Windows optimize

Use PuTTY as an SSH client on Windows

The SSH protocol was developed as a secure, encrypted replacement for the RSH protocol. RSH is used for remote shell access to a UNIX (or UNIX-like) system and was once popular among sysadmins before network security became the constant concern it is now. Now, thanks to SSH, the same convenience can be had with an encrypted protocol famous for its versatility and strong security. While OpenSSH is probably the most-used implementation of SSH in the world, PuTTY is likely the most-used SSH client for the MS Windows platform.

The SSH protocol was developed as a secure, encrypted replacement for the RSH protocol. RSH is used for remote shell access to a UNIX (or UNIX-like) system and was once popular among sysadmins before network security became the constant concern it is now. Now, thanks to SSH, the same convenience can be had with an encrypted protocol famous for its versatility and strong security.

While OpenSSH is probably the most used implementation of SSH in the world, PuTTY is likely the most used SSH client for the Microsoft Windows platform.

PuTTY's basic capabilities

Like OpenSSH, PuTTY is a very versatile tool for remote access to another computer. It's probably used more often by people who want secure remote shell access to a UNIX or Linux system than for any other purpose, though that is only one of its many uses.

PuTTY is more than just an SSH client. It supports all of the following protocols:

  • raw: The raw protocol is normally used for network debugging.
  • rlogin: This is an unencrypted UNIX remote login protocol that uses port 513 by default.
  • serial: The serial option is used to connect to a serial line. The most common purpose for this is to establish a serial connection between computers in lieu of an Ethernet or other network connection.
  • SSH: As already noted, SSH is an encrypted secure remote login protocol, which uses port 22 by default.
  • Telnet: Like rlogin, Telnet (telecommunication network) is an unencrypted remote login protocol. It typically uses port 23 and is available on many systems other than UNIX. Like rlogin, Telnet has waned in popularity due to privacy concerns.

In addition to the five protocols supported by PuTTY, it also supports features such as saved session configurations, session logging, locale (language) settings, and proxy sessions.

The importance of SSH on Windows

Of course, there are a number of reasons to use a tool like PuTTY. But the most common purposes are related to the SSH protocol.

  • It's a terrible idea to connect to a Web host over an unencrypted connection for management of your Web hosting account and for file transfers. Using an unencrypted login is a good way to get your Web hosting account "owned" by a malicious security cracker. Using a secure, encrypted protocol like SSH for such purposes is a much better option.
  • SSH via PuTTY offers a quick, easy way to securely access a UNIX shell environment from a Windows system. This is handy not only because of the obvious need some people have for working with both Windows and UNIX/Linux systems, but also for both people who are forced to use Windows and want access to the power of the UNIX shell and people who are forced to use UNIX and want the convenience of their Windows environment while they do it.
  • As with OpenSSH, PuTTY can be used as a secure Web proxy.
  • PuTTY can be used to secure TortoiseSVN connections with a Subversion server.

This is by no means an exhaustive list, but it's a good start.

Getting PuTTY

Unlike most UNIX and Linux systems, Windows does not come with any SSH server or client software installed by default. Even when they don't come with OpenSSH already installed, free UNIX and Linux systems generally make it very easy to install.

Luckily, it is almost as easy to install Windows' most popular SSH client software. All you have to do is download the Putty.exe file for your version of Windows from the PuTTY download page. Yes, it really is that easy. The downloaded executable file is the PuTTY program.

About

Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.

28 comments
Neon Samurai
Neon Samurai

I've found Putty and WinSCP indispensable and always keep the portableapps versions on my flashdrive. Putty does my SSH while WinSCP covers my SCP and SFTP needs perfectly. The only function I miss when working through a win32/64 local platform is being able to run remote X programs with them displaying locally. Now if only I could get portablePutty and portableCigwin working together they way the claim too, then I could even have my local X displays of remote GUI apps.

normhaga
normhaga

WinSPC, another freeware product is based on Putty. It makes the use of telnet, SPC, etc. simple for a Windows user and has the drag and drop functionality of Windows. A not free product is secureCRT, it is not based on Putty. Both of these products are better than Putty and easier to use.

