PuTTY — The SSH & Telnet Client
Windows Administrators Rely On
PuTTY has been the trusted free SSH client for Windows since 1999. Whether you need to open a PuTTY SSH session, download and verify the installer, generate keys with PuTTYgen, or automate remote commands with Plink — this site covers every tool in the suite, written for IT professionals and system administrators.
About the Software
What is PuTTY?
PuTTY is a free, open-source terminal emulator and network client for Windows, first released in 1999 by developer Simon Tatham. Over the following two and a half decades it became — and has remained — the most widely deployed SSH client in enterprise Windows environments worldwide.
The software is distributed under the MIT licence, imposes no cost, and ships as a single standalone putty.exe executable that requires no installation and leaves no permanent system footprint by default. This makes it uniquely suited to enterprise environments where software deployment is tightly controlled, as well as to administrators who need a reliable tool available from a USB drive.
PuTTY supports multiple connection protocols: SSH-1 and SSH-2 (Secure Shell), Telnet, rlogin, SCP, SFTP, and direct serial connections via COM ports. This breadth of protocol support is what keeps it relevant even as native Windows SSH tooling has matured — nothing else combines all of these capabilities in a single portable binary.
Supported Protocols
| Protocol | Use Case |
|---|---|
| SSH-2 / SSH-1 | Secure remote shell access — the primary use case |
| Telnet | Legacy unencrypted terminal connections |
| Serial (COM) | Router, switch, and embedded device consoles |
| rlogin | Legacy Unix remote login protocol |
| SCP | Command-line secure file copy via PSCP |
| SFTP | Interactive secure file management via PSFTP |
Getting Started
Connect to a Server in Three Steps
Download and Verify
Obtain putty.exe from the official project site at chiark.greenend.org.uk or the team's mirror at putty.software. Before running any executable, compute its SHA-256 hash in PowerShell using Get-FileHash and compare it to the checksums published on the official releases page. This single step protects you from trojanized installers.
Download guide →Configure a Session
Open putty.exe and enter your server's hostname or IP address in the Host Name field. Select SSH as the connection type and confirm the port is 22 (or your server's custom port). Enter a name in the Saved Sessions field and click Save — PuTTY stores this profile locally so you can reopen it with a single click in future sessions.
Configuration guide →Authenticate with SSH Keys
Password authentication is functional but vulnerable. The stronger approach is SSH key-based authentication: generate a key pair with PuTTYgen, place the public key in the server's authorized_keys file, and configure PuTTY to use the private .ppk file. Authentication then becomes cryptographic rather than password-based, eliminating brute-force exposure.
SSH keys guide →The Complete Suite
Six Tools, One Download
The PuTTY installer packages six individual executables that together cover every aspect of SSH-based server administration on Windows — from interactive sessions to automated scripting and secure file transfers.
| Tool | Executable | What It Does | Guide |
|---|---|---|---|
| PuTTY | putty.exe | The main terminal emulator. Opens interactive SSH, Telnet, and serial connections. Stores named session profiles with custom fonts, colours, and connection parameters. | Read guide |
| PuTTYgen | puttygen.exe | Cryptographic key pair generator. Creates RSA (up to 4096-bit), DSA, ECDSA (nistp256/384/521), Ed25519, and Ed448 keys. Converts between OpenSSH and PuTTY's native PPK format. | Read guide |
| Pageant | pageant.exe | SSH authentication agent. Decrypts private keys once at session start and holds them in protected memory, forwarding them to PuTTY and Plink on demand — eliminating repeated passphrase prompts. | Read guide |
| Plink | plink.exe | Non-interactive command-line SSH client built for scripting. Runs single commands or entire command files on remote hosts, integrates with Git and CVS over SSH, and supports -batch mode to prevent automation scripts from hanging on interactive prompts. | Read guide |
| PSCP | pscp.exe | Command-line SCP client. Transfers individual files or entire directory trees between Windows and remote Unix/Linux servers using the same SSH authentication as PuTTY. Designed for automated backup and deployment scripts. | Read guide |
| PSFTP | psftp.exe | Interactive text-based SFTP client. Provides a command prompt for navigating remote file systems, uploading and downloading files, setting permissions, and managing directories — all over an encrypted SSH connection. | Read guide |
Security Awareness
The Trojanized Installer Threat
PuTTY's popularity among IT administrators — who routinely hold privileged access to corporate infrastructure — makes it one of the most frequently targeted software packages in search engine poisoning campaigns. Threat actors register visually deceptive domains and use aggressive SEO or paid advertising to position fake download pages above legitimate results.
