25
25
\b The \q{Host Name} box is where you type the name, or the \i{IP
26
26
address}, of the server you want to connect to.
28
\b The \q{Protocol} radio buttons let you choose what type of
28
\b The \q{Connection type} radio buttons let you choose what type of
29
29
connection you want to make: a \I{raw TCP connections}raw
30
connection, a \i{Telnet} connection, an \i{Rlogin} connection
31
or an \i{SSH} connection. (See \k{which-one} for a
32
summary of the differences between SSH, Telnet and rlogin, and
33
\k{using-rawprot} for an explanation of \q{raw} connections.)
35
\b The \q{Port} box lets you specify which \i{port number} on the server
36
to connect to. If you select Telnet, Rlogin, or SSH, this box will
37
be filled in automatically to the usual value, and you will only
38
need to change it if you have an unusual server. If you select Raw
39
mode, you will almost certainly need to fill in the \q{Port} box.
30
connection, a \i{Telnet} connection, an \i{Rlogin} connection, an
31
\i{SSH} connection, or a connection to a local \i{serial line}. (See
32
\k{which-one} for a summary of the differences between SSH, Telnet
33
and rlogin; see \k{using-rawprot} for an explanation of \q{raw}
34
connections; see \k{using-serial} for information about using a
37
\b The \q{Port} box lets you specify which \i{port number} on the
38
server to connect to. If you select Telnet, Rlogin, or SSH, this box
39
will be filled in automatically to the usual value, and you will
40
only need to change it if you have an unusual server. If you select
41
Raw mode, you will almost certainly need to fill in the \q{Port} box
44
If you select \q{Serial} from the \q{Connection type} radio buttons,
45
the \q{Host Name} and \q{Port} boxes are replaced by \q{Serial line}
46
and \q{Speed}; see \k{config-serial} for more details of these.
41
48
\S{config-saving} \ii{Loading and storing saved sessions}
140
147
PuTTY sessions, for debugging, analysis or future reference.
142
149
The main option is a radio-button set that specifies whether PuTTY
143
will log anything at all. The options are
145
\b \q{Logging turned off completely}. This is the default option; in
146
this mode PuTTY will not create a log file at all.
148
\b \q{Log printable output only}. In this mode, a log file will be
150
will log anything at all. The options are:
152
\b \q{None}. This is the default option; in this mode PuTTY will not
153
create a log file at all.
155
\b \q{Printable output}. In this mode, a log file will be
149
156
created and written to, but only printable text will be saved into
150
157
it. The various terminal control codes that are typically sent down
151
158
an interactive session alongside the printable text will be omitted.
152
159
This might be a useful mode if you want to read a log file in a text
153
160
editor and hope to be able to make sense of it.
155
\b \q{Log all session output}. In this mode, \e{everything} sent by
162
\b \q{All session output}. In this mode, \e{everything} sent by
156
163
the server into your terminal session is logged. If you view the log
157
164
file in a text editor, therefore, you may well find it full of
158
165
strange control characters. This is a particularly useful mode if
161
168
else can replay the session later in slow motion and watch to see
164
\b \q{\i{Log SSH packet data}}. In this mode (which is only used by SSH
165
connections), the SSH message packets sent over the encrypted
166
connection are written to the log file. You might need this to debug
167
a network-level problem, or more likely to send to the PuTTY authors
168
as part of a bug report. \e{BE WARNED} that if you log in using a
169
password, the password can appear in the log file; see
170
\k{config-logssh} for options that may help to remove sensitive
171
material from the log file before you send it to anyone else.
171
\b \I{SSH packet log}\q{SSH packets}. In this mode (which is only used
172
by SSH connections), the SSH message packets sent over the encrypted
173
connection are written to the log file (as well as \i{Event Log}
174
entries). You might need this to debug a network-level problem, or
175
more likely to send to the PuTTY authors as part of a bug report.
