Simple PuTTY Usability Tweaks

From the respective web page, visitors learn that PuTTY “is an SSH and telnet client, developed originally by Simon Tatham for the Windows platform. PuTTY is open source software that is available with source code and is developed and supported by a group of volunteers.”

While SSH and telnet are directly supported in Linux systems, SSH is not well supported in Windows. PuTTY provides a pointy-clicky way to use those tools in Windows.

We have some Windows systems installed at work. As we are working toward migrating systems to Linux, providing familiar cross-platform tools to workers is important. PuTTY is supported in Linux systems although direct usage of SSH and telnet typically are preferred.

Often I observe co-workers using PuTTY. Silly as this might sound, nobody knew how to fix several quirks with PuTTY and nobody tried. I dug into the issues.

Saving Configuration Changes

To save configuration changes in PuTTY, make all desired changes. In the PuTTY configuration options, select Session. In Load, save or delete a stored session, select the desired Saved Sessions and then select the Save button. This works for the Default Settings session too.

Saved Sessions

Some changes used when accessing various devices might not be preferable for all use cases. PuTTY allows saving different configuration changes as a Saved Session. Before accessing a device, be sure to Load the respective Saved Session to ensure the correct configuration is used.

Host Key Warning

The first time PuTTY is used to connect to a system with SSH, PuTTY will display a warning dialog that the hostname key is not cached. This warning is a security precaution to avoid spoofing. This is a normal message.

Selecting Accept stores the SSH fingerprint in the Windows registry at HKEY_CURRENT_USER\SoftWare\SimonTatham\PuTTY\SshHostKeys. A similar message appears when using SSH in a Linux system. On a Linux system the fingerprint is stored in the user’s $HOME/.ssh/known_hosts file.

With either operating system, should an SSH server be modified or replaced the system’s SSH fingerprint will change and the message will reappear.

Deleting a stored fingerprint in PuTTY requires editing the registry. Removing a fingerprint with a Linux system requires using a text editor to delete the respective entry in the known_hosts file.

Line Fonts

Sometimes the PuTTY interface does not correctly negotiate the terminal window emulation, such as with embedded systems with old firmware. The terminal window will display menus with text characters rather than line fonts. Just a bunch of qqqqqqq characters rather than line fonts.

To correct the display, do not use the default UTF-8 encoding. In the PuTTY configuration options, select Window->Translation and for the Remote character set select CP1252 or Win1252.

Terminal Font Size

The default terminal window font size is small. Software developers seem keen on continuing this usability flaw. The font size can be changed to improve readability. On the Windows version of PuTTY, select Window->Appearance and in the Font settings select the Change button. On a Windows system the Lucida Console font at 14-point works nicely on a laptop. On a desktop monitor a larger size might be preferable.

On the Linux version of PuTTY, select Window->Fonts. The Terminus or Liberation Mono fonts both work well.

Diffie-Hellman Group 1

Because of weak security, the Diffie-Hellman Group 1 key exchange method is deprecated by the SSH developers. With old systems that are no longer updated, especially embedded systems, the firmware is not updated and the SSH session key exchange negotiation will still use Diffie-Hellman Group 1.

With recent versions of PuTTY, there will be a related warning dialog. This dialog can be disabled. In the PuTTY configuration options, select SSH->Kex. In Algorithm selection policy move the Diffie-Hellman group 1 policy to above the --warn below here-- delimiter.

With Linux systems, edit /etc/ssh/ssh_config or the user’s $HOME/.ssh/config and add KexAlgorithms diffie-hellman-group1-sha1.

Yes, although SSH and telnet are well supported in Linux, with our migration strategy I am installing PuTTY on the desktop. Computers are tools.

Posted: Category: Tutorial, Usability Tagged: General

Next: V2P and Encryption — 1

Previous: Migrating a Business to Linux — 1