Modify features and documents for 1.98b the urgent security release.

[ffftp/ffftp.git] / contrib / putty / DOC / FAQ.BUT

diff --git a/contrib/putty/DOC/FAQ.BUT b/contrib/putty/DOC/FAQ.BUT
deleted file mode 100644 (file)
index 913c254..0000000
--- a/contrib/putty/DOC/FAQ.BUT
+++ /dev/null
@@ -1,1454 +0,0 @@
-\define{versionidfaq} \versionid $Id: faq.but 8733 2009-11-01 22:06:05Z jacob $\r
-\r
-\A{faq} PuTTY \i{FAQ}\r
-\r
-This FAQ is published on the PuTTY web site, and also provided as an\r
-appendix in the manual.\r
-\r
-\H{faq-intro} Introduction\r
-\r
-\S{faq-what}{Question} What is PuTTY?\r
-\r
-PuTTY is a client program for the SSH, Telnet and Rlogin network\r
-protocols.\r
-\r
-These protocols are all used to run a remote session on a computer,\r
-over a network. PuTTY implements the client end of that session: the\r
-end at which the session is displayed, rather than the end at which\r
-it runs.\r
-\r
-In really simple terms: you run PuTTY on a Windows machine, and tell\r
-it to connect to (for example) a Unix machine. PuTTY opens a window.\r
-Then, anything you type into that window is sent straight to the\r
-Unix machine, and everything the Unix machine sends back is\r
-displayed in the window. So you can work on the Unix machine as if\r
-you were sitting at its console, while actually sitting somewhere\r
-else.\r
-\r
-\H{faq-support} Features supported in PuTTY\r
-\r
-\I{supported features}In general, if you want to know if PuTTY supports\r
-a particular feature, you should look for it on the\r
-\W{http://www.chiark.greenend.org.uk/~sgtatham/putty/}{PuTTY web site}.\r
-In particular:\r
-\r
-\b try the\r
-\W{http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html}{changes\r
-page}, and see if you can find the feature on there. If a feature is\r
-listed there, it's been implemented. If it's listed as a change made\r
-\e{since} the latest version, it should be available in the\r
-development snapshots, in which case testing will be very welcome.\r
-\r
-\b try the\r
-\W{http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/}{Wishlist\r
-page}, and see if you can find the feature there. If it's on there,\r
-and not in the \q{Recently fixed} section, it probably \e{hasn't} been\r
-implemented.\r
-\r
-\S{faq-ssh2}{Question} Does PuTTY support SSH-2?\r
-\r
-Yes. SSH-2 support has been available in PuTTY since version 0.50.\r
-\r
-Public key authentication (both RSA and DSA) in SSH-2 is new in\r
-version 0.52.\r
-\r
-\S{faq-ssh2-keyfmt}{Question} Does PuTTY support reading OpenSSH or\r
-\cw{ssh.com} SSH-2 private key files?\r
-\r
-PuTTY doesn't support this natively (see\r
-\W{http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/key-formats-natively.html}{the wishlist entry}\r
-for reasons why not), but as of 0.53\r
-PuTTYgen can convert both OpenSSH and \cw{ssh.com} private key\r
-files into PuTTY's format.\r
-\r
-\S{faq-ssh1}{Question} Does PuTTY support SSH-1?\r
-\r
-Yes. SSH-1 support has always been available in PuTTY.\r
-\r
-\S{faq-localecho}{Question} Does PuTTY support \i{local echo}?\r
-\r
-Yes. Version 0.52 has proper support for local echo.\r
-\r
-In version 0.51 and before, local echo could not be separated from\r
-local line editing (where you type a line of text locally, and it is\r
-not sent to the server until you press Return, so you have the\r
-chance to edit it and correct mistakes \e{before} the server sees\r
-it). New in version 0.52, local echo and local line editing are\r
-separate options, and by default PuTTY will try to determine\r
-automatically whether to enable them or not, based on which protocol\r
-you have selected and also based on hints from the server. If you\r
-have a problem with PuTTY's default choice, you can force each\r
-option to be enabled or disabled as you choose. The controls are in\r
-the Terminal panel, in the section marked \q{Line discipline\r
-options}.\r
-\r
-\S{faq-savedsettings}{Question} Does PuTTY support storing settings,\r
-so I don't have to change them every time?\r
-\r
-Yes, all of PuTTY's settings can be saved in named session profiles.\r
-You can also change the default settings that are used for new sessions.\r
-See \k{config-saving} in the documentation for how to do this.\r
-\r
-\S{faq-disksettings}{Question} Does PuTTY support storing its\r
-settings in a disk file?\r
-\r
-Not at present, although \k{config-file} in the documentation gives\r
-a method of achieving the same effect.\r
-\r
-\S{faq-fullscreen}{Question} Does PuTTY support full-screen mode,\r
-like a DOS box?\r
-\r
-Yes; this is a new feature in version 0.52.\r
-\r
-\S{faq-password-remember}{Question} Does PuTTY have the ability to\r
-\i{remember my password} so I don't have to type it every time?\r
-\r
-No, it doesn't.\r
-\r
-Remembering your password is a bad plan for obvious security\r
-reasons: anyone who gains access to your machine while you're away\r
-from your desk can find out the remembered password, and use it,\r
-abuse it or change it.\r
-\r
-In addition, it's not even \e{possible} for PuTTY to automatically\r
-send your password in a Telnet session, because Telnet doesn't give\r
-the client software any indication of which part of the login\r
-process is the password prompt. PuTTY would have to guess, by\r
-looking for words like \q{password} in the session data; and if your\r
-login program is written in something other than English, this won't\r
-work.\r
-\r
-In SSH, remembering your password would be possible in theory, but\r
-there doesn't seem to be much point since SSH supports public key\r
-authentication, which is more flexible and more secure. See\r
-\k{pubkey} in the documentation for a full discussion of public key\r
-authentication.\r
-\r
-\S{faq-hostkeys}{Question} Is there an option to turn off the\r
-\I{verifying the host key}annoying host key prompts?\r
-\r
-No, there isn't. And there won't be. Even if you write it yourself\r
-and send us the patch, we won't accept it.\r
-\r
-Those annoying host key prompts are the \e{whole point} of SSH.\r
-Without them, all the cryptographic technology SSH uses to secure\r
-your session is doing nothing more than making an attacker's job\r
-slightly harder; instead of sitting between you and the server with\r
-a packet sniffer, the attacker must actually subvert a router and\r
-start modifying the packets going back and forth. But that's not all\r
-that much harder than just sniffing; and without host key checking,\r
-it will go completely undetected by client or server.\r
-\r
-Host key checking is your guarantee that the encryption you put on\r
-your data at the client end is the \e{same} encryption taken off the\r
-data at the server end; it's your guarantee that it hasn't been\r
-removed and replaced somewhere on the way. Host key checking makes\r
-the attacker's job \e{astronomically} hard, compared to packet\r
-sniffing, and even compared to subverting a router. Instead of\r
-applying a little intelligence and keeping an eye on Bugtraq, the\r
-attacker must now perform a brute-force attack against at least one\r
-military-strength cipher. That insignificant host key prompt really\r
-does make \e{that} much difference.\r
-\r
-If you're having a specific problem with host key checking - perhaps\r
-you want an automated batch job to make use of PSCP or Plink, and\r
-the interactive host key prompt is hanging the batch process - then\r
-the right way to fix it is to add the correct host key to the\r
-Registry in advance. That way, you retain the \e{important} feature\r
-of host key checking: the right key will be accepted and the wrong\r
-ones will not. Adding an option to turn host key checking off\r
-completely is the wrong solution and we will not do it.\r
-\r
-If you have host keys available in the common \i\c{known_hosts} format,\r
-we have a script called \r
-\W{http://svn.tartarus.org/sgt/putty/contrib/kh2reg.py?view=markup}\c{kh2reg.py}\r
-to convert them to a Windows .REG file, which can be installed ahead of\r
-time by double-clicking or using \c{REGEDIT}.\r
-\r
-\S{faq-server}{Question} Will you write an SSH server for the PuTTY\r
-suite, to go with the client?\r
-\r
-No. The only reason we might want to would be if we could easily\r
-re-use existing code and significantly cut down the effort. We don't\r
-believe this is the case; there just isn't enough common ground\r
-between an SSH client and server to make it worthwhile.\r
-\r
-If someone else wants to use bits of PuTTY in the process of writing\r
-a Windows SSH server, they'd be perfectly welcome to of course, but\r
-I really can't see it being a lot less effort for us to do that than\r
-it would be for us to write a server from the ground up. We don't\r
-have time, and we don't have motivation. The code is available if\r
