1 \versionid $Id: faq.but,v 1.31 2002/08/09 09:11:09 simon Exp $
5 This FAQ is published on the PuTTY web site, and also provided as an
6 appendix in the manual.
8 \H{faq-support} Features supported in PuTTY
10 In general, if you want to know if PuTTY supports a particular
11 feature, you should look for it on the
12 \W{http://www.chiark.greenend.org.uk/~sgtatham/putty/}{PuTTY web site}.
16 \W{http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html}{changes
17 page}, and see if you can find the feature on there. If a feature is
18 listed there, it's been implemented. If it's listed as a change made
19 \e{since} the latest version, it should be available in the
20 development snapshots, in which case testing will be very welcome.
23 \W{http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist.html}{Wishlist
24 page}, and see if you can find the feature there. If it's on there,
25 it probably \e{hasn't} been implemented.
27 \S{faq-ssh2}{Question} Does PuTTY support SSH v2?
29 Yes. SSH v2 support has been available in PuTTY since version 0.50.
30 However, currently the \e{default} SSH protocol is v1; to select SSH
31 v2 if your server supports both, go to the SSH panel and change the
32 \e{Preferred SSH protocol version} option.
34 Public key authentication (both RSA and DSA) in SSH v2 is new in
37 \S{faq-ssh2-keyfmt}{Question} Does PuTTY support reading OpenSSH or
38 \cw{ssh.com} SSHv2 private key files?
40 Version 0.52 doesn't, but in the latest development snapshots
41 PuTTYgen can load and save both OpenSSH and \cw{ssh.com} private key
44 \S{faq-ssh1}{Question} Does PuTTY support SSH v1?
46 Yes. SSH 1 support has always been available in PuTTY.
48 \S{faq-localecho}{Question} Does PuTTY support local echo?
50 Yes. Version 0.52 has proper support for local echo.
52 In version 0.51 and before, local echo could not be separated from
53 local line editing (where you type a line of text locally, and it is
54 not sent to the server until you press Return, so you have the
55 chance to edit it and correct mistakes \e{before} the server sees
56 it). New in version 0.52, local echo and local line editing are
57 separate options, and by default PuTTY will try to determine
58 automatically whether to enable them or not, based on which protocol
59 you have selected and also based on hints from the server. If you
60 have a problem with PuTTY's default choice, you can force each
61 option to be enabled or disabled as you choose. The controls are in
62 the Terminal panel, in the section marked \q{Line discipline
65 \S{faq-disksettings}{Question} Does PuTTY support storing its
66 settings in a disk file?
68 Not at present, although \k{config-file} in the documentation gives
69 a method of achieving the same effect.
71 \S{faq-fullscreen}{Question} Does PuTTY support full-screen mode,
74 Yes; this is a new feature in version 0.52.
76 \S{faq-password-remember}{Question} Does PuTTY have the ability to
77 remember my password so I don't have to type it every time?
81 Remembering your password is a bad plan for obvious security
82 reasons: anyone who gains access to your machine while you're away
83 from your desk can find out the remembered password, and use it,
84 abuse it or change it.
86 In addition, it's not even \e{possible} for PuTTY to automatically
87 send your password in a Telnet session, because Telnet doesn't give
88 the client software any indication of which part of the login
89 process is the password prompt. PuTTY would have to guess, by
90 looking for words like \q{password} in the session data; and if your
91 login program is written in something other than English, this won't
94 In SSH, remembering your password would be possible in theory, but
95 there doesn't seem to be much point since SSH supports public key
96 authentication, which is more flexible and more secure. See
97 \k{pubkey} in the documentation for a full discussion of public key
100 \S{faq-hostkeys}{Question} Is there an option to turn off the
101 annoying host key prompts?
103 No, there isn't. And there won't be. Even if you write it yourself
104 and send us the patch, we won't accept it.
106 Those annoying host key prompts are the \e{whole point} of SSH.
107 Without them, all the cryptographic technology SSH uses to secure
108 your session is doing nothing more than making an attacker's job
109 slightly harder; instead of sitting between you and the server with
110 a packet sniffer, the attacker must actually subvert a router and
111 start modifying the packets going back and forth. But that's not all
112 that much harder than just sniffing; and without host key checking,
113 it will go completely undetected by client or server.
115 Host key checking is your guarantee that the encryption you put on
116 your data at the client end is the \e{same} encryption taken off the
117 data at the server end; it's your guarantee that it hasn't been
118 removed and replaced somewhere on the way. Host key checking makes
119 the attacker's job \e{astronomically} hard, compared to packet
120 sniffing, and even compared to subverting a router. Instead of
121 applying a little intelligence and keeping an eye on Bugtraq, the
122 attacker must now perform a brute-force attack against at least one
123 military-strength cipher. That insignificant host key prompt really
124 does make \e{that} much difference.
