PuTTY Change Log
Home
|
FAQ
|
Feedback
|
Licence
|
Updates
|
Mirrors
|
Keys
|
Links
|
Team
Download:
Stable
·
Snapshot
|
Docs
|
Changes
|
Wishlist
For features planned for the next full release (and already available in
the development snapshots), see the wishlist page.
These features are
new in
0.74
(released 2020-06-27):
- Security fix: if an SSH server accepted an offer of a public key
and then rejected the signature, PuTTY could access freed memory, if
the key had come from an SSH agent.
- Security feature: new config option to disable PuTTY's dynamic
host key preference policy, if you prefer to avoid giving away to
eavesdroppers which hosts you have stored keys for.
- Bug fix: the installer UI was illegible in Windows high-contrast
mode.
- Bug fix: console password input failed on Windows 7.
- Bug fixes in the terminal: one instance of the dreaded
"line==NULL" error box, and two other assertion failures.
- Bug fix: potential memory-consuming loop in bug-compatible padding
of an RSA signature from an agent.
- Bug fix: PSFTP's buffer handling worked badly with some servers
(particularly proftpd's
mod_sftp
).
- Bug fix: cursor could be wrongly positioned when restoring from
the alternate terminal screen. (A bug of this type was fixed in 0.59;
this is a case that that fix missed.)
- Bug fix: character cell height could be a pixel too small when
running GTK PuTTY on Ubuntu 20.04 (or any other system with a
similarly up-to-date version of Pango).
- Bug fix: old-style (low resolution) scroll wheel events did not
work in GTK 3 PuTTY. This could stop the scroll wheel working at all
in VNC.
These features were
new in
0.73
(released 2019-09-29):
- Security fix: on Windows, other applications were able to bind to the same TCP port as a PuTTY local port forwarding.
- Security fix: in bracketed paste mode, the terminal escape sequences that should delimit the pasted data were appearing together on one side of it, making it possible to misidentify pasted data as manual keyboard input.
- Bug fix (possibly security-related): an SSH-1 server sending a disconnection message could cause an access to freed memory.
- Bug fix: Windows Plink would crash on startup if it was acting as a connection-sharing downstream.
- Bug fix: Windows PuTTY now updates its terminal window size correctly if the screen resolution changes while it's maximised.
- Bug fix: tweaked terminal handling to prevent lost characters at the ends of lines in gcc's coloured error messages.
- Bug fix: removed a bad interaction between the 'clear scrollback' operation and mouse selection that could give rise to the dreaded "line==NULL" assertion box.
These features were
new in
0.72
(released 2019-07-20):
- Security fixes found by the EU-funded bug bounty:
- two separate vulnerabilities affecting the obsolete SSH-1 protocol, both available before host key checking
- a vulnerability in all the SSH client tools (PuTTY, Plink, PSFTP and PSCP) if a malicious program can impersonate Pageant
- Bug fix: crash in GSSAPI / Kerberos key exchange affecting third-party GSSAPI providers on Windows (such as MIT Kerberos for Windows)
- Bug fix: crash in GSSAPI / Kerberos key exchange triggered if the server provided an ordinary SSH host key as part of the exchange
- Bug fix: trust sigils were never turned off in SSH-1 or Rlogin
- Bug fix: trust sigils were never turned back on if you used Restart Session
- Bug fix: PSCP in SCP download mode could create files with a spurious newline at the end of their names
- Bug fix: PSCP in SCP download mode with the
-p
option would generate spurious complaints about illegal file renaming
- Bug fix: the initial instruction message was never printed during SSH
keyboard-interactive
authentication
- Bug fix: pasting very long lines through connection sharing could crash the downstream PuTTY window
- Bug fix: in keyboard layouts with a ',' key on the numeric keypad (e.g. German), Windows PuTTY would generate '.' instead for that key
- Bug fix: PuTTYgen could generate RSA keys with a modulus one bit shorter than requested
These features were
new in
0.71
(released 2019-03-16):
- Security fixes found by an EU-funded bug bounty programme:
- a remotely triggerable memory overwrite in RSA key exchange, which can occur before host key verification
- potential recycling of random numbers used in cryptography
- on Windows, hijacking by a malicious help file in the same directory as the executable
- on Unix, remotely triggerable buffer overflow in any kind of server-to-client forwarding
- multiple denial-of-service attacks that can be triggered by writing to the terminal
- Other security enhancements: major rewrite of the crypto code to remove cache and timing side channels.
- User interface changes to protect against fake authentication prompts from a malicious server.
- We now provide pre-built binaries for Windows on Arm.
- Hardware-accelerated versions of the most common cryptographic primitives: AES, SHA-256, SHA-1.
- GTK PuTTY now supports non-X11 displays (e.g. Wayland) and high-DPI configurations.
- Type-ahead now works as soon as a PuTTY window is opened: keystrokes typed before authentication has finished will be buffered instead of being dropped.
- Support for GSSAPI key exchange: an alternative to the older GSSAPI authentication system which can keep your forwarded Kerberos credentials updated during a long session.
- More choices of user interface for clipboard handling.
- New terminal features: support the REP escape sequence (fixing an
ncurses
screen redraw failure), true colour, and SGR 2 dim text.
- Pressing Ctrl+Shift+PgUp or Ctrl+Shift+PgDn now takes you straight to the top or bottom of the terminal scrollback.
These features were
new in
0.70
(released 2017-07-08):
- Security fix: the Windows PuTTY binaries should no longer be
vulnerable to hijacking by specially named DLLs in the same directory,
even a name we missed when we thought we'd fixed this in 0.69.
See vuln-indirect-dll-hijack-3.
- Windows PuTTY should be able to print again, after our DLL
hijacking defences broke that functionality.
- Windows PuTTY should be able to accept keyboard input outside the
current code page, after our DLL hijacking defences broke that too.
These features were
new in
0.69
(released 2017-04-29):
- Security fix: the Windows PuTTY binaries should no longer be
vulnerable to hijacking by specially named DLLs in the same directory,
even the names we missed when we thought we'd fixed this in 0.68.
See vuln-indirect-dll-hijack-2.
- Windows PuTTY should work with MIT Kerberos again, after our DLL
hijacking defences broke it.
- Jump lists should now appear again on the PuTTY shortcut in the
Windows Start Menu.