-anyone else wants to try it.\r
-\r
-\S{faq-pscp-ascii}{Question} Can PSCP or PSFTP transfer files in\r
-\i{ASCII} mode?\r
-\r
-Unfortunately not.\r
-\r
-Until recently, this was a limitation of the file transfer protocols:\r
-the SCP and SFTP protocols had no notion of transferring a file in\r
-anything other than binary mode. (This is still true of SCP.)\r
-\r
-The current draft protocol spec of SFTP proposes a means of\r
-implementing ASCII transfer. At some point PSCP/PSFTP may implement\r
-this proposal.\r
-\r
-\H{faq-ports} Ports to other operating systems\r
-\r
-The eventual goal is for PuTTY to be a multi-platform program, able\r
-to run on at least Windows, Mac OS and Unix.\r
-\r
-Porting will become easier once PuTTY has a generalised porting\r
-layer, drawing a clear line between platform-dependent and\r
-platform-independent code. The general intention was for this\r
-porting layer to evolve naturally as part of the process of doing\r
-the first port; a Unix port has now been released and the plan\r
-seems to be working so far.\r
-\r
-\S{faq-ports-general}{Question} What ports of PuTTY exist?\r
-\r
-Currently, release versions of PuTTY tools only run on full Win32\r
-systems and Unix. \q{\i{Win32}} includes versions of Windows from\r
-Windows 95 onwards (as opposed to the 16-bit Windows 3.1; see\r
-\k{faq-win31}), up to and including Windows 7; and we know of no\r
-reason why PuTTY should not continue to work on future versions\r
-of Windows.\r
-\r
-The Windows executables we provide are for the 32-bit \q{\i{x86}}\r
-processor architecture, but they should work fine on 64-bit\r
-processors that are backward-compatible with that architecture.\r
-(We used to also provide executables for Windows for the Alpha\r
-processor, but stopped after 0.58 due to lack of interest.)\r
-\r
-In the development code, partial ports to the Mac OSes exist (see\r
-\k{faq-mac-port}).\r
-\r
-Currently PuTTY does \e{not} run on Windows CE (see \k{faq-wince}).\r
-\r
-We do not have release-quality ports for any other systems at the\r
-present time. If anyone told you we had an EPOC port, or an iPaq port,\r
-or any other port of PuTTY, they were mistaken. We don't.\r
-\r
-There are some third-party ports to various platforms, mentioned\r
-on the \r
-\W{http://www.chiark.greenend.org.uk/~sgtatham/putty/links.html}{Links page of our website}.\r
-\r
-\S{faq-unix}{Question} \I{Unix version}Is there a port to Unix?\r
-\r
-As of 0.54, there are Unix ports of most of the traditional PuTTY\r
-tools, and also one entirely new application.\r
-\r
-If you look at the source release, you should find a \c{unix}\r
-subdirectory. There are a couple of ways of building it,\r
-including the usual \c{configure}/\c{make}; see the file \c{README}\r
-in the source distribution. This should build you Unix\r
-ports of Plink, PuTTY itself, PuTTYgen, PSCP, PSFTP, and also\r
-\i\c{pterm} - an \cw{xterm}-type program which supports the same\r
-terminal emulation as PuTTY. We do not yet have a Unix port of\r
-Pageant.\r
-\r
-If you don't have \i{Gtk}, you should still be able to build the\r
-command-line tools.\r
-\r
-Note that Unix PuTTY has mostly only been tested on Linux so far;\r
-portability problems such as BSD-style ptys or different header file\r
-requirements are expected.\r
-\r
-\S{faq-unix-why}{Question} What's the point of the Unix port? Unix\r
-has OpenSSH.\r
-\r
-All sorts of little things. \c{pterm} is directly useful to anyone\r
-who prefers PuTTY's terminal emulation to \c{xterm}'s, which at\r
-least some people do. Unix Plink has apparently found a niche among\r
-people who find the complexity of OpenSSL makes OpenSSH hard to\r
-install (and who don't mind Plink not having as many features). Some\r
-users want to generate a large number of SSH keys on Unix and then\r
-copy them all into PuTTY, and the Unix PuTTYgen should allow them to\r
-automate that conversion process.\r
-\r
-There were development advantages as well; porting PuTTY to Unix was\r
-a valuable path-finding effort for other future ports, and also\r
-allowed us to use the excellent Linux tool\r
-\W{http://valgrind.kde.org/}{Valgrind} to help with debugging, which\r
-has already improved PuTTY's stability on \e{all} platforms.\r
-\r
-However, if you're a Unix user and you can see no reason to switch\r
-from OpenSSH to PuTTY/Plink, then you're probably right. We don't\r
-expect our Unix port to be the right thing for everybody.\r
-\r
-\S{faq-wince}{Question} Will there be a port to Windows CE or PocketPC?\r
-\r
-We have done some work on such a port, but it only reached an early\r
-stage, and certainly not a useful one. It's no longer being actively\r
-worked on.\r
-\r
-However, there's a third-party port at\r
-\W{http://www.pocketputty.net/}\c{http://www.pocketputty.net/}.\r
-\r
-\S{faq-win31}{Question} Is there a port to \i{Windows 3.1}?\r
-\r
-PuTTY is a 32-bit application from the ground up, so it won't run on\r
-Windows 3.1 as a native 16-bit program; and it would be \e{very}\r
-hard to port it to do so, because of Windows 3.1's vile memory\r
-allocation mechanisms.\r
-\r
-However, it is possible in theory to compile the existing PuTTY\r
-source in such a way that it will run under \i{Win32s} (an extension to\r
-Windows 3.1 to let you run 32-bit programs). In order to do this\r
-you'll need the right kind of C compiler - modern versions of Visual\r
-C at least have stopped being backwards compatible to Win32s. Also,\r
-the last time we tried this it didn't work very well.\r
-\r
-If you're interested in running PuTTY under Windows 3.1, help and\r
-testing in this area would be very welcome!\r
-\r
-\S{faq-mac-port}{Question} Will there be a port to the \I{Mac OS}Mac?\r
-\r
-There are several answers to this question:\r
-\r
-\b The Unix/Gtk port is already fully working under Mac OS X as an X11\r
-application.\r
-\r
-\b A native (Cocoa) Mac OS X port has been started. It's just about\r
-usable, but is of nowhere near release quality yet, and is likely to\r
-behave in unexpected ways. Currently it's unlikely to be completed\r
-unless someone steps in to help.\r
-\r
-\b A separate port to the classic Mac OS (pre-OSX) is also in\r
-progress; it too is not ready yet.\r
-\r
-\S{faq-epoc}{Question} Will there be a port to EPOC?\r
-\r
-I hope so, but given that ports aren't really progressing very fast\r
-even on systems the developers \e{do} already know how to program\r
-for, it might be a long time before any of us get round to learning\r
-a new system and doing the port for that.\r
-\r
-However, some of the work has been done by other people; see the\r
-\W{http://www.chiark.greenend.org.uk/~sgtatham/putty/links.html}{Links page of our website}\r
-for various third-party ports.\r
-\r
-\S{faq-iphone}{Question} Will there be a port to the iPhone?\r
-\r
-We have no plans to write such a port ourselves; none of us has an\r
-iPhone, and developing and publishing applications for it looks\r
-awkward and expensive. Such a port would probably depend upon the\r
-stalled Mac OS X port (see \k{faq-mac-port}).\r
-\r
-However, there is a third-party SSH client for the iPhone and\r
-iPod\_Touch called \W{http://www.instantcocoa.com/products/pTerm/}{pTerm},\r
-which is apparently based on PuTTY. (This is nothing to do with our\r
-similarly-named \c{pterm}, which is a standalone terminal emulator for\r
-Unix systems; see \k{faq-unix}.)\r
-\r
-\H{faq-embedding} Embedding PuTTY in other programs\r
-\r
-\S{faq-dll}{Question} Is the SSH or Telnet code available as a DLL?\r
-\r
-No, it isn't. It would take a reasonable amount of rewriting for\r
-this to be possible, and since the PuTTY project itself doesn't\r
-believe in DLLs (they make installation more error-prone) none of us\r
-has taken the time to do it.\r
-\r
-Most of the code cleanup work would be a good thing to happen in\r
-general, so if anyone feels like helping, we wouldn't say no.\r
-\r
-See also\r
-\W{http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/dll-frontend.html}{the wishlist entry}.\r
-\r
-\S{faq-vb}{Question} Is the SSH or Telnet code available as a Visual\r
-Basic component?\r
-\r
-No, it isn't. None of the PuTTY team uses Visual Basic, and none of\r
-us has any particular need to make SSH connections from a Visual\r
-Basic application. In addition, all the preliminary work to turn it\r
-into a DLL would be necessary first; and furthermore, we don't even\r
-know how to write VB components.\r
-\r
-If someone offers to do some of this work for us, we might consider\r
-it, but unless that happens I can't see VB integration being\r
-anywhere other than the very bottom of our priority list.\r
-\r
-\S{faq-ipc}{Question} How can I use PuTTY to make an SSH connection\r
-from within another program?\r
-\r
