Slashdot Mirror
Microsoft To Support SSH In Windows and Contribute To OpenSSH
An anonymous reader writes: Microsoft has announced plans for native support for SSH in Windows. "A popular request the PowerShell team has received is to use Secure Shell protocol and Shell session (aka SSH) to interoperate between Windows and Linux – both Linux connecting to and managing Windows via SSH and, vice versa, Windows connecting to and managing Linux via SSH. Thus, the combination of PowerShell and SSH will deliver a robust and secure solution to automate and to remotely manage Linux and Windows systems." Based on the work from this new direction, they also plan to contribute back to the OpenSSH project as well.
it's only 2015 guys...
now you can use Windows computers the way they were meant to be used, as dummy linux clients
I mean, they will take OpenSSH, compile-it for Windows, and make sure Power Shell is the default login shell. Then what? What piece of code could the Open SSH project want from Microsoft exactly?
Are M$ getting sensible in their old age?
John_Chalisque
Not this time. SSH isn't a company and no one owns it. It is a universal basic tool/technology. You can't extinguish something like that - it's here to stay. MS is just trying to promote the feature of not having to install PuTTY or Cygwin to make it useful out of the box.
You mean I don't need to install Cygwin anymore like I have been doing for the past 15 years to accomplish just that?
Next proposal: implement rsync natively...
Everything I write is lies, read between the lines.
Under the new guy, they don't seem to be doing that as much.
* I remember joking about connecting to a 'doze server via SSH in 2005. Usually the response was a disgusted shiver.
* I guess Microsoft finally got sick of seeing PuTTY's hegemony in the terminal/SSH client market, and decided that this, *this* was a market they could finally dominate in this day and age?
* I shudder to think of how bastardized the command options are going to be, given the PowerShell's habit of using stuff like '-omgLookAtThisMassiveOptionNamingConvention', to the point where they have to alias a frickin' option...
Ah well, good on 'em. I'll stick with using Linux and OSX clients, thanks much.
Quo usque tandem abutere, Nimbus, patientia nostra?
In which case they will have to release the code that corresponds to binaries - would be useful for checking that there is not some little tweaks to help the NSA -- but if they have already put those into the system DLLs (eg for encryption) we would not really know. Maybe I am too cynical but I am very suspicious of what they did to skype.
No. Cygwin runs everything under one process. This will run separate processes for each SSH session, with privilege separation. Cygwin also uses its own /etc/passwd. This will use local windows users, and, hopefully, AD users.
And code will be sent upstream.
Much better if this works out.
Or Windows still won't be able to run Power Shell scripts by default?
It takes 15 seconds to change this setting. If you don't know how to google the correct cmdlet, you probably didn't have anything useful to do in PS anyway. If you're in an enterprise environment, use GPO. Besides, there are plenty of things to do on the fly in the shell that do not require script execution.
The Daddy casts sleep on the Baby. The Baby resists!
Betting the dude who wrote PuTTY is not in a good mood right about now...
But you know? I don't believe that Microsoft can really do much of anything in this direction; they're still charging massive amounts of money to license inferior operating systems and server application suites (If only someone would make a usable *nix-based groupware application... *sigh*).
Quo usque tandem abutere, Nimbus, patientia nostra?
Maybe. Assuming Microsoft makes a proper SSH client that is as good as PuTTY, instead of software like that piece of shit called HyperTerminal from way back when, which almost always couldn't establish a proper working terminal with anything, had basically no file transfer support (or rather, it had very buggy and limited support,) and required a very annoying (and mostly pointless) setup process each time you wanted to connect to a different host.
Then again, why not just fork and bundle PuTTY? But do something to make the sessions easily exportable (I really hate how PuTTY stores those in the registry by default.)
In fact, it would be awesome if the registry just disappeared entirely. I haven't met anybody who actually likes it, and god knows it's been a dream come true for malware authors who want to hide shit (easy to do since it's so big, maze-like, and unwieldy for anybody to sift through.)
Too bad opening an SSH into Windows will drop you into the complex abomination that is PowerShell.