When an administrator downloads from one of these pages, they receive a modified installer that silently deploys the Oyster backdoor (also documented under the names Broomstick and CleanUpLoader) in the background while simultaneously completing a normal-looking PuTTY installation to avoid arousing suspicion.
Once the Oyster backdoor is established, it provides an external attacker with persistent access to harvest credentials, exfiltrate data, and deploy tertiary payloads. Ransomware groups including Rhysida have been linked to campaigns using this infection chain. The backdoor maintains persistence by creating scheduled tasks with innocuous-sounding names — such as FireFox Agent INC or AlphaSecurity — that execute malicious DLL files every few minutes.
How to Stay Safe
Only use official sources
The two authorised download locations are chiark.greenend.org.uk (the original project server, operated by Simon Tatham) and putty.software (registered by the development team in 2025 to combat domain confusion). No other site is an authorised distributor.
Verify the SHA-256 hash
After downloading, run Get-FileHash putty.exe -Algorithm SHA256 in PowerShell and compare the output character-by-character to the hash published on the official checksums page. A single character mismatch means the file has been tampered with.
Verify the GPG signature
For the highest level of assurance, verify the cryptographic signature on the download using Gpg4win or Kleopatra. Import the PuTTY team's master release key from the official keys page and confirm a valid signature from Simon Tatham before executing anything.
Authentication
SSH Keys vs Password Authentication
Most users connect to SSH servers with a username and password. Key-based authentication replaces that with a cryptographic system that is both more secure and more convenient for administrators who manage many servers.
Password Authentication
- Sent to the server on every login — interceptable if the channel is misconfigured
- Vulnerable to brute-force and credential stuffing attacks
- Shared passwords create audit trail problems across team environments
- Expiry policies require periodic rotation across all managed servers
SSH Key Authentication
- Private key never leaves your machine — only a mathematical proof is sent
- A 4096-bit RSA or Ed25519 key cannot be brute-forced with current hardware
- Each user holds their own key pair — revocation affects only that individual
- Load keys into Pageant once per session for passphrase-free automation
PuTTY uses a proprietary key file format with the .ppk extension. Keys are generated using the bundled PuTTYgen tool, which also converts between PPK format and the standard OpenSSH key format used on Linux and macOS. Full key generation guide →
About This Resource
Why putty-ssh.org Exists
The domain landscape around PuTTY has a complicated history. For over two decades, putty.org was operated by Bitvise — a commercial SSH software vendor — which used it to route users toward the official download while promoting its own paid alternatives. In 2025, the operator replaced the site's content with unrelated misinformation, causing widespread confusion and prompting the official PuTTY development team to publicly disavow the domain. In response, the team registered putty.software as the canonical secondary access point.
This created a gap: users searching for PuTTY documentation, configuration tutorials, and tool guides encounter either the official site — which is intentionally minimal — or an ongoing presence of deceptive third-party pages. putty-ssh.org exists to fill that gap, providing the technical depth that the official project does not prioritise.
This site does not host binary files. All download links point directly to the Chiark and putty.software project domains. The aim of this resource is straightforward: help administrators understand, configure, and safely use PuTTY and every tool in its suite.
PuTTY is free software written by Simon Tatham and contributors, distributed under the MIT licence. This site is a community reference guide with no commercial relationship to the project.