-Probably your best bet is to use Plink, the command-line connection\r
-tool. If you can start Plink as a second Windows process, and\r
-arrange for your primary process to be able to send data to the\r
-Plink process, and receive data from it, through pipes, then you\r
-should be able to make SSH connections from your program.\r
-\r
-This is what CVS for Windows does, for example.\r
-\r
-\H{faq-details} Details of PuTTY's operation\r
-\r
-\S{faq-term}{Question} What \i{terminal type} does PuTTY use?\r
-\r
-For most purposes, PuTTY can be considered to be an \cw{xterm}\r
-terminal.\r
-\r
-PuTTY also supports some terminal \i{control sequences} not supported by\r
-the real \cw{xterm}: notably the Linux console sequences that\r
-reconfigure the colour palette, and the title bar control sequences\r
-used by \i\cw{DECterm} (which are different from the \cw{xterm} ones;\r
-PuTTY supports both).\r
-\r
-By default, PuTTY announces its terminal type to the server as\r
-\c{xterm}. If you have a problem with this, you can reconfigure it\r
-to say something else; \c{vt220} might help if you have trouble.\r
-\r
-\S{faq-settings}{Question} Where does PuTTY store its data?\r
-\r
-On Windows, PuTTY stores most of its data (saved sessions, SSH host\r
-keys) in the \i{Registry}. The precise location is\r
-\r
-\c HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\r
-\r
-and within that area, saved sessions are stored under \c{Sessions}\r
-while host keys are stored under \c{SshHostKeys}.\r
-\r
-PuTTY also requires a random number seed file, to improve the\r
-unpredictability of randomly chosen data needed as part of the SSH\r
-cryptography. This is stored by default in a file called \i\c{PUTTY.RND};\r
-this is stored by default in the \q{Application Data} directory,\r
-or failing that, one of a number of fallback locations. If you\r
-want to change the location of the random number seed file, you can\r
-put your chosen pathname in the Registry, at\r
-\r
-\c HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\RandSeedFile\r
-\r
-You can ask PuTTY to delete all this data; see \k{faq-cleanup}.\r
-\r
-On Unix, PuTTY stores all of this data in a directory \cw{~/.putty}.\r
-\r
-\H{faq-howto} HOWTO questions\r
-\r
-\S{faq-login}{Question} What login name / password should I use?\r
-\r
-This is not a question you should be asking \e{us}.\r
-\r
-PuTTY is a communications tool, for making connections to other\r
-computers. We maintain the tool; we \e{don't} administer any computers\r
-that you're likely to be able to use, in the same way that the people\r
-who make web browsers aren't responsible for most of the content you can\r
-view in them. \#{FIXME: less technical analogy?} We cannot help with\r
-questions of this sort.\r
-\r
-If you know the name of the computer you want to connect to, but don't\r
-know what login name or password to use, you should talk to whoever\r
-administers that computer. If you don't know who that is, see the next\r
-question for some possible ways to find out.\r
-\r
-\# FIXME: some people ask us to provide them with a login name\r
-apparently as random members of the public rather than in the\r
-belief that we run a server belonging to an organisation they already\r
-have some relationship with. Not sure what to say to such people.\r
-\r
-\S{faq-commands}{Question} \I{commands on the server}What commands\r
-can I type into my PuTTY terminal window?\r
-\r
-Again, this is not a question you should be asking \e{us}. You need\r
-to read the manuals, or ask the administrator, of \e{the computer\r
-you have connected to}.\r
-\r
-PuTTY does not process the commands you type into it. It's only a\r
-communications tool. It makes a connection to another computer; it\r
-passes the commands you type to that other computer; and it passes\r
-the other computer's responses back to you. Therefore, the precise\r
-range of commands you can use will not depend on PuTTY, but on what\r
-kind of computer you have connected to and what software is running\r
-on it. The PuTTY team cannot help you with that.\r
-\r
-(Think of PuTTY as being a bit like a telephone. If you phone\r
-somebody up and you don't know what language to speak to make them\r
-understand you, it isn't \e{the telephone company}'s job to find\r
-that out for you. We just provide the means for you to get in touch;\r
-making yourself understood is somebody else's problem.)\r
-\r
-If you are unsure of where to start looking for the administrator of\r
-your server, a good place to start might be to remember how you\r
-found out the host name in the PuTTY configuration. If you were\r
-given that host name by e-mail, for example, you could try asking\r
-the person who sent you that e-mail. If your company's IT department\r
-provided you with ready-made PuTTY saved sessions, then that IT\r
-department can probably also tell you something about what commands\r
-you can type during those sessions. But the PuTTY maintainer team\r
-does not administer any server you are likely to be connecting to,\r
-and cannot help you with questions of this type.\r
-\r
-\S{faq-startmax}{Question} How can I make PuTTY start up \i{maximise}d?\r
-\r
-Create a Windows shortcut to start PuTTY from, and set it as \q{Run\r
-Maximized}.\r
-\r
-\S{faq-startsess}{Question} How can I create a \i{Windows shortcut} to\r
-start a particular saved session directly?\r
-\r
-To run a PuTTY session saved under the name \q{\cw{mysession}},\r
-create a Windows shortcut that invokes PuTTY with a command line\r
-like\r
-\r
-\c \path\name\to\putty.exe -load "mysession"\r
-\r
-(Note: prior to 0.53, the syntax was \c{@session}. This is now\r
-deprecated and may be removed at some point.)\r
-\r
-\S{faq-startssh}{Question} How can I start an SSH session straight\r
-from the command line?\r
-\r
-Use the command line \c{putty -ssh host.name}. Alternatively, create\r
-a saved session that specifies the SSH protocol, and start the saved\r
-session as shown in \k{faq-startsess}.\r
-\r
-\S{faq-cutpaste}{Question} How do I \i{copy and paste} between PuTTY and\r
-other Windows applications?\r
-\r
-Copy and paste works similarly to the X Window System. You use the\r
-left mouse button to select text in the PuTTY window. The act of\r
-selection \e{automatically} copies the text to the clipboard: there\r
-is no need to press Ctrl-Ins or Ctrl-C or anything else. In fact,\r
-pressing Ctrl-C will send a Ctrl-C character to the other end of\r
-your connection (just like it does the rest of the time), which may\r
-have unpleasant effects. The \e{only} thing you need to do, to copy\r
-text to the clipboard, is to select it.\r
-\r
-To paste the clipboard contents into a PuTTY window, by default you\r
-click the right mouse button. If you have a three-button mouse and\r
-are used to X applications, you can configure pasting to be done by\r
-the middle button instead, but this is not the default because most\r
-Windows users don't have a middle button at all.\r
-\r
-You can also paste by pressing Shift-Ins.\r
-\r
-\S{faq-options}{Question} How do I use all PuTTY's features (public\r
-keys, proxying, cipher selection, etc.) in PSCP, PSFTP and Plink?\r
-\r
-Most major features (e.g., public keys, port forwarding) are available\r
-through command line options. See the documentation.\r
-\r
-Not all features are accessible from the command line yet, although\r
-we'd like to fix this. In the meantime, you can use most of\r
-PuTTY's features if you create a PuTTY saved session, and then use\r
-the name of the saved session on the command line in place of a\r
-hostname. This works for PSCP, PSFTP and Plink (but don't expect\r
-port forwarding in the file transfer applications!).\r
-\r
-\S{faq-pscp}{Question} How do I use PSCP.EXE? When I double-click it\r
-gives me a command prompt window which then closes instantly.\r
-\r
-PSCP is a command-line application, not a GUI application. If you\r
-run it without arguments, it will simply print a help message and\r
-terminate.\r
-\r
-To use PSCP properly, run it from a Command Prompt window. See\r
-\k{pscp} in the documentation for more details.\r
-\r
-\S{faq-pscp-spaces}{Question} \I{spaces in filenames}How do I use\r
-PSCP to copy a file whose name has spaces in?\r
-\r
-If PSCP is using the traditional SCP protocol, this is confusing. If\r
-you're specifying a file at the local end, you just use one set of\r
-quotes as you would normally do:\r
-\r
-\c pscp "local filename with spaces" user@host:\r
-\c pscp user@host:myfile "local filename with spaces"\r
-\r
-But if the filename you're specifying is on the \e{remote} side, you\r
-have to use backslashes and two sets of quotes:\r
-\r
-\c pscp user@host:"\"remote filename with spaces\"" local_filename\r
-\c pscp local_filename user@host:"\"remote filename with spaces\""\r
-\r