The world's burning. Moped Jesus spotted on I50. Details at 11.
https://www.youtube.com/watch?...
-no sig today-
And now I see Dice is embedding videos in the main page.
Fuck you Dice, you are making Slashdot shittier and shittier.
When we stop coming, don't whine.
Kerberos was not either.
Just replace "PuTTY" with "Netscape" and you'll understand, what I'm talking about. Hopefully...
In Soviet Washington the swamp drains you.
name of the company: SSH Communications Security
since they grabbed a lot from open source in the beginning, I guess they allowed openssh to develop an open source version.
The original SSH version is still proprietary nowadays.
Everything I write is lies, read between the lines.
> Next proposal: implement rsync natively...
Rsync fails on Windows/Unix interactions due to basic filesystem architecture. There are lot of differences betweeen NTFS and *nix filesystems like ACLs, timestamping and so on. So I don't really get how Microsoft could change rsync to work with NTFS since the problem is not in rsync but in general differences in which filesystems work - f.e. how to accurately map Windows ACLs to unix ACLs?
Also I don't think that rsync support is something Microsoft clients (as in people who buy their products) are looking for. Ability to run Linux systems via GPO or SCCM/SCOM/whatever it is named now is another matter.
Not to mention such trivial things as how to translate paths f.e. C:\Users\foo to /home/foo or whatever. I don't think it is a problem which rsync should solve - it (if Microsoft ever embraces such idea) should be solved in lower layer than userland.
The best managing (IMHO) of Windows ACLs with UNIX permissions I've seen would be the EMC Isilons. You can lop off all permissions except the bare UNIX ones (user, group, rwx), use Windows permissions for everything, and stuff in between.
Adding GPO friendliness to Linux would go a long way in getting more boxes on the desktop The biggest reason why Windows is the primary desktop OS is because it has a lot of management tools.
Now here is the ironic thing. MS doesn't lose if Linux gains. For example, they make money on almost all Android devices, and if MS moves to selling their programs Linux, they will be able to tell distribution makes exactly what they want, and the distro makers will do it, just because there would be a high demand for a Linux box to do AD, SQL Server, or other tasks.
tl;dr, both MS and Linux would win big. Especially if Windows had the ability to run Linux applications in Hyper-V wrapped Docker containers.
You seems like you have been trying to use it, haven't you? Like most open source solutions, you might have to tweak it a bit to get it to do what you want and then again, you have to make compromise. But be assured it works in a satisfactory way for me. Just get a proprietary solution if you can't make it work as you wish. Oh my god, I just realized you sounded like a guy that would choose the later solution ;-)
I know what you are saying although and there is some truth to it.
Take care man ;-)
Everything I write is lies, read between the lines.
Will this work out of the box? Because you basically have to go into the server you are accessing it and type some really weird shit on winrm to be able to even run scripts and god forsake you if you want to access the console remotely. Its so fucking annoying that I've met some people who just disable HTTPS and go straight for HTTP with basic authentication.
complex abomination
That's funny. I find PS slow and lacking basic functionality in a few areas, but "complex" is one of the last criticisms I would make. Compared to DOS or Bash, it's very straightforward and intuitive.
The Daddy casts sleep on the Baby. The Baby resists!
ssh and openshh: ssh is proprietary
solaris and opensolaris: solaris is proprietary
apache and no openapache: apache is open source
Everything I write is lies, read between the lines.
I know. However it means that I can't use Power Shell in software that I develop since I need to use it on many different PCs. So I am still stuck with .cmd when I need to script something on Windows.
> tl;dr, both MS and Linux would win big. Especially if Windows had the
> ability to run Linux applications in Hyper-V wrapped Docker containers.
Just run Linux kernel in hypervisor and do some glue to map Linux/UNIX convetions (process management/filesystem/networking/etc.) to Windows host. But that is problematic - you can do it in many ways (like you've said EMC is the way you like it). I guess the problem is that we need to have some standards regarding on how to map such things and the best way possible would be to the vendor (Microsoft) to define that with open and true intentions of interoperability. As you've said everyone would benefit from that.
