PuTTY has a new website
222 comments
·August 16, 2025thristian
ahmedfromtunis
The first link I get when I searched for "putty" was `putty.org` which, according to the footer: "The PuTTY project or its authors have never owned this domain, registered it, or purchased it."
Nevertheless, I can't consider relying on probabilistic algorithms controlled by 3rd parties to be a wise strategy.
Also, these days, after decades of habit building and a rise in awareness about scam-related stuff, I think people expect to see the name of the project early on in the URL, not in 7th position as it is currently.
sambull
> I can't consider relying on probabilistic algorithms controlled by 3rd parties to be a wise strategy.
That's pretty much all of the AI industry and clients.
nicce
Pretty much how the whole world works and why ads are multi-trillion dollar business.
swah
My first 3 matches are https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.ht..., https://www.putty.org/ and https://www.chiark.greenend.org.uk/~sgtatham/putty/
JdeBP
putty.org's page ranking used to be higher.
* https://hachyderm.io/@simontatham/115027646348662282
I suspect that the recent kerfuffle motivated people to finally clean out bogus hyperlinks that casually listed putty.org as the download site, which would have been contributing to inflated page rank up to that point. I found one on a wiki and fixed it, myself, and I'm sure that I was not the only person who went looking.
pandemic_region
Assuming he owns the green end.org.uk domain, why not letting people land on putty.greenend.org.uk ?
1970-01-01
Google.com > putty > I'm feeling lucky > https://www.chiark.greenend.org.uk/~sgtatham/putty/
whoamii
Should’ve used a goo.gl short link. ;)
hammock
I barely know what SSH keys are, but last week when I was asked to provide one for an stfp site at work they said create a pair using putty.
Well I googled putty and found a couple different .org domains, one who which said it was legit but not official, and another which said it was official but looked wildly out of date.
Neither one I could find a download for Mac that worked. The one I tried gave a scary “we no longer allow putty sudo access as it’s dangerous” and when I googled this error I could find no explanation to assuage me.
And since I wanted to make sure what I was doing was legit, I searched for alternatives.
Eventually I discovered I could use command line in mac to generate the keys I needed. But first I installed Xcode then ran the command (I used chatgpt to tell me exactly how to get the type and length I needed). It was easy.
Side note, the whole culture of downloading random software and using it with just a single line in a terminal is always sketchy to me too. But I’m not a coder so I’m not used to it.
lanyard-textile
It is sketchy. :) Your intuition is correct.
The idea is that you will need to put some trust in the project anyway, since you’re trying to install it. Might as well make it easier with a one line install.
Edit: You should only do this if someone reliable tells you to, honestly. Doing this with truly random projects you aimlessly find is not a good idea.
ok_computer
If you hadn’t discovered this already with you mac CLI commands, OpenSSH from OpenSSL ‘ssh-keygen’ command is a good way to create SSH keys in ClI and ships in many OSes or is a lightweight download. The OpenSSL website name is unambiguous, which is a benefit.
https://docs.github.com/en/authentication/connecting-to-gith...
rezonant
Unfortunately the person who owns putty.org started to use it to spread misinformation about vaccines and the pandemic, as you can see on the site today.
This recently [1][2] got a lot of attention on the web and here on HN, along with a post on Mastodon from the author [3]
I imagine trying to disincentivize this and provide another shorter more official looking link is the hope here.
[1] https://www.theregister.com/2025/07/17/puttyorg_website_cont...
teaearlgraycold
> Since 2020 I have been speaking out against the fraudulent pandemic and the intentionally dangerous injections and my experience has been to have been censored and smeared. If you have not heard of me before, that's the reason.
One weird trick to make your insignificance seem significant!
1970-01-01
Hilarious how putty.org hasn't been updated, and still has a FINAL WARNING video on the landing page.
Extrapolated to the present time, all of us vaccinated individuals are now suffering the big consequences.
Too bad all nutjobs aren't so easy to disprove by simply taking a single large breath. :)
nailer
[flagged]
zettabomb
Argument from authority is not particularly strong. The information on putty.org is considered misinformation by the vast majority of professionals in the field of infectious diseases.
falleng0d
[dead]
perching_aix
What's the problem with them sharing they find it unfortunate?
Hackbraten
That’s not how discourse works imho. Yeadon is making extraordinary claims, so the burden of explaining and backing up those claims should be on them, not on us. Until they do, there’s no point in addressing their concerns.
zo1
This seems similar to the Notepad++ team using their platform to promote political viewpoints.
The same thing happened with Facebook "pages", when they became a personal "soap box" by the owner of the page. It was downhill from there... You might as well turn the whole web into FB/Twitter/X/Insta promotional spam at that point.
kryptiskt
It's not at all similar, and that doesn't have anything to do with the quality or lack thereof of the viewpoints.