- You can now explicitly configure SSH terminal mode settings
not to be sent to the server, if your server objects to them.
These features were
new in
0.68
(released 2017-02-21):
- Security fix: an integer overflow bug in the agent forwarding code.
See vuln-agent-fwd-overflow.
- Security fix: the Windows PuTTY binaries should no longer be
vulnerable to hijacking by specially named DLLs in the same directory
(on versions of Windows where they previously were).
See vuln-indirect-dll-hijack. WARNING: this fix turned out to be incomplete. 0.69 made further fixes in this area.
- Windows PuTTY no longer sets a restrictive process ACL by default,
because this turned out to inconvenience too many legitimate
applications such as NVDA and TortoiseGit. You can still manually
request a restricted ACL using the command-line option
-restrict-acl
.
- The Windows PuTTY tools now come in a 64-bit version.
- The Windows PuTTY tools now have Windows's ASLR and DEP security
features turned on.
- Support for elliptic-curve cryptography (the NIST curves and
25519), for host keys, user authentication keys, and key exchange.
- Support for importing and exporting OpenSSH's new private key format.
- Host key preference policy change: PuTTY prefers host key formats
for which it already knows the key.
- Run-time option (from the system menu / Ctrl-right-click menu) to
retrieve other host keys from the same server (which cross-certifies
them using the session key established using an already-known key) and
add them to the known host-keys database.
- The Unix GUI PuTTY tools can now be built against GTK 3.
- There is now a Unix version of Pageant.
These features were
new in
0.67
(released 2016-03-05):
- Security fix: a buffer overrun in the old-style SCP protocol when
receiving the header of each file downloaded from the server is fixed.
See vuln-pscp-sink-sscanf.
- Windows PuTTY now sets its process ACL more restrictively, in an
attempt to defend against malicious other processes reading sensitive
data out of its memory.
- Assorted other robustness fixes for crashes and memory leaks.
- We have started using Authenticode to sign our Windows executables
and installer.
These features were
new in
0.66
(released 2015-11-07):
- Security fix: an escape sequence which used to make PuTTY's
terminal code read and potentially write the wrong memory is fixed.
See vuln-ech-overflow.
- Bug fix: better Unicode handling in Windows PuTTY keyboard
messages, so it should now work better with WinCompose.
- Bug fix: jump lists on Windows 10 should now work.
- There's now a set of command-line options to enable session
logging.
&P
in the log file name now substitutes in the port
number from the configuration.
These features were
new in
0.65
(released 2015-07-25):
-
Incoming connections to PuTTY tools (to forwarded ports and to the
connection-sharing socket) now log their source address or pid, where
facilities exist to do so.
-
Cryptography speedup on 64-bit Unix platforms by using gcc and
clang's
__uint128_t
built-in type.
-
Bug fix: the configuration dialog is no longer accidentally invisible
in some Windows Vista display themes.
-
Bug fix: the Windows PuTTY GUI no longer becomes unresponsive if the
server sends a continuous flood of data. (Sorry! We fixed that once
before, but it came back in 0.64.)
-
Bug fix: PSFTP now returns a failure exit status if a command fails in
a batch-mode script.
-
Bug fix: ESC [ 13 t can no longer elicit an invalid escape sequence as
a response.
These features were
new in
0.64
(released 2015-02-28):
-
Security fix: PuTTY no longer retains the private half of users' keys
in memory by mistake after authenticating with them. See
private-key-not-wiped-2.
(Sorry! We thought we'd fixed that in 0.63, but missed one.)
-
Support for SSH connection sharing, so that multiple instances of
PuTTY to the same host can share a single SSH connection instead of
all having to log in independently.
-
Command-line and configuration option to specify the expected host
key(s).
-
Defaults change: PuTTY now defaults to SSH-2 only, instead of
its previous default of SSH-2 preferred.
-
Local socket errors in port-forwarded connections are now recorded in
the PuTTY Event Log.
-
Bug fix: repeat key exchanges in the middle of an SSH session now
never cause an annoying interactive host key prompt.
-
Bug fix: reset the bolded-text default setting back to what it used to
be. (0.63 set it to something wrong, as a side effect of refactoring.)
-
Bug fix: IPv6 literals are handled sensibly throughout the suite, if
you enclose them in square brackets to prevent the colons being
mistaken for a
:
port suffix.
-
Bug fix: IPv6 dynamic port forwardings should work again.
These features were
new in
0.63
(released 2013-08-06):
-
Security fix: prevent a nefarious SSH server or network attacker from
crashing PuTTY at startup in three different ways by presenting a
maliciously constructed public key and signature. See
vuln-modmul,
vuln-signature-stringlen,
vuln-bignum-division-by-zero.
-
Security fix: PuTTY no longer retains the private half of users' keys
in memory by mistake after authenticating with them. See
private-key-not-wiped.
(Addendum: this turned out not to be wholly fixed,
because private-key-not-wiped-2
was not found until 0.64.)
-
Revamped the internal configuration storage system to remove all fixed
arbitrary limits on string lengths. In particular, there should now no
longer be an unreasonably small limit on the number of port
forwardings PuTTY can store.
-
Port-forwarded TCP connections which close one direction before the
other should now be reliably supported, with EOF propagated
independently in the two directions. This also fixes some instances of
port-forwarding data corruption (if the corruption consisted of losing
data from the very end of the connection) and some instances of PuTTY
failing to close when the session is over (because it wrongly thought
a forwarding channel was still active when it was not).
-
The terminal emulation now supports
xterm
's bracketed
paste mode (allowing aware applications to tell the difference between
typed and pasted text, so that e.g. editors need not apply
inappropriate auto-indent).
-
You can now choose to display bold text by both brightening the
foreground colour and changing the font, not just one or the
other.
-
PuTTYgen will now never generate a 2047-bit key when asked for 2048
(or more generally n−1 bits when asked for n).
-
Some updates to default settings: PuTTYgen now generates 2048-bit keys
by default (rather than 1024), and PuTTY defaults to UTF-8 encoding
and 2000 lines of scrollback (rather than ISO 8859-1 and 200).
-
Unix: PSCP and PSFTP now preserve the Unix file permissions, on copies
in both directions.
-
Unix: dead keys and compose-character sequences are now supported.