You know it's going to be just yet another way of hacking into a Windows box.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
> You seems like you have been trying to use it, haven't you? Like most
> open source solutions, you might have to tweak it a bit to get it to do what
> you want and then again, you have to make compromise.
Sorry I am an professional - for my clients I advice and implement what is best for them so in general I avoid tweaking (as in unstadarised hacks). Tweaking is good for my home machines but what I do on home machines I would not recommend to clients who just wish to do their business.
> But be assured it works in a satisfactory way for me.
What? Rsync and NTFS? I don't know what is satisfactory for you but I assume you that it is not for me. In cases that I would choose to use rsync over f.e. Windows DFS it would just not work - like it will lose Active Directory ACL's. Rsync is fine tool for mirroring archives but it is not compatible in advanced Linux/Windows setups.
> Just get a proprietary solution if you can't make it work as you wish.
Which one?
> Oh my god, I just realized you sounded like a guy that would ;-)
> choose the later solution
I would - why not? I am not rms
> I know what you are saying although and there is some truth to it.
Why "some" truth? You haven't contradicted any of my arguments. The truth is that Linux and Windows filesystems differ in loads of subtle manners (like timestamping, ACLs, internal compression, namespaces) and rsync as codebase *shouldn't* implement a glue between those systems - that should be hadled *lower* (like Cygwin does).
Hopefully Microsoft will decide to act on that fact but keep in mind that in their best inerest it is to manage Linux systems, not the other way.
As long as by "complex abomination" you mean completely standardarized switch syntax with tab completion and integrated help.
Jeremy
Abomination? It's better than being dropped into bash, zsh, tcsh, or any other Unix shell. Everything in powershell is an object, so you can pipe objects from one program to another. You can access properties of the objects and call their methods. It's really powerful and a lot better than trying to use sed or perl to parse the output of programs in shell scripts. I wish I had something like powershell on Unix systems.
Losing nearly a billion dollars over an 8 year period, firing four-thousand permanent staff, and being dead last in search and browser rankings will do strange things to you. Steve Ballmer shoulders some of the blame for the nosedive with his nearly cult-like adherence to the redmond ethos of embrace-extend-extinguish in the face of a brand like linux that just can't be killed with it. But to think after 15 years as other slash dotters have commented that this will make any significant dent in the status quo is self-defeating at best.
SSH gives windows users the ability to do real work, and thats a controversial sentiment but in most large corporations admins that handle LAMP, percona, or hadoop do it from a windows machine by company policy. Microsoft doesn't understand that outside of email and office, the real juggernauts of industry are so far removed from redmonds product line it may as well be a different language entirely. conceding a pittance, this ssh, and promising to commit code to openssh do two things. One, they add continued relevance to windows in an office environment that otherwise is the next prime target to be extinguished as quickly as the home market for windows. Two, they provide code to openssh not because they have any particular valuable insight to add to the project which has handled itself just fine for 15 years, but because they need to ensure their openssh implementation actually works with other well-established and quite serviceable implementations. So don't expect any real innovation.
Good people go to bed earlier.
Granted, Powershell 1.0 was pretty horrible, I don't get all the Powershell hate. Have you even tried to learn to use recent versions of it?
I absolutely despised it back when I was deploying Exchange 2007 RTM on Windows Server 2003, but that's going back almost a decade.
These days I use Powershell for a ton of stuff. I love the fact that everything is an object. For example, manager asks me for stats from AD, powershell script requesting user objects and filtering the appropriate fields, BAM, create a CSV, pretty it up in Excel and send it off to my manager.
Plus tying into .NET is kick ass too. I've got scripts that update and extract data from MSSQL, amongst other things. Hell, I even played with scripting text to speech alerting just to see if I could, and it was really easy!
Give it another try, it's actually a lot better
And no, before I'm labelled an MS evangelist: I've worked for 2 ISP's in 100% Linux and BSD environments and have thoroughly used at least 7 or 8 different distro's, I run Linux at home for NAS and Asterisk PBX and I own and operate 2 Macs - in addition to my Windows Desktop PC. My current role just happens to be maintaining a 90% Microsoft Environment
hehe, that's exactly what I was saying and I understand. Peace.
