using.but 54 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272
  1. \C{using} Using PuTTY
  2. This chapter provides a general introduction to some more advanced
  3. features of PuTTY. For extreme detail and reference purposes,
  4. \k{config} is likely to contain more information.
  5. \H{using-session} During your session
  6. A lot of PuTTY's complexity and features are in the configuration
  7. panel. Once you have worked your way through that and started
  8. a session, things should be reasonably simple after that.
  9. Nevertheless, there are a few more useful features available.
  10. \S{using-selection} Copying and pasting text
  11. \I{copy and paste}Often in a PuTTY session you will find text on
  12. your terminal screen which you want to type in again. Like most
  13. other terminal emulators, PuTTY allows you to copy and paste the
  14. text rather than having to type it again. Also, copy and paste uses
  15. the \I{Windows clipboard}Windows \i{clipboard}, so that you can
  16. paste (for example) URLs into a web browser, or paste from a word
  17. processor or spreadsheet into your terminal session.
  18. By default, PuTTY's copy and paste works entirely with the \i{mouse}.
  19. (This will be familiar to people who have used \i\c{xterm} on Unix.)
  20. In order to copy text to the clipboard, you just click the \i{left
  21. mouse button} in the \i{terminal window}, and drag to
  22. \I{selecting text}select text. When you let go of the button, the text
  23. is \e{automatically} copied to the clipboard. You do not need to press
  24. \i{Ctrl-C} or \i{Ctrl-Ins}; in fact, if you do press Ctrl-C, PuTTY will
  25. send a Ctrl-C character down your session to the server where it will
  26. probably cause a process to be interrupted.
  27. Pasting into PuTTY is done using the right button (or the middle mouse
  28. button, if you have a \i{three-button mouse} and have set it up; see
  29. \k{config-mouse}). (Pressing \i{Shift-Ins}, or selecting \q{Paste}
  30. from the \I{right mouse button, with Ctrl}Ctrl+right-click
  31. \i{context menu}, have the same effect.) When
  32. you click the \i{right mouse button}, PuTTY will read whatever is in
  33. the Windows clipboard and paste it into your session. By default, this
  34. behaves \e{exactly} as if the clipboard contents had been typed at the
  35. keyboard; therefore, be careful of pasting formatted text into an
  36. editor that does automatic \i{indenting}, as you may find that the spaces
  37. pasted from the clipboard plus the spaces added by the editor add up
  38. to too many spaces and ruin the formatting. (Some remote applications
  39. can ask PuTTY to identify text that is being pasted, to avoid this
  40. sort of problem; but if your application does not, there is nothing
  41. PuTTY can do to avoid this.)
  42. If you \i{double-click} the left mouse button, PuTTY will
  43. \I{selecting words}select a whole word. If you double-click, hold
  44. down the second click, and drag the mouse, PuTTY will select a
  45. sequence of whole words. (You can adjust precisely what PuTTY
  46. considers to be part of a word; see \k{config-charclasses}.)
  47. If you \e{triple}-click, or \i{triple-click} and drag, then
  48. PuTTY will \I{selecting lines}select a whole line or sequence of lines.
  49. If you want to select a \I{rectangular selection}rectangular region
  50. instead of selecting to the end of each line, you can do this by
  51. holding down Alt when you make your selection. You can also
  52. configure rectangular selection to be the default, and then holding
  53. down Alt gives the normal behaviour instead: see
  54. \k{config-rectselect} for details.
  55. (In some Unix environments, Alt+drag is intercepted by the window
  56. manager. Shift+Alt+drag should work for rectangular selection as
  57. well, so you could try that instead.)
  58. If you have a \i{middle mouse button}, then you can use it to
  59. \I{adjusting a selection}adjust an existing selection if you
  60. selected something slightly wrong. (If you have configured the
  61. middle mouse button to paste, then the right mouse button does this
  62. instead.) Click the button on the screen, and you can pick up the
  63. nearest end of the selection and drag it to somewhere else.
  64. If you are running PuTTY itself on Unix (not just using it to connect
  65. to a Unix system from Windows), by default you will likely have to use
  66. similar mouse actions in other applications to paste the text you
  67. copied from PuTTY, and to copy text for pasting into PuTTY; actions
  68. like \i{Ctrl-C} and Ctrl-V will likely not behave as you expect.
  69. \K{config-clipboards} explains why this is, and how you can change the
  70. behaviour. (On Windows there is only a single selection shared with other
  71. applications, so this confusion does not arise.)
  72. It's possible for the server to ask to \I{mouse reporting}handle mouse
  73. clicks in the PuTTY window itself. If this happens, the \i{mouse pointer}
  74. will turn into an arrow, and using the mouse to copy and paste will only
  75. work if you hold down Shift. See \k{config-features-mouse} and
  76. \k{config-mouseshift} for details of this feature and how to configure
  77. it.
  78. You can customise much of this behaviour, for instance to enable copy
  79. and paste from the keyboard; see \k{config-selection}.
  80. \S{using-scrollback} \I{scrollback}Scrolling the screen back
  81. PuTTY keeps track of text that has scrolled up off the top of the
  82. terminal. So if something appears on the screen that you want to
  83. read, but it scrolls too fast and it's gone by the time you try to
  84. look for it, you can use the \i{scrollbar} on the right side of the
  85. window to look back up the session \i{history} and find it again.
  86. As well as using the scrollbar, you can also page the scrollback up
  87. and down by pressing \i{Shift-PgUp} and \i{Shift-PgDn}. You can
  88. scroll a line at a time using \i{Ctrl-PgUp} and \i{Ctrl-PgDn}, or
  89. to the top/bottom of the scrollback with \i{Ctrl-Shift-PgUp} and
  90. \i{Ctrl-Shift-PgDn}. These are still available if you configure the
  91. scrollbar to be invisible.
  92. By default the last 2000 lines scrolled off the top are
  93. preserved for you to look at. You can increase (or decrease) this
  94. value using the configuration box; see \k{config-scrollback}.
  95. \S{using-sysmenu} The \ii{System menu}
  96. If you click the left mouse button on the icon in the top left
  97. corner of PuTTY's terminal window, or click the right mouse button
  98. on the title bar, you will see the standard Windows system menu
  99. containing items like Minimise, Move, Size and Close.
  100. PuTTY's system menu contains extra program features in addition to
  101. the Windows standard options. These extra menu commands are
  102. described below.
  103. (These options are also available in a \i{context menu} brought up
  104. by holding Ctrl and clicking with the right mouse button anywhere
  105. in the \i{PuTTY window}.)
  106. \S2{using-eventlog} The PuTTY \i{Event Log}
  107. If you choose \q{Event Log} from the system menu, a small window
  108. will pop up in which PuTTY logs significant events during the
  109. connection. Most of the events in the log will probably take place
  110. during session startup, but a few can occur at any point in the
  111. session, and one or two occur right at the end.
  112. You can use the mouse to select one or more lines of the Event Log,
  113. and hit the Copy button to copy them to the \i{clipboard}. If you
  114. are reporting a bug, it's often useful to paste the contents of the
  115. Event Log into your bug report.
  116. (The Event Log is not the same as the facility to create a log file
  117. of your session; that's described in \k{using-logging}.)