The Notepad++ site is run by the authors and reflects their stance. Putty.org is run by an outside party who hijacks the reputation of the PuTTY project to push their agenda.
rokkamokka
It's one thing to say "stand with Ukraine", and an entirely different thing to spread vaccine misinformation...
SnuffBox
[flagged]
josephcsible
This seemed suspicious at first, but https://www.chiark.greenend.org.uk/~sgtatham/putty/ (the original official site) confirms it's real.
dcrazy
First thing I thought of was JiaTan75’s pushing of a new website for XZ.
ChrisArchitect
Wow the way the new page text was written still had me guessing.
Maybe just call this the Future Home of Putty or something with a big link to the official page.
I suppose word will get around pretty fast but still.
pharrington
The man himself also posted about it on his social media https://hachyderm.io/@simontatham/115025974777386803
RainyDayTmrw
As much as I like fedi, it does make it hard to understand which user on which instance is the correct one.
pferde
Luckily, fediverse has an account-to-website verification feature, see https://joinmastodon.org/verification . Mr. Tatham's account on hachyderm.io uses it, so we can be reasonably certain that it's the correct account for him.
throaway920181
Cool, but hachyderm.io also is not a trusted/recognizable domain for me. Trust issues all the way down!
andrewflnr
It's definitionally the correct domain for Simon Tatham's social media. What are you expecting here?
jachee
So… what would be a trusted domain, for you, then?
horizion2025
Hi that sad. I remember years ago sitting with a colleague and we had to download putty. Then we found the usual page. There is always the concern if it is legit or a fake site with malware. But I remember my colleague saying "it has to be genuine, only a computer scientist could make such a primitive web site"
dlcarrier
Simon Tatham's most important work is keeping its page:
https://www.chiark.greenend.org.uk/~sgtatham/puzzles/
Try Mines, you never have to guess.
bayindirh
That's a great variation of the game. Thanks for sharing the page. It's a gem!
ycuser2
I love these kind of webpages with little programs to discover.
vovavili
This is a perfect version of the game, nice.
zvr
The first thing I install in every Android device.
MortyWaves
Ever since Windows gained Terminal and OpenSSH, my usage of Putty has almost entirely ceased except for serial for embedded systems work.
Then I realised Putty ships with a CLI version which I now use in Terminal for accessing serial.
throaway920181
I haven't used Putty since I stopped using Windows for anything serious (in the early 00s.) It was my favorite quick and dirty SSH and serial client before then though!
sshine
I have to say, I liked SecureCRT a lot, too.
PuTTY was just easier to get ahold of on a new install.
I think that's why it won out for me. That and its simplicity.
ZYbCRq22HbJ2y7
I always used mingw and similar projects. IMO, putty was always annoying (but very useful) software. The "ecosystem" seems better now though.
MortyWaves
Indeed, that and “git bash” were always the weird outliers. I’m glad there’s now native options.
ZYbCRq22HbJ2y7
mingw predates git on windows (and in general), but yeah, indeed.
interesting to scan the log on that: https://github.com/git-for-windows/build-extra/blob/main/Rel...
Helmut10001
I don't trust Windows with my SSH keys. Since about 2 years, I am actively preparing my final migration to Linux. There's some Windows software left that I need to replace before this move is possible, but I am close.
Bender
I agree with you and just wanted to add that for what it's worth one can optionally limit where ssh keys are useful by adding network restrictions on the public key / server side. e.g.
grep AuthorizedKeysFile /etc/ssh/sshd_config
AuthorizedKeysFile /etc/ssh/keys/%u
cat /etc/ssh/keys/bender
from="[192.redacted]/24,[redacted]/20" ssh-ed25519 AAAAC[snip...] comment
or wherever your system is configured to look for public keys, typically /home/username/.ssh/id_dsa.pub. I use a different location. Even being really broad like adding a /16 or /8 for a home ISP is still better than allowing the entire internet. This can also be useful where machine-to-machine ssh keys are utilized one can limit the access to that network so that should keys leak the potential blast radius of damage is reduced. For example, the keys for an Ansible account can be restricted to the Primary/Secondary Ansible server IP addresses or at very least the CIDR block(s) of the network(s) they reside in. Broad restrictions are not perfect but perfect is the enemy of good or good enough.Example use case would be that lets say a contractor from Microsoft tries one of your keys. Your restriction limits the key validity to 24.0.0.0/8 and they are coming from 207.0.0.0/8. They will be denied Authentication refused and you now have log entries that can be shared with their fraud department, the world, whomever. Obviously the tighter the restrictions the better, at the risk of requiring a static IPv4 or IPv6 address if too tight. One can always have lighter restrictions on a fall-back account that requires additional hoops to sudo / doas / su.
gregoryl
Just pull the trigger. A surprisingly large amount of software just works on wine.
