
Microsoft Adds an OpenSSH Client to Windows 10 - awiesenhofer
https://www.servethehome.com/say-farewell-putty-microsoft-adds-openssh-client-windows-10/
======
joeyaiello
Hey there, everyone! I'm the PM for this project, and it looks like I'm a
little late to the party, but I wanted to drop in some notes to add to the
discussion:

* we also shipped OpenSSH's sshd server, but it's a little tricky to configure right now. Expect a blog post this week. * This is not production-ready in the current version of Windows 10 (hence the "(Beta)" in the label), but we hope to be soon. * All of this is being done in open-source out of a fork at [https://github.com/powershell/Win32-OpenSSH](https://github.com/powershell/Win32-OpenSSH) (code work is technically checked into [https://github.com/powershell/openssh-portable/](https://github.com/powershell/openssh-portable/) first, but those will be consolidated at some point). Check the Wiki there for a ton of info. * We've been working closely with the official OpenSSH Portable maintainers to get upstream at some point in the future. They've been awesome to work with so far, and we're really looking forward to moving Windows onto the definitive SSH implementation of the world.

This is been a super fun project to work on over the last couple years, and
I'm glad that there's such a groundswell of excitement around it. Like I said,
I hope to be publishing a lot more documentation/material on our plans as we
get to a production-ready state.

I've also been super swamped with the release of PowerShell Core 6.0 [1] for
Windows/macOS/Linux coming early next year, hence the lack of a good release
announcement on these beta bits...Thanks to Patrick Kennedy for finding it and
letting everyone know! :) )

[1]:
[https://github.com/powershell/powershell](https://github.com/powershell/powershell)

~~~
jlgaddis
Having no idea how an SSH server is intended to work on Windows, I have a
question:

When I connect to a Windows box running an sshd, what exactly happens? Do I
just get dropped into a command prompt or PowerShell session or what?

~~~
joeyaiello
It drops into cmd, but it is configurable (and there's actually a Chocolatey
community package for it that I believe prompts you for which default shell
you want at install-time).

With PowerShell Core 6, we _also_ support PowerShell Remoting Protocol (PSRP)
over SSH as a transport, which means that you can do stuff like New-PSSession
and Enter-PSSession without WinRM. (PowerShell just gets registered as a
"subsystem" of sshd, same thing sftp-server does.) You can check that out
here:
[https://github.com/powershell/powershell/tree/master/demos/S...](https://github.com/powershell/powershell/tree/master/demos/SSHRemoting)

~~~
nailer
That's really odd. Are you going to fix this before the final release?

------
pjungwir
When I have to work on a Windows machine the first thing I install is git:
[https://git-scm.com/downloads](https://git-scm.com/downloads)

It comes with bash and all the standard tools (including ssh IIRC), so I can
work on a real command line. Especially as a vi user, I'm right at home.

I find this a lot easier to manage than Cygwin: a lighter install, no packages
to select, and smoother integration.

~~~
ChuckMcM
These days you go to the Microsoft App store and download Ubuntu. It loads up
actual bash and comes with everything you'd expect. (ssh being just one of the
things). The terminal emulation is improving (there are still a couple of
glitches) but pretty much all of my daily tools work exactly correctly.

~~~
gkya
Is there any advantages over using Ubuntu itself directly?

~~~
ChuckMcM
Well not if you aren't using other parts of Windows :-) but if you are
constrained to using Windows for other reasons then the advantage is you get
all the tools with a much lighter weight system than say running a virtual
machine.

There are also some systems where kernel support for the devices is lagging,
either because they are proprietary and poorly documented or because they have
insufficient market penetration to get someone interested in writing good
driver support. For example support for the pen on the Surface Pro 4 line is
really horrible (IMHO) on Linux.

~~~
pjungwir
So these devices need real kernel drivers? Windows doesn't provide some kind
of emulation through its own drivers? I guess that makes sense although it
didn't occur to me.

If that's true, will those new drivers also work on a regular non-Windows
Linux install? That would be really great news, and pretty ironic, if device
manufacturers or even Microsoft itself were suddenly writing more/better
drivers for the Linux kernel. :-)

~~~
noselasd
The grandparent is saying that if you run plain Ubuntu directly on a device,
Ubuntu (or really, the Linux kernel) might not have drivers that work
reasonably well for some hardware on that device, while Windows most certainly
does have decent drivers for that hardware.

When you run Ubuntu on top of windows, windows replaces/emulates the Linux
kernel - at least the part it needs to run the subset of Ubuntu that windows
currently can - this emulation provided to run Ubuntu is done on the interface
between the kernel and userspace, it is not done on a device/driver level.

Drivers are OS specific, the drivers in question here are either windows
drivers, which works only on windows, or they are linux drivers which work
only on linux. (Noone is writing drivers for windows which could also work on
linux)

~~~
slededit
It's not an emulator. The NT kernel really does support the necessary system
calls.

~~~
noselasd
Sure, but there's a layer that emulates the linux syscalls. Though perhaps
it's more appropriate to call it "translates" instead of emulate.

~~~
slededit
Its not a layer on top of the NT system call infrastructure. Its brand new NT
system calls that do exactly what the equivalent Linux ones do. There is no
combination of win32 NT system calls that will get you the behavior of fork().

~~~
gmueckl
Aren't the NT system calls also just a personality module above the actual NT
kernel? The kernel was originally designed to provide multiple kinds of user
spaces so that it could run OS/2 programs alongside Win32 ones.

~~~
slededit
No. win32 is a personality, the underlying ntdll calls are not part of that.

------
kabes
"For years, Apple MacBooks have been the go-to choice for many admins partly
because getting to a ssh shell is so easy."

I really can't believe somebody ever bought a MacBook because they found
installing putty too much of hassle.