-Worse still, in a remote-to-local copy you have to specify the local\r
-file name explicitly, otherwise PSCP will complain that they don't\r
-match (unless you specified the \c{-unsafe} option). The following\r
-command will give an error message:\r
-\r
-\c c:\>pscp user@host:"\"oo er\"" .\r
-\c warning: remote host tried to write to a file called 'oo er'\r
-\c          when we requested a file called '"oo er"'.\r
-\r
-Instead, you need to specify the local file name in full:\r
-\r
-\c c:\>pscp user@host:"\"oo er\"" "oo er"\r
-\r
-If PSCP is using the newer SFTP protocol, none of this is a problem,\r
-and all filenames with spaces in are specified using a single pair\r
-of quotes in the obvious way:\r
-\r
-\c pscp "local file" user@host:\r
-\c pscp user@host:"remote file" .\r
-\r
-\H{faq-trouble} Troubleshooting\r
-\r
-\S{faq-incorrect-mac}{Question} Why do I see \q{Incorrect MAC\r
-received on packet}?\r
-\r
-One possible cause of this that used to be common is a bug in old\r
-SSH-2 servers distributed by \cw{ssh.com}. (This is not the only\r
-possible cause; see \k{errors-crc} in the documentation.)\r
-Version 2.3.0 and below of their SSH-2 server\r
-constructs Message Authentication Codes in the wrong way, and\r
-expects the client to construct them in the same wrong way. PuTTY\r
-constructs the MACs correctly by default, and hence these old\r
-servers will fail to work with it.\r
-\r
-If you are using PuTTY version 0.52 or better, this should work\r
-automatically: PuTTY should detect the buggy servers from their\r
-version number announcement, and automatically start to construct\r
-its MACs in the same incorrect manner as they do, so it will be able\r
-to work with them.\r
-\r
-If you are using PuTTY version 0.51 or below, you can enable the\r
-workaround by going to the SSH panel and ticking the box labelled\r
-\q{Imitate SSH2 MAC bug}. It's possible that you might have to do\r
-this with 0.52 as well, if a buggy server exists that PuTTY doesn't\r
-know about.\r
-\r
-In this context MAC stands for \ii{Message Authentication Code}. It's a\r
-cryptographic term, and it has nothing at all to do with Ethernet\r
-MAC (Media Access Control) addresses.\r
-\r
-\S{faq-pscp-protocol}{Question} Why do I see \q{Fatal: Protocol\r
-error: Expected control record} in PSCP?\r
-\r
-This happens because PSCP was expecting to see data from the server\r
-that was part of the PSCP protocol exchange, and instead it saw data\r
-that it couldn't make any sense of at all.\r
-\r
-This almost always happens because the \i{startup scripts} in your\r
-account on the server machine are generating output. This is\r
-impossible for PSCP, or any other SCP client, to work around. You\r
-should never use startup files (\c{.bashrc}, \c{.cshrc} and so on)\r
-which generate output in non-interactive sessions.\r
-\r
-This is not actually a PuTTY problem. If PSCP fails in this way,\r
-then all other SCP clients are likely to fail in exactly the same\r
-way. The problem is at the server end.\r
-\r
-\S{faq-colours}{Question} I clicked on a colour in the \ii{Colours}\r
-panel, and the colour didn't change in my terminal.\r
-\r
-That isn't how you're supposed to use the Colours panel.\r
-\r
-During the course of a session, PuTTY potentially uses \e{all} the\r
-colours listed in the Colours panel. It's not a question of using\r
-only one of them and you choosing which one; PuTTY will use them\r
-\e{all}. The purpose of the Colours panel is to let you adjust the\r
-appearance of all the colours. So to change the colour of the\r
-cursor, for example, you would select \q{Cursor Colour}, press the\r
-\q{Modify} button, and select a new colour from the dialog box that\r
-appeared. Similarly, if you want your session to appear in green,\r
-you should select \q{Default Foreground} and press \q{Modify}.\r
-Clicking on \q{ANSI Green} won't turn your session green; it will\r
-only allow you to adjust the \e{shade} of green used when PuTTY is\r
-instructed by the server to display green text.\r
-\r
-\S{faq-winsock2}{Question} Plink on \i{Windows 95} says it can't find\r
-\i\cw{WS2_32.DLL}.\r
-\r
-Plink requires the extended Windows network library, WinSock version\r
-2. This is installed as standard on Windows 98 and above, and on\r
-Windows NT, and even on later versions of Windows 95; but early\r
-Win95 installations don't have it.\r
-\r
-In order to use Plink on these systems, you will need to download\r
-the\r
-\W{http://www.microsoft.com/windows95/downloads/contents/wuadmintools/s_wunetworkingtools/w95sockets2/}{WinSock 2 upgrade}:\r
-\r
-\c http://www.microsoft.com/windows95/downloads/contents/\r
-\c   wuadmintools/s_wunetworkingtools/w95sockets2/\r
-\r
-\S{faq-outofmem}{Question} After trying to establish an SSH-2\r
-connection, PuTTY says \q{\ii{Out of memory}} and dies.\r
-\r
-If this happens just while the connection is starting up, this often\r
-indicates that for some reason the client and server have failed to\r
-establish a session encryption key. Somehow, they have performed\r
-calculations that should have given each of them the same key, but\r
-have ended up with different keys; so data encrypted by one and\r
-decrypted by the other looks like random garbage.\r
-\r
-This causes an \q{out of memory} error because the first encrypted\r
-data PuTTY expects to see is the length of an SSH message. Normally\r
-this will be something well under 100 bytes. If the decryption has\r
-failed, PuTTY will see a completely random length in the region of\r
-two \e{gigabytes}, and will try to allocate enough memory to store\r
-this non-existent message. This will immediately lead to it thinking\r
-it doesn't have enough memory, and panicking.\r
-\r
-If this happens to you, it is quite likely to still be a PuTTY bug\r
-and you should report it (although it might be a bug in your SSH\r
-server instead); but it doesn't necessarily mean you've actually run\r
-out of memory.\r
-\r
-\S{faq-outofmem2}{Question} When attempting a file transfer, either\r
-PSCP or PSFTP says \q{\ii{Out of memory}} and dies.\r
-\r
-This is almost always caused by your \i{login scripts} on the server\r
-generating output. PSCP or PSFTP will receive that output when they\r
-were expecting to see the start of a file transfer protocol, and\r
-they will attempt to interpret the output as file-transfer protocol.\r
-This will usually lead to an \q{out of memory} error for much the\r
-same reasons as given in \k{faq-outofmem}.\r
-\r
-This is a setup problem in your account on your server, \e{not} a\r
-PSCP/PSFTP bug. Your login scripts should \e{never} generate output\r
-during non-interactive sessions; secure file transfer is not the\r
-only form of remote access that will break if they do.\r
-\r
-On Unix, a simple fix is to ensure that all the parts of your login\r
-script that might generate output are in \c{.profile} (if you use a\r
-Bourne shell derivative) or \c{.login} (if you use a C shell).\r
-Putting them in more general files such as \c{.bashrc} or \c{.cshrc}\r
-is liable to lead to problems.\r
-\r
-\S{faq-psftp-slow}{Question} PSFTP transfers files much slower than PSCP.\r
-\r
-The throughput of PSFTP 0.54 should be much better than 0.53b and\r
-prior; we've added code to the SFTP backend to queue several blocks\r
-of data rather than waiting for an acknowledgement for each. (The\r
-SCP backend did not suffer from this performance issue because SCP\r
-is a much simpler protocol.)\r
-\r
-\S{faq-bce}{Question} When I run full-colour applications, I see\r
-areas of black space where colour ought to be, or vice versa.\r
-\r
-You almost certainly need to change the \q{Use \i{background colour} to\r
-erase screen} setting in the Terminal panel. If there is too much\r
-black space (the commoner situation), you should enable it, while if\r
-there is too much colour, you should disable it. (See \k{config-erase}.)\r
-\r
-In old versions of PuTTY, this was disabled by default, and would not\r
-take effect until you reset the terminal (see \k{faq-resetterm}).\r
-Since 0.54, it is enabled by default, and changes take effect\r
-immediately.\r
-\r
-\S{faq-resetterm}{Question} When I change some terminal settings,\r
-nothing happens.\r
-\r
-Some of the terminal options (notably \ii{Auto Wrap} and\r
-background-colour screen erase) actually represent the \e{default}\r
-setting, rather than the currently active setting. The server can\r
-send sequences that modify these options in mid-session, but when\r
-the terminal is reset (by server action, or by you choosing \q{Reset\r
-Terminal} from the System menu) the defaults are restored.\r
-\r
-In versions 0.53b and prior, if you change one of these options in\r
-the middle of a session, you will find that the change does not\r
