123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272 |
- \C{using} Using PuTTY
- This chapter provides a general introduction to some more advanced
- features of PuTTY. For extreme detail and reference purposes,
- \k{config} is likely to contain more information.
- \H{using-session} During your session
- A lot of PuTTY's complexity and features are in the configuration
- panel. Once you have worked your way through that and started
- a session, things should be reasonably simple after that.
- Nevertheless, there are a few more useful features available.
- \S{using-selection} Copying and pasting text
- \I{copy and paste}Often in a PuTTY session you will find text on
- your terminal screen which you want to type in again. Like most
- other terminal emulators, PuTTY allows you to copy and paste the
- text rather than having to type it again. Also, copy and paste uses
- the \I{Windows clipboard}Windows \i{clipboard}, so that you can
- paste (for example) URLs into a web browser, or paste from a word
- processor or spreadsheet into your terminal session.
- By default, PuTTY's copy and paste works entirely with the \i{mouse}.
- (This will be familiar to people who have used \i\c{xterm} on Unix.)
- In order to copy text to the clipboard, you just click the \i{left
- mouse button} in the \i{terminal window}, and drag to
- \I{selecting text}select text. When you let go of the button, the text
- is \e{automatically} copied to the clipboard. You do not need to press
- \i{Ctrl-C} or \i{Ctrl-Ins}; in fact, if you do press Ctrl-C, PuTTY will
- send a Ctrl-C character down your session to the server where it will
- probably cause a process to be interrupted.
- Pasting into PuTTY is done using the right button (or the middle mouse
- button, if you have a \i{three-button mouse} and have set it up; see
- \k{config-mouse}). (Pressing \i{Shift-Ins}, or selecting \q{Paste}
- from the \I{right mouse button, with Ctrl}Ctrl+right-click
- \i{context menu}, have the same effect.) When
- you click the \i{right mouse button}, PuTTY will read whatever is in
- the Windows clipboard and paste it into your session. By default, this
- behaves \e{exactly} as if the clipboard contents had been typed at the
- keyboard; therefore, be careful of pasting formatted text into an
- editor that does automatic \i{indenting}, as you may find that the spaces
- pasted from the clipboard plus the spaces added by the editor add up
- to too many spaces and ruin the formatting. (Some remote applications
- can ask PuTTY to identify text that is being pasted, to avoid this
- sort of problem; but if your application does not, there is nothing
- PuTTY can do to avoid this.)
- If you \i{double-click} the left mouse button, PuTTY will
- \I{selecting words}select a whole word. If you double-click, hold
- down the second click, and drag the mouse, PuTTY will select a
- sequence of whole words. (You can adjust precisely what PuTTY
- considers to be part of a word; see \k{config-charclasses}.)
- If you \e{triple}-click, or \i{triple-click} and drag, then
- PuTTY will \I{selecting lines}select a whole line or sequence of lines.
- If you want to select a \I{rectangular selection}rectangular region
- instead of selecting to the end of each line, you can do this by
- holding down Alt when you make your selection. You can also
- configure rectangular selection to be the default, and then holding
- down Alt gives the normal behaviour instead: see
- \k{config-rectselect} for details.
- (In some Unix environments, Alt+drag is intercepted by the window
- manager. Shift+Alt+drag should work for rectangular selection as
- well, so you could try that instead.)
- If you have a \i{middle mouse button}, then you can use it to
- \I{adjusting a selection}adjust an existing selection if you
- selected something slightly wrong. (If you have configured the
- middle mouse button to paste, then the right mouse button does this
- instead.) Click the button on the screen, and you can pick up the
- nearest end of the selection and drag it to somewhere else.
- If you are running PuTTY itself on Unix (not just using it to connect
- to a Unix system from Windows), by default you will likely have to use
- similar mouse actions in other applications to paste the text you
- copied from PuTTY, and to copy text for pasting into PuTTY; actions
- like \i{Ctrl-C} and Ctrl-V will likely not behave as you expect.
- \K{config-clipboards} explains why this is, and how you can change the
- behaviour. (On Windows there is only a single selection shared with other
- applications, so this confusion does not arise.)
- It's possible for the server to ask to \I{mouse reporting}handle mouse
- clicks in the PuTTY window itself. If this happens, the \i{mouse pointer}
- will turn into an arrow, and using the mouse to copy and paste will only
- work if you hold down Shift. See \k{config-features-mouse} and
- \k{config-mouseshift} for details of this feature and how to configure
- it.
- You can customise much of this behaviour, for instance to enable copy
- and paste from the keyboard; see \k{config-selection}.
- \S{using-scrollback} \I{scrollback}Scrolling the screen back
- PuTTY keeps track of text that has scrolled up off the top of the
- terminal. So if something appears on the screen that you want to
- read, but it scrolls too fast and it's gone by the time you try to
- look for it, you can use the \i{scrollbar} on the right side of the
- window to look back up the session \i{history} and find it again.
- As well as using the scrollbar, you can also page the scrollback up
- and down by pressing \i{Shift-PgUp} and \i{Shift-PgDn}. You can
- scroll a line at a time using \i{Ctrl-PgUp} and \i{Ctrl-PgDn}, or
- to the top/bottom of the scrollback with \i{Ctrl-Shift-PgUp} and
- \i{Ctrl-Shift-PgDn}. These are still available if you configure the
- scrollbar to be invisible.
- By default the last 2000 lines scrolled off the top are
- preserved for you to look at. You can increase (or decrease) this
- value using the configuration box; see \k{config-scrollback}.
- \S{using-sysmenu} The \ii{System menu}
- If you click the left mouse button on the icon in the top left
- corner of PuTTY's terminal window, or click the right mouse button
- on the title bar, you will see the standard Windows system menu
- containing items like Minimise, Move, Size and Close.
- PuTTY's system menu contains extra program features in addition to
- the Windows standard options. These extra menu commands are
- described below.
- (These options are also available in a \i{context menu} brought up
- by holding Ctrl and clicking with the right mouse button anywhere
- in the \i{PuTTY window}.)
- \S2{using-eventlog} The PuTTY \i{Event Log}
- If you choose \q{Event Log} from the system menu, a small window
- will pop up in which PuTTY logs significant events during the
- connection. Most of the events in the log will probably take place
- during session startup, but a few can occur at any point in the
- session, and one or two occur right at the end.
- You can use the mouse to select one or more lines of the Event Log,
- and hit the Copy button to copy them to the \i{clipboard}. If you
- are reporting a bug, it's often useful to paste the contents of the
- Event Log into your bug report.