~~~
colechristensen
You'd better believe that if Windows had an acceptable terminal 10 years ago I
would have never purchased my first MacBook.

The pleasant interaction with other *nix systems was and is a primary driver
for my choice of OS X.

PuTTy sucks. Every other terminal I have tried on Windows sucks. Getting
terminal-based software to work on Windows sucks. I stopped trying years ago
because a terminal on OS X doesn't suck. It might not be a perfect 10, but I'm
happy with it.

I'm also more interested in Windows more and more as time passes.

Losing as the most popular OS has made Microsoft start doing some of the right
things.

~~~
MaxBarraclough
> PuTTy sucks

Never been a problem for me. What are your complaints?

I barely notice the difference, but if I had to choose I'd take putty over
Terminal.app, which has default keyboard-shortcuts that clash with Bash. (I
believe it was Alt-b, Alt-d, or maybe Alt-f. I forget exactly.)

~~~
sgt
It's one of those things that's hard to explain. If you're used to a proper
terminal emulator, you'll know immediately. PuTTy has terrible configuration
and awkward default settings, and gives the impression of being pretty flimsy.
Remove the network cable while in an SSH session, and PuTTy will immediately
disconnect you. Try doing a port forward, and you'll need to dig around
instead of just typing it into a terminal. Also aesthetically, PuTTy has
nothing on Terminal.app or iTerm2 etc.

~~~
ktpsns
This is so true. Another attemp to explain might be: The cmd.exe and PuTTy
always feel like foreign bodies in the windows world, they don't integrate,
they are an rough try to fill the gap between the "old" command line world and
the "new" windows world (in the win95 language). In contrast, already the OS X
terminal feels like a first class citizen in the environment.

It is worth to emphasize what has been said before here: Since Windows
popularity is decending, they start to catch up with that attitude. Nowadays,
for instance, you can open the terminal from every folder in explorer.exe --
this is exactly this kind of integration Windows missed for 20 years. Once
they kick out cmd.exe in favour of something like Console2
([https://www.hanselman.com/blog/Console2ABetterWindowsCommand...](https://www.hanselman.com/blog/Console2ABetterWindowsCommandPrompt.aspx))
and update the toolchain even more than they did with PowerShell (actually
integrating GNU/bash was a major step), developers will come back.

~~~
JoBrad
Have you used Windows recently? The Console team has made significant
improvements in the last year, with more on the way. This article has a good
rundown of some.

[https://blogs.msdn.microsoft.com/commandline/2017/10/11/what...](https://blogs.msdn.microsoft.com/commandline/2017/10/11/whats-
new-in-windows-console-in-windows-10-fall-creators-update/)

------
F00Fbug
It's about time.

I can't imagine (as the author asserts) that people left Windows for Apple
because of the lack of a command ssh client. Here's a thought: If you need to
spend time on Unix/Linux machines, why not just run that on the desktop? I've
been Linux only for 10 years and have no issues. OK, I do need Windows for the
rare moments where I have to collaborate on Word or PowerPoint documents; Win
in a VM (KVM/QEMU) gets the job done.

Does this new client support ssh-copy-id and passwordless logins? I have a
couple of public-facing machines that need ssh; I refuse to enable password
authentication as they'll get banged on all day!

~~~
deadbunny
Because Windows is foisted upon people in corporate environments. Not everyone
gets to run their OS of choice.

~~~
F00Fbug
Good point - as Mel Brooks said, "It's good to be the king!" In my last job, I
was IT; I dread going to some place where they force Windows upon me!

~~~
digitalsushi
I work at a very corporate place with forced windows laptops. There are zero
systems in the company we can sit down at and log into, except our laptops.
The OS version is updated, and upgraded, automatically, even including major
versions. I was just force upgraded to windows 10 and lost support for my
programming environment. I had to recreate it in a new toolset because the one
I have a thousand hours in is no longer supported. (It would work, it's just
not supported - I cannot install it, but it would work fine if I could).

One arm of my company allows macs. This one does not, period. We have a 0% non
windows 10 user base. We can have temporary admin access for 12 hours if we
will out a report, but everything we do is recorded. It doesnt work if we're
on wifi or battery. We are not allowed to install browser extensions, even if
we are developing against the web.

My last job let everyone have admin/root. I had everything I ever wanted. My
workflow was glorious. I was so comfortable. I was able to work 3 to 4 times
faster on average, i.e. my yearly output was probably 3 to 4 times more
productive. I invented new things, scratched my itches, and felt like the king
of the world.

But this job will let me retire.

~~~
jackstraw14
I work in the public sector and our sysadmins have actually made a game out of
tricking people into updating to Windows 10 (and allowing them to take back
admin rights in the process). Like offering Office 2016 upgrades, but only if
you upgrade to Windows 10 too.

I understand it’s much easier for them to manage things this way, but they’re
not going to have the results they want by going about it this way. When my
Windows 10 “upgrade” comes, I’ll just be dedicating one of my monitors to my
own Arch (maybe Qubes) box where I can actually get shit done. I’m a C# dev
too, which makes even less sense, but requesting permission to install simple
dev tools is not going to happen. Life is too short for this nonsense.

~~~
cptskippy
What's your opposition to Windows 10 if you're already running Windows?

We're running Windows 7 and I'm begging to get into the pilot for Windows 10.
As time passes more and more things break in Windows 7 and it becomes less
useful. Most of Intels drivers are garbage and their Bluetooth stack is next
to useless.

I'm running VMs ontop of my Windows 7 install for all development work.
Anything that's Windows based is either a 10 or 2016.

