Microsoft Releases a Preview of OpenSSH Client and Server For Windows 10 (servethehome.com)

← Back to Stories (view on slashdot.org)

Microsoft Releases a Preview of OpenSSH Client and Server For Windows 10 (servethehome.com)

Posted by EditorDavid on Sunday December 17, 2017 @05:34AM from the OpenSSH-without-OpenSSL dept.

kriston (Slashdot user #7,886) writes: Microsoft released a preview of the OpenSSH server and client for Windows 10. Go to Settings, Apps & Features, and click "Manage optional features" to install them. The software only supports AES-CTR and chacha20 ciphers and supports a tiny subset of keys and KEXs, but, on the other hand, a decent set of MACs.

It also says that it doesn't use the OpenSSL library. That's the really big news, here. I understand leaving out arcfour/RC4 and IDEA, but why wouldn't MSFT include Blowfish, Twofish, CAST, and 3DES? At least they chose the CTR versions of these ciphers. (Blowfish isn't compromised in any practical way, by the way). I prefer faster and less memory- and CPU-intensive ciphers.

Still, it's a good start. The SSH server is compelling enough to check out especially since I just started using X2GO for remote desktop access which requires an SSH server for its file sharing feature.

71 of 144 comments (clear)

Min score:

Reason:

Sort:

We've already got PuTTY by Anonymous Coward · 2017-12-17 05:45 · Score: 2, Insightful

It works well, it's been field proven for decades and it doesn't "call home" to Redmond.
1. Re:We've already got PuTTY by OffTheLip · 2017-12-17 05:47 · Score: 2
  
  PuTTY only provides half of a SSH solution, still need a server. Hopefully the Microsoft OpenSSH server will accept clients other than their's.
2. Re:We've already got PuTTY by Antique+Geekmeister · 2017-12-17 06:45 · Score: 4, Informative
  
  Cygwin provides an SSH server, with current OpenSSH releases and a more powerf bash based local working environment. It does require additional non-Microsoft published binaries, and it has had issues operating with various anti-virus software packages. I admit that I'm very, very curious what shell and what capability for chroot sftp access may be available with the new Microsoft published server.
  Activating that future could be very helpful for people who wish to safely upload, or download, more safely from what is already a publicly exposed Windows server.
3. Re:We've already got PuTTY by Anonymous Coward · 2017-12-17 06:47 · Score: 2, Informative
  
  We're engineers, we don't want or need that cute CSS/animated JS eye candy.
4. Re:We've already got PuTTY by greenwow · 2017-12-17 06:59 · Score: 2
  
  The fork KiTTY is a little better:
  http://www.9bis.net/kitty/
  It stores its config in files so you can easily copy them to another machine or track them with Git. It still has the same bizarre starting interface to open and edit sessions and lacks a find feature.
5. Re:We've already got PuTTY by TechyImmigrant · 2017-12-17 07:37 · Score: 1
  
  Decades in use and the UI still still sucks ass. Its like its "designer" had never seen a gui application.
  I'm sure someone out there can do like Mozilla and make it look like Chrome.
  PS - noobs are the only ones who even notice the GUI. "Oh noes! This GUI is different from the others! I'm confoozed!"
  Works for me. Right click on the icon and the usual addresses pop up.
  
  --
  I should use this sig to advertise my book ISBN-13 : 978-1501515132.
6. Re:We've already got PuTTY by Dr.Dubious+DDQ · 2017-12-17 07:50 · Score: 4, Informative
  
  "Hopefully the Microsoft OpenSSH server will accept clients other than their's."
  It does - or at least it did last time I tried it.
  This project appears to be the Powershell team doing an honest port of the "Portable OpenSSH" code to native Windows, apparently including legitimate efforts to upstream the port to the main "Portable OpenSSH" project, and it seems (or at least seemed) to be as compatible as one would expect.
  When I last tried it, the only issue I ran into was oddities in the terminal emulation, due to Microsoft's shell environment being "special" (things like backspace/del behaving oddly etc.), but it otherwise seemed to work just the same as OpenSSH on my Linux boxen. It's probably been nearly a year since I tried to seriously play with it, so I imagine a lot of improvements have taken place since then.
  One nice thing about this project is that there seem to be rumors that "Powershell remoting" will eventually use SSH as its authentication and transport mechanism, which is a major hole in the current port of Powershell to non-Windows platforms. (You *can* do "powershell remoting" from e.g. Linux to Windows, but *only* if you substantially downgrade the security on the Windows side to allow it, because apparently it currently depends on one of the many special "Windows-only" features in powershell to do otherwise. Switching to SSH for this would fix that problem.)
  