-
Unix: PuTTY and pterm now permit font fallback (where glyphs not
present in your selected font are automatically filled in from other
fonts on the system) even if you are using a server-side X11 font
rather than a Pango client-side one.
-
Bug fixes too numerous to list, mostly resulting from running the code
through Coverity Scan which spotted an assortment of memory and
resource leaks, logic errors, and crashes in various circumstances.
These features were
new in
0.62
(released 2011-12-10):
-
Security fix: PuTTY no longer retains passwords in memory by mistake. See
password-not-wiped.
-
Bug fix: Pageant now talks to both new-style clients (0.61 and above)
and old-style (0.60 and below).
-
Bug fix: PuTTY no longer prints a spurious "Access denied" message
when GSSAPI authentication fails.
-
Bug fix: PSCP and PSFTP now honour nonstandard port numbers in SSH
saved sessions.
-
Bug fix: Pageant no longer leaks a file handle when an authentication
fails.
-
Bug fix: PuTTYtel no longer crashes when saving a session.
-
Bug fix: PuTTY now draws underlines under the underlined text instead
of sometimes putting them somewhere off to the right.
-
Bug fix: PuTTY now should not draw VT100 line drawing characters at
the wrong vertical offset.
These features were
new in
0.61
(released 2011-07-12):
-
Kerberos/GSSAPI authentication in SSH-2.
-
Local X11 authorisation support on Windows. (Unix already had it, of
course.)
-
Support for non-fixed-width fonts on Windows.
-
GTK 2 support on Unix.
-
Specifying the logical host name independently of the physical network
address to connect to.
-
Crypto and flow control optimisations.
-
Support for the
zlib@openssh.com
SSH-2 compression method.
-
Support for new Windows 7 UI features: Aero resizing and jump lists.
-
Support for OpenSSH AES-encrypted private key files in PuTTYgen.
-
Bug fix: handles OpenSSH private keys with primes in either order.
-
Bug fix: corruption of port forwarding is fixed (we think).
-
Bug fix: various crashes and hangs when exiting on failure.
-
Bug fix: hang in the serial back end on Windows.
-
Bug fix: Windows clipboard is now read asynchronously, in case of
deadlock due to the clipboard owner being at the far end of the same
PuTTY's network connection (either via X forwarding or via
tunnelled
rdesktop
).
These features were
new in
0.60
(released 2007-04-29):
-
Pressing Ctrl+Break now sends a serial break signal. (The previous
behaviour can still be obtained with Ctrl+C.)
-
Serial ports higher than
COM9
now no longer need a
leading \\.\
.
-
You can now store a host name in the Default Settings.
-
Bug fix: serial connections and local proxies should no longer crash
all the time.
-
Bug fix: configuring the default connection type to serial should no
longer cause the configuration dialog to be skipped on startup.
-
Bug fix: "Unable to read from standard input" should now not happen,
or if it still does it should produce more detailed diagnostics.
-
Bug fix: fixed some malformed SSH-2 packet generation.
-
Other minor bug fixes.
These features were
new in
0.59
(released 2007-01-24):
-
PuTTY can now connect to local serial ports as well as making network
connections.
-
Windows PuTTY now supports "local proxying", where a network
connection is replaced by a local command. (Unix PuTTY has supported
this since it was first released in 0.54.) Also, Plink has gained a
"
-nc
" mode where the primary channel is replaced by an
SSH tunnel, which makes it particularly useful as the local command
to run.
-
Improved speed of SSH on Windows (particularly SSH-2 key exchange and
public-key authentication).
-
Improved SFTP throughput.
-
Various cryptographic improvements in SSH-2, including SDCTR cipher
modes, a workaround for a weakness in CBC cipher modes, and
Diffie-Hellman group exchange with SHA-256.
-
Support for the Arcfour cipher in SSH-2.
-
Support for sending terminal modes in SSH.
-
When Pageant is running and an SSH key is specified in the
configuration, PuTTY will now only try Pageant authentication with
that key. This gets round a problem where some servers would only
allow a limited number of keys to be offered before disconnecting.
-
Support for SSH-2 password expiry mechanisms, and various other
improvements and bugfixes in authentication.
-
A change to the SSH-2 password camouflage mechanism in 0.58 upset some
Cisco servers, so we have reverted to the old method.
-
The Windows version now comes with documentation in HTML Help
format. (Windows Vista does not support the older WinHelp format.
However, we still provide documentation in that format, since Win95
does not support HTML Help.)
-
On Windows, when pasting as RTF, attributes of the selection such as
colours and formatting are also pasted.
-
Ability to configure font quality on Windows (including antialiasing
and ClearType).
-
The terminal is now restored to a sensible state when reusing a window
to restart a session.
-
We now support an escape sequence invented by xterm which lets the
server clear the scrollback (CSI 3 J). This is useful for applications
such as terminal locking programs.
-
Improvements to the Unix port:
-
now compiles cleanly with GCC 4
-
now has a
configure
script, and should be portable to
more platforms
-
Bug fix: 0.58 utterly failed to run on some installations of
Windows XP.
-
Bug fix: PSCP and PSFTP now support large files (greater than 4
gigabytes), provided the underlying operating system does too.
-
Bug fix: PSFTP (and PSCP) sometimes ran slowly and consumed lots of
CPU when started directly from Windows Explorer.
-
Bug fix: font linking (the automatic use of other fonts on the
system to provide Unicode characters not present in the selected
one) should now work again on Windows, after being broken in 0.58.
(However, it unfortunately still won't work for Arabic and other
right-to-left text.)
-
Bug fix: if the remote server saturated PuTTY with data, PuTTY could
become unresponsive.
-
Bug fix: certain large clipboard operations could cause PuTTY to
crash.
-
Bug fix: SSH-1 connections tended to crash, particularly when using
port forwarding.
-
Bug fix: SSH Tectia Server would reject SSH-2 tunnels from PuTTY due
to a malformed request.
-
Bug fix: SSH-2 login banner messages were being dropped silently under
some circumstances.
-
Bug fix: the cursor could end up in the wrong place when a server-side
application used the alternate screen.
-
Bug fix: on Windows, PuTTY now tries harder to find a suitable place
to store its random seed file
PUTTY.RND
(previously it
was tending to end up in C:\
or C:\WINDOWS
).