  118. \S2{using-specials} \ii{Special commands}
  119. Depending on the protocol used for the current session, there may be
  120. a submenu of \q{special commands}. These are protocol-specific
  121. tokens, such as a \q{break} signal, that can be sent down a
  122. connection in addition to normal data. Their precise effect is usually
  123. up to the server. Currently only Telnet, SSH, and serial connections
  124. have special commands.
  125. The \q{break} signal can also be invoked from the keyboard with
  126. \i{Ctrl-Break}.
  127. In an SSH connection, the following \I{SSH special commands}special
  128. commands are available:
  129. \b \I{IGNORE message, SSH special command}\I{No-op, in SSH}\ii{IGNORE message}
  130. \lcont{
  131. Should have no effect.
  132. }
  133. \b \I{Repeat key exchange, SSH special command}Repeat key exchange
  134. \lcont{
  135. Only available in SSH-2. Forces a \i{repeat key exchange} immediately (and
  136. resets associated timers and counters). For more information about
  137. repeat key exchanges, see \k{config-ssh-kex-rekey}.
  138. }
  139. \b \I{host key cache}Cache new host key type
  140. \lcont{
  141. Only available in SSH-2. This submenu appears only if the server has
  142. host keys of a type that PuTTY doesn't already have cached, and so
  143. won't consider. Selecting a key here will allow PuTTY to use that key
  144. now and in future: PuTTY will do a fresh key-exchange with the selected
  145. key, and immediately add that key to its permanent cache (relying on
  146. the host key used at the start of the connection to cross-certify the
  147. new key). That key will be used for the rest of the current session;
  148. it may not actually be used for future sessions, depending on your
  149. preferences (see \k{config-ssh-hostkey-order}).
  150. Normally, PuTTY will carry on using a host key it already knows, even
  151. if the server offers key formats that PuTTY would otherwise prefer,
  152. to avoid host key prompts. As a result, if you've been using a server
  153. for some years, you may still be using an older key than a new user
  154. would use, due to server upgrades in the meantime. The SSH protocol
  155. unfortunately does not have organised facilities for host key migration
  156. and rollover, but this allows you to \I{host keys, upgrading}manually
  157. upgrade.
  158. }
  159. \b \I{Break, SSH special command}Break
  160. \lcont{
  161. Only available in SSH-2, and only during a session. Optional
  162. extension; may not be supported by server. PuTTY requests the server's
  163. default break length.
  164. }
  165. \b \I{Signal, SSH special command}Signals (SIGINT, SIGTERM etc)
  166. \lcont{
  167. Only available in SSH-2, and only during a session. Sends various
  168. POSIX signals. Not honoured by all servers.
  169. }
  170. The following \I{Telnet special commands}special commands are
  171. available in Telnet:
  172. \b \I{Are You There, Telnet special command}Are You There
  173. \b \I{Break, Telnet special command}Break
  174. \b \I{Synch, Telnet special command}Synch
  175. \b \I{Erase Character, Telnet special command}Erase Character
  176. \lcont{
  177. PuTTY can also be configured to send this when the Backspace key is
  178. pressed; see \k{config-telnetkey}.
  179. }
  180. \b \I{Erase Line, Telnet special command}Erase Line
  181. \b \I{Go Ahead, Telnet special command}Go Ahead
  182. \b \I{No Operation, Telnet special command}No Operation
  183. \lcont{
  184. Should have no effect.
  185. }
  186. \b \I{Abort Process, Telnet special command}Abort Process
  187. \b \I{Abort Output, Telnet special command}Abort Output
  188. \b \I{Interrupt Process, Telnet special command}Interrupt Process
  189. \lcont{
  190. PuTTY can also be configured to send this when Ctrl-C is typed; see
  191. \k{config-telnetkey}.
  192. }
  193. \b \I{Suspend Process, Telnet special command}Suspend Process
  194. \lcont{
  195. PuTTY can also be configured to send this when Ctrl-Z is typed; see
  196. \k{config-telnetkey}.
  197. }
  198. \b \I{End Of Record, Telnet special command}End Of Record
  199. \b \I{End Of File, Telnet special command}End Of File
  200. With a serial connection, the only available special command is
  201. \I{Break, serial special command}\q{Break}.
  202. \S2{using-newsession} Starting new sessions
  203. PuTTY's system menu provides some shortcut ways to start new
  204. sessions:
  205. \b Selecting \i{\q{New Session}} will start a completely new
  206. instance of PuTTY, and bring up the configuration box as normal.
  207. \b Selecting \i{\q{Duplicate Session}} will start a session in a
  208. new window with precisely the same options as your current one -
  209. connecting to the same host using the same protocol, with all the
  210. same terminal settings and everything.
  211. \b In an inactive window, selecting \i{\q{Restart Session}} will
  212. do the same as \q{Duplicate Session}, but in the current window.
  213. \b The \i{\q{Saved Sessions} submenu} gives you quick access to any
  214. sets of stored session details you have previously saved. See
  215. \k{config-saving} for details of how to create saved sessions.
  216. \S2{using-changesettings} \I{settings, changing}Changing your
  217. session settings
  218. If you select \i{\q{Change Settings}} from the system menu, PuTTY will
  219. display a cut-down version of its initial configuration box. This
  220. allows you to adjust most properties of your current session. You
  221. can change the terminal size, the font, the actions of various
  222. keypresses, the colours, and so on.
  223. Some of the options that are available in the main configuration box
  224. are not shown in the cut-down Change Settings box. These are usually
  225. options which don't make sense to change in the middle of a session
  226. (for example, you can't switch from SSH to Telnet in mid-session).
  227. You can save the current settings to a saved session for future use
  228. from this dialog box. See \k{config-saving} for more on saved
  229. sessions.
  230. \S2{using-copyall} \i{Copy All to Clipboard}
  231. This system menu option provides a convenient way to copy the whole
  232. contents of the terminal screen (up to the last nonempty line) and
  233. scrollback to the \i{clipboard} in one go.
  234. \S2{reset-terminal} \I{scrollback, clearing}Clearing and
  235. \I{terminal, resetting}resetting the terminal
  236. The \i{\q{Clear Scrollback}} option on the system menu tells PuTTY
  237. to discard all the lines of text that have been kept after they
  238. scrolled off the top of the screen. This might be useful, for
  239. example, if you displayed sensitive information and wanted to make
  240. sure nobody could look over your shoulder and see it. (Note that
  241. this only prevents a casual user from using the scrollbar to view
  242. the information; the text is not guaranteed not to still be in
  243. PuTTY's memory.)
  244. The \i{\q{Reset Terminal}} option causes a full reset of the
  245. \i{terminal emulation}. A VT-series terminal is a complex piece of
  246. software and can easily get into a state where all the text printed
  247. becomes unreadable. (This can happen, for example, if you
  248. accidentally output a binary file to your terminal.) If this
  249. happens, selecting Reset Terminal should sort it out.
