Microsoft To Support SSH In Windows and Contribute To OpenSSH

An anonymous reader writes: Microsoft has announced plans for native support for SSH in Windows. "A popular request the PowerShell team has received is to use Secure Shell protocol and Shell session (aka SSH) to interoperate between Windows and Linux – both Linux connecting to and managing Windows via SSH and, vice versa, Windows connecting to and managing Linux via SSH. Thus, the combination of PowerShell and SSH will deliver a robust and secure solution to automate and to remotely manage Linux and Windows systems." Based on the work from this new direction, they also plan to contribute back to the OpenSSH project as well.

finally

it's only 2015 guys...

Re:finally

Just imagine the time warp when they discover rsync.

Re:finally

Another big step back. Some folks just can't embrace new.

Re:finally

[MightyMartian]

New, as in everyone else has had this for twenty years.

Re:finally

You mean robocopy?

Re:finally

[drinkypoo]

New, as in everyone who wants this already has this via cygwin. It even installs as a service. Presumably I should ssh in and use powershell, but I've never tried because if I want to do real computing, I do it on a real OS with a real shell.

Re:finally

Robocopy isn't like rsync. Rsync was designed to work efficiently if large files, or large parts of files, haven't changed. Robocopy doesn't do any intelligent handling of identical parts of files. The best it can do is look at sizes and timestamps.

Re:finally

It's probably to try and insert some more NSA back door code and ssh more hackable.

Re:finally

[Zontar+The+Mindless]

rsync is proof that God loves us and wants us to be happy.

Re:finally

[Shag]

Well, you can't just go chasing after every so-called protocol some Finn throws out there, you know.
Clearly Microsoft just felt it best to wait 20 years for the spec to settle down enough that it would attract a few users.

Re: finally

[drinkypoo]

Cygwin is a pain

Oh noes, you have to run setup

and only a complete 'real OS' neck beard would slag Microsoft for this

Only a complete idiot would think that's what's happening here, but I see you didn't log in, so I guess you're ready to be the biggest kind of idiot. We're slagging Microsoft for, as usual, taking over a decade to do the right thing.

Re: finally

[Gr8Apes]

It's more like 2 decades since ssh first hit the internet. And I came here to retract the other day's comment that MS still didn't support the industry standard, well, will soon support the standard...

I agree with the AC however, cygwin is a pain, enough so that I switched to Linux and macs to get real shell support. Granted, since I stopped running any windows at all more than 5 years ago, I can't state that cygwin still sucks, as I haven't seen it in that time.

Re: finally

[drinkypoo]

I agree with the AC however, cygwin is a pain, enough so that I switched to Linux and macs to get real shell support.

If you expect it to play well with AD, prepare to be disappointed. Otherwise, I don't see the problem.

Re:finally

See, global warming IS a hoax. Even hell is getting colder.

Re: finally

[Gr8Apes]

AD doesn't play well with anyone. It's still a crappy directory and I don't think anything will ever change that short of a wholesale replacement.

Re:finally

[Shirley+Marquez]

That's true if you're using your own computer. But if you are on somebody else's computer (perhaps because you are a traveling computer technician) and you need SSH access to something (like, say, the customer's router) this could be a significant time saver.

Re: finally

Next up: a modern package manager with dependencies.

Nice

Even cooler than their work with the git project.

Re:Nice

[ArmoredDragon]

Maybe. Assuming Microsoft makes a proper SSH client that is as good as PuTTY, instead of software like that piece of shit called HyperTerminal from way back when, which almost always couldn't establish a proper working terminal with anything, had basically no file transfer support (or rather, it had very buggy and limited support,) and required a very annoying (and mostly pointless) setup process each time you wanted to connect to a different host.

Then again, why not just fork and bundle PuTTY? But do something to make the sessions easily exportable (I really hate how PuTTY stores those in the registry by default.)

In fact, it would be awesome if the registry just disappeared entirely. I haven't met anybody who actually likes it, and god knows it's been a dream come true for malware authors who want to hide shit (easy to do since it's so big, maze-like, and unwieldy for anybody to sift through.)

Re:Nice

Why is the registry such a scary thing? It's a one-shot command to export or import puTTY sessions from the registry, and in your user hive so no special permissions required.

Re:Nice

Why is the registry such a scary thing? It's a one-shot command to export or import puTTY sessions from the registry, and in your user hive so no special permissions required.

It's in *his* user hive. When I ask him if he's backed up his system before I reinstall the OS, will he remember to back up his user hive? Does anyone ever? It's not like other programs store useful info there. Not even MS software.

Re:Nice

[zenbi]

In fact, it would be awesome if the registry just disappeared entirely. I haven't met anybody who actually likes it

So you've never met a Gnome developer?

Re: Nice

Plenty of stuff is stored in the user hive.

Re:Nice

Ain't PuTTy compromised, according to recent news?

Re:Nice

[ArmoredDragon]

No more than VLC, firefox, or a ton of other popular open source programs are.

To which I mean, these programs have seen scamware sites create trojanized copies that they then pay to get first listing as an ad for in search engines. It's technically not illegal nor is it against the GPL.

The only part that is actually illegal is where the scam artist actually use information gleaned for illicit purposes.

Bing is actually a popular place for these kinds of ads, by the way, because Microsoft seems to do even less vetting of its ad sources than Google does (my guess is maybe they aren't terribly concerned if ad based business models are believed to be flawed by the larger public? Either that or Bing is so unprofitable that they can't afford to vet it better.)

Re:Nice

What I would like to see is not just a command-line SSH client, but also native support for files over SCP in Windows explorer. Just about any Linux desktop out there will let you type "smb://" to access Windows shares, "sftp://" to access files over SSH, "ftp://" for FTP, etc. I always find going back to Windows very frustrating when I have to move files between machines.

Re:Nice

[ArmoredDragon]

I don't know the protocols in detail, but isn't CIFS/SMBFS much better suited for random access than SCP/SFTP is?

Re:Nice

[Ash-Fox]

I don't know the protocols in detail, but isn't CIFS/SMBFS much better suited for random access than SCP/SFTP is?

Not particularly. CIFS/SMBFS is better suited for enforcing file locking however.

Re:Nice

[acoustix]

Maybe. Assuming Microsoft makes a proper SSH client that is as good as PuTTY, instead of software like that piece of shit called HyperTerminal...

If I remember correctly, Microsoft didn't make HyperTerminal. They either bought it or licensed its use in Windows.

Re:Nice

TeraTerm is a better open source terminal/SSH client.

Embrace and Extend

MS-SOP

The bad news?

You log onto a Windows C:> prompt.

Re:The bad news?

[KGIII]

You are eaten by a Grue. Better luck next time.

Re:The bad news?

[DroolTwist]

lol

Well...

It's about dam time!

Cygwin

No need for MS help when Cygwin exists. Furthermore, its super easy to setup.

Re:Cygwin

[the_B0fh]

No. Cygwin runs everything under one process. This will run separate processes for each SSH session, with privilege separation. Cygwin also uses its own /etc/passwd. This will use local windows users, and, hopefully, AD users.

And code will be sent upstream.

Much better if this works out.

Re:Cygwin

[kosmosik]

> Next proposal: implement rsync natively...

Rsync fails on Windows/Unix interactions due to basic filesystem architecture. There are lot of differences betweeen NTFS and *nix filesystems like ACLs, timestamping and so on. So I don't really get how Microsoft could change rsync to work with NTFS since the problem is not in rsync but in general differences in which filesystems work - f.e. how to accurately map Windows ACLs to unix ACLs?

Also I don't think that rsync support is something Microsoft clients (as in people who buy their products) are looking for. Ability to run Linux systems via GPO or SCCM/SCOM/whatever it is named now is another matter.

Re:Cygwin

[kosmosik]

Not to mention such trivial things as how to translate paths f.e. C:\Users\foo to /home/foo or whatever. I don't think it is a problem which rsync should solve - it (if Microsoft ever embraces such idea) should be solved in lower layer than userland.

Re:Cygwin

[mlts]

The best managing (IMHO) of Windows ACLs with UNIX permissions I've seen would be the EMC Isilons. You can lop off all permissions except the bare UNIX ones (user, group, rwx), use Windows permissions for everything, and stuff in between.

Adding GPO friendliness to Linux would go a long way in getting more boxes on the desktop The biggest reason why Windows is the primary desktop OS is because it has a lot of management tools.

Now here is the ironic thing. MS doesn't lose if Linux gains. For example, they make money on almost all Android devices, and if MS moves to selling their programs Linux, they will be able to tell distribution makes exactly what they want, and the distro makers will do it, just because there would be a high demand for a Linux box to do AD, SQL Server, or other tasks.

tl;dr, both MS and Linux would win big. Especially if Windows had the ability to run Linux applications in Hyper-V wrapped Docker containers.

Re:Cygwin

[ls671]

You seems like you have been trying to use it, haven't you? Like most open source solutions, you might have to tweak it a bit to get it to do what you want and then again, you have to make compromise. But be assured it works in a satisfactory way for me. Just get a proprietary solution if you can't make it work as you wish. Oh my god, I just realized you sounded like a guy that would choose the later solution ;-)

I know what you are saying although and there is some truth to it.

Take care man ;-)

Re:Cygwin

[kosmosik]

> tl;dr, both MS and Linux would win big. Especially if Windows had the
> ability to run Linux applications in Hyper-V wrapped Docker containers.

Just run Linux kernel in hypervisor and do some glue to map Linux/UNIX convetions (process management/filesystem/networking/etc.) to Windows host. But that is problematic - you can do it in many ways (like you've said EMC is the way you like it). I guess the problem is that we need to have some standards regarding on how to map such things and the best way possible would be to the vendor (Microsoft) to define that with open and true intentions of interoperability. As you've said everyone would benefit from that.

Re:Cygwin

[kosmosik]

> You seems like you have been trying to use it, haven't you? Like most
> open source solutions, you might have to tweak it a bit to get it to do what
> you want and then again, you have to make compromise.

Sorry I am an professional - for my clients I advice and implement what is best for them so in general I avoid tweaking (as in unstadarised hacks). Tweaking is good for my home machines but what I do on home machines I would not recommend to clients who just wish to do their business.

> But be assured it works in a satisfactory way for me.

What? Rsync and NTFS? I don't know what is satisfactory for you but I assume you that it is not for me. In cases that I would choose to use rsync over f.e. Windows DFS it would just not work - like it will lose Active Directory ACL's. Rsync is fine tool for mirroring archives but it is not compatible in advanced Linux/Windows setups.

> Just get a proprietary solution if you can't make it work as you wish.

Which one?

> Oh my god, I just realized you sounded like a guy that would
> choose the later solution ;-)

I would - why not? I am not rms

> I know what you are saying although and there is some truth to it.

Why "some" truth? You haven't contradicted any of my arguments. The truth is that Linux and Windows filesystems differ in loads of subtle manners (like timestamping, ACLs, internal compression, namespaces) and rsync as codebase *shouldn't* implement a glue between those systems - that should be hadled *lower* (like Cygwin does).

Hopefully Microsoft will decide to act on that fact but keep in mind that in their best inerest it is to manage Linux systems, not the other way.