126 If you're having a specific problem with host key checking - perhaps
127 you want an automated batch job to make use of PSCP or Plink, and
128 the interactive host key prompt is hanging the batch process - then
129 the right way to fix it is to add the correct host key to the
130 Registry in advance. That way, you retain the \e{important} feature
131 of host key checking: the right key will be accepted and the wrong
132 ones will not. Adding an option to turn host key checking off
133 completely is the wrong solution and we will not do it.
135 \S{faq-server}{Question} Will you write an SSH server for the PuTTY
136 suite, to go with the client?
138 No. The only reason we might want to would be if we could easily
139 re-use existing code and significantly cut down the effort. We don't
140 believe this is the case; there just isn't enough common ground
141 between an SSH client and server to make it worthwhile.
143 If someone else wants to use bits of PuTTY in the process of writing
144 a Windows SSH server, they'd be perfectly welcome to of course, but
145 I really can't see it being a lot less effort for us to do that than
146 it would be for us to write a server from the ground up. We don't
147 have time, and we don't have motivation. The code is available if
148 anyone else wants to try it.
150 \S{faq-pscp-ascii}{Question} Can PSCP or PSFTP transfer files in
153 Unfortunately not. This is a limitation of the file transfer
154 protocols: the SCP and SFTP protocols have no notion of transferring
155 a file in anything other than binary mode.
157 SFTP is designed to be extensible, so it's possible that an
158 extension might be proposed at some later date that implements ASCII
159 transfer. But the PuTTY team can't do anything about it until that
162 \H{faq-ports} Ports to other operating systems
164 The eventual goal is for PuTTY to be a multi-platform program, able
165 to run on at least Windows, MacOS and Unix. Whether this will
166 actually ever happen I have no idea, but it is the plan. A Mac port
167 has been started, but is only half-finished and currently not moving
170 Porting will become easier once PuTTY has a generalised porting
171 layer, drawing a clear line between platform-dependent and
172 platform-independent code. The general intention is for this porting
173 layer to evolve naturally as part of the process of doing the first
174 port. One particularly nasty part of this will be separating the
175 many configuration options into platform-dependent and
176 platform-independent ones; for example, the options controlling when
177 the Windows System menu appears will be pretty much meaningless
178 under X11 or perhaps other windowing systems, whereas Telnet Passive
179 Mode is universal and shouldn't need to be specified once for each
182 \S{faq-ports-general}{Question} What ports of PuTTY exist?
184 Currently, PuTTY only runs on full Win32 systems. This includes
185 Windows 95, 98, and ME, and it includes Windows NT, Windows 2000 and
188 It does \e{not} include Windows CE (see \k{faq-wince}), and it does
189 not quite include the Win32s environment under Windows 3.1 (see
192 We do not have ports for any other systems at the present time. If
193 anyone told you we had a Unix port, or an iPaq port, or any other
194 port of PuTTY, they were mistaken. We don't.
196 \S{faq-wince}{Question} Will there be a port to Windows CE?
198 Probably not in the particularly near future. Despite sharing large
199 parts of the Windows API, in practice WinCE doesn't appear to be
200 significantly easier to port to than a totally different operating
203 However, PuTTY on portable devices would clearly be a useful thing,
204 so in the long term I hope there will be a WinCE port.
206 \S{faq-win31}{Question} Is there a port to Windows 3.1?
208 PuTTY is a 32-bit application from the ground up, so it won't run on
209 Windows 3.1 as a native 16-bit program; and it would be \e{very}
210 hard to port it to do so, because of Windows 3.1's vile memory
211 allocation mechanisms.
213 However, it is possible in theory to compile the existing PuTTY
214 source in such a way that it will run under Win32s (an extension to
215 Windows 3.1 to let you run 32-bit programs). In order to do this
216 you'll need the right kind of C compiler - modern versions of Visual
217 C at least have stopped being backwards compatible to Win32s. Also,
218 the last time we tried this it didn't work very well.
220 If you're interested in running PuTTY under Windows 3.1, help and
221 testing in this area would be very welcome!
223 \S{faq-mac-port}{Question} Will there be a port to the Mac?
225 A Mac port was started once and is half-finished, but development
226 has been static for some time and the main PuTTY code has moved on,
227 so it's not clear how quickly development would resume even if
228 developer effort were available.
230 \S{faq-unix}{Question} Will there be a port to Unix?
232 I hope so, if only so that I can have an \cw{xterm}-like program
233 that supports exactly the same terminal emulation as PuTTY. If and
234 when we do do a Unix port, it will have a local-terminal back end so
235 it can be used like an \cw{xterm}, rather than only being usable as
238 \S{faq-epoc}{Question} Will there be a port to EPOC?
