SSH Settings

SSH Settings

Reference > Connections > Terminal (PuTTY) >


The SSH Settings page allows you to configure settings specific for SSH connections.



Specify an MD5-based host key fingerprint of the form displayed in PuTTY's Event Log and host key dialog box or a base64-encoded blob describing an SSH-2 public key in OpenSSH's one-line public key format. Pre-populating the fingerprint can be helpful when connecting through SSH tunnels, proxy servers or secure gateways.


SSH Remote Command
In SSH, you don't have to run a general shell session on the server. Instead, you can choose to run a single specific command (such as a mail user agent, for example).


Preferred Protocol Version

PuTTY will attempt to use protocol 1 if the server you connect to does not offer protocol 2, and vice versa.

If you select ‘1 only’ or ‘2 only’ here, PuTTY will only connect if the server you connect to offers the SSH protocol version you have specified.


Don't Start a Shell or Command
If checked, a session is started but without a pseudo-terminal.


Enable Compression
This enables data compression in the SSH connection. This can help make the most of a low-bandwidth connection.



Encryption Cipher Policy
When you make an SSH connection, PuTTY will search down the list from the top until it finds an algorithm supported by the server, and then use that. If the algorithm PuTTY finds is below the ‘warn below here’ line, you will see a warning box when you make the connection.


Enable Legacy Single-DES (SSH-2)

Single-DES is not recommended in the SSH 2 draft protocol standards, but one or two server implementations do support it.



Key Exchange Algorithm Policy

PuTTY supports a variety of SSH-2 key exchange methods, and allows you to choose which one you prefer to use. If the first algorithm PuTTY finds is below the ‘warn below here’ line, you will see a warning box when you make the connection.


Max Minutes before Rekey

Configure the timespan between rekey attempts. Set to 0 to disable rekey.


Max Data before Rekey

Use 1M for 1 megabyte, 1G for 1 gigabyte, etc.



Bypass Authentication (SSH-2)

In SSH-2, it is possible to establish a connection without using SSH's mechanisms to identify or authenticate oneself to the server.


Display Pre-Authentication Banner (SSH-2)

SSH-2 servers can provide a message for clients to display to the prospective user before the user logs in.


Attempt Authentication using Pageant

If this option is enabled, then PuTTY will look for Pageant (the SSH private-key storage agent) and attempt to authenticate with any suitable public keys Pageant currently holds.


Attempt TIS or CryptoCard Authentication (SSH-1)

TIS and CryptoCard authentication are (despite their names) generic forms of simple challenge/response authentication available in SSH protocol version 1 only.


Attempt Keyboard-Interactive Authentication (SSH-2)

The SSH-2 equivalent of TIS authentication is called ‘keyboard-interactive’.


Allow Agent Forwarding

This option allows the SSH server to open forwarded connections back to your local copy of Pageant. If you are not running Pageant, this option will do nothing.


Allow attempted Changes of Username (SSH-2)

The SSH-2 protocol does allow changes of username, in principle, but does not make it mandatory for SSH-2 servers to accept them. If you know your server can cope with it, you can enable this option.



Attempt GSSAPI Authentication (SSH-2)

If it is enabled, GSSAPI authentication will be attempted, and (typically) if your client machine has valid Kerberos credentials loaded, then PuTTY should be able to authenticate automatically to servers that support Kerberos logins.


Allow GSSAPI Credential Delegation

If you enable this option, then not only will PuTTY be able to log in automatically to a server that accepts your Kerberos credentials, but also you will be able to connect out from that server to other Kerberos-supporting services and use the same credentials just as automatically.


GSSAPI Library Order

Configure the preferred order of GSSAPI libraries.


User-Supplied GSSAPI Library

Specify a custom GSSAPI library (DLL).



Don't Allocate a Pseudo Terminal

Occasionally you might find you have a need to run a session not in a pseudo-terminal.



Enable X11 Forwarding

Check to enable X11 forwarding for this connection.


X Display Location

The ‘X display location’ box is blank by default, which means that PuTTY will try to use a sensible default such as :0, which is the usual display location where your X server will be installed.


X11 Authentication Protocol

Configure the X11 authentication protocol.


X Authority File for Local Display

Specify a X authentication file for the local display.