If you set this option to ‘Auto’ (the default), PuTTY will do something it considers appropriate for each type of proxy. Telnet, HTTP, and SOCKS5 proxies will have host names passed straight to them; SOCKS4 proxies will not. Note that if you are doing DNS at the proxy, you should make sure that your proxy exclusion settings (see section 4.15.2
) do not depend on knowing the IP address of a host. If the name is passed on to the proxy without PuTTY looking it up, it will never know the IP address and cannot check it against your list. The original SOCKS 4 protocol does not support proxy-side DNS. There is a protocol extension (SOCKS 4A) which does support it, but not all SOCKS 4 servers provide this extension. If you enable proxy DNS and your SOCKS 4 server cannot deal with it, this might be why.
4.15.4 Username and password If your proxy requires authentication, you can enter a username and a password in the ‘Username’ and ‘Password’ boxes. Note that if you save your session, the proxy password will be saved in plain text, so anyone who can access your PuTTY configuration data will be able to discover it. Authentication is not fully supported for all forms of proxy:
•Username and password authentication is supported for HTTP proxies and SOCKS 5 proxies.
oWith SOCKS 5, authentication is via CHAP if the proxy supports it (this is not supported in PuTTYtel); otherwise the password is sent to the proxy in plain text. oWith HTTP proxying, the only currently supported authentication method is ‘basic’, where the password is sent to the proxy in plain text. •SOCKS 4 can use the ‘Username’ field, but does not support passwords.
•You can specify a way to include a username and password in the Telnet/Local proxy command (see section 4.15.5
). 4.15.5 Specifying the Telnet or Local proxy command If you are using the Telnet proxy type, the usual command required by the firewall's Telnet server is connect, followed by a host name and a port number. If your proxy needs a different command, you can enter an alternative here. If you are using the Local proxy type, the local command to run is specified here. In this string, you can use \n to represent a new-line, \r to represent a carriage return, \t to represent a tab character, and \x followed by two hex digits to represent any other character. \\ is used to encode the \ character itself.
Also, the special strings %host and %port will be replaced by the host name and port number you want to connect to. The strings %user and %pass will be replaced by the proxy username and password you specify. The strings %proxyhost and %proxyport will be replaced by the host details specified on the Proxy panel, if any (this is most likely to be useful for the Local proxy type). To get a literal % sign, enter %%.
If a Telnet proxy server prompts for a username and password before commands can be sent, you can use a command such as:
%user\n%pass\nconnect %host %port\n
This will send your username and password as the first two lines to the proxy, followed by a command to connect to the desired host and port. Note that if you do not include the %user or %pass tokens in the Telnet command, then the ‘Username’ and ‘Password’ configuration fields will be ignored.
The Telnet panel allows you to configure options that only apply to Telnet sessions.