240 I hope so, but given that ports aren't really progressing very fast
241 even on systems the developers \e{do} already know how to program
242 for, it might be a long time before any of us get round to learning
243 a new system and doing the port for that.
245 \H{faq-embedding} Embedding PuTTY in other programs
247 \S{faq-dll}{Question} Is the SSH or Telnet code available as a DLL?
249 No, it isn't. It would take a reasonable amount of rewriting for
250 this to be possible, and since the PuTTY project itself doesn't
251 believe in DLLs (they make installation more error-prone) none of us
252 has taken the time to do it.
254 Most of the code cleanup work would be a good thing to happen in
255 general, so if anyone feels like helping, we wouldn't say no.
257 \S{faq-vb}{Question} Is the SSH or Telnet code available as a Visual
260 No, it isn't. None of the PuTTY team uses Visual Basic, and none of
261 us has any particular need to make SSH connections from a Visual
262 Basic application. In addition, all the preliminary work to turn it
263 into a DLL would be necessary first; and furthermore, we don't even
264 know how to write VB components.
266 If someone offers to do some of this work for us, we might consider
267 it, but unless that happens I can't see VB integration being
268 anywhere other than the very bottom of our priority list.
270 \S{faq-ipc}{Question} How can I use PuTTY to make an SSH connection
271 from within another program?
273 Probably your best bet is to use Plink, the command-line connection
274 tool. If you can start Plink as a second Windows process, and
275 arrange for your primary process to be able to send data to the
276 Plink process, and receive data from it, through pipes, then you
277 should be able to make SSH connections from your program.
279 This is what CVS for Windows does, for example.
281 \H{faq-details} Details of PuTTY's operation
283 \S{faq-term}{Question} What terminal type does PuTTY use?
285 For most purposes, PuTTY can be considered to be an \cw{xterm}
288 PuTTY also supports some terminal control sequences not supported by
289 the real \cw{xterm}: notably the Linux console sequences that
290 reconfigure the colour palette, and the title bar control sequences
291 used by \cw{DECterm} (which are different from the \cw{xterm} ones;
292 PuTTY supports both).
294 By default, PuTTY announces its terminal type to the server as
295 \c{xterm}. If you have a problem with this, you can reconfigure it
296 to say something else; \c{vt220} might help if you have trouble.
298 \S{faq-settings}{Question} Where does PuTTY store its data?
300 PuTTY stores most of its data (saved sessions, SSH host keys) in the
301 Registry. The precise location is
303 \c HKEY_CURRENT_USER\Software\SimonTatham\PuTTY
305 and within that area, saved sessions are stored under \c{Sessions}
306 while host keys are stored under \c{SshHostKeys}.
308 PuTTY also requires a random number seed file, to improve the
309 unpredictability of randomly chosen data needed as part of the SSH
310 cryptography. This is stored by default in your Windows home
311 directory (\c{%HOMEDRIVE%\\%HOMEPATH%}), or in the actual Windows
312 directory (such as \c{C:\\WINDOWS}) if the home directory doesn't
313 exist, for example if you're using Win95. If you want to change the
314 location of the random number seed file, you can put your chosen
315 pathname in the Registry, at
317 \c HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\RandSeedFile
319 \H{faq-howto} HOWTO questions
321 \S{faq-startmax}{Question} How can I make PuTTY start up maximised?
323 Create a Windows shortcut to start PuTTY from, and set it as \q{Run
326 \S{faq-startsess}{Question} How can I create a Windows shortcut to
327 start a particular saved session directly?
329 To run a PuTTY session saved under the name \q{\cw{mysession}},
330 create a Windows shortcut that invokes PuTTY with a command line
333 \c \path\name\to\putty.exe @mysession
335 \S{faq-startssh}{Question} How can I start an SSH session straight
336 from the command line?
338 Use the command line \c{putty -ssh host.name}. Alternatively, create
339 a saved session that specifies the SSH protocol, and start the saved
340 session as shown in \k{faq-startsess}.
342 \S{faq-cutpaste}{Question} How do I copy and paste between PuTTY and
343 other Windows applications?
345 Copy and paste works similarly to the X Window System. You use the
346 left mouse button to select text in the PuTTY window. The act of
347 selection \e{automatically} copies the text to the clipboard: there
348 is no need to press Ctrl-Ins or Ctrl-C or anything else. In fact,
349 pressing Ctrl-C will send a Ctrl-C character to the other end of
350 your connection (just like it does the rest of the time), which may
351 have unpleasant effects. The \e{only} thing you need to do, to copy
352 text to the clipboard, is to select it.
354 To paste the clipboard contents into a PuTTY window, by default you
355 click the right mouse button. If you have a three-button mouse and
356 are used to X applications, you can configure pasting to be done by
357 the middle button instead, but this is not the default because most
358 Windows users don't have a middle button at all.
360 You can also paste by pressing Shift-Ins.
362 \S{faq-tunnels}{Question} How do I use X forwarding and port
363 forwarding? I can't find the Tunnels panel.
