Home
|
FAQ
|
Feedback
|
Licence
|
Updates
|
Mirrors
|
Keys
|
Links
|
Team
Download:
Stable
·
Snapshot
|
Docs
|
Changes
|
Wishlist
This page lists the implications of using PuTTY for your privacy and personal data. (As of 2024-04 this has apparently become a requirement for having PuTTY in the Windows Store.)
When you use PuTTY, it stores a small amount of information on your computer, necessary for doing its own job. This information is stored in the user account of the user who runs PuTTY, so it is under your control (you can find it and change or delete it). PuTTY does not transmit it to any other site.
However, you may need to be aware of the fact that it is stored on your computer. (For example, somebody else accessing your computer might be able to find a list of sites you have connected to, if you have saved details of them.)
If you use the SSH protocol, then PuTTY stores a list of the SSH servers you have connected to, together with their host keys. This is known as the "host key cache". It is used to detect network attacks, by notifying you if a server you've connected to before doesn't look like the same one you thought it was.
The host key cache is optional. An entry is only saved in the host key cache if you select the "Accept" action at one of the PuTTY suite's host key verification prompt. If you want there to be no trace of a connection you've made, you are free to press "Connect Once" instead, and take your own steps to detect host key substitution in future.
The host key cache is only used by SSH. No other protocol supported by PuTTY has any analogue of it.
After you set up PuTTY's configuration for a particular network connection, you can choose to save it as a "saved session", so that you can make the same connection again later without having to re-enter all the details.
PuTTY will not do this unless you use the "Save" button in its configuration box. If you want there to be no trace of a connection you make, you can avoid saving the configuration for that connection, and instead re-enter the details by hand every time you do it.
PuTTY can be configured to save a log file of your entire session to the computer you run it on. By default it does not do so.
If the logging feature is enabled, then by default PuTTY will avoid saving data in the log file that it knows to be sensitive, such as passwords. However it cannot reliably identify all passwords. If you use a password for your initial login to an SSH server, PuTTY knows that is a password and will omit that from the log, but if after login you type a password into an application on the server, then PuTTY will not know that it is a password, so it may be saved in a log file.
PuTTY can also be configured to include passwords in its log files. This is intended for debugging purposes, for example if a server is refusing your password and you need to check whether the password is being sent correctly. We do not recommend enabling this option routinely.
PuTTY stores a small file of random bytes, which is reloaded the next time it is run and used to seed its random number generator. These bytes are meaningless and random, and do not contain an encrypted version of anything.
PuTTY is a communications tool. Its purpose is to connect to another computer, over a network or a serial port, and send information. However it only makes the network connections that its configuration instructs it to.
No PuTTY tool will “phone home” to any site under the control of us (the development team), or to any other site apart from the destination host or proxy host in its configuration.
No information about your network sessions, and no information from the computer you run PuTTY on, is collected or recorded by the PuTTY developers.
Information you provide to PuTTY (via keyboard input, the command line, or files loaded by the file transfer tools) is sent to the server that PuTTY's configuration tells it to connect to. It is not sent anywhere else.
When you log in to a server, PuTTY will send your username. If you use a password to authenticate to the server, PuTTY will send it that password as well. (So the server will know what your password is, which is a risk if you've used the same password on any other server.)
If you use an SSH private key to authenticate, PuTTY will send the public key, but not the private key. If you typed a passphrase to decrypt the private key, PuTTY will not send the passphrase either.
When PuTTY prompts for a private key passphrase, a small copy of the PuTTY icon appears to the left of the prompt, to indicate that the prompt was genuinely from PuTTY. (We call this a 'trust sigil'.) That icon never appears next to text sent from the server. So if a server tries to mimic that prompt to find out your passphrase, it won't be able to fake that trust sigil, and you can tell the difference.
If you're running Pageant, and you haven't configured a specific public key to authenticate to this server, then PuTTY will try all the keys in Pageant one after the other, sending each public key to the server to see if it's acceptable. This can lead to the server finding out about other public keys you own. However, if you configure PuTTY to use a specific public key, then it will ignore all the other keys in Pageant.
Once you have logged in, keystrokes you type in the PuTTY terminal window are sent to the destination host. That is PuTTY's primary job.
The server can request PuTTY to send details of mouse movements in the terminal window, in order to implement mouse-controlled user interfaces on the server. If you consider this to be a privacy intrusion, you can turn off that terminal feature in the Features configuration panel ("Disable xterm-style mouse reporting").
The operation of a PuTTY network tool is controlled by its configuration. This configuration is obtained from:
The defaults built in to PuTTY do not tell it to save log files, or specify the name of any network site to connect to.
If PuTTY has been installed for you by somebody else, such as an organisation, then that organisation may have provided their own default configuration. In that situation you may wish to check that the defaults they have set are compatible with your privacy needs. For example, an organisation providing your PuTTY configuration might configure PuTTY to save log files of your sessions, even though PuTTY's own default is not to do so.