  250. \S2{using-fullscreen} \ii{Full screen} mode
  251. If you find the title bar on a maximised window to be ugly or
  252. distracting, you can select Full Screen mode to maximise PuTTY
  253. \q{even more}. When you select this, PuTTY will expand to fill the
  254. whole screen and its borders, title bar and scrollbar will
  255. disappear. (You can configure the scrollbar not to disappear in
  256. full-screen mode if you want to keep it; see \k{config-scrollback}.)
  257. When you are in full-screen mode, you can still access the \i{system
  258. menu} if you click the left mouse button in the \e{extreme} top left
  259. corner of the screen.
  260. \H{using-logging} Creating a \i{log file} of your \I{session
  261. log}session
  262. For some purposes you may find you want to log everything that
  263. appears on your screen. You can do this using the \q{Logging}
  264. panel in the configuration box.
  265. To begin a session log, select \q{Change Settings} from the system
  266. menu and go to the Logging panel. Enter a log file name, and select
  267. a logging mode. (You can log all session output including the
  268. terminal \i{control sequence}s, or you can just log the printable text.
  269. It depends what you want the log for.) Click \q{Apply} and your log
  270. will be started. Later on, you can go back to the Logging panel and
  271. select \q{Logging turned off completely} to stop logging; then PuTTY
  272. will close the log file and you can safely read it.
  273. See \k{config-logging} for more details and options.
  274. \H{using-translation} Altering your \i{character set} configuration
  275. If you find that special characters (\i{accented characters}, for
  276. example, or \i{line-drawing characters}) are not being displayed
  277. correctly in your PuTTY session, it may be that PuTTY is interpreting
  278. the characters sent by the server according to the wrong \e{character
  279. set}. There are a lot of different character sets available, and no
  280. good way for PuTTY to know which to use, so it's entirely possible
  281. for this to happen.
  282. If you click \q{Change Settings} and look at the \q{Translation}
  283. panel, you should see a large number of character sets which you can
  284. select, and other related options. Now all you need is to find out
  285. which of them you want! (See \k{config-translation} for more
  286. information.)
  287. \H{using-x-forwarding} Using \i{X11 forwarding} in SSH
  288. The SSH protocol has the ability to securely forward X Window System
  289. \i{graphical applications} over your encrypted SSH connection, so that
  290. you can run an application on the SSH server machine and have it put
  291. its windows up on your local machine without sending any X network
  292. traffic in the clear.
  293. In order to use this feature, you will need an X display server for
  294. your Windows machine, such as Cygwin/X, X-Win32, or Exceed. This will probably
  295. install itself as display number 0 on your local machine; if it
  296. doesn't, the manual for the \i{X server} should tell you what it
  297. does do.
  298. You should then tick the \q{Enable X11 forwarding} box in the
  299. X11 panel (see \k{config-ssh-x11}) before starting your SSH
  300. session. The \i{\q{X display location}} box is blank by default, which
  301. means that PuTTY will try to use a sensible default such as \c{:0},
  302. which is the usual display location where your X server will be
  303. installed. If that needs changing, then change it.
  304. Now you should be able to log in to the SSH server as normal. To
  305. check that X forwarding has been successfully negotiated during
  306. connection startup, you can check the PuTTY Event Log (see
  307. \k{using-eventlog}). It should say something like this:
  308. \c 2001-12-05 17:22:01 Requesting X11 forwarding
  309. \c 2001-12-05 17:22:02 X11 forwarding enabled
  310. If the remote system is Unix or Unix-like, you should also be able
  311. to see that the \i{\c{DISPLAY} environment variable} has been set to
  312. point at display 10 or above on the SSH server machine itself:
  313. \c fred@unixbox:~$ echo $DISPLAY
  314. \c unixbox:10.0
  315. If this works, you should then be able to run X applications in the
  316. remote session and have them display their windows on your PC.
  317. For more options relating to X11 forwarding, see \k{config-ssh-x11}.
  318. \H{using-port-forwarding} Using \i{port forwarding} in SSH
  319. The SSH protocol has the ability to forward arbitrary \I{network
  320. connection}network (TCP) connections over your encrypted SSH
  321. connection, to avoid the network traffic being sent in clear. For
  322. example, you could use this to connect from your home computer to a
  323. \i{POP-3} server on a remote machine without your POP-3 password being
  324. visible to network sniffers.
  325. In order to use port forwarding to \I{local port forwarding}connect
  326. from your local machine to a port on a remote server, you need to:
  327. \b Choose a \i{port number} on your local machine where PuTTY should
  328. listen for incoming connections. There are likely to be plenty of
  329. unused port numbers above 3000. (You can also use a local loopback
  330. address here; see below for more details.)
  331. \b Now, before you start your SSH connection, go to the Tunnels
  332. panel (see \k{config-ssh-portfwd}). Make sure the \q{Local} radio
  333. button is set. Enter the local port number into the \q{Source port}
  334. box. Enter the destination host name and port number into the
  335. \q{Destination} box, separated by a colon (for example,
  336. \c{popserver.example.com:110} to connect to a POP-3 server).
  337. \b Now click the \q{Add} button. The details of your port forwarding
  338. should appear in the list box.
  339. Now start your session and log in. (Port forwarding will not be
  340. enabled until after you have logged in; otherwise it would be easy
  341. to perform completely anonymous network attacks, and gain access to
  342. anyone's virtual private network.) To check that PuTTY has set up
  343. the port forwarding correctly, you can look at the PuTTY Event Log
  344. (see \k{using-eventlog}). It should say something like this:
  345. \c 2001-12-05 17:22:10 Local port 3110 forwarding to
  346. \c popserver.example.com:110
  347. Now if you connect to the source port number on your local PC, you
  348. should find that it answers you exactly as if it were the service
  349. running on the destination machine. So in this example, you could
  350. then configure an e-mail client to use \c{localhost:3110} as a POP-3
  351. server instead of \c{popserver.example.com:110}. (Of course, the
  352. forwarding will stop happening when your PuTTY session closes down.)
  353. You can also forward ports in the other direction: arrange for a
  354. particular port number on the \e{server} machine to be \I{remote
  355. port forwarding}forwarded back to your PC as a connection to a
  356. service on your PC or near it.
  357. To do this, just select the \q{Remote} radio button instead of the
  358. \q{Local} one. The \q{Source port} box will now specify a port
  359. number on the \e{server} (note that most servers will not allow you
  360. to use \I{privileged port}port numbers under 1024 for this purpose).
  361. An alternative way to forward local connections to remote hosts is
  362. to use \I{dynamic port forwarding}dynamic SOCKS proxying. In this
  363. mode, PuTTY acts as a SOCKS server, which SOCKS-aware programs can
  364. connect to and open forwarded connections to the destination of their
  365. choice, so this can be an alternative to long lists of static
  366. forwardings. To use this mode, you will need to select the \q{Dynamic}
  367. radio button instead of \q{Local}, and then you should not enter
  368. anything into the \q{Destination} box (it will be ignored). PuTTY will
  369. then listen for SOCKS connections on the port you have specified.
  370. Most \i{web browsers} can be configured to connect to this SOCKS proxy
  371. service; also, you can forward other PuTTY connections through it by
  372. setting up the Proxy control panel (see \k{config-proxy} for details).