365 This is a new feature in version 0.52. You should upgrade.
367 \S{faq-options}{Question} How do I use all PuTTY's features (public
368 keys, port forwarding, SSH v2, etc.) in PSCP, PSFTP and Plink?
370 The command-line tools are currently rather short of command line
371 options to enable this sort of thing. However, you can use most of
372 PuTTY's features if you create a PuTTY saved session, and then use
373 the name of the saved session on the command line in place of a
374 hostname. This works for PSCP, PSFTP and Plink (but don't expect
375 port forwarding in the file transfer applications!).
377 \S{faq-pscp}{Question} How do I use PSCP.EXE? When I double-click it
378 gives me a command prompt window which then closes instantly.
380 PSCP is a command-line application, not a GUI application. If you
381 run it without arguments, it will simply print a help message and
384 To use PSCP properly, run it from a Command Prompt window. See
385 \k{pscp} in the documentation for more details.
387 \S{faq-pscp-spaces}{Question} How do I use PSCP to copy a file whose
390 If PSCP is using the traditional SCP protocol, this is confusing. If
391 you're specifying a file at the local end, you just use one set of
392 quotes as you would normally do:
394 \c pscp "local filename with spaces" user@host:
395 \c pscp user@host:myfile "local filename with spaces"
397 But if the filename you're specifying is on the \e{remote} side, you
398 have to use backslashes and two sets of quotes:
400 \c pscp user@host:"\"remote filename with spaces\"" local_filename
401 \c pscp local_filename user@host:"\"remote filename with spaces\""
403 Worse still, in a remote-to-local copy you have to specify the local
404 file name explicitly, otherwise PSCP will complain that they don't
405 match (unless you specified the \c{-unsafe} option). The following
406 command will give an error message:
408 \c c:\>pscp user@host:"\"oo er\"" .
409 \c warning: remote host tried to write to a file called 'oo er'
410 \c when we requested a file called '"oo er"'.
412 Instead, you need to specify the local file name in full:
414 \c c:\>pscp user@host:"\"oo er\"" "oo er"
416 If PSCP is using the newer SFTP protocol, none of this is a problem,
417 and all filenames with spaces in are specified using a single pair
418 of quotes in the obvious way:
420 \c pscp "local file" user@host:
421 \c pscp user@host:"remote file" .
423 \H{faq-trouble} Troubleshooting
425 \S{faq-incorrect-mac}{Question} Why do I see \q{Incorrect MAC
428 This is due to a bug in old SSH 2 servers distributed by
429 \cw{ssh.com}. Version 2.3.0 and below of their SSH 2 server
430 constructs Message Authentication Codes in the wrong way, and
431 expects the client to construct them in the same wrong way. PuTTY
432 constructs the MACs correctly by default, and hence these old
433 servers will fail to work with it.
435 If you are using PuTTY version 0.52 or better, this should work
436 automatically: PuTTY should detect the buggy servers from their
437 version number announcement, and automatically start to construct
438 its MACs in the same incorrect manner as they do, so it will be able
441 If you are using PuTTY version 0.51 or below, you can enable the
442 workaround by going to the SSH panel and ticking the box labelled
443 \q{Imitate SSH 2 MAC bug}. It's possible that you might have to do
444 this with 0.52 as well, if a buggy server exists that PuTTY doesn't
447 In this context MAC stands for Message Authentication Code. It's a
448 cryptographic term, and it has nothing at all to do with Ethernet
449 MAC (Media Access Control) addresses.
451 \S{faq-pscp-protocol}{Question} Why do I see \q{Fatal: Protocol
452 error: Expected control record} in PSCP?
454 This happens because PSCP was expecting to see data from the server
455 that was part of the PSCP protocol exchange, and instead it saw data
456 that it couldn't make any sense of at all.
458 This almost always happens because the startup scripts in your
459 account on the server machine are generating output. This is
460 impossible for PSCP, or any other SCP client, to work around. You
461 should never use startup files (\c{.bashrc}, \c{.cshrc} and so on)
462 which generate output in non-interactive sessions.
464 This is not actually a PuTTY problem. If PSCP fails in this way,
465 then all other SCP clients are likely to fail in exactly the same
466 way. The problem is at the server end.
468 \S{faq-colours}{Question} I clicked on a colour in the Colours
469 panel, and the colour didn't change in my terminal.