-immediately take effect. It will only take effect once you reset\r
-the terminal.\r
-\r
-In version 0.54, the behaviour has changed - changes to these\r
-settings take effect immediately.\r
-\r
-\S{faq-idleout}{Question} My PuTTY sessions unexpectedly close after\r
-they are \I{idle connections}idle for a while.\r
-\r
-Some types of \i{firewall}, and almost any router doing Network Address\r
-Translation (\i{NAT}, also known as IP masquerading), will forget about\r
-a connection through them if the connection does nothing for too\r
-long. This will cause the connection to be rudely cut off when\r
-contact is resumed.\r
-\r
-You can try to combat this by telling PuTTY to send \e{keepalives}:\r
-packets of data which have no effect on the actual session, but\r
-which reassure the router or firewall that the network connection is\r
-still active and worth remembering about.\r
-\r
-Keepalives don't solve everything, unfortunately; although they\r
-cause greater robustness against this sort of router, they can also\r
-cause a \e{loss} of robustness against network dropouts. See\r
-\k{config-keepalive} in the documentation for more discussion of\r
-this.\r
-\r
-\S{faq-timeout}{Question} PuTTY's network connections time out too\r
-quickly when \I{breaks in connectivity}network connectivity is\r
-temporarily lost.\r
-\r
-This is a Windows problem, not a PuTTY problem. The timeout value\r
-can't be set on per application or per session basis. To increase\r
-the TCP timeout globally, you need to tinker with the Registry.\r
-\r
-On Windows 95, 98 or ME, the registry key you need to create or\r
-change is\r
-\r
-\c HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\\r
-\c   MSTCP\MaxDataRetries\r
-\r
-(it must be of type DWORD in Win95, or String in Win98/ME).\r
-(See MS Knowledge Base article\r
-\W{http://support.microsoft.com/default.aspx?scid=kb;en-us;158474}{158474}\r
-for more information.)\r
-\r
-On Windows NT, 2000, or XP, the registry key to create or change is\r
-\r
-\c HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\\r
-\c   Parameters\TcpMaxDataRetransmissions\r
-\r
-and it must be of type DWORD.\r
-(See MS Knowledge Base articles\r
-\W{http://support.microsoft.com/default.aspx?scid=kb;en-us;120642}{120642}\r
-and\r
-\W{http://support.microsoft.com/default.aspx?scid=kb;en-us;314053}{314053}\r
-for more information.)\r
-\r
-Set the key's value to something like 10. This will cause Windows to\r
-try harder to keep connections alive instead of abandoning them.\r
-\r
-\S{faq-puttyputty}{Question} When I \cw{cat} a binary file, I get\r
-\q{PuTTYPuTTYPuTTY} on my command line.\r
-\r
-Don't do that, then.\r
-\r
-This is designed behaviour; when PuTTY receives the character\r
-Control-E from the remote server, it interprets it as a request to\r
-identify itself, and so it sends back the string \q{\cw{PuTTY}} as\r
-if that string had been entered at the keyboard. Control-E should\r
-only be sent by programs that are prepared to deal with the\r
-response. Writing a binary file to your terminal is likely to output\r
-many Control-E characters, and cause this behaviour. Don't do it.\r
-It's a bad plan.\r
-\r
-To mitigate the effects, you could configure the answerback string\r
-to be empty (see \k{config-answerback}); but writing binary files to\r
-your terminal is likely to cause various other unpleasant behaviour,\r
-so this is only a small remedy.\r
-\r
-\S{faq-wintitle}{Question} When I \cw{cat} a binary file, my \i{window\r
-title} changes to a nonsense string.\r
-\r
-Don't do that, then.\r
-\r
-It is designed behaviour that PuTTY should have the ability to\r
-adjust the window title on instructions from the server. Normally\r
-the control sequence that does this should only be sent\r
-deliberately, by programs that know what they are doing and intend\r
-to put meaningful text in the window title. Writing a binary file to\r
-your terminal runs the risk of sending the same control sequence by\r
-accident, and cause unexpected changes in the window title. Don't do\r
-it.\r
-\r
-\S{faq-password-fails}{Question} My \i{keyboard} stops working once\r
-PuTTY displays the \i{password prompt}.\r
-\r
-No, it doesn't. PuTTY just doesn't display the password you type, so\r
-that someone looking at your screen can't see what it is.\r
-\r
-Unlike the Windows login prompts, PuTTY doesn't display the password\r
-as a row of asterisks either. This is so that someone looking at\r
-your screen can't even tell how \e{long} your password is, which\r
-might be valuable information.\r
-\r
-\S{faq-keyboard}{Question} One or more \I{keyboard}\i{function keys}\r
-don't do what I expected in a server-side application.\r
-\r
-If you've already tried all the relevant options in the PuTTY\r
-Keyboard panel, you may need to mail the PuTTY maintainers and ask.\r
-\r
-It is \e{not} usually helpful just to tell us which application,\r
-which server operating system, and which key isn't working; in order\r
-to replicate the problem we would need to have a copy of every\r
-operating system, and every application, that anyone has ever\r
-complained about.\r
-\r
-PuTTY responds to function key presses by sending a sequence of\r
-control characters to the server. If a function key isn't doing what\r
-you expect, it's likely that the character sequence your application\r
-is expecting to receive is not the same as the one PuTTY is sending.\r
-Therefore what we really need to know is \e{what} sequence the\r
-application is expecting.\r
-\r
-The simplest way to investigate this is to find some other terminal\r
-environment, in which that function key \e{does} work; and then\r
-investigate what sequence the function key is sending in that\r
-situation. One reasonably easy way to do this on a \i{Unix} system is to\r
-type the command \i\c{cat}, and then press the function key. This is\r
-likely to produce output of the form \c{^[[11~}. You can also do\r
-this in PuTTY, to find out what sequence the function key is\r
-producing in that. Then you can mail the PuTTY maintainers and tell\r
-us \q{I wanted the F1 key to send \c{^[[11~}, but instead it's\r
-sending \c{^[OP}, can this be done?}, or something similar.\r
-\r
-You should still read the\r
-\W{http://www.chiark.greenend.org.uk/~sgtatham/putty/feedback.html}{Feedback\r
-page} on the PuTTY website (also provided as \k{feedback} in the\r
-manual), and follow the guidelines contained in that.\r
-\r
-\S{faq-openssh-bad-openssl}{Question} Since my SSH server was upgraded\r
-to \i{OpenSSH} 3.1p1/3.4p1, I can no longer connect with PuTTY.\r
-\r
-There is a known problem when OpenSSH has been built against an\r
-incorrect version of OpenSSL; the quick workaround is to configure\r
-PuTTY to use SSH protocol 2 and the Blowfish cipher.\r
-\r
-For more details and OpenSSH patches, see\r
-\W{http://bugzilla.mindrot.org/show_bug.cgi?id=138}{bug 138} in the\r
-OpenSSH BTS.\r
-\r
-This is not a PuTTY-specific problem; if you try to connect with\r
-another client you'll likely have similar problems. (Although PuTTY's\r
-default cipher differs from many other clients.)\r
-\r
-\e{OpenSSH 3.1p1:} configurations known to be broken (and symptoms):\r
-\r
-\b SSH-2 with AES cipher (PuTTY says \q{Assertion failed! Expression:\r
-(len & 15) == 0} in \cw{sshaes.c}, or \q{Out of memory}, or crashes)\r
-\r
-\b SSH-2 with 3DES (PuTTY says \q{Incorrect MAC received on packet})\r
-\r
-\b SSH-1 with Blowfish (PuTTY says \q{Incorrect CRC received on\r
-packet})\r
-\r
-\b SSH-1 with 3DES\r
-\r
-\e{OpenSSH 3.4p1:} as of 3.4p1, only the problem with SSH-1 and\r
-Blowfish remains. Rebuild your server, apply the patch linked to from\r
-bug 138 above, or use another cipher (e.g., 3DES) instead.\r
-\r
-\e{Other versions:} we occasionally get reports of the same symptom\r
-and workarounds with older versions of OpenSSH, although it's not\r
-clear the underlying cause is the same.\r
-\r
-\S{faq-ssh2key-ssh1conn}{Question} Why do I see \q{Couldn't load\r
-private key from ...}? Why can PuTTYgen load my key but not PuTTY?\r
-\r
-It's likely that you've generated an SSH protocol 2 key with PuTTYgen,\r
-but you're trying to use it in an SSH-1 connection. SSH-1 and SSH-2 keys\r
-have different formats, and (at least in 0.52) PuTTY's reporting of a\r
-key in the wrong format isn't optimal.\r
-\r
-To connect using SSH-2 to a server that supports both versions, you\r
-need to change the configuration from the default (see \k{faq-ssh2}).\r
-\r
-\S{faq-rh8-utf8}{Question} When I'm connected to a \i{Red Hat Linux} 8.0\r
-system, some characters don't display properly.\r
-\r
-A common complaint is that hyphens in man pages show up as a-acute.\r
-\r
-With release 8.0, Red Hat appear to have made \i{UTF-8} the default\r
-character set. There appears to be no way for terminal emulators such\r