  373. The source port for a forwarded connection usually does not accept
  374. connections from any machine except the \I{localhost}SSH client or
  375. server machine itself (for local and remote forwardings respectively).
  376. There are controls in the Tunnels panel to change this:
  377. \b The \q{Local ports accept connections from other hosts} option
  378. allows you to set up local-to-remote port forwardings (including
  379. dynamic port forwardings) in such a way that machines other than
  380. your client PC can connect to the forwarded port.
  381. \b The \q{Remote ports do the same} option does the same thing for
  382. remote-to-local port forwardings (so that machines other than the
  383. SSH server machine can connect to the forwarded port.) Note that
  384. this feature is only available in the SSH-2 protocol, and not all
  385. SSH-2 servers honour it (in \i{OpenSSH}, for example, it's usually
  386. disabled by default).
  387. You can also specify an \i{IP address} to \I{listen address}listen
  388. on. Typically a Windows machine can be asked to listen on any single
  389. IP address in the \cw{127.*.*.*} range, and all of these are
  390. \i{loopback address}es available only to the local machine. So if
  391. you forward (for example) \c{127.0.0.5:79} to a remote machine's
  392. \i\cw{finger} port, then you should be able to run commands such as
  393. \c{finger fred@127.0.0.5}.
  394. This can be useful if the program connecting to the forwarded port
  395. doesn't allow you to change the port number it uses. This feature is
  396. available for local-to-remote forwarded ports; SSH-1 is unable to
  397. support it for remote-to-local ports, while SSH-2 can support it in
  398. theory but servers will not necessarily cooperate.
  399. (Note that if you're using Windows XP Service Pack 2, you may need
  400. to obtain a fix from Microsoft in order to use addresses like
  401. \cw{127.0.0.5} - see \k{faq-alternate-localhost}.)
  402. For more options relating to port forwarding, see
  403. \k{config-ssh-portfwd}.
  404. If the connection you are forwarding over SSH is itself a second SSH
  405. connection made by another copy of PuTTY, you might find the
  406. \q{logical host name} configuration option useful to warn PuTTY of
  407. which host key it should be expecting. See \k{config-loghost} for
  408. details of this.
  409. \H{using-serial} Connecting to a local serial line
  410. PuTTY can connect directly to a local serial line as an alternative
  411. to making a network connection. In this mode, text typed into the
  412. PuTTY window will be sent straight out of your computer's serial
  413. port, and data received through that port will be displayed in the
  414. PuTTY window. You might use this mode, for example, if your serial
  415. port is connected to another computer which has a serial connection.
  416. To make a connection of this type, simply select \q{Serial} from the
  417. \q{Connection type} radio buttons on the \q{Session} configuration
  418. panel (see \k{config-hostname}). The \q{Host Name} and \q{Port}
  419. boxes will transform into \q{Serial line} and \q{Speed}, allowing
  420. you to specify which serial line to use (if your computer has more
  421. than one) and what speed (baud rate) to use when transferring data.
  422. For further configuration options (data bits, stop bits, parity,
  423. flow control), you can use the \q{Serial} configuration panel (see
  424. \k{config-serial}).
  425. After you start up PuTTY in serial mode, you might find that you
  426. have to make the first move, by sending some data out of the serial
  427. line in order to notify the device at the other end that someone is
  428. there for it to talk to. This probably depends on the device. If you
  429. start up a PuTTY serial session and nothing appears in the window,
  430. try pressing Return a few times and see if that helps.
  431. A serial line provides no well defined means for one end of the
  432. connection to notify the other that the connection is finished.
  433. Therefore, PuTTY in serial mode will remain connected until you
  434. close the window using the close button.
  435. \H{using-rawprot} Making \i{raw TCP connections}
  436. A lot of \I{debugging Internet protocols}Internet protocols are
  437. composed of commands and responses in plain text. For example,
  438. \i{SMTP} (the protocol used to transfer e-mail), \i{NNTP} (the
  439. protocol used to transfer Usenet news), and \i{HTTP} (the protocol
  440. used to serve Web pages) all consist of commands in readable plain
  441. text.
  442. Sometimes it can be useful to connect directly to one of these
  443. services and speak the protocol \q{by hand}, by typing protocol
  444. commands and watching the responses. On Unix machines, you can do
  445. this using the system's \c{telnet} command to connect to the right
  446. port number. For example, \c{telnet mailserver.example.com 25} might
  447. enable you to talk directly to the SMTP service running on a mail
  448. server.
  449. Although the Unix \c{telnet} program provides this functionality,
  450. the protocol being used is not really Telnet. Really there is no
  451. actual protocol at all; the bytes sent down the connection are
  452. exactly the ones you type, and the bytes shown on the screen are
  453. exactly the ones sent by the server. Unix \c{telnet} will attempt to
  454. detect or guess whether the service it is talking to is a real
  455. Telnet service or not; PuTTY prefers to be told for certain.
  456. In order to make a debugging connection to a service of this type,
  457. you simply select the fourth protocol name, \I{\q{Raw}
  458. protocol}\q{Raw}, from the \q{Protocol} buttons in the \q{Session}
  459. configuration panel. (See \k{config-hostname}.) You can then enter a
  460. host name and a port number, and make the connection.
  461. \H{using-telnet} Connecting using the \i{Telnet} protocol
  462. PuTTY can use the Telnet protocol to connect to a server.
  463. Telnet was perhaps the most popular remote login protocol before SSH
  464. was introduced. It was general enough to be used by multiple server
  465. operating systems (Unix and VMS in particular), and supported many
  466. optional protocol extensions providing extra support for particular
  467. server features.
  468. Unlike SSH, Telnet runs over an unsecured network connection, so it is
  469. a very bad idea to use it over the hostile Internet (though it is
  470. still used to some extent as of 2020).
  471. \H{using-rlogin} Connecting using the \i{Rlogin} protocol
  472. PuTTY can use the Rlogin protocol to connect to a server.
  473. Rlogin was similar to Telnet in concept, but more focused on
  474. connections between Unix machines. It supported a feature for
  475. passwordless login, based on use of \q{privileged ports} (ports with
  476. numbers below 1024, which Unix traditionally does not allow users
  477. other than \cw{root} to allocate). Ultimately, based on the server
  478. trusting that the client's IP address was owned by the Unix machine it
  479. claimed to be, and that that machine would guard its privileged ports
  480. appropriately.
  481. Like Telnet, Rlogin runs over an unsecured network connection.
  482. \H{using-supdup} Connecting using the \i{SUPDUP} protocol
  483. PuTTY can use the SUPDUP protocol to connect to a server.
  484. SUPDUP is a login protocol used mainly by PDP-10 and Lisp machines
  485. during the period 1975-1990. Like Telnet and Rlogin, it is unsecured,
  486. so modern systems almost never support it.
  487. To make a connection of this type, select \q{SUPDUP} from the
  488. \q{Connection type} radio buttons on the \q{Session} panel (see
  489. \k{config-hostname}). For further configuration options (character
  490. set, more processing, scrolling), you can use the \q{SUPDUP}
  491. configuration panel (see \k{config-supdup}).
