PuTTY provides a graphical SSH client for connecting to remote servers, transferring files securely with PSCP, and managing multiple saved sessions. Typical use cases include administering remote Linux servers, setting up SSH tunnels for secure access to internal services, and generating SSH key pairs for passwordless authentication. By the end of this guide, you will have PuTTY installed on Debian, configured with saved sessions, and ready to transfer files using the PSCP command-line utility.
Choose Your PuTTY Installation Method
PuTTY is available through Debian’s default repositories and as a Flatpak from Flathub. Consequently, each method offers different advantages depending on your needs.
| Method | Channel | Version | Updates | Best For |
|---|---|---|---|---|
| APT Package Manager | Debian Repos | Distribution default | Automatic via apt upgrade | Most users who prefer distro-tested packages |
| Flatpak | Flathub | Latest stable | Automatic via flatpak update | Users who want the newest features with sandboxing |
For most users, the APT method is recommended because it integrates with your system’s package management and receives security updates through standard Debian channels. Alternatively, choose Flatpak if you prefer sandboxed applications or want consistent versions across different Linux distributions.
Update Debian Before PuTTY Installation
Before installing any packages, update your system to ensure you have the latest security patches and package lists:
sudo apt update && sudo apt upgradeInstall PuTTY via APT Package Manager
Debian includes PuTTY in its default repositories, so installation requires just a single command. Install both the graphical client and command-line tools:
sudo apt install putty putty-toolsThe putty package provides the graphical SSH client. Meanwhile, putty-tools includes command-line utilities like PSCP (secure file copy), PSFTP (secure file transfer), and PuTTYgen (key generator).
Verify PuTTY Installation
After installation completes, verify the setup using the PSCP command-line tool, which works in both desktop and headless environments:
pscp --versionpscp: Release 0.83 Build platform: 64-bit Unix Compiler: gcc 14.2.0 Source commit: d2c178c49a0ae6fa9ef75ca84fb3c9d0d675ea85
The version number varies by Debian release: Debian 13 includes PuTTY 0.83, Debian 12 includes 0.78, and Debian 11 includes 0.74. All versions provide the core SSH functionality covered in this guide. The output above reflects Debian 13; older releases show different version numbers and compiler details.
Install PuTTY via Flatpak
As an alternative, Flatpak provides the latest PuTTY release with sandboxing for enhanced security. If Flatpak is not installed on your system, see our guide on installing Flatpak on Debian before continuing.
First, add the Flathub repository if you haven’t already:
sudo flatpak remote-add --system --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepoNext, install PuTTY from Flathub:
sudo flatpak install --system flathub uk.org.greenend.chiark.sgtatham.puttyThen verify the installation:
flatpak list | grep -i puttyPuTTY uk.org.greenend.chiark.sgtatham.putty 0.83 stable flathub
Finally, launch the Flatpak version from the terminal:
flatpak run uk.org.greenend.chiark.sgtatham.puttyThe Flatpak version runs in a sandbox with limited filesystem access. To transfer files with PSCP, you may need to grant additional permissions or use the APT installation instead.
Launch PuTTY from Terminal or Applications Menu
To get started, launch PuTTY from the terminal by running:
puttyOnce launched, the PuTTY Configuration window appears, ready for you to enter connection details or load a saved session.
Alternatively, you can launch PuTTY from your desktop environment’s applications menu. Simply search for “PuTTY” in your applications launcher and click the PuTTY SSH Client icon.
The exact menu location varies by desktop environment. GNOME users find it under Activities → Show Applications. KDE, XFCE, and other desktops have their own application launchers.
Getting Started with PuTTY SSH Client
Now that PuTTY is installed, this section covers essential features for managing remote connections effectively.
Configure and Save PuTTY SSH Sessions
One of the key features of PuTTY is the ability to save and manage multiple SSH sessions. Therefore, to configure and save a new SSH session, follow these steps:
- Launch PuTTY.
- In the Session category, enter the remote server’s hostname or IP address in the Host Name (or IP address) field.
- Specify the port number in the Port field (default is 22 for SSH).
- Choose SSH as the connection type.
- Enter a descriptive name for the session in the Saved Sessions field and click the Save button.