-as PuTTY to know this (as far as we know, the appropriate escape\r
-sequence to switch into UTF-8 mode isn't sent).\r
-\r
-A fix is to configure sessions to RH8 systems to use UTF-8\r
-translation - see \k{config-charset} in the documentation. (Note that\r
-if you use \q{Change Settings}, changes may not take place immediately\r
-- see \k{faq-resetterm}.)\r
-\r
-If you really want to change the character set used by the server, the\r
-right place is \c{/etc/sysconfig/i18n}, but this shouldn't be\r
-necessary.\r
-\r
-\S{faq-screen}{Question} Since I upgraded to PuTTY 0.54, the\r
-scrollback has stopped working when I run \c{screen}.\r
-\r
-PuTTY's terminal emulator has always had the policy that when the\r
-\q{\i{alternate screen}} is in use, nothing is added to the scrollback.\r
-This is because the usual sorts of programs which use the alternate\r
-screen are things like text editors, which tend to scroll back and\r
-forth in the same document a lot; so (a) they would fill up the\r
-scrollback with a large amount of unhelpfully disordered text, and\r
-(b) they contain their \e{own} method for the user to scroll back to\r
-the bit they were interested in. We have generally found this policy\r
-to do the Right Thing in almost all situations.\r
-\r
-Unfortunately, \c{screen} is one exception: it uses the alternate\r
-screen, but it's still usually helpful to have PuTTY's scrollback\r
-continue working. The simplest solution is to go to the Features\r
-control panel and tick \q{Disable switching to alternate terminal\r
-screen}. (See \k{config-features-altscreen} for more details.)\r
-Alternatively, you can tell \c{screen} itself not to use the\r
-alternate screen: the\r
-\W{http://www4.informatik.uni-erlangen.de/~jnweiger/screen-faq.html}{\c{screen}\r
-FAQ} suggests adding the line \cq{termcapinfo xterm ti@:te@} to your\r
-\cw{.screenrc} file.\r
-\r
-The reason why this only started to be a problem in 0.54 is because\r
-\c{screen} typically uses an unusual control sequence to switch to\r
-the alternate screen, and previous versions of PuTTY did not support\r
-this sequence.\r
-\r
-\S{faq-alternate-localhost}{Question} Since I upgraded \i{Windows XP}\r
-to Service Pack 2, I can't use addresses like \cw{127.0.0.2}.\r
-\r
-Some people who ask PuTTY to listen on \i{localhost} addresses other\r
-than \cw{127.0.0.1} to forward services such as \i{SMB} and \i{Windows\r
-Terminal Services} have found that doing so no longer works since\r
-they upgraded to WinXP SP2.\r
-\r
-This is apparently an issue with SP2 that is acknowledged by Microsoft\r
-in MS Knowledge Base article\r
-\W{http://support.microsoft.com/default.aspx?scid=kb;en-us;884020}{884020}.\r
-The article links to a fix you can download.\r
-\r
-(\e{However}, we've been told that SP2 \e{also} fixes the bug that\r
-means you need to use non-\cw{127.0.0.1} addresses to forward\r
-Terminal Services in the first place.)\r
-\r
-\S{faq-missing-slash}{Question} PSFTP commands seem to be missing a\r
-directory separator (slash). \r
-\r
-Some people have reported the following incorrect behaviour with\r
-PSFTP:\r
-\r
-\c psftp> pwd\r
-\e        iii\r
-\c Remote directory is /dir1/dir2\r
-\c psftp> get filename.ext\r
-\e        iiiiiiiiiiiiiiii\r
-\c /dir1/dir2filename.ext: no such file or directory\r
-\r
-This is not a bug in PSFTP. There is a known bug in some versions of\r
-portable \i{OpenSSH}\r
-(\W{http://bugzilla.mindrot.org/show_bug.cgi?id=697}{bug 697}) that\r
-causes these symptoms; it appears to have been introduced around\r
-3.7.x. It manifests only on certain platforms (AIX is what has been\r
-reported to us).\r
-\r
-There is a patch for OpenSSH attached to that bug; it's also fixed in\r
-recent versions of portable OpenSSH (from around 3.8).\r
-\r
-\S{faq-connaborted}{Question} Do you want to hear about \q{Software\r
-caused connection abort}?\r
-\r
-In the documentation for PuTTY 0.53 and 0.53b, we mentioned that we'd\r
-like to hear about any occurrences of this error.  Since the release\r
-of PuTTY 0.54, however, we've been convinced that this error doesn't\r
-indicate that PuTTY's doing anything wrong, and we don't need to hear\r
-about further occurrences.  See \k{errors-connaborted} for our current\r
-documentation of this error.\r
-\r
-\S{faq-rekey}{Question} My SSH-2 session \I{locking up, SSH-2\r
-sessions}locks up for a few seconds every so often.\r
-\r
-Recent versions of PuTTY automatically initiate \i{repeat key\r
-exchange} once per hour, to improve session security. If your client\r
-or server machine is slow, you may experience this as a delay of\r
-anything up to thirty seconds or so.\r
-\r
-These \I{delays, in SSH-2 sessions}delays are inconvenient, but they\r
-are there for your protection. If they really cause you a problem,\r
-you can choose to turn off periodic rekeying using the \q{Kex}\r
-configuration panel (see \k{config-ssh-kex}), but be aware that you\r
-will be sacrificing security for this. (Falling back to SSH-1 would\r
-also remove the delays, but would lose a \e{lot} more security\r
-still. We do not recommend it.)\r
-\r
-\S{faq-xpwontrun}{Question} PuTTY fails to start up.  Windows claims that\r
-\q{the application configuration is incorrect}.\r
-\r
-This is caused by a bug in certain versions of \i{Windows XP} which\r
-is triggered by PuTTY 0.58. This was fixed in 0.59. The\r
-\W{http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/xp-wont-run}{\q{xp-wont-run}}\r
-entry in PuTTY's wishlist has more details.\r
-\r
-\H{faq-secure} Security questions\r
-\r
-\S{faq-publicpc}{Question} Is it safe for me to download PuTTY and\r
-use it on a public PC?\r
-\r
-It depends on whether you trust that PC. If you don't trust the\r
-public PC, don't use PuTTY on it, and don't use any other software\r
-you plan to type passwords into either. It might be watching your\r
-keystrokes, or it might tamper with the PuTTY binary you download.\r
-There is \e{no} program safe enough that you can run it on an\r
-actively malicious PC and get away with typing passwords into it.\r
-\r
-If you do trust the PC, then it's probably OK to use PuTTY on it\r
-(but if you don't trust the network, then the PuTTY download might\r
-be tampered with, so it would be better to carry PuTTY with you on a\r
-floppy).\r
-\r
-\S{faq-cleanup}{Question} What does PuTTY leave on a system? How can\r
-I \i{clean up} after it?\r
-\r
-PuTTY will leave some Registry entries, and a random seed file, on\r
-the PC (see \k{faq-settings}). If you are using PuTTY on a public\r
-PC, or somebody else's PC, you might want to clean these up when you\r
-leave. You can do that automatically, by running the command\r
-\c{putty -cleanup}. (Note that this only removes settings for\r
-the currently logged-in user on \i{multi-user systems}.)\r
-\r
-If PuTTY was installed from the installer package, it will also\r
-appear in \q{Add/Remove Programs}. Older versions of the uninstaller\r
-do not remove the above-mentioned registry entries and file.\r
-\r
-\S{faq-dsa}{Question} How come PuTTY now supports \i{DSA}, when the\r
-website used to say how insecure it was?\r
-\r
-DSA has a major weakness \e{if badly implemented}: it relies on a\r
-random number generator to far too great an extent. If the random\r
-number generator produces a number an attacker can predict, the DSA\r
-private key is exposed - meaning that the attacker can log in as you\r
-on all systems that accept that key.\r
-\r
-The PuTTY policy changed because the developers were informed of\r
-ways to implement DSA which do not suffer nearly as badly from this\r
-weakness, and indeed which don't need to rely on random numbers at\r
-all. For this reason we now believe PuTTY's DSA implementation is\r
-probably OK. However, if you have the choice, we still recommend you\r
-use RSA instead.\r
-\r
-\S{faq-virtuallock}{Question} Couldn't Pageant use\r
-\cw{VirtualLock()} to stop private keys being written to disk?\r
-\r
-Unfortunately not. The \cw{VirtualLock()} function in the Windows\r
-API doesn't do a proper job: it may prevent small pieces of a\r
-process's memory from being paged to disk while the process is\r
-running, but it doesn't stop the process's memory as a whole from\r
-being swapped completely out to disk when the process is long-term\r
-inactive. And Pageant spends most of its time inactive.\r
-\r
-\H{faq-admin} Administrative questions\r
-\r
-\S{faq-domain}{Question} Would you like me to register you a nicer\r
-domain name?\r
-\r
-No, thank you. Even if you can find one (most of them seem to have\r
-been registered already, by people who didn't ask whether we\r
-actually wanted it before they applied), we're happy with the PuTTY\r
-web site being exactly where it is. It's not hard to find (just type\r