-
Bug fix: IPv6 should now work on Windows Vista.
-
Numerous other bugfixes, as usual.
These features were
new in
0.58
(released 2005-04-05):
-
Wildcards (
mput
/mget
) and recursive file
transfer in PSFTP.
-
You can now save your session details from the Change Settings
dialog box, after you've started your session.
-
Various improvements to Unicode support, including:
-
support for right-to-left and bidirectional text (Arabic, Hebrew
etc). Thanks to
arabeyes.org
for design and most of the implementation.
-
support for Arabic text shaping, again thanks to
arabeyes.org
.
- support for Unicode combining characters.
-
Support for the
xterm
256-colour control sequences.
-
Port forwardings can now be reconfigured in mid-session.
-
Support for IPv6. Thanks to
unfix.org
for having patiently maintained the patch for this until we were
finally ready to integrate it.
-
More configurability and flexibility in SSH-2 key exchange. In
particular, PuTTY can now initiate repeat key exchange during the
session, which means that if your server doesn't initiate it (some
servers don't bother) you can still have the cryptographic benefits.
-
Bug fix: display artefacts caused by characters overflowing their
character cell should now all be gone. (This would probably have
bothered Windows ClearType users more than anyone else.)
-
Bug fix: keepalives are now supported everywhere. (Previously they
were supported by Windows GUI PuTTY, but were missing in Plink,
PSFTP and the Unix port.)
-
Miscellaneous improvements for CJK/IME users; many thanks to Hung-Te
Lin for assistance.
These features were
new in
0.57
(released 2005-02-20):
-
Security fixes: two vulnerabilities discovered by iDEFENSE,
potentially allowing arbitrary code execution on an SFTP client by a
malicious SFTP server (but only after host key verification), have
been fixed. See
vuln-sftp-readdir,
vuln-sftp-string.
-
Fixed small bug with X forwarding to local displays.
-
Fixed crashing bug with remote port forwarding.
-
Fixed handling of SSH-2 debug messages (embarrassingly, a bug
introduced when fixing the previous vulnerability - it was more
secure but didn't work any more!).
These features were
new in
0.56
(released 2004-10-26):
- Security fix: a vulnerability discovered by iDEFENSE,
potentially allowing arbitrary code execution on the client by a
malicious SSH-2 server before host key verification, has been
fixed. See
vuln-ssh2-debug.
- Ability to restart a session within an inactive window, via a new
menu option.
- Minimal support for not running a shell or command at all in SSH
protocol 2 (equivalent to OpenSSH's "-N" option). PuTTY/Plink still
provide a normal window for interaction, and have to be explicitly
killed.
- Transparent support for CHAP cryptographic authentication in the
SOCKS 5 proxy protocol. (Not in PuTTYtel.)
- More diagnostics in the Event Log, particularly of SSH port
forwarding.
- Ability to request setting of environment variables in SSH (protocol
2 only). (However, we don't know of any servers that support
this.)
- Ability to send POSIX signals in SSH (protocol 2 only) via the
"Special Commands" menu. (Again, we don't know of any servers
supporting this.)
- Bug fix: The PuTTY tools now more consistently support usernames
containing "@" signs.
- Support for the Polish character set "Mazovia".
- When logging is enabled, the log file is flushed more frequently, so
that its contents can be viewed before it is closed.
- More flexibility in SSH packet logging: known passwords and session
data can be omitted from the log file. Passwords are omitted by
default. (This option isn't perfect for removing sensitive details;
you should still review log files before letting them out of your
sight.)
- Unix-specific changes:
- Ability to set environment variables in pterm.
- PuTTY and pterm attempt to use a UTF-8 line character set by
default if this is indicated by the locale; however, this can be
overridden.
These features were
new in
0.55
(released 2004-08-03):
- Security fix: a vulnerability discovered by Core Security
Technologies (advisory number
CORE-2004-0705),
potentially allowing arbitrary code execution on the client by a
malicious server before host key verification, has been
fixed.
- Bug fix: General robustness of the SSH-1 implementation has been improved,
which may have fixed further potential security problems although we
are not aware of any specific ones.
- Bug fix: Random noise generation was hanging some computers and
interfering with other processes' precision timing, and should now
not do so.
- Bug fix: dead key support should work better.
- Bug fix: a terminal speed is now sent to the SSH server.
- Bug fix: removed a spurious diagnostic message in Plink.
- Bug fix: the `-load' option in PSCP and PSFTP should work better.
- Bug fix: X forwarding on the Unix port can now talk to Unix
sockets as well as TCP sockets.
- Bug fix: various crashes and assertion failures fixed..
These features were
new in
0.54
(released 2004-02-12):
-
Port to Unix!
-
Dynamic SSH port forwarding.
-
Ability to leave DNS lookups to the proxy, when using a proxy.
-
Sped up PSFTP.
-
Fixed various bugs, notably one which was impeding port-forwarding
of SMB.
-
Some default settings changes: SSH and SSH-2 are now default, BCE is
off.
These features were
new in
0.53b
(released 2002-11-12):
-
Fixed an embarrassing command-line bug: the -P option didn't work at
all.
-
Security fix: the vulnerability found by the Rapid7 SSHredder test
suite is now believed fixed. See CERT advisory
CA-2002-36.
-
Security fix: an improvement in random number policy when running
more than one PuTTY at the same time.
These features were
new in
0.53
(released 2002-10-01):
-
The feature everyone's been asking for: ANSI printer support.
Currently this sends data to the printer in completely raw mode,
without benefit of Windows GDI or the printer driver; so it will be
fine for anyone whose server already knows what type of printer it
expects to be talking to, but probably not ideal for someone who
wants to print a text file and have it look nice. A less raw mode of
printer access is still on the Wishlist, but is quite a big piece of
coding work so it's in the Implausible section.
-
The other feature everyone's been asking for: PuTTYgen can
now import and export OpenSSH and ssh.com SSH-2 private keys, as well
as PuTTY's own format.
-
We now ship the PuTTY tool set as an installer, created using Jordan
Russell's excellent and easy-to-use
Inno Setup.
(For the other half of our users, who felt the best thing about
PuTTY was that they didn't have to mess around with
installers, we still ship the single executables and the zip file,
so nobody has to use the installer if they don't want to.)