Everything I write is lies, read between the lines.
Regarding Windows Firewall:
The feature where you can supposedly define custom network groups for the scope. Can you finally create more than localsubnet? It would be nice to be able to define "My networks" as "x.x.x.0/24, y.y.0.0/16, 10.0.0.0/8" then set scope for multiple rules as "My networks".
Now I'm scared... We may, once again, see Microsoft's approach of Embrace, Extend, and Extinguish in action...
What exactly are you scared about? Assuming you understand what's going on here what part of that concerns you?
That, for example, in order to ssh into a remote Windows system you'll have to use Microsoft's ssh-client — because they'll use some funky cipher/digest combination or some other "extension". They did it to Kerberos before...
Or that interactive logins will only work on certain terminal emulators — because nothing else will be able to properly emulate powershell's window — just imagine the termcaps entry...
In the link I gave there is a large list of Microsoft's earlier attempts to kill a standard by first adopting it — read it up...
In Soviet Washington the swamp drains you.
PuTTy is already an incompatible mess all of it's own. It even has it's own special format for keys, so we get the joy of running every ssh key generated on a *nix system through puttygen.exe just to spit out some fugly PPK file. Oh, you need me to add your public key to authorized_keys? What's that you say? You used puttygen? Well fuck me, time to look up the command to convert that stupid shit again. Wonderful!
Not to mention the fractured disorganization of the configuration, the crap profile system and all the other reasons why PuTTy is a pain in the ass.
The fact that Microsoft is talking about using OpenSSH means at the very least the key files will be compatible. I have no idea why no one bothered porting OpenSSH to Windows before, but it's about damn time! I'm looking forward to a version of PuTTy (or KiTTy, actually) that uses the native OpenSSH instead of the existing legacy PuTTy implementation of SSH. I'd love to delete all those PPK files and never see another one again as long as I live.
Celebrity worship is a poor substitute for Deity worship and costs more to boot.
Just get a certificate and sign the script. If you're gonna be distributing it to users who: A) aren't on a network you control (else you'd be able to change the policy via the network), and B) aren't technical enough to run the command (thus, definately not good enough to make sure your script isn't malicious), you really owe it to them to sign it.
No, its not expensive. Don't pretend it is.
So you've never met a Gnome developer?
Do we want a major corp like microsoft involved in this?
"If any question why we died, Tell them because our fathers lied."
The second sentence implies some other incompatibilities, in addition to special format for keys. I'm not aware of anything else — could you list examples?
PuTTY's entire source-code is , whereas Microsoft's own implementation of Kerberos was binary-only and developers had to sign an NDA to learn, how to interoperate with it. I linked to that above — the story was all the rage right here on /. 15 years ago...
Probably, because, PuTTY provided a perfectly satisfactory solution...
In Soviet Washington the swamp drains you.
Are they forgetting who runs OpenSSH?
Most people who have any valuable contributions are more interested in code than historical politicking.
If you've never bothered to look in to it, you're clearly not informed on the subject matter. Go home, troll.
That, for example, in order to ssh into a remote Windows system you'll have to use Microsoft's ssh-client — because they'll use some funky cipher/digest combination or some other "extension".
In which case people would just use putty or cygwin or openssh instead, creating an incompatibility such that none of your devices can talk to Powershell is bad for Microsoft, it doesn't help them at all.
In the link I gave there is a large list of Microsoft's earlier attempts to kill a standard by first adopting it — read it up...
Firstly I can see why you had to write "attempts", because it seems none of those actually killed anything. But obviously - unless you don't understand what SSH is or its purpose - if they create an incompatibility here it is going to completely break their system making it such that Linux, BSD, iOS, Android, etc... can no longer connect to it.
I know a guy who did that with a telephony system which calls him when something goes wrong then accepts voice input for what to do next... including executing a limited # of PS commands.
