The OpenSSH client and server are now available as a supported Feature-on-Demand in Windows Server 2019 and Windows 10 1809! The Win32 port of OpenSSH was first included in the Windows 10 Fall Creators Update and Windows Server 1709 as a pre-release feature. In the Windows 10 1803 release, OpenSSH was released as a supported feature on-demand component, but there was not a supported release on Windows Server until now.
Finally!
Windows Server: Now on par with Unix of the late 1990s
I think via some hoops you could do this while staying with terminal server and unix services for windows, but it wasn’t really used much because it was kind of obscure.
Bill Shooter of Bul,
I think the main reason microsoft has been so slow to support SSH is because they considered RDP to be a superset of SSH. And for many windows admins, perhaps it was. However elsewhere openssh has proven itself to be extremely versatile in terms of automation/scripting/port forwarding/remote file access/etc. Some lessor known features may be remote X sessions and connecting remote TUN/TAP interfaces (for adhoc VPNs).
It’s a veritable swiss army knife for administrators and it’s absence leaves quite a lot to be desired. Many of us have used putty on windows, which does a great job for what it is, but it’s not as rich as openssh.
Edited 2018-12-13 23:39 UTC
After all these years using PuTTY, it will be interesting to see if I can be persuaded to try OpenSSH. I’m looking forward to some expert articles to see where this heads!
Personally, I’ll stick with PuTTY most of the time, because it provides a much better terminal emulation for a lot of UNIX programs than the Windows console host does.
It’s _really_ nice having native scp/sftp client support on Windows out of the box though.
Supposedly windows console host is getting a major update as well. But I personally prefer https://github.com/mintty/wsltty I have that hooked up to my wsl install.
What is the advantage of it compared to msys2? (for some that never tried it, do, comes complete, or almost, with pacman as package manager, compilers, bash and lots of tools we love from linux console)
wlstty is just the terminal editor that can be pointed at wsl. WSL is the layer that allows ubuntu et all to work on windows.
The advantage is that its the real version of linux userland, its not compiled for windows. I can take an executable written for real ubuntu linux and plop it in with zero extra work. It mostly works, obviously anything requiring xorg or any other graphics primitives won’t work, as well as anything that tries messing with new or obscure linux system calls.
My experience with msys2 have been very good and, besides that, the last version of Windows on my own computers is Windows 8.1 and, for what I know, WSL does not work on it. I may try it on some other computers I have access.
It is interesting that both use mintty for terminal, though.
Oh, you don’t have to convince me ssh is awesome. I was just trying to explain why the older version of ssh they had wasn’t widely adopted.
It was also extremely annoying that windows was the only current os that didn’t come with an ssh client by default, extremely annoying when you need to login to a router etc
What a perfect everyday use case of a computer.
Unix still behind Windows: still no object-oriented shell.
Also, to be fair, there’s no real use-case for SSH server on Windows. You have WinRM, you have WMI, you have RDP, you have other remote-management and remote access tools… Not sure what would SSH server bring to Windows that would be of any value.
Edited 2018-12-14 12:19 UTC
Does any of those methods you listed (WinRM, WMI, RDP, etc.) offers strong encryption and authentication?
Yes.
Well, to start with, it would provide a non-graphical remote access method that doesn’t depend on the monstrosity that ix X.509 for client authentication and can be used out of the box from almost any client system in existence.
It also means you don’t need to share folders out or set up an FTP server to copy files back and forth.
Geft,
I disagree that there’s “no real use-case”. While there is value in GUI tools, for IOT innovation my opinion is that linux is the most popular platform exactly because it’s built on simple robust tools that follow the “keep it simple, stupid” paradigm.
I could use libraries to build networking/http/soap/crypto/authentication/etc, but at the end of the day it’s likely to consume far more time and produce more complexity than a simple one-line SSH command.
For normal end users, I’d agree with you that SSH probably doesn’t mean much for them, however for many developers I believe the lack of integration with embedded devices & servers has damaged microsoft’s marketshare. Consider that standard way to connect to any reasonably open device is SSH. You’ve got routers, network PDUs, embedded controllers, etc. Do they use RDP? No. Do they use SOAP? Not generally (and thankfully not because it’s extremely bloated and cumbersome). Do they use WMI? No. Often times they will have HTML interfaces, but accessing these interfaces by a script is lousy. Do they use SSH? Generally yes and when it’s available SSH is often the preferred way to automate diverse things across the network because it’s robust and simple.
I think this is one of the reasons macs are so popular among developers; unlike windows, they have all the tools that we’ve come to expect on production servers. No need to mess with cygwin or ming portability programming environments to get the needed tools onto windows. Clearly microsoft has been investing in catching up in recent years, but I think many developers will agree this has long been a deficit on windows.
In closing, I do understand that some windows shops only care about windows platforms and applications and nothing else. But in a heterogeneous environment, SSH is quite frankly one of the most useful protocols I use on a daily basis.
OpenSSH port 22 you can expose to the Internet and still sleep at night. That’s a difference.
Err… No, you can’t. Really. Unless you’re ignorant.
Geft,
Please elaborate. What exactly is the issue with SSH for you other than microsoft didn’t invent it? Is that all this is about or do you have more objective objections?
