulation to \c{xterm}'s, which at
+least some people do. Unix Plink has apparently found a niche among
+people who find the complexity of OpenSSL makes OpenSSH hard to
+install (and who don't mind Plink not having as many features). Some
+users want to generate a large number of SSH keys on Unix and then
+copy them all into PuTTY, and the Unix PuTTYgen should allow them to
+automate that conversion process.
+
+There were development advantages as well; porting PuTTY to Unix was
+a valuable path-finding effort for other future ports, and also
+allowed us to use the excellent Linux tool
+\W{http://valgrind.kde.org/}{Valgrind} to help with debugging, which
+has already improved PuTTY's stability on \e{all} platforms.
+
+However, if you're a Unix user and you can see no reason to switch
+from OpenSSH to PuTTY/Plink, then you're probably right. We don't
+expect our Unix port to be the right thing for everybody.
+
+\S{faq-wince}{Question} Will there be a port to Windows CE or PocketPC?
+
+It's currently being worked on, but it's only in its early stages yet,
+and certainly isn't yet useful. PuTTY on portable devices would
+clearly be a useful thing, so in the long term I hope it can be
+brought up to release quality.
+
+There's also a third-party port at
+\W{http://pocketputty.duxy.net/}\c{http://pocketputty.duxy.net/}.
\S{faq-win31}{Question} Is there a port to Windows 3.1?
\S{faq-mac-port}{Question} Will there be a port to the Mac?
-A Mac port was started once and is half-finished, but development
-has been static for some time and the main PuTTY code has moved on,
-so it's not clear how quickly development would resume even if
-developer effort were available.
+There are several answers to this question:
-\S{faq-unix}{Question} Will there be a port to Unix?
+\b The Unix/Gtk port is already fully working under Mac OS X as an X11
+application.
-I hope so, if only so that I can have an \cw{xterm}-like program
-that supports exactly the same terminal emulation as PuTTY. If and
-when we do do a Unix port, it will have a local-terminal back end so
-it can be used like an \cw{xterm}, rather than only being usable as
-a network utility.
+\b A native (Cocoa) Mac OS X port is in progress. It's just about
+usable, but is of nowhere near release quality yet, and is likely to
+behave in unexpected ways.
+
+\b A separate port to the classic Mac OS (pre-OSX) is also in
+progress; it too is not ready yet.
\S{faq-epoc}{Question} Will there be a port to EPOC?
for, it might be a long time before any of us get round to learning
a new system and doing the port for that.
+However, some of the work has been done by other people, and a beta
+port of PuTTY for the Nokia 9200 Communicator series is available
+from \W{http://s2putty.sourceforge.net/}\cw{http://s2putty.sourceforge.net/}
+
\H{faq-embedding} Embedding PuTTY in other programs
\S{faq-dll}{Question} Is the SSH or Telnet code available as a DLL?
\S{faq-term}{Question} What terminal type does PuTTY use?
For most purposes, PuTTY can be considered to be an \cw{xterm}
-terminal, although full support for some of \cw{xterm}'s features,
-such as passing mouse actions to the server-side program, is not
-present in the 0.51 release (but has been added since).
+terminal.
PuTTY also supports some terminal control sequences not supported by
the real \cw{xterm}: notably the Linux console sequences that
\S{faq-settings}{Question} Where does PuTTY store its data?
-PuTTY stores most of its data (saved sessions, SSH host keys) in the
-Registry. The precise location is
+On Windows, PuTTY stores most of its data (saved sessions, SSH host
+keys) in the Registry. The precise location is
\c HKEY_CURRENT_USER\Software\SimonTatham\PuTTY
\c HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\RandSeedFile
+On Unix, PuTTY stores all of this data in a directory \cw{~/.putty}.
+
\H{faq-howto} HOWTO questions
+\S{faq-commands}{Question} What commands can I type into my PuTTY
+terminal window?
+
+This is not a question you should be asking \e{us}. You need to read
+the manuals, or ask the administrator, of \e{the computer you have
+connected to}.
+
+PuTTY does not process the commands you type into it. It's only a
+communications tool. It makes a connection to another computer; it
+passes the commands you type to that other computer; and it passes
+the other computer's responses back to you. Therefore, the precise
+range of commands you can use will not depend on PuTTY, but on what
+kind of computer you have connected to and what software is running
+on it. The PuTTY team cannot help you with that.
