Mirrors | Updates | Feedback | Changes | Wishlist | Team
PuTTY is a free implementation of Telnet and SSH for Windows and Unix
platforms, along with an
xterm terminal emulator. It is
written and maintained primarily by
The latest version is beta 0.64.
LEGAL WARNING: Use of PuTTY, PSCP, PSFTP and Plink is illegal in countries where encryption is outlawed. I believe it is legal to use PuTTY, PSCP, PSFTP and Plink in England and Wales and in many other countries, but I am not a lawyer and so if in doubt you should seek legal advice before downloading it. You may find this site useful (it's a survey of cryptography laws in many countries) but I can't vouch for its correctness.
Use of the Telnet-only binary (PuTTYtel) is unrestricted by any cryptography laws.
2015-05-19 Malware pretending to be PuTTY
A Symantec blog post warns that a trojaned copy of PuTTY has been detected in the wild. Fortunately, it's easily recognisable by its version identification ("Unidentified build, Nov 29 2013 21:41:02"). If you've encountered this version, we suggest you treat any machine that's run the malicious version as potentially compromised, change any passwords that might have been stolen, and resecure the accounts they protect.
2015-04-19 PuTTY detected as malware
We've had several reports recently of anti-virus software reporting PuTTY as malware (under a wide variety of names, often generic). This affects the latest release (0.64) and also the development snapshots (particularly puttygen.exe).
We believe these are false positives. In those cases where we've been able to contact the vendor (McAfee, Symantec, ClamAV), they have removed the detection.
However, most vendors' false-positive response is to whitelist specific binaries. While this will resolve detections of the 0.64 release, expect detections to recur with the development snapshots, which are built daily.
We've had no success requesting AV software vendors to perform more in-depth analysis. If this is causing trouble for you, and you have a support contract with your AV vendor, please query the detection with them directly.
2015-02-28 PuTTY 0.64 released, fixing a SECURITY HOLE
PuTTY 0.64, released today, fixes a security hole in 0.63 and before: private-key-not-wiped-2. Also diffie-hellman-range-check has been argued to be a security hole. In addition to these and other less critical bug fixes, 0.64 also supports the major new feature of sharing an SSH connection between multiple instances of PuTTY and its tools, and a command-line and config option to specify the expected host key(s).
2015-02-28, 15:43 UTC: Apparently the build initially uploaded to the website as 0.64 was in fact built from the wrong branch and didn't have those fixes in. Sorry again! Teething trouble from last year's migration to git. A new 0.64 is now up in its place. You can identify the wrong build by the fact that the list box in the SSH > Kex config panel includes the option "ECDH key exchange", which is a post-0.64 feature that should not be in the real 0.64. The correct 0.64 should not have that option.