~~~
jackstraw14
I guess I should have noted that I do all my C# dev work in Windows 7 and run
Arch VMs for everything else. My Windows 10 setup won’t be much different, but
I just don’t trust Windows 10 and won’t be running my VMs on it.

I haven’t followed up on whether this “feature” made it into an actual Windows
10 update, but I remember reading about keylogging to the cloud as a way to
pre-load your start menu with things that might be relevant to what you’re
doing. Maybe it’s just being a developer and knowing what this kind of casual
abstraction can cause, but I’m not okay with the philosophy that gets it into
a test release of Windows 10. Microsoft is doing cool stuff these days but
they still haven’t won me over.

~~~
cptskippy
I'm not aware of any keylogging to the cloud "feature". That sounds like some
crazy conspiracy theory dreamed up by the people who hate Windows 10 and or
Microsoft.

Windows 10 has the same frequently used app feature as Windows 7, which you
can didable. You can optionally allow Microsoft to gather data about onscreen
keyboard usage to improve suggestions, like Google Gboard on Android.
Cortana's searches are obviously cloud based, but can be disabled. And Windows
10 offers suggested apps and features in like 3 different places in the OS,
which can also be disabled. Maybe someone dreamed up a fantastic spyware
feature based on all of those things.

~~~
jackstraw14
I hear what you're saying, but none of it makes me feel better about using
Windows 10. It's not high-quality HN discussion, though here's a Reddit thread
about it:
[https://www.reddit.com/r/Windows10/comments/31rxsv/disable_k...](https://www.reddit.com/r/Windows10/comments/31rxsv/disable_keylogger_windows_10/)

You've told me three things that I can disable in Windows 10. Why is this
stuff enabled by default in the first place? How do you know this is
everything I need to disable to address these concerns? Or better, why isn't
user consent requested before any serious "diagnostic tracking" like this? The
answer, I think, is that it's too complicated for the average user. Once this
"diagnostic tool" is effectively hidden from the user, and enabled on all
devices, the tool either has to be monitored regularly (to make sure _more_
features aren't auto-enabled like these were) or eliminated completely. I've
spent too much of my life "monitoring" closed-source software to give much
consideration to that option, at this point.

~~~
cptskippy
During installation/setup you have the option to disable a lot, unfortunately
in an enterprise environment that isn't always something the user gets to see.
Fortunately most of the crap is disabled or not present in the enterprise
version of Windows 10.

It's on by default so that users will interact with it and try it out. This is
pretty standard practice on every major OS or application you use today. New
features are enabled by default and the user gets to figure out how to disable
them if they don't like it.

Case in point, the latest update to Gmail on Android enables a feature of
opening URLs in a Chrome Frame inside Gmail instead of using your browser.
This is great for Google, not so much for the user. I got screwed over because
of this feature because a nonce token I received was consumed by the Chrome
Frame which promptly crashed.

Windows 10's suggestions and prompts are about on par with MacOS High
Sierra's. If you're questioning that statement, try not setting up iCloud some
time then come back to me.

~~~
jackstraw14
It's a trust issue. I think it's a major leap to auto-enable new features
without letting the users know what's going on, but people don't seem to have
a problem with it these days as long as it doesn't raise any red flags in
their mind or on social media. If we're auto-enabling stuff like this, don't
users stop asking the questions? And is that consent?

That's not even going into who is making these decisions, the corporations who
only stand to profit from you enabling these features. They will roll it back
if there is enough public outcry, but burying the option in the system
settings is one way to avoid mass public outcry. Convenient, isn't it.

Sure another major corporation is doing this with their products, but that
doesn't make it right. None of this is an acceptable reason to continue
sneaking it into their products. Plus the data collected has a potential for
even more profit, which is where I just peace out and use an OS I trust. Why
in the world would I give Windows 10 the benefit of the doubt?

~~~
cptskippy
There's definitely value in a lot of the data collected and there's also mass
confusion about what's being collected and what collection can be disabled or
can't as the case may be.

I'm not trying to justify data collection and I think that certain kinds of
telemetry data are perfectly acceptable to be collected. The reason I bring up
comparisons to other OSes is that often opponents to Windows 10 mention
switching to other OSes which aren't necessarily any better.

With regards to trust in privacy and security, I can't say that I trust
Microsoft any less than others. As an enterprise software and services
provider, they are in a position where their products must meet certain
standards in order to be adopted. The fact that they still are implies there's
at least a certain level of trust held in them, unless you're the type of
person who feels all companies are in on it.

Speaking of in terms of trusting in long term commitment and support, I would
say I have greater trust in Microsoft than just about anyone else. They have
the best track record when it comes to not outright abandoning products. You
can argue that opensource software will always be supportable, that doesn't
mean that it will be supported.

~~~
jackstraw14
That's a good point about open source software not always being supported. I
guess it's no coincidence that the large organizations where I've worked were
all .NET shops, but all the Linux boxes ran Red Hat Enterprise. And the
biggest complaint I've heard about about Microsoft not supporting old products
was a discussion about Windows Server 2003 (In 2016...).

I don't think that "all companies are in on it" necessarily, but there's a
reason for that kind of loyalty to customers and it's not because it feels
good. I'm not going to knock Microsoft too much because while I do feel like
they're off the mark in some areas, they're improving their developer support
a lot recently so I'm excited to follow what happens. But I don't think it's a
coincidence that they're rapidly increasing developer support either (we sat
through the app-less wonder of Windows Mobile for quite a while). They are
also of course a publicly-traded company, at the mercy of profit-demanding
shareholders.

