Initial Putty startup screen

When started, or a 'New session' is requested, putty starts up with this screen, to permit specification of the host profile to connect to. It ships with a 'Default Settings' profile, and in this computer, we had previously also added a 'windows keying' stored session profile. By adding a startup option in the properties of a GUI shortcut link, one may directly open a remote session with a pre-set profile.

Select a 'stored session' profile

We start by highlighting a 'stored session' profile. It is usually a better practice to NOT tamper with the 'Default Settings' to avoid encountering some strange and unexpected collection of settings when moving from work-station to workstation with differing local installs.

Load that 'stored session' profile

We then use the 'Load' button to move a copy of that 'stored session' profile into the working configuration area of putty. The single line box above the list of possible profiles, and optioanlly, the 'Host Name (or IP address)' will then display content. The top one may remain empty, if the profile is not particular to a given host.

Logging

We choose to turn up logging levels during initial or diagnostic setup, so that we can see what is not working more easily. It may be restored to the default of 'None' once all is working properly. We did not choose to add the optional values for the log file naming, so that the system would generate unique log file names, and as such, we are promoted sometimes about over-writing an older log file.

Terminal emulation details

No changes here

Terminal emulation - Keyboard options

No changes here, although die hard-Unix fiends may want to set CTRL-h up like a reasonable terminal should behave.

Terminal emulation - Bell behaviour

No changes here

terminal emulation - Advanced features

No changes here

Terminal panel window options - Main

Simply to demonstrate the option, we lock the terminal to the old 'green screen' 80 columns by 24 lines. We also dial up the number of lines in the scrollback buffer to 1000 from the more frugal 200 which putty uses as its default.

Window - Appearance options

We changed the font to a fixed width font, and accept the largest available offered font size

Window - Behaviour of the panel

We add a custom panel title bar

Window - Character set related

We clearly make a change here -- the UTF-8 character set has fairly universal support at this point, and we change accordingly.

Window - 'copy and paste' selection behaviour

No changes here

Window - Color handling options

No changes here

Connection optons - General

We set the value for keepalives to a value that will send such traffic every 900 seconds (15 minutes) to hold upen a connection through most common NAT and firewalling software's timeout intervals (from experimentation, usually at least 20 minutes). We also enable this feature in the lower checkbox.

Connection - login USERID setting

This one is important and hard to find. We have to force putty to send the userid, rather than querying for it. Once you are accustomed to the program, it is able to be reset to an empty field, and let the initial connection time prompt ask which of the userid's on your virtual instance you wish to connect as.

Connection -- Proxy options

No changes here.

Connection - Telnet

As we are not using 'telnet' we have no changes here.

Connection - Rlogin

As we are not using 'rlogin', we have no changes here.

Connection - SSH general options

This panel covers SSH, as do its children, and have many options we consider. First, and as a matter of housekeeping, we only enable SSH version 2, and so it is safe but not required to choose the checkbutton for '2 only'

Connection - SSH

As the next step, we simply clicked the '+' sign on the left to expand the sub-options

Connection - SSH Key Exchange 'Kex' options

We set values for faster new key exchange as a matter of making the task of a holder of a session capture file's life more difficult. As a practical matter, it probably is not a material set of changes

Connection - SSH authentication options

In reverse order from the bottom up, we enable the manuall setting of the 'userid' (here, called 'username' for some reason), and navigate in the 'Browse' box to one of the two SSH-2 kets -- RSA or DSA -- that we previously generated with the 'ssh-genkey' program. Recall that on the conventional Windows setup, these keys are stored by default in the folder: Documents in a sub-folder called: ssh-keys We select the key with the .ppk ('putty private key') extension.

At connection time, because the local public key is not used, it does not need to know the name or location of it. Recall that private keys are always protected by a 'pass phrase' by careful systems administrators. While this cannot make it imposible to be compromised, use of a strong pass phrase does help rule out prying eyes that fall into possession of a image backup of your system from being able to use those private keys.

Particularly, if there is a 'keylogger' such as the FBI is alleged to have used in their investigations, or a similar facility somehow added to the backgournd programs run on your system, but reporting to a third-party, it is possible to identify unusual but repeated strings such as passwords, or pass phrases in log files. Counter-techniques include the use of 'one time passwords' ('OTP') as from a hardware device.

Connection - SSH Remote terminal settings

No changes here.

Connection - SSH X11 forwarding

No changes here.

Connection - Tunnels

No changes here.

Connection - SSH bug workarounds

No changes here.

Connection - SSH serial line options

No changes here.

Putty options save

Click back to the top of the options setting menu, preparatory to saving this updated profile.

Putty - options save

... and select the 'Save' button to commit the changes.

Testing the new settings

... and so we have a saved set of options which should work to properly reach a virtual instance. As we noted above, the log file is not uniquely named with this group of settings, and so we are prompted as to the possible over-write of data. We actually chose 'yes' and proceed here.

Making a connection .. a client side question

When putty then goes to use the private key, it finds that key is protected with a pass phrase. We supply it (note that as that pass phrase is typed, it does NOT echo to the screen, to prevent leaking a hint to a 'shoulder surfer' as to the length of that pass phrase.)

We're in

We have a root console at the remote host, and can display its IP, the date, and such. Of course, one can then log out in the regular fashion as well.