PuTTY User Manual
=================
PuTTY is a free (MIT-licensed) Win32 Telnet and SSH client. This manual
documents PuTTY, and its companion utilities PSCP, Plink, Pageant and
PuTTYgen.
This manual is copyright 2001-2002 Simon Tatham. All rights reserved. You
may distribute this documentation under the MIT licence. See appendix C for
the licence text in full.
Chapter 1: Introduction to PuTTY
--------------------------------
PuTTY is a free SSH, Telnet and Rlogin client for 32-bit Windows
systems.
1.1 What are SSH, Telnet and Rlogin?
If you already know what SSH, Telnet and Rlogin are, you can safely
skip on to the next section.
SSH, Telnet and Rlogin are three ways of doing the same thing:
logging in to a multi-user computer from another computer, over a
network.
Multi-user operating systems, such as Unix and VMS, usually present
a command-line interface to the user, much like the `Command Prompt'
or `MS-DOS Prompt' in Windows. The system prints a prompt, and you
type commands which the system will obey.
Using this type of interface, there is no need for you to be sitting
at the same machine you are typing commands to. The commands,
and responses, can be sent over a network, so you can sit at one
computer and give commands to another one, or even to more than one.
SSH, Telnet and Rlogin are _network protocols_ that allow you to do
this. On the computer you sit at, you run a _client_, which makes a
network connection to the other computer (the _server_). The network
connection carries your keystrokes and commands from the client to
the server, and carries the server's responses back to you.
These protocols can also be used for other types of keyboard-based
interactive session. In particular, there are a lot of bulletin
boards, talker systems and MUDs (Multi-User Dungeons) which support
access using Telnet. There are even a few that support SSH.
You might want to use SSH, Telnet or Rlogin if:
- you have an account on a Unix or VMS system which you want to be
able to access from somewhere else
- your Internet Service Provider provides you with a login account
on a web server. (This might also be known as a _shell account_.
A _shell_ is the program that runs on the server and interprets
your commands for you.)
- you want to use a bulletin board system, talker or MUD which can
be accessed using Telnet.
You probably do _not_ want to use SSH, Telnet or Rlogin if:
- you only use Windows. Windows computers have their own ways
of networking between themselves, and unless you are doing
something fairly unusual, you will not need to use any of these
remote login protocols.
1.2 How do SSH, Telnet and Rlogin differ?
This list summarises some of the differences between SSH, Telnet and
Rlogin.
- SSH is a recently designed, high-security protocol. It uses
strong cryptography to protect your connection against
eavesdropping, hijacking and other attacks. Telnet and Rlogin
are both older protocols offering minimal security.
- Telnet allows you to pass some settings on to the server, such
as environment variables. (These control various aspects of
the server's behaviour. You can usually set them by entering
commands into the server once you're connected, but it's easier
to have Telnet do it automatically.) SSH and Rlogin do not
support this. However, most modern Telnet servers don't allow
it either, because it has been a constant source of security
problems.
- SSH and Rlogin both allow you to log in to the server without
having to type a password. (Rlogin's method of doing this is
insecure, and can allow an attacker to access your account on
the server. SSH's method is much more secure, and typically
breaking the security requires the attacker to have gained
access to your actual client machine.)
- SSH allows you to connect to the server and automatically send
a command, so that the server will run that command and then
disconnect. So you can use it in automated processing.
The Internet is a hostile environment and security is everybody's
responsibility. If you are connecting across the open Internet,
then we recommend you use SSH. If the server you want to connect
to doesn't support SSH, it might be worth trying to persuade the
administrator to install it.
If you are behind a good firewall, it is more likely to be safe to
use Telnet or Rlogin, but we still recommend you use SSH.
Chapter 2: Getting started with PuTTY
-------------------------------------
This chapter gives a quick guide to the simplest types of
interactive login session using PuTTY.
2.1 Starting a session
When you start PuTTY, you will see a dialog box. This dialog box
allows you to control everything PuTTY can do. See chapter 4 for
details of all the things you can control.
You don't usually need to change most of the configuration options.
To start the simplest kind of session, all you need to do is to
enter a few basic parameters.
In the `Host Name' box, enter the Internet host name of the server
you want to connect to. You should have been told this by the
provider of your login account.
Now select a login protocol to use, from the `Protocol' buttons.
For a login session, you should select Telnet, Rlogin or SSH. See
section 1.2 for a description of the differences between the three
protocols, and advice on which one to use. The fourth protocol,
_Raw_, is not used for interactive login sessions; you would usually
use this for debugging other Internet services.
When you change the selected protocol, the number in the `Port'
box will change. This is normal: it happens because the various
login services are usually provided on different network ports
by the server machine. Most servers will use the standard port
numbers, so you will not need to change the port setting. If your
server provides login services on a non-standard port, your system
administrator should have told you which one. (For example, many
MUDs run Telnet service on a port other than 23.)
Once you have filled in the `Host Name', `Protocol', and possibly
`Port' settings, you are ready to connect. Press the `Open' button
at the bottom of the dialog box, and PuTTY will begin trying to
connect you to the server.
2.2 Verifying the Host Key (SSH only)
If you are not using the SSH protocol, you can skip this section.
If you are using SSH to connect to a server for the first time, you
will probably see a message looking something like this:
The server's host key is not cached in the registry. You
have no guarantee that the server is the computer you
think it is.
The server's key fingerprint is:
ssh-rsa 1024 7b:e5:6f:a7:f4:f9:81:62:5c:e3:1f:bf:8b:57:6c:5a
If you trust this host, hit Yes to add the key to
PuTTY's cache and carry on connecting.
If you want to carry on connecting just once, without
adding the key to the cache, hit No.
If you do not trust this host, hit Cancel to abandon the
connection.