  492. In SUPDUP, terminal emulation is more integrated with the network
  493. protocol than in other protocols such as SSH. The SUPDUP protocol can
  494. thus only be used with PuTTY proper, not with the command-line tool
  495. Plink.
  496. The SUPDUP protocol does not support changing the terminal dimensions,
  497. so this capability is disabled during a SUPDUP session.
  498. SUPDUP provides no well defined means for one end of the connection to
  499. notify the other that the connection is finished. Therefore, PuTTY in
  500. SUPDUP mode will remain connected until you close the window using the
  501. close button.
  502. \H{using-cmdline} The PuTTY command line
  503. PuTTY can be made to do various things without user intervention by
  504. supplying \i{command-line arguments} (e.g., from a \i{command prompt
  505. window}, or a \i{Windows shortcut}).
  506. \S{using-cmdline-session} Starting a session from the command line
  507. \I\c{-ssh}\I\c{-ssh-connection}\I\c{-telnet}\I\c{-rlogin}\I\c{-supdup}\I\c{-raw}\I\c{-serial}These
  508. options allow you to bypass the configuration window and launch
  509. straight into a session.
  510. To start a connection to a server called \c{host}:
  511. \c putty.exe [-ssh | -ssh-connection | -telnet | -rlogin | -supdup | -raw] [user@]host
  512. If this syntax is used, settings are taken from the \i{Default Settings}
  513. (see \k{config-saving}); \c{user} overrides these settings if
  514. supplied. Also, you can specify a protocol, which will override the
  515. default protocol (see \k{using-cmdline-protocol}).
  516. For telnet sessions, the following alternative syntax is supported
  517. (this makes PuTTY suitable for use as a URL handler for \i{telnet
  518. URLs} in \i{web browsers}):
  519. \c putty.exe telnet://host[:port]/
  520. To start a connection to a serial port, e.g. COM1:
  521. \c putty.exe -serial com1
  522. In order to start an existing saved session called \c{sessionname},
  523. use the \c{-load} option (described in \k{using-cmdline-load}).
  524. \c putty.exe -load "session name"
  525. \S{using-cleanup} \i\c{-cleanup}
  526. If invoked with the \c{-cleanup} option, rather than running as
  527. normal, PuTTY will remove its \I{removing registry entries}registry
  528. entries and \i{random seed file} from the local machine (after
  529. confirming with the user). It will also attempt to remove information
  530. about recently launched sessions stored in the \q{jump list} on
  531. Windows 7 and up.
  532. Note that on \i{multi-user systems}, \c{-cleanup} only removes
  533. registry entries and files associated with the currently logged-in
  534. user.
  535. \S{using-general-opts} Standard command-line options
  536. PuTTY and its associated tools support a range of command-line
  537. options, most of which are consistent across all the tools. This
  538. section lists the available options in all tools. Options which are
  539. specific to a particular tool are covered in the chapter about that
  540. tool.
  541. \S2{using-cmdline-load} \i\c{-load}: load a saved session
  542. \I{saved sessions, loading from command line}The \c{-load} option
  543. causes PuTTY to load configuration details out of a saved session.
  544. If these details include a host name, then this option is all you
  545. need to make PuTTY start a session.
  546. You need double quotes around the session name if it contains spaces.
  547. If you want to create a \i{Windows shortcut} to start a PuTTY saved
  548. session, this is the option you should use: your shortcut should
  549. call something like
  550. \c d:\path\to\putty.exe -load "my session"
  551. (Note that PuTTY itself supports an alternative form of this option,
  552. for backwards compatibility. If you execute \i\c{putty @sessionname}
  553. it will have the same effect as \c{putty -load "sessionname"}. With
  554. the \c{@} form, no double quotes are required, and the \c{@} sign
  555. must be the very first thing on the command line. This form of the
  556. option is deprecated.)
  557. \S2{using-cmdline-protocol} Selecting a protocol: \c{-ssh},
  558. \c{-ssh-connection}, \c{-telnet}, \c{-rlogin}, \c{-supdup},
  559. \c{-raw}, \c{-serial}
  560. To choose which protocol you want to connect with, you can use one
  561. of these options:
  562. \b \i\c{-ssh} selects the SSH protocol.
  563. \b \i\c{-ssh-connection} selects the bare ssh-connection protocol.
  564. (This is only useful in specialised circumstances; see \k{config-psusan}
  565. for more information.)
  566. \b \i\c{-telnet} selects the Telnet protocol.
  567. \b \i\c{-rlogin} selects the Rlogin protocol.
  568. \b \i\c{-supdup} selects the SUPDUP protocol.
  569. \b \i\c{-raw} selects the raw protocol.
  570. \b \i\c{-serial} selects a serial connection.
  571. Most of these options are not available in the file transfer tools
  572. PSCP and PSFTP (which only work with the SSH protocol and the bare
  573. ssh-connection protocol).
  574. These options are equivalent to the \i{protocol selection} buttons
  575. in the Session panel of the PuTTY configuration box (see
  576. \k{config-hostname}).
  577. \S2{using-cmdline-v} \i\c{-v}: increase verbosity
  578. \I{verbose mode}Most of the PuTTY tools can be made to tell you more
  579. about what they are doing by supplying the \c{-v} option. If you are
  580. having trouble when making a connection, or you're simply curious,
  581. you can turn this switch on and hope to find out more about what is
  582. happening.
  583. \S2{using-cmdline-l} \i\c{-l}: specify a \i{login name}
  584. You can specify the user name to log in as on the remote server
  585. using the \c{-l} option. For example, \c{plink login.example.com -l
  586. fred}.
  587. These options are equivalent to the username selection box in the
  588. Connection panel of the PuTTY configuration box (see
  589. \k{config-username}).
  590. \S2{using-cmdline-portfwd} \I{-L-upper}\c{-L}, \I{-R-upper}\c{-R}
  591. and \I{-D-upper}\c{-D}: set up \i{port forwardings}
  592. As well as setting up port forwardings in the PuTTY configuration
  593. (see \k{config-ssh-portfwd}), you can also set up forwardings on the
  594. command line. The command-line options work just like the ones in
  595. Unix \c{ssh} programs.
  596. To \I{local port forwarding}forward a local port (say 5110) to a
  597. remote destination (say \cw{popserver.example.com} port 110), you
  598. can write something like one of these:
  599. \c putty -L 5110:popserver.example.com:110 -load mysession
  600. \c plink mysession -L 5110:popserver.example.com:110
  601. To forward a \I{remote port forwarding}remote port to a local
  602. destination, just use the \c{-R} option instead of \c{-L}:
  603. \c putty -R 5023:mytelnetserver.myhouse.org:23 -load mysession
  604. \c plink mysession -R 5023:mytelnetserver.myhouse.org:23
  605. To \I{listen address}specify an IP address for the listening end of the
  606. tunnel, prepend it to the argument:
  607. \c plink -L 127.0.0.5:23:localhost:23 myhost
  608. To set up \I{dynamic port forwarding}SOCKS-based dynamic port
  609. forwarding on a local port, use the \c{-D} option. For this one you
  610. only have to pass the port number:
  611. \c putty -D 4096 -load mysession
  612. For general information on port forwarding, see
  613. \k{using-port-forwarding}.
