Microsoft Releases a Preview of OpenSSH Client and Server For Windows 10

kriston (Slashdot user #7,886) writes: Microsoft released a preview of the OpenSSH server and client for Windows 10. Go to Settings, Apps & Features, and click "Manage optional features" to install them. The software only supports AES-CTR and chacha20 ciphers and supports a tiny subset of keys and KEXs, but, on the other hand, a decent set of MACs.

It also says that it doesn't use the OpenSSL library. That's the really big news, here. I understand leaving out arcfour/RC4 and IDEA, but why wouldn't MSFT include Blowfish, Twofish, CAST, and 3DES? At least they chose the CTR versions of these ciphers. (Blowfish isn't compromised in any practical way, by the way). I prefer faster and less memory- and CPU-intensive ciphers.

Still, it's a good start. The SSH server is compelling enough to check out especially since I just started using X2GO for remote desktop access which requires an SSH server for its file sharing feature.

We've already got PuTTY

It works well, it's been field proven for decades and it doesn't "call home" to Redmond.

Err... have we not learned?

After Windows 10 turned out to be one OS-sized piece of spyware, why would any sane person use it for anything?

Time to kick that shit to the curb.

Anyways Linux and BSD both have much better SSH support, without the malware coming bundled with win10.

"doesn't use the OpenSSL library."

[Chris+Mattern]

Then how is it 'OpenSSH"? If it isn't using the Open code, it's just SSH, right?

Already deprecated algorithms

[twistedcubic]

....but why wouldn't MSFT include Blowfish, Twofish, CAST, and 3DES?...

Slashdot article: New SWEET32 Crypto Attacks Speed Up Deprecation of 3DES, Blowfish

Bruce Schneier, the creator of Blowfish, long ago suggested people stop using it.