Re:Cygwin

[ls671]

hehe, that's exactly what I was saying and I understand. Peace.

Re:Cygwin

It pretty much is WINE in reverse, except with a hypervisor.

I do agree... Isilons (which are FreeBSD boxes with a lot of secret sauce) are one way, but there are many other ways to skin this cat. Maybe this is something MS could do to make interoperability easier.

Re:Cygwin

[Antique+Geekmeister]

It involves more than a little bit of tweaking. Files that are "locked" on the Windows side make rsync hang, and fail when accessed over an rsync/SSH connection. This particularly includes the Outlook ".PST" file, the email storage file that is one of the most critical files to back up on a personal system.

Re:Cygwin

[drinkypoo]

Rsync fails on Windows/Unix interactions due to basic filesystem architecture.

Uh what? I use it all the time between Windows and Unix, Windows and Android... it works fine. If there are any problems, they are abstracted away by the client and/or server and I don't notice them at all.

Re:Cygwin

[ls671]

Indeed, you have to rsync when all file handles are closed.

Re:Cygwin

[ls671]

Thinking twice, then again, you can still tweak with file locking strategies.

Re:Cygwin

[ls671]

In the end, never say it is impossible. It's like arguing implosion won't prevail in Manhattan.

Re:Cygwin

[drinkypoo]

No. Cygwin runs everything under one process.

buh?

windows$ ps -aef
    UID PID PPID TTY STIME COMMAND
cyg_serv 2588 1 ? May 29 /usr/bin/cygrunsrv
cyg_serv 2672 2588 ? May 29 /usr/sbin/sshd
cyg_serv 7016 2672 ? 18:46:49 /usr/sbin/sshd
  user 8108 7016 pty0 18:46:52 /usr/bin/bash
  user 6536 8108 pty0 18:46:58 /usr/bin/ps
 
debian$ ps -aef | egrep '(sshd|bash)'
root 13792 1 0 Apr24 ? 00:00:06 /usr/sbin/sshd
root 19995 13792 0 18:48 ? 00:00:00 sshd: user [priv]
user 19997 19995 0 18:48 ? 00:00:00 sshd: user@pts/0
user 19998 19997 0 18:48 pts/0 00:00:00 -bash
user 20131 19998 0 18:50 pts/0 00:00:00 egrep (sshd|bash)

So uh, what's the difference? Looks like all cygwin is missing is proper authentication. AFAIK it maps UIDs to SIDs, but yes, is missing AD support.

Re:Cygwin

Cygwin runs everything under one process. This will run separate processes for each SSH session, with privilege separation.

Don't know where you're getting that, but you're mis-infomred. Cygwin certainly does not run everything under one process; each cygwin program is a separate executable which runs in its own process. They all happen to make use of the shared library cygwin1.dll, but that's really different from the way many "native" Windows programs use msvcrt.dll. Not only that, but Cygwin programs are perfectly capable of forking off multiple processes that then communicate with IPC. (Yes, that is forking actual separate processes, not just threads. Cygwin programs can use threads too.)

As for SSH, the cygwin SSH service install script defaults to and very strongly recommends installing it with privilege separation. It also offers to create a new, limited account in which to run the service.

Re:Cygwin

Ha ha ha. You got owned, hard, and that's the best you can come up with? Pathetic.

Re:Cygwin

[ls671]

It is useless to resist us.

Re:Cygwin

[Antique+Geekmeister]

If there are critical files that cannot be reliably accessed and have to be excluded simply because they are "open", then rsync over SSH cannot be a reliable backup tool. The files that are "open" will be those most critical and often in use, such as email backup and critical spreadsheets. One can get rsync to back up the rest of the filesystem more reliably by doing a CIFS mount of the files elsewhere, such as mounting it to a Linux systerm, and simply ignoring the complexities of Windows file ownership. Since the "C:" drive is almost always exported as the hidden "C$" share, it's almost always available if you have the credentials.

I've had quite a bit of amusement showing this little technique to Windows admins who insisted they needed remote console access to review the status of their internal systems.

Re:Cygwin

[leptechie]

And, in all likelihood, native (MS-)Kerberos.

Re:Cygwin

[MaxSmoke]

There can be different users and groups between *nix machines and still rsync works fine in such situation, so it must have solved this issue in principle already.

excellent

now you can use Windows computers the way they were meant to be used, as dummy linux clients

Re:excellent

now you can use Windows computers the way they were meant to be used, as dummy OS X clients

FTFY.

Re:excellent

now you can use Windows computers the way they were meant to be used, as dummy OS X clients serving as dummy linux clients

FTFY.

Re:excellent

FTFY.

FTFYB.

Re:excellent

[drinkypoo]

now you can use Windows computers the way they were meant to be used, as dummy linux clients

I've been doing that for so long I've actually given Chameleon money (for Xoftware.) No, wait. Except the last time I actually wanted to do it was years ago, because it's been years since I had any Unix-specific machines. Now it's just PC Unix. I just threw away my last Unix machines, a POWER1 and an Indy R4400SC@200MHz. It wasn't worth dusting them off.

What do they need to contribute back?

[danbob999]

I mean, they will take OpenSSH, compile-it for Windows, and make sure Power Shell is the default login shell. Then what? What piece of code could the Open SSH project want from Microsoft exactly?

Re:What do they need to contribute back?

[viperidaenz]

What piece of code would the Open SSH project possibly want from any developer?

It's not like it's defect-free software that requires no more development.
https://bugzilla.mindrot.org/s...

Re:What do they need to contribute back?

[GungaDan]

I think it will be the MS cli interface helper, sshclippy. "It looks like you're trying to ssh into a remote server. Wouldn't you like to use RDP instead?"

Re:What do they need to contribute back?

[silas_moeckel]

Probably the best thing they can do is throw resources at it, hire an existing dev to do it full time sort of thing.

Re:What do they need to contribute back?

[Burdell]

You obviously haven't ported OpenSSH to a different OS before. Even among Unix/POSIX-like OSes, there is significant variance between platforms that something like OpenSSH has to deal with. Go look at the diff between OpenBSD OpenSSH and portable OpenSSH (for all the other supported platforms).

Also, portable OpenSSH uses extended security features that tend to be platform-specific (but useful enough to make it worthwhile to use on each specific system). I expect that there is Windows security functionality that doesn't map onto the current OpenSSH setup (but is worth extending OpenSSH to use).

I really hope that Microsoft makes a native port of portable OpenSSH to Windows. Nothing against the Cygwin folks (the Cygwin OpenSSH is great), but a native port that is more integrated into the "Windows" way of doing things would be good.

Re:What do they need to contribute back?

[exomondo]

I mean, they will take OpenSSH, compile-it for Windows, and make sure Power Shell is the default login shell. Then what?

Then they have a vested interest in it so should contribute to maintaining it, even widely-used open source projects (PGP and OpenSSL for example) are often woefully under-resourced. It isn't as though OpenSSH is some bug-free, perfect product that requires no maintenance.

Re:What do they need to contribute back?

I mean, they will take OpenSSH, compile-it for Windows, and make sure Power Shell is the default login shell. Then what? What piece of code could the Open SSH project want from Microsoft exactly?

Better Windows integration and professional code audits.

I wonder

[John+Allsup]

Are M$ getting sensible in their old age?

Re:I wonder

[kosmosik]

They have no choice. Well they could just stick with Windows Server and Windows Clients but it actually happens that they are offering Linux as a product/service (in their Cloud). So why not embrace and extend methods to manage Linux via their tools? In my opinion this is good trend.

Re:I wonder

[Penguinisto]

Sensible? Dunno... Desperate? Probably.

Re:I wonder

[the_povinator]

The linked-to blog contains an interesting statement which could be interpreted as bashing Ballmer:

Finally, I'd like to share some background on today’s announcement, because this is the 3rd time the PowerShell team has attempted to support SSH. The first attempts were during PowerShell V1 and V2 and were rejected. Given our changes in leadership and culture, we decided to give it another try and this time, because we are able to show the clear and compelling customer value, the company is very supportive.

Re:I wonder

[slaker]

The new Microsoft CEO is much more comfortable with FOSS software. We're also seeing initiatives to support Docker containers on Windows and apt/yum/ports style software repositories and I don't think we'd have gotten any of that if Ballmer were still in charge.

Re:I wonder

[GungaDan]

"We're also seeing initiatives to support Docker containers on Windows"

Not exactly. What you're seeing is an initiative to support docker-for-windows containers on windows. They're fragmenting docker, not seeking interoperability.

Re:I wonder

[JebusIsLord]

You guys are so jaded, it's insufferable.

Back in the Real World, we use PowerShell to automate all sorts of processes. Particularly provisioning VDI. while lots of non-MS stuff has PowerShell APIs (VMware, Citrix etc.) sometimes you want to execute a remote command on a device that only supports SSH. Like power up a blade PC, or add a static route to a switch. Sounds like they're going to make that possible. Awesome!

Re:I wonder

I wonder what they will embrace, extend and extinguish with ssh? I can't imagine they actually intend to use it properly.

Re:I wonder

Microsoft succeeds in threes!

Windows NT 3.0 was the first version released.

Microsoft purchased Softricity for the at-the-time highest acquisition purchase (.25 billion) because they had tried two internal projects which failed; they were determined to get it right the third time.

Re:I wonder

[exomondo]

You guys are so jaded, it's insufferable.

If they're adapting to a changing world they're "desperate", if they're continuing on their existing course they're a sinking ship. Either way their record revenue and profits in the past year are a bad thing, Microsoft is going down hard which means the Year of the Linux Desktop is right around the corner ;)

Re:I wonder

Agree with you this completely. I just came from a shop with HEAVY PowerShell automation and a lot of Linux, along with a lot of hacks to get around authentication. This will make a huge difference streamlining some setups.

Re:I wonder

Are M$ getting sensible in their old age?

Remember - Embrace, extend and extinguish. We are only in Phase1 at this point.

Re:I wonder

From a devops perspective *I don't care* if the containers are Windows or Linux as long as I can automate their lifecycles in a cluster using the same API - which is what the goal of Docker on Windows is.

Re:I wonder

[hweimer]

Are M$ getting sensible in their old age?

Depends on how they will license this feature. If it's like Remote Desktop, then you can have at most one active SSH session (two for Windows Server) at a given time unless you pay extra.

Re:I wonder

[Penguinisto]

Back in the Real World, we use PowerShell to automate all sorts of processes.

Judging by way too much time spent among 'doze admins, I vehemently disagree: 10% of 'you' use PowerShell to automate things and pass around the resulting scripts... the other 90% of you still clicky-clicky in places like Task Scheduler. ;)

Re:I wonder

If they're adapting to a changing world they're "desperate", if they're continuing on their existing course they're a sinking ship

By that definition, everyone is either desperate or sinking. I think desperate is more appropriate if they wait until there's really no hope before making changes. I think it's more that they see themselves losing relevance and their doing this to avoid desperation.

Re:I wonder

[Barabul]

I wonder what's wrong with OpenSSH now... If M$ is starting to use something, I'm getting suspicious.

Re:I wonder

You guys are so jaded, it's insufferable.