  614. These options are not available in the file transfer tools PSCP and
  615. PSFTP.
  616. \S2{using-cmdline-m} \i\c{-m}: \I{reading commands from a file}read
  617. a remote command or script from a file
  618. The \i\c{-m} option performs a similar function to the \q{\ii{Remote
  619. command}} box in the SSH panel of the PuTTY configuration box (see
  620. \k{config-command}). However, the \c{-m} option expects to be given
  621. a local file name, and it will read a command from that file.
  622. With some servers (particularly Unix systems), you can even put
  623. multiple lines in this file and execute more than one command in
  624. sequence, or a whole shell script; but this is arguably an abuse, and
  625. cannot be expected to work on all servers. In particular, it is known
  626. \e{not} to work with certain \q{embedded} servers, such as \i{Cisco}
  627. routers.
  628. This option is not available in the file transfer tools PSCP and
  629. PSFTP.
  630. \S2{using-cmdline-p} \I{-P-upper}\c{-P}: specify a \i{port number}
  631. The \c{-P} option is used to specify the port number to connect to. If
  632. you have a Telnet server running on port 9696 of a machine instead of
  633. port 23, for example:
  634. \c putty -telnet -P 9696 host.name
  635. \c plink -telnet -P 9696 host.name
  636. (Note that this option is more useful in Plink than in PuTTY,
  637. because in PuTTY you can write \c{putty -telnet host.name 9696} in
  638. any case.)
  639. This option is equivalent to the port number control in the Session
  640. panel of the PuTTY configuration box (see \k{config-hostname}).
  641. \S2{using-cmdline-pw} \i\c{-pwfile} and \i\c{-pw}: specify a \i{password}
  642. A simple way to automate a remote login is to supply your password
  643. on the command line.
  644. The \c{-pwfile} option takes a file name as an argument. The first
  645. line of text in that file will be used as your password.
  646. The \c{-pw} option takes the password itself as an argument. This is
  647. \s{NOT SECURE} if anybody else uses the same computer, because the
  648. whole command line (including the password) is likely to show up if
  649. another user lists the running processes. \c{-pw} is retained for
  650. backwards compatibility only; you should use \c{-pwfile} instead.
  651. Note that these options only work when you are using the SSH protocol.
  652. Due to fundamental limitations of Telnet, Rlogin, and SUPDUP, these
  653. protocols do not support automated password authentication.
  654. \S2{using-cmdline-agentauth} \i\c{-agent} and \i\c{-noagent}:
  655. control use of Pageant for authentication
  656. The \c{-agent} option turns on SSH authentication using Pageant, and
  657. \c{-noagent} turns it off. These options are only meaningful if you
  658. are using SSH.
  659. See \k{pageant} for general information on \i{Pageant}.
  660. These options are equivalent to the agent authentication checkbox in
  661. the Auth panel of the PuTTY configuration box (see
  662. \k{config-ssh-tryagent}).
  663. \S2{using-cmdline-agent} \I{-A-upper}\c{-A} and \i\c{-a}: control \i{agent
  664. forwarding}
  665. The \c{-A} option turns on SSH agent forwarding, and \c{-a} turns it
  666. off. These options are only meaningful if you are using SSH.
  667. See \k{pageant} for general information on \i{Pageant}, and
  668. \k{pageant-forward} for information on agent forwarding. Note that
  669. there is a security risk involved with enabling this option; see
  670. \k{pageant-security} for details.
  671. These options are equivalent to the agent forwarding checkbox in the
  672. Auth panel of the PuTTY configuration box (see \k{config-ssh-agentfwd}).
  673. These options are not available in the file transfer tools PSCP and
  674. PSFTP.
  675. \S2{using-cmdline-x11} \I{-X-upper}\c{-X} and \i\c{-x}: control \i{X11
  676. forwarding}
  677. The \c{-X} option turns on X11 forwarding in SSH, and \c{-x} turns
  678. it off. These options are only meaningful if you are using SSH.
  679. For information on X11 forwarding, see \k{using-x-forwarding}.
  680. These options are equivalent to the X11 forwarding checkbox in the
  681. X11 panel of the PuTTY configuration box (see \k{config-ssh-x11}).
  682. These options are not available in the file transfer tools PSCP and
  683. PSFTP.
  684. \S2{using-cmdline-pty} \i\c{-t} and \I{-T-upper}\c{-T}: control
  685. \i{pseudo-terminal allocation}
  686. The \c{-t} option ensures PuTTY attempts to allocate a
  687. pseudo-terminal at the server, and \c{-T} stops it from allocating
  688. one. These options are only meaningful if you are using SSH.
  689. These options are equivalent to the \q{Don't allocate a
  690. pseudo-terminal} checkbox in the SSH panel of the PuTTY
  691. configuration box (see \k{config-ssh-pty}).
  692. These options are not available in the file transfer tools PSCP and
  693. PSFTP.
  694. \S2{using-cmdline-noshell} \I{-N-upper}\c{-N}: suppress starting a
  695. \I{suppressing remote shell}shell or command
  696. The \c{-N} option prevents PuTTY from attempting to start a shell or
  697. command on the remote server. You might want to use this option if
  698. you are only using the SSH connection for port forwarding, and your
  699. user account on the server does not have the ability to run a shell.
  700. This feature is only available in SSH protocol version 2 (since the
  701. version 1 protocol assumes you will always want to run a shell).
  702. This option is equivalent to the \q{Don't start a shell or command
  703. at all} checkbox in the SSH panel of the PuTTY configuration box
  704. (see \k{config-ssh-noshell}).
  705. This option is not available in the file transfer tools PSCP and
  706. PSFTP.
  707. \S2{using-cmdline-ncmode} \I{-nc}\c{-nc}: make a \i{remote network
  708. connection} in place of a remote shell or command
  709. The \c{-nc} option prevents Plink (or PuTTY) from attempting to
  710. start a shell or command on the remote server. Instead, it will
  711. instruct the remote server to open a network connection to a host
  712. name and port number specified by you, and treat that network
  713. connection as if it were the main session.
  714. You specify a host and port as an argument to the \c{-nc} option,
  715. with a colon separating the host name from the port number, like
  716. this:
  717. \c plink host1.example.com -nc host2.example.com:1234
  718. This can be useful if you're trying to make a connection to a target
  719. host which you can only reach by SSH forwarding through a proxy host.
  720. One way to do this would be to have an existing SSH connection to the
  721. proxy host, with a port forwarding, but if you prefer to have the
  722. connection started on demand as needed, then this approach can also
  723. work.
  724. However, this does depend on the program \e{using} the proxy being
  725. able to run a subprocess in place of making a network connection.
  726. PuTTY itself can do this using the \q{Local} proxy type, but there's a
  727. built-in more flexible way using the \q{SSH} proxy type. (See
  728. \k{config-proxy-type} for a description of both.) So this feature is
  729. probably most useful with another client program as the end user.
  730. This feature is only available in SSH protocol version 2 (since the
  731. version 1 protocol assumes you will always want to run a shell). It
  732. is not available in the file transfer tools PSCP and PSFTP. It is
  733. available in PuTTY itself, although it is unlikely to be very useful
  734. in any tool other than Plink. Also, \c{-nc} uses the same server
  735. functionality as port forwarding, so it will not work if your server
  736. administrator has disabled port forwarding.