+
+(Think of PuTTY as being a bit like a telephone. If you phone
+somebody up and you don't know what language to speak to make them
+understand you, it isn't \e{the telephone company}'s job to find
+that out for you. We just provide the means for you to get in touch;
+making yourself understood is somebody else's problem.)
+
+If you are unsure of where to start looking for the administrator of
+your server, a good place to start might be to remember how you
+found out the host name in the PuTTY configuration. If you were
+given that host name by e-mail, for example, you could try asking
+the person who sent you that e-mail. If your company's IT department
+provided you with ready-made PuTTY saved sessions, then that IT
+department can probably also tell you something about what commands
+you can type during those sessions. But the PuTTY maintainer team
+does not administer any server you are likely to be connecting to,
+and cannot help you with questions of this type.
+
\S{faq-startmax}{Question} How can I make PuTTY start up maximised?
Create a Windows shortcut to start PuTTY from, and set it as \q{Run
create a Windows shortcut that invokes PuTTY with a command line
like
-\c \path\name\to\putty.exe @mysession
+\c \path\name\to\putty.exe -load mysession
+
+(Note: prior to 0.53, the syntax was \c{@session}. This is now
+deprecated and may be removed at some point.)
\S{faq-startssh}{Question} How can I start an SSH session straight
from the command line?
You can also paste by pressing Shift-Ins.
-\S{faq-tunnels}{Question} How do I use X forwarding and port
-forwarding? I can't find the Tunnels panel.
-
-If you're looking in the 0.51 release or earlier, the Tunnels panel
-isn't there. It was added in the development snapshots after 0.51,
-and releases 0.52 and onwards will contain it.
-
\S{faq-options}{Question} How do I use all PuTTY's features (public
-keys, port forwarding, SSH v2, etc.) in PSCP, PSFTP and Plink?
+keys, proxying, cipher selection, etc.) in PSCP, PSFTP and Plink?
-The command-line tools are currently rather short of command line
-options to enable this sort of thing. However, you can use most of
+Most major features (e.g., public keys, port forwarding) are available
+through command line options. See the documentation.
+
+Not all features are accessible from the command line yet, although
+we'd like to fix this. In the meantime, you can use most of
PuTTY's features if you create a PuTTY saved session, and then use
the name of the saved session on the command line in place of a
hostname. This works for PSCP, PSFTP and Plink (but don't expect
\S{faq-incorrect-mac}{Question} Why do I see \q{Incorrect MAC
received on packet}?
-This is due to a bug in old SSH 2 servers distributed by
-\cw{ssh.com}. Version 2.3.0 and below of their SSH 2 server
+One possible cause of this that used to be common is a bug in old
+SSH-2 servers distributed by \cw{ssh.com}. (This is not the only
+possible cause; see \k{errors-crc} in the documentation.)
+Version 2.3.0 and below of their SSH-2 server
constructs Message Authentication Codes in the wrong way, and
expects the client to construct them in the same wrong way. PuTTY
constructs the MACs correctly by default, and hence these old
servers will fail to work with it.
-If you are using PuTTY version 0.51 or below, go to the SSH panel
-and check the box labelled \q{Imitate SSH 2 MAC bug}. This will
-cause PuTTY to construct its MACs in the same incorrect manner as
-the buggy servers, so it will be able to work with them.
+If you are using PuTTY version 0.52 or better, this should work
+automatically: PuTTY should detect the buggy servers from their
+version number announcement, and automatically start to construct
+its MACs in the same incorrect manner as they do, so it will be able
+to work with them.
-Since version 0.51, PuTTY has been enhanced to detect buggy servers
-automatically (when they announce their version) and enable the
-workaround without the user needing to ask. Therefore you \e{should}
-never have to use this option again after 0.52, but it is still
-provided just in case another buggy server shows up.
+If you are using PuTTY version 0.51 or below, you can enable the
+workaround by going to the SSH panel and ticking the box labelled
+\q{Imitate SSH-2 MAC bug}. It's possible that you might have to do
+this with 0.52 as well, if a buggy server exists that PuTTY doesn't
+know about.