I've not seen the code, but like you said, I'm told it's pretty easy.
Help Brendan pay off his student loans
Oh? How much do you think he was making through donations for PuTTY?
Help Brendan pay off his student loans
No more than VLC, firefox, or a ton of other popular open source programs are.
To which I mean, these programs have seen scamware sites create trojanized copies that they then pay to get first listing as an ad for in search engines. It's technically not illegal nor is it against the GPL.
The only part that is actually illegal is where the scam artist actually use information gleaned for illicit purposes.
Bing is actually a popular place for these kinds of ads, by the way, because Microsoft seems to do even less vetting of its ad sources than Google does (my guess is maybe they aren't terribly concerned if ad based business models are believed to be flawed by the larger public? Either that or Bing is so unprofitable that they can't afford to vet it better.)
It's really powerful and a lot better than trying to use sed or perl to parse the output of programs in shell scripts.
Exactly! It's so much better to have to pipe the output to something just to print to the console! Hurrah for objects! /s
You're misinformed. PowerShell defaults to the console.
The Daddy casts sleep on the Baby. The Baby resists!
Or they'll expect remote servers to implement whatever changes Microsoft will require for interoperatibility. We've been through this in the 1990-ies, when Microsoft's Internet Explorer was introduced with subtle incompatibilities in HTML-rendering...
Well, a successful attempt is still an attempt: Netscape died. Kerberos survived because the world wised up by then — this very site had helped by hosting an anonymous coward's post documenting Microsoft's "extensions" to Kerberos so developers world-wide could implement them without signing an NDA of their own.
Or not — depending on the nature of incompatibilities and the marketing/advertising... For example, the regular connections will work, but compressed ones will not (either at all, or requiring client to support some new compression algorithm). Or port-forwarding will be disabled (or not working at all). Or WINCH will not be sent to the remote servers, when the local window is resized — or, in the other direction, arriving WINCH will be ignored or misinterpreted. The possibilities for both honest errors and deliberate breakage are immense...
In Soviet Washington the swamp drains you.
Or they'll expect remote servers to implement whatever changes Microsoft will require for interoperatibility. We've been through this in the 1990-ies, when Microsoft's Internet Explorer was introduced with subtle incompatibilities in HTML-rendering...
And how has that worked out? Back then that affected personal computing - an area which Microsoft had a monopoly - and it still ultimately failed. This is across desktop, server and mobile, this conspiracy theory of yours has no chance at all, in fact you don't even posit what Microsoft would gain out of it.
Well, a successful attempt is still an attempt: Netscape died.
But it failed, you need to learn your history: Netscape lived on thanks to Mozilla and now we have IE dying in favor of open standards, Microsoft themselves are killing IE in favor a browser that does not even support proprietary extensions like ActiveX.
Or not — depending on the nature of incompatibilities and the marketing/advertising...
Incompatibilities would make people less likely to use Microsoft's implementation, not more likely. You don't seem to understand that this isn't the 90s anymore, Microsoft doesn't even come close to dominating computing these days. Breaking their product just locks them out of the market, not everybody else in.
The user interface. It's quite poor and has no "export" or "import" tools for transferring configurations to other users, and the modifying settings for SSH tunnels or terminal or user options isn't saved until you return to the initial screen, with no information on what the changes wehre and no recovery of preivous configuraitons.
Putty is most useful when combined with a wrapper tool that manages multiple sessions more gracefully, there are several very effective free ones. Personally, I tend to use Cygwin OpenSSH so that I can use $HOME/.ssh/config files, and send them to other users, to reproduce complex configurations more effectively.
You've never called Theo de Raadt's or his fanboy's uber l33t s00per-sekrit-sauciness into question. Just remember, roughly 90% of all SSH private keys are still kept unencrypted, and if ever you call into question leaving this as the default behavior for the SSH key generator, or if you ever call into question the "there is no way to clear out old host keys from known_hosts other than with a text editor" policy, well then....
