info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
PuTTY 0.75 is released
82 views
Skip to first unread message
Simon Tatham
May 8, 2021, 4:57:50 AM5/8/21
to
PuTTY version 0.75 is released
------------------------------
All the pre-built binaries, and the source code, are now available
from the PuTTY website at
https://www.chiark.greenend.org.uk/~sgtatham/putty/
This release includes major new features, but it also includes a minor
security fix for Windows PuTTY. We urge Windows users to update.
This release fixes the following security issue:
- On Windows, if a server sent control sequences at high speed to
reconfigure the terminal window title repeatedly, PuTTY would pass
on all those title changes to Windows itself at high enough speed
to make the window system unresponsive, resulting in a denial of
service to other local applications.
(You can also work around this by turning off the remote window
title changing feature.)
New features in this release include:
- Pageant now permits you to load an SSH-2 private key file without
giving the passphrase immediately. If you do, the key will remain
in Pageant's memory in encrypted form, and Pageant will prompt for
the passphrase the first time you try to use the key. After that it
will behave like a normal key held in Pageant, unless you use the
're-encrypt' option to return it to a state in which Pageant will
ask for the passphrase again.
- SSH-2 key fingerprints are now displayed by default in the OpenSSH
format of base64-encoded SHA-256. (The historic MD5 format is still
provided as an alternative.)
- PuTTY's format for private key files has been updated. The new
format, PPK3, does not depend on SHA-1, and also, it uses the
Argon2 password hash function to make it more difficult for an
encrypted key file stolen by an attacker to be brute-forced.
- Additional cryptographic algorithms in SSH. We now support Curve448
key exchange, Ed448 public keys, and the modern variants of RSA
that use SHA-2 instead of SHA-1.
- PuTTYgen now has more options for generating the primes used in RSA
and DSA keys. It can generate them in such a way as to be _sure_
they're prime (instead of the usual probabilistic approach), and it
can generate 'strong' primes for RSA, which some standards require.
- Terminal emulator: the control sequence ESC [ 9 m, to display text
with strikethrough, is now supported.
- The Unix version of the tools can now make their primary network
connection to a Unix-domain socket in place of a TCP/IP endpoint.
- PuTTY supports a new cleartext protocol containing just the
innermost core of SSH, and the Unix distribution contains a server
for it. Useful for talking over IPC channels like pipes to
different environments on the same machine (like containers,
separate network namespaces etc), with all the SSH amenities like
port forwarding and file transfer, and no need to manage fake host
keys and pointless passwords.
- For retro-computing enthusiasts: the 1970s login protocol SUPDUP
(RFC 734) is now supported, alongside Telnet and Rlogin.
Bug fixes in this release include:
- When run without any saved sessions present, PSCP accidentally
tried to connect to port 0 in place of port 22.
- When exporting Ed25519 private keys in OpenSSH format, PuTTYgen
wrote out about 1/256 of all keys in an unreadable state.
- Terminal scrollback was sometimes corrupted so that it did not
match the text that had been on the screen before the scroll.
- The terminal was unable to display Unicode characters in the range
U+F000 to U+F1FF (part of the private-use area).
- In some edge cases of Windows maximise-by-dragging operations,
PuTTY would fail to recalculate the thickness of its window border,
and display text partly off the edge of its window.
- When dragging Windows PuTTY between two monitors with different DPI
settings, the window did not resize itself appropriately.
- When using the test operation 'plink -shareexists' to see if a
connection-sharing PuTTY was already open for a host, the upstream
PuTTY could accidentally terminate if 'plink -shareexists' happened
at just the wrong moment.
Enjoy using PuTTY!
--
for k in [pow(x,37,0x1a1298d262b49c895d47f) for x in [0x50deb914257022de7fff,
0x213558f2215127d5a2d1, 0x90c99e86d08b91218630, 0x109f3d0cfbf640c0beee7,
0xc83e01379a5fbec5fdd1, 0x19d3d70a8d567e388600e, 0x534e2f6e8a4a33155123]]:
print("".join([chr(32+3*((k>>x)&1))for x in range(79)])) # <ana...@pobox.com>
------------------------------
All the pre-built binaries, and the source code, are now available
from the PuTTY website at
https://www.chiark.greenend.org.uk/~sgtatham/putty/
This release includes major new features, but it also includes a minor
security fix for Windows PuTTY. We urge Windows users to update.