In this context MAC stands for Message Authentication Code. It's a
cryptographic term, and it has nothing at all to do with Ethernet
MAC (Media Access Control) addresses.
+\S{faq-pscp-protocol}{Question} Why do I see \q{Fatal: Protocol
+error: Expected control record} in PSCP?
+
+This happens because PSCP was expecting to see data from the server
+that was part of the PSCP protocol exchange, and instead it saw data
+that it couldn't make any sense of at all.
+
+This almost always happens because the startup scripts in your
+account on the server machine are generating output. This is
+impossible for PSCP, or any other SCP client, to work around. You
+should never use startup files (\c{.bashrc}, \c{.cshrc} and so on)
+which generate output in non-interactive sessions.
+
+This is not actually a PuTTY problem. If PSCP fails in this way,
+then all other SCP clients are likely to fail in exactly the same
+way. The problem is at the server end.
+
\S{faq-colours}{Question} I clicked on a colour in the Colours
panel, and the colour didn't change in my terminal.
the
\W{http://www.microsoft.com/windows95/downloads/contents/wuadmintools/s_wunetworkingtools/w95sockets2/}{WinSock 2 upgrade}:
-\c http://www.microsoft.com/windows95/downloads/contents/wuadmintools/
-\c s_wunetworkingtools/w95sockets2/
-
-\S{faq-rekey}{Question} My PuTTY sessions close after an hour and
-tell me \q{Server failed host key check}.
-
-This is a bug in all versions of PuTTY up to and including 0.51. SSH
-v2 servers from \cw{ssh.com} will require the key exchange to be
-repeated one hour after the start of the connection, and PuTTY will
-get this wrong.
+\c http://www.microsoft.com/windows95/downloads/contents/
+\c wuadmintools/s_wunetworkingtools/w95sockets2/
-The bug has been fixed since version 0.51, so upgrading to a later
-version or snapshot should solve the problem.
-
-\S{faq-outofmem}{Question} After trying to establish an SSH 2
+\S{faq-outofmem}{Question} After trying to establish an SSH-2
connection, PuTTY says \q{Out of memory} and dies.
If this happens just while the connection is starting up, this often
server instead); but it doesn't necessarily mean you've actually run
out of memory.
+\S{faq-outofmem2}{Question} When attempting a file transfer, either
+PSCP or PSFTP says \q{Out of memory} and dies.
+
+This is almost always caused by your login scripts on the server
+generating output. PSCP or PSFTP will receive that output when they
+were expecting to see the start of a file transfer protocol, and
+they will attempt to interpret the output as file-transfer protocol.
+This will usually lead to an \q{out of memory} error for much the
+same reasons as given in \k{faq-outofmem}.
+
+This is a setup problem in your account on your server, \e{not} a
+PSCP/PSFTP bug. Your login scripts should \e{never} generate output
+during non-interactive sessions; secure file transfer is not the
+only form of remote access that will break if they do.
+
+On Unix, a simple fix is to ensure that all the parts of your login
+script that might generate output are in \c{.profile} (if you use a
+Bourne shell derivative) or \c{.login} (if you use a C shell).
+Putting them in more general files such as \c{.bashrc} or \c{.cshrc}
+is liable to lead to problems.
+
+\S{faq-psftp-slow}{Question} PSFTP transfers files much slower than PSCP.
+
+The throughput of PSFTP 0.54 should be much better than 0.53b and
+prior; we've added code to the SFTP backend to queue several blocks
+of data rather than waiting for an acknowledgement for each. (The
+SCP backend did not suffer from this performance issue because SCP
+is a much simpler protocol.)
+
\S{faq-bce}{Question} When I run full-colour applications, I see
-areas of black space where colour ought to be.
+areas of black space where colour ought to be, or vice versa.
+
+You almost certainly need to change the \q{Use background colour to
+erase screen} setting in the Terminal panel. If there is too much
+black space (the commoner situation), you should enable it, while if
+there is too much colour, you should disable it. (See \k{config-erase}.)
-You almost certainly need to enable the \q{Use background colour to
-erase screen} setting in the Terminal panel. Note that if you do
-this in mid-session, it won't take effect until you reset the
-terminal (see \k{faq-resetterm}).