  --
  Hacker Public Radio is our Friend
7. Re:We've already got PuTTY by Hal_Porter · 2017-12-17 08:30 · Score: 4, Funny
  
  PuTTY does ANSI terminal emulation. So can watch Star Wars by Telnet in color!
  telnet towel.blinkenlights.nl
  If everyone watched movies in the efficient open standard Telnet instead of the bloated and patent encumbered H.264 we'd save 52 Gigatonnes of CO2 per year.
  
  --
  echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
8. Re:We've already got PuTTY by ctilsie242 · 2017-12-17 13:00 · Score: 1
  
  If you want something that has a lot of configuration abilities, look at Remote Desktop Manager. It is a commercial utility, but has a free version. It handles not just SSH, but RDP, VNC, Apple Remote Access, and a ton of other protocols.
9. Re: We've already got PuTTY by Dr.Dubious+DDQ · 2017-12-17 19:33 · Score: 1
  
  why on earth would anyone want to use power shell on other platforms?
  Well, I originally thought the answer would be "so that you can do some of the useful Special Windows Things (like WMI queries of Windows machines) from other platforms", but it turns out the "Special Windows Things" remain proprietary and not included in cross-platform Powershell port so...I'm not really sure. Besides "because Microsoft wants you to", I mean.
  Powershell's actually got some neat tricks, and is really handy on Windows systems, but so far I feel like I'd rather just use Python instead, in general. Python's not installed by default on Windows, though...
  
  --
  Hacker Public Radio is our Friend
10. Re: We've already got PuTTY by jabuzz · 2017-12-18 00:28 · Score: 1
  
  That was my thought too. I was particularly keen on being able to do queries against AD. I was mightily disappointed to find the Linux version of Powershell does not do all the cool AD stuff, then was even more disappointed to find it didn't do the WMI stuff either, and then gave up when the remoting didn't work without messing about on the Windows machine.
11. Re:We've already got PuTTY by SCHecklerX · 2017-12-18 01:59 · Score: 1
  
  I use a linux workstation at work. Having an SSH Server on windows would make life a lot easier for the rare occasion that I have to do something on a windows server.
12. Re:We've already got PuTTY by pnutjam · 2017-12-18 03:17 · Score: 1
  
  Use Mobaxterm, it's got the full ssh server/ client stack with port forwarding and all sorts of other goodies.
  
  --
  Cheap storage VM.
Err... have we not learned? by Anonymous Coward · 2017-12-17 05:46 · Score: 3, Insightful

After Windows 10 turned out to be one OS-sized piece of spyware, why would any sane person use it for anything?
Time to kick that shit to the curb.
Anyways Linux and BSD both have much better SSH support, without the malware coming bundled with win10.
1. Re: Err... have we not learned? by Zero__Kelvin · 2017-12-17 06:21 · Score: 2
  
  I'm assuming this is an argument for using Linux, where OpenSSH server and client work out of the box and have been thoroughly tested by millions? Of course you wouldn't need or use SSH unless you were doing CLI, so it's pretty obvious that you are a clueless troll.
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
2. Re: Err... have we not learned? by TheRealMindChild · 2017-12-17 06:28 · Score: 1
  
  Of course you wouldn't need or use SSH unless you were doing CLI
  
  What? Tunneling you can do just about anything.
  
