• PuTTY User Manual
• Introduction to PuTTY
  • What are SSH, Telnet, Rlogin, and SUPDUP?
  • How do SSH, Telnet, Rlogin, and SUPDUP differ?
• Getting started with PuTTY
  • Starting a session
  • Verifying the host key (SSH only)
  • Logging in
  • After logging in
  • Logging out
• Using PuTTY
  • During your session
    • Copying and pasting text
    • Scrolling the screen back
    • The System menu
      • The PuTTY Event Log
      • Special commands
      • Starting new sessions
      • Changing your session settings
      • Copy All to Clipboard
      • Clearing and resetting the terminal
      • Full screen mode
  • Creating a log file of your session
  • Altering your character set configuration
  • Using X11 forwarding in SSH
  • Using port forwarding in SSH
  • Connecting to a local serial line
  • Making raw TCP connections
  • Connecting using the Telnet protocol
  • Connecting using the Rlogin protocol
  • Connecting using the SUPDUP protocol
  • The PuTTY command line
    • Starting a session from the command line
    • -cleanup
    • Standard command-line options
      • -load: load a saved session
      • Selecting a protocol: -ssh, -ssh-connection, -telnet, -rlogin, -supdup, -raw, -serial
      • -v: increase verbosity
      • -l: specify a login name
      • -L, -R and -D: set up port forwardings
      • -m: read a remote command or script from a file
      • -P: specify a port number
      • -pwfile and -pw: specify a password
      • -agent and -noagent: control use of Pageant for authentication
      • -A and -a: control agent forwarding
      • -X and -x: control X11 forwarding
      • -t and -T: control pseudo-terminal allocation
      • -N: suppress starting a shell or command
      • -nc: make a remote network connection in place of a remote shell or command
      • -C: enable compression
      • -1 and -2: specify an SSH protocol version
      • -4 and -6: specify an Internet protocol version
      • -i: specify an SSH private key
      • -cert: specify an SSH certificate
      • -no-trivial-auth: disconnect if SSH authentication succeeds trivially
      • -loghost: specify a logical host name
      • -hostkey: manually specify an expected host key
      • -pgpfp: display PGP key fingerprints
      • -sercfg: specify serial port configuration
      • -sessionlog, -sshlog, -sshrawlog: enable session logging
      • -logoverwrite, -logappend: control behaviour with existing log file
      • -proxycmd: specify a local proxy command
      • -restrict-acl: restrict the Windows process ACL
      • -host-ca: launch the host CA configuration
• Configuring PuTTY
  • The Session panel
    • The host name section
    • Loading and storing saved sessions
    • Close window on exit
  • The Logging panel
    • Log file name
    • What to do if the log file already exists
    • Flush log file frequently
    • Include header
    • Options specific to SSH packet logging
      • Omit known password fields
      • Omit session data
  • The Terminal panel
    • Auto wrap mode initially on
    • DEC Origin Mode initially on
    • Implicit CR in every LF
    • Implicit LF in every CR
    • Use background colour to erase screen
    • Enable blinking text
    • Answerback to ^E
    • Local echo
    • Local line editing
    • Remote-controlled printing
  • The Keyboard panel
    • Changing the action of the Backspace key
    • Changing the action of the Home and End keys
    • Changing the action of the function keys and keypad
    • Changing the action of the shifted arrow keys
    • Controlling Application Cursor Keys mode
    • Controlling Application Keypad mode
    • Using NetHack keypad mode
    • Enabling a DEC-like Compose key
    • Control-Alt is different from AltGr
  • The Bell panel
    • Set the style of bell
    • Taskbar/caption indication on bell
    • Control the bell overload behaviour
  • The Features panel
    • Disabling application keypad and cursor keys
    • Disabling xterm-style mouse reporting
    • Disabling remote terminal resizing
    • Disabling switching to the alternate screen
    • Disabling remote window title changing
    • Response to remote window title querying
    • Disabling remote scrollback clearing
    • Disabling destructive backspace
    • Disabling remote character set configuration
    • Disabling Arabic text shaping
    • Disabling bidirectional text display
  • The Window panel
    • Setting the size of the PuTTY window
    • What to do when the window is resized
    • Controlling scrollback
    • Push erased text into scrollback
  • The Appearance panel
    • Controlling the appearance of the cursor
    • Controlling the font used in the terminal window
    • Hide mouse pointer when typing in window
    • Controlling the window border
  • The Behaviour panel
    • Controlling the window title
    • Warn before closing window
    • Window closes on ALT-F4
    • System menu appears on ALT-Space
    • System menu appears on Alt alone
    • Ensure window is always on top
    • Full screen on Alt-Enter
  • The Translation panel
    • Controlling character set translation
    • Treat CJK ambiguous characters as wide
    • Caps Lock acts as Cyrillic switch
    • Controlling display of line-drawing characters
    • Controlling copy and paste of line drawing characters
    • Combining VT100 line-drawing with UTF-8
  • The Selection panel
    • Changing the actions of the mouse buttons
    • Shift overrides application's use of mouse
    • Default selection mode
    • Assigning copy and paste actions to clipboards
      • Auto-copy selected text
      • Choosing a clipboard for UI actions
    • Permit control characters in pasted text
  • The Copy panel
    • Character classes
    • Copying in Rich Text Format
  • The Colours panel
    • Allow terminal to specify ANSI colours
    • Allow terminal to use xterm 256-colour mode
    • Allow terminal to use 24-bit colour
    • Indicate bolded text by changing...
