If you have a recent version of Windows, the copy of OpenSSH you get with Bash for Windows would be ideal, as you then use the same tools everyone else does eliminating the Putty specific setup and terminal emulation bugs Windows devs generally need to go through. If you really need to use it, stick with Putty, as even then you benefit from other people having the same setup steps and experience, and as such common issues are more likely to be resolved.
Side thought: why doesn’t Putty follow a more normal setup and configuration process, i.e. why does it have its own private key format and tooling around that instead of using standards?
On Windows I've switched to the Bitvise SSH Client. SFTP built-in, keygen and manager built in, RDP support (creates tunnel, spawns Remote Desktop client automatically).
Then again I'm not dealing with anything mission critical, so it not being open source doesn't bother me too much.
While it's not free, so IDK if it's acceptable to you, I highly recommend XShell and XFtp. They are so good, I even miss them under Lunux.
To be more specific, some features I like most.
1) Rich window layout options, very important for my comfort
2) Edit multiple connections at once
3) Group connections in folders
Compare for yourself. Only you know your workflow issues well enough to judge. PuTTY and WinSCP make a goood combo, and MobaXterm is okay, but I prefer and use SecureCRT. SecCRT has some competition I haven’t tried but it’s the best I’ve seen so far.
Most major seems to be this:
A malicious server could trigger a buffer overrun by abusing the
RSA key exchange protocol. This would happen before host key
verification, so even if you trust the server you intended to
connect to, you would still be at risk.
33 comments
[ 3.2 ms ] story [ 83.8 ms ] threadSide thought: why doesn’t Putty follow a more normal setup and configuration process, i.e. why does it have its own private key format and tooling around that instead of using standards?
See eg https://latacora.singles/2018/08/03/the-default-openssh.html (which is from 2018, but I think the weakness has been well known for a long time).
Just checked Windows 10 1803 and it appears to be installed by default on my work Windows machine. Nice!
Putty is ancient. It was perfectly normal c.1999.
Having a ~/.ssh/config file has been a lot easier to work with than PuTTY's list box of hosts, and I can share my config across my Linux & Mac boxes.
For serial port connections, PuTTY is fantastic. Thank you Simon!
Then again I'm not dealing with anything mission critical, so it not being open source doesn't bother me too much.
https://community.arm.com/developer/tools-software/tools/b/t...
Disabling the stack protector is a pretty big "wrinkle" in my opinion.
Most major seems to be this: A malicious server could trigger a buffer overrun by abusing the RSA key exchange protocol. This would happen before host key verification, so even if you trust the server you intended to connect to, you would still be at risk.