[cryptography] PuTTY 0.61 (ssh-keys only and EKE for web too (Re: preventing protocol failings))

Marsh Ray marsh at extendedsubset.com
Wed Jul 13 13:11:11 EDT 2011

I normally wouldn't post about any old software release, but with the 
recent discussion of SSH and authentication these release notes from 
PuTTY seem appropriate.

- Marsh

> It's been more than four years since 0.60 was released, and we've had
> quite a lot of email asking if PuTTY was still under development, and
> occasionally asking if we were even still alive. Well, we are, and it
> has been! Sorry about the long wait.
> New features in 0.61 include:
>  - Support for SSH-2 authentication using GSSAPI, on both Windows and
>    Unix. Users in a Kerberos realm should now be able to use their
>    existing Kerberos single sign-on in their PuTTY SSH connections.
>    (While this has been successfully deployed in several realms, some
>    small gaps are known to exist in this functionality, and we would
>    welcome further testing and advice from Kerberos experts.)

>  - On Windows: PuTTY's X11 forwarding can now authenticate with the
>    local X server, if you point it at an X authority file where it can
>    find the authentication details. So you can now use Windows PuTTY
>    with X forwarding and not have to open your X server up to all
>    connections from localhost.

>  - A small but important feature: you can now manually tell PuTTY the
>    name of the host you expect to end up talking to, in cases where
>    that differs from where it's physically connecting to (e.g. when
>    port forwarding). If you do this, the host key will be looked up
>    and cached under the former name.

>  - Assorted optimisation and speedup work. SSH key exchange should be
>    faster by about a factor of three compared to 0.60; SSH-2
>    connections are started up in a way that reduces the number of
>    network round trip delays; SSH-2 window management has also been
>    revised to reduce round trip delays during any large-volume data
>    transfer (including port forwardings as well as SFTP/SCP).

>  - Support for OpenSSH's security-tweaked form of SSH compression (so
>    PuTTY can now use compression again when talking to modern OpenSSH
>    servers).

More information about the cryptography mailing list