Back in the Real World, we use PowerShell to automate all sorts of processes. Particularly provisioning VDI. while lots of non-MS stuff has PowerShell APIs (VMware, Citrix etc.) sometimes you want to execute a remote command on a device that only supports SSH. Like power up a blade PC, or add a static route to a switch. Sounds like they're going to make that possible. Awesome!

There are already modules/code examples that enable access to SSH and Telnet resources in Powershell. This new stuff looks to allow an SSH terminal (like in a linux or Mac workstation) access to the Powershell environment in Windows.

Re:I wonder

[exomondo]

Yes that's my point, it doesn't matter what they're doing there's always detractors trying to spin it to be a negative.

Re:I wonder

Are M$ getting sensible in their old age?

Remember - Embrace, extend and extinguish. We are only in Phase1 at this point.

You say that yet never has this strategy ever successfully completed phase 3.

Re:I wonder

[shutdown+-p+now]

It goes beyond "more comfortable", and into "what the fuck were we thinking when we actively avoided using and building on F/OSS". Which is perfectly sensible from a business perspective, because the old MS attitude towards F/OSS was basically the equivalent of tying one's hands behind one's back to avoid accidental masturbation, and then trying to compete in a craft competition. It only works when the game is rigged in your favor in advance, and that doesn't last.

Re:I wonder

[jwhitener]

apt/yum/ports style software repositories

Where is the news about this? Was it an official announcement of some sort? I'd love to be able to do something like 'sudo apt-get install vlc' on windows.

Will Power Shell become useful?

[danbob999]

Or Windows still won't be able to run Power Shell scripts by default?

Re:Will Power Shell become useful?

[chispito]

Or Windows still won't be able to run Power Shell scripts by default?

It takes 15 seconds to change this setting. If you don't know how to google the correct cmdlet, you probably didn't have anything useful to do in PS anyway. If you're in an enterprise environment, use GPO. Besides, there are plenty of things to do on the fly in the shell that do not require script execution.

Re:Will Power Shell become useful?

[danbob999]

I know. However it means that I can't use Power Shell in software that I develop since I need to use it on many different PCs. So I am still stuck with .cmd when I need to script something on Windows.

Re:Will Power Shell become useful?

[Shados]

Just get a certificate and sign the script. If you're gonna be distributing it to users who: A) aren't on a network you control (else you'd be able to change the policy via the network), and B) aren't technical enough to run the command (thus, definately not good enough to make sure your script isn't malicious), you really owe it to them to sign it.

No, its not expensive. Don't pretend it is.

Re: Will Power Shell become useful?

It's not $ expensive. It's build-env expensive.

Re:Will Power Shell become useful?

[danbob999]

Having to sign the script completely defeats the purpose of having scripts in the first place. I want scripts because:
1. no need to compile anything
2. can be edited right away on any PC using a text editor, and executed again
3. no need to install any framework or runtime.

I can distribute and run a .exe on any PC anyway. Why couldn't I do the same with a Power Shell script?

Re:Will Power Shell become useful?

[Gadget_Guy]

It sounds like you just want to complain, no matter what. If you want to distribute scripts to others then sign them. Problem solved.

If your users want to edit the scripts then they can change their Powershell security policy allowing them to make all the script updates that they want. Problem solved.

In the meantime, the rest of the world who don't use nor care about Powershell just want to have a computer that is protected from malware attacks. They can live a little safer since Microsoft blocked the Powershell attack vector by default. Problem solved.

This is the way security defaults should be. If the ActiveX defaults had been secure by default in the early versions of Internet Explorer then the browser would not have had the bad reputation that it deservedly received. Sure it made it easier for developers (like you) to run their code on their users' systems, but it did so at the cost of security of the majority of people who didn't want that facility.

Re:Will Power Shell become useful?

[DavidRawling]

Because this is a direct outcome of configuring secure-by-default. It's there to stop people shooting themselves in the foot the first time they try. Don't like it? Try one of the FIFTEEN WAYS you can run a powershell script without requiring a policy change.

I personally prefer #9 but YMMV.

Re:Will Power Shell become useful?

Or conclude that Microsoft still prefers us using BAT and VBS, both of which work out of the box.

I'm not going to bother learning enough PS to rewrite my VBS scripts as long as Microsoft don't clearly support PS as a replacement.

Re:Will Power Shell become useful?

[danbob999]

Having to change the security policy on every PC where my script will run is a total pain. I might as well compile an executable.
If ActiveX was disabled by default (for security) it would never have been used to begin with. And that's the reason why nobody uses Power Shell and lots of people still use .CMDs.

Re:Will Power Shell become useful?

[Gadget_Guy]

Having to change the security policy on every PC where my script will run is a total pain.

Can't you read? You don't have to change the security policy if you just sign your script.

You only have to change the policy if you want to edit a script on that PC, and if you do that then surely you are sitting at the workstation and are able to issue to one single command that is needed. If you can't issue the one command required then you have no business trying to edit a Powershell script.

Re:Will Power Shell become useful?

[danbob999]

Having to sign it is a pain. As I said, I prefer to compile an executable than to sign a script.

contribute to openssh?

[ralphsiegler]

Are they forgetting who runs OpenSSH? I'm picturing Redmond folk getting a new gastrointestinal egress bored, that would accommodate a Mac truck.

Re:contribute to openssh?

It's BSD licensed - they can do "contribute" whatever they want to it, release the binaries and never have to publish the source.

Unlike those restrictive not-so-free, free licenses.

Re:contribute to openssh?

[exomondo]

Are they forgetting who runs OpenSSH?

Most people who have any valuable contributions are more interested in code than historical politicking.

Re:contribute to openssh?

You've never called Theo de Raadt's or his fanboy's uber l33t s00per-sekrit-sauciness into question. Just remember, roughly 90% of all SSH private keys are still kept unencrypted, and if ever you call into question leaving this as the default behavior for the SSH key generator, or if you ever call into question the "there is no way to clear out old host keys from known_hosts other than with a text editor" policy, well then....

**** Let the fireworks begin!!!!! ***

Re:contribute to openssh?

Not sure what you're going on about. Seeing as the default behavior of ssh is to hash hosts in known_hosts, clearing out old hosts with at text editor is actually quite difficult. You really have to use ssh-keygen -R to do it.

Re:contribute to openssh?

a while back, 2010 to be precise, another company, called Nomachine, actually ported OpenSSH to Win32, so the work on that side of things has already been done. It was also reported in the OpenSSH mailing lists. Just google "openssh mailing lists port to win32"

Re:contribute to openssh?

[ralphsiegler]

Cygwin has had a port of openssh to windows far, far longer than that

Re:contribute to openssh?

OSS contributions are here: https://www.nomachine.com/NoMachine-OSS-ports

The three 'E's

Microsoft's tactic of Embrace, Extend and Extinguish!

They will invariably add their own proprietary extensions which will make the open source users get left out from time to time. Thus bringing about a migration from OpenSSH to whatever closed source Microsoft controlled product is compatible. This is bad news all round.

Re: The three 'E's

That would be a self inflicted fatal wound for Microsoft, and no one would even lift an eyelid.

Re:Timeo Danaos et dona ferentes

Not this time. SSH isn't a company and no one owns it. It is a universal basic tool/technology. You can't extinguish something like that - it's here to stay. MS is just trying to promote the feature of not having to install PuTTY or Cygwin to make it useful out of the box.

FIPS for government?

But will it be certified as FIPS-compliant for use on Gover meant contracts?!?

Re:Timeo Danaos et dona ferentes

Right - and there's no more sinister way to do that than by contributing to an open source project. Kindda makes you wonder what that Richard Stallman guy is really up to...

Cygwin

[ls671]

You mean I don't need to install Cygwin anymore like I have been doing for the past 15 years to accomplish just that?

Next proposal: implement rsync natively...

Re:Timeo Danaos et dona ferentes

[the_B0fh]

Under the new guy, they don't seem to be doing that as much.

Odd thoughts:

[Penguinisto]

* I remember joking about connecting to a 'doze server via SSH in 2005. Usually the response was a disgusted shiver.

* I guess Microsoft finally got sick of seeing PuTTY's hegemony in the terminal/SSH client market, and decided that this, *this* was a market they could finally dominate in this day and age?

* I shudder to think of how bastardized the command options are going to be, given the PowerShell's habit of using stuff like '-omgLookAtThisMassiveOptionNamingConvention', to the point where they have to alias a frickin' option...

Ah well, good on 'em. I'll stick with using Linux and OSX clients, thanks much.

Re:Odd thoughts:

[viperidaenz]

* I shudder to think of how bastardized the command options are going to be, given the PowerShell's habit of using stuff like '-omgLookAtThisMassiveOptionNamingConvention', to the point where they have to alias a frickin' option...

Linux is full of aliased options.
Can you explain the difference between:
cp -r
cp -R
cp --recursive

There are long options too, with no aliases
ls --dereference-command-line-symlink-to-dir

Re:Odd thoughts:

Man cp

  you windows ass clown

Re:Odd thoughts:

[Penguinisto]

The big difference is that *nix started with short easy-to-type options... PowerShell did it the other way 'round. The difference is stark, truth be told; the former grew from a CLI mindset, whereas the latter is easing (back) into CLI from a GUI mindset.

TBH, I rarely if ever use --option unless I have to, since the original -o is right frickin' there.

Re:Odd thoughts:

[kosmosik]

> I guess Microsoft finally got sick of seeing PuTTY's hegemony in
> the terminal/SSH client market

You guess wrong. There is basically no market for terminal/ssh clients. And if it is it is peanuts. There is HUGE market for centralized management tools like OpenStack, Chief, Puppet, etc. - and that is at what Microsoft is aiming. Basically they need SSH compatibility to manage Linux boxes and they want and they do (Azure) manage Linux boxes.

> I shudder to think of how bastardized the command options are going
> to be, given the PowerShell's habit of using stuff like
> '-omgLookAtThisMassiveOptionNamingConvention', to the point where
> they have to alias a frickin' option...

Oh like in GNU/Linux/BSD utils are just kosher and standardized... please... each tiny utility comes from few other schools of command line switches and are usually different. Threre is no standardisation of switches in commands used on Linux. Usually if you need to do something comples (that you haven't yet memorized) you need to open other terminal window with manual to do it. Of course this is a different *convention* from PowerShell but PS is not that bad - it is just different.

> Ah well, good on 'em. I'll stick with using Linux and OSX clients, thanks much.

Oh OSX clients and bastardized commands. Come on... ;)

And for the record I really like Linux and use it all the time. I also happen to use Windows and OSX as clients and they are also fine. Any effort to bring more interoperability between those systems is welcome in my opinion.

Re:Odd thoughts:

[nmb3000]

Well, when you're typing out Unix commands on an teletype that's 80 characters wide, creating short options first made a lot of sense.

Powershell's approach is more verbose, but it's also a little more readable (same as long options in Linux), especially when you're dealing with things more complicated than "copy a file", such as "create AD forest trust" or "reconfigure Exchange retention policies". That said, I still tend to use short options by default.

