PuTTY 是一個開源的 SSH 客戶端, 除了 SSH 外, 也支援 Telnet 及 Rlogin 等多種通訊協定, 是 Windows 十分熱門的 SSH 客戶端, 除了 Windows 版外, 也提供 Linux 版。
PuTTY 對上一個版本 0.70 已經是 2017 年 7 月 8 日釋出, 至今相隔近兩年, 得到歐盟 HackerOne 資助終於發佈了新版 PuTTY 0.71, 新版本主要是修復大量的安全問題。
根據 PuTTY 0.71 的 changelog, 以下是新版本的主要更新:
Security fixes found by an EU-funded bug bounty programme:
a remotely triggerable memory overwrite in RSA key exchange, which can occur before host key verification
potential recycling of random numbers used in cryptography
on Windows, hijacking by a malicious help file in the same directory as the executable
on Unix, remotely triggerable buffer overflow in any kind of server-to-client forwarding
multiple denial-of-service attacks that can be triggered by writing to the terminal
Other security enhancements: major rewrite of the crypto code to remove cache and timing side channels.
User interface changes to protect against fake authentication prompts from a malicious server.
We now provide pre-built binaries for Windows on Arm.
Hardware-accelerated versions of the most common cryptographic primitives: AES, SHA-256, SHA-1.
GTK PuTTY now supports non-X11 displays (e.g. Wayland) and high-DPI configurations.
Type-ahead now works as soon as a PuTTY window is opened: keystrokes typed before authentication has finished will be buffered instead of being dropped.
Support for GSSAPI key exchange: an alternative to the older GSSAPI authentication system which can keep your forwarded Kerberos credentials updated during a long session.
More choices of user interface for clipboard handling.
New terminal features: support the REP escape sequence (fixing an ncurses screen redraw failure), true colour, and SGR 2 dim text.
Pressing Ctrl+Shift+PgUp or Ctrl+Shift+PgDn now takes you straight to the top or bottom of the terminal scrollback.
以下是 PuTTY 的官網下載連結: