PuTTY SSH is one of the oldest SSH clients for Windows. It was first released by Simon Tatham in 1998. SSH support was added in 2000. The main use of the software is remote access to Unix and Linux servers and routers.
Download PuTTY, Documentation & Alternatives
- Download PuTTY
- Compare to other SSH clients
- SSH server for Windows
- PuTTY User Manual
- Using terminal client on Windows
- Generating SSH keys on Windows
- Linux terminal client
- Generating SSH keys on Linux
Version 0.66 and earlier are known to contain security vulnerabilities. Upgrading to the latest version is recommended.
- Buffer overflow in SCP. This a potential stack overflow and remote code execution vulnerability. A corrupt server could execute code on the client when any file is downloaded. It could also be exploited by man-in-the-middle attacks.
- Integer overflow in terminal escape sequence handling. This is a memory corruption and possible remote code execution vulnerability. It involves sending an escape sequence to the terminal. For example, a compromised switch could inject the attack into a session. It can also be exploited by a corrupt server to execute code on the client, or using man-in-the-middle attacks.
- A trojaned version has been circulating.
Lack of proper key management can expose servers to risk and allow attackers to spread server-to-server or jump through desktops/laptops containing SSH keys. More information on SSH key management can be found here.
- Windows client. Mac and Linux ports exist. No server included.
- Supports both 32-bit and 64-bit Windows. An MSI installer has been available since 2016.
- Supports SSH client, telnet client, SFTP client (command line only), and rlogin client. Both SSH2 and SSH1 protocols are supported. Note: Use of SSH1 is not recommended for security reasons. Practically all devices support SSH2 these days.
- Supports public key authentication and Active Directory/Kerberos authentication.
- File transfers only using a separate command-line programs. No integrated file transfer support.
- No scripting support.
The main feature of the product is the terminal window. It has good terminal emulation, good configurability, and good support for different cryptographic algorithms.
The user interface does not include an integrated file transfer client. However, command-line tools called
PSCP are provided. These can be used for file transfers. However, most non-technical users are not willing to use a command line. Tectia SSH, for example, has offered fully integrated file transfer capability since 2000.
The WinSCP and FileZilla clients can also be used for file transfers in conjunction with PuTTY. Having two software packages, switching between them to do operations, and managing profiles and logins for both is extra trouble. WinSCP can now import PuTTY profiles, but separate login is still required for each.
Public Key Authentication and SSH Key Management
PuTTY uses its own file format for SSH keys. The keys are stored in
.ppk files. The PuTTYGen tool can be used for generating new keys and converting between
.ppk files and other key formats.
It is common for hackers and malware to collect SSH keys when penetrating an organization. This happened, for example, in the infamous Sony Breach. Managing SSH keys properly is important. Universal SSH Key Manager a popular SSH key management solution and the only one at this time that supports
PuTTY Telnet and Legacy Protocol Support
PuTTY grew out of a telnet client. It still supports the
telnet protocol. However, very few devices use
telnet these days. Its use is not recommended for security reasons.
Telnet sends all user names and passwords in the clear. It is very easy to listen to network traffic and steal user names and passwords from
telnet traffic. By mid-1990s, such password sniffing attacks had become the largest security problem on the Internet. That was the very problem the SSH protocol was designed to solve. Compromised routers, switches, or ARP proofing attacks can also be used to inject arbitrary commands into telnet sessions.
There is a separate version of the software, called
PuTTYtel, for countries that do not allow any use of encryption. However, SSH is now used in all countries, officially or unofficially. Most systems can no longer be managed without encryption. Even the most oppressive countries need to secure their systems somehow. There cannot be cybersecurity in a networked environment without encryption.
Rlogin is another legacy protocol that should not be used any more. It also sends all passwords in the clear.
The product also supports connecting to serial ports and raw sockets. These can sometimes be useful for debugging purposes and for working with some legacy devices. For example, in kernel development access via a serial port is still sometimes the best way to debug a panic that causes an immediate reboot, as it provides a way to see the boot messages.
After 19 years, the software is still a beta version. Development has been slow, but it is still being maintained. A recent version added support for elliptic curve cryptography. The user interface or features have not changed much in 15 years.
A Frequently Asked Questions document (FAQ) can be found here.
Extensions, Branches, and Integrations
The product is open source. Several projects have branched off and build on its source code.
- PuttyManager is a tabbed user interface, but development appears to have stopped years ago.
- ExtraPuTTY is a fork that has various extensions, such as Lua programming language integration.
- WinSCP has some level of integration for file transfer functionality.
Download Source Code
PuTTY is still one of the most popular SSH clients. It is robust and functional, but outdated by modern standards. The lack of integrated file transfers is a major drawback.