  --
  
  "When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
3. Re: Err... have we not learned? by Zero__Kelvin · 2017-12-17 06:39 · Score: 1
  
  Don't confuse SSH with SSL. SSH is Secure Shell, which establishes an SSL connection for shells. Tunelling is done with SSL, though it is often done through the SSH tools. What is called *SSH* tunelling is actually just SSL tunelling over the SSH port.
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
4. Re:Err... have we not learned? by thegarbz · 2017-12-17 06:46 · Score: 1
  
  why would any sane person use it for anything [dailykos.com]?
  People didn't care about Google.
  People didn't care about Facebook.
  What makes you think that people would care now?
  Interesting that you question their sanity. What was the definition of insane? Seeing the same thing happen over and over again and expecting a different outcome!
5. Re: Err... have we not learned? by Barefoot+Monkey · 2017-12-17 07:54 · Score: 1
  
  You're mistaken. SSH does not establish an SSL connection for shells or anything else. SSH is a cryptographic protocol in its own right, just like SSL and TLS. An "SSH tunnel" really is tunnelling through SSH, not some other protocol.
  Amusingly enough, due to their respective places in the OSI model you're more likely to see SSL running on top of SSH than the other way around.
6. Re: Err... have we not learned? by Zero__Kelvin · 2017-12-17 08:22 · Score: 2
  
  You should probably read the summary, which talks about the protocols the Microsoft version does and doesn't support. You should probably get a basic level of education on why open*SSL* was required by OpenSSH until 2014.
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
7. Re: Err... have we not learned? by Zero__Kelvin · 2017-12-17 09:04 · Score: 1
  
  Oh really? Then tell us, where are the specs for the SSH encryption mechanism?
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
8. Re: Err... have we not learned? by Barefoot+Monkey · 2017-12-17 09:07 · Score: 2
  
  You should probably read the summary, which talks about the protocols the Microsoft version does and doesn't support.
  
  Those are cyphers.
  
  You should probably get a basic level of education on why open*SSL* was required by OpenSSH until 2014.
  OpenSSL has many components, including libssl (which provides SSL support for applications), libcrypto (providing a number of cryptographic functions) and some tools for working with certificates. OpenSSH's dependency on OpenSSL was because it used libcrypto for cyphers.
9. Re: Err... have we not learned? by Zero__Kelvin · 2017-12-17 09:23 · Score: 1
  
  It is definitely a fact that you are no expert on the subject. Thanks for making that super double clear though!
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
10. Re: Err... have we not learned? by Barefoot+Monkey · 2017-12-17 09:30 · Score: 1
  
  Tunelling happens at the SSL/TLS layer. SSH is a protocol that leverages SSL (old school) or TLS (new school) to perform the tunneling.
  Wrong. I've already told you that SSH doesn't use SSL or TLS at all. Encryption and tunnelling is all handled within the SSH protocol itself. Here is the RFC for the SSH transport layer protocol, which describes how it works.
11. Re: Err... have we not learned? by Zero__Kelvin · 2017-12-17 10:33 · Score: 1
  
  If it says it on a blog it must be true!
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
12. Re: Err... have we not learned? by Barefoot+Monkey · 2017-12-17 10:55 · Score: 1
  
  Sorry, but that's not good enough. You linked to a brief article on differencebetween.net with nothing to support your claim other than the phrase "more often than not SSH uses SSL under the hood", with no elaboration on what that means and nothing to indicate that it's anything other than a naive assumption. And where does your claim "the rest of the time it uses TLS" come from? Pure guesswork? Did you even look at the RFC before replying?
  If you want to convince me of your claim you should start by doing some research into whether or not it is actually true, and then provide some arguments as to why. Smug insults such as "You should probably read the summary", "You should probably get a basic level of education" and "I hope you decide to educate yourself someday!" are not convincing, and merely convey the impression that you are embarrassed about being caught out.
13. Re: Err... have we not learned? by Zero__Kelvin · 2017-12-17 11:07 · Score: 1
  
  Great. Now would be a good time to educate yourself. Your apology is accepted.
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
14. Re: Err... have we not learned? by Zero__Kelvin · 2017-12-17 11:26 · Score: 1
  