SSH really is the most widely used form of secure remote access for the majority of internet infrastructure including hosting/AWS/colocation/etc. It’s nothing like the days of telnet & ftp where everything was cleartext and highly insecure. SSH is a highly secure protocol for both interactive and certificate based logins that’s designed to be used across public networks.
Not for nothing, but even in windows shops it’s quite likely that many of them are using some hardware running linux technology under the hood: IP-PDU, IP-KVM, NAS, firewalls, routers, switches, etc. If you go out of your way to avoid linux hardware, well then more power to you, but the fact of the matter is that if devices provide console access at all (and most enterprise class devices do), then SSH is still the defacto standard for secure console access for the majority of our infrastructure regardless of your opinions about it.
SSH is just another service. It’s not invincible. Yes, it may be more secure than most MS mechanisms for remote management, but it’s not perfect. Security track record of SSH may be quite good, but it’s not totally clean ^aEUR” there have been known security issues. And that is why it’s just plain ignorant to think that “you can expose SSH port to the public and sleep well at night”. You might get DoS’ed by bots if nothing else.
Also, please not that I NEVER SAID I HAVE ANYTHING AGAINST SSH. I have no idea where did you take this idea from. I just said that I don’t see much benefit from having integrated SSH server on Windows. I didn’t say SSH is bad.
While most other people on this thread seem to believe that SSH is absolutely, perfectly secure and bug-free.
Edited 2018-12-18 08:31 UTC
Geft,
Ok, I had to read in between the lines since your posts were a bit vague. I still don’t have a sense for whether you agree with my points or not though?
On windows, I really miss native support for sftp and rsync functionality (not to mention fuse userspace file systems in general). The ISPs here block SMB/CIFS so that these cannot be used across the internet (with good reason). I have a VPN I can use, but often times it’s just easier to transfer files through an intermediary linux box over SSH to assist windows, especially with files that are too big to email.
Do you still think that SSH doesn’t bring anything of value to windows?
This setup isn’t for everyone, but at home I just mount everything from a linux NAS, which simplifies cross-platform workflow for me.
Well, yeah, there are certainly use-cases for SSH on Windows. Especially in multi-platform environments or for admins coming from Linux. My point was that I don’t get this hype/enthusiasm/sarcasm attached to the news about native SSH server/client support coming to Windows. For me it’s more like “meh, OK, maybe it’ll come to be somewhat useful sometimes“, but not much more.
Uhm, have you ever heard of powershell? Its now open source and available on linux, if you really want that kind of a thing.
https://docs.microsoft.com/en-us/powershell/scripting/install/instal…
Not really even remotely comparable to Windows version of PowerShell.
Obviously it doesn’t have the same capabilities as the windows based one, but come the heck on. Its power shell for linux, how is it “not even remotely comparable”.
Forget that its the exact same syntax as on windows, its at least an object oriented shell that works on linux. which is what was claimed to not exist.
That was exactly my point: Linux didn’t (and still don’t) have any object-oriented shell except when Microsoft puts their shell on it. That was supposed to show how in this case Linux is “behind” Windows.
Geft,
You aren’t wrong that microsoft makes it, but so what? Bill Shooter of Bul’s point is that the exact same software is available on linux, so how is it behind? If you want it, there it is.
If we reverse the scenario, do *you* think we should continue saying windows is “behind” in terms of ssh even after windows incorporates openssh from openbsd’s technology? I say no, what matters is availability, not who wrote it.
You were able to run perl in a unix shell, way before PowerShell was even a glimmer, and get object orientated behavior in your scripting/system interaction.
The use case for SSH in windows is that microsoft finally got the message, and they finally addressed their dysfunctional NIH syndrome that was made them lose some tremendous industry trends that severely affected their bottom line.
Unix-like won the battle in the cloud/services infrastructure. No need to reinvent the wheel with an alternative that is not going to be any better, it’s going to come late to market, and it is going to limit their audiences.
The new Microsoft management proved themselves to be orders of magnitude more pragmatic than the quixotic Ballmer tenure. And their financials prove it.
Edited 2018-12-17 07:09 UTC
Microsoft’s long game seems to be their old EEE strategy with Linux.
They needed Linux to make Azure tick, and they’ve ported Powershell to Linux, but it kinda sucks. They also don’t control the platform, and it’s harder to pull vertical integration of the virtualization stack when they dont control all the layers.
So MS’s other strategy rests on WSL. Run Linux, without the Linux. Containers and containerized VMs running in a Linux emulation environment atop the native (or virtualized) Windows kernel. For that to work, though, they either use their Powershell port or get the SSH components running on Windows as a fully supported part of the stack.
MS is doing a lot to make Azure (and authorized Azure clones) basically the only way to run MS software, and if you’re an MS shop running Linux software for something, they want you running that on Windows/Azure too.
At least Microsoft contributed towards the costs of developing and maintaining OpenSSH, unlike many other companies that use it, including a very rich fruity one. https://www.openbsdfoundation.org/contributors.html
Always disappointing to never see AWS on this list. I guess Jeff needs that extra money for another mansion.
Maybe he’s trying to compete with Larry ?:
https://www.youtube.com/watch?v=-zRN7XLCRhc&t=34m43s
Nah, he’s busy building his $42 million clock.