    • Attempt to use logical palettes
    • Use system colours
    • Adjusting the colours in the terminal window
  • The Connection panel
    • Using keepalives to prevent disconnection
    • Disable Nagle's algorithm
    • Enable TCP keepalives
    • Internet protocol version
    • Logical name of remote host
  • The Data panel
    • Auto-login username
    • Use of system username
    • Terminal-type string
    • Terminal speeds
    • Setting environment variables on the server
  • The Proxy panel
    • Setting the proxy type
    • Excluding parts of the network from proxying
    • Name resolution when using a proxy
    • Username and password
    • Specifying the Telnet, SSH, or Local proxy command
    • Controlling proxy logging
  • The SSH panel
    • Executing a specific command on the server
    • Don't start a shell or command at all
    • Enable compression
    • SSH protocol version
    • Sharing an SSH connection between PuTTY tools
  • The Kex panel
    • Key exchange algorithm selection
      • GSSAPI-based key exchange
    • Repeat key exchange
  • The Host Keys panel
    • Host key type selection
    • Preferring known host keys
    • Manually configuring host keys
    • Configuring PuTTY to accept host certificates
      • Expressions you can enter in Valid hosts
      • RSA signature types in certificates
  • The Cipher panel
  • The Auth panel
    • Display pre-authentication banner
    • Bypass authentication entirely
    • Disconnect if authentication succeeds trivially
    • Attempt authentication using Pageant
    • Attempt TIS or CryptoCard authentication
    • Attempt keyboard-interactive authentication
    • Allow agent forwarding
    • Allow attempted changes of username in SSH-2
  • The Credentials panel
    • Private key file for authentication
    • Certificate to use with the private key
    • Plugin to provide authentication responses
  • The GSSAPI panel
    • Allow GSSAPI credential delegation
    • Preference order for GSSAPI libraries
  • The TTY panel
    • Don't allocate a pseudo-terminal
    • Sending terminal modes
  • The X11 panel
    • Remote X11 authentication
    • X authority file for local display
  • The Tunnels panel
    • Controlling the visibility of forwarded ports
    • Selecting Internet protocol version for forwarded ports
  • The Bugs and More Bugs panels
    • Chokes on SSH-2 ignore messages
    • Handles SSH-2 key re-exchange badly
    • Chokes on PuTTY's SSH-2 winadj requests
    • Replies to requests on closed channels
    • Ignores SSH-2 maximum packet size
    • Discards data sent before its greeting
    • Chokes on PuTTY's full KEXINIT
    • Old RSA/SHA2 cert algorithm naming
    • Requires padding on SSH-2 RSA signatures
    • Only supports pre-RFC4419 SSH-2 DH GEX
    • Miscomputes SSH-2 HMAC keys
    • Misuses the session ID in SSH-2 PK auth
    • Miscomputes SSH-2 encryption keys
    • Chokes on SSH-1 ignore messages
    • Refuses all SSH-1 password camouflage
    • Chokes on SSH-1 RSA authentication
  • The Bare ssh-connection protocol
  • The Serial panel
    • Selecting a serial line to connect to
    • Selecting the speed of your serial line
    • Selecting the number of data bits
    • Selecting the number of stop bits
    • Selecting the serial parity checking scheme
    • Selecting the serial flow control scheme
  • The Telnet panel
    • Handling of OLD_ENVIRON ambiguity
    • Passive and active Telnet negotiation modes
    • Keyboard sends Telnet special commands
    • Return key sends Telnet New Line instead of ^M
  • The Rlogin panel
    • Local username
  • The SUPDUP panel
    • Location string
    • Extended ASCII Character set
    • **MORE** processing
    • Terminal scrolling
  • Storing configuration in a file
• Using PSCP to transfer files securely
  • Starting PSCP
  • PSCP Usage
    • The basics
      • user
      • host
      • source
      • target
    • Options
      • -ls list remote files
      • -p preserve file attributes