One thing nice about Powershell is that you can truncate options as long as they're not abmiguous. So you can make -Recursive be -Rec, or even -R, as long as there's not also a -Recreate or -Recover options. That seems to be a nice middle-ground.

Re:Odd thoughts:

[rcoxdav]

I wish that with Power-shell Microsoft would take the Cisco approach to the command line, where all you have to do is do the shortest unique version of a command or switch.

Re:Odd thoughts:

[bondsbw]

PowerShell did it the other way 'round.

Not really. PowerShell had many short commands since 1.0 in addition to the long versions... it's not that PS "started" one way or the other.

the former grew from a CLI mindset, whereas the latter is easing (back) into CLI from a GUI mindset.

Also not true. There's nothing about the long syntax that grew from a GUI mindset. It was created for consistency and ease of learning.

PowerShell primary commands are formatted Verb-Noun. This is awfully convenient, as a PowerShell user can guess hundreds of commands just by learning a few verbs and a few nouns. I just counted, and to understand half of the 300+ built-in commands on my machine requires only learning 7 verbs.

Re:Odd thoughts:

[tlhIngan]

Linux is full of aliased options.
Can you explain the difference between:
cp -r
cp -R
cp --recursive

There are long options too, with no aliases
ls --dereference-command-line-symlink-to-dir

Easy. The difference is you're using GNU.

UNIX traditionally only has short options, which are parsed using getopt(3). GNU adds getopt_long(3) which adds the long options, but I think only to GPL applications because you must link against a GPL library (libiberty?) in order to use them.

Using getopt() to parse your command line is extremely common and makes your utility work just like all the other utilities.

Using getopt_long() only works if you have GNU.

Re:Odd thoughts:

[SirSlud]

Powershell supports abbreviated switches.

Re:Odd thoughts:

[SgtAaron]

One thing nice about Powershell is that you can truncate options as long as they're not abmiguous. So you can make -Recursive be -Rec, or even -R, as long as there's not also a -Recreate or -Recover options. That seems to be a nice middle-ground.

Interesting tidbit. Reminds of the linux ip command, such as "ip a a 192.xxx" instead of "ip address add 192.xxx". There are others I'm sure, but that command I end up using a lot.

Re:Odd thoughts:

Most shells autocomplete if you double tap tab. The shortest-unique paradigm requires support within the called program, not the shell...

Re:Odd thoughts:

[DaHat]

PowerShell primary commands are formatted Verb-Noun. This is awfully convenient, as a PowerShell user can guess hundreds of commands just by learning a few verbs and a few nouns.

Not to mention built in tab completion for arguments where you can read the man page after finding the cmdlet to know which arguments you will have to use, or just quickly tab through to what you know is going to be there.

Re:Odd thoughts:

[safetyinnumbers]

You can tab-complete commands and options, too.

Re:Odd thoughts:

[sexconker]

help copy
    you Linux asspie

As someone who spends a lot of time RTFMing (often on shit I have no intention of ever using), I'll say that MS's documentation shits all over the inconsistent hodge podge you get on the Linux side. Thorough, explicit, detailed.

Re:Odd thoughts:

Nice post, but what's Chief?

Not going anywhere for a while?
Grab a Snickers.

Re:Odd thoughts:

[sexconker]

Beyond that, you can get a list of all the available commands and the number and types of parameters they take.

Re: Odd thoughts:

... yoy forgot to add: If you happen to have an msdn license and have the necessary help components installed. Same if you want to write help yourself, just buy the license first. With linux it is all free, creating man pages is helped by a miriad of tools, it is fast, consistent in form and style, and no license to pay. If you find a bug in the docs, submit a patch and everyone gains.

Re:Odd thoughts:

The problem is that whether options are little more "readable" is usually without consequence. What's important is memorability and briefness. Personally I have a fair bit easier to remember what the difference between -A and -a, -r and -R, than if the options was -omg-long-fricking-optionname-with-convoluted-name, --omg-long-fricking-optionname-with-convoluted-name,-omg-fricking-long-optionname-with-convoluted-name or possibly --omg-fricking-convoluted-long-optionname...

Yeah, me, powercomplicate-shell and java never were friends.

Re: Odd thoughts:

[Gadget_Guy]

I just tried typing help copy on my computer and it worked, yet I don't have an msdn subscription. That said, help is not installed by default. From the equally free online version of Microsoft's documention:

Windows PowerShell 3.0 does not come with help files. To download and install the help files that Get-Help reads, use the Update-Help cmdlet. You can use the Update-Help cmdlet to download and install help files for the core commands that come with Windows PowerShell and for any modules that you install. You can also use it to update the help files so that the help on your computer is never outdated.

Finally, if you want to write help for your own Powershell code, just type help about_Comment_Based_Help for details on how to do this. No need to buy any licences.

Re:Odd thoughts:

[drinkypoo]

Well, when you're typing out Unix commands on an teletype that's 80 characters wide, creating short options first made a lot of sense.

When you're typing, period, creating short options first makes a lot of sense. Powershell is a shell which is apparently not designed to be used by typing. Too bad it has a typing interface.

Re:Odd thoughts:

[drinkypoo]

Basically they need SSH compatibility to manage Linux boxes and they want and they do (Azure) manage Linux boxes.

Almost. They need SSH compatibility to be managed by Linux boxes, yet with proper NT authentication instead of the band-aid which is Cygwin.

Re:Odd thoughts:

[metamatic]

According to the man page on my Mac:

          The getopt_long() and getopt_long_only() functions first appeared in GNU
          libiberty. The first BSD implementation of getopt_long() appeared in
          NetBSD 1.5, the first BSD implementation of getopt_long_only() in
          OpenBSD 3.3. FreeBSD first included getopt_long() in FreeBSD 5.0,
          getopt_long_only() in FreeBSD 5.2.

Re:Odd thoughts:

[BitZtream]

BSD tools are pretty standardized yes.

UNIX tools are specific, its a certification.

GNU/Linux is a SysV bastarded child formed by merging a pretty great kernel with any number of half assed intentionally incompatible in subtle ways user land utilities.

Nothing about Linux is BSD or UNIX other than the feel. Windows is in fact more UNIX than Linux is, with its posix certified interop layer that Linux supports well, but is not certified.

A older version of OS X is UNIX and Posix certified.

Re:Odd thoughts:

[donaldm]

* I shudder to think of how bastardized the command options are going to be, given the PowerShell's habit of using stuff like '-omgLookAtThisMassiveOptionNamingConvention', to the point where they have to alias a frickin' option...

Linux is full of aliased options. Can you explain the difference between:
cp -r
cp -R
cp --recursive

There are long options too, with no aliases ls --dereference-command-line-symlink-to-dir

If you look at the man page of "cp" there is no difference, it really is left up to you what option you like. Personally I use "cp -rp" since I also like to preserve the information on the directories and files I am copying, although when copying to a MS Windows file-system you many have trouble with letters like ":".

When using the command line you can never go wrong with the"man" command. If you are not sure or just want to search for a pattern then use the "-k" option to search the manual entries. Of course you can use "--apropos" if you wish which does the same thing or use "-K" or "--global-apropos" which are similar but different. The most important thing is to have fun.

Re: Odd thoughts:

[KGIII]

This may no longer be true but if you had a Microsoft email you could log in and add stuff to Help pages online if you were an MVP or similar.

Re:Odd thoughts:

[AFCArchvile]

My biggest gripe with some Powershell commands is that their defaults are not as time-tested as the near-equivalent *nix commands. Probably the best example is "get-winevent -log System" showing all of the events in the System log (which on a given system, might be as large as 4 GB in size).

Sure, that's functionally the equivalent of performing "sudo cat /var/log/messages", but of course one could run "sudo less /var/log/messages" and obtain the powerful features of less, such as forward and backward navigation, and not loading the entire file into memory (this is a key weakness of "get-winevent" in general; if its output is piped, it is forced to load everything, therefore forcing the user to use the "-MaxEvents (int64)" switch to limit to the newest X events... and this is also setting aside the fact that Windows sorts by newest events first by default, though this can be changed with the "-Oldest" switch).

The Windows event system in general is strange when looking back at it. You have the post-Vista API (accessible with "get-winevent" or the Event Viewer), and the pre-Vista API (accessible with "get-eventlog"). There are some event sources whose events aren't rendered properly (i.e.: the description of the event will read something like "The description for Event ID X in Source Y could not be found. It contains the following insertion strings: (text)" ( https://support.microsoft.com/... ). Some will render properly only in the post-Vista API, but not the pre-Vista API. Others will render properly only in the pre-Vista API, and not the post-Vista API. To my utter surprise and bafflement, event sources such as "Ntfs" and "mpio" fall into the category of rendering properly in pre-Vista API, but not post-Vista API... in Windows Server 2012. That's right, for some reason, the events of a couple of the most critical event sources could not be fixed.

Powershell is nice as a scripting language, but it's a bear as a command shell. There have been years of complaints of slow loading, especially on systems with high disk I/O activity and/or stalled disks (it doesn't even have to be the system drive; ANY stalled disk on a Windows system may cause Powershell to stall eternally until the system is rebooted; I've seen this for years, in Server 2008 as well as Server 2012). The main reasons why the Command Prompt hasn't been entirely supplanted is because it's lightweight, and has stood the test of time for over 2 decades in NT.

I recently changed careers from a mostly-Windows role to a mostly-Linux role, and it feels great to work with bash, even if I still haven't memorized most of the higher esoteric layers of shell scripting. It feels like the shell was designed for the OS, instead of being duct-taped into a jack-of-all-trades role. The way I log into a RDP-windowed Windows Server 2012 system is visual humor in itself: I right-click the taskbar to click "Task Manager", use it to open "File -> New Task", run "cmd.exe", maybe start Powershell off to the side, and don't EVER click on the Start corner (or button if it's 2012 R2) or the Charms bar. Control panel? Run "control". Computer management? "compmgmt.msc" still works. Search for a file? "dir /b /s" for it, or else creative uses of "find" will work. But don't EVER call up the abomination that is the Start Screen.

Re:Odd thoughts:

[bmo]

Powershell's approach is more verbose, but it's also a little more readable

I beg to differ. I really, really beg to differ.

long.verbose.commands.that.grab.objects.are.impossible.to.read.

--
BMO

Re:Odd thoughts:

[donaldm]

Well, when you're typing out Unix commands on an teletype that's 80 characters wide, creating short options first made a lot of sense.

Graphical interfaces have been around since the 1970's and on workstations or any graphical interface you can display the equivalent of a standard 80x24 tty terminal or any sized terminal (within reason of course) so that was not the reason why creating so called short options made sense. Basically Unix people preferred efficiency in typing over long winded typing. As an example why type "copy" when you can type "cp" or "ls" when you wish to list files and directories. You can even alias commands and their options if you are using them allot so there is even less typing to do.

You should realise that Powershell is basically a copy of the Bourne Shell with allot of Microsoft additions so that they can say this is our unique command line shell.

Re:Odd thoughts:

> One thing nice about Powershell is that you can truncate options as long as they're not abmiguous. So you can make -Recursive be -Rec, or even -R, as long as there's not also a -Recreate or -Recover options. That seems to be a nice middle-ground.