176
\e{BE WARNED} that if you log in using a password, the password can
177
appear in the log file; see \k{config-logssh} for options that may
178
help to remove sensitive material from the log file before you send it
181
\b \q{SSH packets and raw data}. In this mode, as well as the
182
decrypted packets (as in the previous mode), the \e{raw} (encrypted,
183
compressed, etc) packets are \e{also} logged. This could be useful to
184
diagnose corruption in transit. (The same caveats as the previous mode
187
Note that the non-SSH logging options (\q{Printable output} and
188
\q{All session output}) only work with PuTTY proper; in programs
189
without terminal emulation (such as Plink), they will have no effect,
190
even if enabled via saved settings.
173
192
\S{config-logfilename} \q{Log file name}
874
904
typed at the keyboard. This allows an attacker to fake keypresses
875
905
and potentially cause your server-side applications to do things you
876
906
didn't want. Therefore this feature is disabled by default, and we
877
recommend you do not turn it on unless you \e{really} know what you
907
recommend you do not set it to \q{Window title} unless you \e{really}
908
know what you are doing.
910
There are three settings for this option:
914
\dd PuTTY makes no response whatsoever to the relevant escape
915
sequence. This may upset server-side software that is expecting some
920
\dd PuTTY makes a well-formed response, but leaves it blank. Thus,
921
server-side software that expects a response is kept happy, but an
922
attacker cannot influence the response string. This is probably the
923
setting you want if you have no better ideas.
927
\dd PuTTY responds with the actual window title. This is dangerous for
928
the reasons described above.
880
930
\S{config-features-dbackspace} Disabling \i{destructive backspace}
1771
1830
through to an external host. Selecting \I{Telnet proxy}\q{Telnet}
1772
1831
allows you to tell PuTTY to use this type of proxy.
1833
\b Selecting \I{Local proxy}\q{Local} allows you to specify an arbitrary
1834
command on the local machine to act as a proxy. When the session is
1835
started, instead of creating a TCP connection, PuTTY runs the command
1836
(specified in \k{config-proxy-command}), and uses its standard input and
1840
This could be used, for instance, to talk to some kind of network proxy
1841
that PuTTY does not natively support; or you could tunnel a connection
1842
over something other than TCP/IP entirely.
1844
If you want your local proxy command to make a secondary SSH
1845
connection to a proxy host and then tunnel the primary connection
1846
over that, you might well want the \c{-nc} command-line option in
1847
Plink. See \k{using-cmdline-ncmode} for more information.
1774
1850
\S{config-proxy-exclude} Excluding parts of the network from proxying
1776
1852
\cfg{winhelp-topic}{proxy.exclude}
2049
2131
mail user agent, for example). If you want to do this, enter the
2050
2132
command in the \q{\ii{Remote command}} box.
2052
\S{config-ssh-pty} \I{pseudo-terminal allocation}\q{Don't allocate
2055
\cfg{winhelp-topic}{ssh.nopty}
2057
When connecting to a \i{Unix} system, most \I{interactive
2058
connections}interactive shell sessions are run in a \e{pseudo-terminal},
2059
which allows the Unix system to pretend it's talking to a real physical
2060
terminal device but allows the SSH server to catch all the data coming
2061
from that fake device and send it back to the client.
2063
Occasionally you might find you have a need to run a session \e{not}
2064
in a pseudo-terminal. In PuTTY, this is generally only useful for
2065
very specialist purposes; although in Plink (see \k{plink}) it is
2066
the usual way of working.
2134
Note that most servers will close the session after executing the
2068
2137
\S{config-ssh-noshell} \q{Don't start a \I{remote shell}shell or
2069
2138
\I{remote command}command at all}
2289
2360
The Auth panel allows you to configure \i{authentication} options for
2363
\S{config-ssh-noauth} \q{Bypass authentication entirely}
2365
\cfg{winhelp-topic}{ssh.auth.bypass}
2367
In SSH-2, it is possible to establish a connection without using SSH's
2368
mechanisms to identify or authenticate oneself to the server. Some
2369
servers may prefer to handle authentication in the data channel, for
2370
instance, or may simply require no authentication whatsoever.
2372
By default, PuTTY assumes the server requires authentication (most
2373
do), and thus must provide a username. If you find you are getting
2374
unwanted username prompts, you could try checking this option.
2376
This option only affects SSH-2 connections. SSH-1 connections always
2377
require an authentication step.
