Is there a way to configure a password for a stored session in PuTTY?

I know there is the capability to specify an "auto-login username" (under Connection/Data), but is there a way to do the same with the password?

  • 11
    Use KiTTy... its developed using PuTTy source code.. – Apple II Apr 13 '12 at 12:52
  • 5
    use key pairs, not passwords – ladieu Nov 21 '14 at 15:21

15 Answers 15

up vote 332 down vote accepted

For some versions of PuTTY, it's as simple as one of:

putty.exe mylogin@somewhere.com -pw mypassword
putty.exe somewhere.com -l mylogin -pw mypassword

If you want to connect using SSH, use this:

putty.exe -ssh root@somewhere.com -pw mypasswordforsomewherecom

For those using Windows, you can simply create a shortcut and pass in these parameters.

For example:

  1. Create a shortcut on the desktop to putty.exe
  2. Rename the shortcut to PuTTY - server.com
  3. Right-click shortcut and choose Properties
  4. Modify the target similar to: "C:\Program Files\PuTTY\putty.exe" user@server.com -pw password
  5. Click OK

If your PuTTY does not support the pw parameter, you will need a public key as explained in:
Creating and Copying Your Key-Pair in PuTTY SSH Client.

  • 8
    harrymc's answer is the best option. The Putty FAQ makes it clear there's no way in the settings to store a password – Dave Webb Sep 20 '09 at 12:00
  • 7
    @aglassman and others - you do of course value your servers etc security... storing passwords unencrypted is genrally not a great idea, RSA keys is the way to go. Do use it for access for things like Raspberry Pi where i don't care who uses it - thanks! – Wilf Apr 12 '14 at 10:16
  • 11
    The question wasn't whether one should or shouldn't, it was "how". – harrymc Apr 23 '14 at 15:55
  • 3
    Lol, this answer would never fly in info security... Which is exactly why it belongs on superuser :) – Sun Sep 27 '14 at 14:24
  • 2
    I really don't wanna talk down this answer, since - as harrymc said - the question was about how and not if, but just consider WHEN to use this and where rather to implement RSA keys. There are some valid places where no harm is done, going that way (and it definately is faster to set up), but just remember that one tiny vulnerabilty (tech or no-tech) on such a client, hands an attacker the server on a silver tablet (which, as mentioned above, might not be a problem in some cases though). – Levit Nov 3 '14 at 11:41

Strongly advise using the public key mechanisms rather than sending passwords from the shell.
Here is one more reference for the setup.

Link to get latest PuTTY binaries (and check the FAQ).

  • 8
    +1 for the right way. Storing passwords in plaintext anywhere is a poor idea. – Zac B Dec 3 '12 at 18:45
  • 10
    @nik Don't get me wrong, You're right. But this is superuser site, if I want to auto login with password You may assume I have a good reason to do it. – matt Jan 15 '14 at 18:11
  • 1
    @ZacB - I am new to security. If an attacker has root access to your system, then can't he just log all your keystrokes, record your videos etc and get all your logins and such anyway ? Of course, plain text storage removes the need for the attacker to put all that effort, right ? – Steam Dec 8 '14 at 21:59
  • 3
    @Steam: you're right, a compromised system is a Really Bad Thing. But that's no reason not to have secondary (post-breach) threat protection. If a system is compromised at the root level, it should be as hard as possible for the attacker to compromise other parts of your infrastructure, and as likely as possible that they will be detected when doing so. Getting a keylog requires a sustained (more likely to be detected) intrusion and the installation of noticeable new software. Stealing a text file does not. – Zac B Dec 9 '14 at 13:59
  • I was on the corporate VPN when I tried to download PuTTY from that site, and I was prevented because it contained a virus! – OmarOthman Mar 20 '16 at 13:37

I use WinSCP to “auto login” in PuTTY with a password. It's free, contains plenty of features, was created in 2000 and is still activity maintained. (WinSCP Wikipedia page)

enter image description here

Opening PuTTY from WinSCP can be done from either the login window, or from the SFTP window, which I find extremely handy:

enter image description here

enter image description here

If you want to preserve saved options (such as pre-configured window sizes and tunnel proxy) and load a saved session to auto-login, use this approach: http://www.shanghaiwebhosting.com/web-hosting/putty-ssh-auto-login

putty.exe -load my_server -l your_user_name -pw your_password

Where 'my_server' is a saved session name.