This is a feature of the SSH protocol. It is designed to protect you
against a network attack known as _spoofing_: secretly redirecting
your connection to a different computer, so that you send your
password to the wrong machine. Using this technique, an attacker
would be able to learn the password that guards your login account,
and could then log in as if they were you and use the account for
their own purposes.
To prevent this attack, each server has a unique identifying code,
called a _host key_. These keys are created in a way that prevents
one server from forging another server's key. So if you connect to a
server and it sends you a different host key from the one you were
expecting, PuTTY can warn you that the server may have been switched
and that a spoofing attack might be in progress.
PuTTY records the host key for each server you connect to, in the
Windows Registry. Every time you connect to a server, it checks that
the host key presented by the server is the same host key as it was
the last time you connected. If it is not, you will see a warning,
and you will have the chance to abandon your connection before you
type any private information (such as a password) into it.
However, when you connect to a server you have not connected to
before, PuTTY has no way of telling whether the host key is the
right one or not. So it gives the warning shown above, and asks you
whether you want to trust this host key or not.
Whether or not to trust the host key is your choice. If you are
connecting within a company network, you might feel that all
the network users are on the same side and spoofing attacks are
unlikely, so you might choose to trust the key without checking
it. If you are connecting across a hostile network (such as the
Internet), you should check with your system administrator, perhaps
by telephone or in person. (Some modern servers have more than
one host key. If the system administrator sends you more than one
fingerprint, you should make sure the one PuTTY shows you is on the
list, but it doesn't matter which one it is.)
2.3 Logging In
After you have connected, and perhaps verified the server's host
key, you will be asked to log in, probably using a username and a
password. Your system administrator should have provided you with
these. Enter the username and the password, and the server should
grant you access and begin your session. If you have mistyped your
password, most servers will give you several chances to get it
right.
If you are using SSH, be careful not to type your username wrongly,
because you will not have a chance to correct it after you press
Return. This is an unfortunate feature of the SSH protocol: it does
not allow you to make two login attempts using different usernames.
If you type your username wrongly, you must close PuTTY and start
again.
If your password is refused but you are sure you have typed it
correctly, check that Caps Lock is not enabled. Many login servers,
particularly Unix computers, treat upper case and lower case as
different when checking your password; so if Caps Lock is on, your
password will probably be refused.
2.4 After Logging In
After you log in to the server, what happens next is up to the
server! Most servers will print some sort of login message and then
present a prompt, at which you can type commands which the server
will carry out. Some servers will offer you on-line help; others
might not. If you are in doubt about what to do next, consult your
system administrator.
2.5 Logging Out
When you have finished your session, you should log out by typing
the server's own logout command. This might vary between servers; if
in doubt, try `logout' or `exit', or consult a manual or your system
administrator. When the server processes your logout command, the
PuTTY window should close itself automatically.
You _can_ close a PuTTY session using the Close button in the window
border, but this might confuse the server - a bit like hanging up a
telephone unexpectedly in the middle of a conversation. We recommend
you do not do this unless the server has stopped responding to you
and you cannot close the window any other way.
Chapter 3: Using PuTTY
----------------------
This chapter provides a general introduction to some more advanced
features of PuTTY. For extreme detail and reference purposes,
chapter 4 is likely to contain more information.
3.1 During your session
A lot of PuTTY's complexity and features are in the configuration
panel. Once you have worked your way through that and started
a session, things should be reasonably simple after that.
Nevertheless, there are a few more useful features available.
3.1.1 Copying and pasting text
Often in a PuTTY session you will find text on your terminal screen
which you want to type in again. Like most other terminal emulators,
PuTTY allows you to copy and paste the text rather than having to
type it again. Also, copy and paste uses the Windows clipboard, so
that you can paste (for example) URLs into a web browser, or paste
from a word processor or spreadsheet into your terminal session.
PuTTY's copy and paste works entirely with the mouse. In order to
copy text to the clipboard, you just click the left mouse button in
the terminal window, and drag to select text. When you let go of the
button, the text is _automatically_ copied to the clipboard. You
do not need to press Ctrl-C or Ctrl-Ins; in fact, if you do press
Ctrl-C, PuTTY will send a Ctrl-C character down your session to the
server where it will probably cause a process to be interrupted.
Pasting is done using the right button (or the middle mouse button,
if you have a three-button mouse and have set it up; see section
4.11.3). When you click the right mouse button, PuTTY will read
whatever is in the Windows Clipboard and paste it into your session,
_exactly_ as if it had been typed at the keyboard. (Therefore, be
careful of pasting formatted text into an editor that does automatic
indenting; you may find that the spaces pasted from the clipboard
plus the spaces added by the editor add up to too many spaces and
ruin the formatting. There is nothing PuTTY can do about this.)
If you double-click the left mouse button, PuTTY will select a whole
word. If you double-click, hold down the second click, and drag the
mouse, PuTTY will select a sequence of whole words. (You can adjust
precisely what PuTTY considers to be part of a word; see section
4.11.6.) If you _triple_-click, or triple-click and drag, then PuTTY
will select a whole line or sequence of lines.
If you want to select a rectangular region instead of selecting to
the end of each line, you can do this by holding down Alt when you
make your selection. (You can also configure rectangular selection
to be the default, and then holding down Alt gives the normal
behaviour instead. See section 4.11.5 for details.)
If you have a middle mouse button, then you can use it to adjust an
existing selection if you selected something slightly wrong. (If you
have configured the middle mouse button to paste, then the right
mouse button does this instead.) Click the button on the screen,
and you can pick up the nearest end of the selection and drag it to
somewhere else.
3.1.2 Scrolling the screen back
PuTTY keeps track of text that has scrolled up off the top of the
terminal. So if something appears on the screen that you want to
read, but it scrolls too fast and it's gone by the time you try to
look for it, you can use the scrollbar on the right side of the
window to look back up the session history and find it again.
As well as using the scrollbar, you can also page the scrollback
up and down by pressing Shift-PgUp and Shift-PgDn. These are still
available if you configure the scrollbar to be invisible.
