Stories
Slash Boxes
Comments

SoylentNews is people

Submission Preview

Link to Story

PuTTY 0.68 Released, Containing ECC, a 64-bit Build, and Security Fixes

Accepted submission by martyb at 2017-02-22 03:54:31
Software

martyb [soylentnews.org] writes:

Editors: Please add topic: Security

PuTTY [greenend.org.uk] is a free implementation of SSH and Telnet for Windows and Unix platforms, along with an xterm terminal emulator. A new release of Putty was recently announced — it can be downloaded from the PuTTY latest release page [greenend.org.uk].

From the changelog [greenend.org.uk] page:

These features are new in 0.68 [soylentnews.org] (released 2017-02-21):

  • Security fix: an integer overflow bug in the agent forwarding code. See vuln-agent-fwd-overflow [greenend.org.uk].
  • Security fix: the Windows PuTTY binaries should no longer be vulnerable to hijacking by specially named DLLs in the same directory (on versions of Windows where they previously were). See vuln-indirect-dll-hijack [greenend.org.uk].
  • Windows PuTTY no longer sets a restrictive process ACL by default, because this turned out to inconvenience too many legitimate applications such as NVDA and TortoiseGit. You can still manually request a restricted ACL using the command-line option -restrict-acl.
  • The Windows PuTTY tools now come in a 64-bit version.
  • The Windows PuTTY tools now have Windows's ASLR and DEP security features turned on.
  • Support for elliptic-curve cryptography (the NIST curves and 25519), for host keys, user authentication keys, and key exchange.
  • Support for importing and exporting OpenSSH's new private key format.
  • Host key preference policy change: PuTTY prefers host key formats for which it already knows the key.
  • Run-time option (from the system menu / Ctrl-right-click menu) to retrieve other host keys from the same server (which cross-certifies them using the session key established using an already-known key) and add them to the known host-keys database.
  • The Unix GUI PuTTY tools can now be built against GTK 3.
  • There is now a Unix version of Pageant.

When I first started on as staff on SoylentNews, I was running Windows XP and discovered I needed a secure client to gain terminal access to our SoylentNews servers. One of the sysops here suggested PuTTY and guided me in its installation and setup. The UI for this program is, to be kind, different from any other program I have used, yet it seems to be self-consistent in its idiosyncrasies.

Since then, I've moved on to running Windows 7 Pro x64 and have carried over my Putty install. I'll likely install the upgrade in a few days (letting others catch any as-yet unfound bugs) but I am curious what else is out there.

What programs do my fellow Soylentils use for secure terminal access to remote servers from Windows?

Original Submission