I think thats a terrible idea. What happens when you have a script with -Rec used instead of -Recursive and in the next Powershell version a new option -Recreate apears? Ups..

Re:Odd thoughts:

[viperidaenz]

I was pointing out there are plenty of aliases for options and tediously long options in other operation systems other than Windows.

I know what the options do, I got them from a man page.

Re:Odd thoughts:

[viperidaenz]

Except you can use tab to auto-complete options in PowerShell, not so much in any other shell.

Re:Odd thoughts:

[viperidaenz]

The man page was from http://unixhelp.ed.ac.uk/ so not specifically GNU.

Re:Odd thoughts:

Man cp

you windows ass clown

How about "Get-Help Copy-Item" under Windows. The "cp" alias works as well.

To see the examples, type: "Get-Help Copy-Item -examples".
For more information, type: "Get-Help Copy-Item -detailed".
For technical information, type: "Get-Help Copy-Item -full".

My point if there is any doubt about the aliases or general usage of the tool, PowerShell has better documentation than the inconsistent GNU trash.

Re:Odd thoughts:

And, because the command processor knows the cmdlet and can interrogate it, you can simply use [TAB] key to auto-complete the options, whereas most other command processors only do that with filenames. (For example, "Get-Item -Fo[TAB]" ). And, yes, it will cycle through the options if you push [TAB] multiple times.

(Heck, the "ISE" shell will pop-up an intellisense-style list of possible options when you hit [TAB]!)

Re:Odd thoughts:

[nmb3000]

Agree with pretty much everything you said, but especially

Powershell is nice as a scripting language, but it's a bear as a command shell.

I've tried to use Powershell as my shell but it just doesn't feel right; however, I've written several scripts for it for file manipulation and system administration tasks. It's also nice for administering Microsoft stuff like Exchange, both as a shell and scripting engine.

Re:Odd thoughts:

[a_claudiu]

One thing nice about Powershell is that you can truncate options as long as they're not abmiguous. So you can make -Recursive be -Rec, or even -R, as long as there's not also a -Recreate or -Recover options. That seems to be a nice middle-ground.

Sounds good and cool but what is happening if "Recursive" is the only option now and tomorrow not (adding a new option/functionality Recover)? Your script which was running fine before will create an ambigous command and stop working in the new version of the shell.

Re:Odd thoughts:

You might want to do sudo cat /var/log/messages | less instead. The | is parsed by the shell, and | less is not passed on to sudo.

With sudo less, less is running with root permissions, and anything run with ! (whether by an admin who didn't think it through, or someone who just happened to walk by a console left with less open) will run as root. Thus, you might as well just do sudo su - and be done with it.

With sudo cat | less, less will run as the user, not root.

If you allow not fully trusted users sudo access, you don't want to allow sudo less at all.

Re:Odd thoughts:

[amias]

but its a wired autocomplete , i like a list of options not choose the first one.

its a dubious assumption that the first option is the most likely

Re:Odd thoughts:

Not so much in any other shell from Microsoft.

Re:Odd thoughts:

[amias]

useless use of cat award to you anonymous coward

sudo less /var/log/messages instead of sudo cat /var/log/messages | less

and

sudo -i if you want to make an interactive shell

also , never ever ever leave your shell unattended , just lock your screen

guesisng those three ommisions where why you posted as anonymous

Re: Odd thoughts:

[MurukeshM]

Didn't Windows drop the Unix subsystem in recent versions (SUA or whatever it was called)?

Re:Odd thoughts:

I am repairing someone's Win8 machine and accidentally used the "Help Search" on the tile start menu. It gave me an item for "Manage the virtual memory settings" and I clicked on it, expecting it to open the VM settings dialog.

Instead, it opened the Windows Help where it unhelpfully told me there was no help available for the help topic that it just searched for *and found*.

So Windows' "help" search found an entry for something that doesn't even exist in the Windows Help system. Windows documentation is (also?) inconsistent and hodge-podgey.

Re:Odd thoughts:

[sjames]

They have been available, but were not by any means the default. MOST Unix systems were accessed over a text terminal which might include a 300 baud modem (or even slower). Possibly using a hard copy terminal. That made short commands a good thing.

It's funny though how often that keeps coming in handy. I have been very grateful for short commands when fixing a networking problem over the very network that was having the problem. Since I didn't have to get much through it to implement the fix, it was possible.

Re:Odd thoughts:

[sjames]

Windows is wierdnix at best. CRLF indeed.

Re:Odd thoughts:

Yeah, Windows has POSIX certification - for a really old version of POSIX. One before pthreads, which makes it almost entirely useless. Linux follows POSIX better than Windows does, even if it isn't certified (and I believe some Linux vendors have actually gone through the cert process anyway), though to totally match POSIX in places where POSIX is stupid, you have to set POSIXLY_CORRECT=1 (formerly the POSIX_ME_HARDER environment variable).

Re:Odd thoughts:

[0100010001010011]

Bash auto completion?

Re:Odd thoughts:

It feels like they said "we need a command line interface because Linux and OSX have one", and then said "but our product is called 'Windows', so people should be using the mouse to do stuff - just make the command line hard to use so ordinary folk don't bother with it".

Re:Odd thoughts:

[swb]

It's also nice for administering Microsoft stuff like Exchange, both as a shell and scripting engine.

It's not just nice, it's become mandatory as Microsoft strips development resources from the Exchange GUI, either to just save money or to force SMBs into Office365 because they've made basic Exchange management/configuration onerous to novice admins.

Re:Odd thoughts:

[drinkypoo]

Bash auto completion?

Yep, every time a Microsoftie thinks that Windows has something new, I lol.

Re:Odd thoughts:

Sounds like systemd journalctl

Re:Odd thoughts:

STFU MICRO$HAFT $HILL!

Re:Odd thoughts:

[pnutjam]

yes, but I can look all those up if I know cp and --help. I can't look up a powershell command if I can't remember it fully.

Re:Odd thoughts:

[jonesy16]

Oh like in GNU/Linux/BSD utils are just kosher and standardized... please... each tiny utility comes from few other schools of command line switches and are usually different. Threre is no standardisation of switches in commands used on Linux. Usually if you need to do something comples (that you haven't yet memorized) you need to open other terminal window with manual to do it. Of course this is a different *convention* from PowerShell but PS is not that bad - it is just different.

Couldn't agree more. In fact, on the topic of SSH, it baffles me that the port option is different between ssh and scope. In ssh it's "-p" but in scp it's "-P". Who made that decision?

Re:Odd thoughts:

So people complain that Windows apps are too GUI-centric with not enough command-line options, and when Microsoft actually does something about it and makes their command line tools more Linux-like in capability, they're lambasted for ruining the GUI for novices?

Re:Odd thoughts:

I nearly always use --option, because later on, I (probably) won't have to pore over a man page trying to figure out why I typed what I typed.

Re:Odd thoughts:

Are you trying to make a joke or something? The auto-complete in powershell is horrible.

Bash auto-completes. Power shell replaces your command with something else completely unrelated. I absolutely hate it.

Re:Odd thoughts:

[deuce4208]

yep, I got into the habit of using the long options in any of bash scripts. It not only makes it more readable for me later on but also for the next person so they don't have to go look up all the options that I used. Now if I'm just typing the commands at the command line then I'll use the short options.

Re:Odd thoughts:

There is HUGE market for centralized management tools like OpenStack, Chief, Puppet, etc. - and that is at what Microsoft is aiming. Basically they need SSH compatibility to manage Linux boxes and they want and they do (Azure) manage Linux boxes.

They already have management for Linux boxes - System Center has had a Linux agent for several years. DSC now runs on Linux. I think your last statement "Any effort to bring more interoperability between those systems is welcome" is more accurate.

Re:Odd thoughts:

And has supported since v1

Re:Odd thoughts:

[fang0654]

He's refering to when you are forced to use powershell, because the gui doesn't support feature X. It is great the Windows is moving towards a command linable setup. It sucks that they are dropping support for non-command line administration.

Re:Odd thoughts:

"allot"???? ROFLMAO

Re:Odd thoughts:

* I shudder to think of how bastardized the command options are going to be, given the PowerShell's habit of using stuff like '-omgLookAtThisMassiveOptionNamingConvention', to the point where they have to alias a frickin' option...

Ha, as if practically every major *nix command line app didn't do that. Like rsync, since everybody's bringing it up: "-r" and "--recursive" being equivalent, etc. There's nothing wrong with that. Shell nerds can type concise commands, script programmers can use long option versions for better code maintainability.

Re:Odd thoughts:

[geminidomino]

There is basically no market for terminal/ssh clients

That's kind of depressing. I remember using one as part of a proprietary HIS system, back in the day. It had an cool scripting system (if it was scriptable in something that wasn't a cut-down version of VB, it would have been awesome) that could wait for output (like "expect"). I always hoped something like that would come out for general use, even if it was pay. Putty's minimalism is perfect 90% of the time, but it took the other 10% with it.

Re:Odd thoughts:

[viperidaenz]

If you keep pressing tab, it cycles through all matching options to the text you typed.

Re:Odd thoughts:

The way I log into a RDP-windowed Windows Server 2012 system is visual humor in itself: I right-click the taskbar to click "Task Manager", use it to open "File > New Task", run "cmd.exe"

Just hit the win key, and type "cmd" to open a command window. Same for any other shortcut/executable. Don't blame Windows for your inefficient workflow.

Re:Odd thoughts:

[shutdown+-p+now]

To me, the main annoyance of bash is the constant need to use grep, sed and friends to parse structured data from unstructured stdout, and also many traps with variable expansion, and need to use hacks such as xargs. But I agree that it matters more when writing scripts than when using it as an interactive shell.

OTOH, the huge problem of PS is that it only works on objects in memory. If you are interoping with a classic console app that writes to stdout, that means that you're getting a string. If you don't have enough memory for that, too bad. I also don't like the .NET object model in that role (it's fine as is, just not very appropriate as a generic structured data interop protocol).

If I had to make a list of things for a perfect shell, I'd say it should use a consistent naming scheme more like PS (but with aliases) and similar expansion rules, but get rid of the notion of passing objects around, and stick to text stream - but also define a standard structured format for them, which would probably be JSON for the sake of not reinventing the wheel.

Re:Odd thoughts:

[amias]

i know , i was saying that mostly is the wrong choice

it must have been obvious to the designers how irksome it would be
to people who are used to the bash tab complete.

Re:Odd thoughts:

[kjhambrick]

... Sure, that's functionally the equivalent of performing "sudo cat /var/log/messages", but of course one could run "sudo less /var/log/messages" and obtain the powerful features of less, such as forward and backward navigation, and not

Alas ... this was true until the systemd virus infected Linux Machines ...

-- kjh

Re:Odd thoughts:

[Blue23]

Disagree "it's more readable" in all cases. If I'm chaining together a couple of commands, piping the output from one to the next, in *nix I can see them all in my terminal window while with long options from powershell the earlier parts of the line are no longer visible. And no, that's not a corner case, that a common use case.

It is more readable for scripting though.

The truncate option seems the worst of all possible worlds on the other hand. It breaks scripts when they add functionality, so -Rec is no longer unambiguous. Plus I do -R, you do -Rec, someone else does -Recurs, someone else types ti out the whole way. Ugly to maintain over time.