By default the last 200 lines scrolled off the top are preserved for
you to look at. You can increase (or decrease) this value using the
configuration box; see section 4.7.3.
3.1.3 The System menu
If you click the left mouse button on the icon in the top left
corner of PuTTY's window, or click the right mouse button on the
title bar, you will see the standard Windows system menu containing
items like Minimise, Move, Size and Close.
PuTTY's system menu contains extra program features in addition
to the Windows standard options. These extra menu commands are
described below.
3.1.3.1 The PuTTY Event Log
If you choose `Event Log' from the system menu, a small window will
pop up in which PuTTY logs significant events during the connection.
Most of the events in the log will probably take place during
session startup, but a few can occur at any point in the session,
and one or two occur right at the end.
You can use the mouse to select one or more lines of the Event Log,
and hit the Copy button to copy them to the clipboard. If you are
reporting a bug, it's often useful to paste the contents of the
Event Log into your bug report.
3.1.3.2 Starting new sessions
PuTTY's system menu provides some shortcut ways to start new
sessions:
- Selecting `New Session' will start a completely new instance of
PuTTY, and bring up the configuration box as normal.
- Selecting `Duplicate Session' will start a session with
precisely the same options as your current one - connecting
to the same host using the same protocol, with all the same
terminal settings and everything.
- The `Saved Sessions' submenu gives you quick access to any sets
of stored session details you have previously saved. See section
4.1.2 for details of how to create saved sessions.
3.1.3.3 Changing your session settings
If you select `Change Settings' from the system menu, PuTTY will
display a cut-down version of its initial configuration box. This
allows you to adjust most properties of your current session. You
can change the terminal size, the font, the actions of various
keypresses, the colours, and so on.
Some of the options that are available in the main configuration box
are not shown in the cut-down Change Settings box. These are usually
options which don't make sense to change in the middle of a session
(for example, you can't switch from SSH to Telnet in mid-session).
3.1.3.4 Copy All to Clipboard
This system menu option provides a convenient way to copy the whole
contents of the terminal screen and scrollback to the clipboard in
one go.
3.1.3.5 Clearing and resetting the terminal
The `Clear Scrollback' option on the system menu tells PuTTY to
discard all the lines of text that have been kept after they
scrolled off the top of the screen. This might be useful, for
example, if you displayed sensitive information and wanted to make
sure nobody could look over your shoulder and see it. (Note that
this only prevents a casual user from using the scrollbar to view
the information; the text is not guaranteed not to still be in
PuTTY's memory.)
The `Reset Terminal' option causes a full reset of the terminal
emulation. A VT-series terminal is a complex piece of software and
can easily get into a state where all the text printed becomes
unreadable. (This can happen, for example, if you accidentally
output a binary file to your terminal.) If this happens, selecting
Reset Terminal should sort it out.
3.1.3.6 Full screen mode
If you find the title bar on a maximised window to be ugly or
distracting, you can select Full Screen mode to maximise PuTTY `even
more'. When you select this, PuTTY will expand to fill the whole
screen and its borders, title bar and scrollbar will disappear. (You
can configure the scrollbar not to disappear in full-screen mode if
you want to keep it; see section 4.7.3.)
When you are in full-screen mode, you can still access the system
menu if you click the left mouse button in the _extreme_ top left
corner of the screen.
3.2 Creating a log file of your session
For some purposes you may find you want to log everything that
appears on your screen. You can do this using the `Logging' panel in
the configuration box.
To begin a session log, select `Change Settings' from the system
menu and go to the Logging panel. Enter a log file name, and select
a logging mode. (You can log all session output including the
terminal control sequences, or you can just log the printable text.
It depends what you want the log for.) Click `Apply' and your log
will be started. Later on, you can go back to the Logging panel and
select `Logging turned off completely' to stop logging; then PuTTY
will close the log file and you can safely read it.
See section 4.2 for more details and options.
3.3 Altering your character set configuration
If you find that special characters (accented characters, for
example) are not being displayed correctly in your PuTTY session, it
may be that PuTTY is interpreting the characters sent by the server
according to the wrong _character set_. There are a lot of different
character sets available, so it's entirely possible for this to
happen.
If you click `Change Settings' and look at the `Translation' panel,
you should see a large number of character sets which you can
select. Now all you need is to find out which of them you want!
3.4 Using X11 forwarding in SSH
The SSH protocol has the ability to securely forward X Window System
applications over your encrypted SSH connection, so that you can run
an application on the SSH server machine and have it put its windows
up on your local machine without sending any X network traffic in
the clear.
In order to use this feature, you will need an X display server for
your Windows machine, such as X-Win32 or Exceed. This will probably
install itself as display number 0 on your local machine; if it
doesn't, the manual for the X server should tell you what it does
do.
You should then tick the `Enable X11 forwarding' box in the Tunnels
panel (see section 4.19.1) before starting your SSH session. The `X
display location' box reads `localhost:0' by default, which is the
usual display location where your X server will be installed. If
that needs changing, then change it.
Now you should be able to log in to the SSH server as normal. To
check that X forwarding has been successfully negotiated during
connection startup, you can check the PuTTY Event Log (see section
3.1.3.1). It should say something like this:
2001-12-05 17:22:01 Requesting X11 forwarding
2001-12-05 17:22:02 X11 forwarding enabled
If the remote system is Unix or Unix-like, you should also be able
to see that the `DISPLAY' environment variable has been set to point
at display 10 or above on the SSH server machine itself:
fred@unixbox:~$ echo $DISPLAY
unixbox:10.0
If this works, you should then be able to run X applications in the
remote session and have them display their windows on your PC.
Note that if your PC X server requires authentication to connect,
then PuTTY cannot currently support it. If this is a problem for
you, you should mail the authors and give details.