      • -q quiet, don't show statistics
      • -r copies directories recursively
      • -batch avoid interactive prompts
      • -sftp, -scp force use of particular file transfer protocol
      • -no-sanitise-stderr: control error message sanitisation
    • Return value
    • Using public key authentication with PSCP
• Using PSFTP to transfer files securely
  • Starting PSFTP
    • -b: specify a file containing batch commands
    • -bc: display batch commands as they are run
    • -be: continue batch processing on errors
    • -batch: avoid interactive prompts
      • -no-sanitise-stderr: control error message sanitisation
  • Running PSFTP
    • General quoting rules for PSFTP commands
    • Wildcards in PSFTP
    • The open command: start a session
    • The quit command: end your session
    • The close command: close your connection
    • The help command: get quick online help
    • The cd and pwd commands: changing the remote working directory
    • The lcd and lpwd commands: changing the local working directory
    • The get command: fetch a file from the server
    • The put command: send a file to the server
    • The mget and mput commands: fetch or send multiple files
    • The reget and reput commands: resuming file transfers
    • The dir command: list remote files
    • The chmod command: change permissions on remote files
    • The del command: delete remote files
    • The mkdir command: create remote directories
    • The rmdir command: remove remote directories
    • The mv command: move and rename remote files
    • The ! command: run a local Windows command
  • Using public key authentication with PSFTP
• Using the command-line connection tool Plink
  • Starting Plink
  • Using Plink
    • Using Plink for interactive logins
    • Using Plink for automated connections
    • Plink command line options
      • -batch: disable all interactive prompts
      • -s: remote command is SSH subsystem
      • -share: Test and try to share an existing connection.
      • -shareexists: test for connection-sharing upstream
      • -sanitise-stream: control output sanitisation
      • -no-antispoof: turn off authentication spoofing protection prompt
  • Using Plink in batch files and scripts
  • Using Plink with CVS
  • Using Plink with WinCVS
• Using public keys for SSH authentication
  • Public key authentication - an introduction
  • Using PuTTYgen, the PuTTY key generator
    • Generating a new key
    • Selecting the type of key
    • Selecting the size (strength) of the key
    • Selecting the prime generation method
    • The Generate button
    • The Key fingerprint box
    • Setting a comment for your key
    • Setting a passphrase for your key
    • Adding a certificate to your key
    • Saving your private key to a disk file
    • Saving your public key to a disk file
    • Public key for pasting into OpenSSH authorized_keys file
    • Parameters for saving key files
      • PPK file version
      • Options affecting passphrase hashing
    • Reloading a private key
    • Dealing with private keys in other formats
    • PuTTYgen command-line configuration
  • Getting ready for public key authentication
• Using Pageant for authentication
  • Getting started with Pageant
  • The Pageant main window
    • The key list box
    • The Add Key button
    • The Remove Key button
  • The Pageant command line
    • Making Pageant automatically load keys on startup
    • Making Pageant run another program
    • Integrating with Windows OpenSSH
    • Unix-domain sockets: integrating with WSL 1
    • Starting with the key list visible
    • Restricting the Windows process ACL
  • Using agent forwarding
  • Loading keys without decrypting them
  • Security considerations
• Common error messages
  • The host key is not cached for this server
  • WARNING - POTENTIAL SECURITY BREACH!
  • This server presented a certified host key which was signed by a different certification authority ...