  Yeah. I wouldn't log in either if I were you.
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
15. Re: Err... have we not learned? by Barefoot+Monkey · 2017-12-17 12:08 · Score: 2
  
  RFC 4253
16. Re: Err... have we not learned? by Anonymous Coward · 2017-12-17 12:15 · Score: 1
  
  SSH does not use TLS. It uses the OpenSSL library and uses a transport layer (https://tools.ietf.org/html/rfc4253) that is similar to TLS which has caused some confusion. However the statement that SSH uses SSL internally is false, the two protocols look quite different on the wire.
17. Re: Err... have we not learned? by Zero__Kelvin · 2017-12-17 12:45 · Score: 1
  
  You should read it and understand it sometime. Again, tunneling doesn't require SSH, which stands for Secure SHell , a CLI protocol layered on top of a secure transport layer such as Secure Socket Layer (SSL), or Transport Security Layer (TLS). Off you go now moron ...
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
18. Re: Err... have we not learned? by Zero__Kelvin · 2017-12-17 13:06 · Score: 1
  
  It doesn't implement encryption algorithms. It is a layer above them.
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
19. Re: Err... have we not learned? by Barefoot+Monkey · 2017-12-17 13:36 · Score: 2
  
  Click on the link. The title is "The Secure Shell (SSH) Transport Layer Protocol". That is the name if the secure transport layer that SSH uses. SSH uses SSH-TRANS as a transport layer, and doesn't use SSL or TLS for anything. You asked for the specs for the SSH encryption mechanism, and you got them, so don't complain.
  Here's another link: RFC 4251 - The Secure Shell (SSH) Protocol Architecture. That explains how the various parts of SSH work together. Here's an excerpt:
  
  1. Introduction
  Secure Shell (SSH) is a protocol for secure remote login and other
  secure network services over an insecure network. It consists of
  three major components:
  - The Transport Layer Protocol [SSH-TRANS] provides server
  authentication, confidentiality, and integrity. It may optionally
  also provide compression. The transport layer will typically be
  run over a TCP/IP connection, but might also be used on top of any
  other reliable data stream.
  - The User Authentication Protocol [SSH-USERAUTH] authenticates the
  client-side user to the server. It runs over the transport layer
  protocol.
  - The Connection Protocol [SSH-CONNECT] multiplexes the encrypted
  tunnel into several logical channels. It runs over the user
  authentication protocol.
  The client sends a service request once a secure transport layer
  connection has been established. A second service request is sent
  after user authentication is complete. This allows new protocols to
  be defined and coexist with the protocols listed above.
  The connection protocol provides channels that can be used for a wide
  range of purposes. Standard methods are provided for setting up
  secure interactive shell sessions and for forwarding ("tunneling")
  arbitrary TCP/IP ports and X11 connections.
  Encryption is handled by the lowest layer of SSH, SSH-TRANS - the secure transport layer, which in turn is typically implemented directly on TCP. No SSL or TLS involved.
  The highest later, SSH-CONNECT, is used for whatever kind of connection you want from SSH. This can be a command line, or you could remotely use graphical applications through X forwarding, or you could forward ports or tunnel pretty much and TCP stream.
20. Re:Err... have we not learned? by Bert64 · 2017-12-17 16:33 · Score: 1
  
  You can show an auditor that every box *thinks* its patched...
  But try scanning the boxes using nessus with admin creds, which will actually log in to all the boxes and check the individual files installed by patches rather than looking at the list of "installed" patches...
  You will OFTEN have systems where a patch is registered as installed, but actually isn't.
  
  --
  http://spamdecoy.net - free throwaway anonymous email - avoid spam!
21. Re: Err... have we not learned? by syn3rg · 2017-12-18 07:54 · Score: 1
  
  Wrong thread reply?
  