I would like to see a world where the people who use the products have an
equal opportunity to contribute and improve it. Not someone behind a wall
squeezing money out of pockets, or throwing candy at developers so they'll
make their platform more appealing for them. Or at least as appealing as the
other guys', else they go under. I'm hanging onto an ideology, I know.

Like digitalsushi said, this .NET job will let me retire but it still sucks.
It could suck a lot worse though.

~~~
cptskippy
> I would like to see a world where the people who use the products have an
> equal opportunity to contribute and improve it. Not someone behind a wall
> squeezing money out of pockets, or throwing candy at developers so they'll
> make their platform more appealing for them. Or at least as appealing as the
> other guys', else they go under. I'm hanging onto an ideology, I know.

I would to and I also recognize that sometimes the community doesn't always
push something in the right direction. Sometimes it takes a dictator to make
things happen. Sometimes there's so many desperate projects that need to work
in concert but can't or won't because of political reasons.

One of the advantages of a major corporation at the helm is that they can
force a vision upon everyone under them and on the industry as a whole. That
strength however is a great weakness or detriment to the industry if the
person driving the boat has ideas that aren't in the communitie's best
interest.

------
bob_roboto
Ultimately this probably helps increase the overall internet security.
Although in recent years it was available from a TLS secured source [0], the
putty.org site (which might or might not be operated by the maintainers) is
still not https secured. Given that probably tens or hundreds of thousands
downloaded it from there (imagine, getting an SSH client from an unknown
source!) I'm surprised not more happened. Other than that, thanks for the
great work maintaining this project which helped me and others a great deal
throughout my career. Countless times have I been stranded on a Windows server
and quickly needed an SSH client.

[0][https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.ht...](https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html)

~~~
huhtenberg
Putty binaries are all signed, which is what you should be looking at when
authenticating a release. Whether you fetch them over SSL is of little
importance.

~~~
bob_roboto
You are, of course, absolutely correct. And I hope this is what internal
package maintainers in large companies and individuals using putty as their
standard SSH client do. However, for many of us putty is a backup when they
are not on their linux/osx machine and just quickly need an SSH client to do
something. The workflow there is google->putty->first
result->download->execute. You absolutely shouldn't, but we also shouldn't
drink and sleep 8h a night :)

~~~
ultrafilter
I put a copy of putty at a short but private url at my own domain so that I
can get it over https.

------
j_s
If open source isn't a requirement and you want a polished GUI client,
[https://www.bitvise.com/ssh-client](https://www.bitvise.com/ssh-client) has
been free as in beer for about 1.5 years. It will be tough for them to beat
being part of the default install!

Odd licensing (free for up to 4 users/machines, but crossing to 5 required
$45/seat) really crimped adoption before the license was changed.
[https://web.archive.org/web/20160329203117/https://www.bitvi...](https://web.archive.org/web/20160329203117/https://www.bitvise.com/ssh-
client-pricing)

Bitvise sells a solid Windows-friendly SSH server for $100. I am not
affiliated apart from being a happy user since before OpenSSH supported
AuthenticationMethods (multiple required) in 2013; it has been my
straightforward licensing alternative to Remote Desktop Gateway.

~~~
ConfucianNardin
They're also squatting the putty.org domain to advertise their software, which
is pretty bad-mannered.

~~~
j_s
Thanks for pointing this out; I'd forgotten about that (having given up on
Putty after discovering the difficulty of sharing configuration
[https://stackoverflow.com/q/13023920](https://stackoverflow.com/q/13023920)).

Putty.org links to the Putty download page with a disclaimer separating
promotion of Bitvise software below. The contrast in marketing language
between "source code [...] developed and supported by a group of volunteers"
vs. "developed and supported professionally" definitely appeals directly to
the Windows mindset! Unfortunately Bitvise's "growth hacking" makes commercial
sense, even if it does cost them potential users.

It is always interesting to contrast various SEO approaches; for example:
contrasting
[https://www.chiark.greenend.org.uk/~sgtatham/putty](https://www.chiark.greenend.org.uk/~sgtatham/putty)
and [https://winscp.net](https://winscp.net). It would be neat if the Putty
author would chime in here; perhaps a funding drive for putty.net is in order!

------
kuon
My main issue is the terminal emulator. MinTTY is the only I can get to work
like I want with colors and fonts, but I still miss ligatures and the
performances are bad.

I'd really like something faster with full color and font support I can SSH
from.

By true color support, I mean this:
[https://github.com/chriskempson/base16-shell](https://github.com/chriskempson/base16-shell)

I use it to change my colors depending on the machine I am on. If I log onto a
production server, the color scheme switch to high contrast with red
background.

~~~
hirsin
Have you tried this out in recent Windows releases? We added 24-bit color
support [1] to the console in Sep 2016, and built a colortool (that supports
solarized) this summer [2]. Most of this should work, and we're all ears for
things that don't.

1\.
[https://blogs.msdn.microsoft.com/commandline/2016/09/22/24-b...](https://blogs.msdn.microsoft.com/commandline/2016/09/22/24-bit-
color-in-the-windows-console/)

2\.
[https://blogs.msdn.microsoft.com/commandline/2017/08/11/intr...](https://blogs.msdn.microsoft.com/commandline/2017/08/11/introducing-
the-windows-console-colortool/)