After you have saved a session, you can quickly load its settings by selecting it from the Saved Sessions list and clicking Load.
Customize PuTTY’s Appearance
Beyond basic connections, PuTTY allows you to customize its appearance to suit your preferences. Some common customizations include:
- Changing the font and size: Navigate to Window > Appearance. Click the Change button next to the Font settings section to choose a different font and size.
- Adjusting window colors: Go to Window > Colours. Select the color you want to change and click the Modify button to choose a new color.
- Setting window transparency: Navigate to Window > Behaviour. Enable the system-provided window decorations (if available) option, and adjust the window transparency slider.
Use Key-Based Authentication with PuTTY
Key-based authentication is a more secure method of logging into remote servers than passwords. PuTTYgen generates keys in PuTTY’s native .ppk format.
Generate the key pair:
First, ensure the .ssh directory exists:
mkdir -p ~/.ssh && chmod 700 ~/.sshThen generate an Ed25519 key pair:
puttygen -t ed25519 -o ~/.ssh/putty-key.ppkWhen prompted, enter a passphrase to protect the private key (recommended for security). Next, export the public key in OpenSSH format:
puttygen -L ~/.ssh/putty-key.ppk > ~/.ssh/putty-key.pubVerify the public key was exported correctly:
cat ~/.ssh/putty-key.pubssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAI... user@hostname
Copy the public key to the remote server:
ssh-copy-id -i ~/.ssh/putty-key.pub user@remote-serverIf ssh-copy-id is unavailable, manually append the key:
cat ~/.ssh/putty-key.pub | ssh user@remote-server "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"Configure PuTTY to use the key:
- Launch PuTTY and load or create a session.
- Navigate to Connection > SSH > Auth > Credentials.
- In the “Private key file for authentication” field, browse to your
~/.ssh/putty-key.ppkfile. - Return to the Session category and save your session.
Ed25519 keys offer the best security and performance. RSA (4096-bit) is an alternative if you need compatibility with older servers that don’t support Ed25519.
Enable X11 Forwarding on PuTTY
X11 forwarding allows graphical applications from a remote server to display on your local machine. This requires configuration on both the server and client.
Server-side requirements:
Ensure the remote server allows X11 forwarding. Verify that X11Forwarding yes is set in the SSH configuration:
grep -i x11forwarding /etc/ssh/sshd_configX11Forwarding yes
If the output shows no or the line is missing, edit the configuration and restart SSH:
sudo sed -i 's/^#*X11Forwarding.*/X11Forwarding yes/' /etc/ssh/sshd_config
sudo systemctl restart sshAdditionally, install xauth on the server if it’s missing:
sudo apt install xauthClient-side configuration in PuTTY:
- Launch PuTTY and load or create a session.
- Navigate to Connection > SSH > X11.
- Check Enable X11 forwarding.
- Save the session and connect to the remote server.
Verify X11 forwarding works:
After connecting, check that the DISPLAY variable is set:
echo $DISPLAYlocalhost:10.0
Then test with a graphical application:
xeyesIf xeyes is not installed, install it with sudo apt install x11-apps. A window with animated eyes should appear on your local display.
On a Linux desktop, your existing X server (or Wayland with XWayland) handles the display automatically. If connecting from Windows, you need an X server like VcXsrv or Xming installed before X11 forwarding will work.
Transfer Files with PSCP
PSCP (PuTTY Secure Copy) transfers files securely between your local machine and remote servers using SCP or SFTP protocols. Moreover, it supports both password and key-based authentication.
Basic File Transfers
Upload a file to a remote server:
pscp local-file.txt user@remote-server:/path/to/destinationThe above command uploads local-file.txt from your local machine to the specified destination path on the remote server.
Download a file from a remote server:
pscp user@remote-server:/path/to/remote-file.txt local-destinationHere, PSCP downloads remote-file.txt from the remote server and saves it to your specified local destination.
Transfer a directory and its contents:
pscp -r local-directory user@remote-server:/path/to/destinationThe -r flag enables recursive mode, uploading the entire local-directory and its contents to the remote server.
Transfer files using key-based authentication:
pscp -i private-key.ppk local-file.txt user@remote-server:/path/to/destinationWith the -i flag, you can specify a private key file (.ppk) for key-based authentication instead of entering a password.