  --
  The contents of this message have been doubly encrypted by ROT13
putty by jmccue · 2017-12-17 05:51 · Score: 2

Windows 10 that may just see the retirement of Putty
I do not see that happening, most people I know who need to access UN*X systems via windows uses putty and hardly ever opens up a "DOS Box (? not sure what it is called now). Anyway putty is a nice tool for people who likes GUI type applications so it will still be around.
BTW, I tried to get a few of them to go to Linux (work allows one to use Linux), but without luck.
1. Re: putty by Zero__Kelvin · 2017-12-17 06:22 · Score: 1
  
  One double clicks on the PuTTY icon.
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
2. Re:putty by TheRealMindChild · 2017-12-17 06:28 · Score: 2
  
  not sure what it is called now
  
  Command prompt
  
  --
  
  "When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
3. Re:putty by Antique+Geekmeister · 2017-12-17 06:51 · Score: 1
  
  One installs "MRemoteNG", a very useful tab-based GUI for putty. I recommend it to all my Windows using colleagues who need SSH management. It's available at https://mremoteng.org/
4. Re:putty by Dr.Dubious+DDQ · 2017-12-17 08:04 · Score: 2
  
  Windows 10 that may just see the retirement of Putty
  [...]a "DOS Box (? not sure what it is called now).[...]
  In my experience, for masses of low-end Windows admins, it's called a "command prompt" (or "DOS Prompt" if the admin is old), and refers to that black-square icon you "run as administrator" in order to paste in the magic incomprehensible line of text that some website says fixes the problem you're trying to fix.
  For more skilled Windows admins, it's a "powershell session", which, to be fair, also often is "that blue-square icon you 'run as administrator' in order to paste in the magic incomprehensible line of text that some website says fixes the problem you're trying to fix", but at this level there's at least a chance that the admin in question understands what the line of text is supposed to do...
  
  --
  Hacker Public Radio is our Friend
5. Re:putty by kriston · 2017-12-17 12:39 · Score: 1
  
  I don't agree with the silly "retirement of PuTTY" sentiment in this article. Everyone knows that the console prompt won't meet the needs of even the most casual remote shell users.
  The big news is that, in the future, there will be an officially-supported and NATIVE implementation of OpenSSH using the native Microsoft Windows crypto library instead of OpenSSL on the Windows platform.
  That's worth the cost of admission, if you ask me.
  
  --
  Kriston
6. Re: putty by Zero__Kelvin · 2017-12-17 13:08 · Score: 1
  
  Yes. You should select the option to place one on the Desktop next time you install it.
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
7. Re:putty by AmiMoJo · 2017-12-17 17:32 · Score: 1
  
  It's called the console, and it changed a lot in Windows 10, breaking many apps.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
8. Re:putty by squiggleslash · 2017-12-18 08:01 · Score: 1
  
  Windows 10 has both an officially supported Ubuntu bolt-on and, of course, the availability of Cygwin and MINGW. Putty is really only necessary if you don't have a *ix subsystem like one of those three installed, and I find it surprising so few Slashdotters actually want a *ix subsystem in Windows.
  Cygwin was always a life saver for me, though I've always hated its package management system. The Ubuntu subsystem is great.
  
  --
  You are not alone. This is not normal. None of this is normal.
How long until Windows has become Linux? by Anonymous Coward · 2017-12-17 05:52 · Score: 1

Or BSD, of course.
Given an exponential curve, it can only be a few years now.
A crippled version without all the meaningful things that the average complete retard doesnâ(TM)t care about (because heâ(TM)s a retard), like freedom, open source, individual choice, and of course compatibility with what they originally embraced.
Because nobody has told them that they are't the all-powerful monopolist anymore, and so ... gotta still reach for step 2 and 3: extend, and extinguish.
"doesn't use the OpenSSL library." by Chris+Mattern · 2017-12-17 05:58 · Score: 3, Insightful

Then how is it 'OpenSSH"? If it isn't using the Open code, it's just SSH, right?
1. Re:"doesn't use the OpenSSL library." by ebob9 · 2017-12-17 06:24 · Score: 1
  
  Isn't it based off of this?
  PowerShell/Win32-OpenSSH
2. Re: "doesn't use the OpenSSL library." by Zero__Kelvin · 2017-12-17 06:28 · Score: 2
  
