PuTTY is a free and open-source terminal emulator, serial console and network file transfer application. It supports several network protocols, including SCP, SSH, Telnet, rlogin, and raw socket connection. It can also connect to a serial port. The name “PuTTY” has no official meaning.
PuTTY was originally written for Microsoft Windows, but it has been ported to various other operating systems. Official ports are available for some Unix-like platforms, with work-in-progress ports to Classic Mac OS and macOS, and unofficial ports have been contributed to platforms such as Symbian, Windows Mobile and Windows Phone.
PuTTY was written and is maintained primarily by Simon Tatham.
PuTTY supports many variations on the secure remote terminal, and provides user control over the SSH encryption key and protocol version, alternate ciphers such as AES, 3DES, Arcfour, Blowfish, DES, and Public-key authentication. PuTTY supports SSO through GSSAPI, including user provided GSSAPI DLLs. It also can emulate control sequences from xterm, VT220, VT102 or ECMA-48 terminal emulation, and allows local, remote, or dynamic port forwarding with SSH (including X11 forwarding). The network communication layer supports IPv6, and the SSH protocol supports the firstname.lastname@example.org delayed compression scheme. It can also be used with local serial port connections.
PuTTY comes bundled with command-line SCP and SFTP clients, called “pscp” and “psftp” respectively, and plink, a command-line connection tool, used for non-interactive sessions.
PuTTY does not support session tabs directly, but many wrappers are available that do.
This release fixes multiple security vulnerabilities. Most were found by contributors to a HackerOne bug bounty programme funded by the EU. Thanks to everybody who reported bugs, to HackerOne for organising it, and to the EU for the funding! Vulnerabilities fixed in this release include: - A malicious server could trigger a buffer overrun by abusing the RSA key exchange protocol. This would happen before host key verification, so even if you trust the server you *intended* to connect to, you would still be at risk. - A malicious server could trigger a buffer overflow in Unix PuTTY by opening a very large number of port forwardings. - A malicious program able to write to the server-side terminal could deny service to the rest of the SSH session, by making PuTTY's terminal emulation code fail an assertion in at least two different ways, or by making it consume large amounts of memory and CPU. - Windows builds of PuTTY were vulnerable to hijacking if an attacker could arrange to drop a malicious Windows help file (.chm) in the same directory. Running PuTTY directly out of your browser's download directory, for example, might make this possible. Other security-related improvements: - The cryptography code has been substantially rewritten to eliminate cache and timing side channels. - PuTTY has a new system for making legitimate authentication prompts distinguishable from fakes sent by the server (e.g. to try to trick you into sending information like private key passphrases over the wire). This involves displaying 'trust sigils' (in the form of the PuTTY icon) on lines of the terminal window that contain data originated by PuTTY itself, and a precautionary prompt before starting the main login session when using Plink interactively. (That prompt can be turned off if it's an inconvenience.) - By default, PuTTY now sanitises control characters out of data pasted into the terminal data; output sent to standard error by the server in Plink, PSCP and PSFTP; and filenames transmitted from the server by PSCP and PSFTP. Other improvements: - We now provide builds of PuTTY for Windows on Arm, as well as for x86-64 and x86 Windows. - The GTK version of PuTTY now runs on non-X11 displays like Wayland, and understands high-DPI configurations. - You can now type ahead in a PuTTY window as soon as it opens, and your keystrokes will no longer be discarded. Instead, PuTTY will buffer them until either the login prompts or the main server session can use them. - PuTTY implements hardware-accelerated versions of the AES, SHA-256, and SHA-1 cryptographic functions, on both x86 and Arm platforms. - SSH user authentication prompts and banner messages are now allowed to contain printable characters outside US-ASCII. - PuTTY now supports Kerberos authentication via GSSAPI key exchange as an alternative to the previous GSSAPI user authentication system. This allows a Kerberos ticket forwarded to the SSH server to be kept up to date during a long-running SSH session. - Richer colour support in the terminal emulator: it now supports true colour, dim text via the SGR 2 sequence, and a query sequence that lets a server find out how many colours the terminal provides. - The terminal now supports the REP escape sequence to print the same character many times, which up-to-date versions of ncurses expect. - The terminal has more flexible clipboard / selection handling. You can now configure PuTTY not to automatically copy text to the clipboard as soon as you select it (i.e. to behave more like a normal Windows program). In the GTK version, you can configure which of the system clipboards PuTTY uses, or even configure different copy/paste keys to access different clipboards. - Pressing Ctrl+Shift+PgUp or Ctrl+Shift+PgDn now takes you straight to the top or bottom of the terminal scrollback.
PuTTY is copyright 1997-2019 Simon Tatham.