Advanced PSCP Options
Transfer files over a specific port:
pscp -P 2222 local-file.txt user@remote-server:/path/to/destinationThe -P flag allows you to specify a custom port number, which is useful when servers run SSH on non-standard ports like 2222.
Transfer files using SCP protocol:
pscp -scp local-file.txt user@remote-server:/path/to/destination
By default, PSCP uses SFTP when available. However, the -scp flag forces PSCP to use the older SCP protocol instead.
Transfer files using SFTP protocol:
pscp -sftp local-file.txt user@remote-server:/path/to/destination
Conversely, the -sftp flag explicitly enforces SFTP, which provides better error handling and supports more features than SCP.
Display progress while transferring files:
pscp -v local-file.txt user@remote-server:/path/to/destinationFor troubleshooting or monitoring large transfers, add the -v (verbose) flag to display detailed progress information during the transfer.
By understanding and utilizing these PSCP commands, you can efficiently and securely manage file transfers between your local machine and remote servers with PuTTY.
Remove PuTTY from Debian
If you no longer need PuTTY, remove it using the method matching your installation.
Remove APT Installation
sudo apt remove putty putty-toolsAfterward, remove orphaned dependencies:
sudo apt autoremoveFinally, verify removal:
pscp --versionbash: pscp: command not found
Remove Flatpak Installation
sudo flatpak uninstall uk.org.greenend.chiark.sgtatham.puttyTo also remove application data stored by Flatpak:
sudo flatpak uninstall --delete-data uk.org.greenend.chiark.sgtatham.puttyVerify the Flatpak was removed:
flatpak list | grep -i puttyNo output confirms successful removal.
Additionally, your PuTTY session configurations may be stored in ~/.putty/ and remain after uninstallation. Back up this directory first if you want to preserve your settings:
cp -r ~/.putty ~/putty-backupWarning: The following command permanently deletes your saved PuTTY sessions, host keys, and preferences. Only run this if you want a complete removal and have backed up any settings you need.
rm -rf ~/.puttyTroubleshoot Common PuTTY Issues
Connection Refused
Error message:
Network error: Connection refused
Diagnose: Check if SSH is running on the remote server:
sudo systemctl status sshIf SSH is running, you should see:
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled)
Active: active (running) since Thu 2025-12-05 10:00:00 UTC
Fix: If the service is inactive, start and enable it:
sudo systemctl enable --now sshAdditionally, check if the firewall blocks port 22:
sudo ufw statusStatus: active To Action From -- ------ ---- 22/tcp ALLOW Anywhere
If SSH is not listed, allow it with:
sudo ufw allow sshFor more details, see our guide on configuring UFW on Debian.
Host Key Verification Warning
PuTTY displays a security alert the first time you connect to a server. This is normal behavior—simply verify the fingerprint matches your server’s key, then click Accept to save the key and continue.
However, if you see this warning for a server you’ve connected to before, the server’s key may have changed due to reinstallation or IP address reuse. In that case, verify with your server administrator before accepting the new key.
Permission Denied (publickey)
Error message:
Disconnected: No supported authentication methods available (server sent: publickey)
Diagnose: This error occurs when key-based authentication fails. Check the following on the remote server:
ls -la ~/.ssh/drwx------ 2 user user 4096 Dec 5 10:00 . -rw------- 1 user user 738 Dec 5 10:00 authorized_keys
Fix: Ensure correct permissions on the server:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keysAlso verify that:
- The private key file (.ppk) is correctly specified in Connection > SSH > Auth > Credentials
- The corresponding public key exists in
~/.ssh/authorized_keyson the remote server - The public key was exported in OpenSSH format (use
puttygen -L keyfile.ppkto verify)
Verify: Test the connection again after fixing permissions. A successful connection proceeds without password prompts.
Conclusion
At this point, you have PuTTY installed on Debian with the ability to save SSH sessions, generate Ed25519 key pairs for passwordless authentication, transfer files with PSCP, and forward X11 applications. For production servers, consider installing Fail2ban on Debian to protect against brute-force attacks, and review our guide on enabling SSH on Debian for server-side configuration best practices.