PuTTY is an SSH client for Windows. It can also act as a telnet client for legacy applications.
The software was developed and is maintained by Simon Tatham. It was first released in 1998 and is currently (2017) still beta version software. Development has not stalled, but has been slow in the last 15 years.
PuTTY Download Site
You can download the PuTTY SSH client version 0.68 (2017-02-21) here.
|putty-0.68-installer.msi||Windows (any)||PGP signature|
|putty-64bit-0.68-installer.msi (64-bit Windows only)||Windows (64-bit)||PGP signature|
To compare and download other SSH clients, see the SSH client download page.
The master download site for PuTTY is Simon Tatham's personal page at http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html. The files are mirrored here; the master site provides no HTTPS.
SSH and SFTP servers are available for Windows, Unix/Linux, and z/OS mainframes. Tectia SSH supports standards-based X.509 PKI, and smartcard authentication. Business-critical appliations will benefit from 24x7 support.
OpenSSH is an open source server for Linux and Unix, but comes without support. A version of it is included in most Linux distributions. A supported version is recommended for business-critical applications.
SSH Key Management Risks to Consider in Larger Environments
In many large large environments SSH is used with public key authentication. This means large volumes of SSH keys. PuTTY supports public key authentication. Most organizations with more than a hundred servers tend to have significant SSH key management issues, and should undergo a risk assessment and consider deploying key management software.
Organizations should also be aware of security risks related to SSH port forwarding, which can enable employees and attackers to leave tunnels back into the internal network from the public Internet. This particularly affects organizations using cloud services and DevOps processes, as such organizations cannot usually block outgoing SSH connections at the firewall.
PuTTY Telnet Support
In addition to SSH, the legacy telnet protocol is also supported and the software can be used as a telnet client. Telnet is insecure and its use is not recommended. Using SSH (Secure Shell) instead is strongly recommended. The main problem with
telnet is that it transmits all passwords and any transmitted data in the clear, which means that anyone with access to any computer in the same network can steal any user names and passwords. Such password sniffing attacks were very common on the Internet already in the 1990s. Protection from such attacks was the main reason why Tatu Ylonen developed SSH as a replacement for
telnet in the first place. Use of
telnet has not been recommended for 20 years.
telnet client is also available as a separate binary,
PuTTYtel, that does not support the SSH protocol. This can be used in countries where use of encryption is illegal. Due to its lack of security, its use is not recommended in most countries. (Encryption is generally legal in all civilized countries with freedom of speech and normal human rights.)
Putty also supports
rlogin, another legacy login protocol. Rlogin is not recommended, because it uses
.rhosts authentication and is susceptible to IP spoofing and man-in-the-middle attacks. It is also unencrypted, which means all communications can be eavesdropped in the network.
SFTP File Transfer Support
SFTP support is implemented as a separate program,
PSFTP. It is available only as a command-line tool. There is no graphical user interface for file transfers. SCP file transfers are supported via the
PSCP program. It also is command-line only.
This approach of having file transfer clients as separate programs (and as command-line applications that can only be used from the Windows Terminal) differs from most modern SSH clients, where SFTP support is fully built into the terminal client for interactive use. Most modern clients would supports fully integrated file transfers from the same application; see, e.g., Tectia SSH.