A.7.25 When I put PuTTY in C:\WINDOWS\SYSTEM32 on my 64-bit Windows system, ‘Duplicate Session’ doesn't work.The short answer is not to put the PuTTY executables in that location.
On 64-bit systems, C:\WINDOWS\SYSTEM32 is intended to contain only 64-bit binaries; Windows' 32-bit binaries live in C:\WINDOWS\SYSWOW64. When a 32-bit program such as PuTTY runs on a 64-bit system, it cannot by default see the ‘real’ C:\WINDOWS\SYSTEM32 at all, because the File System Redirector
arranges that the running program sees the appropriate kind of binaries in SYSTEM32. Thus, operations in the PuTTY suite that involve it accessing its own executables, such as ‘New Session’ and ‘Duplicate Session’, will not work. A.8.1 Is it safe for me to download PuTTY and use it on a public PC? It depends on whether you trust that PC. If you don't trust the public PC, don't use PuTTY on it, and don't use any other software you plan to type passwords into either. It might be watching your keystrokes, or it might tamper with the PuTTY binary you download. There is no program safe enough that you can run it on an actively malicious PC and get away with typing passwords into it.
If you do trust the PC, then it's probably OK to use PuTTY on it (but if you don't trust the network, then the PuTTY download might be tampered with, so it would be better to carry PuTTY with you on a USB stick).
A.8.2 What does PuTTY leave on a system? How can I clean up after it? PuTTY will leave some Registry entries, and a random seed file, on the PC (see question A.5.2
). If you are using PuTTY on a public PC, or somebody else's PC, you might want to clean these up when you leave. You can do that automatically, by running the command putty -cleanup. (Note that this only removes settings for the currently logged-in user on multi-user systems.) If PuTTY was installed from the installer package, it will also appear in ‘Add/Remove Programs’. Older versions of the uninstaller do not remove the above-mentioned registry entries and file.
A.8.3 How come PuTTY now supports DSA, when the website used to say how insecure it was? DSA has a major weakness if badly implemented: it relies on a random number generator to far too great an extent. If the random number generator produces a number an attacker can predict, the DSA private key is exposed - meaning that the attacker can log in as you on all systems that accept that key.
The PuTTY policy changed because the developers were informed of ways to implement DSA which do not suffer nearly as badly from this weakness, and indeed which don't need to rely on random numbers at all. For this reason we now believe PuTTY's DSA implementation is probably OK. However, if you have the choice, we still recommend you use RSA instead.
A.8.4 Couldn't Pageant use VirtualLock() to stop private keys being written to disk? Unfortunately not. The VirtualLock() function in the Windows API doesn't do a proper job: it may prevent small pieces of a process's memory from being paged to disk while the process is running, but it doesn't stop the process's memory as a whole from being swapped completely out to disk when the process is long-term inactive. And Pageant spends most of its time inactive.
A.9 Administrative questions