Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Microsoft Privacy Security Windows

Microsoft Releases a Preview of OpenSSH Client and Server For Windows 10 (servethehome.com) 144

Posted by EditorDavid from the OpenSSH-without-OpenSSL dept.
kriston (Slashdot user #7,886) writes: Microsoft released a preview of the OpenSSH server and client for Windows 10. Go to Settings, Apps & Features, and click "Manage optional features" to install them. The software only supports AES-CTR and chacha20 ciphers and supports a tiny subset of keys and KEXs, but, on the other hand, a decent set of MACs.

It also says that it doesn't use the OpenSSL library. That's the really big news, here. I understand leaving out arcfour/RC4 and IDEA, but why wouldn't MSFT include Blowfish, Twofish, CAST, and 3DES? At least they chose the CTR versions of these ciphers. (Blowfish isn't compromised in any practical way, by the way). I prefer faster and less memory- and CPU-intensive ciphers.

Still, it's a good start. The SSH server is compelling enough to check out especially since I just started using X2GO for remote desktop access which requires an SSH server for its file sharing feature.
This discussion has been archived. No new comments can be posted.

Microsoft Releases a Preview of OpenSSH Client and Server For Windows 10 More

Microsoft Releases a Preview of OpenSSH Client and Server For Windows 10

Comments Filter:

  • We've already got PuTTY (Score:2, Insightful)

    by Anonymous Coward

    It works well, it's been field proven for decades and it doesn't "call home" to Redmond.

    • PuTTY only provides half of a SSH solution, still need a server. Hopefully the Microsoft OpenSSH server will accept clients other than their's.

      • Re:We've already got PuTTY (Score:5, Informative)

        by Antique Geekmeister ( 740220 ) on Sunday December 17, 2017 @02:45PM (#55756395)

        Cygwin provides an SSH server, with current OpenSSH releases and a more powerf bash based local working environment. It does require additional non-Microsoft published binaries, and it has had issues operating with various anti-virus software packages. I admit that I'm very, very curious what shell and what capability for chroot sftp access may be available with the new Microsoft published server.

        Activating that future could be very helpful for people who wish to safely upload, or download, more safely from what is already a publicly exposed Windows server.

      • Re: (Score:1)

        by Dog-Cow ( 21281 )

        Me too. The "their is" client is the worst. Even worse than your grammar, believe it or not.

      • Re:We've already got PuTTY (Score:5, Informative)

        by Dr.Dubious DDQ ( 11968 ) on Sunday December 17, 2017 @03:50PM (#55756769) Homepage
        "Hopefully the Microsoft OpenSSH server will accept clients other than their's."

        It does - or at least it did last time I tried it.

        This project appears to be the Powershell team doing an honest port of the "Portable OpenSSH" code to native Windows, apparently including legitimate efforts to upstream the port to the main "Portable OpenSSH" project, and it seems (or at least seemed) to be as compatible as one would expect.

        When I last tried it, the only issue I ran into was oddities in the terminal emulation, due to Microsoft's shell environment being "special" (things like backspace/del behaving oddly etc.), but it otherwise seemed to work just the same as OpenSSH on my Linux boxen. It's probably been nearly a year since I tried to seriously play with it, so I imagine a lot of improvements have taken place since then.

        One nice thing about this project is that there seem to be rumors that "Powershell remoting" will eventually use SSH as its authentication and transport mechanism, which is a major hole in the current port of Powershell to non-Windows platforms. (You *can* do "powershell remoting" from e.g. Linux to Windows, but *only* if you substantially downgrade the security on the Windows side to allow it, because apparently it currently depends on one of the many special "Windows-only" features in powershell to do otherwise. Switching to SSH for this would fix that problem.)

      • Re: (Score:2)

        by pnutjam ( 523990 )
        Use Mobaxterm, it's got the full ssh server/ client stack with port forwarding and all sorts of other goodies.

    • I use a linux workstation at work. Having an SSH Server on windows would make life a lot easier for the rare occasion that I have to do something on a windows server.

  • Err... have we not learned? (Score:3, Insightful)

    by Anonymous Coward on Sunday December 17, 2017 @01:46PM (#55755991)

    After Windows 10 turned out to be one OS-sized piece of spyware [networkworld.com], why would any sane person use it for anything [dailykos.com]?

    Time to kick that shit to the curb.

    Anyways Linux and BSD both have much better SSH support, without the malware coming bundled with win10.

    • why would any sane person use it for anything [dailykos.com]?

      People didn't care about Google.
      People didn't care about Facebook.

      What makes you think that people would care now?