~~~
kuon
Does it support setting colors via escape sequence from the shell? because
that's the whole point.

~~~
hirsin
Ah, no, I don't believe so - colortool calls into kernel 32.dll to set the
colors it looks like, so they're system wide. The github project linked in the
second blog post would be a good spot to put a bug/feature request in though.

------
nerflad
I'm interested how well the client works under cmd.exe. Last I tried to use
ssh via cygwin, I remember having a lot of issues with escape codes not
working, to the point that I had to go ahead and install puTTY anyway, just
because it was a much better terminal emulator. Microsoft has neglected their
terminal emulator for 20 years now[0]. I hope they improve it soon. I'm aware
that some cosmetic features were added in Windows 10 but frankly it still
sucks compared to even the most basic Unix terminals. Making the terminal a
first class citizen in Windows would do a lot to win developer market share.

~~~
zeusk
You're missing [0]

As for the terminal, it went under quite a revamp for lxss support (linux
subsystem / Windows Subsystem for Linux)

~~~
nerflad
Oops, that was supposed to be a a footnote (just my acknowledgement that there
had been some changes to cmd for Windows 10), but I decided to put it inline.
Can't edit with the HN app I'm using currently.

------
profsnuggles
1:47 video on how to install it.

If you do not want to watch go to “Manage Optional Features” then + “Add a
feature”. You can then scroll down the list and find the OpenSSH Client (Beta)
and OpenSSH Server (Beta) features in Windows.

Do you really need a video when the installation instructions are 2 sentences?

~~~
majewsky
Even if the installation instructions are more than 2 sentences, I absolutely
hate if video is the only documentation method. It has its value as a
_supplement_ to a text description, but not without the text.

(The worst offender that I've come across for this stuff is Minecraft mods. I
want to know how this machine block works, not watch you chat about random
stuff for 30 minutes hoping that the explanation is somewhere around minute
19!)

~~~
johansch
Maybe YouTube should have a "kudos, this video was so good that I'll watch an
extra 30-second ad just to thank you"-button.

(I assume most of these videos are so unnecessarily long because it increases
ad earnings for the content creators.)

------
nickjj
As someone who makes online training courses, the whole putty dance for
Windows was so cumbersome. This is excellent news.

Personally I would recommend anyone on Windows to use WSL (which supports ssh
and scp out of the box) but it's nice to see this is available for people who
don't want to use WSL.

~~~
j_s
> the whole putty dance for Windows

Do you have something you can share publicly to demonstrate to the uninitiated
how painful this has been?

Putty's dedication to the Windows registry has caused me tremendous grief.

Helping end users (Windows developers) configure Putty is the bane of my
"discount" remote access strategy (SSH port forwarding).

~~~
nickjj
I usually point people to specific steps of this DO guide
[https://www.digitalocean.com/community/tutorials/how-to-
use-...](https://www.digitalocean.com/community/tutorials/how-to-use-ssh-keys-
with-putty-on-digitalocean-droplets-windows-users).

It gets even worse too because in some of my courses (like my Let's Encrypt
course) I request people to securely transfer files to their DO server.

So now they have to set up WinSCP or a comparable tool, which has its own set
of lengthly instructions.

And for comparison on MacOS, Linux or WSL it's just:

Create SSH key: ssh-keygen -t rsa (hit enter a couple of times)

SSH into a server: ssh user@host

SCP a file to a server: scp foo.conf user@host:/tmp

------
technofiend
Although it's appreciated as a UNIX admin I can honestly say I don't use
Windows by choice but because my enterprise says I must. That's partially
because all the productivity tools are found there and partially because the
desktop guys are massive Microsoft bigots and refuse to host anything else.
(It's OK I can say that as a massive UNIX bigot and besides they'll tell you
the same.)

And frankly with the tiniest bit of effort I can crank up a local xterm and
then ssh which gives me lovely things like color, font choice, easy window
size changes and thousands of lines of scrollback. Why in 2017 would I want to
use a bare naked ssh client unless there is simply no other choice?

~~~
tjoff
Default packages are extremely important. That you can walk up to any computer
and get work done without installing anything, even downloading putty.exe is
_far_ too much effort in some cases. Also it is kind of rude to just download
and execute things on friends/colleagues computers ad hoc.

If this will be installed by default it will be awesome, and imho even the
process described here by enabling a feature is still better than putty.exe
(it will get managed by windows and updated if need be etc.).

For my own windows computers though, the first thing I install is WSL and a
proper terminal app (cmder).

~~~
jenscow
Downloading putty.exe (or executing on a USB or share) is less invasive than
installing the OpenSSH client feature.

~~~
technofiend
Oh you fancy people with the ability to download and execute things.

------
neilsimp1
I'm confused. I've been using
[https://github.com/PowerShell/Win32-OpenSSH](https://github.com/PowerShell/Win32-OpenSSH)
for this for a long time now. Everything works well. Is this new thing somehow
different? Better?

~~~
jstarks
Same thing but you can install it via Windows optional features now.

------
michaelbrooks
Ever since Windows 10 was released, you could download and install the OpenSSH
client. It's great that Microsoft has actually built this in now (even if it
is beta).

------
romanovcode
Wow, took them what, 20 years?

But nevertheless I'm happy. Great job

~~~
shak77
Took them? Why should Windows come with an SSH client?

~~~
reificator
I don't work for Microsoft, but my guess would be in order to securely access
a shell. (Remotely, but srsh doesn't roll off the tongue)

Honestly though, I'm more interested in an SSH server for Windows. I haven't
tried for many years, but last time I did, getting something more secure than
telnet was a massive pain.