I'm a c# dev with near 20 years experience, and I finally got the shits with advertising in the start menu. Arch Linux, because I figured why not do it properly?
I game a fair bit, and find most things on steam just work.
samuell
Wine can be a bit of a headache if you are on a couple year older distro as it can make it harder to install newer Wine versions.
But I found that the Bottles project pretty much solves this, by installing everything in some kind of sandboxed environment:
https://github.com/bottlesdevs/Bottles
Has worked wonderfully for the few cases where plain Wine failed.
magnat
> I'm a c# dev with near 20 years experience
Which IDE do you use? JetBrains Rider?
mystifyingpoi
Is such paranoia warranted? Millions of corporate laptops run Windows 11 just fine. I know M$ is evil and spying on you, but not to such degree.
miahi
Having a Windows 11 corporate laptop with a domain/Entra login, I actually trust it more than a home Windows 11 with a Microsoft account. Because if I lock myself out, I have a contact (corporate support) that is actually interested in helping me recover everything. With a Microsoft account it's a mess. I had so many problems with Microsoft accounts that I lost count of how many I have, and most are broken in some way, because of different issues and different service integrations over time. The Skype account is now useless. I never recovered my paid Minecraft account after one event. With a machine with a local account, now I have to be very careful on what I click related to MS accounts, because trying to solve various issues with Teams, I managed to get the local account linked with that MS account. I spent hours trying to recover a different account after I randomly filled one nagging question about birth date - who wants to give the real birth date to Microsoft - and then I got locked out because I said was underage :). So yes, one of the big issues is the push to have a linked OS account where you have to rely on MS support to solve your issues, otherwise you basically get locked out of your machine and other things you paid for.
Also, domain policies offer more control over the corporate PCs (this is how some of the MS spying is shut off on corporate PCs; it's debatable if the corporate spying added by other domain policies is an improvement).
JdeBP
I recently, by playing around with the LAN's default PAC file and a dummy HTTP server, discovered that on a machine that says in System Settings that Proxy Auto-Discovery is turned off, the PAC file is still fetched and used by a too-large number of Microsoft/Google background auto-update services, from Windows Update to Office.
* https://mastodonapp.uk/@JdeBP/114693762493884550
I had been lucky through having done my own experimentation, decades ago, with setting up a default PAC file on the LAN and having left it in just-send-everything-directly mode, keeping it as I upgraded things on the LAN, all of these years. Because otherwise I would have been vulnerable to a third-party in the search path for years, on a machine that clearly and unequivocally, including per direct inspection of the setting in the registry, has this switched off.
* https://jdebp.uk/FGA/web-browser-auto-proxy-configuration.ht...
sshine
> Is such paranoia warranted? Millions of corporate laptops run Windows 11 just fine.
Yes. With Windows Recall data mining surveillance screenshots taken every 5-7 seconds, completely disregarding if this may compromise your security, safety or privacy, we move from "you're the product" to "you're a pet in a zoo, and we want to learn from your behavior."
> I know M$ is evil and spying on you, but not to such degree.*
I mean, they could be recording every second.
I'm pretty sure that's a bandwidth issue.
Not because they really feel like giving you 3-4 second pockets of security, safety and privacy.
chneu
I don't trust microsoft to not push an update that exposes all my stuff. Their updates the last few years have been an absolutely shitshow in so many regards.
nine_k
Why replace it? Wine works fine.
malux85
Can you tell us which software? (Even if it’s very niche) I’m really curious where the gaps are.
xobs
I know Altium doesn’t work, which is very important if you need to provide someone else files in Altium format. If you just want to work on designs there’s always Kicad, which is increasingly very good! But it can’t save in Altium format, and I’m not sure I’d trust it for manufacturing.
The other thing I’m missing is my 3D Gerber viewer called ZofZPCB. I’ve not gotten either it or Altium to even start.
Kwpolska
If Windows were to steal your SSH keys (lol), would you really think using a third-party program would protect you? The evil code could just read the key you configured in PuTTY.
null
oguz-ismail
> Terminal
Have they fixed font rendering yet? cmd.exe looks better on my laptop
Lammy
Have they fixed it spying on you? https://github.com/MicrosoftDocs/terminal/issues/139
crinkly
Windows is basically spyware at this point. The only way to win is to not play.
perching_aix
Are you referring to the pixel-level font smoothing they use by default (as opposed to CMD's subpixel-level font smoothing)?
You need to define the "antialiasingMode" key in the settings JSON for the default profile to hold the value "cleartype", rather than "grayscale" (which is the default value). I don't believe this is exposed in the GUI settings page.
Note that this only affects the actual terminal emulation area. The rest of the application will still be pixel-level font smoothed (so e.g. the tab titlebars, the settings, etc.).