-
PuTTY now has a default file extension for private key files:
.PPK
(PuTTY Private Key). The installer associates this
file extension with Pageant and PuTTYgen.
-
PuTTY now natively supports making its connection through various
types of proxy. We support SOCKS 4 and 5, HTTP CONNECT (RFC 2817),
and the common ad-hoc type of proxy where you telnet to the proxy
and then send text of the form "
connect host.name 22
".
Basic password authentication is supported in SOCKS and HTTP
proxies. Many thanks to Justin Bradford for doing most of the work
here.
-
PuTTY now supports a standard set of command-line options across all
tools. Most of these options are ones that Plink has always
supported; however, we also support a number of new options similar
to the OpenSSH ones (
-A
and -a
,
-X
and -x
, and similar things; also the
-i
option to specify a private key file).
-
The right-button menu on Pageant's System tray icon now offers the
option to start PuTTY (New Session plus the Saved Sessions submenu).
This feature is disabled if Pageant can't find the PuTTY binary on
startup. Thanks to Dominique Faure.
-
Added the Features control panel, allowing the user to disable some
of the more controversial terminal capabilities.
-
Added the Bugs control panel, allowing the user to manually control
PuTTY's various workarounds for SSH server bugs.
-
Various bug fixes, including (with luck) much greater stability in
high-traffic port forwarding situations.
These features were
new in
0.52
(released 2002-01-14):
-
A full manual has been written, and is supplied as a Windows Help
file alongside the program executables.
-
Support for public keys in SSH-2, both RSA and DSA. Agent forwarding
is supported, but only to OpenSSH servers, because ssh.com have a
different agent protocol which they haven't published.
-
(Yes, I know I've been claiming DSA is horrifically insecure for
ages, but now I've been told about a clever way to get round the
insecurity. Details are in
sshdss.c
for anyone who's
interested; credit mostly goes to Colin Plumb for letting me know
about it. We still think RSA is better, and recommend you use it if
you have the choice.)
-
PSCP now uses the new SFTP protocol if possible, and only falls back
to the old scp1 form if SFTP can't be found (for example, if your
connection is SSH-1). This should allow it to interoperate cleanly
with ssh.com's product, and is a security improvement besides.
-
PSCP, in old-style scp1 mode, is now much tighter on security. It
will refuse to let the remote host write to a file that doesn't have
the same name as the file that was requested. NOTE WELL that
this disallows remote-to-local wildcards such as "
pscp
server:*.c .
". scp1's implementation of server-side wildcards
is inherently unsafe. If you are sure you trust your scp server not
to be malicious, you can use the "-unsafe
" command line
option to re-enable this behaviour. When using the new SFTP-based
back end none of this is a problem, because SFTP is better designed.
-
Generic port forwarding support is now supported, thanks to a very
comprehensive contribution from Nicolas Barry.
-
X11 forwarding support. Thanks to Andreas Schultz for doing a large
part of the coding for this. Authentication munging is supported.
However, PuTTY does not currently attempt to authenticate
connections to the local X server, because finding the
authentication data to do so is server-dependent and complex and I
thought I'd wait to see what servers people actually want to use
this with.
-
Added an SFTP client, for the improved file transfer protocol that
comes with SSH-2.
-
Full-screen mode, "like a DOS box". Not really like a DOS box, since
it works within the current graphics mode rather than shifting into
text mode, but it seems to work.
-
Support for resizing the font rather than the terminal when the user
changes the window size. Also supports a hybrid mode, in which
window resizes change the terminal size but maximising or going
full-screen changes the font size. Patch due to Robert de Bath.
-
Unicode support in the terminal emulator. In the first place this
allows us to support servers which actually send UTF-8 down their
terminal sessions; but the architecture changes also mean that
instead of specifying the local and remote character sets
in the Translation panel, you simply specify what character set you
expect the server to be talking, and PuTTY handles the rest
automatically. Many thanks to Robert de Bath.
-
Experimental rlogin support. Thanks to Delian Delchev for the patch.
Note that this may fail because the rlogin protocol relies on TCP
Urgent data, which not all operating systems get right, and which
not all firewalls pass through correctly. Also, local flow control
is unsupported as yet, and the "flush" command is not handled
correctly. Despite all this, it worked fine for me!
-
Improved support for local echo and local line editing. These are
now separate options, controllable independently. PuTTY will make
sensible guesses at the right settings, but those guesses can
always be overridden by the user.
-
Improved bell support. There's now a whole configuration panel; you
can choose a bell that plays the Windows default sound, or plays a
sound of your choice, or flashes the window, or does nothing. In
addition the window's Taskbar entry can be made to flash if a bell
goes off when the window is minimised, and also there's an option
that disables all bells if it receives them too fast (so that if you
cat
a binary file into your terminal it won't bleep for
a week).
-
Support for AES in SSH-2.
-
Default Settings can now be used to save a default protocol and port
number.
-
Scrollback should now automatically scroll if you try to drag-select
off the top of the window (or off the bottom of the window when it's
scrolled back), so you can easily select more than a screenful.
-
We now support rectangular-block selection, triggered by holding Alt
while you drag the mouse. (You can also configure rectangular
selection to be the default and Alt-drag to be conventional
line-by-line selection.)
-
The mouse pointer can now be configured to disappear when the PuTTY
window is active and text is typed, and reappear when the mouse is
moved, à la MS Word. Particularly useful for those of us
using focus-follows-mouse, where the pointer is quite likely to be
inside the window and obscuring the view.
-
The cursor can now be displayed as an underline or as a vertical
line, as well as a block. When it's a vertical line, it does
something useful when not-quite-wrapping in the rightmost column.
-
Keepalive timeouts can now be specified in seconds rather than
minutes.
-
Support for Diffie-Hellman group exchange in SSH-2.
-
If you don't supply a username, PSCP now guesses your remote
username to be the same as your local username. (On Win95/98, this
might not be useful to everybody, but it's at least no worse than
bombing out with a complaint. On WinNT, it might be seriously
useful.) Patch due to Christian Biesinger.
-
You can now enter a service name such as "finger", in place of a
port number. Patch due to Christian Biesinger.