3.5 Using port forwarding in SSH
The SSH protocol has the ability to forward arbitrary network
connections over your encrypted SSH connection, to avoid the
network traffic being sent in clear. For example, you could use
this to connect from your home computer to a POP-3 server on a
remote machine without your POP-3 password being visible to network
sniffers.
In order to use port forwarding to connect from your local machine
to a port on a remote server, you need to:
- Choose a port number on your local machine where PuTTY should
listen for incoming connections. There are likely to be plenty
of unused port numbers above 3000.
- Now, before you start your SSH connection, go to the Tunnels
panel (see section 4.19.2). Make sure the `Local' radio button
is set. Enter the local port number into the `Source port'
box. Enter the destination host name and port number into
the `Destination' box, separated by a colon (for example,
`popserver.example.com:110' to connect to a POP-3 server).
- Now click the `Add' button. The details of your port forwarding
should appear in the list box.
Now start your session and log in. (Port forwarding will not be
enabled until after you have logged in; otherwise it would be easy
to perform completely anonymous network attacks, and gain access to
anyone's virtual private network). To check that PuTTY has set up
the port forwarding correctly, you can look at the PuTTY Event Log
(see section 3.1.3.1). It should say something like this:
2001-12-05 17:22:10 Local port 3110 forwarding to
popserver.example.com:110
Now if you connect to the source port number on your local PC, you
should find that it answers you exactly as if it were the service
running on the destination machine. So in this example, you could
then configure an e-mail client to use `localhost:3110' as a POP-
3 server instead of `popserver.example.com:110'. (Of course, the
forwarding will stop happening when your PuTTY session closes down.)
You can also forward ports in the other direction: arrange for a
particular port number on the _server_ machine to be forwarded back
to your PC as a connection to a service on your PC or near it. To do
this, just select the `Remote' radio button instead of the `Local'
one. The `Source port' box will now specify a port number on the
_server_ (note that most servers will not allow you to use port
numbers under 1024 for this purpose).
The source port for a forwarded connection usually does not accept
connections from any machine except the SSH client or server machine
itself (for local and remote forwardings respectively). There are
controls in the Tunnels panel to change this:
- The `Local ports accept connections from other hosts' option
allows you to set up local-to-remote port forwardings in such a
way that machines other than your client PC can connect to the
forwarded port.
- The `Remote ports do the same' option does the same thing for
remote-to-local port forwardings (so that machines other than
the SSH server machine can connect to the forwarded port.) Note
that this feature is only available in the SSH 2 protocol, and
not all SSH 2 servers support it (OpenSSH 3.0 does not, for
example).
3.6 Making raw TCP connections
A lot of Internet protocols are composed of commands and responses
in plain text. For example, SMTP (the protocol used to transfer e-
mail), NNTP (the protocol used to transfer Usenet news), and HTTP
(the protocol used to serve Web pages) all consist of commands in
readable plain text.
Sometimes it can be useful to connect directly to one of these
services and speak the protocol `by hand', by typing protocol
commands and watching the responses. On Unix machines, you can do
this using the system's `telnet' command to connect to the right
port number. For example, `telnet mailserver.example.com 25' might
enable you to talk directly to the SMTP service running on a mail
server.
Although the Unix `telnet' program provides this functionality, the
protocol being used is not really Telnet. Really there is no actual
protocol at all; the bytes sent down the connection are exactly the
ones you type, and the bytes shown on the screen are exactly the
ones sent by the server. Unix `telnet' will attempt to detect or
guess whether the service it is talking to is a real Telnet service
or not; PuTTY prefers to be told for certain.
In order to make a debugging connection to a service of this
type, you simply select the fourth protocol name, `Raw', from the
`Protocol' buttons in the `Session' configuration panel. (See
section 4.1.1.) You can then enter a host name and a port number,
and make the connection.
3.7 The PuTTY command line
PuTTY can be made to do various things without user intervention
by supplying command-line arguments (e.g., from a command prompt
window, or a Windows shortcut).
3.7.1 Starting a session from the command line
These options allow you to bypass the configuration window and
launch straight into a session.
To start a connection to a server called `host':
putty.exe [-ssh | -telnet | -rlogin | -raw] [user@]host
If this syntax is used, settings are taken from the Default Settings
(see section 4.1.2); `user' overrides these settings if supplied.
Also, you can specify a protocol, which will override the default
protocol (see section 3.7.3.2).
For telnet sessions, the following alternative syntax is supported
(this makes PuTTY suitable for use as a URL handler for telnet URLs
in web browsers):
putty.exe telnet://host[:port]/
In order to start an existing saved session called `sessionname',
use the `-load' option (described in section 3.7.3.1).
putty.exe -load "session name"
3.7.2 `-cleanup'
If invoked with the `-cleanup' option, rather than running as
normal, PuTTY will remove its registry entries and random seed file
from the local machine (after confirming with the user).
3.7.3 Standard command-line options
PuTTY and its associated tools support a range of command-line
options, most of which are consistent across all the tools. This
section lists the available options in all tools. Options which are
specific to a particular tool are covered in the chapter about that
tool.
3.7.3.1 `-load': load a saved session
The `-load' option causes PuTTY to load configuration details out
of a saved session. If these details include a host name, then this
option is all you need to make PuTTY start a session (although Plink
still requires an explicitly specified host name).
You need double quotes around the session name if it contains
spaces.
If you want to create a Windows shortcut to start a PuTTY saved
session, this is the option you should use: your shortcut should
call something like
d:\path\to\putty.exe -load "my session"
(Note that PuTTY itself supports an alternative form of this option,
for backwards compatibility. If you execute `putty @sessionname' it
will have the same effect as `putty -load "sessionname"'. With the
`@' form, no double quotes are required, and the `@' sign must be
the very first thing on the command line. This form of the option is
deprecated.)