      Interesting that you question their sanity. What was the definition of insane? Seeing the same thing happen over and over again and expecting a different outcome!

  • putty (Score:3)

    by jmccue ( 834797 ) on Sunday December 17, 2017 @01:51PM (#55756025) Homepage

    Windows 10 that may just see the retirement of Putty

    I do not see that happening, most people I know who need to access UN*X systems via windows uses putty and hardly ever opens up a "DOS Box (? not sure what it is called now). Anyway putty is a nice tool for people who likes GUI type applications so it will still be around.

    BTW, I tried to get a few of them to go to Linux (work allows one to use Linux), but without luck.

    • not sure what it is called now

      Command prompt

    • I do not see that happening, most people I know who need to access UN*X systems via windows uses putty and hardly ever opens up a "DOS Box

      Not entirely sure what a DOS Box has to do with it given both putty and openssh can most easily be run by start > run > "putty -s 192.blahblahblah". Now you just write ssh instead!

      Also I'm sick of putty. It has so many problems with ncurses. There's no valid settings that make it work properly with a variety of software. If midnight commander renders correctly you know nmon won't, and vis-versa as just one example.

      Personally when I want to access a Linux box from Windows 10, I start the command with s

    • Windows 10 that may just see the retirement of Putty

      [...]a "DOS Box (? not sure what it is called now).[...]

      In my experience, for masses of low-end Windows admins, it's called a "command prompt" (or "DOS Prompt" if the admin is old), and refers to that black-square icon you "run as administrator" in order to paste in the magic incomprehensible line of text that some website says fixes the problem you're trying to fix.

      For more skilled Windows admins, it's a "powershell session", which, to be fair, also often is "that blue-square icon you 'run as administrator' in order to paste in the magic incomprehensible line

    • Re: (Score:2)

      by kriston ( 7886 )

      I don't agree with the silly "retirement of PuTTY" sentiment in this article. Everyone knows that the console prompt won't meet the needs of even the most casual remote shell users.

      The big news is that, in the future, there will be an officially-supported and NATIVE implementation of OpenSSH using the native Microsoft Windows crypto library instead of OpenSSL on the Windows platform.

      That's worth the cost of admission, if you ask me.

    • Comment removed based on user account deletion

  • How long until Windows has become Linux? (Score:1)

    by Anonymous Coward

    Or BSD, of course.

    Given an exponential curve, it can only be a few years now.

    A crippled version without all the meaningful things that the average complete retard doesnâ(TM)t care about (because heâ(TM)s a retard), like freedom, open source, individual choice, and of course compatibility with what they originally embraced.

    Because nobody has told them that they are't the all-powerful monopolist anymore, and so ... gotta still reach for step 2 and 3: extend, and extinguish.

  • "doesn't use the OpenSSL library." (Score:4, Insightful)

    by Chris Mattern ( 191822 ) on Sunday December 17, 2017 @01:58PM (#55756057)

    Then how is it 'OpenSSH"? If it isn't using the Open code, it's just SSH, right?

    • Re: (Score:1)

      by ebob9 ( 726509 ) *
      Isn't it based off of this?
      PowerShell/Win32-OpenSSH [github.com]
    • OpenSSH hasn't required OpenSSL since 2014. Of course that doesn't mean it is a good idea to just use any old SSL lib, and Microsoft has a long history of being unable to do encryption right going back at least to LANMAN incompetence, so you would be an incompetent fool to trust this implementation.

    • Re:"doesn't use the OpenSSL library." (Score:4, Informative)

      by Barefoot Monkey ( 1657313 ) on Sunday December 17, 2017 @02:46PM (#55756405)

      OpenSSL and OpenSSH are not really related. Neither is OpenGL, for that matter. They are different projects maintained by different people, and just happen to all have "Open" in their names. It is possible for OpenSSH to use OpenSSL for some cryptographic functions, but not necessary (at least not anymore - once upon a time OpenSSL was a dependency).

      OpenSSH is the OpenBSD project's implementation of an SSH client, server and related utilities. If Microsoft is calling it "OpenSSH" then they must be using a port of OpenBSD's programs instead of creating their own. (In fact, Microsoft promised [microsoft.com] to port OpenSSH to Windows back in June 2015).

    • Re: (Score:2, Troll)

      by xtronics ( 259660 )

      Most likely using alternate libs written by a three-letter-agency - I assume M$ gets paid large amounts to do such things.

      So I would consider M$ version of "openSSH" to be similar to 'secure-boot' - names intended to mislead the general public.