-
It's now possible to invoke a second Pageant with some key files on
the command line and have it feed those key files to the first
Pageant. Also, you can make Pageant start another command once it's
initialised itself; for example, "
pageant -c
wincvs.exe
" to start Pageant and then start WinCVS.
-
Scrollback on the terminal is no longer implemented by physically
copying a huge array. It should now be safe to use very large
scrollback buffers without suffering noticeable slowdown.
-
Patch due to Roman Pompejus: the "
-log
" command line
option on PuTTY is gone, replaced by a proper GUI-configurable
logging facility.
-
Implemented a selection option to paste line drawing as the
underlying characters or as poor-man's. Thanks to to Robert
de Bath.
-
Ctrl+Alt can be configured to either have the traditional
PuTTY behaviour (Ctrl+Alt+X is equivalent to ESC then Ctrl+X),
or to behave like AltGr. Thanks to Robert de Bath.
-
Added SCO ANSI function key support (F1 is ESC [ M and F12 is ESC [
X, with all obvious points in between).
-
Font changes when the window is maximised now keep it maximised.
Thanks to Robert de Bath.
-
The Application key on Windows keyboards now behaves like a Compose
key all the time. Compose behaviour on AltGr can still be configured
on and off. Thanks to Robert de Bath.
-
The terminal driver now returns a configurable string when it sees
^E. Thanks to Robert de Bath.
-
The About box now has a button that brings up a browser pointing at
the PuTTY web site. Thanks to Eric Theriault.
-
Bug fix: the long-standing socket buffering bug should now be gone
forever. If PuTTY is receiving data faster than it can send it out,
it will attempt to slow down the entity it's receiving from rather
than continuing to grow its buffers without bound.
-
Bug fix: AltGr should now be fixed. It was broken in 0.51.
-
Bug fix: repeat key exchange in SSH-2 is now handled correctly. You
should no longer see "Server failed host key check" after your
session has been running for an hour.
-
Bug fix: various socket-handling problems should be corrected.
Crashes on network errors, bad handling of TCP Urgent data in telnet
and rlogin, and truncation of output when the remote server sends a
lot of data and then immediately closes the connection. Thanks to
Robert de Bath for the TCP Urgent stuff.
-
Bug fix: the cascading-error-boxes bug should be fixed. (This
occurred when you had keepalives enabled and got Connection
Aborted.)
-
Bug fix in the configuration box: controls in panels other than the
visible one should now not be able to get keyboard focus.
-
Bug fix: Tab and accelerator keys now work in the Event Log and in
the About box while a session is running. Thanks to Roman Pompejus
for the fix.
These features were
new in
0.51
(released 2000-12-14):
-
Addition of PuTTYgen, an RSA key generation utility. Since PuTTY
uses the same RSA key file format as SSH 1, keys generated by
PuTTYgen are usable with SSH 1 as well.
-
SSH compression is now implemented.
-
Security improvement: better collection of randomness for the
cryptographic random number generator. Thanks to Peter Gutmann of
cryptlib
for ideas.
-
Security improvement: PSCP should now not be vulnerable to malicious
servers sending deliberately incorrect and harmful filenames down
the SCP connection. (The problem was reported in Bugtraq
#1742.)
-
Security improvement: the ssh client will not open agent forwarding
channels unless agent forwarding has genuinely been enabled, by the
user and the server. This allows a user to disable agent forwarding
if they suspect the server might abuse the agent. (The problem was
reported in Bugtraq
#1949.)
-
New configurable option: the Compose key support is now off by
default and configurable on.
-
New configurable option: whether or not Alt on its own brings up the
System menu.
-
New configurable option: whether or not scrollback resets to the
bottom when the display changes. (Previously you could control
whether it reset on a keypress.)
-
New configurable options: application keypad mode and application
cursor keys mode can be completely disabled. (Independently.)
-
New configurable options: Always On Top for the PuTTY window, so you
can use it to keep system logs on-screen the whole time. (Might work
particularly well with a really small font.)
-
Better network error handling. All errors are now translated into
plain text: "Unexpected network error 10053" is a thing of the past.
-
Added a small patch to improve Chinese support. Thanks to Zhong
Ming-Xun.
-
Bug fix: ISO8859-2 to Win1250 translation accidentally got broken in
the 0.50 release. It should be back to normal now.
-
Bug fix: restore the SSH back end's ability to distinguish stderr
output from stdout output. This was breaking PSCP and potentially
also Plink.
-
Bug fix: correct the "Lost connection while sending" problem when
pasting large amounts of data into PuTTY. This should also have
fixed random connection loss in Plink. Note: some of my
experiments suggest that some SSH servers are not entirely
happy with very large (80Kb or so) pastes, so if you still have
problems, they may not be PuTTY's fault.
-
Bug fix: PuTTY proper now ignores trailing whitespace on the command
line (this was causing problems with
"
putty @sessionname
" and similar.
-
Bug fix: the scrollbar is now reset to the bottom whenever the
scrollback is, so they don't end up out of sync any more.
-
Bug fix: both PuTTY and Pageant, when trying to load a private key
file that turned out to be the wrong format, failed to close the
file, so you couldn't delete it until the app had shut down.
-
Bug fix: some SSH-2 connections were reporting "Server failed host
key check" on session startup. This was a bug in PuTTY's DSA
implementation.
-
Bug fix: the "Default Settings" pseudo-saved-session was often
missing from the saved session list. This was causing chaos, as the
rest of the code assumed it was there and so treated the first item
in the list specially. It's now back.
-
Bug fix: Plink and PSCP didn't load the Default Settings when
presented with a simple hostname. (So a default username, default
private key, etc, didn't get used.) Now they do.
-
Bug fix: terminal resize events weren't being sent in SSH-2. Now they
are.
-
Bug fix: although local terminal line discipline was being turned
off correctly on receipt of
IAC WILL ECHO
, it wasn't
being turned on again on receipt of IAC WONT ECHO
. This
was breaking some BBS/MUD connections. Now fixed.
-
Bug fix: pscp's GUI interface was computing wrong percentages for
very large files (within a factor of 100 of 2^32).
-
Bug fix: the Compose key now doesn't randomly trigger and cause
keystroke loss on switching back into the PuTTY window.
-
Bug fix: the Colours panel now works again. (The RGB values weren't
updating when the selection changed in the list box.)