3.7.3.2 Selecting a protocol: `-ssh', `-telnet', `-rlogin', `-raw'
To choose which protocol you want to connect with, you can use one
of these options:
- `-ssh' selects the SSH protocol.
- `-telnet' selects the Telnet protocol.
- `-rlogin' selects the Rlogin protocol.
- `-raw' selects the raw protocol.
These options are not available in the file transfer tools PSCP and
PSFTP (which only work with the SSH protocol).
These options are equivalent to the protocol selection buttons
in the Session panel of the PuTTY configuration box (see section
4.1.1).
3.7.3.3 `-v': increase verbosity
Most of the PuTTY tools can be made to tell you more about what they
are doing by supplying the `-v' option. If you are having trouble
when making a connection, or you're simply curious, you can turn
this switch on and hope to find out more about what is happening.
3.7.3.4 `-l': specify a login name
You can specify the user name to log in as on the remote server
using the `-l' option. For example, `plink login.example.com -
l fred'.
These options are equivalent to the username selection box in
the Connection panel of the PuTTY configuration box (see section
4.13.2).
3.7.3.5 `-L' and `-R': set up port forwardings
As well as setting up port forwardings in the PuTTY configuration
(see section 4.19.2), you can also set up forwardings on the command
line. The command-line options work just like the ones in Unix `ssh'
programs.
To forward a local port (say 5110) to a remote destination (say
popserver.example.com port 110), you can write something like one of
these:
putty -L 5110:popserver.example.com:110 -load mysession
plink mysession -L 5110:popserver.example.com:110
And to forward a remote port to a local destination, just use the `-
R' option instead of `-L':
putty -R 5023:mytelnetserver.myhouse.org:23 -load mysession
plink mysession -R 5023:mytelnetserver.myhouse.org:23
For general information on port forwarding, see section 3.5.
These options are not available in the file transfer tools PSCP and
PSFTP.
3.7.3.6 `-m': read a remote command or script from a file
The `-m' option performs a similar function to the `Remote command'
box in the SSH panel of the PuTTY configuration box (see section
4.17.1). However, the `-m' option expects to be given a file name,
and it will read a command from that file. On most Unix systems, you
can even put multiple lines in this file and execute more than one
command in sequence, or a whole shell script.
This option is not available in the file transfer tools PSCP and
PSFTP.
3.7.3.7 `-P': specify a port number
The `-P' option is used to specify the port number to connect to. If
you have a Telnet server running on port 9696 of a machine instead
of port 23, for example:
putty -telnet -P 9696 host.name
plink -telnet -P 9696 host.name
(Note that this option is more useful in Plink than in PuTTY,
because in PuTTY you can write `putty -telnet host.name 9696' in any
case.)
These options are equivalent to the protocol selection buttons
in the Session panel of the PuTTY configuration box (see section
4.1.1).
3.7.3.8 `-pw': specify a password
A simple way to automate a remote login is to supply your password
on the command line. This is _not recommended_ for reasons of
security. If you possibly can, we recommend you set up public-key
authentication instead. See chapter 8 for details.
Note that the `-pw' option only works when you are using the SSH
protocol. Due to fundamental limitations of Telnet and Rlogin, these
protocols do not support automated password authentication.
3.7.3.9 `-A' and `-a': control agent forwarding
The `-A' option turns on SSH agent forwarding, and `-a' turns it
off. These options are only meaningful if you are using SSH.
See chapter 9 for general information on Pageant, and section 9.4
for information on agent forwarding. Note that there is a security
risk involved with enabling this option; see section 9.5 for
details.
These options are equivalent to the agent forwarding checkbox in the
Auth panel of the PuTTY configuration box (see section 4.18.3).
These options are not available in the file transfer tools PSCP and
PSFTP.
3.7.3.10 `-X' and `-x': control X11 forwarding
The `-X' option turns on X11 forwarding in SSH, and `-x' turns it
off. These options are only meaningful if you are using SSH.
For information on X11 forwarding, see section 3.4.
These options are equivalent to the X11 forwarding checkbox in the
Tunnels panel of the PuTTY configuration box (see section 4.19.1).
These options are not available in the file transfer tools PSCP and
PSFTP.
3.7.3.11 `-t' and `-T': control pseudo-terminal allocation
The `-t' option ensures PuTTY attempts to allocate a pseudo-terminal
at the server, and `-T' stops it from allocating one. These options
are only meaningful if you are using SSH.
These options are equivalent to the `Don't allocate a pseudo-
terminal' checkbox in the SSH panel of the PuTTY configuration box
(see section 4.17.2).
These options are not available in the file transfer tools PSCP and
PSFTP.
3.7.3.12 `-C': enable compression
The `-C' option enables compression of the data sent across the
network. This option is only meaningful if you are using SSH.
This option is equivalent to the `Enable compression' checkbox in
the SSH panel of the PuTTY configuration box (see section 4.17.3).
3.7.3.13 `-1' and `-2': specify an SSH protocol version
The `-1' and `-2' options force PuTTY to use version 1 or version 2
of the SSH protocol. These options are only meaningful if you are
using SSH.
These options are equivalent to selecting your preferred SSH
protocol version as `1 only' or `2 only' in the SSH panel of the
PuTTY configuration box (see section 4.17.4).
3.7.3.14 `-i': specify an SSH private key
The `-i' option allows you to specify the name of a private key file
which PuTTY will use to authenticate with the server. This option is
only meaningful if you are using SSH.
For general information on public-key authentication, see chapter 8.
This option is equivalent to the `Private key file for
authentication' box in the Auth panel of the PuTTY configuration box
(see section 4.18.5).
Chapter 4: Configuring PuTTY
----------------------------
This chapter describes all the configuration options in PuTTY.
PuTTY is configured using the control panel that comes up before you
start a session. Some options can also be changed in the middle of a
session, by selecting `Change Settings' from the window menu.