Re:Odd thoughts:

[luxifr]

Alas ... this was true until the systemd virus infected Linux Machines ...

shut the fuck up... have you even seriously used it yet?

you have to learn a completely new init system - I'll give you that... but you can transport unit files from one system to another and they are very likely to work... you can override specific properties of the default units (try that with init scripts +lol+), you don't have to deal with loads of services writing to syslog and others writing their own logs either in their own subdirectory or in /var/log directly and so on and so forth... there's so much goodness in systemd...

too lazy to learn that new-fangled stuff? maybe you should switch careers away from IT entirely... seriously - get lost.. do something social or artsy or maybe become a truck driver or something... it's people like you who fuck things up because something works slightly differently than they've learned during their enterprise linux 2 certification, who cannot read plain english verbose error messages in logs or at least copy/paste them into google and still state that they know it all better and the fault lies within the stupid software containing stupid bugs a stupid programmer overlooked... you're that kind of guy...

Re:Odd thoughts:

If there is more than one option, you should get an ambiguous error thrown. Script errors out, you fix it, and move on from it 10 seconds later.

Using source from OpenSSH ...

[Alain+Williams]

In which case they will have to release the code that corresponds to binaries - would be useful for checking that there is not some little tweaks to help the NSA -- but if they have already put those into the system DLLs (eg for encryption) we would not really know. Maybe I am too cynical but I am very suspicious of what they did to skype.

Re:Using source from OpenSSH ...

[WillAffleckUW]

In which case they will have to release the code that corresponds to binaries - would be useful for checking that there is not some little tweaks to help the NSA -- but if they have already put those into the system DLLs (eg for encryption) we would not really know. Maybe I am too cynical but I am very suspicious of what they did to skype.

All your base is belong to NSA. Currently there are no non-frontdoor secure systems.

Re:Using source from OpenSSH ...

You do know that OpenSSH is ran by the OpenBSD project right? I've heard they don't like GPL that much.

Re:Using source from OpenSSH ...

OpenSSH is not released under the GPL. It is a very permissive license, which only requires that derived works be clearly marked and compatible with the OpenSSH protocol (or if incompatible called something other than ssh). Microsoft could use the OpenSSH code and do just about anything they want with it, without releasing any source code for their derived work.

Re:Using source from OpenSSH ...

In which case they will have to release the code that corresponds to binaries

No.

From the OpenSSH LICENSE file:

This file is part of the OpenSSH software.

The licences which components of this software fall under are as
follows. First, we will summarize and say that all components
are under a BSD licence, or a licence more free than that.

OpenSSH contains no GPL code.

Below that is a long list of individual license texts from contributors, all of which allow for distribution in source or binary forms, and none of which require the distribution of correspondent source code.

If you want to read it yourself just 'cat /usr/src/crypto/openssh/LICENSE' on your nearest FreeBSD box.

Re:Using source from OpenSSH ...

[cbhacking]

Does the OpenSSH license prevent making the code proprietary? I'd have guessed it was under a BSD license, which permits closed-source derived works.

Re:Using source from OpenSSH ...

Yes, the license *does* prevent "making the code proprietary," though this is often confused by many people.

Just because a person or company takes some BSD code and uses it, even writing new code based on it and releasing binaries, that does not magically make the original code proprietary. It doesn't even make the original code in their own private fork proprietary. The copyright to the original work still belongs to the original authors. The code is still licensed under the same terms.

They may choose to license their own additions however they want or keep them proprietary. Or they may choose to contribute those additions back to the community; even though (unlike with the GPL) there is no licensing requirement linked to distribution, many companies often choose to do this. Regardless, the code is always free and open and cannot suddenly become proprietary.

Re:Using source from OpenSSH ...

Just because a person or company takes some BSD code and uses it, even writing new code based on it and releasing binaries, that does not magically make the original code proprietary.

Technically correct, but you won't be able to use the original code to fix bugs in MS-SSH, so for anyone stuck with MS-SSH, that is just as useless as insisting that LibreOffice being open source makes any difference to the proprietariness of MS Office.

Re:Timeo Danaos et dona ferentes

[Penguinisto]

Betting the dude who wrote PuTTY is not in a good mood right about now...

But you know? I don't believe that Microsoft can really do much of anything in this direction; they're still charging massive amounts of money to license inferior operating systems and server application suites (If only someone would make a usable *nix-based groupware application... *sigh*).

Re:Timeo Danaos et dona ferentes

[MightyMartian]

Too bad opening an SSH into Windows will drop you into the complex abomination that is PowerShell.

Well...

[angelbar]

https://www.youtube.com/watch?...

Fuck you dice ...

And now I see Dice is embedding videos in the main page.

Fuck you Dice, you are making Slashdot shittier and shittier.

When we stop coming, don't whine.

Re: Fuck you dice ...

Dude
Adblock

Re:Fuck you dice ...

[brantondaveperson]

How about you stop coming, and then we won't have to hear you whine?

Re:Timeo Danaos et dona ferentes

[mi]

Not this time. SSH isn't a company and no one owns it.

Kerberos was not either.

MS is just trying to promote the feature of not having to install PuTTY

Just replace "PuTTY" with "Netscape" and you'll understand, what I'm talking about. Hopefully...

Re:Timeo Danaos et dona ferentes

[ls671]

name of the company: SSH Communications Security

since they grabbed a lot from open source in the beginning, I guess they allowed openssh to develop an open source version.

The original SSH version is still proprietary nowadays.

About fucking time

We've only been asking for non-assine remote powershell access for.. Well, since powershell was created.

There are methods for doing it now but hole-eee-fuck is it convoluted. Especially when you consider that there's an industry standard, secure, widely available remote console protocol/suite that's been around for decades.

Will it be a PITA to use?

[ulzeraj]

Will this work out of the box? Because you basically have to go into the server you are accessing it and type some really weird shit on winrm to be able to even run scripts and god forsake you if you want to access the console remotely. Its so fucking annoying that I've met some people who just disable HTTPS and go straight for HTTP with basic authentication.

Re:Will it be a PITA to use?

[un4given]

Of course it will be a PITA to use. It's Windows, and all of the administration tools have devolved over the years. You have horrible GUI tools, like the dreaded IIS manager, ridiculous CLI commands, like ntdsutil, diskpart and netsh. Why would this be any different?

Re:Will it be a PITA to use?

Its so fucking annoying that I've met some people who just disable HTTPS and go straight for HTTP with basic authentication.

Really? Encryption isn't that scary.

Re: Will it be a PITA to use?

Lol. Says the low iq Linux droid. Really you dime a dozen neckbeards are like a broken record.

Re:Timeo Danaos et dona ferentes

[chispito]

complex abomination

That's funny. I find PS slow and lacking basic functionality in a few areas, but "complex" is one of the last criticisms I would make. Compared to DOS or Bash, it's very straightforward and intuitive.

Rule of tumb

[ls671]

ssh and openshh: ssh is proprietary
solaris and opensolaris: solaris is proprietary
apache and no openapache: apache is open source

Come now

[s.petry]

You know it's going to be just yet another way of hacking into a Windows box.

Re:Come now

You mean you know it's going to be just another way of getting to your password for the private key you use to logon to your Linux box, and the password to the account itself for sudo or stock root account.

Re:Come now

[itsenrique]

I doubt it will be enabled by default.

Re:Timeo Danaos et dona ferentes

[JebusIsLord]

As long as by "complex abomination" you mean completely standardarized switch syntax with tab completion and integrated help.

Re:Timeo Danaos et dona ferentes

[Nuncio]

Horribly complex and unintuitive. I've never bothered to even try looking into it. I don't know why anybody would choose a CLI where single commands are entire paragraph unto themselves.

Re:Timeo Danaos et dona ferentes

Abomination? It's better than being dropped into bash, zsh, tcsh, or any other Unix shell. Everything in powershell is an object, so you can pipe objects from one program to another. You can access properties of the objects and call their methods. It's really powerful and a lot better than trying to use sed or perl to parse the output of programs in shell scripts. I wish I had something like powershell on Unix systems.

Strange bedfellows.

[nimbius]

Losing nearly a billion dollars over an 8 year period, firing four-thousand permanent staff, and being dead last in search and browser rankings will do strange things to you. Steve Ballmer shoulders some of the blame for the nosedive with his nearly cult-like adherence to the redmond ethos of embrace-extend-extinguish in the face of a brand like linux that just can't be killed with it. But to think after 15 years as other slash dotters have commented that this will make any significant dent in the status quo is self-defeating at best.

SSH gives windows users the ability to do real work, and thats a controversial sentiment but in most large corporations admins that handle LAMP, percona, or hadoop do it from a windows machine by company policy. Microsoft doesn't understand that outside of email and office, the real juggernauts of industry are so far removed from redmonds product line it may as well be a different language entirely. conceding a pittance, this ssh, and promising to commit code to openssh do two things. One, they add continued relevance to windows in an office environment that otherwise is the next prime target to be extinguished as quickly as the home market for windows. Two, they provide code to openssh not because they have any particular valuable insight to add to the project which has handled itself just fine for 15 years, but because they need to ensure their openssh implementation actually works with other well-established and quite serviceable implementations. So don't expect any real innovation.

Re:Strange bedfellows.

[Bing+Tsher+E]

Losing nearly a billion dollars over an 8 year period, firing four-thousand permanent staff, and being dead last in search and browser rankings will do strange things to you.

A billion dollars over an 8 year period for a company Microsoft's size is churn in the budget.

Firing 4000 permanent staff is lean management and a cost reduction initiative.

Microsoft makes their money from shipping products that people pay for. They don't need to spying on what gets typed into their search engine to sell to third party advertisers. Bing is a loss leader, not their do-or-die revenue bringer.

they provide code to openssh not because they have any particular valuable insight to add to the project which has handled itself just fine for 15 years, but because they need to ensure their openssh implementation actually works with other well-established and quite serviceable implementations.

When Microsoft needed a TCP/IP stack for Windows NT, they adopted the industry standard stack that was out there, in the form of the BSD implementation. Most other OS vendors did the same thing. Linux rolled their own stack, and has ended up being the odd kludge with it's own quirks and bugs. Every other OS, including Microsoft, has communications that is much more compatible.

Re:Strange bedfellows.

[jwhitener]

the real juggernauts of industry are so far removed from redmonds product

I haven't looked at the numbers in a while, but last time I checked (5 years ago maybe?) MS still dominated the small to medium business server market. Of course companies like Facebook, Google, etc.. are not using windows servers as their primary servers, but I'm pretty sure that the sum of small/medium businesses is a fairly huge number of sales.

While I'm certain that MS would be ecstatic if Google wanted to use windows servers, companies like Google are not what MS develops their servers for. Maybe this embrace of ssh means they are attempting to capture more of that 'juggernauts of industry' market?

And I can speak from experience that it feels like 50%+ of all schools are nearly 100% windows shops. We are a mix of linux/windows/solaris at my school, but I come across school after school that has bought into the MS platform hook line and sinker. A lot of that has to do with licensing. Once you get licenses for X, you often end up getting new products or existing ones for free. So every time a new project is in the product research phase, it is often faced with "well we could buy company X's linux based product which is really awesome, or we could just use MS product X which we already own as part of a site license".