**** Let the fireworks begin!!!!! ***
It involves more than a little bit of tweaking. Files that are "locked" on the Windows side make rsync hang, and fail when accessed over an rsync/SSH connection. This particularly includes the Outlook ".PST" file, the email storage file that is one of the most critical files to back up on a personal system.
Having to sign the script completely defeats the purpose of having scripts in the first place. I want scripts because:
1. no need to compile anything
2. can be edited right away on any PC using a text editor, and executed again
3. no need to install any framework or runtime.
I can distribute and run a .exe on any PC anyway. Why couldn't I do the same with a Power Shell script?
Rsync fails on Windows/Unix interactions due to basic filesystem architecture.
Uh what? I use it all the time between Windows and Unix, Windows and Android... it works fine. If there are any problems, they are abstracted away by the client and/or server and I don't notice them at all.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Indeed, you have to rsync when all file handles are closed.
Everything I write is lies, read between the lines.
Kerberos is actually a good example of how attitudes at MS have changed over the years.
http://linux.slashdot.org/stor...
MS ended up opening up their extensions so that MIT and Samba etc could implement them freely.
Thinking twice, then again, you can still tweak with file locking strategies.
Everything I write is lies, read between the lines.
In the end, never say it is impossible. It's like arguing implosion won't prevail in Manhattan.
Everything I write is lies, read between the lines.
No. Cygwin runs everything under one process.
buh?
So uh, what's the difference? Looks like all cygwin is missing is proper authentication. AFAIK it maps UIDs to SIDs, but yes, is missing AD support.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
This doesn't compete with PuTTY, probably: odds are it will be a console-mode ssh binary just like what cygwin users have already but without a dependency on cygwin, and a server just like what cygwin users have already but with NT auth (incl. AD) rather than /etc/passwd authentication which maps to local SIDs. PuTTY does have a command-line client, but nobody is paying for that. They're paying (if they pay at all) for the interface.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Will the support sftp access in explorer? I could simplify a lot of my webDAV/samba stuff that way...
K. Construct a for loop in PS that lists a directory and adds the words "This is cool" to the 13th line of any file of type "text" without downloading a module.
Off the top of my head (and using verbose commands to make it more obvious), I got:
dir | where -Property Extension -match '.te?xt' | foreach {
$i=0;$s=(Get-Content $_.FullName);
$s | foreach { if ( (($i++) % 13) -eq 0) { $_+" This is cool" } else { $_ } } | Set-Content $_.FullName
}
I haven't thought of a way to do the file type determination (other than by the extension), but that will do just for a post to an AC. It can all be done on a single line; I added the line breaks and indentation so it wasn't a big line of gobbledegook. Now it is several lines of gobbledegook!
The impressive part of the tab completion of Powershell is how context sensitive it is. When I typed the where command, I entered -p<TAB> and it expanded it to -Property (although just -p would work too). But the fun part was that I could then type e<TAB> and then go through the list of property names that are returned from the dir command that begin with the letter e; first Exists, then Extension. So it was aware what was being passed to the where command on the pipeline and returning the correct properties for that object.
So if I typed the following:
get-content "file.txt" | where -Property
...and pressed the tab key, it gives me the property name of Length as it knows that it is returning a string rather than a file. The same where command will work on (and give appropriate tab completion) on a directory listing, file output, database query, or XML tree list.
What I would like to see is not just a command-line SSH client, but also native support for files over SCP in Windows explorer. Just about any Linux desktop out there will let you type "smb://" to access Windows shares, "sftp://" to access files over SSH, "ftp://" for FTP, etc. I always find going back to Windows very frustrating when I have to move files between machines.
MS is adding actually useful standard tools (well, standard outside of the MS isle of incompatibility) to windows! Good. That means we are at a stage where they cannot ignore what works anymore. As usual for MS decades late, but better late than never.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Indeed. I expect one of the things they'll be looking at doing is adding support for some of Windows' built-in authentication options. For example, recent versions of RDP use machine certificates, typically with a trust-on-first-use model similar to SSH. It would be nice if SSHing into a Windows box could re-use that machine cert, and SSHing from a Windows box could take advantage of the list of IP+cert pairs that you already trust. This would require some code changes to OpenSSH though, since it is of course currently utterly unaware of Windows' certificate stores.