- (The Event Log is not the same as the facility to create a log file
- of your session; that's described in \k{using-logging}.)
- \S2{using-specials} \ii{Special commands}
- Depending on the protocol used for the current session, there may be
- a submenu of \q{special commands}. These are protocol-specific
- tokens, such as a \q{break} signal, that can be sent down a
- connection in addition to normal data. Their precise effect is usually
- up to the server. Currently only Telnet, SSH, and serial connections
- have special commands.
- The \q{break} signal can also be invoked from the keyboard with
- \i{Ctrl-Break}.
- In an SSH connection, the following \I{SSH special commands}special
- commands are available:
- \b \I{IGNORE message, SSH special command}\I{No-op, in SSH}\ii{IGNORE message}
- \lcont{
- Should have no effect.
- }
- \b \I{Repeat key exchange, SSH special command}Repeat key exchange
- \lcont{
- Only available in SSH-2. Forces a \i{repeat key exchange} immediately (and
- resets associated timers and counters). For more information about
- repeat key exchanges, see \k{config-ssh-kex-rekey}.
- }
- \b \I{host key cache}Cache new host key type
- \lcont{
- Only available in SSH-2. This submenu appears only if the server has
- host keys of a type that PuTTY doesn't already have cached, and so
- won't consider. Selecting a key here will allow PuTTY to use that key
- now and in future: PuTTY will do a fresh key-exchange with the selected
- key, and immediately add that key to its permanent cache (relying on
- the host key used at the start of the connection to cross-certify the
- new key). That key will be used for the rest of the current session;
- it may not actually be used for future sessions, depending on your
- preferences (see \k{config-ssh-hostkey-order}).
- Normally, PuTTY will carry on using a host key it already knows, even
- if the server offers key formats that PuTTY would otherwise prefer,
- to avoid host key prompts. As a result, if you've been using a server
- for some years, you may still be using an older key than a new user
- would use, due to server upgrades in the meantime. The SSH protocol
- unfortunately does not have organised facilities for host key migration
- and rollover, but this allows you to \I{host keys, upgrading}manually
- upgrade.
- }
- \b \I{Break, SSH special command}Break
- \lcont{
- Only available in SSH-2, and only during a session. Optional
- extension; may not be supported by server. PuTTY requests the server's
- default break length.
- }
- \b \I{Signal, SSH special command}Signals (SIGINT, SIGTERM etc)
- \lcont{
- Only available in SSH-2, and only during a session. Sends various
- POSIX signals. Not honoured by all servers.
- }
- The following \I{Telnet special commands}special commands are
- available in Telnet:
- \b \I{Are You There, Telnet special command}Are You There
- \b \I{Break, Telnet special command}Break
- \b \I{Synch, Telnet special command}Synch
- \b \I{Erase Character, Telnet special command}Erase Character
- \lcont{
- PuTTY can also be configured to send this when the Backspace key is
- pressed; see \k{config-telnetkey}.
- }
- \b \I{Erase Line, Telnet special command}Erase Line
- \b \I{Go Ahead, Telnet special command}Go Ahead
- \b \I{No Operation, Telnet special command}No Operation
- \lcont{
- Should have no effect.
- }
- \b \I{Abort Process, Telnet special command}Abort Process
- \b \I{Abort Output, Telnet special command}Abort Output
- \b \I{Interrupt Process, Telnet special command}Interrupt Process
- \lcont{
- PuTTY can also be configured to send this when Ctrl-C is typed; see
- \k{config-telnetkey}.
- }
- \b \I{Suspend Process, Telnet special command}Suspend Process
- \lcont{
- PuTTY can also be configured to send this when Ctrl-Z is typed; see
- \k{config-telnetkey}.
- }
- \b \I{End Of Record, Telnet special command}End Of Record
- \b \I{End Of File, Telnet special command}End Of File
- With a serial connection, the only available special command is
- \I{Break, serial special command}\q{Break}.
- \S2{using-newsession} Starting new sessions
- PuTTY's system menu provides some shortcut ways to start new
- sessions:
- \b Selecting \i{\q{New Session}} will start a completely new
- instance of PuTTY, and bring up the configuration box as normal.
- \b Selecting \i{\q{Duplicate Session}} will start a session in a
- new window with precisely the same options as your current one -
- connecting to the same host using the same protocol, with all the
- same terminal settings and everything.
- \b In an inactive window, selecting \i{\q{Restart Session}} will
- do the same as \q{Duplicate Session}, but in the current window.
- \b The \i{\q{Saved Sessions} submenu} gives you quick access to any
- sets of stored session details you have previously saved. See
- \k{config-saving} for details of how to create saved sessions.
- \S2{using-changesettings} \I{settings, changing}Changing your
- session settings
- If you select \i{\q{Change Settings}} from the system menu, PuTTY will
- display a cut-down version of its initial configuration box. This
- allows you to adjust most properties of your current session. You
- can change the terminal size, the font, the actions of various
- keypresses, the colours, and so on.
- Some of the options that are available in the main configuration box
- are not shown in the cut-down Change Settings box. These are usually
- options which don't make sense to change in the middle of a session
- (for example, you can't switch from SSH to Telnet in mid-session).
- You can save the current settings to a saved session for future use
- from this dialog box. See \k{config-saving} for more on saved
- sessions.
- \S2{using-copyall} \i{Copy All to Clipboard}
- This system menu option provides a convenient way to copy the whole
- contents of the terminal screen (up to the last nonempty line) and
- scrollback to the \i{clipboard} in one go.
- \S2{reset-terminal} \I{scrollback, clearing}Clearing and
- \I{terminal, resetting}resetting the terminal
- The \i{\q{Clear Scrollback}} option on the system menu tells PuTTY
- to discard all the lines of text that have been kept after they
- scrolled off the top of the screen. This might be useful, for
- example, if you displayed sensitive information and wanted to make
- sure nobody could look over your shoulder and see it. (Note that
- this only prevents a casual user from using the scrollbar to view
- the information; the text is not guaranteed not to still be in
- PuTTY's memory.)
- The \i{\q{Reset Terminal}} option causes a full reset of the
- \i{terminal emulation}. A VT-series terminal is a complex piece of
- software and can easily get into a state where all the text printed
- becomes unreadable. (This can happen, for example, if you
- accidentally output a binary file to your terminal.) If this
- happens, selecting Reset Terminal should sort it out.
- \S2{using-fullscreen} \ii{Full screen} mode
- If you find the title bar on a maximised window to be ugly or
- distracting, you can select Full Screen mode to maximise PuTTY
- \q{even more}. When you select this, PuTTY will expand to fill the
- whole screen and its borders, title bar and scrollbar will
- disappear. (You can configure the scrollbar not to disappear in
- full-screen mode if you want to keep it; see \k{config-scrollback}.)
