PuTTY: an SSH client for Windows
August 14, 2004
By Robert Thoelen III
Principal Software Engineer
RTCubed Consulting, LLC
For a few years, I've been following the development of PuTTY, a program that supports telnet, SSH, rlogin, and raw protocols. It provides a great interface for connecting to Unix servers from a Windows computer. I will be reviewing the development snapshot versions. I have found that they are stable enough to download and use, even though there is no guarantee that a snapshot version will work.
The necessity of using SSH
When I was in engineering school, I would routinely telnet back to my Linux computer in my dorm room. Things were going very well, until one day I found my computer not working properly. I looked into things a little more, and found files messed up and out of place, that I did not change. I spoke to a trusted friend about what was going on, and he suggested that my computer was hacked. Back in those days, the network mostly used hubs, and quite a bit of traffic was in the open and could be seen using a program like tcpdump. What probably happened was my telnet session was sniffed, and a hacker saw my username and password, and then proceeded to login and wreak havoc on my computer.
My friend recommended using OPIE, One Time Passwords In Everything. Maybe in a future article I'll cover that. I did use OPIE for the rest of my tenure at that school. OPIE works by issuing a challenge, which you must give a one-time response to. One the challenge is answered correctly and you are logged in, this response that was entered is no longer valid. A hacker sniffing the network cannot then use the password entered against you.
SSH works by first establishing an encrypted link, and then the username and password is sent. This is much easier to use than carrying a list of responses to challenges around. SSH has since become my secure method of remote access to UNIX systems. If you are still using telnet, you should stop immediately and install SSH. If you don't take that advice, you are really risking your systems being compromised.
Both SSH protocols are supported
Concern has been expressed by security experts on the internet that the SSH protocol with a version of 1, which uses RSA key pairs, may be subject to man-in-the-middle attacks. It is regarded by many as being inferior to version 2. I would recommend you set up your servers to accept connections from version 2 only. However, for servers not upgraded yet, or which have a good reason to stay with version 1, PuTTY will support those as well.
Proxy Options
PuTTY provides proxy options, so if you are behind a corporate firewall, you can potentially access machines outside where you work. This could be useful to administrate servers at home, or to access a free shell account from inside a company.
Port Tunneling
PuTTY gives you the ability to set up tunnels, through which you can access ports inside your network. This can be useful if you want to access a TCP/IP port, but do so with encryption. One example of this might be to access a VNC server on your local network, but to not have the VNC connection going over the internet in plain view. You could set up a local TCP port with PuTTY on 5905, and then direct it to an address and port inside your network, such as 192.168.0.50, port 5900. This would allow you to access the machine in your network by telling VNC viewer to connect to localhost:5. The possibilities and uses of tunneling are endless. Experiment, and you will find that many things that you could not access remotely suddenly become available with the power of SSH and PuTTY.
PuTTY is small
PuTTY is just one .exe file for Windows. That's right: no installation or large amounts of files to clutter your computer. This even means that if a machine is locked down to prevent installs from happening, chances are you can still make PuTTY execute and work. You could even put it on a tiny USB drive, and carry it with you in all the travels around your office.
Conclusion
PuTTY is the best solution for me when it comes to administration of my Unix servers. It is a small program, but provides so many features that you wouldn't expect to find in such a tiny package. I would encourage you to download it and give it a try. It sure beats using more expensive programs out there!
Related Links
August 14, 2004
By Robert Thoelen III
Principal Software Engineer
RTCubed Consulting, LLC
For a few years, I've been following the development of PuTTY, a program that supports telnet, SSH, rlogin, and raw protocols. It provides a great interface for connecting to Unix servers from a Windows computer. I will be reviewing the development snapshot versions. I have found that they are stable enough to download and use, even though there is no guarantee that a snapshot version will work.
The necessity of using SSH
When I was in engineering school, I would routinely telnet back to my Linux computer in my dorm room. Things were going very well, until one day I found my computer not working properly. I looked into things a little more, and found files messed up and out of place, that I did not change. I spoke to a trusted friend about what was going on, and he suggested that my computer was hacked. Back in those days, the network mostly used hubs, and quite a bit of traffic was in the open and could be seen using a program like tcpdump. What probably happened was my telnet session was sniffed, and a hacker saw my username and password, and then proceeded to login and wreak havoc on my computer.
My friend recommended using OPIE, One Time Passwords In Everything. Maybe in a future article I'll cover that. I did use OPIE for the rest of my tenure at that school. OPIE works by issuing a challenge, which you must give a one-time response to. One the challenge is answered correctly and you are logged in, this response that was entered is no longer valid. A hacker sniffing the network cannot then use the password entered against you.
SSH works by first establishing an encrypted link, and then the username and password is sent. This is much easier to use than carrying a list of responses to challenges around. SSH has since become my secure method of remote access to UNIX systems. If you are still using telnet, you should stop immediately and install SSH. If you don't take that advice, you are really risking your systems being compromised.
Both SSH protocols are supported
Concern has been expressed by security experts on the internet that the SSH protocol with a version of 1, which uses RSA key pairs, may be subject to man-in-the-middle attacks. It is regarded by many as being inferior to version 2. I would recommend you set up your servers to accept connections from version 2 only. However, for servers not upgraded yet, or which have a good reason to stay with version 1, PuTTY will support those as well.
Proxy Options
PuTTY provides proxy options, so if you are behind a corporate firewall, you can potentially access machines outside where you work. This could be useful to administrate servers at home, or to access a free shell account from inside a company.
Port Tunneling
PuTTY gives you the ability to set up tunnels, through which you can access ports inside your network. This can be useful if you want to access a TCP/IP port, but do so with encryption. One example of this might be to access a VNC server on your local network, but to not have the VNC connection going over the internet in plain view. You could set up a local TCP port with PuTTY on 5905, and then direct it to an address and port inside your network, such as 192.168.0.50, port 5900. This would allow you to access the machine in your network by telling VNC viewer to connect to localhost:5. The possibilities and uses of tunneling are endless. Experiment, and you will find that many things that you could not access remotely suddenly become available with the power of SSH and PuTTY.
PuTTY is small
PuTTY is just one .exe file for Windows. That's right: no installation or large amounts of files to clutter your computer. This even means that if a machine is locked down to prevent installs from happening, chances are you can still make PuTTY execute and work. You could even put it on a tiny USB drive, and carry it with you in all the travels around your office.
Conclusion
PuTTY is the best solution for me when it comes to administration of my Unix servers. It is a small program, but provides so many features that you wouldn't expect to find in such a tiny package. I would encourage you to download it and give it a try. It sure beats using more expensive programs out there!
Related Links