Also, powershell isn't really used to displaying to anything except Windows consoles. Just for the hell of it, I tried running it in xterm (which, while antique, any *nix program would be OK with) by SSHing into a Windows box. It launched, but trying to run any commands - even exit - appeared to hang (though Ctrl+C worked to exit out of PS entirely). This may not be something that Microsoft needs the help of the OpenSSH devs to fix, but it's something that needs to be fixed, regardless. If people can SSH into Powershell, then Powershell needs to be able to display to whatever console they're SSHing from.
There's no place I could be, since I've found Serenity...
Well, a successful attempt is still an attempt: Netscape died.
But it failed, you need to learn your history: Netscape lived on thanks to Mozilla ...
Why couldn't we have been so lucky as to have Microsoft live on as Netscape has?
You are eaten by a Grue. Better luck next time.
"So long and thanks for all the fish."
OpenSSH has been ported to Windows a number of times. Off the top of my head:
* Interix (POSIX subsystem running on native NT, but still technically Windows) has at least one version of OpenSSH (server and client).
* Cygwin (emulates Unix on Win32) has OpenSSH, (server and client).
* MSYS (a set of Unix tools ported to Win32 via MinGW) has OpenSSH (client for sure - it's installed with Git for Windows - not sure about server).
None of those are terribly well integrated with Windows' way of doing things, though. Sometimes that's a good thing - I can take my .ssh folder from a Linux box, drop it on a Windows system, and it'll work with the things listed above - but it also means that (for example) the public key used when SSHing into my Windows box is completely unrelated to the public key used when RDPing into the same box. That's silly.
There's no place I could be, since I've found Serenity...
Simple. The ability to script. In the real world, you rarely create one account or make one change at a time in any administrative environment. Most of the time, as long as you memorize the loop part of the script, it's trivial to just replace the actions in a for, while or if statement. Imagine making a group policy change to update software and needing it to apply to a hundred client systems. You would be hard pressed to have everyone run gpupdate to apply that change or do it yourself on that many systems by hand, whereas you could script the process to run on an ip address range using a for loop. Not only could the command run on all the systems simultaneously, it makes you look like you're doing more work than you actually are. This is the epitome of CLI from an administrative point of view.
I don't know the protocols in detail, but isn't CIFS/SMBFS much better suited for random access than SCP/SFTP is?
It sounds like you just want to complain, no matter what. If you want to distribute scripts to others then sign them. Problem solved.
If your users want to edit the scripts then they can change their Powershell security policy allowing them to make all the script updates that they want. Problem solved.
In the meantime, the rest of the world who don't use nor care about Powershell just want to have a computer that is protected from malware attacks. They can live a little safer since Microsoft blocked the Powershell attack vector by default. Problem solved.
This is the way security defaults should be. If the ActiveX defaults had been secure by default in the early versions of Internet Explorer then the browser would not have had the bad reputation that it deservedly received. Sure it made it easier for developers (like you) to run their code on their users' systems, but it did so at the cost of security of the majority of people who didn't want that facility.
It is useless to resist us.
Everything I write is lies, read between the lines.
Because this is a direct outcome of configuring secure-by-default. It's there to stop people shooting themselves in the foot the first time they try. Don't like it? Try one of the FIFTEEN WAYS you can run a powershell script without requiring a policy change.
I personally prefer #9 but YMMV.
OpenSSH is, er, open. There's nothing stopping the NSA from contributing in the first place. How would you know if the volunteers currently working on it aren't working for the NSA?
You pretty much answered what I was going to answer.
Change is certain; progress is not obligatory.
Not particularly. CIFS/SMBFS is better suited for enforcing file locking however.
Change is certain; progress is not obligatory.
I've been wrapping commands for PuTTY and using PoshSSH. A native implementation would be sweet. I wonder how big a hassle it will be to convert my putty stuff for it.
