Microsoft Publishes OpenSSH For Windows Code

An anonymous reader writes: Microsoft has published early source code for its OpenSSH-for-Windows port for developers to pick apart and improve. In a blog post on Monday, Steve Lee – the PowerShell team's principal software engineer manager – said Redmond has finished early work on a Windows port of OpenSSH 7.1, built in a joint-effort with NoMachine. Their rough roadmap from here: 1) Leverage Windows crypto APIs instead of OpenSSL/LibreSSL and run as Windows Service. 2) Address POSIX compatibility concerns. 3) Stabilize the code and address reported issues. 4) Production quality release.

Leverage?

[cyber-vandal]

You mean use?

Re:Will it tunnel applications?

[ewhac]

I'm sorry; tunneling will only be available in SSH for Windows Server 2012 Enterprise (7 connections max; see your Microsoft rep for additional connection licenses).

</SNARK>

Re:They already are

[ralphsiegler]

very funny, windows only does posix 1 which is 1990. you must be confusing window's level of posix compliance with something that is actually useful.

Re:putty

[danbob999]

it's a server, not a client

Re:"to pick apart and improve"

[vux984]

How would this improve it?

Maybe ... key management; using the windows platform key stores. Integration with active directory etc.

Re:Will it tunnel applications?

[Minwee]

If I can expect a windows machine to have an ssh daemon capable of tunneling the RDP port to my machine locally, I would be gaining a lot. Such as no longer exposing RDP directly to the client via a VPN.

ssh -L 3389:127.0.0.1:3389 myusername@somewindowsserver

Run that, and then try to connect to remote desktop on your local machine. It works with any proper SSH server, including Cygwin. Do you have any other requests?

Re:This will end well

You're right. Windows would never do something so careless as sharing network passwords in an insecure manner.

We all just need to get over it.

Re:IT'S A TR...REPEAT!

[ArmoredDragon]

I think the $64,000 question is whether or not Microsoft will continue to update their SSH implementation as new features are added to the standard, and if they'll support everything that SSH is known for (i.e. SFTP/SCP, tunneling, etc.)

A somewhat nightmare scenario is that they just add initial (and possibly even broken) support for it that is feature incomplete, and as a result, you start seeing new SSH clients come around that are broken and/or only work with the Microsoft implementation. In other words, kind of like what Microsoft did to ruin HTML4.

It got better.

[cbhacking]

While what you say was roughly true (though MS themselves used it internally to do things like host Hotmail for years) for the early versions, Interix (the name of the runtime environment - or pseudo-OS - that ran in the POSIX subsystem) versions 3.5 (XP) through 6.1 (Win7) were all quite usable. They added features that made it a lot more capable than most people seem to realize. I'm not claiming it didn't still have limitations (mostly in the forms of APIs that are common on modern *nix-like systems being missing) or bugs (though the 6.1 release quashed most of the worst of those), but it was quite usable and in many ways (speed, user account management, file system conventions, etc.) better than Cygwin.

The most obviously missing thing, in terms of day-to-day usability, was software package support; you could build your own (after getting and building all the dependencies) but it wasn't usually very pretty. There were a number of attempts to solve this, of which the two most notable were InteropSystems/SUACommunity (a now basically defunct site; Microsoft was funding it and stopped when Win8 deprecated the Unix subsystem) and NetBSD pkgsrc. SUACommunity offered a fairly-usable collection of pre-built binaries (including useful things like newer compilers than MS provided and compatibility shims to implement functions missing from the official Interix SDK), while pkgsrc offered a *huge* collection of software (comparable to a typical Linux distro) in source form, with scripts to build and install it in Interix.

I used Interix, with great success, for years. I used it on school projects (faster and needing less HD footprint than dual-booting or virtualizing Linux on Windows), I used it (bash, from SUACommunity) as my everyday shell, I used its tools (everything from sed to git) for everyday operations (even piping output between Win32 and POSIX programs) both at home and at work, I used its openssh server to remotely access my Windows box (and of course used its client too, including for X forwarding, though I had to use the Win32 "Xming" server), and I used it to compile programs that would only build on *nix but that I wanted to run on Windows. It was one of the first things I installed on any new Windows machine (helped that I had MSDN access so I could get the supported Windows versions).

I was really pissed when Microsoft deprecated that subsystem. It was still usable for a while, of course, but with the SUACommunity site losing funding, its repo became dangerously outdated and then went offline entirely. I wasn't willing to run code (especially stuff like git and ssh/sshd) with known vulnerabilities, wasn't interested in maintaining the packages from source, and knew I'd eventually want to move to Windows versions that didn't support Interix at all.

MSYS helps provide the stuff I need, like git. Cygwin has gotten better than it used to be, though (last I checked) it still fails on some things that Interix could handle (like case-insensitive file system behavior and sudo). PowerShell is, once you learn it, actually preferable to a Unix shell for most purposes. Hardware is now cheap/powerful enough that virtualizing is no longer a significant burden on most machines. In the end, though, I still find myself really missing the easy power and interoperability of Interix.

Re:IT'S A TR...REPEAT!

[KGIII]

What's funny is that if you look at source code today, probably even here on Slashdot, you'll find all sorts of Firefox-specific code in there. But we bemoan the days of needing to code for IE6 like the troubles are behind us.