-
Bug fix: if you tried to use a local wildcard with PSCP (for
example, "
pscp * remotehost:
", that wildcard would
match the special directories ".
" and
"..
". It now doesn't; ".
" and
"..
" can only be specified explicitly.
These features were
new in
0.50
(released 2000-10-16):
-
Keep-alives to prevent overzealous idle detectors in firewalls from
closing connections down. Done by sending Telnet NOP or
SSH_MSG_IGNORE, so as to avoid affecting the actual data stream.
-
In PuTTY proper, in SSH mode, you can now specify a command to be
run at the remote end. (The SSH functionality was already there,
because it was required for PSCP and Plink. All it took was a bit of
GUI work to make it accessible from PuTTY itself.)
-
You can now configure the initial window title.
-
Running "
putty -cleanup
" will now remove all files and
registry entries created by PuTTY. If you've used PuTTY on somebody
else's machine and don't want to leave any mess behind, you can run
this before deleting the PuTTY executable.
-
The Event Log now scrolls down when new events appear on it, so that
if you leave it up all the time you can watch things happen. Also,
you can select items from the Event Log and copy them to the
clipboard (should help for debugging).
-
When using NT's opaque resize feature, resizing the window doesn't
send resize events at every step of the process, but
instead sends a single one at the end. (I'd have quite liked it to
do a resize event if the drag paused for maybe a second, but
WM_TIMER doesn't seem to get through in the middle of a resize. Oh
well, this is good enough.)
-
Everyone's favourite trivial change: Shift+Ins pastes. (No
configurable option to control this: it wasn't doing anything
interesting anyway.)
-
Included two extra Makefile options:
/DAUTO_WINSOCK
makes the build process assume that <windows.h>
implicitly includes a WinSock header file, and
/DWINSOCK_TWO
makes PuTTY include
<winsock2.h>
instead of
<winsock.h>
.
-
Bug fix for a bug nobody had ever noticed: if you hit About
twice, you only get one About box (as designed), except
that if you open and close the Licence box then PuTTY forgets about
the About box, so it will then let you open another. Now the
behaviour is sane, and you can never open more than one About box.
-
Bug fix: choosing local-terminal line discipline together with SSH
password authentication now doesn't cause the password to be echoed
to the screen.
-
Bug fix: network errors now do not close the window if Close On Exit
isn't set.
-
Bug fix: fonts such as 9-point (12-pixel) Courier New, which
previously failed to display underlines, now do so.
-
Bug fix: stopped the saved-configuration-name box getting blanked
when you swap away from and back to the Connection panel.
-
Bug fix: closing the About box returns focus to the config box, and
closing the View Licence box returns focus to the About box.
-
The moment you've all been waiting for: RSA public key
authentication is here! You can enter a public-key file name in the
SSH configuration panel, and PuTTY will attempt to authenticate with
that before falling back to passwords or TIS. Key file format is the
same as "regular" ssh. Decryption of the key using a passphrase is
supported. No key generation utility is provided, yet.
-
Created Pageant, a PuTTY authentication agent. PuTTY can use RSA
keys from this for authentication, and can also forward agent
communications to the remote end. Keys can be added and removed
either locally or remotely.
-
Created Plink, a command-line version of PuTTY suitable for use as a
component of a pipe assembly (for example, Windows NT CVS can use it
as a transport).
-
SSH protocol version 2 support. This is disabled by default unless
you connect to a v2-only server. Public key authentication isn't
supported (this places PuTTY technically in violation of the SSH-2
specification).
-
Enable handling of
telnet://hostname:port/
URLs on the
command line. With this feature, you can now set PuTTY as the
default handler for Telnet URLs. If you run the Registry Editor and
set the value in
HKEY_CLASSES_ROOT\telnet\shell\open\command
to be
"\path\to\putty.exe %1
" (with the full pathname of your
PuTTY executable), you should find that clicking on telnet links in
your web browser now runs PuTTY.
-
Re-merge the two separate forks of the ssh protocol code. PuTTY and
PSCP now use the same protocol module, meaning that further SSH
developments will be easily able to affect both.
These features were
new in
0.49
(released 2000-06-28):
-
Stop the SSH protocol code from sending zero-length
SSH_CMSG_STDIN_DATA
packets when Shift is pressed.
These appear to be harmless to Unix sshd, but cause VMS sshd to
generate an Exit signal.
-
Fix a small bug about using special port numbers in pscp; thanks to
Joris van Rantwijk.
-
Three security improvements. PuTTY now checks the CRC on incoming
packets, checks that the packet length and string length fields on
incoming
SSH_SMSG_*_DATA
packets are consistent, and
outlaws attempts to set the terminal size too big by escape
sequences (countering the xterm DoS attack shown in bugtraq
#1298).
-
High-half characters (160 and above) are now supported in username
and password input.
-
Bug fix: RSA keys whose storage format used an odd number of bytes
(i.e. the bit length of the key, mod 16, was between 1 and 8
inclusive) were being handled incorrectly. An sshd with an 850-bit
server key wasn't able to accept connections from PuTTY as a result.
-
pscp now has the "
-ls
" option to get a directory
listing of a remote host. It does this by sending the command
"ls -la
<dirspec>", so it might well not work
on non-Unix ssh servers. It's mainly there to allow a useful
directory listing facility for potential GUI front ends.
-
Local line discipline is now invoked in more sensible circumstances,
and understands Telnet Erase Line. Thanks to Robert de Bath.
-
Blinking cursor support (off by default). Thanks to Robert de Bath.
-
xterm mouse tracking support, thanks to Wez Furlong.
-
Hopefully vastly improved PuTTY's behaviour under load; also we can
process incoming data even during a window move/resize. Thanks to
Robert de Bath.
-
Better handling of the bug in which underlines are drawn outside the
character cell. Now they don't get drawn at _all_, which is still
non-ideal but it's better than rampaging screen corruption. Thanks
to Robert de Bath.
-
Various terminal emulation upgrades. Thanks to Robert de Bath.
-
By popular demand, Shift-Tab now sends ESC [ Z instead of being
indistinguishable from ordinary Tab.
-
^C, ^Z and ^D now instruct the local-terminal line discipline to
send Telnet special control codes. The local line discipline can
also be enabled and disabled in mid-session without dropping data,
and it's also linked to the Telnet ECHO option. Patch due to Robert
de Bath.
