Microsoft To Support SSH In Windows and Contribute To OpenSSH

An anonymous reader writes: Microsoft has announced plans for native support for SSH in Windows. "A popular request the PowerShell team has received is to use Secure Shell protocol and Shell session (aka SSH) to interoperate between Windows and Linux – both Linux connecting to and managing Windows via SSH and, vice versa, Windows connecting to and managing Linux via SSH. Thus, the combination of PowerShell and SSH will deliver a robust and secure solution to automate and to remotely manage Linux and Windows systems." Based on the work from this new direction, they also plan to contribute back to the OpenSSH project as well.

finally

it's only 2015 guys...

Re:finally

Just imagine the time warp when they discover rsync.

Re:finally

[Zontar+The+Mindless]

rsync is proof that God loves us and wants us to be happy.

excellent

now you can use Windows computers the way they were meant to be used, as dummy linux clients

I wonder

[John+Allsup]

Are M$ getting sensible in their old age?

Re:I wonder

[the_povinator]

The linked-to blog contains an interesting statement which could be interpreted as bashing Ballmer:

Finally, I'd like to share some background on today’s announcement, because this is the 3rd time the PowerShell team has attempted to support SSH. The first attempts were during PowerShell V1 and V2 and were rejected. Given our changes in leadership and culture, we decided to give it another try and this time, because we are able to show the clear and compelling customer value, the company is very supportive.

Re:I wonder

[slaker]

The new Microsoft CEO is much more comfortable with FOSS software. We're also seeing initiatives to support Docker containers on Windows and apt/yum/ports style software repositories and I don't think we'd have gotten any of that if Ballmer were still in charge.

Cygwin

[ls671]

You mean I don't need to install Cygwin anymore like I have been doing for the past 15 years to accomplish just that?

Next proposal: implement rsync natively...

Odd thoughts:

[Penguinisto]

* I remember joking about connecting to a 'doze server via SSH in 2005. Usually the response was a disgusted shiver.

* I guess Microsoft finally got sick of seeing PuTTY's hegemony in the terminal/SSH client market, and decided that this, *this* was a market they could finally dominate in this day and age?

* I shudder to think of how bastardized the command options are going to be, given the PowerShell's habit of using stuff like '-omgLookAtThisMassiveOptionNamingConvention', to the point where they have to alias a frickin' option...

Ah well, good on 'em. I'll stick with using Linux and OSX clients, thanks much.

Re:Odd thoughts:

[Penguinisto]

The big difference is that *nix started with short easy-to-type options... PowerShell did it the other way 'round. The difference is stark, truth be told; the former grew from a CLI mindset, whereas the latter is easing (back) into CLI from a GUI mindset.

TBH, I rarely if ever use --option unless I have to, since the original -o is right frickin' there.

Re:Odd thoughts:

[kosmosik]

> I guess Microsoft finally got sick of seeing PuTTY's hegemony in
> the terminal/SSH client market

You guess wrong. There is basically no market for terminal/ssh clients. And if it is it is peanuts. There is HUGE market for centralized management tools like OpenStack, Chief, Puppet, etc. - and that is at what Microsoft is aiming. Basically they need SSH compatibility to manage Linux boxes and they want and they do (Azure) manage Linux boxes.

> I shudder to think of how bastardized the command options are going
> to be, given the PowerShell's habit of using stuff like
> '-omgLookAtThisMassiveOptionNamingConvention', to the point where
> they have to alias a frickin' option...

Oh like in GNU/Linux/BSD utils are just kosher and standardized... please... each tiny utility comes from few other schools of command line switches and are usually different. Threre is no standardisation of switches in commands used on Linux. Usually if you need to do something comples (that you haven't yet memorized) you need to open other terminal window with manual to do it. Of course this is a different *convention* from PowerShell but PS is not that bad - it is just different.

> Ah well, good on 'em. I'll stick with using Linux and OSX clients, thanks much.

Oh OSX clients and bastardized commands. Come on... ;)

And for the record I really like Linux and use it all the time. I also happen to use Windows and OSX as clients and they are also fine. Any effort to bring more interoperability between those systems is welcome in my opinion.

Re:Odd thoughts:

[nmb3000]

Well, when you're typing out Unix commands on an teletype that's 80 characters wide, creating short options first made a lot of sense.

Powershell's approach is more verbose, but it's also a little more readable (same as long options in Linux), especially when you're dealing with things more complicated than "copy a file", such as "create AD forest trust" or "reconfigure Exchange retention policies". That said, I still tend to use short options by default.

One thing nice about Powershell is that you can truncate options as long as they're not abmiguous. So you can make -Recursive be -Rec, or even -R, as long as there's not also a -Recreate or -Recover options. That seems to be a nice middle-ground.