+In old versions of PuTTY, this was disabled by default, and would not
+take effect until you reset the terminal (see \k{faq-resetterm}).
+Since 0.54, it is enabled by default, and changes take effect
+immediately.
\S{faq-resetterm}{Question} When I change some terminal settings,
nothing happens.
the terminal is reset (by server action, or by you choosing \q{Reset
Terminal} from the System menu) the defaults are restored.
-If you want to change one of these options in the middle of a
-session, you will find that the change does not immediately take
-effect. It will only take effect once you reset the terminal.
+In versions 0.53b and prior, if you change one of these options in
+the middle of a session, you will find that the change does not
+immediately take effect. It will only take effect once you reset
+the terminal.
-\S{faq-altgr}{Question} I can't type characters that require the
-AltGr key.
-
-In PuTTY version 0.51, the AltGr key was broken. The bug has been
-fixed since then.
+In version 0.54, the behaviour has changed - changes to these
+settings take effect immediately.
\S{faq-idleout}{Question} My PuTTY sessions unexpectedly close after
they are idle for a while.
can't be set on per application or per session basis. To increase
the TCP timeout globally, you need to tinker with the Registry.
-On Windows 95, 98 or ME, the registry key you need to change is
+On Windows 95, 98 or ME, the registry key you need to create or
+change is
\c HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\
\c MSTCP\MaxDataRetries
(it must be of type DWORD in Win95, or String in Win98/ME).
+(See MS Knowledge Base article
+\W{http://support.microsoft.com/default.aspx?scid=kb;en-us;158474}{158474}
+for more information.)
On Windows NT or 2000, the registry key is
\c Parameters\TcpMaxDataRetransmissions
and it must be of type DWORD.
+(See MS Knowledge Base article
+\W{http://support.microsoft.com/default.aspx?scid=kb;en-us;120642}{120642}
+for more information.)
Set the key's value to something like 10. This will cause Windows to
try harder to keep connections alive instead of abandoning them.
\S{faq-puttyputty}{Question} When I \cw{cat} a binary file, I get
-`PuTTYPuTTYPuTTY' on my command line.
+\q{PuTTYPuTTYPuTTY} on my command line.
Don't do that, then.
page} on the PuTTY website (also provided as \k{feedback} in the
manual), and follow the guidelines contained in that.
+\S{faq-openssh-bad-openssl}{Question} Since my SSH server was upgraded
+to OpenSSH 3.1p1/3.4p1, I can no longer connect with PuTTY.
+
+There is a known problem when OpenSSH has been built against an
+incorrect version of OpenSSL; the quick workaround is to configure
+PuTTY to use SSH protocol 2 and the Blowfish cipher.
+
+For more details and OpenSSH patches, see
+\W{http://bugzilla.mindrot.org/show_bug.cgi?id=138}{bug 138} in the
+OpenSSH BTS.
+
+This is not a PuTTY-specific problem; if you try to connect with
+another client you'll likely have similar problems. (Although PuTTY's
+default cipher differs from many other clients.)
+
+\e{OpenSSH 3.1p1:} configurations known to be broken (and symptoms):
+
+\b SSH-2 with AES cipher (PuTTY says "Assertion failed! Expression:
+(len & 15) == 0" in sshaes.c, or "Out of memory", or crashes)
+
+\b SSH-2 with 3DES (PuTTY says "Incorrect MAC received on packet")
+
+\b SSH-1 with Blowfish (PuTTY says "Incorrect CRC received on
+packet")
+
+\b SSH-1 with 3DES
+
+\e{OpenSSH 3.4p1:} as of 3.4p1, only the problem with SSH-1 and
+Blowfish remains. Rebuild your server, apply the patch linked to from
+bug 138 above, or use another cipher (e.g., 3DES) instead.
+
+\e{Other versions:} we occasionally get reports of the same symptom
+and workarounds with older versions of OpenSSH, although it's not
+clear the underlying cause is the same.
+
+\S{faq-ssh2key-ssh1conn}{Question} Why do I see "Couldn't load private
+key from ..."? Why can PuTTYgen load my key but not PuTTY?
