-\define{versionidfaq} \versionid $Id$
-
\A{faq} PuTTY \i{FAQ}
This FAQ is published on the PuTTY web site, and also provided as an
Yes. SSH-1 support has always been available in PuTTY.
+However, the SSH-1 protocol has many weaknesses and is no longer
+considered secure; you should use SSH-2 instead if at all possible.
+
+As of 0.68, PuTTY will no longer fall back to SSH-1 if the server
+doesn't appear to support SSH-2; you must explicitly ask for SSH-1.
+
\S{faq-localecho}{Question} Does PuTTY support \i{local echo}?
Yes. Version 0.52 has proper support for local echo.
does make \e{that} much difference.
If you're having a specific problem with host key checking - perhaps
-you want an automated batch job to make use of PSCP or Plink, and
-the interactive host key prompt is hanging the batch process - then
-the right way to fix it is to add the correct host key to the
-Registry in advance. That way, you retain the \e{important} feature
-of host key checking: the right key will be accepted and the wrong
-ones will not. Adding an option to turn host key checking off
-completely is the wrong solution and we will not do it.
+you want an automated batch job to make use of PSCP or Plink, and the
+interactive host key prompt is hanging the batch process - then the
+right way to fix it is to add the correct host key to the Registry in
+advance, or if the Registry is not available, to use the \cw{-hostkey}
+command-line option. That way, you retain the \e{important} feature of
+host key checking: the right key will be accepted and the wrong ones
+will not. Adding an option to turn host key checking off completely is
+the wrong solution and we will not do it.
If you have host keys available in the common \i\c{known_hosts} format,
we have a script called
-\W{http://svn.tartarus.org/sgt/putty/contrib/kh2reg.py?view=markup}\c{kh2reg.py}
+\W{https://git.tartarus.org/?p=simon/putty.git;a=blob;f=contrib/kh2reg.py;hb=HEAD}\c{kh2reg.py}
to convert them to a Windows .REG file, which can be installed ahead of
time by double-clicking or using \c{REGEDIT}.
\S{faq-ports-general}{Question} What ports of PuTTY exist?
-Currently, release versions of PuTTY tools only run on full Win32
-systems and Unix. \q{Win32} includes Windows 95, 98, and ME, and it
-includes Windows NT, 2000, XP, and Vista.
+Currently, release versions of PuTTY tools only run on Windows
+systems and Unix.
+
+As of 0.68, the supplied PuTTY executables run on versions of
+Windows from XP onwards, up to and including Windows 10; and we
+know of no reason why PuTTY should not continue to work on
+future versions of Windows.
-In the development code, partial ports to the Mac OSes exist (see
+The 32-bit Windows executables we provide for the \q{\i{x86}}
+processor architecture should also work fine on 64-bit processors
+that are backward-compatible with that architecture. The 64-bit
+executables will only work on 64-bit versions of Windows. They
+will run somewhat faster than 32-bit executables would on the
+same processor, but will consume slightly more memory.
+
+(We used to also provide executables for Windows for the Alpha
+processor, but stopped after 0.58 due to lack of interest.)
+
+In the development code, a partial port to Mac OS exists (see
\k{faq-mac-port}).
-Currently PuTTY does \e{not} run on Windows CE (see \k{faq-wince}),
-and it does not quite run on the Win32s environment under Windows
-3.1 (see \k{faq-win31}).
+Currently PuTTY does \e{not} run on Windows CE (see \k{faq-wince}).
We do not have release-quality ports for any other systems at the
-present time. If anyone told you we had an EPOC port, or an iPaq port,
-or any other port of PuTTY, they were mistaken. We don't.
+present time. If anyone told you we had an Android port, or an iOS
+port, or any other port of PuTTY, they were mistaken. We don't.
There are some third-party ports to various platforms, mentioned
on the
subdirectory. There are a couple of ways of building it,
including the usual \c{configure}/\c{make}; see the file \c{README}
in the source distribution. This should build you Unix
-ports of Plink, PuTTY itself, PuTTYgen, PSCP, PSFTP, and also
+ports of Plink, PuTTY itself, PuTTYgen, PSCP, PSFTP, Pageant, and also
\i\c{pterm} - an \cw{xterm}-type program which supports the same
-terminal emulation as PuTTY. We do not yet have a Unix port of
-Pageant.
+terminal emulation as PuTTY.
If you don't have \i{Gtk}, you should still be able to build the
command-line tools.
-Note that Unix PuTTY has mostly only been tested on Linux so far;
-portability problems such as BSD-style ptys or different header file
-requirements are expected.
-
\S{faq-unix-why}{Question} What's the point of the Unix port? Unix
has OpenSSH.
C at least have stopped being backwards compatible to Win32s. Also,
the last time we tried this it didn't work very well.