      • Re: (Score:2)

        by jabuzz ( 182671 )

        No almost certainly using the Windows platform cryptography libraries, which is the sane thing to do on a Windows platform. It's also the state goal from back in 2015 when Microsoft announced the plan to port OpenSSH to Windows had been approved since Balmer had left and was no longer able to veto it.

  • Between removing Telnet and adding SSH.

    • There's no gap at all. You can install telnet on Windows 10 exactly the same way as you would install this SSH client or server.

      Microsoft didn't remove telnet, they just made it optional.

      • Re: (Score:2)

        by kriston ( 7886 )

        That's right. Most of us install the telnet client by habit when installing Windows.

        Now we can install a native SSH client. If we want, we can install an SSH server, too.

      • Microsoft didn't remove telnet, they just made it optional.

        Which makes it completely useless for remote TCP troubleshooting - which is all I ever really used it for. If some random computer is going to have to load the Add/Remove Windows Components screen and take upwards of 5 minutes, it's no longer the quick and dirty tool it once was.

        • You inability to not install suitable software on a remote computer before you run into trouble is not Microsoft's concern.

          You inability to continue not doing so since this version of SSH is delivered in the same way as the current telnet is (please try and follow the conversation rather than angry-ranting) still is not Microsoft's concern.

          • You inability to not install suitable software on a remote computer before you run into trouble is not Microsoft's concern.

            I frequently do remote support for people I've never had contact with before. Being Hiding a 129KB .exe with likely no dependencies is not really going to fix Microsoft's bloat problem.

            The good news is that I have found a very fast way to install it
            pkgmgr /iu:"TelnetClient"

  • OpenNSAbackoor? (Score:1)

    by Anonymous Coward

    No thanks.

    Where's the source?

    Thought so.

  • If your limiting factor is CPU in your OpenSSH sessions you're doing something very VERY wrong.

    • Re: (Score:2)

      by kriston ( 7886 )

      Hahah, no, I'm not doing anything VERY wrong when I'm using this feature on a device that does not have hardware encryption and also has a weak CPU, like the Windows 10 IoT Core which is targetted at these devices.

      Try again. And don't assume you know what the real-world implementation is.

      • I'm impressed. You found something that runs Windows 10 IoT core but has trouble with your SSH session! As for weak CPU you really should qualify that. SSH hasn't been CPU bound for 20+ years, and the weakest of devices currently are faster than they were.

  • https://www.bleepingcomputer.com/news/microsoft/how-to-install-the-built-in-windows-10-openssh-server/ [bleepingcomputer.com]

    Are the best instructions I found. Also, you'll have to open port 22 in since the installer doesn't open it even if you use Microsoft's own firewall.

    Any idea when this is coming to Server 2016?

  • That works much better and bash.exe and doing a apt-get install openssh gives you the full package

    • Re: (Score:2)

      by kriston ( 7886 )

      Not really. That worked well in the past on the Windows Subsystem for Linux model, but this implementation is in native Windows, using native Windows crypto libraries.

      It doesn't involve the WSL model at all.

      That means remote access to PowerShell primitives without bothering with the extra layer of WSL.

  • It took Windows just 10 generations to follow unix!

  • ssh -X, ssh -R or ssh -L like openssh and putty?

    If it does ssh -X natively without xming or whatever your preferred windows X server I will be impressed.

  • Already deprecated algorithms (Score:5, Insightful)

    by twistedcubic ( 577194 ) on Sunday December 17, 2017 @04:59PM (#55757147)

    ....but why wouldn't MSFT include Blowfish, Twofish, CAST, and 3DES?...

    Slashdot article: New SWEET32 Crypto Attacks Speed Up Deprecation of 3DES, Blowfish [slashdot.org]

    Bruce Schneier, the creator of Blowfish, long ago suggested people stop using it.

    • Re: (Score:2)

      by kriston ( 7886 )

      Thanks, I posted this without enough comment to avoid baiting this kind of comment.

      Congratulations, you've taken the bait. He didn't really discourage its use, just that he was suprised that so many people still used it.

  • Interesting. I make a SFTP Server for Windows, actually the first release was this month. While my classic ftp stuff is still going strong, despite IIS being out for decades. I wonder if their implementation will be complete and what kind of niche space will still be avail. I'm a little worried about MS releasing something that crushes my effort, but in the past, they kind of derp out on these efforts. While the Windows Linux Subsystem is certainly cool, it's also quite crippled and feels quit isolated on t
  • The slashdot community has so much bickering in this thread, it's no wonder we still haven't gotten a handle on security. Hardly anyone understands this stuff.

Slashdot Top Deals

THEGODDESSOFTHENETHASTWISTINGFINGERSANDHERVOICEISLIKEAJAVELININTHENIGHTDUDE

Close