471 That isn't how you're supposed to use the Colours panel.
473 During the course of a session, PuTTY potentially uses \e{all} the
474 colours listed in the Colours panel. It's not a question of using
475 only one of them and you choosing which one; PuTTY will use them
476 \e{all}. The purpose of the Colours panel is to let you adjust the
477 appearance of all the colours. So to change the colour of the
478 cursor, for example, you would select \q{Cursor Colour}, press the
479 \q{Modify} button, and select a new colour from the dialog box that
480 appeared. Similarly, if you want your session to appear in green,
481 you should select \q{Default Foreground} and press \q{Modify}.
482 Clicking on \q{ANSI Green} won't turn your session green; it will
483 only allow you to adjust the \e{shade} of green used when PuTTY is
484 instructed by the server to display green text.
486 \S{faq-winsock2}{Question} Plink on Windows 95 says it can't find
489 Plink requires the extended Windows network library, WinSock version
490 2. This is installed as standard on Windows 98 and above, and on
491 Windows NT, and even on later versions of Windows 95; but early
492 Win95 installations don't have it.
494 In order to use Plink on these systems, you will need to download
496 \W{http://www.microsoft.com/windows95/downloads/contents/wuadmintools/s_wunetworkingtools/w95sockets2/}{WinSock 2 upgrade}:
498 \c http://www.microsoft.com/windows95/downloads/contents/wuadmintools/
499 \c s_wunetworkingtools/w95sockets2/
501 \S{faq-rekey}{Question} My PuTTY sessions close after an hour and
502 tell me \q{Server failed host key check}.
504 This is a bug in all versions of PuTTY up to and including 0.51. SSH
505 v2 servers from \cw{ssh.com} will require the key exchange to be
506 repeated one hour after the start of the connection, and PuTTY will
509 Upgrade to version 0.52 and the problem should go away.
511 \S{faq-outofmem}{Question} After trying to establish an SSH 2
512 connection, PuTTY says \q{Out of memory} and dies.
514 If this happens just while the connection is starting up, this often
515 indicates that for some reason the client and server have failed to
516 establish a session encryption key. Somehow, they have performed
517 calculations that should have given each of them the same key, but
518 have ended up with different keys; so data encrypted by one and
519 decrypted by the other looks like random garbage.
521 This causes an \q{out of memory} error because the first encrypted
522 data PuTTY expects to see is the length of an SSH message. Normally
523 this will be something well under 100 bytes. If the decryption has
524 failed, PuTTY will see a completely random length in the region of
525 two \e{gigabytes}, and will try to allocate enough memory to store
526 this non-existent message. This will immediately lead to it thinking
527 it doesn't have enough memory, and panicking.
529 If this happens to you, it is quite likely to still be a PuTTY bug
530 and you should report it (although it might be a bug in your SSH
531 server instead); but it doesn't necessarily mean you've actually run
534 \S{faq-outofmem2}{Question} When attempting a file transfer, either
535 PSCP or PSFTP says \q{Out of memory} and dies.
537 This is almost always caused by your login scripts on the server
538 generating output. PSCP or PSFTP will receive that output when they
539 were expecting to see the start of a file transfer protocol, and
540 they will attempt to interpret the output as file-transfer protocol.
541 This will usually lead to an \q{out of memory} error for much the
542 same reasons as given in \k{faq-outofmem}.
544 This is a setup problem in your account on your server, \e{not} a
545 PSCP/PSFTP bug. Your login scripts should \e{never} generate output
546 during non-interactive sessions; secure file transfer is not the
547 only form of remote access that will break if they do.
549 On Unix, a simple fix is to ensure that all the parts of your login
550 script that might generate output are in \c{.profile} (if you use a
551 Bourne shell derivative) or \c{.login} (if you use a C shell).
552 Putting them in more general files such as \c{.bashrc} or \c{.cshrc}
553 is liable to lead to problems.
555 \S{faq-psftp-slow} PSFTP transfers files much slower than PSCP.
557 We believe this is because the SFTP and SSH2 protocols are less
558 efficient at bulk data transfer than SCP and SSH1, because every
559 block of data transferred requires an acknowledgment from the far
560 end. It would in theory be possible to queue several blocks of data
561 to get round this speed problem, but as yet we haven't done the
562 coding. If you really want this fixed, feel free to offer to help.
564 \S{faq-bce}{Question} When I run full-colour applications, I see
565 areas of black space where colour ought to be.
567 You almost certainly need to enable the \q{Use background colour to
568 erase screen} setting in the Terminal panel. Note that if you do
569 this in mid-session, it won't take effect until you reset the
570 terminal (see \k{faq-resetterm}).
572 \S{faq-resetterm}{Question} When I change some terminal settings,
575 Some of the terminal options (notably Auto Wrap and
576 background-colour screen erase) actually represent the \e{default}
577 setting, rather than the currently active setting. The server can
578 send sequences that modify these options in mid-session, but when
579 the terminal is reset (by server action, or by you choosing \q{Reset
580 Terminal} from the System menu) the defaults are restored.
582 If you want to change one of these options in the middle of a
583 session, you will find that the change does not immediately take
584 effect. It will only take effect once you reset the terminal.