+
+It's likely that you've generated an SSH protocol 2 key with PuTTYgen,
+but you're trying to use it in an SSH-1 connection. SSH-1 and SSH-2 keys
+have different formats, and (at least in 0.52) PuTTY's reporting of a
+key in the wrong format isn't optimal.
+
+To connect using SSH-2 to a server that supports both versions, you
+need to change the configuration from the default (see \k{faq-ssh2}).
+
+\S{faq-rh8-utf8}{Question} When I'm connected to a Red Hat Linux 8.0
+system, some characters don't display properly.
+
+A common complaint is that hyphens in man pages show up as a-acute.
+
+With release 8.0, Red Hat appear to have made UTF-8 the default
+character set. There appears to be no way for terminal emulators such
+as PuTTY to know this (as far as we know, the appropriate escape
+sequence to switch into UTF-8 mode isn't sent).
+
+A fix is to configure sessions to RH8 systems to use UTF-8
+translation - see \k{config-charset} in the documentation. (Note that
+if you use \q{Change Settings}, changes may not take place immediately
+- see \k{faq-resetterm}.)
+
+If you really want to change the character set used by the server, the
+right place is \c{/etc/sysconfig/i18n}, but this shouldn't be
+necessary.
+
+\S{faq-screen}{Question} Since I upgraded to PuTTY 0.54, the
+scrollback has stopped working when I run \c{screen}.
+
+PuTTY's terminal emulator has always had the policy that when the
+\q{alternate screen} is in use, nothing is added to the scrollback.
+This is because the usual sorts of programs which use the alternate
+screen are things like text editors, which tend to scroll back and
+forth in the same document a lot; so (a) they would fill up the
+scrollback with a large amount of unhelpfully disordered text, and
+(b) they contain their \e{own} method for the user to scroll back to
+the bit they were interested in. We have generally found this policy
+to do the Right Thing in almost all situations.
+
+Unfortunately, \c{screen} is one exception: it uses the alternate
+screen, but it's still usually helpful to have PuTTY's scrollback
+continue working. The simplest solution is to go to the Features
+control panel and tick \q{Disable switching to alternate terminal
+screen}. (See \k{config-features-altscreen} for more details.)
+Alternatively, you can tell \c{screen} itself not to use the
+alternate screen: the
+\W{http://www4.informatik.uni-erlangen.de/~jnweiger/screen-faq.html}{\c{screen}
+FAQ} suggests adding the line \cq{termcapinfo xterm ti@:te@} to your
+\cw{.screenrc} file.
+
+The reason why this only started to be a problem in 0.54 is because
+\c{screen} typically uses an unusual control sequence to switch to
+the alternate screen, and previous versions of PuTTY did not support
+this sequence.
+
+\S{faq-alternate-localhost}{Question} Since I upgraded Windows XP
+to Service Pack 2, I can't use addresses like \cw{127.0.0.2}.
+
+Some people who ask PuTTY to listen on localhost addresses other
+than \cw{127.0.0.1} to forward services such as SMB and Windows
+Terminal Services have found that doing so no longer works since
+they upgraded to WinXP SP2.
+
+This is apparently an issue with SP2 that is acknowledged by Microsoft
+in MS Knowledge Base article
+\W{http://support.microsoft.com/default.aspx?scid=kb;en-us;884020}{884020}.
+The article links to a fix you can download.
+
+(\e{However}, we've been told that SP2 \e{also} fixes the bug that
+means you need to use non-\cw{127.0.0.1} addresses to forward
+Terminal Services in the first place.)
+
+\S{faq-missing-slash}{Question} PSFTP commands seem to be missing a
+directory separator (slash).
+
+Some people have reported the following incorrect behaviour with
+PSFTP:
+
+\c psftp> pwd
+\e iii
+\c Remote directory is /dir1/dir2
+\c psftp> get filename.ext
+\e iiiiiiiiiiiiiiii
+\c /dir1/dir2filename.ext: no such file or directory
+
+This is not a bug in PSFTP. There is a known bug in some versions of
+portable OpenSSH
+(\W{http://bugzilla.mindrot.org/show_bug.cgi?id=697}{bug 697}) that
+causes these symptoms; it appears to have been introduced around
+3.7.x. It manifests only on certain platforms (AIX is what has been
+reported to us).