~~~
pmontra
I'm using this in production on a Windows Server 2016

[https://github.com/PowerShell/Win32-OpenSSH/wiki/Install-
Win...](https://github.com/PowerShell/Win32-OpenSSH/wiki/Install-
Win32-OpenSSH)

It works but I never managed to connect to it using public/private keys, only
username and password.

Luckily I don't have to type them:

sshpass -f password.txt user@windows.host "powershell Stop-Computer"

It would be great if at least Windows Server came with a built in ssh server.

~~~
j_s
Maybe this is because key auth requires domain\username@host (doesn't resolve
the domain automagically)?

[https://github.com/PowerShell/Win32-OpenSSH/issues/420#issue...](https://github.com/PowerShell/Win32-OpenSSH/issues/420#issuecomment-306592145)

------
rando444
Seems like they're missing support for a lot of algorithms.

It's a good step to be sure, but not a replacement for Putty by any means.

~~~
tankenmate
Which algorithms are they missing?

~~~
rando444
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-
exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-
group14-sha1,diffie-hellman-group1-sha1

without these you'll likely be unable to connect to Cisco devices, vCenter,
etc.

~~~
simias
The SHA1 variants are deprecated on modern OpenSSH as well, although they're
still supported if you explicitly enable them.

I agree that it would be nice to have them "opt-in" in Windows as well, in my
experience a significant amount of legacy equipment still uses these
deprecated algorithms.

------
unfamiliar
What I'd really like to see is an OpenSSH _server_ for Windows. My biggest
gripe is not being able to SSH into a Windows machine and use one of the 3
major shells available now (cmd/powershell/bash).

~~~
merb
it has a ssh server, too. but I do not know which shell you get after ssh'ing
into (trying out right now)

------
coldacid
I prefer installing OpenSSH from Chocolatey instead, since that way I know I'm
getting every month's updates. I've been using the sshd for a year now on my
media server, and have the client on all my machines. It's pretty solid,
although I do have one ongoing issue related to how ssh-agent works (instead
of emulating UNIX domain sockets it uses Windows named pipes, and I can't make
a working proxy for Windows gpg-agent to replace it so I can use my smartcard
for SSH).

------
chrismorgan
Does it include an SSH agent to replace Pageant? And preferably with WSL
integration?

~~~
lucastheisen
I haven't tried the os feature version, but I assume it is the same one you
can install from chocolatey... If so, then yes, it has ssh-agent.

------
manishsharan
This is well and good but I wish Microsoft would take a strong stance on
corporations launching MITM attacks on their employees' HTTPS sessions by
injecting their SSL certificates on every session. I can understand
corporations blocking sites like facebook but I don't see why they need to
read everything I read on the web.

~~~
Someone1234
Sounds like an issue for lawmakers or HR are your workplace, not Microsoft...

Microsoft is a technology company, they aren't in charge of the HR or
management at your workplace and consequently shouldn't be trying to fix HR
issues using technology. There's plenty of legitimate uses for MitM-ling TLS,
and in some circumstances even that is one of them (e.g. on hardened networks
with VPN endpoint interconnects).

------
Zenst
Back in the late 90's I used to carry a memory stick with VNC and putty upon
that I use to tunnel a VNC connection over SSH to my home network and oven
over bonded ISDN (128k which I had at the time in the UK) it was more than
usable or attaching to any of my systems.

Then Cygwin came of age, proved very very very useful for adding the tools
windows corporate desktops missed out upon for work related activities.

But in all that time, PuTTy has been a very good terminal client for SSH
needs. Whilst it is good that Microsoft is adding this, it has never been a
hurdle for many and those who run into a corporate wall that tough, have
always been able (from the ones I've worked with and collegues) been able to
circumnavigate around it :- Usually using the corporate security policies to
bash the corporate desktop witch upon the head. Fight fire with fire if you
can't bend the rules.

~~~
davidcollantes
I am missing the point you are trying to make.

For those who like -- and prefer -- GUI, Putty (or any other GUI based SSH
client) will remain king. For the rest, this is very good news. It is the same
client many have been using for many years under their Unix alike OS, just on
Microsoft Windows.

~~~
Zenst
Point being, those who wanted SSH or unix tools under windows - there have
always been options, even with the most zealous of corporate desktop policy
that I have encountered and in the worst cases, you can use the corporate
security policy to make that happen.

------
muxator
If one's necessities are not limited to an ssh client, Cygwin has been
available for years, is free software, and has a very good integration with
Windows (you have read/write access to the whole filesystem, for example,
something presently cannot be done with win10 subsystem for Linux)

~~~
tiernano
the WSL does have full access to the file system... cd /mnt/c/ gets you access
to the C drive...

~~~
discreditable
It can't work with network shares or non-ntfs volumes though.

~~~
tiernano
you know, i just noticed this... my ExFAT SD Card is not visible... hmmm....

~~~
satori99
I think this is because WSL uses NTFS Alternate data streams to store linux
file attributes, and they don't survive when a file is copied to a non-NTFS
file system.

~~~
sz4kerto
No, I don't think so. Alternate streams are only used inside the emulated
Linux filesystem, not externally.

------
JepZ
Yeah, they probably found out that sending the data from their own
adware/spyware over unencrypted channels back to their own servers was too
insecure. _just kidding_ ;-)

No seriously: Congratulations MS and please evaluate again if you really need
that extra money you make with your advertising deals.

------
72deluxe
I just use the ssh client within the Ubuntu thingy in Windows 10 - surely that
was an option?