586 \S{faq-altgr}{Question} I can't type characters that require the
589 In PuTTY version 0.51, the AltGr key was broken. Upgrade to version
592 \S{faq-idleout}{Question} My PuTTY sessions unexpectedly close after
593 they are idle for a while.
595 Some types of firewall, and almost any router doing Network Address
596 Translation (NAT, also known as IP masquerading), will forget about
597 a connection through them if the connection does nothing for too
598 long. This will cause the connection to be rudely cut off when
601 You can try to combat this by telling PuTTY to send \e{keepalives}:
602 packets of data which have no effect on the actual session, but
603 which reassure the router or firewall that the network connection is
604 still active and worth remembering about.
606 Keepalives don't solve everything, unfortunately; although they
607 cause greater robustness against this sort of router, they can also
608 cause a \e{loss} of robustness against network dropouts. See
609 \k{config-keepalive} in the documentation for more discussion of
612 \S{faq-timeout}{Question} PuTTY's network connections time out too
613 quickly when network connectivity is temporarily lost.
615 This is a Windows problem, not a PuTTY problem. The timeout value
616 can't be set on per application or per session basis. To increase
617 the TCP timeout globally, you need to tinker with the Registry.
619 On Windows 95, 98 or ME, the registry key you need to change is
621 \c HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\
622 \c MSTCP\MaxDataRetries
624 (it must be of type DWORD in Win95, or String in Win98/ME).
626 On Windows NT or 2000, the registry key is
628 \c HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\
629 \c Parameters\TcpMaxDataRetransmissions
631 and it must be of type DWORD.
633 Set the key's value to something like 10. This will cause Windows to
634 try harder to keep connections alive instead of abandoning them.
636 \S{faq-puttyputty}{Question} When I \cw{cat} a binary file, I get
637 `PuTTYPuTTYPuTTY' on my command line.
641 This is designed behaviour; when PuTTY receives the character
642 Control-E from the remote server, it interprets it as a request to
643 identify itself, and so it sends back the string \q{\cw{PuTTY}} as
644 if that string had been entered at the keyboard. Control-E should
645 only be sent by programs that are prepared to deal with the
646 response. Writing a binary file to your terminal is likely to output
647 many Control-E characters, and cause this behaviour. Don't do it.
650 To mitigate the effects, you could configure the answerback string
651 to be empty (see \k{config-answerback}); but writing binary files to
652 your terminal is likely to cause various other unpleasant behaviour,
653 so this is only a small remedy.
655 \S{faq-wintitle}{Question} When I \cw{cat} a binary file, my window
656 title changes to a nonsense string.
660 It is designed behaviour that PuTTY should have the ability to
661 adjust the window title on instructions from the server. Normally
662 the control sequence that does this should only be sent
663 deliberately, by programs that know what they are doing and intend
664 to put meaningful text in the window title. Writing a binary file to
665 your terminal runs the risk of sending the same control sequence by
666 accident, and cause unexpected changes in the window title. Don't do
669 \S{faq-password-fails}{Question} My keyboard stops working once
670 PuTTY displays the password prompt.
672 No, it doesn't. PuTTY just doesn't display the password you type, so
673 that someone looking at your screen can't see what it is.
675 Unlike the Windows login prompts, PuTTY doesn't display the password
676 as a row of asterisks either. This is so that someone looking at
677 your screen can't even tell how \e{long} your password is, which
678 might be valuable information.
680 \S{faq-keyboard}{Question} One or more function keys don't do what I
681 expected in a server-side application.
683 If you've already tried all the relevant options in the PuTTY
684 Keyboard panel, you may need to mail the PuTTY maintainers and ask.
686 It is \e{not} usually helpful just to tell us which application,
687 which server operating system, and which key isn't working; in order
688 to replicate the problem we would need to have a copy of every
689 operating system, and every application, that anyone has ever
692 PuTTY responds to function key presses by sending a sequence of
693 control characters to the server. If a function key isn't doing what
694 you expect, it's likely that the character sequence your application
695 is expecting to receive is not the same as the one PuTTY is sending.
696 Therefore what we really need to know is \e{what} sequence the
697 application is expecting.
699 The simplest way to investigate this is to find some other terminal
700 environment, in which that function key \e{does} work; and then
701 investigate what sequence the function key is sending in that
702 situation. One reasonably easy way to do this on a Unix system is to
703 type the command \c{cat}, and then press the function key. This is
704 likely to produce output of the form \c{^[[11~}. You can also do
705 this in PuTTY, to find out what sequence the function key is
706 producing in that. Then you can mail the PuTTY maintainers and tell
707 us \q{I wanted the F1 key to send \c{^[[11~}, but instead it's
708 sending \c{^[OP}, can this be done?}, or something similar.