Re: Odd thoughts:

[Gadget_Guy]

I just tried typing help copy on my computer and it worked, yet I don't have an msdn subscription. That said, help is not installed by default. From the equally free online version of Microsoft's documention:

Windows PowerShell 3.0 does not come with help files. To download and install the help files that Get-Help reads, use the Update-Help cmdlet. You can use the Update-Help cmdlet to download and install help files for the core commands that come with Windows PowerShell and for any modules that you install. You can also use it to update the help files so that the help on your computer is never outdated.

Finally, if you want to write help for your own Powershell code, just type help about_Comment_Based_Help for details on how to do this. No need to buy any licences.

Re:Odd thoughts:

[AFCArchvile]

My biggest gripe with some Powershell commands is that their defaults are not as time-tested as the near-equivalent *nix commands. Probably the best example is "get-winevent -log System" showing all of the events in the System log (which on a given system, might be as large as 4 GB in size).

Sure, that's functionally the equivalent of performing "sudo cat /var/log/messages", but of course one could run "sudo less /var/log/messages" and obtain the powerful features of less, such as forward and backward navigation, and not loading the entire file into memory (this is a key weakness of "get-winevent" in general; if its output is piped, it is forced to load everything, therefore forcing the user to use the "-MaxEvents (int64)" switch to limit to the newest X events... and this is also setting aside the fact that Windows sorts by newest events first by default, though this can be changed with the "-Oldest" switch).

The Windows event system in general is strange when looking back at it. You have the post-Vista API (accessible with "get-winevent" or the Event Viewer), and the pre-Vista API (accessible with "get-eventlog"). There are some event sources whose events aren't rendered properly (i.e.: the description of the event will read something like "The description for Event ID X in Source Y could not be found. It contains the following insertion strings: (text)" ( https://support.microsoft.com/... ). Some will render properly only in the post-Vista API, but not the pre-Vista API. Others will render properly only in the pre-Vista API, and not the post-Vista API. To my utter surprise and bafflement, event sources such as "Ntfs" and "mpio" fall into the category of rendering properly in pre-Vista API, but not post-Vista API... in Windows Server 2012. That's right, for some reason, the events of a couple of the most critical event sources could not be fixed.

Powershell is nice as a scripting language, but it's a bear as a command shell. There have been years of complaints of slow loading, especially on systems with high disk I/O activity and/or stalled disks (it doesn't even have to be the system drive; ANY stalled disk on a Windows system may cause Powershell to stall eternally until the system is rebooted; I've seen this for years, in Server 2008 as well as Server 2012). The main reasons why the Command Prompt hasn't been entirely supplanted is because it's lightweight, and has stood the test of time for over 2 decades in NT.

I recently changed careers from a mostly-Windows role to a mostly-Linux role, and it feels great to work with bash, even if I still haven't memorized most of the higher esoteric layers of shell scripting. It feels like the shell was designed for the OS, instead of being duct-taped into a jack-of-all-trades role. The way I log into a RDP-windowed Windows Server 2012 system is visual humor in itself: I right-click the taskbar to click "Task Manager", use it to open "File -> New Task", run "cmd.exe", maybe start Powershell off to the side, and don't EVER click on the Start corner (or button if it's 2012 R2) or the Charms bar. Control panel? Run "control". Computer management? "compmgmt.msc" still works. Search for a file? "dir /b /s" for it, or else creative uses of "find" will work. But don't EVER call up the abomination that is the Start Screen.

Re:Cygwin

[the_B0fh]

No. Cygwin runs everything under one process. This will run separate processes for each SSH session, with privilege separation. Cygwin also uses its own /etc/passwd. This will use local windows users, and, hopefully, AD users.

And code will be sent upstream.

Much better if this works out.

Re:Nice

[ArmoredDragon]

Maybe. Assuming Microsoft makes a proper SSH client that is as good as PuTTY, instead of software like that piece of shit called HyperTerminal from way back when, which almost always couldn't establish a proper working terminal with anything, had basically no file transfer support (or rather, it had very buggy and limited support,) and required a very annoying (and mostly pointless) setup process each time you wanted to connect to a different host.

Then again, why not just fork and bundle PuTTY? But do something to make the sessions easily exportable (I really hate how PuTTY stores those in the registry by default.)

In fact, it would be awesome if the registry just disappeared entirely. I haven't met anybody who actually likes it, and god knows it's been a dream come true for malware authors who want to hide shit (easy to do since it's so big, maze-like, and unwieldy for anybody to sift through.)

Re:Timeo Danaos et dona ferentes

[MightyMartian]

Too bad opening an SSH into Windows will drop you into the complex abomination that is PowerShell.

Re:What do they need to contribute back?

