PuTTY is a versatile terminal program for Windows. It is the most popular free SSH client in the world. Supports SSH, telnet, and raw socket connections with good terminal emulation. Supports public key authentication and Kerberos single sign-on. It also includes SFTP and command-line SCP implementations.
PuTTY Downloads
PuTTY is most commonly used on Windows. It is also available on Linux.
Download
PuTTY
-
for Windows PuTTY
on
-
Linux PuTTY
-
on Mac
Alternative SSH clients
There are many SSH clients that are more modern. A major shortcoming of PuTTY is that it doesn’t have file transfers built into the client itself. Instead, file transfers must be done through the command line. This is too complicated for most users. Tectia SSH has had them since 2000. PuTTY also does not include an SSH server.
-
Other clients
SSH
How to
get an SSH server PuTTY does not come with an SSH
server. It can be used with Linux OpenSSH. For Windows mainframes and IBM z/OS, we recommend the Tectia SSH server.
Tutorials, procedures and user manual
Installing PuTTY on Windows Using the terminal on Windows Configuring
-
SSH keys on Windows with PuTTYgen Configuring SSH keys on Linux with PuTTYgen PuTTY
-
User Manual
-
client
Windows
features
-
. There are ports for Mac and Linux. There is no server included.
-
Supports 32-bit and 64-bit Windows. An MSI installer has been available since 2016.
-
Supports SSH client, telnet client, SFTP client (command line only), and rlogin client. SSH2 and SSH1 protocols are supported. Please note that the use of SSH1 is not recommended for security reasons. Virtually every device supports SSH2 these days.
-
public key authentication and Active Directory/Kerberos authentication
-
File transfers only by using stand-alone command-line programs. There is no built-in file transfer support.
-
It does not support scripting, but can be used in conjunction with WinSCP.
Supports
.
Terminal
window
The main feature of the product is the terminal window. It has good terminal emulation, good configurability and good support for different cryptographic algorithms. SSH, telnet, and simple TCP/IP protocols are supported.
The PuTTY terminal is quite good and handles terminal emulation well.
File
transfer
The user interface does not include a built-in file transfer client. However, command-line tools called PSFTP and PSCP are provided. These can be used for file transfers. However, most non-technical users are not willing to use a command line. Tectia SSH, for example, has offered a fully integrated file transfer capability since 2000.
WinSCP and FileZilla clients can also be used for file transfers along with PuTTY. Having two software packages, switching between them to perform operations, and managing profiles and logins for both is an additional problem. WinSCP can now import PuTTY profiles, but a separate login is still required for each.
Public Key Authentication
PuTTY uses its own file format for SSH keys. The keys are stored in .ppk files. The PuTTYgen tool can be used to generate new keys and convert between .ppk files and other key formats.
It is common for hackers and malware to collect SSH keys when penetrating an organization. This happened, for example, in the infamous Sony breach. Recently, Wikileaks obtained CIA hacking tools designed to steal SSH keys and their passphrases.
Managing SSH keys correctly is important. Universal SSH Key Manager is a popular SSH key management solution and the only one at the time of writing that supports .ppk files.
Telnet Support
PuTTY grew out of a telnet client. It still supports the telnet protocol. However, very few devices use telnet these days. It is not recommended for use for safety reasons.
Telnet sends all usernames and passwords in clear. It is very easy to listen to network traffic and steal usernames and passwords from telnet traffic. By the mid-1990s, such password detection attacks had become the biggest security problem on the Internet. That was the same problem SSH was designed to solve. Compromised routers, switches, or ARP test attacks can also be used to inject arbitrary commands into telnet sessions.
There is a separate version of the software, called PuTTYtel, for countries that do not allow any use of encryption. However, SSH is now used in all countries, officially or unofficially. Most systems can no longer be managed without encryption. Even the most oppressive countries need to secure their systems somehow. There can be no cybersecurity in a network environment without encryption.
PuTTY also supports connecting to serial ports and raw sockets. They can sometimes be useful for debugging purposes and for working with some legacy devices. For example, in kernel development, access through a serial port is still sometimes the best way to debug a panic that causes an immediate restart because it provides a way to view boot messages.
Known
security vulnerabilities from
version 0.66 and earlier are known to contain security vulnerabilities. It is recommended that you upgrade to the latest version.
-
Buffer overflow in SCP. This is a potential stack overflow and a remote code execution vulnerability. A corrupted server could execute code on the client when any file is downloaded. It could also be exploited by man-in-the-middle attacks.
-
Integer overflow in the handling of the terminal exhaust sequence. This is a memory corruption and a potential remote code execution vulnerability. It involves sending an escape sequence to the terminal. For example, a compromised switch could inject the attack into a session. It can also be exploited by a corrupted server to execute code on the client, or through man-in-the-middle attacks.
-
A Trojan version has been circulating.
Lack of proper key management can expose servers to risk and allow attackers to spread from server to server or jump through desktops/laptops containing SSH keys. More information about SSH key management can be found here.
History and health status
PuTTY is one of the oldest SSH clients for Windows. It was first released by Simon Tatham in 1998. SSH support was added in 2000.
After 19 years, the software is still a beta version. Development has been slow, but it still continues. A recent version added support for elliptic curve cryptography. The user interface or features haven’t changed much in 15 years.
A Frequently Asked Questions (FAQ) document can be found here.
Where to find the
source code
The source code is available on Simon Tatham’s homepage. Installation packages can be safely downloaded here.
Extensions, branches, and integrations
The product is open source. Several projects have branched out and are based on its source code.
PuttyManager is a tabbed user interface,
-
but development seems to have stopped years ago
-
ExtraPuTTY is a fork that has several extensions, such as integrating the Lua programming language
-
MTPuTTY is a version of with a user interface that supports multiple tabs (i.e. a tab control where each tab is a terminal window).
-
WinSCP has some level of integration for file transfer functionality.
.
.
Videos and Screen
Presentations Video
tutorial PuTTY tutorial Terminal window <img src="https://www.ssh.com/hubfs/Imported_Blog_Media/PuTTY_terminal_window-2.jpeg" alt="
PuTTY
terminal
window
” />SFTP Client <img src="https://www.ssh.com/hubfs/Imported_Blog_Media/Putty_download_SFTP_PSFTP-2.jpeg" alt="Putty download
SFTP PSFTP
” />