  • SSH protocol version 2 required by our configuration but remote only provides (old, insecure) SSH-1
  • The first cipher supported by the server is ... below the configured warning threshold
  • Remote side sent disconnect message type 2 (protocol error): "Too many authentication failures for root"
  • Out of memory
  • Internal error, Internal fault, Assertion failed
  • Unable to use key file, Couldn't load private key, Couldn't load this key
  • Server refused our key, Server refused our public key, Key refused
  • Access denied, Authentication refused
  • No supported authentication methods available
  • Incorrect MAC received on packet or Incorrect CRC received on packet
  • Incoming packet was garbled on decryption
  • PuTTY X11 proxy: various errors
  • Network error: Software caused connection abort
  • Network error: Connection reset by peer
  • Network error: Connection refused
  • Network error: Connection timed out
  • Network error: Cannot assign requested address
• PuTTY FAQ
  • Introduction
    • What is PuTTY?
  • Features supported in PuTTY
    • Does PuTTY support SSH-2?
    • Does PuTTY support reading OpenSSH or ssh.com SSH-2 private key files?
    • Does PuTTY support SSH-1?
    • Does PuTTY support local echo?
    • Does PuTTY support storing settings, so I don't have to change them every time?
    • Does PuTTY support storing its settings in a disk file?
    • Does PuTTY support full-screen mode, like a DOS box?
    • Does PuTTY have the ability to remember my password so I don't have to type it every time?
    • Is there an option to turn off the annoying host key prompts?
    • Will you write an SSH server for the PuTTY suite, to go with the client?
    • Can PSCP or PSFTP transfer files in ASCII mode?
  • Ports to other operating systems
    • What ports of PuTTY exist?
    • Is there a port to Unix?
    • What's the point of the Unix port? Unix has OpenSSH.
    • Will there be a port to Windows CE or PocketPC?
    • Is there a port to Windows 3.1?
    • Will there be a port to the Mac?
    • Will there be a port to EPOC?
    • Will there be a port to the iPhone?
  • Embedding PuTTY in other programs
    • Is the SSH or Telnet code available as a DLL?
    • Is the SSH or Telnet code available as a Visual Basic component?
    • How can I use PuTTY to make an SSH connection from within another program?
  • Details of PuTTY's operation
    • What terminal type does PuTTY use?
    • Where does PuTTY store its data?
    • Why do small PuTTY icons appear next to the login prompts?
    • Why has Plink started saying Press Return to begin session?
  • HOWTO questions
    • What login name / password should I use?
    • What commands can I type into my PuTTY terminal window?
    • How can I make PuTTY start up maximised?
    • How can I create a Windows shortcut to start a particular saved session directly?
    • How can I start an SSH session straight from the command line?
    • How do I copy and paste between PuTTY and other Windows applications?
    • How do I use all PuTTY's features (public keys, proxying, cipher selection, etc.) in PSCP, PSFTP and Plink?
    • How do I use PSCP.EXE? When I double-click it gives me a command prompt window which then closes instantly.
    • How do I use PSCP to copy a file whose name has spaces in?
    • Should I run the 32-bit or the 64-bit version?
  • Troubleshooting
    • Why do I see Fatal: Protocol error: Expected control record in PSCP?
    • I clicked on a colour in the Colours panel, and the colour didn't change in my terminal.
    • After trying to establish an SSH-2 connection, PuTTY says Out of memory and dies.
    • When attempting a file transfer, either PSCP or PSFTP says Out of memory and dies.
    • PSFTP transfers files much slower than PSCP.
    • When I run full-colour applications, I see areas of black space where colour ought to be, or vice versa.
    • When I change some terminal settings, nothing happens.
    • My PuTTY sessions unexpectedly close after they are idle for a while.
    • PuTTY's network connections time out too quickly when network connectivity is temporarily lost.
    • When I cat a binary file, I get PuTTYPuTTYPuTTY on my command line.
    • When I cat a binary file, my window title changes to a nonsense string.
    • My keyboard stops working once PuTTY displays the password prompt.
    • One or more function keys don't do what I expected in a server-side application.
    • Why do I see Couldn't load private key from ...? Why can PuTTYgen load my key but not PuTTY?
    • When I'm connected to a Red Hat Linux 8.0 system, some characters don't display properly.
    • Since I upgraded to PuTTY 0.54, the scrollback has stopped working when I run screen.
    • Since I upgraded Windows XP to Service Pack 2, I can't use addresses like 127.0.0.2.
    • PSFTP commands seem to be missing a directory separator (slash).
    • Do you want to hear about Software caused connection abort?
    • My SSH-2 session locks up for a few seconds every so often.
    • PuTTY fails to start up. Windows claims that the application configuration is incorrect.