MortyWaves
I’ve never noticed any issues on any computer with it…
recursive
The first time I ever saw it, the text already looked better than cmd.exe via conhost.
oguz-ismail
Something wrong with my eyes? Doesn't cmd.exe look smoother in this screenshot?
throaway920181
I've only used it through RDP on Wayland and it's been fine visually. Downloading it can be a challenge if you don't know where to look (Github, not Microsoft's App Store...)
someodd
I was expecting a modern redesign when I read the headline, but I was so delighted to be greeted by such a nostalgic style!
Cheers to decades of memories with PuTTY!
Simon_O_Rourke
Thank you PuTTY for saving my butt so many times in archaic security-theatre companies who would block all ssh apps except leave the PuTTY website and downloads still available.
torginus
I like putty, by for the sake for all that is holy, why doesn't it take .pem keys?
Y_Y
> Unlike other landing pages, this one is run by the PuTTY team itself, and not by a third party with their own agenda.
No idea what this means.
Anyway Simon Tatham's games are so good I think he gets a pass on anything else he does.
naniwaduni
Context: "The domain name putty.org is NOT run by the #PuTTY developers" (https://hachyderm.io/@simontatham/114846017785770922 discussed before at https://news.ycombinator.com/item?id=44558328), but by a competitor who historically used the site at that domain to promote their own product.
GeneralMayhem
It's much weirder now.
The current holder of that domain is using it to host a single page that pushes anti-vax nonsense under the guise of fighting censorship... but also links to the actual PuTTY site. Very weird mix of maybe-well-meaning and nonsense.
kahirsch
The guy behind that page and bitvise appears to have gone totally crazy during the pandemic. On his blog, he said in 2021 "I forecast that 2/3 of those who accept Covid vaccines are going to die by January 1, 2025."
And in 2022, he wrote "Covid-19 is mostly snake venom added to drinking water in selected locations. There may also be a virus, but the main vehicle of hospitalizations is boatloads of powder, mixed in during 'water treatment.' Remdesivir, the main treatment for Covid, is injected snake venom. mRNA vaccines hijack your body to make more snake venom."
neilv
That looks like an open and shut ICANN trademark case to me.
https://web.archive.org/web/20250728091154/https://www.putty...
TazeTSchnitzel
They publish (right at the bottom of that page) the emails where a journalist asked them why they're squatting the PuTTY domain and somehow think they make the journalist look bad?! https://web.archive.org/web/20250728091156/https://www.putty...
commandersaki
There isn't a trademark for PuTTY.
immibis
Do they have a trademark? It costs $325 per year plus roughly $650 for the initial application (even if rejected). Is he paying that?
null
ethan_smith
Simon Tatham's Portable Puzzle Collection (https://www.chiark.greenend.org.uk/~sgtatham/puzzles/) is a fantastic set of logic games that's been ported to practically every platform imaginable.
dgl
I don’t really want to give it credit by linking to it, but this seems to refer to putty[.]org which is using its search ranking to push things unrelated to PuTTY.
esskay
Thats a blast from the past, I'd completely forgotten about putty (moved away from Windows when Vista came out). The pain of SSH on an OS that seems to be intentionally made to be as clunky as hell for developers however is never something I'll miss.
accrual
It's kinda wild it took until part way through Windows 10's life to get an integrated SSH client. Even then it had to be downloaded from the store. I believe it's a native part of Windows 11 now.
I'm pretty happy with Windows Terminal these days, but before then, it was all PuTTY + SecureCRT.
spicyusername
It's incredible to me that this tool is still needed.
Using putty as my daily driver was definitely part of my coming-of-age story as a windows sysadmin way back when.
layer8
It’s not needed on modern Windows strictly speaking, but many users still prefer it.
accrual
Yeah, I use Windows Terminal for a lot of day-to-day stuff, but PuTTY is still my go-to for older systems, serial stuff, SSH tunnels, and anything needing more detailed control over the session.
password4321
I'm pretty sure PuTTY is no longer needed needed except possibly as a user mode pageant.
accrual
As far as I know it's still one of the best ways to handle serial connections on Windows, and a surprising amount stuff still supports or defaults to serial. Great for managing headless OpenBSD systems.
JdeBP
I rather enjoyed the suggestion that the new WWW site could retain the flavour of the old, for the Unix shell syntax diehards. (-:
* https://mastodon.gamedev.place/@thomastc/115031906344758192
From the PuTTY FAQ: https://www.chiark.greenend.org.uk/~sgtatham/putty/faq.html#...
Would you like me to register you a nicer domain name?
No, thank you. Even if you can find one (most of them seem to have been registered already, by people who didn't ask whether we actually wanted it before they applied), we're happy with the PuTTY web site being exactly where it is. It's not hard to find (just type ‘putty’ into google.com and we're the first link returned), and we don't believe the administrative hassle of moving the site would be worth the benefit.
I wonder if they changed their mind because Google ceased to be a reliable way to find them.