4.1 The Session panel
The Session configuration panel contains the basic options you need
to specify in order to open a session at all, and also allows you to
save your settings to be reloaded later.
4.1.1 The host name section
The top box on the Session panel, labelled `Specify your connection
by host name', contains the details that need to be filled in before
PuTTY can open a session at all.
- The `Host Name' box is where you type the name, or the IP
address, of the server you want to connect to.
- The `Protocol' radio buttons let you choose what type of
connection you want to make: a raw connection, a Telnet
connection, an rlogin connection or an SSH connection. (See
section 1.2 for a summary of the differences between SSH, Telnet
and rlogin.)
- The `Port' box lets you specify which port number on the server
to connect to. If you select Telnet, Rlogin, or SSH, this box
will be filled in automatically to the usual value, and you will
only need to change it if you have an unusual server. If you
select Raw mode (see section 3.6), you will almost certainly
need to fill in the `Port' box.
4.1.2 Loading and storing saved sessions
The next part of the Session configuration panel allows you to save
your preferred PuTTY options so they will appear automatically the
next time you start PuTTY. It also allows you to create _saved
sessions_, which contain a full set of configuration options plus a
host name and protocol. A saved session contains all the information
PuTTY needs to start exactly the session you want.
- To save your default settings: first set up the settings the way
you want them saved. Then come back to the Session panel. Select
the `Default Settings' entry in the saved sessions list, with a
single click. Then press the `Save' button.
Note that PuTTY does not allow you to save a host name into the
Default Settings entry. This ensures that when PuTTY is started up,
the host name box is always empty, so a user can always just type in
a host name and connect.
If there is a specific host you want to store the details of how
to connect to, you should create a saved session, which will be
separate from the Default Settings.
- To save a session: first go through the rest of the
configuration box setting up all the options you want. Then come
back to the Session panel. Enter a name for the saved session in
the `Saved Sessions' input box. (The server name is often a good
choice for a saved session name.) Then press the `Save' button.
Your saved session name should now appear in the list box.
- To reload a saved session: single-click to select the session
name in the list box, and then press the `Load' button. Your
saved settings should all appear in the configuration panel.
- To modify a saved session: first load it as described above.
Then make the changes you want. Come back to the Session panel,
single-click to select the session name in the list box, and
press the `Save' button. The new settings will be saved over the
top of the old ones.
- To start a saved session immediately: double-click on the
session name in the list box.
- To delete a saved session: single-click to select the session
name in the list box, and then press the `Delete' button.
Each saved session is independent of the Default Settings
configuration. If you change your preferences and update Default
Settings, you must also update every saved session separately.
4.1.3 `Close Window on Exit'
Finally in the Session panel, there is an option labelled `Close
Window on Exit'. This controls whether the PuTTY session window
disappears as soon as the session inside it terminates. If you are
likely to want to copy and paste text out of the session after it
has terminated, you should arrange this option to be off.
`Close Window On Exit' has three settings. `Always' means always
close the window on exit; `Never' means never close on exit (always
leave the window open). The third setting, and the default one,
is `Only on clean exit'. In this mode, a session which terminates
normally will cause its window to close, but one which is aborted
unexpectedly by network trouble or a confusing message from the
server will leave the window up.
4.2 The Logging panel
The Logging configuration panel allows you to save log files of your
PuTTY sessions, for debugging, analysis or future reference.
The main option is a radio-button set that specifies whether PuTTY
will log anything at all. The options are
- `Logging turned off completely'. This is the default option; in
this mode PuTTY will not create a log file at all.
- `Log printable output only'. In this mode, a log file will be
created and written to, but only printable text will be saved
into it. The various terminal control codes that are typically
sent down an interactive session alongside the printable text
will be omitted. This might be a useful mode if you want to read
a log file in a text editor and hope to be able to make sense of
it.
- `Log all session output'. In this mode, _everything_ sent by the
server into your terminal session is logged. If you view the log
file in a text editor, therefore, you may well find it full of
strange control characters. This is a particularly useful mode
if you are experiencing problems with PuTTY's terminal handling:
you can record everything that went to the terminal, so that
someone else can replay the session later in slow motion and
watch to see what went wrong.
- `Log SSH packet data'. In this mode (which is only used by SSH
connections), the SSH message packets sent over the encrypted
connection are written to the log file. You might need this to
debug a network-level problem, or more likely to send to the
PuTTY authors as part of a bug report. _BE WARNED_ that if you
log in using a password, the password will appear in the log
file, so be sure to edit it out before sending the log file to
anyone else!
4.2.1 `Log file name'
In this edit box you enter the name of the file you want to log the
session to. The `Browse' button will let you look around your file
system to find the right place to put the file; or if you already
know exactly where you want it to go, you can just type a pathname
into the edit box.
There are a few special features in this box. If you use the `&'
character in the file name box, PuTTY will insert details of the
current session in the name of the file it actually opens. The
precise replacements it will do are:
- `&Y' will be replaced by the current year, as four digits.
- `&M' will be replaced by the current month, as two digits.
- `&D' will be replaced by the current day of the month, as two
digits.
- `&T' will be replaced by the current time, as six digits
(HHMMSS) with no punctuation.
- `&H' will be replaced by the host name you are connecting to.
For example, if you enter the host name `c:\puttylogs\log-&h-&y&m&d-
&t.dat', you will end up with files looking like
log-server1.example.com-20010528-110859.dat
log-unixbox.somewhere.org-20010611-221001.dat
4.2.2 `What to do if the log file already exists'
This control allows you to specify what PuTTY should do if it tries
to start writing to a log file and it finds the file already exists.
You might want to automatically destroy the existing log file and
start a new one with the same name. Alternatively, you might want to
open the existing log file and add data to the _end_ of it. Finally
(the default option), you might not want to have any automatic
behaviour, but to ask the user every time the problem comes up.
4.3 The Terminal panel
The Terminal configuration panel allows you to control the behaviour
of PuTTY's terminal emulation.