  737. (The option is named \c{-nc} after the Unix program
  738. \W{http://www.vulnwatch.org/netcat/}\c{nc}, short for \q{netcat}.
  739. The command \cq{plink host1 -nc host2:port} is very similar in
  740. functionality to \cq{plink host1 nc host2 port}, which invokes
  741. \c{nc} on the server and tells it to connect to the specified
  742. destination. However, Plink's built-in \c{-nc} option does not
  743. depend on the \c{nc} program being installed on the server.)
  744. \S2{using-cmdline-compress} \I{-C-upper}\c{-C}: enable \i{compression}
  745. The \c{-C} option enables compression of the data sent across the
  746. network. This option is only meaningful if you are using SSH.
  747. This option is equivalent to the \q{Enable compression} checkbox in
  748. the SSH panel of the PuTTY configuration box (see
  749. \k{config-ssh-comp}).
  750. \S2{using-cmdline-sshprot} \i\c{-1} and \i\c{-2}: specify an \i{SSH
  751. protocol version}
  752. The \c{-1} and \c{-2} options force PuTTY to use version \I{SSH-1}1
  753. or version \I{SSH-2}2 of the SSH protocol. These options are only
  754. meaningful if you are using SSH.
  755. These options are equivalent to selecting the SSH protocol version in
  756. the SSH panel of the PuTTY configuration box (see \k{config-ssh-prot}).
  757. \S2{using-cmdline-ipversion} \i\c{-4} and \i\c{-6}: specify an
  758. \i{Internet protocol version}
  759. The \c{-4} and \c{-6} options force PuTTY to use the older Internet
  760. protocol \i{IPv4} or the newer \i{IPv6} for most outgoing
  761. connections.
  762. These options are equivalent to selecting your preferred Internet
  763. protocol version as \q{IPv4} or \q{IPv6} in the Connection panel of
  764. the PuTTY configuration box (see \k{config-address-family}).
  765. \S2{using-cmdline-identity} \i\c{-i}: specify an SSH \i{private key}
  766. The \c{-i} option allows you to specify the name of a private key
  767. file in \c{*.\i{PPK}} format which PuTTY will use to authenticate with the
  768. server. This option is only meaningful if you are using SSH.
  769. If you are using Pageant, you can also specify a \e{public} key file
  770. (in RFC 4716 or OpenSSH format) to identify a specific key file to use.
  771. (This won't work if you're not running Pageant, of course.)
  772. For general information on \i{public-key authentication}, see
  773. \k{pubkey}.
  774. This option is equivalent to the \q{Private key file for
  775. authentication} box in the Auth panel of the PuTTY configuration box
  776. (see \k{config-ssh-privkey}).
  777. \S2{using-cmdline-cert} \i\c{-cert}: specify an SSH \i{certificate}
  778. The \c{-cert} option allows you to specify the name of a certificate
  779. file containing a signed version of your public key. If you specify
  780. this option, PuTTY will present that certificate in place of the plain
  781. public key, whenever it tries to authenticate with a key that matches.
  782. (This applies whether the key is stored in Pageant or loaded directly
  783. from a file by PuTTY.)
  784. This option is equivalent to the \q{Certificate to use with the
  785. private key} box in the Auth panel of the PuTTY configuration box (see
  786. \k{config-ssh-cert}).
  787. \S2{using-cmdline-no-trivial-auth} \i\c{-no-trivial-auth}: disconnect
  788. if SSH authentication succeeds trivially
  789. This option causes PuTTY to abandon an SSH session if the server
  790. accepts authentication without ever having asked for any kind of
  791. password or signature or token.
  792. See \k{config-ssh-notrivialauth} for why you might want this.
  793. \S2{using-cmdline-loghost} \i\c{-loghost}: specify a \i{logical host
  794. name}
  795. This option overrides PuTTY's normal SSH \I{host key cache}host key
  796. caching policy by telling it the name of the host you expect your
  797. connection to end up at (in cases where this differs from the location
  798. PuTTY thinks it's connecting to). It can be a plain host name, or a
  799. host name followed by a colon and a port number. See
  800. \k{config-loghost} for more detail on this.
  801. \S2{using-cmdline-hostkey} \i\c{-hostkey}: \I{manually configuring
  802. host keys}manually specify an expected host key
  803. This option overrides PuTTY's normal SSH \I{host key cache}host key
  804. caching policy by telling it exactly what host key to expect, which
  805. can be useful if the normal automatic host key store in the Registry
  806. is unavailable. The argument to this option should be either a host key
  807. fingerprint, or an SSH-2 public key blob. See
  808. \k{config-ssh-kex-manual-hostkeys} for more information.
  809. You can specify this option more than once if you want to configure
  810. more than one key to be accepted.
  811. \S2{using-cmdline-pgpfp} \i\c{-pgpfp}: display \i{PGP key fingerprint}s
  812. This option causes the PuTTY tools not to run as normal, but instead
  813. to display the fingerprints of the PuTTY PGP Master Keys, in order to
  814. aid with \i{verifying new versions}. See \k{pgpkeys} for more information.
  815. \S2{using-cmdline-sercfg} \i\c{-sercfg}: specify serial port
  816. \i{configuration}
  817. This option specifies the configuration parameters for the serial
  818. port (baud rate, stop bits etc). Its argument is interpreted as a
  819. comma-separated list of configuration options, which can be as
  820. follows:
  821. \b Any single digit from 5 to 9 sets the number of data bits.
  822. \b \cq{1}, \cq{1.5} or \cq{2} sets the number of stop bits.
  823. \b Any other numeric string is interpreted as a baud rate.
  824. \b A single lower-case letter specifies the parity: \cq{n} for none,
  825. \cq{o} for odd, \cq{e} for even, \cq{m} for mark and \cq{s} for space.
  826. \b A single upper-case letter specifies the flow control: \cq{N} for
  827. none, \cq{X} for XON/XOFF, \cq{R} for RTS/CTS and \cq{D} for
  828. DSR/DTR.
  829. For example, \cq{-sercfg 19200,8,n,1,N} denotes a baud rate of
  830. 19200, 8 data bits, no parity, 1 stop bit and no flow control.
  831. \S2{using-cmdline-sshlog} \i\c{-sessionlog}, \i\c{-sshlog},
  832. \i\c{-sshrawlog}: enable session logging
  833. These options cause the PuTTY network tools to write out a \i{log
  834. file}. Each of them expects a file name as an argument, e.g.
  835. \cq{-sshlog putty.log} causes an SSH packet log to be written to a
  836. file called \cq{putty.log}. The three different options select
  837. different logging modes, all available from the GUI too:
  838. \b \c{-sessionlog} selects \q{All session output} logging mode.
  839. \b \c{-sshlog} selects \q{SSH packets} logging mode.
  840. \b \c{-sshrawlog} selects \q{SSH packets and raw data} logging mode.