- When you are in full-screen mode, you can still access the \i{system
- menu} if you click the left mouse button in the \e{extreme} top left
- corner of the screen.
- \H{using-logging} Creating a \i{log file} of your \I{session
- log}session
- For some purposes you may find you want to log everything that
- appears on your screen. You can do this using the \q{Logging}
- panel in the configuration box.
- To begin a session log, select \q{Change Settings} from the system
- menu and go to the Logging panel. Enter a log file name, and select
- a logging mode. (You can log all session output including the
- terminal \i{control sequence}s, or you can just log the printable text.
- It depends what you want the log for.) Click \q{Apply} and your log
- will be started. Later on, you can go back to the Logging panel and
- select \q{Logging turned off completely} to stop logging; then PuTTY
- will close the log file and you can safely read it.
- See \k{config-logging} for more details and options.
- \H{using-translation} Altering your \i{character set} configuration
- If you find that special characters (\i{accented characters}, for
- example, or \i{line-drawing characters}) are not being displayed
- correctly in your PuTTY session, it may be that PuTTY is interpreting
- the characters sent by the server according to the wrong \e{character
- set}. There are a lot of different character sets available, and no
- good way for PuTTY to know which to use, so it's entirely possible
- for this to happen.
- If you click \q{Change Settings} and look at the \q{Translation}
- panel, you should see a large number of character sets which you can
- select, and other related options. Now all you need is to find out
- which of them you want! (See \k{config-translation} for more
- information.)
- \H{using-x-forwarding} Using \i{X11 forwarding} in SSH
- The SSH protocol has the ability to securely forward X Window System
- \i{graphical applications} over your encrypted SSH connection, so that
- you can run an application on the SSH server machine and have it put
- its windows up on your local machine without sending any X network
- traffic in the clear.
- In order to use this feature, you will need an X display server for
- your Windows machine, such as Cygwin/X, X-Win32, or Exceed. This will probably
- install itself as display number 0 on your local machine; if it
- doesn't, the manual for the \i{X server} should tell you what it
- does do.
- You should then tick the \q{Enable X11 forwarding} box in the
- X11 panel (see \k{config-ssh-x11}) before starting your SSH
- session. The \i{\q{X display location}} box is blank by default, which
- means that PuTTY will try to use a sensible default such as \c{:0},
- which is the usual display location where your X server will be
- installed. If that needs changing, then change it.
- Now you should be able to log in to the SSH server as normal. To
- check that X forwarding has been successfully negotiated during
- connection startup, you can check the PuTTY Event Log (see
- \k{using-eventlog}). It should say something like this:
- \c 2001-12-05 17:22:01 Requesting X11 forwarding
- \c 2001-12-05 17:22:02 X11 forwarding enabled
- If the remote system is Unix or Unix-like, you should also be able
- to see that the \i{\c{DISPLAY} environment variable} has been set to
- point at display 10 or above on the SSH server machine itself:
- \c fred@unixbox:~$ echo $DISPLAY
- \c unixbox:10.0
- If this works, you should then be able to run X applications in the
- remote session and have them display their windows on your PC.
- For more options relating to X11 forwarding, see \k{config-ssh-x11}.
- \H{using-port-forwarding} Using \i{port forwarding} in SSH
- The SSH protocol has the ability to forward arbitrary \I{network
- connection}network (TCP) connections over your encrypted SSH
- connection, to avoid the network traffic being sent in clear. For
- example, you could use this to connect from your home computer to a
- \i{POP-3} server on a remote machine without your POP-3 password being
- visible to network sniffers.
- In order to use port forwarding to \I{local port forwarding}connect
- from your local machine to a port on a remote server, you need to:
- \b Choose a \i{port number} on your local machine where PuTTY should
- listen for incoming connections. There are likely to be plenty of
- unused port numbers above 3000. (You can also use a local loopback
- address here; see below for more details.)
- \b Now, before you start your SSH connection, go to the Tunnels
- panel (see \k{config-ssh-portfwd}). Make sure the \q{Local} radio
- button is set. Enter the local port number into the \q{Source port}
- box. Enter the destination host name and port number into the
- \q{Destination} box, separated by a colon (for example,
- \c{popserver.example.com:110} to connect to a POP-3 server).
- \b Now click the \q{Add} button. The details of your port forwarding
- should appear in the list box.
- Now start your session and log in. (Port forwarding will not be
- enabled until after you have logged in; otherwise it would be easy
- to perform completely anonymous network attacks, and gain access to
- anyone's virtual private network.) To check that PuTTY has set up
- the port forwarding correctly, you can look at the PuTTY Event Log
- (see \k{using-eventlog}). It should say something like this:
- \c 2001-12-05 17:22:10 Local port 3110 forwarding to
- \c popserver.example.com:110
- Now if you connect to the source port number on your local PC, you
- should find that it answers you exactly as if it were the service
- running on the destination machine. So in this example, you could
- then configure an e-mail client to use \c{localhost:3110} as a POP-3
- server instead of \c{popserver.example.com:110}. (Of course, the
- forwarding will stop happening when your PuTTY session closes down.)
- You can also forward ports in the other direction: arrange for a
- particular port number on the \e{server} machine to be \I{remote
- port forwarding}forwarded back to your PC as a connection to a
- service on your PC or near it.
- To do this, just select the \q{Remote} radio button instead of the
- \q{Local} one. The \q{Source port} box will now specify a port
- number on the \e{server} (note that most servers will not allow you
- to use \I{privileged port}port numbers under 1024 for this purpose).
- An alternative way to forward local connections to remote hosts is
- to use \I{dynamic port forwarding}dynamic SOCKS proxying. In this
- mode, PuTTY acts as a SOCKS server, which SOCKS-aware programs can
- connect to and open forwarded connections to the destination of their
- choice, so this can be an alternative to long lists of static
- forwardings. To use this mode, you will need to select the \q{Dynamic}
- radio button instead of \q{Local}, and then you should not enter
- anything into the \q{Destination} box (it will be ignored). PuTTY will
- then listen for SOCKS connections on the port you have specified.
- Most \i{web browsers} can be configured to connect to this SOCKS proxy
- service; also, you can forward other PuTTY connections through it by
- setting up the Proxy control panel (see \k{config-proxy} for details).
- The source port for a forwarded connection usually does not accept
- connections from any machine except the \I{localhost}SSH client or
- server machine itself (for local and remote forwardings respectively).