-
Telnet SYNCH is now preceded by IAC, which it wasn't previously.
Patch due to Robert de Bath.
-
Fixed the long-standing bug in which CSI ? Q and CSI Q were treated
identically for most values of Q. Patch due to Robert de Bath.
-
Pressing Return in a Telnet session now sends Telnet NL instead of
Telnet CR (in raw data, that's CR-LF not CR-NUL; ^J continues to
send just LF). Unix telnetds should not notice any difference;
others might suddenly start working. Patch due to Robert de Bath.
-
Much patchery in font selection code; with any luck, mixed OEM+ANSI
line drawing mode will now be more reliable. Patch due to Robert de
Bath.
-
An attempt has been made to deal with the dropping of incoming data
between decoding and display.
-
Replaced all the algorithms that weren't already my own code. The
DES, MD5, SHA, and CRC32 implementations used in PuTTY are now all
written by me and distributable under the PuTTY licence, instead of
being borrowed from a variety of other places. Better still, there
are comments: the DES implementation contains a careful
description of how the algorithm given in the spec was transformed
into the optimised algorithm in the code, and the CRC32
implementation explains what a CRC is and how the table lookup
algorithm works.
-
Scrollback behaviour has changed. ANSI Delete Line at the top of the
screen now inserts the lines into the scrollback (previously, only
genuine scroll-up would do this). However, the scrollback is never
touched by scroll operations in the alternate screen.
-
The response to Ctrl-E is now "PuTTY" instead of the xtermalike
sequence it was previously.
-
The command line option
-log
will now cause all data
received from the remote host to be logged to a file
putty.log
.
-
PSCP now doesn't try to "recurse" into the directories
.
and ..
like it did before.
-
Add keyboard accelerators on the System menu.
-
"Warn On Close" no longer applies to inactive windows: you can close
one of those without complaint.
-
There is now a system to generate Borland and Cygnus makefiles from
the master makefile, so that people can build PuTTY with other
compilers but I still only have to maintain one makefile.
These features were
new in
0.48
(released 1999-11-18):
-
Cyrillic support: optional KOI8 to Win1251 translation, an internal
version of the Cyrillic key map for machines that don't have it
installed systemwide, and support for selecting a character set in
the font configuration. All thanks to Oleg Panashchenko.
-
Support for the TIS authentication option (to the client, this looks
much like a form of password authentication, so there's no local
state involved).
-
SSH mode now shows an Event Log of all the initial protocol setup,
to match the Telnet negotiation log.
-
Alt-F4 as "close window" can be configured off. Alt-Space as System
menu is now an option and can be configured on, although it doesn't
work very well (you have to press Down after hitting Alt-Space).
-
NetHack keypad mode mapping (shift-with-)numeric-keypad to
(shift-with-)hjklyubn. Unfortunately Shift only works when NumLock
is off, which is a bit odd.
-
An implementation of the scp client, as a separate binary.
Many thanks to Joris van Rantwijk.
-
Change the default title bar format to "host.name - PuTTY" rather
than "PuTTY: host.name", so as to be more useful in the taskbar.
-
Warning box "are you sure you want to disconnect?" on hitting the
Close button or Alt-F4 or whatever.
-
Telnet mode was reported to drop char-255, presumably due to
mishandling IAC IAC. Fix due to Robert de Bath.
-
Add some keyboard accelerators in the configuration box.
-
A raw-TCP connection option, alongside Telnet and SSH. Thanks to
Mark Baker.
-
A local line-editing line discipline, which can be layered over any
of the back end connection options. Most usefully, this can be used
to make the raw-TCP back end suitable for talking to finger, SMTP,
POP, NNTP etc. servers.
-
A small tool-tip that shows the size of the terminal window in
character cells while it's being resized, so you can drag it out to
a precise size. Many thanks to John Sullivan, who achieved this
despite other people supporting my belief that it was impossible.
-
Single DES as an SSH encryption option, as well as triple DES.
Thanks to Murphy Lam.
-
Support for using ssh by default: a
-ssh
command line
option, a compile-time definition SSH_DEFAULT
, and the
ability to honour port and protocol (and host!) settings in the
"Default Settings" part of the registry if they've been manually
inserted.
-
Made stored sessions available as a submenu from the system menu.
Thanks to Owen Dunn.
-
Minimal Win32s compatibility, as a compile-time option (so
it's not in the snapshot binaries but is in the snapshot source
releases). The configuration box apparently doesn't work, but the
actual sessions will run OK. Thanks to Owen Dunn.
This feature was
new in
0.47
(released 1999-08-27):
-
Fixed a potential security flaw in the random number generator.
These features were
new in
0.46
(released 1999-07-09):
- Fixed a bug causing hangs when an SSH window was resized after
the connection was closed. I'd never spotted it, because I never use
Close Window On Exit...
- Default mouse pointer inside the PuTTY window is now an I-beam.
- Support for AltGr. As it turns out, it is possible to do
this without also changing the behaviour of Ctrl/LeftAlt. Many
thanks to <andre@via.ecp.fr> for inventing a way to achieve
this.
-
Resource/memory leaks are apparently fixed. I'm going to assume they
are completely fixed, unless someone mails me to suggest
otherwise.
-
Fixed the bug in the configuration box whereby double-clicking on a
saved session leaked the double click through to the window below.
-
ESC[?9r was being interpreted just like ESC[9r, with disastrous
results (the former turns off mouse click reporting, which PuTTY
doesn't support yet anyway; the latter munges the scroll region
horribly). Fixed, in a temporary sort of way.
-
Added Blowfish encryption as an alternative to triple-DES.
These features were
new in
0.45
(released 1999-01-22):
-
Fix the GPF on maximise-then-restore.
-
Fix the delayed update of the window title when in
always-use-window-title mode and iconic.
-
Employ SetCapture() to allow drag-selects to continue to work when
the pointer drifts out of the window.
-
Some platforms apparently define the identifier "environ" as a
macro; stop using it inside PuTTY.
-
Add an option to ask SSH not to allocate a pty.
-
Add a terminal setting to cause LF to imply CR (useful with the
above).
If you want to comment on this web site, see the
Feedback page.
(last modified on Sat Jun 27 08:28:19 2020)