[viperidaenz]

What piece of code would the Open SSH project possibly want from any developer?

It's not like it's defect-free software that requires no more development.
https://bugzilla.mindrot.org/s...

Come now

[s.petry]

You know it's going to be just yet another way of hacking into a Windows box.

Strange bedfellows.

[nimbius]

Losing nearly a billion dollars over an 8 year period, firing four-thousand permanent staff, and being dead last in search and browser rankings will do strange things to you. Steve Ballmer shoulders some of the blame for the nosedive with his nearly cult-like adherence to the redmond ethos of embrace-extend-extinguish in the face of a brand like linux that just can't be killed with it. But to think after 15 years as other slash dotters have commented that this will make any significant dent in the status quo is self-defeating at best.

SSH gives windows users the ability to do real work, and thats a controversial sentiment but in most large corporations admins that handle LAMP, percona, or hadoop do it from a windows machine by company policy. Microsoft doesn't understand that outside of email and office, the real juggernauts of industry are so far removed from redmonds product line it may as well be a different language entirely. conceding a pittance, this ssh, and promising to commit code to openssh do two things. One, they add continued relevance to windows in an office environment that otherwise is the next prime target to be extinguished as quickly as the home market for windows. Two, they provide code to openssh not because they have any particular valuable insight to add to the project which has handled itself just fine for 15 years, but because they need to ensure their openssh implementation actually works with other well-established and quite serviceable implementations. So don't expect any real innovation.

Re:Timeo Danaos et dona ferentes

[Kryptonut]

Granted, Powershell 1.0 was pretty horrible, I don't get all the Powershell hate. Have you even tried to learn to use recent versions of it?

I absolutely despised it back when I was deploying Exchange 2007 RTM on Windows Server 2003, but that's going back almost a decade.

These days I use Powershell for a ton of stuff. I love the fact that everything is an object. For example, manager asks me for stats from AD, powershell script requesting user objects and filtering the appropriate fields, BAM, create a CSV, pretty it up in Excel and send it off to my manager.

Plus tying into .NET is kick ass too. I've got scripts that update and extract data from MSSQL, amongst other things. Hell, I even played with scripting text to speech alerting just to see if I could, and it was really easy!

Give it another try, it's actually a lot better

And no, before I'm labelled an MS evangelist: I've worked for 2 ISP's in 100% Linux and BSD environments and have thoroughly used at least 7 or 8 different distro's, I run Linux at home for NAS and Asterisk PBX and I own and operate 2 Macs - in addition to my Windows Desktop PC. My current role just happens to be maintaining a 90% Microsoft Environment

Re:Timeo Danaos et dona ferentes

[mi]

What exactly are you scared about?

That, for example, in order to ssh into a remote Windows system you'll have to use Microsoft's ssh-client — because they'll use some funky cipher/digest combination or some other "extension". They did it to Kerberos before...

Or that interactive logins will only work on certain terminal emulators — because nothing else will be able to properly emulate powershell's window — just imagine the termcaps entry...

In the link I gave there is a large list of Microsoft's earlier attempts to kill a standard by first adopting it — read it up...

Re:Timeo Danaos et dona ferentes

[Gadget_Guy]

K. Construct a for loop in PS that lists a directory and adds the words "This is cool" to the 13th line of any file of type "text" without downloading a module.

Off the top of my head (and using verbose commands to make it more obvious), I got:

dir | where -Property Extension -match '.te?xt' | foreach {

$i=0;
$s=(Get-Content $_.FullName);
$s | foreach { if ( (($i++) % 13) -eq 0) { $_+" This is cool" } else { $_ } } | Set-Content $_.FullName

}

I haven't thought of a way to do the file type determination (other than by the extension), but that will do just for a post to an AC. It can all be done on a single line; I added the line breaks and indentation so it wasn't a big line of gobbledegook. Now it is several lines of gobbledegook!

The impressive part of the tab completion of Powershell is how context sensitive it is. When I typed the where command, I entered -p<TAB> and it expanded it to -Property (although just -p would work too). But the fun part was that I could then type e<TAB> and then go through the list of property names that are returned from the dir command that begin with the letter e; first Exists, then Extension. So it was aware what was being passed to the where command on the pipeline and returning the correct properties for that object.

So if I typed the following:

get-content "file.txt" | where -Property

...and pressed the tab key, it gives me the property name of Length as it knows that it is returning a string rather than a file. The same where command will work on (and give appropriate tab completion) on a directory listing, file output, database query, or XML tree list.

Re:Nice

[acoustix]

Maybe. Assuming Microsoft makes a proper SSH client that is as good as PuTTY, instead of software like that piece of shit called HyperTerminal...

If I remember correctly, Microsoft didn't make HyperTerminal. They either bought it or licensed its use in Windows.