- There are controls in the Tunnels panel to change this:
- \b The \q{Local ports accept connections from other hosts} option
- allows you to set up local-to-remote port forwardings (including
- dynamic port forwardings) in such a way that machines other than
- your client PC can connect to the forwarded port.
- \b The \q{Remote ports do the same} option does the same thing for
- remote-to-local port forwardings (so that machines other than the
- SSH server machine can connect to the forwarded port.) Note that
- this feature is only available in the SSH-2 protocol, and not all
- SSH-2 servers honour it (in \i{OpenSSH}, for example, it's usually
- disabled by default).
- You can also specify an \i{IP address} to \I{listen address}listen
- on. Typically a Windows machine can be asked to listen on any single
- IP address in the \cw{127.*.*.*} range, and all of these are
- \i{loopback address}es available only to the local machine. So if
- you forward (for example) \c{127.0.0.5:79} to a remote machine's
- \i\cw{finger} port, then you should be able to run commands such as
- \c{finger fred@127.0.0.5}.
- This can be useful if the program connecting to the forwarded port
- doesn't allow you to change the port number it uses. This feature is
- available for local-to-remote forwarded ports; SSH-1 is unable to
- support it for remote-to-local ports, while SSH-2 can support it in
- theory but servers will not necessarily cooperate.
- (Note that if you're using Windows XP Service Pack 2, you may need
- to obtain a fix from Microsoft in order to use addresses like
- \cw{127.0.0.5} - see \k{faq-alternate-localhost}.)
- For more options relating to port forwarding, see
- \k{config-ssh-portfwd}.
- If the connection you are forwarding over SSH is itself a second SSH
- connection made by another copy of PuTTY, you might find the
- \q{logical host name} configuration option useful to warn PuTTY of
- which host key it should be expecting. See \k{config-loghost} for
- details of this.
- \H{using-serial} Connecting to a local serial line
- PuTTY can connect directly to a local serial line as an alternative
- to making a network connection. In this mode, text typed into the
- PuTTY window will be sent straight out of your computer's serial
- port, and data received through that port will be displayed in the
- PuTTY window. You might use this mode, for example, if your serial
- port is connected to another computer which has a serial connection.
- To make a connection of this type, simply select \q{Serial} from the
- \q{Connection type} radio buttons on the \q{Session} configuration
- panel (see \k{config-hostname}). The \q{Host Name} and \q{Port}
- boxes will transform into \q{Serial line} and \q{Speed}, allowing
- you to specify which serial line to use (if your computer has more
- than one) and what speed (baud rate) to use when transferring data.
- For further configuration options (data bits, stop bits, parity,
- flow control), you can use the \q{Serial} configuration panel (see
- \k{config-serial}).
- After you start up PuTTY in serial mode, you might find that you
- have to make the first move, by sending some data out of the serial
- line in order to notify the device at the other end that someone is
- there for it to talk to. This probably depends on the device. If you
- start up a PuTTY serial session and nothing appears in the window,
- try pressing Return a few times and see if that helps.
- A serial line provides no well defined means for one end of the
- connection to notify the other that the connection is finished.
- Therefore, PuTTY in serial mode will remain connected until you
- close the window using the close button.
- \H{using-rawprot} Making \i{raw TCP connections}
- A lot of \I{debugging Internet protocols}Internet protocols are
- composed of commands and responses in plain text. For example,
- \i{SMTP} (the protocol used to transfer e-mail), \i{NNTP} (the
- protocol used to transfer Usenet news), and \i{HTTP} (the protocol
- used to serve Web pages) all consist of commands in readable plain
- text.
- Sometimes it can be useful to connect directly to one of these
- services and speak the protocol \q{by hand}, by typing protocol
- commands and watching the responses. On Unix machines, you can do
- this using the system's \c{telnet} command to connect to the right
- port number. For example, \c{telnet mailserver.example.com 25} might
- enable you to talk directly to the SMTP service running on a mail
- server.
- Although the Unix \c{telnet} program provides this functionality,
- the protocol being used is not really Telnet. Really there is no
- actual protocol at all; the bytes sent down the connection are
- exactly the ones you type, and the bytes shown on the screen are
- exactly the ones sent by the server. Unix \c{telnet} will attempt to
- detect or guess whether the service it is talking to is a real
- Telnet service or not; PuTTY prefers to be told for certain.
- In order to make a debugging connection to a service of this type,
- you simply select the fourth protocol name, \I{\q{Raw}
- protocol}\q{Raw}, from the \q{Protocol} buttons in the \q{Session}
- configuration panel. (See \k{config-hostname}.) You can then enter a
- host name and a port number, and make the connection.
- \H{using-telnet} Connecting using the \i{Telnet} protocol
- PuTTY can use the Telnet protocol to connect to a server.
- Telnet was perhaps the most popular remote login protocol before SSH
- was introduced. It was general enough to be used by multiple server
- operating systems (Unix and VMS in particular), and supported many
- optional protocol extensions providing extra support for particular
- server features.
- Unlike SSH, Telnet runs over an unsecured network connection, so it is
- a very bad idea to use it over the hostile Internet (though it is
- still used to some extent as of 2020).
- \H{using-rlogin} Connecting using the \i{Rlogin} protocol
- PuTTY can use the Rlogin protocol to connect to a server.
- Rlogin was similar to Telnet in concept, but more focused on
- connections between Unix machines. It supported a feature for
- passwordless login, based on use of \q{privileged ports} (ports with
- numbers below 1024, which Unix traditionally does not allow users
- other than \cw{root} to allocate). Ultimately, based on the server
- trusting that the client's IP address was owned by the Unix machine it
- claimed to be, and that that machine would guard its privileged ports
- appropriately.
- Like Telnet, Rlogin runs over an unsecured network connection.
- \H{using-supdup} Connecting using the \i{SUPDUP} protocol
- PuTTY can use the SUPDUP protocol to connect to a server.
- SUPDUP is a login protocol used mainly by PDP-10 and Lisp machines
- during the period 1975-1990. Like Telnet and Rlogin, it is unsecured,
- so modern systems almost never support it.
- To make a connection of this type, select \q{SUPDUP} from the
- \q{Connection type} radio buttons on the \q{Session} panel (see
- \k{config-hostname}). For further configuration options (character
- set, more processing, scrolling), you can use the \q{SUPDUP}
- configuration panel (see \k{config-supdup}).
- In SUPDUP, terminal emulation is more integrated with the network
- protocol than in other protocols such as SSH. The SUPDUP protocol can
- thus only be used with PuTTY proper, not with the command-line tool
- Plink.