4.3.1 `Auto wrap mode initially on'
Auto wrap mode controls what happens when text printed in a PuTTY
window reaches the right-hand edge of the window.
With auto wrap mode on, if a long line of text reaches the right-
hand edge, it will wrap over on to the next line so you can still
see all the text. With auto wrap mode off, the cursor will stay at
the right-hand edge of the screen, and all the characters in the
line will be printed on top of each other.
If you are running a full-screen application and you occasionally
find the screen scrolling up when it looks as if it shouldn't, you
could try turning this option off.
Auto wrap mode can be turned on and off by control sequences sent by
the server. This configuration option only controls the _default_
state. If you modify this option in mid-session using `Change
Settings', you will need to reset the terminal (see section 3.1.3.5)
before the change takes effect.
4.3.2 `DEC Origin Mode initially on'
DEC Origin Mode is a minor option which controls how PuTTY
interprets cursor-position control sequences sent by the server.
The server can send a control sequence that restricts the scrolling
region of the display. For example, in an editor, the server might
reserve a line at the top of the screen and a line at the bottom,
and might send a control sequence that causes scrolling operations
to affect only the remaining lines.
With DEC Origin Mode on, cursor coordinates are counted from the top
of the scrolling region. With it turned off, cursor coordinates are
counted from the top of the whole screen regardless of the scrolling
region.
It is unlikely you would need to change this option, but if you find
a full-screen application is displaying pieces of text in what looks
like the wrong part of the screen, you could try turning DEC Origin
Mode on to see whether that helps.
DEC Origin Mode can be turned on and off by control sequences sent
by the server. This configuration option only controls the _default_
state. If you modify this option in mid-session using `Change
Settings', you will need to reset the terminal (see section 3.1.3.5)
before the change takes effect.
4.3.3 `Implicit CR in every LF'
Most servers send two control characters, CR and LF, to start a new
line of the screen. The CR character makes the cursor return to the
left-hand side of the screen. The LF character makes the cursor move
one line down (and might make the screen scroll).
Some servers only send LF, and expect the terminal to move the
cursor over to the left automatically. If you come across a server
that does this, you will see a stepped effect on the screen, like
this:
First line of text
Second line
Third line
If this happens to you, try enabling the `Implicit CR in every LF'
option, and things might go back to normal:
First line of text
Second line
Third line
4.3.4 `Use background colour to erase screen'
Not all terminals agree on what colour to turn the screen when the
server sends a `clear screen' sequence. Some terminals believe the
screen should always be cleared to the _default_ background colour.
Others believe the screen should be cleared to whatever the server
has selected as a background colour.
There exist applications that expect both kinds of behaviour.
Therefore, PuTTY can be configured to do either.
With this option disabled, screen clearing is always done in the
default background colour. With this option enabled, it is done in
the _current_ background colour.
Background-colour erase can be turned on and off by control
sequences sent by the server. This configuration option only
controls the _default_ state. If you modify this option in mid-
session using `Change Settings', you will need to reset the terminal
(see section 3.1.3.5) before the change takes effect.
4.3.5 `Enable blinking text'
The server can ask PuTTY to display text that blinks on and off.
This is very distracting, so PuTTY allows you to turn blinking text
off completely.
When blinking text is disabled and the server attempts to make
some text blink, PuTTY will instead display the text with a bolded
background colour.
Blinking text can be turned on and off by control sequences sent by
the server. This configuration option only controls the _default_
state. If you modify this option in mid-session using `Change
Settings', you will need to reset the terminal (see section 3.1.3.5)
before the change takes effect.
4.3.6 `Answerback to ^E'
This option controls what PuTTY will send back to the server if the
server sends it the ^E enquiry character. Normally it just sends the
string `PuTTY'.
If you accidentally write the contents of a binary file to your
terminal, you will probably find that it contains more than one ^E
character, and as a result your next command line will probably
read `PuTTYPuTTYPuTTY...' as if you had typed the answerback string
multiple times at the keyboard. If you set the answerback string
to be empty, this problem should go away, but doing so might cause
other problems.
Note that this is _not_ the feature of PuTTY which the server will
typically use to determine your terminal type. That feature is the
`Terminal-type string' in the Connection panel; see section 4.13.1
for details.
You can include control characters in the answerback string using
`^C' notation. (Use `^~' to get a literal `^'.)
4.3.7 `Local echo'
With local echo disabled, characters you type into the PuTTY window
are not echoed in the window _by PuTTY_. They are simply sent to the
server. (The _server_ might choose to echo them back to you; this
can't be controlled from the PuTTY control panel.)
Some types of session need local echo, and many do not. In its
default mode, PuTTY will automatically attempt to deduce whether
or not local echo is appropriate for the session you are working
in. If you find it has made the wrong decision, you can use this
configuration option to override its choice: you can force local
echo to be turned on, or force it to be turned off, instead of
relying on the automatic detection.
4.3.8 `Local line editing'
Normally, every character you type into the PuTTY window is sent
immediately to the server the moment you type it.
If you enable local line editing, this changes. PuTTY will let you
edit a whole line at a time locally, and the line will only be sent
to the server when you press Return. If you make a mistake, you can
use the Backspace key to correct it before you press Return, and the
server will never see the mistake.
Since it is hard to edit a line locally without being able to see
it, local line editing is mostly used in conjunction with local echo
(section 4.3.7). This makes it ideal for use in raw mode or when
connecting to MUDs or talkers. (Although some more advanced MUDs do
occasionally turn local line editing on and turn local echo off, in
order to accept a password from the user.)
Some types of session need local line editing, and many do not. In
its default mode, PuTTY will automatically attempt to deduce whether
or not local line editing is appropriate for the session you are
working in. If you find it has made the wrong decision, you can use
this configuration option to override its choice: you can force
local line editing to be turned on, or force it to be turned off,
instead of relying on the automatic detection.