------
hsnewman
So this is why Microsoft is such a leader in technology. After only 22 years,
ssh is now in it's operating system! Wouldn't it be nice to have a monopoly
that actually is innovative, rather than simply a lackluster follower?

------
avryhof
The first thing I always installed in Windows was the gnu tools port.
(unixutils?)

Now when I sit down at a Windows box, it's the Ubuntu terminal. Over the
years, I've become pretty platform agnostic. However, having to change my
keyboard shortcuts for Mac, and no single way to copy/paste in a terminal
between Windows (double right-click)/Mac (alternate between middle-click, or
right click and paste depending on the source)/Linux (good old middle click!)
is pretty annoying. It's also annoying that the Mac uses a whole different
button for copy/paste, and the Home/End keys don't work the same.

------
j_s
Haven't seen any discussion yet of the licensing aspects of accessing a
Windows server via SSH.

Linking an independent Microsoft licensing consultant discussing fun terms
like "External Connectors" vs. "Client Access Licenses" (CALs), the "Primary
User of a Windows device" and the current "Web Workload" exception... maybe a
new exception is on the way.

[https://github.com/PowerShell/Win32-OpenSSH/issues/926#issue...](https://github.com/PowerShell/Win32-OpenSSH/issues/926#issuecomment-346871838)

------
zaf
It's in beta and you still have to use the bag of sh*t windows terminal.

I'll skip and continue supporting and using PuTTY.

The PuTTY developers should get a trophy for an essential dev tool that has
been around for ages, free and just works.

------
arca_vorago
As a sysadmin who put up with MSs crap for many years, got fed up, and went
fully gnu+Linux only...

Sorry Microsoft, too little too late, you are an anti-user company, and I hope
your desktop share withers and dies. I'd rather see the world on osx cause at
least it has a semi-decent gnu userland.

I smell blood in the water with moves like this. Its time to ramp up the
attack people! Step 1: rip out AD and replace with Samba4. Step 2: windows
servers become Linux servers. Step 3: non-office user terminals become Linux
terminals. ...

------
aargh_aargh
Built-in OpenSSH was never the problem. You could always get builds for
Windows.

Lack of a half-decent terminal emulator is. cmd.exe is just terrible (I assume
that's what I see in the screenshot).

~~~
jve
I hope you are aware that Windows 10 has improved console:
[https://blogs.windows.com/buildingapps/2014/10/07/console-
im...](https://blogs.windows.com/buildingapps/2014/10/07/console-improvements-
in-the-windows-10-technical-preview/)

And keeps improving:
[https://blogs.msdn.microsoft.com/commandline/tag/console/](https://blogs.msdn.microsoft.com/commandline/tag/console/)

~~~
Slippery_John
I was happily surprised a while back when I started using WSL, but there are a
few things that I still miss:

* tabs * splitting a pane * a default font with a high unicode coverage * better theme support (the current system is clunky)

~~~
jve
You may get away with ConEmu then: [https://rakhesh.com/windows/whee-cmder-
can-do-split-panes/](https://rakhesh.com/windows/whee-cmder-can-do-split-
panes/)

------
hollander
Next step: add recognition for foreign partition formats like HFS+ and ext4.
Just recognition would be a great step, something along the lines of: hey we
see there are partitions on this disk; are you sure you want to format this?
This instead of: Do you want to format this disk?

I don't even expect that you can read or write to those partitions, which of
course would be trivial to add for them. Just recognition would be great!

------
edpichler
Microsoft is definitely other company nowadays. When I started on IT, more
than a decade ago, they had a completely other market positioning and
strategy.

------
death_syn
Well, I gave this a try on my Windows machine. I tried to generate a key pair
to pass around. I have yet to figure out how to give ssh-keygen a path spec it
can write to. Even no path (just file name for the key in the current
directory) fails with "invalid argument"

So on that note, anyone know how to report bugs on this? Cursory Googling
isn't turning up much.

------
xaldir
Looks like there's a server too, sounds good.

------
znpy
I have been using VanDyke's SecureCRT for more than a year now at work and I
must say if works very, very well.

------
fantasticsid
Last I checked bash on windows is still segregated from the windows system
proper. So you cannot call any windows utility/compilers from windows bash.
You cannot write to existing files/directories either, based on WSL docs.
Hopefully these limitations will be removed.

~~~
AlphaWeaver
I don't think that's true. You've been able to execute windows tools from WSL
for a while now.

~~~
MikusR
And access to file system through /mnt/c even longer.

------
ape4
I needed to reboot to make the install of ssh work. Then I did `ssh linuxbox`
and it tried to login me in as winuser@winbox@linuxbox instead of
winuser@linuxbox. The -l option fixed that. The gtop command looked nice! - it
didn't on putty.

------
samfisher83
You can also use ubuntu bash on windows. With that you can use a ton a linux
utilities.

------
nailer
I've been using this from the daily builds for a year, maybe two, to SSH into
my app servers, DB boxes and load balancers and start tunnels,

It works. Really well.

Microsoft are going to try and get the forked Windows support merged into
OpenSSH ports upstream.

------
jgaa
So, it took Microsoft 17 years to catch up?

I ported openssh to windows in year 2000.

[http://download.jgaa.com/ftp/pub/OpenSSH/](http://download.jgaa.com/ftp/pub/OpenSSH/)

------
ifdefdebug
> There is a new beta feature in Windows 10 that may just see the retirement
> of Putty from many users

I don't think so. Putty is not only a superb ssh client, it's also so much
better shell than command prompt.

------
bkolics
For the love of God, I cannot get ssh-add working with passphrase protected
private keys. If there is no passphrase protection on the private key, then it
works fine. I guess this is what beta means ;-)

------
HaoZeke
The best terminal ssh is obviously mobaXterm.. It even supports X windows.
Plus it's free.

[https://mobaxterm.mobatek.net/](https://mobaxterm.mobatek.net/)

------
ericfrederich
I'm not sure how useful this is by itself. It's cool that it's there for
convenience, but I think I'd rather stick to either Git on Windows or Windows
Subsystem for Linux (WSL)

------
souenzzo
Central store with apps, built-in ssh... Almost like Ubuntu 4.10...