- The SUPDUP protocol does not support changing the terminal dimensions,
- so this capability is disabled during a SUPDUP session.
- SUPDUP provides no well defined means for one end of the connection to
- notify the other that the connection is finished. Therefore, PuTTY in
- SUPDUP mode will remain connected until you close the window using the
- close button.
- \H{using-cmdline} The PuTTY command line
- PuTTY can be made to do various things without user intervention by
- supplying \i{command-line arguments} (e.g., from a \i{command prompt
- window}, or a \i{Windows shortcut}).
- \S{using-cmdline-session} Starting a session from the command line
- \I\c{-ssh}\I\c{-ssh-connection}\I\c{-telnet}\I\c{-rlogin}\I\c{-supdup}\I\c{-raw}\I\c{-serial}These
- options allow you to bypass the configuration window and launch
- straight into a session.
- To start a connection to a server called \c{host}:
- \c putty.exe [-ssh | -ssh-connection | -telnet | -rlogin | -supdup | -raw] [user@]host
- If this syntax is used, settings are taken from the \i{Default Settings}
- (see \k{config-saving}); \c{user} overrides these settings if
- supplied. Also, you can specify a protocol, which will override the
- default protocol (see \k{using-cmdline-protocol}).
- For telnet sessions, the following alternative syntax is supported
- (this makes PuTTY suitable for use as a URL handler for \i{telnet
- URLs} in \i{web browsers}):
- \c putty.exe telnet://host[:port]/
- To start a connection to a serial port, e.g. COM1:
- \c putty.exe -serial com1
- In order to start an existing saved session called \c{sessionname},
- use the \c{-load} option (described in \k{using-cmdline-load}).
- \c putty.exe -load "session name"
- \S{using-cleanup} \i\c{-cleanup}
- If invoked with the \c{-cleanup} option, rather than running as
- normal, PuTTY will remove its \I{removing registry entries}registry
- entries and \i{random seed file} from the local machine (after
- confirming with the user). It will also attempt to remove information
- about recently launched sessions stored in the \q{jump list} on
- Windows 7 and up.
- Note that on \i{multi-user systems}, \c{-cleanup} only removes
- registry entries and files associated with the currently logged-in
- user.
- \S{using-general-opts} Standard command-line options
- PuTTY and its associated tools support a range of command-line
- options, most of which are consistent across all the tools. This
- section lists the available options in all tools. Options which are
- specific to a particular tool are covered in the chapter about that
- tool.
- \S2{using-cmdline-load} \i\c{-load}: load a saved session
- \I{saved sessions, loading from command line}The \c{-load} option
- causes PuTTY to load configuration details out of a saved session.
- If these details include a host name, then this option is all you
- need to make PuTTY start a session.
- You need double quotes around the session name if it contains spaces.
- If you want to create a \i{Windows shortcut} to start a PuTTY saved
- session, this is the option you should use: your shortcut should
- call something like
- \c d:\path\to\putty.exe -load "my session"
- (Note that PuTTY itself supports an alternative form of this option,
- for backwards compatibility. If you execute \i\c{putty @sessionname}
- it will have the same effect as \c{putty -load "sessionname"}. With
- the \c{@} form, no double quotes are required, and the \c{@} sign
- must be the very first thing on the command line. This form of the
- option is deprecated.)
- \S2{using-cmdline-protocol} Selecting a protocol: \c{-ssh},
- \c{-ssh-connection}, \c{-telnet}, \c{-rlogin}, \c{-supdup},
- \c{-raw}, \c{-serial}
- To choose which protocol you want to connect with, you can use one
- of these options:
- \b \i\c{-ssh} selects the SSH protocol.
- \b \i\c{-ssh-connection} selects the bare ssh-connection protocol.
- (This is only useful in specialised circumstances; see \k{config-psusan}
- for more information.)
- \b \i\c{-telnet} selects the Telnet protocol.
- \b \i\c{-rlogin} selects the Rlogin protocol.
- \b \i\c{-supdup} selects the SUPDUP protocol.
- \b \i\c{-raw} selects the raw protocol.
- \b \i\c{-serial} selects a serial connection.
- Most of these options are not available in the file transfer tools
- PSCP and PSFTP (which only work with the SSH protocol and the bare
- ssh-connection protocol).
- These options are equivalent to the \i{protocol selection} buttons
- in the Session panel of the PuTTY configuration box (see
- \k{config-hostname}).
- \S2{using-cmdline-v} \i\c{-v}: increase verbosity
- \I{verbose mode}Most of the PuTTY tools can be made to tell you more
- about what they are doing by supplying the \c{-v} option. If you are
- having trouble when making a connection, or you're simply curious,
- you can turn this switch on and hope to find out more about what is
- happening.
- \S2{using-cmdline-l} \i\c{-l}: specify a \i{login name}
- You can specify the user name to log in as on the remote server
- using the \c{-l} option. For example, \c{plink login.example.com -l
- fred}.
- These options are equivalent to the username selection box in the
- Connection panel of the PuTTY configuration box (see
- \k{config-username}).
- \S2{using-cmdline-portfwd} \I{-L-upper}\c{-L}, \I{-R-upper}\c{-R}
- and \I{-D-upper}\c{-D}: set up \i{port forwardings}
- As well as setting up port forwardings in the PuTTY configuration
- (see \k{config-ssh-portfwd}), you can also set up forwardings on the
- command line. The command-line options work just like the ones in
- Unix \c{ssh} programs.
- To \I{local port forwarding}forward a local port (say 5110) to a
- remote destination (say \cw{popserver.example.com} port 110), you
- can write something like one of these:
- \c putty -L 5110:popserver.example.com:110 -load mysession
- \c plink mysession -L 5110:popserver.example.com:110
- To forward a \I{remote port forwarding}remote port to a local
- destination, just use the \c{-R} option instead of \c{-L}:
- \c putty -R 5023:mytelnetserver.myhouse.org:23 -load mysession
- \c plink mysession -R 5023:mytelnetserver.myhouse.org:23
- To \I{listen address}specify an IP address for the listening end of the
- tunnel, prepend it to the argument:
- \c plink -L 127.0.0.5:23:localhost:23 myhost
- To set up \I{dynamic port forwarding}SOCKS-based dynamic port
- forwarding on a local port, use the \c{-D} option. For this one you
- only have to pass the port number:
- \c putty -D 4096 -load mysession
- For general information on port forwarding, see
- \k{using-port-forwarding}.
- These options are not available in the file transfer tools PSCP and
- PSFTP.