710 You should still read the
711 \W{http://www.chiark.greenend.org.uk/~sgtatham/putty/feedback.html}{Feedback
712 page} on the PuTTY website (also provided as \k{feedback} in the
713 manual), and follow the guidelines contained in that.
715 \S{faq-broken-openssh31}{Question} Since my SSH server was upgraded to
716 OpenSSH 3.1p1, I can no longer connect with PuTTY.
718 There is a known problem when OpenSSH has been built against an
719 incorrect version of OpenSSL; the quick workaround is to configure
720 PuTTY to use SSH protocol 2 and the Blowfish cipher.
722 This is not a PuTTY-specific problem; if you try to connect with
723 another client you'll likely have similar problems.
725 Configurations known to be broken (and symptoms):
727 \b SSH 2 with AES cipher (PuTTY says "Assertion failed! Expression:
728 (len & 15) == 0" in sshaes.c, or "Out of memory", or crashes)
730 \b SSH 2 with 3DES (PuTTY says "Incorrect MAC received on packet")
732 \b SSH 1 with Blowfish (PuTTY says "Incorrect CRC received on
737 For more details and OpenSSH patches, see
738 \W{http://bugzilla.mindrot.org/show_bug.cgi?id=138}{bug 138} in the
741 \e{Update:} As of OpenSSH 3.4p1 the problem with SSH 1 and Blowfish
742 remains. Apply the patch linked to from bug 138, or use another cipher
743 (e.g., 3DES) instead.
745 \S{faq-ssh2key-ssh1conn}{Question} Why do I see "Couldn't load private
746 key from ..."? Why can PuTTYgen load my key but not PuTTY?
748 It's likely that you've generated an SSH protocol 2 key with PuTTYgen,
749 but you're trying to use it in an SSH 1 connection. SSH1 and SSH2 keys
750 have different formats, and (at least in 0.52) PuTTY's reporting of a
751 key in the wrong format isn't optimal.
753 To connect using SSH 2 to a server that supports both versions, you
754 need to change the configuration from the default (see \k{faq-ssh2}).
756 \H{faq-secure} Security questions
758 \S{faq-publicpc}{Question} Is it safe for me to download PuTTY and
759 use it on a public PC?
761 It depends on whether you trust that PC. If you don't trust the
762 public PC, don't use PuTTY on it, and don't use any other software
763 you plan to type passwords into either. It might be watching your
764 keystrokes, or it might tamper with the PuTTY binary you download.
765 There is \e{no} program safe enough that you can run it on an
766 actively malicious PC and get away with typing passwords into it.
768 If you do trust the PC, then it's probably OK to use PuTTY on it
769 (but if you don't trust the network, then the PuTTY download might
770 be tampered with, so it would be better to carry PuTTY with you on a
773 \S{faq-cleanup}{Question} What does PuTTY leave on a system? How can
776 PuTTY will leave some Registry entries, and a random seed file, on
777 the PC (see \k{faq-settings}). If you are using PuTTY on a public
778 PC, or somebody else's PC, you might want to clean these up when you
779 leave. You can do that automatically, by running the command
782 \S{faq-dsa}{Question} How come PuTTY now supports DSA, when the
783 website used to say how insecure it was?
785 DSA has a major weakness \e{if badly implemented}: it relies on a
786 random number generator to far too great an extent. If the random
787 number generator produces a number an attacker can predict, the DSA
788 private key is exposed - meaning that the attacker can log in as you
789 on all systems that accept that key.
791 The PuTTY policy changed because the developers were informed of
792 ways to implement DSA which do not suffer nearly as badly from this
793 weakness, and indeed which don't need to rely on random numbers at
794 all. For this reason we now believe PuTTY's DSA implementation is
795 probably OK. However, if you have the choice, we still recommend you
798 \S{faq-virtuallock}{Question} Couldn't Pageant use \c{VirtualLock()}
799 to stop private keys being written to disk?
801 Unfortunately not. The \c{VirtualLock()} function in the Windows API
802 doesn't do a proper job: it may prevent small pieces of a process's
803 memory from being paged to disk while the process is running, but it
804 doesn't stop the process's memory as a whole from being swapped
805 completely out to disk when the process is long-term inactive. And
806 Pageant spends most of its time inactive.
808 \H{faq-admin} Administrative questions
810 \S{faq-domain}{Question} Would you like me to register you a nicer
813 No, thank you. Even if you can find one (most of them seem to have
814 been registered already, by people who didn't ask whether we
815 actually wanted it before they applied), we're happy with the PuTTY
816 web site being exactly where it is. It's not hard to find (just type
817 \q{putty} into \W{http://www.google.com/}{google.com} and we're the
818 first link returned), and we don't believe the administrative hassle
819 of moving the site would be worth the benefit.