  OpenSSH hasn't required OpenSSL since 2014. Of course that doesn't mean it is a good idea to just use any old SSL lib, and Microsoft has a long history of being unable to do encryption right going back at least to LANMAN incompetence, so you would be an incompetent fool to trust this implementation.
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
3. Re:"doesn't use the OpenSSL library." by Barefoot+Monkey · 2017-12-17 06:46 · Score: 3, Informative
  
  OpenSSL and OpenSSH are not really related. Neither is OpenGL, for that matter. They are different projects maintained by different people, and just happen to all have "Open" in their names. It is possible for OpenSSH to use OpenSSL for some cryptographic functions, but not necessary (at least not anymore - once upon a time OpenSSL was a dependency).
  OpenSSH is the OpenBSD project's implementation of an SSH client, server and related utilities. If Microsoft is calling it "OpenSSH" then they must be using a port of OpenBSD's programs instead of creating their own. (In fact, Microsoft promised to port OpenSSH to Windows back in June 2015).
4. Re:"doesn't use the OpenSSL library." by xtronics · 2017-12-17 07:55 · Score: 1, Troll
  
  Most likely using alternate libs written by a three-letter-agency - I assume M$ gets paid large amounts to do such things.
  So I would consider M$ version of "openSSH" to be similar to 'secure-boot' - names intended to mislead the general public.
5. Re:"doesn't use the OpenSSL library." by jabuzz · 2017-12-18 00:18 · Score: 1
  
  No almost certainly using the Windows platform cryptography libraries, which is the sane thing to do on a Windows platform. It's also the state goal from back in 2015 when Microsoft announced the plan to port OpenSSH to Windows had been approved since Balmer had left and was no longer able to veto it.
That's a big gap in time by Gabest · 2017-12-17 06:09 · Score: 1

Between removing Telnet and adding SSH.
1. Re:That's a big gap in time by thegarbz · 2017-12-17 06:37 · Score: 1
  
  There's no gap at all. You can install telnet on Windows 10 exactly the same way as you would install this SSH client or server.
  Microsoft didn't remove telnet, they just made it optional.
2. Re:That's a big gap in time by kriston · 2017-12-17 12:41 · Score: 1
  
  That's right. Most of us install the telnet client by habit when installing Windows.
  Now we can install a native SSH client. If we want, we can install an SSH server, too.
  
  --
  Kriston
3. Re:That's a big gap in time by omnichad · 2017-12-17 15:09 · Score: 1
  
  Microsoft didn't remove telnet, they just made it optional.
  Which makes it completely useless for remote TCP troubleshooting - which is all I ever really used it for. If some random computer is going to have to load the Add/Remove Windows Components screen and take upwards of 5 minutes, it's no longer the quick and dirty tool it once was.
4. Re:That's a big gap in time by thegarbz · 2017-12-18 05:51 · Score: 1
  
  You inability to not install suitable software on a remote computer before you run into trouble is not Microsoft's concern.
  You inability to continue not doing so since this version of SSH is delivered in the same way as the current telnet is (please try and follow the conversation rather than angry-ranting) still is not Microsoft's concern.
5. Re:That's a big gap in time by omnichad · 2017-12-18 06:07 · Score: 1
  
  You inability to not install suitable software on a remote computer before you run into trouble is not Microsoft's concern.
  I frequently do remote support for people I've never had contact with before. Being Hiding a 129KB .exe with likely no dependencies is not really going to fix Microsoft's bloat problem.
  The good news is that I have found a very fast way to install it
  pkgmgr /iu:"TelnetClient"
OpenNSAbackoor? by Anonymous Coward · 2017-12-17 06:11 · Score: 1

No thanks.
Where's the source?
Thought so.
CPU intensive? by thegarbz · 2017-12-17 06:34 · Score: 1

If your limiting factor is CPU in your OpenSSH sessions you're doing something very VERY wrong.
1. Re:CPU intensive? by kriston · 2017-12-17 12:36 · Score: 1
  
  Hahah, no, I'm not doing anything VERY wrong when I'm using this feature on a device that does not have hardware encryption and also has a weak CPU, like the Windows 10 IoT Core which is targetted at these devices.
  Try again. And don't assume you know what the real-world implementation is.
  
