-\versionid $Id: faq.but,v 1.30 2002/07/09 11:34:10 jacob Exp $
+\versionid $Id: faq.but,v 1.36 2002/10/10 14:39:35 jacob Exp $
\A{faq} PuTTY FAQ
\S{faq-ssh2-keyfmt}{Question} Does PuTTY support reading OpenSSH or
\cw{ssh.com} SSHv2 private key files?
-Version 0.52 doesn't, but in the latest development snapshots
-PuTTYgen can load and save both OpenSSH and \cw{ssh.com} private key
-files.
+PuTTY doesn't support this natively, but as of 0.53
+PuTTYgen can convert both OpenSSH and \cw{ssh.com} private key
+files into PuTTY's format.
\S{faq-ssh1}{Question} Does PuTTY support SSH v1?
anyone told you we had a Unix port, or an iPaq port, or any other
port of PuTTY, they were mistaken. We don't.
-\S{faq-wince}{Question} Will there be a port to Windows CE?
+\S{faq-wince}{Question} Will there be a port to Windows CE or PocketPC?
Probably not in the particularly near future. Despite sharing large
parts of the Windows API, in practice WinCE doesn't appear to be
create a Windows shortcut that invokes PuTTY with a command line
like
-\c \path\name\to\putty.exe @mysession
+\c \path\name\to\putty.exe -load mysession
+
+(Note: prior to 0.53, the syntax was \c{@session}. This is now
+deprecated and may be removed at some point.)
\S{faq-startssh}{Question} How can I start an SSH session straight
from the command line?
This is a new feature in version 0.52. You should upgrade.
\S{faq-options}{Question} How do I use all PuTTY's features (public
-keys, port forwarding, SSH v2, etc.) in PSCP, PSFTP and Plink?
+keys, proxying, cipher selection, etc.) in PSCP, PSFTP and Plink?
+
+Most major features (e.g., public keys, port forwarding) are available
+through command line options. See the documentation.
-The command-line tools are currently rather short of command line
-options to enable this sort of thing. However, you can use most of
+Not all features are accessible from the command line yet, although
+we'd like to fix this. In the meantime, you can use most of
PuTTY's features if you create a PuTTY saved session, and then use
the name of the saved session on the command line in place of a
hostname. This works for PSCP, PSFTP and Plink (but don't expect
repeated one hour after the start of the connection, and PuTTY will
get this wrong.
-Upgrade to version 0.52 and the problem should go away.
+Upgrade to version 0.52 or better and the problem should go away.
\S{faq-outofmem}{Question} After trying to establish an SSH 2
connection, PuTTY says \q{Out of memory} and dies.
AltGr key.
In PuTTY version 0.51, the AltGr key was broken. Upgrade to version
-0.52.
+0.52 or better.
\S{faq-idleout}{Question} My PuTTY sessions unexpectedly close after
they are idle for a while.
page} on the PuTTY website (also provided as \k{feedback} in the
manual), and follow the guidelines contained in that.
-\S{faq-broken-openssh31}{Question} Since my SSH server was upgraded to
-OpenSSH 3.1p1, I can no longer connect with PuTTY.
+\S{faq-openssh-bad-openssl}{Question} Since my SSH server was upgraded
+to OpenSSH 3.1p1/3.4p1, I can no longer connect with PuTTY.
There is a known problem when OpenSSH has been built against an
incorrect version of OpenSSL; the quick workaround is to configure
PuTTY to use SSH protocol 2 and the Blowfish cipher.
+For more details and OpenSSH patches, see
+\W{http://bugzilla.mindrot.org/show_bug.cgi?id=138}{bug 138} in the
+OpenSSH BTS.
+
This is not a PuTTY-specific problem; if you try to connect with
-another client you'll likely have similar problems.
+another client you'll likely have similar problems. (Although PuTTY's
+default cipher differs from many other clients.)
-Configurations known to be broken (and symptoms):
+\e{OpenSSH 3.1p1:} configurations known to be broken (and symptoms):
\b SSH 2 with AES cipher (PuTTY says "Assertion failed! Expression:
(len & 15) == 0" in sshaes.c, or "Out of memory", or crashes)
\b SSH 1 with 3DES
-For more details and OpenSSH patches, see
-\W{http://bugzilla.mindrot.org/show_bug.cgi?id=138}{bug 138} in the
-OpenSSH BTS.
+\e{OpenSSH 3.4p1:} as of 3.4p1, only the problem with SSH 1 and
+Blowfish remains. Rebuild your server, apply the patch linked to from
+bug 138 above, or use another cipher (e.g., 3DES) instead.
-\e{Update:} As of OpenSSH 3.4p1 the problem with SSH 1 and Blowfish
-remains. Apply the patch linked to from bug 138, or use another cipher
-(e.g., 3DES) instead.
+\e{Other versions:} we occasionally get reports of the same symptom
+and workarounds with older versions of OpenSSH, although it's not
+clear the underlying cause is the same.
\S{faq-ssh2key-ssh1conn}{Question} Why do I see "Couldn't load private
key from ..."? Why can PuTTYgen load my key but not PuTTY?
probably OK. However, if you have the choice, we still recommend you
use RSA instead.
+\S{faq-virtuallock}{Question} Couldn't Pageant use
+\cw{VirtualLock()} to stop private keys being written to disk?
+
+Unfortunately not. The \cw{VirtualLock()} function in the Windows
+API doesn't do a proper job: it may prevent small pieces of a
+process's memory from being paged to disk while the process is
+running, but it doesn't stop the process's memory as a whole from
+being swapped completely out to disk when the process is long-term
+inactive. And Pageant spends most of its time inactive.
+
\H{faq-admin} Administrative questions
\S{faq-domain}{Question} Would you like me to register you a nicer
something worthwhile, ask us first. If you don't like these terms,
feel perfectly free not to donate. We don't mind.
+\H{faq-misc} Miscellaneous questions
+
+\S{faq-openssh}{Question} Is PuTTY a port of OpenSSH, or based on
+OpenSSH?
+
+No, it isn't. PuTTY is almost completely composed of code written
+from scratch for PuTTY. The only code we share with OpenSSH is the
+detector for SSH1 CRC compensation attacks, written by CORE SDI S.A.
+
\S{faq-sillyputty}{Question} Where can I buy silly putty?
You're looking at the wrong web site; the only PuTTY we know about