PuTTY Connection Manager is a separate program that works with PuTTY. It can autologin and has an encrypted database holding the passwords.

I still prefer SSH keys though.

(Another downside is that it may no longer be supported by its original developer(s), and may only be available to download from third-party sources.)

  • 1
    If you use a passphrase for SSH keys, doesn't that make SSH keys just as hard to use as regular username and password? – Buttle Butkus Apr 30 '17 at 20:26

Yes, there is a way. Recently I added a password saving feature for PuTTY 1.5.4 for both Linux and Windows. You can download binaries and source from Oohtj: PuTTY 0.62 with a password saving feature.

I use mRemote on Windows; it can store usernames and passwords for SSH, RDP, VNC and Citrix.

  • I found this pretty buggy on Win7. Dragging the window around caused major hangs. Shame because apart from that it is great. – jsims281 Jan 11 '12 at 16:51

Tunnelier - saved passwords encrypted locally. It also has a sFTP GUI as well as SSH windows.

enter image description here

There's a port of PuTTY called KiTTY which allows saving username / password.

The kitty_portable.exe is very handy; no installation is needed.

Combining two different packages for a security solution can be dangerous. This is the PuTTY-only way to do it, only using software from the PuTTY site.

You should first use PuTTYgen to create a key pair, then install the private key in PuTTY, and copy the public key to the remote site. Here is how you do this.

Download PuTTYgen, and execute it to generate a SSH2-RSA key. I'd use at least 4098 bits. Click the Generate button, move the mouse around, until the key pair is generated.

enter image description here

Once it's generated, your screen will look like this: enter image description here

Describe the account in the "Key Comment" field. Then save the private key in one file, and the public key in another file.

Your public key will look like this:

---- BEGIN SSH2 PUBLIC KEY ----
Comment: "rsa-key-20160822"
AAAAB3NzaC1yc2EAAAABJQAAAgEA5Kp+G9z8eE0MpPZL9JZksstIa3L9JEND6ud1
1IiD6f1jw/7Lv7CvZcCdk/OVMT+DlTbryRoqfbNMLkjajqNTUGBAscTduUtPYuQt
YEQgtbJd/hyHtTHK9X/wiKeQr7LjHZcEg3osYh+MzZFscldQM/a/Z26AKh81EC9X
uIu98snjOBM0ysb14Uu7hMvti5Xd3kSW7ctL2j1ORuRgZX6LHihaezvsBFI5S/lZ
4v/yxymRKQnyV6OkMNMXESJpXh3cTMIIGtDJtbbYvh5Qs0f3O1fMiQYyz2MjGphd
zBihq85a1SHx0LBk31342HsCiM4el//Zkicmjmy0qYGShmzh1kfZBKiBs+xN4tBE
yjRNYhuMGP2zgpr9P/FO1buYdLah5ab3rubB5VbbRP9qmaP2cesJS/N91luc099g
Z+CgeBVIiRr1EYTE8TqsSBdvmu3zCuQgDVcSAoubfxjM4sm3Lb6i4k4DJmF57J6T
rcyrSIP9H/PDuBuYoOfSBKies6bJTHi9zW2/upHqNlqa2+PNY64hbq2uSQoKZl1S
xwSCvpbsYj5bGPQUGs+6AHkm9DALrXD8TX/ivQ+IsWEV3wnXeA4I1xfnodfXdhwn
ybcAlqNrE/wKb3/wGWdf3d8cu+mJrJiP1JitBbd4dzYM0bS42UVfexWwQSegDHaw
Aby0MW0=
---- END SSH2 PUBLIC KEY ----

You have to edit this to a form that is suitable for your remote site. Let's assume it's a Linux machine using ssh.

Edit the file so it has three fields:

  1. The first should say "ssh-rsa"
  2. The second should be your public key all on one line with no spaces.
  3. The third is a comment - which can correspond to your key comment field.