If there are critical files that cannot be reliably accessed and have to be excluded simply because they are "open", then rsync over SSH cannot be a reliable backup tool. The files that are "open" will be those most critical and often in use, such as email backup and critical spreadsheets. One can get rsync to back up the rest of the filesystem more reliably by doing a CIFS mount of the files elsewhere, such as mounting it to a Linux systerm, and simply ignoring the complexities of Windows file ownership. Since the "C:" drive is almost always exported as the hidden "C$" share, it's almost always available if you have the credentials.
I've had quite a bit of amusement showing this little technique to Windows admins who insisted they needed remote console access to review the status of their internal systems.
The Linux equivalent client for Windows SSH is called 'telnet' ;-)
Having to change the security policy on every PC where my script will run is a total pain. I might as well compile an executable. .CMDs.
If ActiveX was disabled by default (for security) it would never have been used to begin with. And that's the reason why nobody uses Power Shell and lots of people still use
Given that WinSCP has had an API you can drive from .NET and PowerShell for years already... what functionality are people thinking they actually need here? On the other hand if you're actually wanting an SSH server on Windows there's always Cygwin and CopSSH.
Having to change the security policy on every PC where my script will run is a total pain.
Can't you read? You don't have to change the security policy if you just sign your script.
You only have to change the policy if you want to edit a script on that PC, and if you do that then surely you are sitting at the workstation and are able to issue to one single command that is needed. If you can't issue the one command required then you have no business trying to edit a Powershell script.
Having to sign it is a pain. As I said, I prefer to compile an executable than to sign a script.
And, in all likelihood, native (MS-)Kerberos.
Because SSH is:
Best way to make Windows tolerable is to install Cygwin, and run everything (including OpenSSH) under their rxvt terminal port.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
Maybe. Assuming Microsoft makes a proper SSH client that is as good as PuTTY, instead of software like that piece of shit called HyperTerminal...
If I remember correctly, Microsoft didn't make HyperTerminal. They either bought it or licensed its use in Windows.
"A plan fiendishly clever in its intricacies"- Homer Simpson
... they [Microsoft] also plan to contribute back to the OpenSSH project as well.
NO THANK YOU. Please keep your embrace-and-extend, security-is-a-joke grimy grippers out of the OpenSSH codebase.
Tiller's Rule: Never use a word in written form that you've only heard and never read. You will end up looking foolish.
I doubt AC could tell the difference by looking at it, but I think he was actually asking for just the 13th line, not every 13th line. So you could replace "( (($i++) % 13) -eq 0)" with the simpler "($i -eq 12)"
The Daddy casts sleep on the Baby. The Baby resists!
Cygwin has had a port of openssh to windows far, far longer than that
Duh. It will make it look like linux, bsd, ios, android are broken because they cant connect to a windows box.
That might fool you but most people - particularly if they are remoting into systems - are going to be smart enough to see that an update to Windows didn't break Linux, BSD, iOS, Android, etc...
I wonder how freaked out you would be if I told you that the official maintainer of Python on Windows is a Microsoft employee these days.
There can be different users and groups between *nix machines and still rsync works fine in such situation, so it must have solved this issue in principle already.
The impressive part of the tab completion of Powershell is how context sensitive it is. When I typed the where command, I entered -p and it expanded it to -Property (although just -p would work too). But the fun part was that I could then type e and then go through the list of property names that are returned from the dir command that begin with the letter e; first Exists, then Extension. So it was aware what was being passed to the where command on the pipeline and returning the correct properties for that object.
It's worth noting that this is also available in zsh, which (I believe) has always been more feature heavy than bash.
(Not to say it isn't cool that Powershell can do that, merely that bash probably isn't the best comparison.)
Most human behaviour can be explained in terms of identity.
Native ssh is great. But what would make it even better is if windows would give up their c:\blah\blah file system structure and standardize with linux and osx by embracing /blah/blah. So annoying when working in a mixed OS environment. Lets see, did this app need the backslash escaped, c:/\ or will it handle c:\, does it even recognize c: or just / or just \, etc..
lol