~~~
tempfs
Shhh. It will only be another decade or two for Microsoft to complete their
ugly rewrite of Unix.

------
nottorp
I wonder if it has some "convenient" extensions to the ssh protocol that will
only be available on Windows...

At least they can't afford intentional incompatibilities in this case.

~~~
WalterGR
_I wonder if it has some "convenient" extensions to the ssh protocol that will
only be available on Windows..._

Does it, or is this FUD? The source code is available.

~~~
nottorp
Unfortunately I am somewhat older and I am cursed with a very good memory. The
behaviour I describe in the OP used to be the standard for Microsoft.

Feel free to audit the source code if you want, I'm not using Windows any more
so I don't really care.

------
skellertor
Holy smokes! Why did it take them that long? This is why Microsoft loses so
often. They crawl when it comes to innovation. Thank goodness for their
surface line of products

~~~
ckocagil
>Why did it take them that long?

Because they relied on software sales to businesses, therefore incompatible
tools and vendor lock-in. They're now changing their business model towards
IaaS/PaaS.

>This is why Microsoft loses so often.

Microsoft loses how? You might not like them but they definitely haven't lost
anything.

------
cwt137
How do I get it to use my SSH key automatically? Do I make a .ssh folder in my
home folder? Which key format does it use; PuTTY or the regular format?

------
wensheng
It seems it only available in Administrator mode, to enable it for normal
user, you have to add "C:\Windows\System32\OpenSSH" to your PATH.

------
dexterdog
All this talk about putty and I can't believe nobody has mentioned Bitvise
Tunnelier. It's been my goto SSH client on Windows forever now.

------
orlovs
Can’t wait when the WSman in powershell will be replaced with SSH. This is one
of the obstacles for PS for Linux, due lack out of the box

------
harry8
anyone old enough to remember services for unix?
[https://en.wikipedia.org/wiki/Windows_Services_for_UNIX](https://en.wikipedia.org/wiki/Windows_Services_for_UNIX)

What happened? Will this latest attempt to be non-hostile to unix be dumped as
well? No ssh server, why not?

~~~
ForHackernews
It does include an SSH server.

> There is a new beta feature in Windows 10 that may just see the retirement
> of Putty from many users: an OpenSSH client and OpenSSH server application
> for Windows.

------
currysausage
Maybe someday, we will even be able to type sftp://foo@bar/var/www into the
Explorer address bar!

------
unk
I love that you have to dig through a list of supplemental fonts to enable the
SSH client/server. Oh Microsoft.

------
philamonster
Only available on 1709. No joy on LTSB :(((

------
orlovs
There is clear direction where MS heads. Can’t wait the moment when they will
replace WSman over SSL to native SSH

------
mark-r
Is this a new client and server, or are they just taking advantage of the
ability to run native Linux binaries?

~~~
AlphaWeaver
I'd assume its windows native, considering it can run without the WSL.

------
dbolgheroni
Dear Microsoft,

great to see you are including OpenSSH as part of your own OS, it's a
carefully crafted piece of software that has a lot of appeal among users.

A nice follow-up is to generously contribute back to The OpenBSD Foundation.
You were already a donor and, doing so, are helping further developments while
being much cheaper than hiring a team all by yourself.

Thank you.

------
windoze4346
I can't wait for the day we can accurately describe windows as a quirky Linux
distro

------
dschuetz
What could possibly go wrong?

------
lucaspottersky
yep, welcome to 1999. geez.

------
equalunique
Exciting news!

------
dingo_bat
Can we finally proclaim 2017 as the year of the Linux desktop?

~~~
majewsky
2017 was certainly the year of Linux on the Windows desktop. :)

------
jerianasmith
Even if installing Putty is not a hassle, i see no reason why we can't try SSH
. If it makes IT admin's job easier, we should give it a try.

------
dotdi
Die putty. Die. MUHAHAHAHA.

~~~
snvzz
The UX would have to be better than Putty first. Seeing as putty emulates a
decent terminal, this isn't going to be trivial.

------
milesf
Welcome to the 90's Microsoft. Glad you could make it.

No one has used telnet for over 20 years. The fact that it took Redmond over
20 years to incorporte an SSH client proves to me that they really aren't as
security conscious as they claim to be.

------
qplex
Great. Microsoft. That's just great. Now could you please remove the
spy/adware that is also included in Windows 10?

~~~
jasonkostempski
Even if they did, would you ever trust them again?

------
ijustdontcare
Great stuff, now windows malware can use ssh to infect Linux servers!

~~~
pdpi
If SSH connectivity was a major reason why Windows malware couldn't propagate
to Linux servers, we'd be in very deep shit already.

~~~
ijustdontcare
you miss the point that the right ssh keys will be used by default. currently
malware would have to search for and use the keys by itself. now the servers
will be on a gold platter, ready to be served

~~~
simias
What makes you believe that? Is malware targeting putty common?