Jaqui
Jaqui

I've seen a few apps that are like Putty for the install, and they become more of a pain than running an installer. making the "shortcuts" to the executable for the menu then pushing that change to every system where it's needed. The lack of an entry in the add / remove programs dialog makes finding older versions to update problematical also. since there are no registry entries, removing it or updaing it are simple, just delete / replace the executable, and remember to delete any shortcuts made if removing it.

lightnin91367
lightnin91367

Have you had any luck using PuTTY in a batch file or script that is launched by Windows Scheduler? For me it works perfectly when run from a command line but when launched by Windows Scheduler it "hangs" and does not complete.

apotheon
apotheon

Yeah, WinSCP (assuming that's what you mean when you type "WinSPC") is a great tool as well. It's based on SSH, though, and not on PuTTY. Whereas PuTTY's primary purpose is to provide a remote shell client, WinSCP's is to provide a file transfer client -- using SSH's SFTP and SCP functionality. "[i]Both of these products are better than Putty and easier to use.[/i]" Really? What's better about them? I'm especially interested in what's "better" about WinSCP, considering WinSCP and PuTTY don't even do the same things.

apotheon
apotheon

"[i]I've seen a few apps that are like Putty for the install, and they become more of a pain than running an installer.[/i]" How exactly is a single executable more of a pain than the mess most software installers on the MS Windows platform create? Updating is easy -- just replace the old executable with a new executable.

apotheon
apotheon

I want my X Windows middle-click paste back when working in MS Windows, darnit. . . . but yeah, it's a nice little tool. It's also in the FreeBSD ports tree if you absolutely must have PuTTY in a Unix environment. edit: though I personally prefer plain ol' OpenSSH in a terminal emulator

Neon Samurai
Neon Samurai

though someone else mentioned that all the command line programs are there for scripting against also. If it was an older Windows version, I'd say check the .pif or shortcut to make sure it's a "close when complete" terminal window or that something else is not blocking it. Anyone else out there had Putty hanging when run from MS Schedualler?

Neon Samurai
Neon Samurai

I was using OpenSSH previous to getting putty and winscp installed. I keep it on the flashdrive still though mostly because free space isn't an issue rather than for a specific use. If one wanted to go purely terminal based and stick with what's likely on the *nix side of the copper, OpenSSH is worth a look. Figured I'd throw that into the mix just for fun.

normhaga
normhaga

WinSPC installs Putty and needs Putty to operate; therefore it is fair to say that WinSPC is based on Putty even though it has SSH capabilities. I will be happy to send screenshots of start menus and program files directories showing Putty is installed. I have never directly installed Putty. As to being better, it is a matter of opinion. Some people like to dink around to get a job done. I myself like the fact that I can bring up a command shell in either the Norton or Explorer style and visually see exactly what is where. When I need to move a file or a group of files, I like the idea that I can highlight them and then drag and drop. If I have to traverse directories I can just click on the directory and go to it. Again it is a matter of choice because you can do the same with a command line. VanDikes SecureCRT is another story, it does not have a GUI, it is command line driven. It uses the native command set of the computer you are connecting to rather than the Windows command set. It is more of a remote client that connects natively. If used in conjunction with VNC it is extremely powerful. But even without VNC you have the command set of the remote machine at your disposal. So the matter is that it is personal preference. Mine is that both WinSPC and SecureCRT are better and easier to use than Putty.

DanLM
DanLM

Wherre secureCRT has everything in one executable, never leave the window to ssh into a shell and then move or retrieve files. Putty requires you to use different applications. Me personally, I use secureCRT at work and putty at home. I like putty better. But, I think thats more of a familuarity thing then anything else. What I don't remember about secureCRT is its public/private key workings. For some reasons I want to say it doesn't play nice with openSSL with those. Openssl not liking the keys gened by secureCRT... But, I am unsure of that. Been a very long time. Dan

Jaqui
Jaqui

yup it is easy. it's in a corporate environment where there is a need for a number of installs, and updates, and shortcut creation that it's a pain in the behind to administer the single executable. While the installers make a mess, mainly because of the registry, they at least work with what passes for package management in windows.

DanLM
DanLM

Putty has several applications that can be used on windows for secure communications or to assist in them. PuTTY (the Telnet and SSH client itself) PSCP (an SCP client, i.e. command-line secure file copy) PSFTP (an SFTP client, i.e. general file transfer sessions much like FTP) PuTTYtel (a Telnet-only client) Plink (a command-line interface to the PuTTY back ends) Pageant (an SSH authentication agent for PuTTY, PSCP and Plink) PuTTYgen (an RSA and DSA key generation utility). I only use putty and puttygen. I use winscp for ssh file transfers, find that pretty friendly. What is the license of putty just out of courosity? Dan