-If you're interested in running PuTTY under Windows 3.1, help and
-testing in this area would be very welcome!
-
\S{faq-mac-port}{Question} Will there be a port to the \I{Mac OS}Mac?
-There are several answers to this question:
+We hope so!
-\b The Unix/Gtk port is already fully working under Mac OS X as an X11
-application.
+We attempted one around 2005, written as a native Cocoa application,
+but it turned out to be very slow to redraw its window for some reason
+we never got to the bottom of.
-\b A native (Cocoa) Mac OS X port has been started. It's just about
-usable, but is of nowhere near release quality yet, and is likely to
-behave in unexpected ways. Currently it's unlikely to be completed
-unless someone steps in to help.
+In 2015, after porting the GTK front end to work with GTK 3, we began
+another attempt based on making small changes to the GTK code and
+building it against the OS X Quartz version of GTK 3. This doesn't
+seem to have the window redrawing problem any more, so it's already
+got further than the last effort, but it is still substantially
+unfinished.
-\b A separate port to the classic Mac OS (pre-OSX) is also in
-progress; it too is not ready yet.
+If any OS X and/or GTK programming experts are keen to have a finished
+version of this, we urge them to help out with some of the remaining
+problems!
\S{faq-epoc}{Question} Will there be a port to EPOC?
We have no plans to write such a port ourselves; none of us has an
iPhone, and developing and publishing applications for it looks
-awkward and expensive. Such a port would probably depend upon the
-stalled Mac OS X port (see \k{faq-mac-port}).
+awkward and expensive.
However, there is a third-party SSH client for the iPhone and
iPod\_Touch called \W{http://www.instantcocoa.com/products/pTerm/}{pTerm},
\W{http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/xp-wont-run}{\q{xp-wont-run}}
entry in PuTTY's wishlist has more details.
+\S{faq-system32}{Question} When I put 32-bit PuTTY in
+\cw{C:\\WINDOWS\\\i{SYSTEM32}} on my \i{64-bit Windows} system,
+\i{\q{Duplicate Session}} doesn't work.
+
+The short answer is not to put the PuTTY executables in that location.
+
+On 64-bit systems, \cw{C:\\WINDOWS\\SYSTEM32} is intended to contain
+only 64-bit binaries; Windows' 32-bit binaries live in
+\cw{C:\\WINDOWS\\SYSWOW64}. When a 32-bit PuTTY executable runs
+on a 64-bit system, it cannot by default see the \q{real}
+\cw{C:\\WINDOWS\\SYSTEM32} at all, because the
+\W{http://msdn.microsoft.com/en-us/library/aa384187(v=vs.85).aspx}{File
+System Redirector} arranges that the running program sees the
+appropriate kind of binaries in \cw{SYSTEM32}. Thus, operations in
+the PuTTY suite that involve it accessing its own executables, such as
+\i{\q{New Session}} and \q{Duplicate Session}, will not work.
+
\H{faq-secure} Security questions
\S{faq-publicpc}{Question} Is it safe for me to download PuTTY and
If you do trust the PC, then it's probably OK to use PuTTY on it
(but if you don't trust the network, then the PuTTY download might
be tampered with, so it would be better to carry PuTTY with you on a
-floppy).
+USB stick).
\S{faq-cleanup}{Question} What does PuTTY leave on a system? How can
I \i{clean up} after it?
PuTTY will leave some Registry entries, and a random seed file, on
-the PC (see \k{faq-settings}). If you are using PuTTY on a public
-PC, or somebody else's PC, you might want to clean these up when you
-leave. You can do that automatically, by running the command
-\c{putty -cleanup}. (Note that this only removes settings for
-the currently logged-in user on \i{multi-user systems}.)
+the PC (see \k{faq-settings}). Windows 7 and up also remember some
+information about recently launched sessions for the \q{jump list}
+feature.
+
+If you are using PuTTY on a public PC, or somebody else's PC, you
+might want to clean this information up when you leave. You can do
+that automatically, by running the command \c{putty -cleanup}. See
+\k{using-cleanup} in the documentation for more detail. (Note that
+this only removes settings for the currently logged-in user on
+\i{multi-user systems}.)
If PuTTY was installed from the installer package, it will also
-appear in \q{Add/Remove Programs}. Older versions of the uninstaller
-do not remove the above-mentioned registry entries and file.
+appear in \q{Add/Remove Programs}. Current versions of the installer
+do not offer to remove the above-mentioned items, so if you want them
+removed you should run \c{putty -cleanup} before uninstalling.
