Download: Stable · Pre-release · Snapshot | Docs | Changes | Wishlist
People occasionally ask for PuTTY to interpret escape codes in the banner some SSH servers send prior to authentication.
The SSH-2 authentication specification,
states, in the section about
If the 'message' string is displayed, control character filtering, discussed in [SSH-ARCH], SHOULD be used to avoid attacks by sending terminal control characters.
This is what PuTTY does, and as such, terminal-control sequences won't work.
Update, March 2019: while our policy on control characters hasn't changed, our implementation has. The previous filtering was very simplistic, and could mangle printable characters such as UTF-8-encoded non-ASCII characters. Now we use a more sophisticated approach that lets through characters considered printable by the current locale or terminal configuration through; so non-ASCII characters can now be displayed unmolested (if the terminal and banner message agree on the encoding, in the usual way).