2379
\S{config-ssh-tryagent} \q{Attempt authentication using Pageant}
2381
\cfg{winhelp-topic}{ssh.auth.pageant}
2383
If this option is enabled, then PuTTY will look for Pageant (the SSH
2384
private-key storage agent) and attempt to authenticate with any
2385
suitable public keys Pageant currently holds.
2387
This behaviour is almost always desirable, and is therefore enabled
2388
by default. In rare cases you might need to turn it off in order to
2389
force authentication by some non-public-key method such as
2392
This option can also be controlled using the \c{-noagent}
2393
command-line option. See \k{using-cmdline-agentauth}.
2395
See \k{pageant} for more information about Pageant in general.
2292
2397
\S{config-ssh-tis} \q{Attempt \I{TIS authentication}TIS or
2293
2398
\i{CryptoCard authentication}}
2295
2400
\cfg{winhelp-topic}{ssh.auth.tis}
2297
TIS and CryptoCard authentication are simple \I{challenge/response
2298
authentication}challenge/response forms of authentication available in
2299
SSH protocol version 1 only. You might use them if you were using \i{S/Key}
2300
\i{one-time passwords}, for example, or if you had a physical \i{security
2301
token} that generated responses to authentication challenges.
2402
TIS and CryptoCard authentication are (despite their names) generic
2403
forms of simple \I{challenge/response authentication}challenge/response
2404
authentication available in SSH protocol version 1 only. You might use
2405
them if you were using \i{S/Key} \i{one-time passwords}, for example,
2406
or if you had a physical \i{security token} that generated responses
2407
to authentication challenges.
2303
2409
With this switch enabled, PuTTY will attempt these forms of
2304
2410
authentication if the server is willing to try them. You will be
2370
2476
private key in another format that you want to use with PuTTY, see
2371
2477
\k{puttygen-conversions}.
2479
If a key file is specified here, and \i{Pageant} is running (see
2480
\k{pageant}), PuTTY will first try asking Pageant to authenticate with
2481
that key, and ignore any other keys Pageant may have. If that fails,
2482
PuTTY will ask for a passphrase as normal.
2484
\H{config-ssh-tty} The TTY panel
2486
The TTY panel lets you configure the remote pseudo-terminal.
2488
\S{config-ssh-pty} \I{pseudo-terminal allocation}\q{Don't allocate
2491
\cfg{winhelp-topic}{ssh.nopty}
2493
When connecting to a \i{Unix} system, most \I{interactive
2494
connections}interactive shell sessions are run in a \e{pseudo-terminal},
2495
which allows the Unix system to pretend it's talking to a real physical
2496
terminal device but allows the SSH server to catch all the data coming
2497
from that fake device and send it back to the client.
2499
Occasionally you might find you have a need to run a session \e{not}
2500
in a pseudo-terminal. In PuTTY, this is generally only useful for
2501
very specialist purposes; although in Plink (see \k{plink}) it is
2502
the usual way of working.
2504
\S{config-ttymodes} Sending \i{terminal modes}
2506
\cfg{winhelp-topic}{ssh.ttymodes}
2508
The SSH protocol allows the client to send \q{terminal modes} for
2509
the remote pseudo-terminal. These usually control the server's
2510
expectation of the local terminal's behaviour.
2512
If your server does not have sensible defaults for these modes, you
2513
may find that changing them here helps. If you don't understand any of
2514
this, it's safe to leave these settings alone.
2516
(None of these settings will have any effect if no pseudo-terminal
2517
is requested or allocated.)
2519
You can add or modify a mode by selecting it from the drop-down list,
2520
choosing whether it's set automatically or to a specific value with
2521
the radio buttons and edit box, and hitting \q{Add}. A mode (or
2522
several) can be removed from the list by selecting them and hitting
2523
\q{Remove}. The effect of the mode list is as follows:
2525
\b If a mode is not on the list, it will not be specified to the
2526
server under any circumstances.
2528
\b If a mode is on the list:
2532
\b If the \q{Auto} option is selected, the PuTTY tools will decide
2533
whether to specify that mode to the server, and if so, will send
2538
PuTTY proper will send modes that it has an opinion on (currently only
2539
the code for the Backspace key, \cw{ERASE}). Plink on Unix
2540
will propagate appropriate modes from the local terminal, if any.