  841. For more information on logging configuration, see \k{config-logging}.
  842. \S2{using-cmdline-logfileexists} \i\c{-logoverwrite}, \i\c{-logappend}:
  843. control behaviour with existing log file
  844. If logging has been enabled (in the saved configuration, or by another
  845. command-line option), and the specified log file already exists, these
  846. options tell the PuTTY network tools what to do so that they don't
  847. have to ask the user. See \k{config-logfileexists} for details.
  848. \S2{using-cmdline-proxycmd} \i\c{-proxycmd}: specify a local proxy
  849. command
  850. This option enables PuTTY's mode for running a \I{Local proxy}command
  851. on the local machine and using it as a proxy for the network
  852. connection. It expects a shell command string as an argument.
  853. See \k{config-proxy-type} for more information on this, and on other
  854. proxy settings. In particular, note that since the special sequences
  855. described there are understood in the argument string, literal
  856. backslashes must be doubled (if you want \c{\\} in your command, you
  857. must put \c{\\\\} on the command line).
  858. \S2{using-cmdline-restrict-acl} \i\c{-restrict-acl}: restrict the
  859. \i{Windows process ACL}
  860. This option (on Windows only) causes PuTTY (or another PuTTY tool) to
  861. try to lock down the operating system's access control on its own
  862. process. If this succeeds, it should present an extra obstacle to
  863. malware that has managed to run under the same user id as the PuTTY
  864. process, by preventing it from attaching to PuTTY using the same
  865. interfaces debuggers use and either reading sensitive information out
  866. of its memory or hijacking its network session.
  867. This option is not enabled by default, because this form of
  868. interaction between Windows programs has many legitimate uses,
  869. including accessibility software such as screen readers. Also, it
  870. cannot provide full security against this class of attack in any case,
  871. because PuTTY can only lock down its own ACL \e{after} it has started
  872. up, and malware could still get in if it attacks the process between
  873. startup and lockdown. So it trades away noticeable convenience, and
  874. delivers less real security than you might want. However, if you do
  875. want to make that tradeoff anyway, the option is available.
  876. A PuTTY process started with \c{-restrict-acl} will pass that on to
  877. any processes started with Duplicate Session, New Session etc.
  878. (However, if you're invoking PuTTY tools explicitly, for instance as a
  879. proxy command, you'll need to arrange to pass them the
  880. \c{-restrict-acl} option yourself, if that's what you want.)
  881. If Pageant is started with the \c{-restrict-acl} option, and you use
  882. it to launch a PuTTY session from its \ii{System Tray} submenu, then
  883. Pageant will \e{not} default to starting the PuTTY subprocess with a
  884. restricted ACL. This is because PuTTY is more likely to suffer reduced
  885. functionality as a result of restricted ACLs (e.g. screen reader
  886. software will have a greater need to interact with it), whereas
  887. Pageant stores the more critical information (hence benefits more from
  888. the extra protection), so it's reasonable to want to run Pageant but
  889. not PuTTY with the ACL restrictions. You can force Pageant to start
  890. subsidiary PuTTY processes with a restricted ACL if you also pass the
  891. \i\c{-restrict-putty-acl} option.
  892. \S2{using-cmdline-host-ca} \i{\c{-host-ca}}: launch the
  893. \I{certificate}host CA configuration
  894. If you start PuTTY with the \c{-host-ca} option, it will not launch a
  895. session at all. Instead, it will just display the configuration dialog
  896. box for host certification authorities, as described in
  897. \k{config-ssh-kex-cert}. When you dismiss that dialog box, PuTTY will
  898. terminate.
  899. \S2{using-cmdline-legacy-stdio-prompts} \i{\c{-legacy-stdio-prompts}}:
  900. handle Windows console prompts like older versions of PuTTY
  901. This option applies to all of PSCP, PSFTP and Plink on Windows: all
  902. the tools in the PuTTY suite that run in a Windows console and make
  903. SSH connections.
  904. These tools use the Windows console to prompt for various information:
  905. usernames, passwords, answers to questions about host keys, and so on.
  906. In current versions of PuTTY, these prompts work by direct access to
  907. the Windows console. This means that even if you redirect the standard
  908. input or output of the tool, prompts will \e{still} be sent to the
  909. console (and not where you've redirected your output), and the user's
  910. responses will be read from the console (and not from where you've
  911. redirected your input).
  912. Another advantage of reading directly from the Windows console is that
  913. the tools can read input as \i{Unicode}. So this also allows you to
  914. enter usernames and passwords that contain characters not in the
  915. Windows system's default character set.
  916. In versions of the PuTTY tools up to and including 0.81, the prompts
  917. used the tool's ordinary I/O handles, so prompt output and user
  918. responses could be redirected.
  919. We think the new behaviour is more likely to be useful. For example,
  920. if you have a local command that generates output, and you want to
  921. pipe that output into a command running remotely via Plink, you can
  922. run a command line such as
  923. \c local_command | plink hostname remote_command
  924. and the data piped into the remote command will be the same whether or
  925. not Plink has to stop to ask for a password. With the old behaviour
  926. you would have had to include the password in Plink's input, which is
  927. more awkward.
  928. However, we recognise that people may have customised complicated
  929. workflows around the old behaviour. So if you need to switch back to
  930. it, you can do so by specifying \c{-legacy-stdio-prompts} on the
  931. command-line.
  932. To fully revert to the previous behaviour, you'd also need to specify
  933. \c{-legacy-charset-handling} (see the next section). (Even without
  934. that option, prompt handling with \c{-legacy-stdio-prompts} may not be
  935. fully Unicode-clean.)
  936. \S2{using-cmdline-legacy-charset-handling} \i{\c{-legacy-charset-handling}}:
  937. handle character set in prompts like older versions of PuTTY
  938. This option applies to PuTTY (on all platforms), and also to all of
  939. PSCP, PSFTP and Plink on Windows.
  940. In current versions of PuTTY, when you are prompted in the terminal
  941. window for things like SSH usernames and passwords, the responses you
  942. type are interpreted as \i{Unicode}, and transmitted to the server as
  943. such, even if the terminal is otherwise configured to use a different
  944. character encoding (see \k{config-charset}). Similarly, the same
  945. prompts from the Windows console tools will unconditionally interpret
  946. their input as Unicode.
  947. This behaviour is in line with the SSH standards; it allows things
  948. like usernames to use the full character set of the user's native
  949. language, and ensures that different keystrokes you type for your
  950. password are actually treated distinctly.
  951. However, if you are used to the behaviour of the PuTTY tools up to
  952. version 0.81, this could cause a previously working username and/or
  953. password not to work as you expected. For instance, if you had set a
  954. password including some \i{accented characters}, this change in
  955. behaviour could cause the same keystrokes you've always entered to
  956. start sending a different sequence of bytes to the server, denying you
  957. access (and you wouldn't even be able to see the difference, since the
  958. password is not shown when you type it).
  959. \c{-legacy-charset-handling} reverts the PuTTY tools' behaviour to how
  960. it was previously: what you type at these prompts will be interpreted
  961. according to the \q{Remote character set} (for PuTTY) or Windows'
  962. default character set (for the Windows console tools).
  963. (For example, this could allow you to log in to change your password
  964. to make using this option unnecessary in future. But if you're doing
  965. that, make sure the terminal is configured as UTF-8!)