Sunday, August 14, 2022

new version 2.23.1 released


  • SECURITY FIX: In version 2.23.0, temporary files are used for PuTTY's new command line option "-pwfile". In some cases these temporary files did not get deleted, that means files containing the password might be inside your temporary folder. So be sure to delete your temporary files folder (probably "C:\Users<USER>\AppData\Local\Temp") if you use passwords to authenticate for your ssh sessions. Instead of using temporary files, now in version 2.23.1 shared memory is used. All password files will be deleted after they got read by PuTTY/Plink. Additionally, only when PuTTY will read the password file, the password is actually written. If you don't use passwords for ssh authentication, you are not affected by this issue.
  • Bug Fix: WinSSHTerm not exiting properly in some cases when the features "Script Runner" or "Check Access" was used

64-bit Portable Edition: (https download)

SHA256 (.ZIP64): 3FAB4ACA2AE4F470027539C999BFACB781C0E6968C70286E2D9452A76617E6FA

64-bit Installer Edition: WinSSHTerm-2.23.1-64.msi (https download)

SHA256 (.MSI64): 57BA1D3E9630C4156056EB4D77077053E540E504F6CD28070E5C06D4DCD7028F

Portable Edition: (https download)

SHA256 (.ZIP): 69EB40CFFBAF76B99207EC2B3F60A7D259F10D5889CEEEE316C65F85379E3781

Installer Edition: WinSSHTerm-2.23.1.msi (https download)

SHA256 (.MSI): 295EFDCA5BC0FC25D835C7AD8E699047B589BE12FBDC8653334E92C3A040C5F3


  1. Amazing work as always. I was curious if this new plink -pwfile function worked with token auth? I'm getting an error when trying to use plink now with my jump server, whereas the previous version (months ago) was working.

    =~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2022.08.22 11:20:14 =~=~=~=~=~=~=~=~=~=~=~=
    Event Log: Leaving host lookup to proxy of "10.247.XXX.XX" (for SSH connection)
    Event Log: Starting local proxy command: plink -P 22 -l myaccountname -nc 10.247.XXX.XX:22 -pwfile \"\\\\.\\PIPE\\ffb17154-5c3b-4c5a-94d6-9f9a53abb380\"
    Event Log: We claim version: SSH-2.0-PuTTY_Release_0.77
    Event Log: Connected to 10.247.XXX.XX
    Event Log: proxy: plink: unable to read a password from file '\\.\PIPE\ffb17154-5c3b-4c5a-94d6-9f9a53abb380'
    Event Log: Remote side unexpectedly closed network connection

    1. Thanks, this should be fixed in version 2.23.2