This release fixes the following security issue:
- On Windows, if a server sent control sequences at high speed to
reconfigure the terminal window title repeatedly, PuTTY would pass
on all those title changes to Windows itself at high enough speed
to make the window system unresponsive, resulting in a denial of
service to other local applications.
(You can also work around this by turning off the remote window
title changing feature.)
New features in this release include:
- Pageant now permits you to load an SSH-2 private key file without
giving the passphrase immediately. If you do, the key will remain
in Pageant's memory in encrypted form, and Pageant will prompt for
the passphrase the first time you try to use the key. After that it
will behave like a normal key held in Pageant, unless you use the
're-encrypt' option to return it to a state in which Pageant will
ask for the passphrase again.
- SSH-2 key fingerprints are now displayed by default in the OpenSSH
format of base64-encoded SHA-256. (The historic MD5 format is still
provided as an alternative.)
- PuTTY's format for private key files has been updated. The new
format, PPK3, does not depend on SHA-1, and also, it uses the
Argon2 password hash function to make it more difficult for an
encrypted key file stolen by an attacker to be brute-forced.
- Additional cryptographic algorithms in SSH. We now support Curve448
key exchange, Ed448 public keys, and the modern variants of RSA
that use SHA-2 instead of SHA-1.
- PuTTYgen now has more options for generating the primes used in RSA
and DSA keys. It can generate them in such a way as to be _sure_
they're prime (instead of the usual probabilistic approach), and it
can generate 'strong' primes for RSA, which some standards require.
- Terminal emulator: the control sequence ESC [ 9 m, to display text
with strikethrough, is now supported.
- The Unix version of the tools can now make their primary network
connection to a Unix-domain socket in place of a TCP/IP endpoint.
- PuTTY supports a new cleartext protocol containing just the
innermost core of SSH, and the Unix distribution contains a server
for it. Useful for talking over IPC channels like pipes to
different environments on the same machine (like containers,
separate network namespaces etc), with all the SSH amenities like
port forwarding and file transfer, and no need to manage fake host
keys and pointless passwords.
- For retro-computing enthusiasts: the 1970s login protocol SUPDUP
(RFC 734) is now supported, alongside Telnet and Rlogin.
Bug fixes in this release include:
- When run without any saved sessions present, PSCP accidentally
tried to connect to port 0 in place of port 22.
- When exporting Ed25519 private keys in OpenSSH format, PuTTYgen
wrote out about 1/256 of all keys in an unreadable state.
- Terminal scrollback was sometimes corrupted so that it did not
match the text that had been on the screen before the scroll.
- The terminal was unable to display Unicode characters in the range
U+F000 to U+F1FF (part of the private-use area).
- In some edge cases of Windows maximise-by-dragging operations,
PuTTY would fail to recalculate the thickness of its window border,
and display text partly off the edge of its window.
- When dragging Windows PuTTY between two monitors with different DPI
settings, the window did not resize itself appropriately.
- When using the test operation 'plink -shareexists' to see if a
connection-sharing PuTTY was already open for a host, the upstream
PuTTY could accidentally terminate if 'plink -shareexists' happened
at just the wrong moment.
Enjoy using PuTTY!
--
for k in [pow(x,37,0x1a1298d262b49c895d47f) for x in [0x50deb914257022de7fff,
0x213558f2215127d5a2d1, 0x90c99e86d08b91218630, 0x109f3d0cfbf640c0beee7,
0xc83e01379a5fbec5fdd1, 0x19d3d70a8d567e388600e, 0x534e2f6e8a4a33155123]]:
print("".join([chr(32+3*((k>>x)&1))for x in range(79)])) # <ana...@pobox.com>
0 new messages