PuTTY: a free SSH and Telnet client
PuTTY is a free implementation of SSH and Telnet for Windows and Unix
platforms, along with an
xterm terminal emulator. It is
written and maintained primarily by
The latest version is 0.75. Download it here.
LEGAL WARNING: Use of PuTTY, PSCP, PSFTP and Plink is illegal in countries where encryption is outlawed. We believe it is legal to use PuTTY, PSCP, PSFTP and Plink in England and Wales and in many other countries, but we are not lawyers, and so if in doubt you should seek legal advice before downloading it. You may find useful information at cryptolaw.org, which collects information on cryptography laws in many countries, but we can't vouch for its correctness.
Use of the Telnet-only binary (PuTTYtel) is unrestricted by any cryptography laws.
2021-05-28 Cloudflare public DNS blocking PuTTY downloads
If you use some of Cloudflare's public DNS resolvers (126.96.36.199 or 188.8.131.52), you may find you can't download PuTTY at the moment.
The server that hosts the release files, the.earth.li, has been blocked since at least 22 May. We don't know why; Cloudflare's own categorisation of the site does not currently include any "security threat" tags.
If you're currently having trouble downloading PuTTY, check what DNS resolver you're using. If it's one of these, we suggest you use a different one.
2021-05-08 PuTTY 0.75 released
PuTTY 0.75, released today, provides major new features: deferred key decryption in Pageant, more secure SSH key fingerprints and SSH private key files, and some new network protocols for special purposes.
0.75 also contains a fix for a DoS vulnerability in the Windows terminal emulator, which allowed a malicious server to lock up all GUI Windows applications running on the client.
2021-04-18 Pre-releases of 0.75 now available
We're working towards a 0.75 release. Pre-release builds are available, and we'd appreciate people testing them and reporting any issues.
0.75 will be a feature release. The biggest changes all relate to Pageant and/or SSH public keys. User-visible behaviour changes include:
- Pageant now allows you to load a key without decrypting it, in which case it will wait until you first use it to ask for the passphrase.
- We've switched to the modern OpenSSH-style SHA-256 style of key fingerprint.
- We've added support for the
rsa-sha2-512signature methods, which some servers now require in order to use RSA keys.
- We've introduced a new version of the PPK format for private key files, to remove weak crypto and improve password-guessing resistance.
- We've introduced a new method for applications to talk to Pageant on Windows, based on the same named-pipe system used by connection sharing instead of window messages.
2020-11-22 Primary git branch renamed
The primary branch in the PuTTY git repository is now called
instead of git's default of
master. For now, both branch names
continue to exist, and are kept automatically in sync by a symbolic-ref on the
server. In a few months' time, the alias
master will be withdrawn.
To update a normal downstream clone or checkout to use the new branch name, you
can run commands such as ‘
git branch -m master main’ followed by
git branch -u origin/main main’.
2020-06-27 PuTTY 0.74 released
PuTTY 0.74, released today, is a bug-fix and security release. It fixes bugs in 0.73, including one possible vulnerability, and also adds a new configuration option to mitigate a minor information leak in SSH host key policy.
2019-09-29 PuTTY 0.73 released
PuTTY 0.73, released today, is a bug-fix release. It fixes a small number of bugs since 0.72, and a couple of them have potential security implications.
2019-07-20 PuTTY 0.72 released
PuTTY 0.72, released today, is a bug-fix release. It fixes a small number of further security issues found by the 2019 EU-funded HackerOne bug bounty, and a variety of other bugs introduced in 0.71.
2019-07-08 Bug bounty concluded
The EU-funded bug bounty programme is now closed. Many thanks to everybody who sent in reports!
Anyone with a vulnerability to report should now go back to reporting it in the old way, via email to the PuTTY team, as described on the Feedback page. If you think it needs to be reported confidentially, encrypt it with our Secure Contact Key.
2019-03-25 Bug bounty continues
This year's EU-funded bug bounty programme is still running. It was originally scheduled to end on 7th March, but there was money left over in the budget. So while that money lasts, you still have a chance to earn some by finding vulnerabilities in PuTTY 0.71 or the development snapshots!
As before, vulnerabilities should be reported through the HackerOne web site in order to qualify for a bounty: if you send reports directly to the PuTTY team in the usual way, then we'll still fix them, but we can't provide money for them.
2019-03-16 PuTTY 0.71 released
PuTTY 0.71, released today, includes a large number of security fixes, many of which were found by the recent EU-funded HackerOne bug bounty. There are also other security enhancements (side-channel resistance), and a few new features. It's also the first release to be built for Windows on Arm.
2019-01-18 EU bug bounty for finding vulnerabilities in PuTTY
From now until 7th March, you can earn money by reporting security vulnerabilities in PuTTY!
HackerOne is running a bug bounty programme for PuTTY, funded by the European Union as part of the ‘Free and Open Source Software Audit’ project (EU-FOSSA 2). If you report a vulnerability through their web site, it may qualify for a bounty. (The exact amount will depend on how serious the problem is, and there's also a bonus for providing a patch that fixes it.)
For more details, or if you have something to report, see the link above.
(Please note that HackerOne will only consider vulnerabilities reported to them. If you send a report directly to the PuTTY team in the usual way, then of course we'll still fix it, but we can't also arrange for you to get paid.)
2018-08-25 GPG key rollover
This week we've generated a fresh set of GPG keys for signing PuTTY release and snapshot builds. We will begin signing snapshots with the new snapshot key, and future releases with the new release key. The new master key is signed with the old master keys, of course. See the keys page for more information.
2017-07-08 PuTTY 0.70 released, containing security and bug fixes
PuTTY 0.70, released today, fixes further problems with Windows DLL hijacking, and also fixes a small number of bugs in 0.69, including broken printing support and Unicode keyboard input on Windows.
- Licence conditions under which you may use PuTTY.
- The FAQ.
- The documentation.
- Subscribe to the PuTTY-announce mailing list to be notified of new releases.
- Feedback and bug reporting: contact address and guidelines. Please read the guidelines before sending us mail; we get a very large amount of mail and it will help us answer you more quickly.
- Changes in recent releases.
- Wish list and list of known bugs.
- Links to related software and specifications elsewhere.
- A page about the PuTTY team members.
If you want to comment on this web site, see the Feedback page.
(last modified on Sun May 30 00:43:07 2021)