Re:Timeo Danaos et dona ferentes

[Kryptonut]

Granted, Powershell 1.0 was pretty horrible, I don't get all the Powershell hate. Have you even tried to learn to use recent versions of it?

I absolutely despised it back when I was deploying Exchange 2007 RTM on Windows Server 2003, but that's going back almost a decade.

These days I use Powershell for a ton of stuff. I love the fact that everything is an object. For example, manager asks me for stats from AD, powershell script requesting user objects and filtering the appropriate fields, BAM, create a CSV, pretty it up in Excel and send it off to my manager.

Plus tying into .NET is kick ass too. I've got scripts that update and extract data from MSSQL, amongst other things. Hell, I even played with scripting text to speech alerting just to see if I could, and it was really easy!

Give it another try, it's actually a lot better

And no, before I'm labelled an MS evangelist: I've worked for 2 ISP's in 100% Linux and BSD environments and have thoroughly used at least 7 or 8 different distro's, I run Linux at home for NAS and Asterisk PBX and I own and operate 2 Macs - in addition to my Windows Desktop PC. My current role just happens to be maintaining a 90% Microsoft Environment

Re: NSA Backdoors

This is OpenSSH.

Now the other big question

[Culture20]

Regarding Windows Firewall:
The feature where you can supposedly define custom network groups for the scope. Can you finally create more than localsubnet? It would be nice to be able to define "My networks" as "x.x.x.0/24, y.y.0.0/16, 10.0.0.0/8" then set scope for multiple rules as "My networks".

I heard that WinSSH will require

that any server that it connects to has to be a member of AD ;)

Re:Timeo Danaos et dona ferentes

Microsoft has announced plans for native support for SSH in Windows.

Now I'm scared... We may, once again, see Microsoft's approach of Embrace, Extend, and Extinguish in action...

People always fear what they dont understand. Tell me exactly when this "Embrace, Extend, Extinguish" strategy from nearly 2 decades ago has ever worked, what has ever been "extinguished"?. It has been used as a constant way for the detractors to spread fear and impede progress. For fuck sake even when they release things under an MIT license you still have morons say "OMG it's EEE!"

Re:Timeo Danaos et dona ferentes

[exomondo]

Now I'm scared... We may, once again, see Microsoft's approach of Embrace, Extend, and Extinguish in action...

What exactly are you scared about? Assuming you understand what's going on here what part of that concerns you?

Re:Timeo Danaos et dona ferentes

[mi]

What exactly are you scared about?

That, for example, in order to ssh into a remote Windows system you'll have to use Microsoft's ssh-client — because they'll use some funky cipher/digest combination or some other "extension". They did it to Kerberos before...

Or that interactive logins will only work on certain terminal emulators — because nothing else will be able to properly emulate powershell's window — just imagine the termcaps entry...

In the link I gave there is a large list of Microsoft's earlier attempts to kill a standard by first adopting it — read it up...

Re:Timeo Danaos et dona ferentes

[DocHoncho]

PuTTy is already an incompatible mess all of it's own. It even has it's own special format for keys, so we get the joy of running every ssh key generated on a *nix system through puttygen.exe just to spit out some fugly PPK file. Oh, you need me to add your public key to authorized_keys? What's that you say? You used puttygen? Well fuck me, time to look up the command to convert that stupid shit again. Wonderful!

Not to mention the fractured disorganization of the configuration, the crap profile system and all the other reasons why PuTTy is a pain in the ass.

The fact that Microsoft is talking about using OpenSSH means at the very least the key files will be compatible. I have no idea why no one bothered porting OpenSSH to Windows before, but it's about damn time! I'm looking forward to a version of PuTTy (or KiTTy, actually) that uses the native OpenSSH instead of the existing legacy PuTTy implementation of SSH. I'd love to delete all those PPK files and never see another one again as long as I live.

Good ... No one else funds them.

The b*stards from the Linux Foundation never gave them a cent of the money they recieved to male critical infrastructure secure.

Wow

[koan]

Do we want a major corp like microsoft involved in this?

Re:Timeo Danaos et dona ferentes

[mi]

PuTTy is already an incompatible mess all of it's own. It even has it's own special format for keys

The second sentence implies some other incompatibilities, in addition to special format for keys. I'm not aware of anything else — could you list examples?

Well fuck me, time to look up the command to convert that stupid shit again

PuTTY's entire source-code is , whereas Microsoft's own implementation of Kerberos was binary-only and developers had to sign an NDA to learn, how to interoperate with it. I linked to that above — the story was all the rage right here on /. 15 years ago...

I have no idea why no one bothered porting OpenSSH to Windows before

Probably, because, PuTTY provided a perfectly satisfactory solution...

Uh... SSH != Unix Shell

Hey guys with poor reading comprehension...

SSH = Secure Shell, not "Run Bash over crypto securely"

All this means is that it can drop unencrypted telnet and ftp, and allow SSH connections to do all the same things you could do from the windows command line.

Y'know like "runmaliciousprogram.exe"

At least this is a step up from requiring people to use terminal services or remove KVM just to deal with goddamn windows servers.

Re: Timeo Danaos et dona ferentes

If you've never bothered to look in to it, you're clearly not informed on the subject matter. Go home, troll.

Re:Timeo Danaos et dona ferentes

[exomondo]

That, for example, in order to ssh into a remote Windows system you'll have to use Microsoft's ssh-client — because they'll use some funky cipher/digest combination or some other "extension".

In which case people would just use putty or cygwin or openssh instead, creating an incompatibility such that none of your devices can talk to Powershell is bad for Microsoft, it doesn't help them at all.

In the link I gave there is a large list of Microsoft's earlier attempts to kill a standard by first adopting it — read it up...

Firstly I can see why you had to write "attempts", because it seems none of those actually killed anything. But obviously - unless you don't understand what SSH is or its purpose - if they create an incompatibility here it is going to completely break their system making it such that Linux, BSD, iOS, Android, etc... can no longer connect to it.

Re:Timeo Danaos et dona ferentes

[DaHat]

Hell, I even played with scripting text to speech alerting just to see if I could, and it was really easy!

I know a guy who did that with a telephony system which calls him when something goes wrong then accepts voice input for what to do next... including executing a limited # of PS commands.

I've not seen the code, but like you said, I'm told it's pretty easy.

Re:Timeo Danaos et dona ferentes

[DaHat]

Betting the dude who wrote PuTTY is not in a good mood right about now...

Oh? How much do you think he was making through donations for PuTTY?

Re:Timeo Danaos et dona ferentes

[chispito]

It's really powerful and a lot better than trying to use sed or perl to parse the output of programs in shell scripts.

Exactly! It's so much better to have to pipe the output to something just to print to the console! Hurrah for objects! /s

You're misinformed. PowerShell defaults to the console.

Re:Timeo Danaos et dona ferentes

[mi]

In which case people would just use putty or cygwin or openssh instead

Or they'll expect remote servers to implement whatever changes Microsoft will require for interoperatibility. We've been through this in the 1990-ies, when Microsoft's Internet Explorer was introduced with subtle incompatibilities in HTML-rendering...

Firstly I can see why you had to write "attempts", because it seems none of those actually killed anything

Well, a successful attempt is still an attempt: Netscape died. Kerberos survived because the world wised up by then — this very site had helped by hosting an anonymous coward's post documenting Microsoft's "extensions" to Kerberos so developers world-wide could implement them without signing an NDA of their own.

if they create an incompatibility here it is going to completely break their system making it such that Linux, BSD, iOS, Android, etc... can no longer connect to it.

Or not — depending on the nature of incompatibilities and the marketing/advertising... For example, the regular connections will work, but compressed ones will not (either at all, or requiring client to support some new compression algorithm). Or port-forwarding will be disabled (or not working at all). Or WINCH will not be sent to the remote servers, when the local window is resized — or, in the other direction, arriving WINCH will be ignored or misinterpreted. The possibilities for both honest errors and deliberate breakage are immense...

Re:Timeo Danaos et dona ferentes

K. Construct a for loop in PS that lists a directory and adds the words "This is cool" to the 13th line of any file of type "text" without downloading a module.

Re:Timeo Danaos et dona ferentes

[exomondo]

Or they'll expect remote servers to implement whatever changes Microsoft will require for interoperatibility. We've been through this in the 1990-ies, when Microsoft's Internet Explorer was introduced with subtle incompatibilities in HTML-rendering...

And how has that worked out? Back then that affected personal computing - an area which Microsoft had a monopoly - and it still ultimately failed. This is across desktop, server and mobile, this conspiracy theory of yours has no chance at all, in fact you don't even posit what Microsoft would gain out of it.

Well, a successful attempt is still an attempt: Netscape died.

But it failed, you need to learn your history: Netscape lived on thanks to Mozilla and now we have IE dying in favor of open standards, Microsoft themselves are killing IE in favor a browser that does not even support proprietary extensions like ActiveX.

Or not — depending on the nature of incompatibilities and the marketing/advertising...

Incompatibilities would make people less likely to use Microsoft's implementation, not more likely. You don't seem to understand that this isn't the 90s anymore, Microsoft doesn't even come close to dominating computing these days. Breaking their product just locks them out of the market, not everybody else in.

Re: Timeo Danaos et dona ferentes

Likely that MS has no equiv. of WINCH.

Re:Timeo Danaos et dona ferentes

So everybody will convert all their systems to Windows just so they can connect to Powershell with SSH. Its like you tinfoil hat knobs have given up trying to create an even semi-plausible conspiracy theory of MS's world domination. Sure it isnt 1995 anymore but its like you have all become senile in your old age.

Re:Timeo Danaos et dona ferentes

[Antique+Geekmeister]

The user interface. It's quite poor and has no "export" or "import" tools for transferring configurations to other users, and the modifying settings for SSH tunnels or terminal or user options isn't saved until you return to the initial screen, with no information on what the changes wehre and no recovery of preivous configuraitons.

Putty is most useful when combined with a wrapper tool that manages multiple sessions more gracefully, there are several very effective free ones. Personally, I tend to use Cygwin OpenSSH so that I can use $HOME/.ssh/config files, and send them to other users, to reproduce complex configurations more effectively.

Re:Timeo Danaos et dona ferentes

if they create an incompatibility here it is going to completely break their system making it such that Linux, BSD, iOS, Android, etc... can no longer connect to it.

Duh. It will make it look like linux, bsd, ios, android are broken because they cant connect to a windows box.

Re:Timeo Danaos et dona ferentes

I have no idea why no one bothered porting OpenSSH to Windows before,

What are you talking about? There are several ports of OpenSSH to Windows, but I'm only going to mention Cygwin because all the other OpenSSH ports are proprietary crap, and in all my testing I couldn't get any of them to work.

Cygwin includes both sshd and ssh, and installing sshd is trivial as long as you're not using Windows Home. Even better than this proposed Microsoft OpenSSH, the Cygwin sshd gives you a posix sh by default (ok, bash, but a simple chsh -s will give you a good posix sh).