+
+There is a patch for OpenSSH attached to that bug; it's also fixed in
+recent versions of portable OpenSSH (from around 3.8).
+
+\S{faq-connaborted}{Question} Do you want to hear about \q{Software
+caused connection abort}?
+
+In the documentation for PuTTY 0.53 and 0.53b, we mentioned that we'd
+like to hear about any occurrences of this error. Since the release
+of PuTTY 0.54, however, we've been convinced that this error doesn't
+indicate that PuTTY's doing anything wrong, and we don't need to hear
+about further occurrences. See \k{errors-connaborted} for our current
+documentation of this error.
+
\H{faq-secure} Security questions
\S{faq-publicpc}{Question} Is it safe for me to download PuTTY and
the PC (see \k{faq-settings}). If you are using PuTTY on a public
PC, or somebody else's PC, you might want to clean these up when you
leave. You can do that automatically, by running the command
-\c{putty -cleanup}.
+\c{putty -cleanup}. (Note that this only removes settings for
+the currently logged-in user on \i{multi-user systems}.)
+
+If PuTTY was installed from the installer package, it will also
+appear in \q{Add/Remove Programs}. Uninstallation does not currently
+remove the above-mentioned registry entries and file.
\S{faq-dsa}{Question} How come PuTTY now supports DSA, when the
website used to say how insecure it was?
probably OK. However, if you have the choice, we still recommend you
use RSA instead.
+\S{faq-virtuallock}{Question} Couldn't Pageant use
+\cw{VirtualLock()} to stop private keys being written to disk?
+
+Unfortunately not. The \cw{VirtualLock()} function in the Windows
+API doesn't do a proper job: it may prevent small pieces of a
+process's memory from being paged to disk while the process is
+running, but it doesn't stop the process's memory as a whole from
+being swapped completely out to disk when the process is long-term
+inactive. And Pageant spends most of its time inactive.
+
\H{faq-admin} Administrative questions
\S{faq-domain}{Question} Would you like me to register you a nicer
We already have some, thanks.
+\S{faq-link}{Question} Would you link to my web site from the PuTTY
+web site?
+
+Only if the content of your web page is of definite direct interest
+to PuTTY users. If your content is unrelated, or only tangentially
+related, to PuTTY, then the link would simply be advertising for
+you.
+
+One very nice effect of the Google ranking mechanism is that by and
+large, the most popular web sites get the highest rankings. This
+means that when an ordinary person does a search, the top item in
+the search is very likely to be a high-quality site or the site they
+actually wanted, rather than the site which paid the most money for
+its ranking.
+
+The PuTTY web site is held in high esteem by Google, for precisely
+this reason: lots of people have linked to it simply because they
+like PuTTY, without us ever having to ask anyone to link to us. We
+feel that it would be an abuse of this esteem to use it to boost the
+ranking of random advertisers' web sites. If you want your web site
+to have a high Google ranking, we'd prefer that you achieve this the
+way we did - by being good enough at what you do that people will
+link to you simply because they like you.
+
+In particular, we aren't interested in trading links for money (see
+above), and we \e{certainly} aren't interested in trading links for
+other links (since we have no advertising on our web site, our
+Google ranking is not even directly worth anything to us). If we
+don't want to link to you for free, then we probably won't want to
+link to you at all.
+
+If you have software based on PuTTY, or specifically designed to
+interoperate with PuTTY, or in some other way of genuine interest to
+PuTTY users, then we will probably be happy to add a link to you on
+our Links page. And if you're running a mirror of the PuTTY web
+site, we're \e{definitely} interested.
+
\S{faq-sourceforge}{Question} Why don't you move PuTTY to
SourceForge?
Also, security reasons. PuTTY is a security product, and as such it
is particularly important to guard the code and the web site against
unauthorised modifications which might introduce subtle security
-flaws. Therefore, we prefer that the CVS repository, web site and
+flaws. Therefore, we prefer that the Subversion repository, web site and
FTP site remain where they are, under the direct control of system
administrators we know and trust personally, rather than being run
by a large organisation full of people we've never met and which is
There isn't one, that we know of.