821 In addition, if we \e{did} want a custom domain name, we would want
822 to run it ourselves, so we knew for certain that it would continue
823 to point where we wanted it, and wouldn't suddenly change or do
824 strange things. Having it registered for us by a third party who we
825 don't even know is not the best way to achieve this.
827 \S{faq-webhosting}{Question} Would you like free web hosting for the
830 We already have some, thanks.
832 \S{faq-sourceforge}{Question} Why don't you move PuTTY to
835 Partly, because we don't want to move the web site location (see
838 Also, security reasons. PuTTY is a security product, and as such it
839 is particularly important to guard the code and the web site against
840 unauthorised modifications which might introduce subtle security
841 flaws. Therefore, we prefer that the CVS repository, web site and
842 FTP site remain where they are, under the direct control of system
843 administrators we know and trust personally, rather than being run
844 by a large organisation full of people we've never met and which is
845 known to have had breakins in the past.
847 No offence to SourceForge; I think they do a wonderful job. But
848 they're not ideal for everyone, and in particular they're not ideal
851 \S{faq-mailinglist1}{Question} Why can't I subscribe to the
852 putty-bugs mailing list?
854 Because you're not a member of the PuTTY core development team. The
855 putty-bugs mailing list is not a general newsgroup-like discussion
856 forum; it's a contact address for the core developers, and an
857 \e{internal} mailing list for us to discuss things among ourselves.
858 If we opened it up for everybody to subscribe to, it would turn into
859 something more like a newsgroup and we would be completely
860 overwhelmed by the volume of traffic. It's hard enough to keep up
861 with the list as it is.
863 \S{faq-mailinglist2}{Question} If putty-bugs isn't a
864 general-subscription mailing list, what is?
866 There isn't one, that we know of.
868 If someone else wants to set up a mailing list for PuTTY users to
869 help each other with common problems, that would be fine with us;
870 but the PuTTY team would almost certainly not have the time to read
871 it, so any questions the list couldn't answer would have to be
872 forwarded on to us by the questioner. In any case, it's probably
873 better to use the established newsgroup \cw{comp.security.ssh} for
876 \S{faq-donations}{Question} How can I donate to PuTTY development?
878 Please, \e{please} don't feel you have to. PuTTY is completely free
879 software, and not shareware. We think it's very important that
880 \e{everybody} who wants to use PuTTY should be able to, whether they
881 have any money or not; so the last thing we would want is for a
882 PuTTY user to feel guilty because they haven't paid us any money. If
883 you want to keep your money, please do keep it. We wouldn't dream of
886 Having said all that, if you still really \e{want} to give us money,
887 we won't argue :-) The easiest way for us to accept donations is if
888 you go to \W{http://www.e-gold.com}\cw{www.e-gold.com}, and deposit
889 your donation in account number 174769. Then send us e-mail to let
890 us know you've done so (otherwise we might not notice for months!).
891 Alternatively, if e-gold isn't convenient for you, you can donate to
892 \cw{<anakin@pobox.com>} using PayPal
893 (\W{http://www.paypal.com/}\cw{www.paypal.com}).
895 Small donations (tens of dollars or tens of euros) will probably be
896 spent on beer or curry, which helps motivate our volunteer team to
897 continue doing this for the world. Larger donations will be spent on
898 something that actually helps development, if we can find anything
899 (perhaps new hardware, or a copy of Windows XP), but if we can't
900 find anything then we'll just distribute the money among the
901 developers. If you want to be sure your donation is going towards
902 something worthwhile, ask us first. If you don't like these terms,
903 feel perfectly free not to donate. We don't mind.
905 \H{faq-misc} Miscellaneous questions
907 \S{faq-openssh}{Question} Is PuTTY a port of OpenSSH, or based on
910 No, it isn't. PuTTY is almost completely composed of code written
911 from scratch for PuTTY. The only code we share with OpenSSH is the
912 detector for SSH1 CRC compensation attacks, written by CORE SDI S.A.
914 \S{faq-sillyputty}{Question} Where can I buy silly putty?
916 You're looking at the wrong web site; the only PuTTY we know about
917 here is the name of a computer program.
919 If you want the kind of putty you can buy as an executive toy, the
920 PuTTY team can personally recommend Thinking Putty, which you can
921 buy from Crazy Aaron's Putty World, at
922 \W{http://www.puttyworld.com}\cw{www.puttyworld.com}.
924 \S{faq-pronounce}{Question} How do I pronounce PuTTY?
926 Exactly like the normal word \q{putty}. Just like the stuff you put
927 on window frames. (One of the reasons it's called PuTTY is because
928 it makes Windows usable. :-)