Also dropbear runs on Windows too.

Re:Timeo Danaos et dona ferentes

that uses the native OpenSSH instead of the existing legacy PuTTy implementation of SSH. I'd love to delete all those PPK files and never see another one again as long as I live.

Uh, why don't you just install cygwin openssh and xterm?

Openssh (both client and server) has been available for Windows for years.

Re:Timeo Danaos et dona ferentes

[styrotech]

Kerberos was not either.

Kerberos is actually a good example of how attitudes at MS have changed over the years.

http://linux.slashdot.org/stor...

MS ended up opening up their extensions so that MIT and Samba etc could implement them freely.

Re:Timeo Danaos et dona ferentes

[drinkypoo]

This doesn't compete with PuTTY, probably: odds are it will be a console-mode ssh binary just like what cygwin users have already but without a dependency on cygwin, and a server just like what cygwin users have already but with NT auth (incl. AD) rather than /etc/passwd authentication which maps to local SIDs. PuTTY does have a command-line client, but nobody is paying for that. They're paying (if they pay at all) for the interface.

sftp

[enter+to+exit]

Will the support sftp access in explorer? I could simplify a lot of my webDAV/samba stuff that way...

Re:Timeo Danaos et dona ferentes

If you don't pipe the output to something it shows the output on the console. What it shows and how much of what it shows depends on the width of your console.

Re:Timeo Danaos et dona ferentes

[Gadget_Guy]

K. Construct a for loop in PS that lists a directory and adds the words "This is cool" to the 13th line of any file of type "text" without downloading a module.

Off the top of my head (and using verbose commands to make it more obvious), I got:

dir | where -Property Extension -match '.te?xt' | foreach {

$i=0;
$s=(Get-Content $_.FullName);
$s | foreach { if ( (($i++) % 13) -eq 0) { $_+" This is cool" } else { $_ } } | Set-Content $_.FullName

}

I haven't thought of a way to do the file type determination (other than by the extension), but that will do just for a post to an AC. It can all be done on a single line; I added the line breaks and indentation so it wasn't a big line of gobbledegook. Now it is several lines of gobbledegook!

The impressive part of the tab completion of Powershell is how context sensitive it is. When I typed the where command, I entered -p<TAB> and it expanded it to -Property (although just -p would work too). But the fun part was that I could then type e<TAB> and then go through the list of property names that are returned from the dir command that begin with the letter e; first Exists, then Extension. So it was aware what was being passed to the where command on the pipeline and returning the correct properties for that object.

So if I typed the following:

get-content "file.txt" | where -Property

...and pressed the tab key, it gives me the property name of Length as it knows that it is returning a string rather than a file. The same where command will work on (and give appropriate tab completion) on a directory listing, file output, database query, or XML tree list.

Hell must have frozen over....

[gweihir]

MS is adding actually useful standard tools (well, standard outside of the MS isle of incompatibility) to windows! Good. That means we are at a stage where they cannot ignore what works anymore. As usual for MS decades late, but better late than never.

Probably concerned with authentication

[cbhacking]

Indeed. I expect one of the things they'll be looking at doing is adding support for some of Windows' built-in authentication options. For example, recent versions of RDP use machine certificates, typically with a trust-on-first-use model similar to SSH. It would be nice if SSHing into a Windows box could re-use that machine cert, and SSHing from a Windows box could take advantage of the list of IP+cert pairs that you already trust. This would require some code changes to OpenSSH though, since it is of course currently utterly unaware of Windows' certificate stores.

Also, powershell isn't really used to displaying to anything except Windows consoles. Just for the hell of it, I tried running it in xterm (which, while antique, any *nix program would be OK with) by SSHing into a Windows box. It launched, but trying to run any commands - even exit - appeared to hang (though Ctrl+C worked to exit out of PS entirely). This may not be something that Microsoft needs the help of the OpenSSH devs to fix, but it's something that needs to be fixed, regardless. If people can SSH into Powershell, then Powershell needs to be able to display to whatever console they're SSHing from.

Re:Timeo Danaos et dona ferentes

[DeVilla]

Well, a successful attempt is still an attempt: Netscape died.

But it failed, you need to learn your history: Netscape lived on thanks to Mozilla ...

Why couldn't we have been so lucky as to have Microsoft live on as Netscape has?

Re:Timeo Danaos et dona ferentes

[cbhacking]

OpenSSH has been ported to Windows a number of times. Off the top of my head:
  * Interix (POSIX subsystem running on native NT, but still technically Windows) has at least one version of OpenSSH (server and client).
  * Cygwin (emulates Unix on Win32) has OpenSSH, (server and client).
  * MSYS (a set of Unix tools ported to Win32 via MinGW) has OpenSSH (client for sure - it's installed with Git for Windows - not sure about server).

None of those are terribly well integrated with Windows' way of doing things, though. Sometimes that's a good thing - I can take my .ssh folder from a Linux box, drop it on a Windows system, and it'll work with the things listed above - but it also means that (for example) the public key used when SSHing into my Windows box is completely unrelated to the public key used when RDPing into the same box. That's silly.

Re: Timeo Danaos et dona ferentes

Simple. The ability to script. In the real world, you rarely create one account or make one change at a time in any administrative environment. Most of the time, as long as you memorize the loop part of the script, it's trivial to just replace the actions in a for, while or if statement. Imagine making a group policy change to update software and needing it to apply to a hundred client systems. You would be hard pressed to have everyone run gpupdate to apply that change or do it yourself on that many systems by hand, whereas you could script the process to run on an ip address range using a for loop. Not only could the command run on all the systems simultaneously, it makes you look like you're doing more work than you actually are. This is the epitome of CLI from an administrative point of view.

Embrace, Extend, and ...

I've seen that before: Microsoft embraces some technology. Promises to contribute to it. Extends it in non-compatible ways. Hopes their version becomes the new world standard, and the original versions slowly dies.

Re: Timeo Danaos et dona ferentes

Netscape and IE6.

Re: NSA Backdoors

OpenSSH is, er, open. There's nothing stopping the NSA from contributing in the first place. How would you know if the volunteers currently working on it aren't working for the NSA?

Re:Timeo Danaos et dona ferentes

[Ash-Fox]

You pretty much answered what I was going to answer.

Re:Timeo Danaos et dona ferentes

Oh, you need me to add your public key to authorized_keys? What's that you say? You used puttygen? Well fuck me, time to look up the command to convert that stupid shit again. Wonderful!

Puttygen does give the public key in standard ssh format. You're right about the private key, though.

OpenSSH port to Win32 already done (Re:finally)

A port was already achieved back in 2010. People wake up, including Microsoft - why are you waking up NOW?!

https://www.nomachine.com/node/2548

Mailing lists of OpenSSH
http://marc.info/?l=openssh-unix-dev&m=127323116722483&w=2

Port already done of OpenSSH to Win32 (Re:finally)

Wakey wakey Microsoft and everyone else

http://marc.info/?l=openssh-unix-dev&m=127323116722483&w=2

Hooray!

[sabbede]

I've been wrapping commands for PuTTY and using PoshSSH. A native implementation would be sweet. I wonder how big a hassle it will be to convert my putty stuff for it.

Re:Timeo Danaos et dona ferentes

[coofercat]

The Linux equivalent client for Windows SSH is called 'telnet' ;-)

I'm actually curious...

Given that WinSCP has had an API you can drive from .NET and PowerShell for years already... what functionality are people thinking they actually need here? On the other hand if you're actually wanting an SSH server on Windows there's always Cygwin and CopSSH.

Re:Timeo Danaos et dona ferentes

[evilviper]

I have no idea why no one bothered porting OpenSSH to Windows before, but it's about damn time!

Because SSH is:

...command-line oriented, and before Powershell, the Windows command-line was a complete steaming pile...

...extremely Unix oriented. Without a VT100+ emulator, SSH'ing into a Unix box is about as useful as a teletype. No exaggeration, only non-interactive commands work well. CMD/Powershell will go wonky when you try to run "links".

...not any more useful than Putty unless running on top of a good Unix environment (like Cygwin). Windows' pipes and sockets don't work like Unix pipes and sockets. There's no Windows-native rsync, cvs, svn, git, etc., that could be used together with a Windows SSH client.

Best way to make Windows tolerable is to install Cygwin, and run everything (including OpenSSH) under their rxvt terminal port.

Re:Timeo Danaos et dona ferentes

More correctly, PowerShell is happy to use various means to display the objects in the console.

Re:Timeo Danaos et dona ferentes

PuTTY is really a horrific piece of software.

Personally, I use Cygwin's version, and it's a testament to how bad PuTTY is that Cygwin's is better. I look forward to a native port of OpenSSH.

Please DON'T!

[Muad'Dave]

... they [Microsoft] also plan to contribute back to the OpenSSH project as well.

NO THANK YOU. Please keep your embrace-and-extend, security-is-a-joke grimy grippers out of the OpenSSH codebase.

also ... as well.

When I see an also, and then an as well as well, well, then I'm unhappy too.

Re:Timeo Danaos et dona ferentes

[chispito]

I doubt AC could tell the difference by looking at it, but I think he was actually asking for just the 13th line, not every 13th line. So you could replace "( (($i++) % 13) -eq 0)" with the simpler "($i -eq 12)"

Re:Timeo Danaos et dona ferentes

[exomondo]

Duh. It will make it look like linux, bsd, ios, android are broken because they cant connect to a windows box.

That might fool you but most people - particularly if they are remoting into systems - are going to be smart enough to see that an update to Windows didn't break Linux, BSD, iOS, Android, etc...

Re: Timeo Danaos et dona ferentes

Netscape and IE6.

No. Microsoft didnt "Embrace, Extend and Extinguish" Netscape, in fact Netscape didnt even die because of Microsoft, it died because Navigator 4.0 was terribly late and a steaming pile when it finally arrived. After that along came Opera and Firefox followed by Chrome to take away market share despite not supporting extensions like ActiveX. This fear of "EEE" is bullshit because that strategy has never worked, it is just a line that was put in an email that idiots have clung to and tried to apply to everything in a negative way.

Re:Timeo Danaos et dona ferentes

[shutdown+-p+now]

I wonder how freaked out you would be if I told you that the official maintainer of Python on Windows is a Microsoft employee these days.

Re:Timeo Danaos et dona ferentes

[rdnetto]

The impressive part of the tab completion of Powershell is how context sensitive it is. When I typed the where command, I entered -p and it expanded it to -Property (although just -p would work too). But the fun part was that I could then type e and then go through the list of property names that are returned from the dir command that begin with the letter e; first Exists, then Extension. So it was aware what was being passed to the where command on the pipeline and returning the correct properties for that object.

It's worth noting that this is also available in zsh, which (I believe) has always been more feature heavy than bash.

(Not to say it isn't cool that Powershell can do that, merely that bash probably isn't the best comparison.)

File system paths

[jwhitener]

Native ssh is great. But what would make it even better is if windows would give up their c:\blah\blah file system structure and standardize with linux and osx by embracing /blah/blah. So annoying when working in a mixed OS environment. Lets see, did this app need the backslash escaped, c:/\ or will it handle c:\, does it even recognize c: or just / or just \, etc..