
Install Win32 OpenSSH test release - mikemaccana
https://github.com/PowerShell/Win32-OpenSSH/wiki/Install-Win32-OpenSSH
======
mortonpe
This project is _not_ about bringing UNIX to Windows. It is about bringing the
open ssh protocol to Windows. As a daily UNIX and Windows user in an
enterprise environment, I can say that a fully integrated sshd is a welcomed
addition. I have written and maintained many WinRM interop ruby gems and
cannot wait until we can deprecate them in favor of a better and sane remote
she'll implementation. This is a real milestone, keep up the great work.

As for Cygwin sshd, it does work if posix is the order of the day but if you
need a reliable terminal (for things like powershell) that scales to hundreds
of servers and many admins Cygwin simply fails the test. Clunky domain
authentication, private key auth is a joke, powershell only works sometimes
(thanks PTY), network tokens are non-existent, etc. the list goes on and on.

------
mikemaccana
See also [https://github.com/PowerShell/Win32-OpenSSH/wiki/ssh.exe-
exa...](https://github.com/PowerShell/Win32-OpenSSH/wiki/ssh.exe-examples)
once you've got it running. To work around a bug, you'll currently need to run
`powershell -File -`

It's still way too early to us as a daily driver - lots of small bugs - but
nevertheless interesting.

------
jlgaddis
So once you've done this and you SSH in to the Windows box, I assume you just
end up, basically, in a command window?

For example:

    
    
      $ ssh username@windows.example.com
    
      ...
    
      C:\>
    

Is that right?

~~~
mikemaccana
Yes. From my Mac:

    
    
        $ ssh mike@192.168.0.12
        mike@192.168.0.12's password:
        Microsoft Windows [Version 10.0.10586]
        (c) 2015 Microsoft Corporation. All rights reserved.
    
        C:\Users\Mike>powershell -File -
    
        PS C:\Users\Mike>

------
voltagex_
Backspace doesn't work from a Linux box SSHing into Windows (strange world we
live in), but otherwise it's great.

~~~
mikemaccana
See
[https://github.com/PowerShell/Win32-OpenSSH/issues/57](https://github.com/PowerShell/Win32-OpenSSH/issues/57).

For some reason putty works but iTerm has the backspace issue. Putty user:
what's your $TERM?

Ctrl H works as a workaround BTW.

~~~
voltagex_
$TERM from PuTTY - xterm $TERM from Terminal.app - xterm-256color

------
0x0
Interesting that the build instructions refer to Cygwin. It's a bit
surprising, I'd have expected something more native. What does this bring to
the table that regular Cygwin OpenSSHd couldn't do 10 years ago?

~~~
quanticle
Powershell integration. Cygwin SSH drops you into a bash prompt running on the
Windows box. Powershell is much more deeply integrated with Windows, and is
more useful for actual system administration (e.g. configuring IIS, SQL
Server, etc) than Cygwin's bash.

~~~
EvanAnderson
What "integration" are you seeing? It looks to me like they're just dumping
you out to a CMD.EXE instance and leaving it up to you if you want to run
Powershell. It's nice to see MSFT embracing SSH and all, but this is nothing
that we haven't already been able to do for going on 10 years (likely longer)
w/ OpenSSH on Win32.

~~~
Sanddancer
This is just a very early step one in their roadmap [1]. The deeper
integration is in the next few steps in their development plan.

[1]
[http://blogs.msdn.com/b/powershell/archive/2015/10/19/openss...](http://blogs.msdn.com/b/powershell/archive/2015/10/19/openssh-
for-windows-update.aspx)

------
zrm
Feature request: Domain group policy setting for authorized keys. Make some
ssh key(s) authorized to logon as some domain user(s) for every machine in the
domain.

~~~
EvanAnderson
You could do this right now w/ w/ a "Startup Script" or using Group Policy
Preferences. The authorization to logon is, presumably, tied to the "User
Right" to logon interactively and shouldn't have anything to do w/ the SSH
server (since it's just userland).

~~~
zrm
Authorized keys in the context of ssh means the ability to logon without
password using public key authentication.

Now that I'm thinking about this, anybody know how they're doing public key
authentication for domain accounts at all? If you don't use a password to
logon, how are you supposed to get a Kerberos ticket to use domain network
resources?

~~~
EvanAnderson
Yeah-- that was a pretty braindead response. I was thinking "authorized
hosts". Now I feel silly.

re: the public key authentication for domain accounts - They're calling the
undocumented NtCreateToken() API in "win32auth.c". They don't need a password
to create a token going that route. They've also got an LSA Security Package
to do the key validation inside LSA. I'm looking at this very quickly, but I'm
not seeing that they extended the AD schema to store the public key in the
user's AD account. That would be the best way to handle it, ultimately-- just
have the DCs use that SSH-LSA Security Package to authenticate the users
against the public key stored in their AD account.

------
finid
You can already install OpenSSH for Windows without bothering with PowerShell.
See [http://linuxbsdos.com/2015/07/30/how-to-install-openssh-
on-w...](http://linuxbsdos.com/2015/07/30/how-to-install-openssh-on-
windows-10/)

~~~
detaro
Can you run PowerShell through this?

Also, you probably _want_ PowerShell if you manage a windows system remotely.
(Ok, _you_ specifically maybe not, but many users do)

------
YCOmega
Microsoft is going about the whole SSH thing in a very backwards way.

If all they did was make or back an official POSIX environment, all of this
comes for free.

Insisting that PowerShell be the focal point for all these changes is just
bizarre.

Just install msys2.

~~~
mikemaccana
A half-bad Unix on top of Windows, with its own duplicate way of handling
services, storage, users, permissions and everything else, is a pretty poor
setup. Powershell (particularly the way it separates data from presentation)
is one of the best shells on any OS. Being able to access it from Linux is a
good thing.

~~~
YCOmega
This "separate data from presentation" sounds like TCO-speak. Way too
frequently referenced to be a genuine inspiration.

It's only "half bad" (if that even) because while the whole world moved on
from Windows to Unix (OSX, Linux), Microsoft dug their heels in. Think of it
as paying down long overdue technical debt.

~~~
mikemaccana
> This "separate data from presentation" sounds like TCO-speak. Way too
> frequently referenced to be a genuine inspiration.

Huh? It's a very specific thing. When you run stuff on Powershell, you pipe it
to 'select' or 'where' and pick fields, rather than running grep / sed / awk
and inventing regexs to scrape stuff.

    
    
        ps | where {$_.StartTime -ge $1HourAgo}
    

Before accusing me of 'TCO speak' and being 'ungenuine' \- for mentioning
something that's a well known engineering concept, particularly in the Unix
world (ever used TeX?), you could have done <1 minute of research.

------
jamiesonbecker
This is great news. @ Userify[1], we're looking forward to porting our shim to
PowerShell asap.

1\. [https://userify.com](https://userify.com)