  --
  Kriston
2. Re:CPU intensive? by thegarbz · 2017-12-18 05:48 · Score: 1
  
  I'm impressed. You found something that runs Windows 10 IoT core but has trouble with your SSH session! As for weak CPU you really should qualify that. SSH hasn't been CPU bound for 20+ years, and the weakest of devices currently are faster than they were.
There's several manual steps to getting it working by greenwow · 2017-12-17 06:53 · Score: 2

https://www.bleepingcomputer.com/news/microsoft/how-to-install-the-built-in-windows-10-openssh-server/
Are the best instructions I found. Also, you'll have to open port 22 in since the installer doesn't open it even if you use Microsoft's own firewall.
Any idea when this is coming to Server 2016?
Ubuntu for Windows WSL by Billly+Gates · 2017-12-17 07:12 · Score: 1

That works much better and bash.exe and doing a apt-get install openssh gives you the full package

--
http://saveie6.com/
1. Re:Ubuntu for Windows WSL by kriston · 2017-12-17 12:43 · Score: 1
  
  Not really. That worked well in the past on the Windows Subsystem for Linux model, but this implementation is in native Windows, using native Windows crypto libraries.
  It doesn't involve the WSL model at all.
  That means remote access to PowerShell primitives without bothering with the extra layer of WSL.
  
  --
  Kriston
first powershell now this by aod7br7932 · 2017-12-17 07:45 · Score: 1

It took Windows just 10 generations to follow unix!
Will it do ... by kamaaina · 2017-12-17 08:44 · Score: 1

ssh -X, ssh -R or ssh -L like openssh and putty?
If it does ssh -X natively without xming or whatever your preferred windows X server I will be impressed.
Already deprecated algorithms by twistedcubic · 2017-12-17 08:59 · Score: 4, Insightful

....but why wouldn't MSFT include Blowfish, Twofish, CAST, and 3DES?...
Slashdot article: New SWEET32 Crypto Attacks Speed Up Deprecation of 3DES, Blowfish
Bruce Schneier, the creator of Blowfish, long ago suggested people stop using it.
1. Re:Already deprecated algorithms by kriston · 2017-12-17 12:45 · Score: 1
  
  Thanks, I posted this without enough comment to avoid baiting this kind of comment.
  Congratulations, you've taken the bait. He didn't really discourage its use, just that he was suprised that so many people still used it.
  
  --
  Kriston
OpenSSH for Windows by fahrbot-bot · 2017-12-17 09:18 · Score: 1

OpenSSH for Windows

--
It must have been something you assimilated. . . .
I make a SFTP Server... by mcolgin · 2017-12-17 13:02 · Score: 1

Interesting. I make a SFTP Server for Windows, actually the first release was this month. While my classic ftp stuff is still going strong, despite IIS being out for decades. I wonder if their implementation will be complete and what kind of niche space will still be avail. I'm a little worried about MS releasing something that crushes my effort, but in the past, they kind of derp out on these efforts. While the Windows Linux Subsystem is certainly cool, it's also quite crippled and feels quit isolated on the system. Microsoft SSH server installs as a Windows System Service called "SshBroker" and "SshProxy"... you can check your system with "sc query | grep -i ssh" and then the subsequent detail query "sc query sshbroker". I had no idea it was running, until one day I mistyped and typed "ssh devhost" vs "sftp devhost" and it logged in a shell. Was hoping to run console mode programs from it, like my beloved Semware Editor, but no dice. You can execute programs like "explorer" from the command line, there are no errors, but they don't seem to spawn on taskmgr. Looking forward to finding out more about what you can do in Microsoft's SSH Server, my guess is "powershell" and command-line programs (gnu utils work great).

--
I made this: http://www.bpftpserver.com
Just wanted to say... by 101percent · 2017-12-18 23:09 · Score: 1

The slashdot community has so much bickering in this thread, it's no wonder we still haven't gotten a handle on security. Hardly anyone understands this stuff.