4.3.9 Remote-controlled printing
A lot of VT100-compatible terminals support printing under control
of the remote server. PuTTY supports this feature as well, but it is
turned off by default.
To enable remote-controlled printing, choose a printer from
the `Printer to send ANSI printer output to' drop-down list
box. This should allow you to select from all the printers you
have installed drivers for on your computer. Alternatively, you
can type the network name of a networked printer (for example,
`\\printserver\printer1') even if you haven't already installed a
driver for it on your own machine.
When the remote server attempts to print some data, PuTTY will send
that data to the printer _raw_ - without translating it, attempting
to format it, or doing anything else to it. It is up to you to
ensure your remote server knows what type of printer it is talking
to.
Since PuTTY sends data to the printer raw, it cannot offer options
such as portrait versus landscape, print quality, or paper tray
selection. All these things would be done by your PC printer driver
(which PuTTY bypasses); if you need them done, you will have to find
a way to configure your remote server to do them.
To disable remote printing again, choose `None (printing disabled)'
from the printer selection list. This is the default state.
4.4 The Keyboard panel
The Keyboard configuration panel allows you to control the behaviour
of the keyboard in PuTTY.
4.4.1 Changing the action of the Backspace key
Some terminals believe that the Backspace key should send the same
thing to the server as Control-H (ASCII code 8). Other terminals
believe that the Backspace key should send ASCII code 127 (usually
known as Control-?) so that it can be distinguished from Control-H.
This option allows you to choose which code PuTTY generates when you
press Backspace.
If you are connecting to a Unix system, you will probably find that
the Unix `stty' command lets you configure which the server expects
to see, so you might not need to change which one PuTTY generates.
On other systems, the server's expectation might be fixed and you
might have no choice but to configure PuTTY.
If you do have the choice, we recommend configuring PuTTY to
generate Control-? and configuring the server to expect it, because
that allows applications such as `emacs' to use Control-H for help.
4.4.2 Changing the action of the Home and End keys
The Unix terminal emulator `rxvt' disagrees with the rest of the
world about what character sequences should be sent to the server by
the Home and End keys.
`xterm', and other terminals, send `ESC [1~' for the Home key, and
`ESC [4~' for the End key. `rxvt' sends `ESC [H' for the Home key
and `ESC [Ow' for the End key.
If you find an application on which the Home and End keys aren't
working, you could try switching this option to see if it helps.
4.4.3 Changing the action of the function keys and keypad
This option affects the function keys (F1 to F12) and the top row of
the numeric keypad.
- In the default mode, labelled `ESC [n~', the function keys
generate sequences like `ESC [11~', `ESC [12~' and so on. This
matches the general behaviour of Digital's terminals.
- In Linux mode, F6 to F12 behave just like the default mode, but
F1 to F5 generate `ESC [[A' through to `ESC [[E'. This mimics
the Linux virtual console.
- In Xterm R6 mode, F5 to F12 behave like the default mode, but
F1 to F4 generate `ESC OP' through to `ESC OS', which are the
sequences produced by the top row of the _keypad_ on Digital's
terminals.
- In VT400 mode, all the function keys behave like the default
mode, but the actual top row of the numeric keypad generates
`ESC OP' through to `ESC OS'.
- In VT100+ mode, the function keys generate `ESC OP' through to
`ESC O['
- In SCO mode, the function keys F1 to F12 generate `ESC [M'
through to `ESC [X'. Together with shift, they generate `ESC [Y'
through to `ESC [j'. With control they generate `ESC [k' through
to `ESC [v', and with shift and control together they generate
`ESC [w' through to `ESC [{'.
If you don't know what any of this means, you probably don't need to
fiddle with it.
4.4.4 Controlling Application Cursor Keys mode
Application Cursor Keys mode is a way for the server to change the
control sequences sent by the arrow keys. In normal mode, the arrow
keys send `ESC [A' through to `ESC [D'. In application mode, they
send `ESC OA' through to `ESC OD'.
Application Cursor Keys mode can be turned on and off by the server,
depending on the application. PuTTY allows you to configure the
initial state.
You can also disable application cursor keys mode completely, using
the `Features' configuration panel; see section 4.6.1.
4.4.5 Controlling Application Keypad mode
Application Keypad mode is a way for the server to change the
behaviour of the numeric keypad.
In normal mode, the keypad behaves like a normal Windows keypad:
with NumLock on, the number keys generate numbers, and with NumLock
off they act like the arrow keys and Home, End etc.
In application mode, all the keypad keys send special control
sequences, _including_ Num Lock. Num Lock stops behaving like Num
Lock and becomes another function key.
Depending on which version of Windows you run, you may find the Num
Lock light still flashes on and off every time you press Num Lock,
even when application mode is active and Num Lock is acting like a
function key. This is unavoidable.
Application keypad mode can be turned on and off by the server,
depending on the application. PuTTY allows you to configure the
initial state.
You can also disable application keypad mode completely, using the
`Features' configuration panel; see section 4.6.1.
4.4.6 Using NetHack keypad mode
PuTTY has a special mode for playing NetHack. You can enable it
by selecting `NetHack' in the `Initial state of numeric keypad'
control.
In this mode, the numeric keypad keys 1-9 generate the NetHack
movement commands (hjklyubn). The 5 key generates the `.' command
(do nothing).
Better still, pressing Shift with the keypad keys generates the
capital forms of the commands (HJKLYUBN), which tells NetHack to
keep moving you in the same direction until you encounter something
interesting.
For some reason, this feature only works properly when Num Lock is
on. We don't know why.
4.4.7 Enabling a DEC-like Compose key
DEC terminals have a Compose key, which provides an easy-to-remember
way of typing accented characters. You press Compose and then type
two more characters. The two characters are `combined' to produce an
accented character. The choices of character are designed to be easy