    • When I put 32-bit PuTTY in C:\WINDOWS\SYSTEM32 on my 64-bit Windows system, Duplicate Session doesn't work.
    • After I upgraded PuTTY to 0.68, I can no longer connect to my embedded device or appliance.
    • Since 0.78, I can't find where to configure my SSH private key.
  • Security questions
    • Is it safe for me to download PuTTY and use it on a public PC?
    • What does PuTTY leave on a system? How can I clean up after it?
    • How come PuTTY now supports DSA, when the website used to say how insecure it was?
    • Couldn't Pageant use VirtualLock() to stop private keys being written to disk?
    • Is the version of PuTTY in the Microsoft Store legit?
  • Administrative questions
    • Is putty.org your website?
    • Would you like me to register you a nicer domain name?
    • Would you like free web hosting for the PuTTY web site?
    • Would you link to my web site from the PuTTY web site?
    • Why don't you move PuTTY to SourceForge?
    • Why can't I subscribe to the putty-bugs mailing list?
    • If putty-bugs isn't a general-subscription mailing list, what is?
    • How can I donate to PuTTY development?
    • Can I have permission to put PuTTY on a cover disk / distribute it with other software / etc?
    • Can you sign an agreement indemnifying us against security problems in PuTTY?
    • Can you sign this form granting us permission to use/distribute PuTTY?
    • Can you write us a formal notice of permission to use PuTTY?
    • Can you sign anything for us?
    • If you won't sign anything, can you give us some sort of assurance that you won't make PuTTY closed-source in future?
    • Can you provide us with export control information / FIPS certification for PuTTY?
    • As one of our existing software vendors, can you just fill in this questionnaire for us?
    • The sha1sums / sha256sums / etc files on your download page don't match the binaries.
  • Miscellaneous questions
    • Is PuTTY a port of OpenSSH, or based on OpenSSH or OpenSSL?
    • Where can I buy silly putty?
    • What does PuTTY mean?
    • How do I pronounce PuTTY?
• Feedback and bug reporting
  • General guidelines
    • Sending large attachments
    • Other places to ask for help
  • Reporting bugs
  • Reporting security vulnerabilities
  • Requesting extra features
  • Requesting features that have already been requested
  • Workarounds for SSH server bugs
  • Support requests
  • Web server administration
  • Asking permission for things
  • Mirroring the PuTTY web site
  • Praise and compliments
  • E-mail address
• PPK file format
  • Overview
  • Outer layer
  • Private key encodings
    • RSA
    • DSA
    • NIST elliptic-curve keys
    • EdDSA elliptic-curve keys (Ed25519 and Ed448)
  • Key derivation
  • Older versions of the PPK format
    • Version 2
    • Version 1
• PuTTY Licence
• PuTTY hacking guide
  • Cross-OS portability
  • Multiple backends treated equally
  • Multiple sessions per process on some platforms
  • C, not C++
  • Security-conscious coding
  • Independence of specific compiler
  • Small code size
  • Single-threaded code
  • Keystrokes sent to the server wherever possible
  • 640x480 friendliness in configuration panels
  • Coroutines in protocol code
  • Explicit vtable structures to implement traits
  • Do as we say, not as we do
• PuTTY download keys and signatures
  • Public keys
  • Security details
    • The Development Snapshots key
    • The Releases key
    • The Secure Contact Key
    • The Master Keys
  • Key rollover
• SSH-2 names specified for PuTTY
  • Connection protocol channel request names
  • Key exchange method names
  • Encryption algorithm names
  • Agent extension request names
• PuTTY authentication plugin protocol
  • Requirements
  • Transport and configuration
  • Data formats and marshalling
  • Protocol versioning
  • Overview and sequence of events
  • Message formats
    • PLUGIN_INIT
    • PLUGIN_INIT_RESPONSE
    • PLUGIN_INIT_FAILURE
    • PLUGIN_PROTOCOL
    • PLUGIN_PROTOCOL_REJECT
    • PLUGIN_PROTOCOL_ACCEPT
    • PLUGIN_KI_SERVER_REQUEST
    • PLUGIN_KI_SERVER_RESPONSE
    • PLUGIN_KI_USER_REQUEST
    • PLUGIN_KI_USER_RESPONSE
    • PLUGIN_AUTH_SUCCESS
    • PLUGIN_AUTH_FAILURE
  • References