Neon Samurai
Neon Samurai

.. and happily, I often learn something. :) In my own network, an ideal situation admittedly, I usually run a sniffer while testing any new protocols in use. Except for public http server and the later mentioned pops issue and as little samba as I can get away with, all traffic within my router is encrypted. The same goes for the outside networks in my care as much as possible; even I have to allow http traffic from my webserver but not too anything requiring uname/passwd. I'll be mucking with ssh by cert rather than password just as soon as I get my personal mail server functioning with it's ssl certs. I can't stand when one of my toys is broken and only having unencrypted pop access too my mail server is a broken toy. Mandriva 2007.1 setup clean by simply adding the apropriate mail related packages. My own mail server is using 2008.0 and damned if "uprmi imap" didn't go in clean on the first try.. excluding the ssl certs it seems. Port 110; perfect. Port 995; I'm doing some learning. Too get back on topic, I generate certs for my user accounts as standard practice and with the joy of keychain and ssh-keygen. The only bit I haven't take the ten minutes to read how to setup is placing that cert in the remote server's allowed list. The cert is verified by password at login so the user, me, is still being authenticated. It's just the last step of actuallying using the cert instead of passwords that I haven't taken. My priorities have kept me focusing on other jobs for the webserver and networks in my care. Like most things though, I'll do it then wonder why I didn't sooner and it'll be habitual best practice until something better replaces it. Encase anyone is curious, Mandriva is fine for my home with no critical up time requirements. The system outside my home is using Mandriva while the local admin, aka small business owner, becomes more comfortable with a *nix based webserver. Debian or BSD are currently on deck as replacement platforms if Mandriva displays technical reasons against continued use (including the local admin's comfort level). (update): under a minute to read the first hit on google and copy the .pem from my apache's ssl folder to /etc/ssl/imapd/ipop3sd.pem.. bah.. I knew it w as going to be a "WTF, that was easy" moment.

DanLM
DanLM

I don't like passwords, period. I use public/private keys for ssh where ever I can. I have some control panels(webmin) on my one machine that I would truly like to set up so that a person with a cert could get through. It's ssl already... But, only for password entry. But, that control panel... My control panel, let me be more specific. The one that has access to everything... I would like to lock that down harder. I would like to only be allowed access with a private certificate. I've looked at it, but never made the leap yet. I'm unsure how I would do it where say... I let someone through webmin for dns on their domain(password login via ssl)... Which I can do where they only have access to that... But my login, which gives me access to everything... A cert only would be truly nice. Hmmmmmmm... I never gave usermin a spin, I wonder if I can set that up with a different sub domain... Crap, I can't do that.... My paid ssl is only good for 1 subdomain... And I paid 2 years on it.. lol Damn it Neon, I always spin off on these little ventures when ever I'm in a security thread with you. Dan [Edited for] Spell check, and to apologize for wandering off topic.

Neon Samurai
Neon Samurai

Then again, I stumbled across it only after first installing the free VMware Server beta when I needed to connect to them from my host OS. Replacing both ftp and telnet with one simple command and a single open port blew me away. I've not yet had a specific reason to setup tunneling though I am looking at using certs versus passwords only now finally. In this particular thread, I went the other way and figured that "for Windows" would be the default since the other apps discussed where windows specific. (I should really do some man in the middles between my VM's to fully understand that fun too)

apotheon
apotheon

No, I think he's talking about OpenSSH for MS Windows. I just thought you were talking about OpenSSH in general, and not specifically for MS Windows, that was new to you.

Neon Samurai
Neon Samurai

" OpenSSH for Windows v3.8.1p1-1: Readme Michael Johnson youngmug@users.sourceforge.net Updated 9 July 2004 " http://sshwindows.sourceforge.net/ OpenSSH win32 build; terminalled, for his/her pleasure. (now to go check for a newer update)

DanLM
DanLM

And I truthfully never heard of it on windows. Ok, so I'm being stupid... It happens... ;o). Dan

apotheon
apotheon

You haven't heard of OpenSSH . . . ? How did that happen?

apotheon
apotheon

My experience is that people who would prefer the healthful goodness of OpenSSH over the sticky, GUI saccharine sweetness of PuTTY and WinSCP wouldn't need a tutorial. Thus, when addressing the MS Windows crowd, I have a tendency to focus on the GUI tools like PuTTY. OpenSSH is basically a given on any open source OS, on the other hand.

DanLM
DanLM

To be truthfull, I hd not heard of it. So, I appriceate the [i]just for fun[/i]. lol dan

normhaga
normhaga

Like most things, this can be worked around. I have moved away from MS solutions to open source. When I was an MS boy, I worked around the limitations by installing Cygwin and linking it to my command consoles path. When Putty, which is primarily command line driven, received a command line response, the appropriate handlers were called from Cygwin. I had few problems. Others experiences will vary according to their skill, determination, and imagination.

DanLM
DanLM

I just opened a command window in my winscp, and at the very top it states. Warning: DO NOT execute commands that require user input. For most, I agree. This would not be an issue... But, it is a limitation. Dan