2544
\b If a value is specified, it will be sent to the server under all
2545
circumstances. The precise syntax of the value box depends on the
2550
By default, all of the available modes are listed as \q{Auto},
2551
which should do the right thing in most circumstances.
2553
The precise effect of each setting, if any, is up to the server. Their
2554
names come from \i{POSIX} and other Unix systems, and they are most
2555
likely to have a useful effect on such systems. (These are the same
2556
settings that can usually be changed using the \i\c{stty} command once
2557
logged in to such servers.)
2559
Some notable modes are described below; for fuller explanations, see
2560
your server documentation.
2562
\b \I{ERASE special character}\cw{ERASE} is the character that when typed
2563
by the user will delete one space to the left. When set to \q{Auto}
2564
(the default setting), this follows the setting of the local Backspace
2565
key in PuTTY (see \k{config-backspace}).
2568
This and other \i{special character}s are specified using \c{^C} notation
2569
for Ctrl-C, and so on. Use \c{^<27>} or \c{^<0x1B>} to specify a
2570
character numerically, and \c{^~} to get a literal \c{^}. Other
2571
non-control characters are denoted by themselves. Leaving the box
2572
entirely blank indicates that \e{no} character should be assigned to
2573
the specified function, although this may not be supported by all
2577
\b \I{QUIT special character}\cw{QUIT} is a special character that
2578
usually forcefully ends the current process on the server
2579
(\cw{SIGQUIT}). On many servers its default setting is Ctrl-backslash
2580
(\c{^\\}), which is easy to accidentally invoke on many keyboards. If
2581
this is getting in your way, you may want to change it to another
2582
character or turn it off entirely.
2584
\b Boolean modes such as \cw{ECHO} and \cw{ICANON} can be specified in
2585
PuTTY in a variety of ways, such as \cw{true}/\cw{false},
2586
\cw{yes}/\cw{no}, and \cw{0}/\cw{1}.
2588
\b Terminal speeds are configured elsewhere; see \k{config-termspeed}.
2373
2590
\H{config-ssh-x11} The X11 panel
2375
2592
\cfg{winhelp-topic}{ssh.tunnels.x11}
2491
2710
known to the local system. For instance, in the \q{Destination} box,
2492
2711
you could enter \c{popserver.example.com:pop3}.
2494
You can modify the currently active set of port forwardings in
2495
mid-session using \q{Change Settings} (see \k{using-changesettings}).
2496
If you delete a local or dynamic port forwarding in mid-session, PuTTY
2497
will stop listening for connections on that port, so it can be re-used
2498
by another program. If you delete a remote port forwarding, note that:
2713
You can \I{port forwarding, changing mid-session}modify the currently
2714
active set of port forwardings in mid-session using \q{Change
2715
Settings} (see \k{using-changesettings}). If you delete a local or
2716
dynamic port forwarding in mid-session, PuTTY will stop listening for
2717
connections on that port, so it can be re-used by another program. If
2718
you delete a remote port forwarding, note that:
2500
2720
\b The SSH-1 protocol contains no mechanism for asking the server to
2501
2721
stop listening on a remote port.
2594
2814
An ignore message (SSH_MSG_IGNORE) is a message in the SSH protocol
2595
2815
which can be sent from the client to the server, or from the server
2596
2816
to the client, at any time. Either side is required to ignore the
2597
message whenever it receives it. PuTTY uses ignore messages to hide
2598
the password packet in SSH-1, so that a listener cannot tell the
2599
length of the user's password; it also uses ignore messages for
2600
connection keepalives (see \k{config-keepalive}).
2817
message whenever it receives it. PuTTY uses ignore messages to
2818
\I{password camouflage}hide the password packet in SSH-1, so that
2819
a listener cannot tell the length of the user's password; it also
2820
uses ignore messages for connection \i{keepalives} (see
2821
\k{config-keepalive}).
2602
2823
If this bug is detected, PuTTY will stop using ignore messages. This
2603
2824
means that keepalives will stop working, and PuTTY will have to fall
2624
2845
password packet is not really a bug, but it does make life
2625
2846
inconvenient if the server can also not handle ignore messages.