- \S2{using-cmdline-m} \i\c{-m}: \I{reading commands from a file}read
- a remote command or script from a file
- The \i\c{-m} option performs a similar function to the \q{\ii{Remote
- command}} box in the SSH panel of the PuTTY configuration box (see
- \k{config-command}). However, the \c{-m} option expects to be given
- a local file name, and it will read a command from that file.
- With some servers (particularly Unix systems), you can even put
- multiple lines in this file and execute more than one command in
- sequence, or a whole shell script; but this is arguably an abuse, and
- cannot be expected to work on all servers. In particular, it is known
- \e{not} to work with certain \q{embedded} servers, such as \i{Cisco}
- routers.
- This option is not available in the file transfer tools PSCP and
- PSFTP.
- \S2{using-cmdline-p} \I{-P-upper}\c{-P}: specify a \i{port number}
- The \c{-P} option is used to specify the port number to connect to. If
- you have a Telnet server running on port 9696 of a machine instead of
- port 23, for example:
- \c putty -telnet -P 9696 host.name
- \c plink -telnet -P 9696 host.name
- (Note that this option is more useful in Plink than in PuTTY,
- because in PuTTY you can write \c{putty -telnet host.name 9696} in
- any case.)
- This option is equivalent to the port number control in the Session
- panel of the PuTTY configuration box (see \k{config-hostname}).
- \S2{using-cmdline-pw} \i\c{-pwfile} and \i\c{-pw}: specify a \i{password}
- A simple way to automate a remote login is to supply your password
- on the command line.
- The \c{-pwfile} option takes a file name as an argument. The first
- line of text in that file will be used as your password.
- The \c{-pw} option takes the password itself as an argument. This is
- \s{NOT SECURE} if anybody else uses the same computer, because the
- whole command line (including the password) is likely to show up if
- another user lists the running processes. \c{-pw} is retained for
- backwards compatibility only; you should use \c{-pwfile} instead.
- Note that these options only work when you are using the SSH protocol.
- Due to fundamental limitations of Telnet, Rlogin, and SUPDUP, these
- protocols do not support automated password authentication.
- \S2{using-cmdline-agentauth} \i\c{-agent} and \i\c{-noagent}:
- control use of Pageant for authentication
- The \c{-agent} option turns on SSH authentication using Pageant, and
- \c{-noagent} turns it off. These options are only meaningful if you
- are using SSH.
- See \k{pageant} for general information on \i{Pageant}.
- These options are equivalent to the agent authentication checkbox in
- the Auth panel of the PuTTY configuration box (see
- \k{config-ssh-tryagent}).
- \S2{using-cmdline-agent} \I{-A-upper}\c{-A} and \i\c{-a}: control \i{agent
- forwarding}
- The \c{-A} option turns on SSH agent forwarding, and \c{-a} turns it
- off. These options are only meaningful if you are using SSH.
- See \k{pageant} for general information on \i{Pageant}, and
- \k{pageant-forward} for information on agent forwarding. Note that
- there is a security risk involved with enabling this option; see
- \k{pageant-security} for details.
- These options are equivalent to the agent forwarding checkbox in the
- Auth panel of the PuTTY configuration box (see \k{config-ssh-agentfwd}).
- These options are not available in the file transfer tools PSCP and
- PSFTP.
- \S2{using-cmdline-x11} \I{-X-upper}\c{-X} and \i\c{-x}: control \i{X11
- forwarding}
- The \c{-X} option turns on X11 forwarding in SSH, and \c{-x} turns
- it off. These options are only meaningful if you are using SSH.
- For information on X11 forwarding, see \k{using-x-forwarding}.
- These options are equivalent to the X11 forwarding checkbox in the
- X11 panel of the PuTTY configuration box (see \k{config-ssh-x11}).
- These options are not available in the file transfer tools PSCP and
- PSFTP.
- \S2{using-cmdline-pty} \i\c{-t} and \I{-T-upper}\c{-T}: control
- \i{pseudo-terminal allocation}
- The \c{-t} option ensures PuTTY attempts to allocate a
- pseudo-terminal at the server, and \c{-T} stops it from allocating
- one. These options are only meaningful if you are using SSH.
- These options are equivalent to the \q{Don't allocate a
- pseudo-terminal} checkbox in the SSH panel of the PuTTY
- configuration box (see \k{config-ssh-pty}).
- These options are not available in the file transfer tools PSCP and
- PSFTP.
- \S2{using-cmdline-noshell} \I{-N-upper}\c{-N}: suppress starting a
- \I{suppressing remote shell}shell or command
- The \c{-N} option prevents PuTTY from attempting to start a shell or
- command on the remote server. You might want to use this option if
- you are only using the SSH connection for port forwarding, and your
- user account on the server does not have the ability to run a shell.
- This feature is only available in SSH protocol version 2 (since the
- version 1 protocol assumes you will always want to run a shell).
- This option is equivalent to the \q{Don't start a shell or command
- at all} checkbox in the SSH panel of the PuTTY configuration box
- (see \k{config-ssh-noshell}).
- This option is not available in the file transfer tools PSCP and
- PSFTP.
- \S2{using-cmdline-ncmode} \I{-nc}\c{-nc}: make a \i{remote network
- connection} in place of a remote shell or command
- The \c{-nc} option prevents Plink (or PuTTY) from attempting to
- start a shell or command on the remote server. Instead, it will
- instruct the remote server to open a network connection to a host
- name and port number specified by you, and treat that network
- connection as if it were the main session.
- You specify a host and port as an argument to the \c{-nc} option,
- with a colon separating the host name from the port number, like
- this:
- \c plink host1.example.com -nc host2.example.com:1234
- This can be useful if you're trying to make a connection to a target
- host which you can only reach by SSH forwarding through a proxy host.
- One way to do this would be to have an existing SSH connection to the
- proxy host, with a port forwarding, but if you prefer to have the
- connection started on demand as needed, then this approach can also
- work.
- However, this does depend on the program \e{using} the proxy being
- able to run a subprocess in place of making a network connection.
- PuTTY itself can do this using the \q{Local} proxy type, but there's a
- built-in more flexible way using the \q{SSH} proxy type. (See
- \k{config-proxy-type} for a description of both.) So this feature is
- probably most useful with another client program as the end user.
- This feature is only available in SSH protocol version 2 (since the
- version 1 protocol assumes you will always want to run a shell). It
- is not available in the file transfer tools PSCP and PSFTP. It is
- available in PuTTY itself, although it is unlikely to be very useful
- in any tool other than Plink. Also, \c{-nc} uses the same server
- functionality as port forwarding, so it will not work if your server
- administrator has disabled port forwarding.
