diff --git a/user-guide/index.md b/user-guide/index.md
index 3db68eaa..3cd216ef 100644
--- a/user-guide/index.md
+++ b/user-guide/index.md
@@ -17,3 +17,4 @@ This guide contains tricks and recipies for end users using Red Hat Enterprise L
 - [Connect Evolution with Office365](evolution_for_o365)
 - [Connect Thunderbird with Office365](thunderbird_for_o365)
 - Firefox refuses to start with home directory on the network drive -> [Per Host Default Profile for Firefox](firefox_profile_per_host) 
+- AFS `permission denied` when using Putty -> [SSH Access from Windows using Putty](putty)
diff --git a/user-guide/putty.md b/user-guide/putty.md
new file mode 100644
index 00000000..79726c2d
--- /dev/null
+++ b/user-guide/putty.md
@@ -0,0 +1,24 @@
+# SSH Access from Windows using Putty
+
+## Kerberos/AFS Failures with Default Settings
+
+The default settings of Putty allows to connect to a Linux host. But when there are services depending on Kerberos like AFS then that will fail:
+
+![Failing AFS](putty/missing_kerberos_ticket_delegation.png)
+
+This is due to missing Kerberos ticket delegation. Note that you may recover from this on the Linux shell by entering `kinit` and then your password to opain a new Kerberos ticket and `aklog` to log into AFS.
+
+## Configure Kerberos 
+
+To avoid this issue Kerberos ticket delagation can be configured in Putty.
+In the settings select "Connection" -> "SSH" -> "Auth" -> "GSSAPI" and select therein "Allow GSSAPI credential delegation".
+Note that you need also to remove the tick at "Attempt GSSAPI key exchange" because else it will not work.
+
+![Working AFS](putty/working_kerberos_ticket_delegation.png)
+
+## Long Running Programs/Simulations
+The delegated Kerberos ticket from Windows can only be renewed for less than one day. So at some point after AFS will refuse access.
+
+To get a longer valid Kerberos ticket on the Linux machine, type `kinit` and authenticate yourself with your password. The newly acquired Kerberos ticket can renewed for one week and AFS is happy as long too. 
+
+Alternatively you my disable Kerberos/GSSAPI authentication in Putty altogehter. But then you need always to enter your password when connecting to your Linux machine. But it will then always get a new Kerberos ticket renewable for one week.
diff --git a/user-guide/putty/missing_kerberos_ticket_delegation.png b/user-guide/putty/missing_kerberos_ticket_delegation.png
new file mode 100644
index 00000000..490974a5
Binary files /dev/null and b/user-guide/putty/missing_kerberos_ticket_delegation.png differ
diff --git a/user-guide/putty/working_kerberos_ticket_delegation.png b/user-guide/putty/working_kerberos_ticket_delegation.png
new file mode 100644
index 00000000..34dbff37
Binary files /dev/null and b/user-guide/putty/working_kerberos_ticket_delegation.png differ