-\q{putty} into \W{http://www.google.com/}{google.com} and we're the\r
-first link returned), and we don't believe the administrative hassle\r
-of moving the site would be worth the benefit.\r
-\r
-In addition, if we \e{did} want a custom domain name, we would want\r
-to run it ourselves, so we knew for certain that it would continue\r
-to point where we wanted it, and wouldn't suddenly change or do\r
-strange things. Having it registered for us by a third party who we\r
-don't even know is not the best way to achieve this.\r
-\r
-\S{faq-webhosting}{Question} Would you like free web hosting for the\r
-PuTTY web site?\r
-\r
-We already have some, thanks.\r
-\r
-\S{faq-link}{Question} Would you link to my web site from the PuTTY\r
-web site?\r
-\r
-Only if the content of your web page is of definite direct interest\r
-to PuTTY users. If your content is unrelated, or only tangentially\r
-related, to PuTTY, then the link would simply be advertising for\r
-you.\r
-\r
-One very nice effect of the Google ranking mechanism is that by and\r
-large, the most popular web sites get the highest rankings. This\r
-means that when an ordinary person does a search, the top item in\r
-the search is very likely to be a high-quality site or the site they\r
-actually wanted, rather than the site which paid the most money for\r
-its ranking.\r
-\r
-The PuTTY web site is held in high esteem by Google, for precisely\r
-this reason: lots of people have linked to it simply because they\r
-like PuTTY, without us ever having to ask anyone to link to us. We\r
-feel that it would be an abuse of this esteem to use it to boost the\r
-ranking of random advertisers' web sites. If you want your web site\r
-to have a high Google ranking, we'd prefer that you achieve this the\r
-way we did - by being good enough at what you do that people will\r
-link to you simply because they like you.\r
-\r
-In particular, we aren't interested in trading links for money (see\r
-above), and we \e{certainly} aren't interested in trading links for\r
-other links (since we have no advertising on our web site, our\r
-Google ranking is not even directly worth anything to us). If we\r
-don't want to link to you for free, then we probably won't want to\r
-link to you at all.\r
-\r
-If you have software based on PuTTY, or specifically designed to\r
-interoperate with PuTTY, or in some other way of genuine interest to\r
-PuTTY users, then we will probably be happy to add a link to you on\r
-our Links page. And if you're running a particularly valuable mirror\r
-of the PuTTY web site, we might be interested in linking to you from\r
-our Mirrors page.\r
-\r
-\S{faq-sourceforge}{Question} Why don't you move PuTTY to\r
-SourceForge?\r
-\r
-Partly, because we don't want to move the web site location (see\r
-\k{faq-domain}).\r
-\r
-Also, security reasons. PuTTY is a security product, and as such it\r
-is particularly important to guard the code and the web site against\r
-unauthorised modifications which might introduce subtle security\r
-flaws. Therefore, we prefer that the Subversion repository, web site and\r
-FTP site remain where they are, under the direct control of system\r
-administrators we know and trust personally, rather than being run\r
-by a large organisation full of people we've never met and which is\r
-known to have had breakins in the past.\r
-\r
-No offence to SourceForge; I think they do a wonderful job. But\r
-they're not ideal for everyone, and in particular they're not ideal\r
-for us.\r
-\r
-\S{faq-mailinglist1}{Question} Why can't I subscribe to the\r
-putty-bugs mailing list?\r
-\r
-Because you're not a member of the PuTTY core development team. The\r
-putty-bugs mailing list is not a general newsgroup-like discussion\r
-forum; it's a contact address for the core developers, and an\r
-\e{internal} mailing list for us to discuss things among ourselves.\r
-If we opened it up for everybody to subscribe to, it would turn into\r
-something more like a newsgroup and we would be completely\r
-overwhelmed by the volume of traffic. It's hard enough to keep up\r
-with the list as it is.\r
-\r
-\S{faq-mailinglist2}{Question} If putty-bugs isn't a\r
-general-subscription mailing list, what is?\r
-\r
-There isn't one, that we know of.\r
-\r
-If someone else wants to set up a mailing list or other forum for\r
-PuTTY users to help each other with common problems, that would be\r
-fine with us, though the PuTTY team would almost certainly not have the\r
-time to read it.  It's probably better to use one of the established\r
-newsgroups for this purpose (see \k{feedback-other-fora}).\r
-\r
-\S{faq-donations}{Question} How can I donate to PuTTY development?\r
-\r
-Please, \e{please} don't feel you have to. PuTTY is completely free\r
-software, and not shareware. We think it's very important that\r
-\e{everybody} who wants to use PuTTY should be able to, whether they\r
-have any money or not; so the last thing we would want is for a\r
-PuTTY user to feel guilty because they haven't paid us any money. If\r
-you want to keep your money, please do keep it. We wouldn't dream of\r
-asking for any.\r
-\r
-Having said all that, if you still really \e{want} to give us money,\r
-we won't argue :-) The easiest way for us to accept donations is if\r
-you send money to \cw{<anakin@pobox.com>} using PayPal\r
-(\W{http://www.paypal.com/}\cw{www.paypal.com}). If you don't like\r
-PayPal, talk to us; we can probably arrange some alternative means.\r
-\r
-Small donations (tens of dollars or tens of euros) will probably be\r
-spent on beer or curry, which helps motivate our volunteer team to\r
-continue doing this for the world. Larger donations will be spent on\r
-something that actually helps development, if we can find anything\r
-(perhaps new hardware, or a copy of Windows XP), but if we can't\r
-find anything then we'll just distribute the money among the\r
-developers. If you want to be sure your donation is going towards\r
-something worthwhile, ask us first. If you don't like these terms,\r
-feel perfectly free not to donate. We don't mind.\r
-\r
-\S{faq-permission}{Question} Can I have permission to put PuTTY on a\r
-cover disk / distribute it with other software / etc?\r
-\r
-Yes. For most things, you need not bother asking us explicitly for\r
-permission; our licence already grants you permission.\r
-\r
-See \k{feedback-permission} for more details.\r
-\r
-\S{faq-indemnity}{Question} Can you sign an agreement indemnifying\r
-us against security problems in PuTTY?\r
-\r
-No!\r
-\r
-A vendor of physical security products (e.g. locks) might plausibly\r
-be willing to accept financial liability for a product that failed\r
-to perform as advertised and resulted in damage (e.g. valuables\r
-being stolen). The reason they can afford to do this is because they\r
-sell a \e{lot} of units, and only a small proportion of them will\r
-fail; so they can meet their financial liability out of the income\r
-from all the rest of their sales, and still have enough left over to\r
-make a profit. Financial liability is intrinsically linked to\r
-selling your product for money.\r
-\r
-There are two reasons why PuTTY is not analogous to a physical lock\r
-in this context. One is that software products don't exhibit random\r
-variation: \e{if} PuTTY has a security hole (which does happen,\r
-although we do our utmost to prevent it and to respond quickly when\r
-it does), every copy of PuTTY will have the same hole, so it's\r
-likely to affect all the users at the same time. So even if our\r
-users were all paying us to use PuTTY, we wouldn't be able to\r
-\e{simultaneously} pay every affected user compensation in excess of\r
-the amount they had paid us in the first place. It just wouldn't\r
-work.\r
-\r
-The second, much more important, reason is that PuTTY users\r
-\e{don't} pay us. The PuTTY team does not have an income; it's a\r
-volunteer effort composed of people spending their spare time to try\r
-to write useful software. We aren't even a company or any kind of\r
-legally recognised organisation. We're just a bunch of people who\r
-happen to do some stuff in our spare time.\r
-\r
-Therefore, to ask us to assume financial liability is to ask us to\r
-assume a risk of having to pay it out of our own \e{personal}\r
-pockets: out of the same budget from which we buy food and clothes\r
-and pay our rent. That's more than we're willing to give. We're\r
-already giving a lot of our spare \e{time} to developing software\r
-for free; if we had to pay our own \e{money} to do it as well, we'd\r
-start to wonder why we were bothering.\r
-\r
-Free software fundamentally does not work on the basis of financial\r
-guarantees. Your guarantee of the software functioning correctly is\r