- (The option is named \c{-nc} after the Unix program
- \W{http://www.vulnwatch.org/netcat/}\c{nc}, short for \q{netcat}.
- The command \cq{plink host1 -nc host2:port} is very similar in
- functionality to \cq{plink host1 nc host2 port}, which invokes
- \c{nc} on the server and tells it to connect to the specified
- destination. However, Plink's built-in \c{-nc} option does not
- depend on the \c{nc} program being installed on the server.)
- \S2{using-cmdline-compress} \I{-C-upper}\c{-C}: enable \i{compression}
- The \c{-C} option enables compression of the data sent across the
- network. This option is only meaningful if you are using SSH.
- This option is equivalent to the \q{Enable compression} checkbox in
- the SSH panel of the PuTTY configuration box (see
- \k{config-ssh-comp}).
- \S2{using-cmdline-sshprot} \i\c{-1} and \i\c{-2}: specify an \i{SSH
- protocol version}
- The \c{-1} and \c{-2} options force PuTTY to use version \I{SSH-1}1
- or version \I{SSH-2}2 of the SSH protocol. These options are only
- meaningful if you are using SSH.
- These options are equivalent to selecting the SSH protocol version in
- the SSH panel of the PuTTY configuration box (see \k{config-ssh-prot}).
- \S2{using-cmdline-ipversion} \i\c{-4} and \i\c{-6}: specify an
- \i{Internet protocol version}
- The \c{-4} and \c{-6} options force PuTTY to use the older Internet
- protocol \i{IPv4} or the newer \i{IPv6} for most outgoing
- connections.
- These options are equivalent to selecting your preferred Internet
- protocol version as \q{IPv4} or \q{IPv6} in the Connection panel of
- the PuTTY configuration box (see \k{config-address-family}).
- \S2{using-cmdline-identity} \i\c{-i}: specify an SSH \i{private key}
- The \c{-i} option allows you to specify the name of a private key
- file in \c{*.\i{PPK}} format which PuTTY will use to authenticate with the
- server. This option is only meaningful if you are using SSH.
- If you are using Pageant, you can also specify a \e{public} key file
- (in RFC 4716 or OpenSSH format) to identify a specific key file to use.
- (This won't work if you're not running Pageant, of course.)
- For general information on \i{public-key authentication}, see
- \k{pubkey}.
- This option is equivalent to the \q{Private key file for
- authentication} box in the Auth panel of the PuTTY configuration box
- (see \k{config-ssh-privkey}).
- \S2{using-cmdline-cert} \i\c{-cert}: specify an SSH \i{certificate}
- The \c{-cert} option allows you to specify the name of a certificate
- file containing a signed version of your public key. If you specify
- this option, PuTTY will present that certificate in place of the plain
- public key, whenever it tries to authenticate with a key that matches.
- (This applies whether the key is stored in Pageant or loaded directly
- from a file by PuTTY.)
- This option is equivalent to the \q{Certificate to use with the
- private key} box in the Auth panel of the PuTTY configuration box (see
- \k{config-ssh-cert}).
- \S2{using-cmdline-no-trivial-auth} \i\c{-no-trivial-auth}: disconnect
- if SSH authentication succeeds trivially
- This option causes PuTTY to abandon an SSH session if the server
- accepts authentication without ever having asked for any kind of
- password or signature or token.
- See \k{config-ssh-notrivialauth} for why you might want this.
- \S2{using-cmdline-loghost} \i\c{-loghost}: specify a \i{logical host
- name}
- This option overrides PuTTY's normal SSH \I{host key cache}host key
- caching policy by telling it the name of the host you expect your
- connection to end up at (in cases where this differs from the location
- PuTTY thinks it's connecting to). It can be a plain host name, or a
- host name followed by a colon and a port number. See
- \k{config-loghost} for more detail on this.
- \S2{using-cmdline-hostkey} \i\c{-hostkey}: \I{manually configuring
- host keys}manually specify an expected host key
- This option overrides PuTTY's normal SSH \I{host key cache}host key
- caching policy by telling it exactly what host key to expect, which
- can be useful if the normal automatic host key store in the Registry
- is unavailable. The argument to this option should be either a host key
- fingerprint, or an SSH-2 public key blob. See
- \k{config-ssh-kex-manual-hostkeys} for more information.
- You can specify this option more than once if you want to configure
- more than one key to be accepted.
- \S2{using-cmdline-pgpfp} \i\c{-pgpfp}: display \i{PGP key fingerprint}s
- This option causes the PuTTY tools not to run as normal, but instead
- to display the fingerprints of the PuTTY PGP Master Keys, in order to
- aid with \i{verifying new versions}. See \k{pgpkeys} for more information.
- \S2{using-cmdline-sercfg} \i\c{-sercfg}: specify serial port
- \i{configuration}
- This option specifies the configuration parameters for the serial
- port (baud rate, stop bits etc). Its argument is interpreted as a
- comma-separated list of configuration options, which can be as
- follows:
- \b Any single digit from 5 to 9 sets the number of data bits.
- \b \cq{1}, \cq{1.5} or \cq{2} sets the number of stop bits.
- \b Any other numeric string is interpreted as a baud rate.
- \b A single lower-case letter specifies the parity: \cq{n} for none,
- \cq{o} for odd, \cq{e} for even, \cq{m} for mark and \cq{s} for space.
- \b A single upper-case letter specifies the flow control: \cq{N} for
- none, \cq{X} for XON/XOFF, \cq{R} for RTS/CTS and \cq{D} for
- DSR/DTR.
- For example, \cq{-sercfg 19200,8,n,1,N} denotes a baud rate of
- 19200, 8 data bits, no parity, 1 stop bit and no flow control.
- \S2{using-cmdline-sshlog} \i\c{-sessionlog}, \i\c{-sshlog},
- \i\c{-sshrawlog}: enable session logging
- These options cause the PuTTY network tools to write out a \i{log
- file}. Each of them expects a file name as an argument, e.g.
- \cq{-sshlog putty.log} causes an SSH packet log to be written to a
- file called \cq{putty.log}. The three different options select
- different logging modes, all available from the GUI too:
- \b \c{-sessionlog} selects \q{All session output} logging mode.
- \b \c{-sshlog} selects \q{SSH packets} logging mode.
- \b \c{-sshrawlog} selects \q{SSH packets and raw data} logging mode.
- For more information on logging configuration, see \k{config-logging}.