So it should look like this when done

ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEA5Kp+G9z8eE0MpPZL9JZksstIa3L9JEND6ud11IiD6f1jw/7Lv7CvZcCdkOVMT+DlTbryRoqfbNMLkjajqNTUGBAscTduUtPYuQtYEQgtbJdhyHtTHK9XwiKeQr7LjHZcEg3osYh+MzZFscldQMaZ26AKh81EC9XuIu98snjOBM0ysb14Uu7hMvti5Xd3kSW7ctL2j1ORuRgZX6LHihaezvsBFI5SlZ4vyxymRKQnyV6OkMNMXESJpXh3cTMIIGtDJtbbYvh5Qs0f3O1fMiQYyz2MjGphdzBihq85a1SHx0LBk31342HsCiM4elZkicmjmy0qYGShmzh1kfZBKiBs+xN4tBEyjRNYhuMGP2zgpr9PFO1buYdLah5ab3rubB5VbbRP9qmaP2cesJSN91luc099gZ+CgeBVIiRr1EYTE8TqsSBdvmu3zCuQgDVcSAoubfxjM4sm3Lb6i4k4DJmF57J6TrcyrSIP9HPDuBuYoOfSBKies6bJTHi9zW2upHqNlqa2+PNY64hbq2uSQoKZl1SxwSCvpbsYj5bGPQUGs+6AHkm9DALrXD8TXivQ+IsWEV3wnXeA4I1xfnodfXdhwnybcAlqNrEwKb3wGWdf3d8cu+mJrJiP1JitBbd4dzYM0bS42UVfexWwQSegDHawAby0MW0= rsa-key-20160822

Personally, I would copy the file over to the Linux machine, and then edit it, because editors like vim are much more tolerant of long lines. I'd use the 'J' command to join two lines, then search for spaces and delete the spaces between the lines. When I copied this file over to Windows, the system insisted on splitting the single long line into multiple lines with "\" between the lines. Yuck. To continue...

Log into the remote machine, and copy/edit, then append the public key into the ~/.ssh/authorized_keys file in the same format as the other keys. It should be a single line. There should be three fields on a single line. The first says "ssh-rsa". The second is the key which should end with the characters "=" the third field is optional, and will contain what you put in the Key Comment field.

If this is the first time you have created the ~/.ssh/authorized_keys file, make sure the directory and file are not group or world readable.

Once this is done, then you have to create a PuTTY session where the private key is used.

In the PuTTY session, go to Connection=>SSH=>Auth and click browse and select where you stored your private key "It's a *.ppk" file. enter image description here

Then save this session (I'm assuming you also set up the account, IP address, etc.).

Once this is done, you just have to select the session, and you are logged in.

A more secure way is to store your private key in an encrypted file, using a passphrase. Then use Pageant to manage your passphrase. That way the private key is always encrypted, and you only have to type in a passphrase once in a while.

  • With these detailed instructions, it's not hard to get going. With Pageant, you're completely secure and I only have to type my password once for all my keys on startup. – Noumenon Aug 29 at 15:06

I prefer doing like this on a Windows machine. Save the PuTTY executable in a folder, say "mytools", and run this command from command prompt:

tools>mytools 10 

10 is the last octet of your IP address. That's it.

@ECHO OFF
set PUTTY=E:\tools\putty.exe
start %PUTTY% root@192.168.1. %1 -pw yourpassword
  • Perfect. But by doing this, all of color customizations are gone and I am stuck with native PuTTy ugly color-scheme. I have added these reg files igvita.com/2008/04/14/custom-putty-color-themes as my color scheme but can i use it somehow ? – Em Ae Feb 21 '13 at 17:57

If you use the following way, don't forget to add "" to enclose your session name, or it may fail to load the session. For example,

putty.exe -load "my session name", 

The general form is:

putty.exe -load my_server -l your_user_name -pw your_password

If the connection is authenticated by a public key and password, consider using Pageant.

You can add your private keys to Pageant with the associated password. Assuming you've got the correct username configured in PuTTY, you will authenticated transparently.

It doesn't store your passwords so you'll have to re-add your key next time you launch it. There is a command line option to launch and add keys in one go.

"C:\Program Files\PuTTY\Pageant.exe" key1.ppk key2.ppk key3.ppk

It will prompt for a password if required.

And the best of all, it's part of the PuTTY suite, so you've probably already got it on your machine.

Install MTPuTTY and your problem should be solved. You can even execute a bunch of scripts after logging into Putty.

If the command history is a security concern, go the public key route (as your plaintext password specified in the -pw option is stored in the command history).

protected by Karan Apr 24 '13 at 21:46

Thank you for your interest in this question. Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).

Would you like to answer one of these unanswered questions instead?

Not the answer you're looking for? Browse other questions tagged or ask your own question.