
Microsoft announces support for SSH - niklasni1
http://undeadly.org/cgi?action=article&sid=20150603090420&mode=expanded
======
mnw21cam
Already referenced in
[https://news.ycombinator.com/item?id=9646971](https://news.ycombinator.com/item?id=9646971)

------
nailer
If you're a Unix person looking to check out Powershell, the classic 'Rosetta
Stone' got ported to Windows Server recently: [https://certsimple.com/rosetta-
stone](https://certsimple.com/rosetta-stone) . This allows you to find Windows
equivalent commands of whatever version of Linux/Mac OS/SmartOS/OpenBSD you're
using.

Interesting insight into 'new Microsoft': first two times Powershell team
asked to add SSH, they were rejected. Now it's OK: see last paragraph of
[http://blogs.msdn.com/b/looking_forward_microsoft__support_f...](http://blogs.msdn.com/b/looking_forward_microsoft__support_for_secure_shell_ssh1/archive/2015/06/02/managing-
looking-forward-microsoft-support-for-secure-shell-ssh.aspx)

------
bovermyer
This is excellent. Now I won't have to rely on that terrible, terrible program
PuTTY.

As for those who are claiming this is a harbinger of Microsoft trying to take
over SSH... well, get those tinfoil hats ready, kids. Looks like Nadella's
Microsoft is willing to play nice in a wide variety of arenas, so you'll have
all kinds of things to be foolishly terrified of.

~~~
timthorn
Terrible? Concerns over how to obtain it aside, what's wrong with PuTTY?

~~~
sp332
All the configuration is stored in the registry so it's difficult to hand-edit
or export/import. Also it mashes a terminal emulator together with an SSH
client so if you want one you're stuck with the other.

~~~
lultimouomo
> Also it mashes a terminal emulator together with an SSH client so if you
> want one you're stuck with the other.

That's not (completely) true, you can easily use the SSH client (plink)
without the terminal emulator. It is actually quite common to do so.

I don't think it works the other way around though.

~~~
astrodust
> It is actually quite common to do so.

So common I've never seen it done. Ever.

------
jaboutboul
Is it just me or does it seem like eventually windows will become some variant
of unix/linux?

~~~
JoeAltmaier
Windows support for driver development is lightyears ahead of everybody else.
Picking up a library or two doesn't make it a variant of anything.

~~~
dredmorbius
How exactly do you mean that?

The total _count_ of devices supported by Linux exceeds that of any other OS,
based on statements from Greg KH and others.

Windows has an edge in some areas of proprietary desktop hardware (see Linus's
infamous but richly appropriate "fuck you, Nvidia" comment). But that's
superiority in a narrow (though highly significant) niche.

As desktop falls in significance, that edge and leverage will be less
valuable.

~~~
JoeAltmaier
I mean it as a driver developer. Its trivial to do things that are difficult
or impossible anywhere else. The environment has good support for driver
developers.

I would dispute the 'total count' argument. Windows doesn't require rebuilding
the kernel to get device support for some vendor's hardware. The total count
of Windows machines actually succeeding in supporting any given device could
be many times higher.

~~~
pgeorgi
Windows doesn't require rebuilding the kernel (although I guess there are few
Linux drivers that are mutually exclusive, and just building all of them is
standard practice for many distributions), but every now and then it requires
rebuilding the drivers (which may or may not happen).

Linux's integrated design makes that the kernel developers' problem, not the
users'.

~~~
lqdc13
It becomes the users' problem when driver support is not available for the new
hardware they just bought.

So they have to hunt down the PR on github and build it themselves.

~~~
pgeorgi
My scanner and audio interface still work on Linux (and yes, I had to look if
they're supported), no matter what updates come my way. Upgrading from XP to
Windows 8 disabled them.

For the audio interface there's even a Win8.1 driver, but its reliability is a
joke. The DDK takes care of everything? Not for this vendor.

------
rafa2000
I always used openssh under CygWin on Windows, not a problem but I preferred
not to use Windows at all.

------
ascendantlogic
I'm old enough to remember the Microsoft of the 90's and early 2000's. I'm not
any more scared of them doing Embrace, Extend and Extinguish any more than I
am of other large tech behemoths. Understand that altruism performed by any
company of that size is entirely driven by profit motives. Don't assume they
want to give everyone SSH hugs just because they're nice people now. But that
also doesn't mean they're "evil" per se, just doing what makes sense in
today's marketplace.

~~~
brettkc
Giving developers nice tools as a way to advance the brand is hard to call
evil.

------
jilted
This is great news for Administrators and IT Staff as in the Enterprise,
Microsoft is still very relevant and this will only ease Management.

I am of course referring to the still existent non-startup style companies
which might have non-technical users/staff such as Project Managers or
Business Analysts etc. In my experience, once a company gets past 50 users or
so, Windows is still the way to go.

Sincerely hope they will donate to the OpenSSH project to support its ongoing
development going forward and not just mooch off it as many other companies
do.

------
rilita
We could already run OpenSSH on Windows. I typically do via cygwin.

It appears people are building it against MinGW? (
[https://www.nomachine.com/AR05H00563](https://www.nomachine.com/AR05H00563) )

If we can already build Windows binaries of OpenSSH, why does it matter if
Microsoft begins to offer that also? Is Microsoft going to provide full source
for their build process? If they don't, would it be a good idea to even use
it?

------
grkvlt
The actual MSDN blog entry's link should be used for this.

[http://blogs.msdn.com/b/looking_forward_microsoft__support_f...](http://blogs.msdn.com/b/looking_forward_microsoft__support_for_secure_shell_ssh1/archive/2015/06/02/managing-
looking-forward-microsoft-support-for-secure-shell-ssh.aspx)

~~~
nailer
Agreed, but I think the OpenBSD people did well by saying 'SSH' in the main
part of their title. 'Secure Shell' is like 'modes': you might use ssh or
chmod every day but it takes one tick for people to realise what's meant.