- \S2{using-cmdline-logfileexists} \i\c{-logoverwrite}, \i\c{-logappend}:
- control behaviour with existing log file
- If logging has been enabled (in the saved configuration, or by another
- command-line option), and the specified log file already exists, these
- options tell the PuTTY network tools what to do so that they don't
- have to ask the user. See \k{config-logfileexists} for details.
- \S2{using-cmdline-proxycmd} \i\c{-proxycmd}: specify a local proxy
- command
- This option enables PuTTY's mode for running a \I{Local proxy}command
- on the local machine and using it as a proxy for the network
- connection. It expects a shell command string as an argument.
- See \k{config-proxy-type} for more information on this, and on other
- proxy settings. In particular, note that since the special sequences
- described there are understood in the argument string, literal
- backslashes must be doubled (if you want \c{\\} in your command, you
- must put \c{\\\\} on the command line).
- \S2{using-cmdline-restrict-acl} \i\c{-restrict-acl}: restrict the
- \i{Windows process ACL}
- This option (on Windows only) causes PuTTY (or another PuTTY tool) to
- try to lock down the operating system's access control on its own
- process. If this succeeds, it should present an extra obstacle to
- malware that has managed to run under the same user id as the PuTTY
- process, by preventing it from attaching to PuTTY using the same
- interfaces debuggers use and either reading sensitive information out
- of its memory or hijacking its network session.
- This option is not enabled by default, because this form of
- interaction between Windows programs has many legitimate uses,
- including accessibility software such as screen readers. Also, it
- cannot provide full security against this class of attack in any case,
- because PuTTY can only lock down its own ACL \e{after} it has started
- up, and malware could still get in if it attacks the process between
- startup and lockdown. So it trades away noticeable convenience, and
- delivers less real security than you might want. However, if you do
- want to make that tradeoff anyway, the option is available.
- A PuTTY process started with \c{-restrict-acl} will pass that on to
- any processes started with Duplicate Session, New Session etc.
- (However, if you're invoking PuTTY tools explicitly, for instance as a
- proxy command, you'll need to arrange to pass them the
- \c{-restrict-acl} option yourself, if that's what you want.)
- If Pageant is started with the \c{-restrict-acl} option, and you use
- it to launch a PuTTY session from its \ii{System Tray} submenu, then
- Pageant will \e{not} default to starting the PuTTY subprocess with a
- restricted ACL. This is because PuTTY is more likely to suffer reduced
- functionality as a result of restricted ACLs (e.g. screen reader
- software will have a greater need to interact with it), whereas
- Pageant stores the more critical information (hence benefits more from
- the extra protection), so it's reasonable to want to run Pageant but
- not PuTTY with the ACL restrictions. You can force Pageant to start
- subsidiary PuTTY processes with a restricted ACL if you also pass the
- \i\c{-restrict-putty-acl} option.
- \S2{using-cmdline-host-ca} \i{\c{-host-ca}}: launch the
- \I{certificate}host CA configuration
- If you start PuTTY with the \c{-host-ca} option, it will not launch a
- session at all. Instead, it will just display the configuration dialog
- box for host certification authorities, as described in
- \k{config-ssh-kex-cert}. When you dismiss that dialog box, PuTTY will
- terminate.
- \S2{using-cmdline-legacy-stdio-prompts} \i{\c{-legacy-stdio-prompts}}:
- handle Windows console prompts like older versions of PuTTY
- This option applies to all of PSCP, PSFTP and Plink on Windows: all
- the tools in the PuTTY suite that run in a Windows console and make
- SSH connections.
- These tools use the Windows console to prompt for various information:
- usernames, passwords, answers to questions about host keys, and so on.
- In current versions of PuTTY, these prompts work by direct access to
- the Windows console. This means that even if you redirect the standard
- input or output of the tool, prompts will \e{still} be sent to the
- console (and not where you've redirected your output), and the user's
- responses will be read from the console (and not from where you've
- redirected your input).
- Another advantage of reading directly from the Windows console is that
- the tools can read input as \i{Unicode}. So this also allows you to
- enter usernames and passwords that contain characters not in the
- Windows system's default character set.
- In versions of the PuTTY tools up to and including 0.81, the prompts
- used the tool's ordinary I/O handles, so prompt output and user
- responses could be redirected.
- We think the new behaviour is more likely to be useful. For example,
- if you have a local command that generates output, and you want to
- pipe that output into a command running remotely via Plink, you can
- run a command line such as
- \c local_command | plink hostname remote_command
- and the data piped into the remote command will be the same whether or
- not Plink has to stop to ask for a password. With the old behaviour
- you would have had to include the password in Plink's input, which is
- more awkward.
- However, we recognise that people may have customised complicated
- workflows around the old behaviour. So if you need to switch back to
- it, you can do so by specifying \c{-legacy-stdio-prompts} on the
- command-line.
- To fully revert to the previous behaviour, you'd also need to specify
- \c{-legacy-charset-handling} (see the next section). (Even without
- that option, prompt handling with \c{-legacy-stdio-prompts} may not be
- fully Unicode-clean.)
- \S2{using-cmdline-legacy-charset-handling} \i{\c{-legacy-charset-handling}}:
- handle character set in prompts like older versions of PuTTY
- This option applies to PuTTY (on all platforms), and also to all of
- PSCP, PSFTP and Plink on Windows.
- In current versions of PuTTY, when you are prompted in the terminal
- window for things like SSH usernames and passwords, the responses you
- type are interpreted as \i{Unicode}, and transmitted to the server as
- such, even if the terminal is otherwise configured to use a different
- character encoding (see \k{config-charset}). Similarly, the same
- prompts from the Windows console tools will unconditionally interpret
- their input as Unicode.
- This behaviour is in line with the SSH standards; it allows things
- like usernames to use the full character set of the user's native
- language, and ensures that different keystrokes you type for your
- password are actually treated distinctly.
- However, if you are used to the behaviour of the PuTTY tools up to
- version 0.81, this could cause a previously working username and/or
- password not to work as you expected. For instance, if you had set a
- password including some \i{accented characters}, this change in
- behaviour could cause the same keystrokes you've always entered to
- start sending a different sequence of bytes to the server, denying you
- access (and you wouldn't even be able to see the difference, since the
- password is not shown when you type it).
- \c{-legacy-charset-handling} reverts the PuTTY tools' behaviour to how
- it was previously: what you type at these prompts will be interpreted
- according to the \q{Remote character set} (for PuTTY) or Windows'
- default character set (for the Windows console tools).
- (For example, this could allow you to log in to change your password
- to make using this option unnecessary in future. But if you're doing
- that, make sure the terminal is configured as UTF-8!)
|