2627
If this \q{bug} is detected, PuTTY will have no choice but to send
2628
the user's password with no form of camouflage, so that an
2629
eavesdropping user will be easily able to find out the exact length
2848
If this \q{bug} is detected, PuTTY will assume that neither ignore
2849
messages nor padding are acceptable, and that it thus has no choice
2850
but to send the user's password with no form of camouflage, so that
2851
an eavesdropping user will be easily able to find out the exact length
2630
2852
of the password. If this bug is enabled when talking to a correct
2631
2853
server, the session will succeed, but will be more vulnerable to
2632
2854
eavesdroppers than it could be.
2741
2963
This is an SSH-2-specific bug.
2965
\H{config-serial} The Serial panel
2967
The \i{Serial} panel allows you to configure options that only apply
2968
when PuTTY is connecting to a local \I{serial port}\i{serial line}.
2970
\S{config-serial-line} Selecting a serial line to connect to
2972
\cfg{winhelp-topic}{serial.line}
2974
The \q{Serial line to connect to} box allows you to choose which
2975
serial line you want PuTTY to talk to, if your computer has more
2976
than one serial port.
2978
On Windows, the first serial line is called \i\cw{COM1}, and if there
2979
is a second it is called \cw{COM2}, and so on.
2981
This configuration setting is also visible on the Session panel,
2982
where it replaces the \q{Host Name} box (see \k{config-hostname}) if
2983
the connection type is set to \q{Serial}.
2985
\S{config-serial-speed} Selecting the speed of your serial line
2987
\cfg{winhelp-topic}{serial.speed}
2989
The \q{Speed} box allows you to choose the speed (or \q{baud rate})
2990
at which to talk to the serial line. Typical values might be 9600,
2991
19200, 38400 or 57600. Which one you need will depend on the device
2992
at the other end of the serial cable; consult the manual for that
2993
device if you are in doubt.
2995
This configuration setting is also visible on the Session panel,
2996
where it replaces the \q{Port} box (see \k{config-hostname}) if the
2997
connection type is set to \q{Serial}.
2999
\S{config-serial-databits} Selecting the number of data bits
3001
\cfg{winhelp-topic}{serial.databits}
3003
The \q{Data bits} box allows you to choose how many data bits are
3004
transmitted in each byte sent or received through the serial line.
3005
Typical values are 7 or 8.
3007
\S{config-serial-stopbits} Selecting the number of stop bits
3009
\cfg{winhelp-topic}{serial.stopbits}
3011
The \q{Stop bits} box allows you to choose how many stop bits are
3012
used in the serial line protocol. Typical values are 1, 1.5 or 2.
3014
\S{config-serial-parity} Selecting the serial parity checking scheme
3016
\cfg{winhelp-topic}{serial.parity}
3018
The \q{Parity} box allows you to choose what type of parity checking
3019
is used on the serial line. The settings are:
3021
\b \q{None}: no parity bit is sent at all.
3023
\b \q{Odd}: an extra parity bit is sent alongside each byte, and
3024
arranged so that the total number of 1 bits is odd.
3026
\b \q{Even}: an extra parity bit is sent alongside each byte, and
3027
arranged so that the total number of 1 bits is even.
3029
\b \q{Mark}: an extra parity bit is sent alongside each byte, and
3032
\b \q{Space}: an extra parity bit is sent alongside each byte, and
3035
\S{config-serial-flow} Selecting the serial flow control scheme
3037
\cfg{winhelp-topic}{serial.flow}
3039
The \q{Flow control} box allows you to choose what type of flow
3040
control checking is used on the serial line. The settings are:
3042
\b \q{None}: no flow control is done. Data may be lost if either
3043
side attempts to send faster than the serial line permits.
3045
\b \q{XON/XOFF}: flow control is done by sending XON and XOFF
3046
characters within the data stream.
3048
\b \q{RTS/CTS}: flow control is done using the RTS and CTS wires on
3051
\b \q{DSR/DTR}: flow control is done using the DSR and DTR wires on
2743
3054
\H{config-file} \ii{Storing configuration in a file}
2745
3056
PuTTY does not currently support storing its configuration in a file