-simply that you have the source code and can check it before you use\r
-it. If you want to be sure there aren't any security holes, do a\r
-security audit of the PuTTY code, or hire a security engineer if you\r
-don't have the necessary skills yourself: instead of trying to\r
-ensure you can get compensation in the event of a disaster, try to\r
-ensure there isn't a disaster in the first place.\r
-\r
-If you \e{really} want financial security, see if you can find a\r
-security engineer who will take financial responsibility for the\r
-correctness of their review. (This might be less likely to suffer\r
-from the everything-failing-at-once problem mentioned above, because\r
-such an engineer would probably be reviewing a lot of \e{different}\r
-products which would tend to fail independently.) Failing that, see\r
-if you can persuade an insurance company to insure you against\r
-security incidents, and if the insurer demands it as a condition\r
-then get our code reviewed by a security engineer they're happy\r
-with.\r
-\r
-\S{faq-permission-form}{Question} Can you sign this form granting us\r
-permission to use/distribute PuTTY?\r
-\r
-If your form contains any clause along the lines of \q{the\r
-undersigned represents and warrants}, we're not going to sign it.\r
-This is particularly true if it asks us to warrant that PuTTY is\r
-secure; see \k{faq-indemnity} for more discussion of this. But it\r
-doesn't really matter what we're supposed to be warranting: even if\r
-it's something we already believe is true, such as that we don't\r
-infringe any third-party copyright, we will not sign a document\r
-accepting any legal or financial liability. This is simply because\r
-the PuTTY development project has no income out of which to satisfy\r
-that liability, or pay legal costs, should it become necessary. We\r
-cannot afford to be sued. We are assuring you that \e{we have done\r
-our best}; if that isn't good enough for you, tough.\r
-\r
-The existing PuTTY licence document already gives you permission to\r
-use or distribute PuTTY in pretty much any way which does not\r
-involve pretending you wrote it or suing us if it goes wrong. We\r
-think that really ought to be enough for anybody.\r
-\r
-See also \k{faq-permission-general} for another reason why we don't\r
-want to do this sort of thing.\r
-\r
-\S{faq-permission-future}{Question} Can you write us a formal notice\r
-of permission to use PuTTY?\r
-\r
-We could, in principle, but it isn't clear what use it would be. If\r
-you think there's a serious chance of one of the PuTTY copyright\r
-holders suing you (which we don't!), you would presumably want a\r
-signed notice from \e{all} of them; and we couldn't provide that\r
-even if we wanted to, because many of the copyright holders are\r
-people who contributed some code in the past and with whom we\r
-subsequently lost contact. Therefore the best we would be able to do\r
-\e{even in theory} would be to have the core development team sign\r
-the document, which wouldn't guarantee you that some other copyright\r
-holder might not sue.\r
-\r
-See also \k{faq-permission-general} for another reason why we don't\r
-want to do this sort of thing.\r
-\r
-\S{faq-permission-general}{Question} Can you sign \e{anything} for\r
-us?\r
-\r
-Not unless there's an incredibly good reason.\r
-\r
-We are generally unwilling to set a precedent that involves us\r
-having to enter into individual agreements with PuTTY users. We\r
-estimate that we have literally \e{millions} of users, and we\r
-absolutely would not have time to go round signing specific\r
-agreements with every one of them. So if you want us to sign\r
-something specific for you, you might usefully stop to consider\r
-whether there's anything special that distinguishes you from 999,999\r
-other users, and therefore any reason we should be willing to sign\r
-something for you without it setting such a precedent.\r
-\r
-If your company policy requires you to have an individual agreement\r
-with the supplier of any software you use, then your company policy\r
-is simply not well suited to using popular free software, and we\r
-urge you to consider this as a flaw in your policy.\r
-\r
-\S{faq-permission-assurance}{Question} If you won't sign anything,\r
-can you give us some sort of assurance that you won't make PuTTY\r
-closed-source in future?\r
-\r
-Yes and no.\r
-\r
-If what you want is an assurance that some \e{current version} of\r
-PuTTY which you've already downloaded will remain free, then you\r
-already have that assurance: it's called the PuTTY Licence. It\r
-grants you permission to use, distribute and copy the software to\r
-which it applies; once we've granted that permission (which we\r
-have), we can't just revoke it.\r
-\r
-On the other hand, if you want an assurance that \e{future} versions\r
-of PuTTY won't be closed-source, that's more difficult. We could in\r
-principle sign a document stating that we would never release a\r
-closed-source PuTTY, but that wouldn't assure you that we \e{would}\r
-keep releasing \e{open}-source PuTTYs: we would still have the\r
-option of ceasing to develop PuTTY at all, which would surely be\r
-even worse for you than making it closed-source! (And we almost\r
-certainly wouldn't \e{want} to sign a document guaranteeing that we\r
-would actually continue to do development work on PuTTY; we\r
-certainly wouldn't sign it for free. Documents like that are called\r
-contracts of employment, and are generally not signed except in\r
-return for a sizeable salary.)\r
-\r
-If we \e{were} to stop developing PuTTY, or to decide to make all\r
-future releases closed-source, then you would still be free to copy\r
-the last open release in accordance with the current licence, and in\r
-particular you could start your own fork of the project from that\r
-release. If this happened, I confidently predict that \e{somebody}\r
-would do that, and that some kind of a free PuTTY would continue to\r
-be developed. There's already precedent for that sort of thing\r
-happening in free software. We can't guarantee that somebody\r
-\e{other than you} would do it, of course; you might have to do it\r
-yourself. But we can assure you that there would be nothing\r
-\e{preventing} anyone from continuing free development if we\r
-stopped.\r
-\r
-(Finally, we can also confidently predict that if we made PuTTY\r
-closed-source and someone made an open-source fork, most people\r
-would switch to the latter. Therefore, it would be pretty stupid of\r
-us to try it.)\r
-\r
-\S{faq-export-cert}{Question} Can you provide us with export control\r
-information / FIPS certification for PuTTY?\r
-\r
-Some people have asked us for an Export Control Classification Number\r
-(ECCN) for PuTTY.  We don't know whether we have one, and as a team of\r
-free software developers based in the UK we don't have the time,\r
-money, or effort to deal with US bureaucracy to investigate any\r
-further.  We believe that PuTTY falls under 5D002 on the US Commerce\r
-Control List, but that shouldn't be taken as definitive.  If you need\r
-to know more you should seek professional legal advice.  The same\r
-applies to any other country's legal requirements and restrictions.\r
-\r
-Similarly, some people have asked us for FIPS certification of the\r
-PuTTY tools.  Unless someone else is prepared to do the necessary work\r
-and pay any costs, we can't provide this.\r
-\r
-\H{faq-misc} Miscellaneous questions\r
-\r
-\S{faq-openssh}{Question} Is PuTTY a port of \i{OpenSSH}, or based on\r
-OpenSSH or OpenSSL?\r
-\r
-No, it isn't. PuTTY is almost completely composed of code written\r
-from scratch for PuTTY. The only code we share with OpenSSH is the\r
-detector for SSH-1 CRC compensation attacks, written by CORE SDI\r
-S.A; we share no code at all with OpenSSL.\r
-\r
-\S{faq-sillyputty}{Question} Where can I buy silly putty?\r
-\r
-You're looking at the wrong web site; the only PuTTY we know about\r
-here is the name of a computer program.\r
-\r
-If you want the kind of putty you can buy as an executive toy, the\r
-PuTTY team can personally recommend Thinking Putty, which you can\r
-buy from Crazy Aaron's Putty World, at\r
-\W{http://www.puttyworld.com}\cw{www.puttyworld.com}.\r
-\r
-\S{faq-meaning}{Question} What does \q{PuTTY} mean?\r
-\r
-It's the name of a popular SSH and Telnet client.  Any other meaning\r
-is in the eye of the beholder.  It's been rumoured that \q{PuTTY}\r
-is the antonym of \q{\cw{getty}}, or that it's the stuff that makes your\r
-Windows useful, or that it's a kind of plutonium Teletype.  We\r
-couldn't possibly comment on such allegations.\r
-\r
-\S{faq-pronounce}{Question} How do I pronounce \q{PuTTY}?\r
-\r
-Exactly like the English word \q{putty}, which we pronounce\r
-/\u02C8{'}p\u028C{V}ti/.\r