PuTTY also requires a random number seed file, to improve the
unpredictability of randomly chosen data needed as part of the SSH
-cryptography. This is stored by default in your Windows home
-directory (\c{%HOMEDRIVE%\\%HOMEPATH%}), or in the actual Windows
-directory (such as \c{C:\\WINDOWS}) if the home directory doesn't
-exist, for example if you're using Win95. If you want to change the
-location of the random number seed file, you can put your chosen
-pathname in the Registry, at
+cryptography. This is stored by default in a file called \i\c{PUTTY.RND}
+in your Windows home directory (\c{%HOMEDRIVE%\\%HOMEPATH%}), or in
+the actual Windows directory (such as \c{C:\\WINDOWS}) if the home
+directory doesn't exist, for example if you're using Win95. If you
+want to change the location of the random number seed file, you can
+put your chosen pathname in the Registry, at
\c HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\RandSeedFile
\W{http://support.microsoft.com/default.aspx?scid=kb;en-us;158474}{158474}
for more information.)
-On Windows NT or 2000, the registry key is
+On Windows NT, 2000, or XP, the registry key to create or change is
\c HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\
\c Parameters\TcpMaxDataRetransmissions
and it must be of type DWORD.
-(See MS Knowledge Base article
+(See MS Knowledge Base articles
\W{http://support.microsoft.com/default.aspx?scid=kb;en-us;120642}{120642}
+and
+\W{http://support.microsoft.com/default.aspx?scid=kb;en-us;314053}{314053}
for more information.)
Set the key's value to something like 10. This will cause Windows to
\e{OpenSSH 3.1p1:} configurations known to be broken (and symptoms):
-\b SSH-2 with AES cipher (PuTTY says "Assertion failed! Expression:
-(len & 15) == 0" in sshaes.c, or "Out of memory", or crashes)
+\b SSH-2 with AES cipher (PuTTY says \q{Assertion failed! Expression:
+(len & 15) == 0} in \cw{sshaes.c}, or \q{Out of memory}, or crashes)
-\b SSH-2 with 3DES (PuTTY says "Incorrect MAC received on packet")
+\b SSH-2 with 3DES (PuTTY says \q{Incorrect MAC received on packet})
-\b SSH-1 with Blowfish (PuTTY says "Incorrect CRC received on
-packet")
+\b SSH-1 with Blowfish (PuTTY says \q{Incorrect CRC received on
+packet})
\b SSH-1 with 3DES
and workarounds with older versions of OpenSSH, although it's not
clear the underlying cause is the same.
-\S{faq-ssh2key-ssh1conn}{Question} Why do I see "Couldn't load private
-key from ..."? Why can PuTTYgen load my key but not PuTTY?
+\S{faq-ssh2key-ssh1conn}{Question} Why do I see \q{Couldn't load
+private key from ...}? Why can PuTTYgen load my key but not PuTTY?
It's likely that you've generated an SSH protocol 2 key with PuTTYgen,
but you're trying to use it in an SSH-1 connection. SSH-1 and SSH-2 keys
about further occurrences. See \k{errors-connaborted} for our current
documentation of this error.
+\S{faq-rekey}{Question} My SSH-2 session \I{locking up, SSH-2
+sessions}locks up for a few seconds every so often.
+
+Recent versions of PuTTY automatically initiate \i{repeat key
+exchange} once per hour, to improve session security. If your client
+or server machine is slow, you may experience this as a delay of
+anything up to thirty seconds or so.
+
+These \I{delays, in SSH-2 sessions}delays are inconvenient, but they
+are there for your protection. If they really cause you a problem,
+you can choose to turn off periodic rekeying using the \q{Kex}
+configuration panel (see \k{config-ssh-kex}), but be aware that you
+will be sacrificing security for this. (Falling back to SSH-1 would
+also remove the delays, but would lose a \e{lot} more security
+still. We do not recommend it.)
+
\H{faq-secure} Security questions
\S{faq-publicpc}{Question} Is it safe for me to download PuTTY and