------
tedchs
How are people controlling Windows servers remotely without SSH? Remote
desktop only?

~~~
ygra
Remote Desktop and/or PowerShell Remoting. The latter is a bitch to set up but
once it's there it's every bit as flexible as SSH.

------
Yuioup
Excuse my ignorance, but can this also be used in cmd.exe context?

~~~
jevgeni
Well, at least as CMD.EXE /R "powershell ...", I think.

------
thrillgore
Finally, progress! I've moved to Mosh for all my personal needs, but SSH is a
very important protocol and i'm optimistic to see how its implemented in
PowerShell.

------
bunderbunder
I felt a great disturbance in the force, as if millions of voices suddenly
cried out in glee and were suddenly deleting their copies of PuTTY.

------
schnable
"those who do not understand UNIX are doomed to reimplement it, poorly"

That described Windows for a long time, but seems like things are changing.

------
glxc
first thought- MS didn't support SSH?

~~~
acomjean
I don't think so. Thus everyone looking for a free client. The PuTTY client
being popular. The offical is at a ~sgtatham/putty/ web address which seems
very old school.

Though recently some not official versions had malware installed if I'm
remembering. I'm wondering if this is a response to that.

~~~
wlesieutre
Old school and served over HTTP, making it not that hard for someone to MITM
you and give you a backdoored client when you download it.

Don't worry though, the page has checksums you can validate your download
against! Except those are _also_ served over HTTP.

~~~
sfk
Yes, sgtatham should move to a secure location like GitHub. Homakov is perhaps
willing to guide the transition.

~~~
JoeAltmaier
Maybe somebody could automate the process, provide a service?!

------
lmm
I was running SSH from Microsoft on my Windows XP boxes, years ago, thanks to
SFU (later SUA).

Then Microsoft killed it.

------
lessthunk
why use MSFT in the first place? Really, it is 2015.

~~~
banachtarski
Well at this point, with OSX and their shitty graphics drivers (and I mean so
shitty you install Windows and perf goes up), if you want to do any GPU
intensive application, Windows still dominants. DirectX >>> OpenGL (although
I'm looking forward to vulkan).

~~~
PopeOfNope
Are the OS X drivers really that bad in comparison to the windows drivers?
Instinctively, I have a hard time believing that if only because the Linux
drivers are so much worse than the OS X ones. :(

~~~
banachtarski
The proprietary linux drivers are not worse than the OSX ones. Only the open
source ones (for obvious reasons. They have less insight into how the device
hardware is architected).

If OSX let hardware vendors write drivers for OSX, they would be in much
better shape. But Apple OS internals are pretty much nonsense as far as I'm
concerned.

------
anacrolix
What year is it??!

------
jvandonsel
It took them until the 21st century to do this?

------
thebouv
I think this is a good move. It'll be in the enterprise in .. 10 years?

------
philtar
Embrace, extend, extinguish.

~~~
pluma
Emphasis being on "embrace" at this point. It's too early to cry wolf yet --
there's not even an obvious way to get from here to "extend".

~~~
0x0
Sure there is. Add an ActiveDirectory specific auth type to the protocol and
watch all non-windows clients fail to log in :)

~~~
mhurron
Just like they killed ldap and kerberos so non-MS OS's couldn't use AD. Oh
wait ...

In fact, what has MS actually extinguiushed?

~~~
pgeorgi
The kerberos described in
[http://web.archive.org/web/20140222133423/http://www.network...](http://web.archive.org/web/20140222133423/http://www.networkworld.com/news/2000/0511kerberos.html)?

~~~
sudioStudio64
That was from 2000. Since then they have released all of their protocols as
open spec documents.

[https://msdn.microsoft.com/en-
us/openspecifications/default](https://msdn.microsoft.com/en-
us/openspecifications/default)

Their kerberos implementation works with heimdal and mit. They used an optinal
field to include group membership data so that authorization decisions could
be made from the contents of the ticket.

[https://msdn.microsoft.com/en-
us/library/gg604662.aspx](https://msdn.microsoft.com/en-
us/library/gg604662.aspx)

I'm just saying. Times have changed. Will they ever be as open as an open
source project run by volunteers? No. Have they dramatically improved their
position in response to the very real criticisms of their past behavior. Yes.

~~~
atonse
> Will they ever be as open as an open source project run by volunteers? No.

The ASP.NET and other .NET teams beg to differ. Their code (not some mirror)
is hosted on Github and Apache licensed. You can fork it just like any other
open source project.

So yes, parts of Microsoft's tech is actually free and open, for all practical
definitions of free and open (the GNU people's pedantic arguments about Apache
not withstanding)

~~~
sudioStudio64
Very true. I was just saying that they are always going to be different than
some of the more open structures in FOSS land. Not worse...just different.

The ASP.net team is kicking major ass.