\S{faq-dsa}{Question} How come PuTTY now supports \i{DSA}, when the
website used to say how insecure it was?
ways to implement DSA which do not suffer nearly as badly from this
weakness, and indeed which don't need to rely on random numbers at
all. For this reason we now believe PuTTY's DSA implementation is
-probably OK. However, if you have the choice, we still recommend you
-use RSA instead.
+probably OK.
+
+The recently added elliptic-curve signature methods are also DSA-style
+algorithms, so they have this same weakness in principle. Our ECDSA
+implementation uses the same defence as DSA, while our Ed25519
+implementation uses the similar system (but different in details) that
+the Ed25519 spec mandates.
\S{faq-virtuallock}{Question} Couldn't Pageant use
\cw{VirtualLock()} to stop private keys being written to disk?
Also, security reasons. PuTTY is a security product, and as such it
is particularly important to guard the code and the web site against
unauthorised modifications which might introduce subtle security
-flaws. Therefore, we prefer that the Subversion repository, web site and
+flaws. Therefore, we prefer that the Git repository, web site and
FTP site remain where they are, under the direct control of system
administrators we know and trust personally, rather than being run
by a large organisation full of people we've never met and which is
PuTTY tools. Unless someone else is prepared to do the necessary work
and pay any costs, we can't provide this.
+\S{faq-vendor}{Question} As one of our existing software vendors, can
+you just fill in this questionnaire for us?
+
+We periodically receive requests like this, from organisations which
+have apparently sent out a form letter to everyone listed in their big
+spreadsheet of \q{software vendors} requiring them all to answer some
+long list of questions about supported OS versions, paid support
+arrangements, compliance with assorted local regulations we haven't
+heard of, contact phone numbers, and other such administrivia. Many of
+the questions are obviously meaningless when applied to PuTTY (we
+don't provide any paid support in the first place!), most of the rest
+could have been answered with only a very quick look at our website,
+and some we are actively unwilling to answer (we are private
+individuals, why would we want to give out our home phone numbers to
+large corporations?).
+
+We don't make a habit of responding in full to these questionnaires,
+because \e{we are not a software vendor}.
+
+A software \e{vendor} is a company to which you are paying lots of
+money in return for some software. They know who you are, and they
+know you're paying them money; so they have an incentive to fill in
+your forms and questionnaires, to research any local regulations you
+cite if they don't already know about them, and generally to provide
+every scrap of information you might possibly need in the most
+convenient manner for you, because they want to keep being paid.
+
+But we are a team of free software developers, and that means your
+relationship with us is nothing like that at all. If you once
+downloaded our software from our website, that's great and we hope you
+found it useful, but it doesn't mean we have the least idea who you
+are, or any incentive to do lots of unpaid work to support our
+\q{relationship} with you.
+
+It's not that we are unwilling to \e{provide information}. We put as
+much of it as we can on our website for your convenience, and if you
+actually need to know some fact about PuTTY which you haven't been
+able to find on the website (and which is not obviously inapplicable
+to free software in the first place) then please do ask us, and we'll
+try to answer as best we can. But we put up the website and this FAQ
+precisely so that we \e{don't} have to keep answering the same
+questions over and over again, so we aren't prepared to fill in
+completely generic form-letter questionnaires for people who haven't
+done their best to find the answers here first.
+
+If you work for an organisation which you think might be at risk of
+making this mistake, we urge you to reorganise your list of software
+suppliers so that it clearly distinguishes paid vendors who know about
+you from free software developers who don't have any idea who you are.
+Then, only send out these mass mailings to the former.
+
+\S{faq-checksums}{Question} The \c{sha1sums} / \c{sha256sums} / etc
+files on your download page don't match the binaries.
+
+People report this every so often, and usually the reason turns out to
+be that they've matched up the wrong checksums file with the wrong
+binaries.
+
+The PuTTY download page contains more than one version of the
+software. There's a \e{latest release} version; there are the
+\e{development snapshots}; and when we're in the run-up to making a
+release, there are also \e{pre-release} builds of the upcoming new
+version. Each one has its own collection of binaries, and its own
+collection of checksums files to go with them.
+
+So if you've downloaded the release version of the actual program, you
+need the release version of the checksums too, otherwise you will see
+a mismatch. Similarly, the development snapshot binaries go with the
+development snapshot checksums, and so on. (We've colour-coded the
+download page in an effort to reduce this confusion a bit.)
+
+If you have double-checked that, and you still think there's a real
+mismatch, then please send us a report carefully quoting everything
+relevant:
+
+\b the exact URL you got your binary from
+
+\b the checksum of the binary after you downloaded
+
+\b the exact URL you got your checksums file from
+
+\b the checksum that file says the binary should have.
+
\H{faq-misc} Miscellaneous questions
\S{faq-openssh}{Question} Is PuTTY a port of \i{OpenSSH}, or based on
projects / PuTTY.git / blobdiff