-If someone else wants to set up a mailing list for PuTTY users to
-help each other with common problems, that would be fine with us;
-but the PuTTY team would almost certainly not have the time to read
-it, so any questions the list couldn't answer would have to be
-forwarded on to us by the questioner. In any case, it's probably
-better to use the established newsgroup \cw{comp.security.ssh} for
-this purpose.
+If someone else wants to set up a mailing list or other forum for
+PuTTY users to help each other with common problems, that would be
+fine with us, though the PuTTY team would almost certainly not have the
+time to read it. It's probably better to use one of the established
+newsgroups for this purpose (see \k{feedback-other-fora}).
\S{faq-donations}{Question} How can I donate to PuTTY development?
Having said all that, if you still really \e{want} to give us money,
we won't argue :-) The easiest way for us to accept donations is if
-you go to \W{http://www.e-gold.com}\cw{www.e-gold.com}, and deposit
-your donation in account number 174769. Then send us e-mail to let
-us know you've done so (otherwise we might not notice for months!).
+you send money to \cw{<anakin@pobox.com>} using PayPal
+(\W{http://www.paypal.com/}\cw{www.paypal.com}). Alternatively, if
+you don't trust PayPal, you could donate through e-gold
+(\W{http://www.e-gold.com}\cw{www.e-gold.com}): deposit your
+donation in account number 174769, then send us e-mail to let us
+know you've done so (otherwise we might not notice for months!).
Small donations (tens of dollars or tens of euros) will probably be
spent on beer or curry, which helps motivate our volunteer team to
continue doing this for the world. Larger donations will be spent on
something that actually helps development, if we can find anything
-(perhaps new hardware, or a copy of Windows 2000), but if we can't
+(perhaps new hardware, or a copy of Windows XP), but if we can't
find anything then we'll just distribute the money among the
developers. If you want to be sure your donation is going towards
something worthwhile, ask us first. If you don't like these terms,
feel perfectly free not to donate. We don't mind.
-\S{faq-pronounce}{Question} How do I pronounce PuTTY?
+\S{faq-permission}{Question} Can I have permission to put PuTTY on a
+cover disk / distribute it with other software / etc?
+
+Yes. You need not bother asking us explicitly for permission. You
+already have permission. Redistribution of the unmodified PuTTY
+binary in this way is entirely permitted by our licence (see
+\k{licence}), and you are welcome to do it as much as you like.
+
+If you are distributing PuTTY within your own organisation, or for
+use with your own product, then we recommend (but do not insist)
+that you offer your own first-line technical support, to answer
+questions directly relating to the interaction of PuTTY with your
+particular environment. If your users mail us directly, we won't be
+able to give them very much help about things specific to your own
+setup.
+
+\H{faq-misc} Miscellaneous questions
+
+\S{faq-openssh}{Question} Is PuTTY a port of OpenSSH, or based on
+OpenSSH?
+
+No, it isn't. PuTTY is almost completely composed of code written
+from scratch for PuTTY. The only code we share with OpenSSH is the
+detector for SSH-1 CRC compensation attacks, written by CORE SDI S.A.
+
+\S{faq-sillyputty}{Question} Where can I buy silly putty?
+
+You're looking at the wrong web site; the only PuTTY we know about
+here is the name of a computer program.
+
+If you want the kind of putty you can buy as an executive toy, the
+PuTTY team can personally recommend Thinking Putty, which you can
+buy from Crazy Aaron's Putty World, at
+\W{http://www.puttyworld.com}\cw{www.puttyworld.com}.
+
+\S{faq-meaning}{Question} What does \q{PuTTY} mean?
+
+It's the name of a popular SSH and Telnet client. Any other meaning
+is in the eye of the beholder. It's been rumoured that \q{PuTTY}
+is the antonym of \q{\cw{getty}}, or that it's the stuff that makes your
+Windows useful, or that it's a kind of plutonium Teletype. We
+couldn't possibly comment on such allegations.
+
+\S{faq-pronounce}{Question} How do I pronounce \q{PuTTY}?
-Exactly like the normal word \q{putty}. Just like the stuff you put
-on window frames. (One of the reasons it's called PuTTY is because
-it makes Windows usable. :-)
+Exactly like the English word \q{putty}, which we pronounce
+/\u02C8{'}p\u028C{V}t\u026A{I}/.
projects / u / mdw / putty / blobdiff