Windows Server 2019 Officially Supports OpenSSH For the First Time (neowin.net) 129
Microsoft said in 2015 that it would build OpenSSH, a set of utilities that allow clients and servers to connect securely, into Windows, while also making contributions to its development. Neowin: Since then, the company has delivered on that promise in recent releases of Windows 10, being introduced as a feature-on-demand in version 1803. However, Windows Server hadn't received the feature until now, at least not in an officially supported way -- Windows Server version 1709 included it as a pre-release feature. But that's finally changed, as Microsoft this week revealed that Windows Server 2019, which was made available (again) in November, includes OpenSSH as a supported feature.
Interesting (Score:2, Interesting)
The question is: what version, does it have Microsoft-specific extension and what shell do you end up getting (Bash would be nice).
The problem will be when (not if) Microsoft refuses to patch just to point out how 'insecure' Open is.
Re:Interesting (Score:5, Informative)
It's based on the very latest 7.9 release. If you want to see what they've done then view the git repo:
https://github.com/PowerShell/... [github.com]
Re:Interesting (Score:4, Interesting)
Re: Interesting (Score:4, Funny)
Re: (Score:2)
That's why they stole much of the NT kernel from DEC, by hiring David Cutler and his development team. David was one of the core authors of VMS, and the intellectual property theft involved was quite large scale. He and his team brought a great deal of the code with them. The lawsuits of the era were fascinating, and some of them are laid out at https://www.itprotoday.com/com... [itprotoday.com] .
Re: (Score:2)
it may be that that is what they want; the NT kernel with a GNU userland.
Re: (Score:2)
The next step is removing the underlying OS from windows and loading in linux underneath a Windows command shell (kindof like what Apple did with MacOS and freebsd)
Apple also took from NetBSD and OpenBSD: each time they needed something, they chose the most advanced on that bit
Re:Interesting (Score:5, Interesting)
I remember back in 2005-ish there was an ashcan mag published by former Microsoft employees you could subscribe to for ~$50/year that contained internal memos, emails, etc. and one of the big email threads that was kicked around back then is that Microsoft's future game was to get out of selling Windows as a software product and turn their OS platform into a software-as-a-service model where your hardware would only have a RTOS-based microkernel and the OS would be streamed to you on demand much like the Terminal Services model.
The backend services for that model were meant to run on Linux servers. The end game objective of moving into supporting Linux and contributing code to open source projects is for Microsoft to take over the open source community as a whole by first contributing code, then becoming an asset to the community, then financing development of open source projects. Then when the open source projects can no longer function without Microsoft's funding they would enact a hostile takeover of the open source community by withholding financing unless the community bends to Microsoft's whims.
It's very much a "if you can't beat them with a better product, infiltrate and wreck their shit" scenario.
Give me liberty, or give me death. (Score:2)
"Give me liberty, or gi
Re: (Score:2)
But I think the point is, in this case, it means "Microsoft's computer", and that's where their money is coming from now. They're not so worried about Windows or Linux, because their business looks a lot different now than it did 13 years ago.
Re: (Score:3)
Microsoft's Linux will only run on Windows/Azure and can only be changed with Visual Studio. You can fork it but you're still locked into the Microsoft platform.
They've already together with VMWare effectively taken over the Linux Foundation; they became members at a few million dollars and suddenly the free seats for key community developers got rescinded. They've already purchased the keynotes at various conferences. Together with IBM (RedHat) pretty much all these conferences now cost $2k+ to attend so t
Re: (Score:3)
Re:Interesting (Score:4, Interesting)
I have it on a 2012 R2 to create reverse tunnels, the shell you get is the normal cmd.exe.
What happens when you attempt to run a GUI application? E.g., notepad.exe?
Same thing that happened in the old Win9x compat.. (Score:1)
command line: the program can't find the graphics subsystem and terminates. I believe command.com did this on some or all Windows systems, while cmd.exe executed them as normal windows apps, from NT4(3.51?) on.
Someone who is more of a Windows Guru may be able to correct me on this. It's been almost 20 years and I haven't seriously run windows since XP support and applications expired.
Choice of Shells Available (Score:2)
The default shell is cmd.exe, but there is built-in support for Powershell and Bash. [microsoft.com]
Although I suppose one could just launch whatever other shell they want from the cmd prompt.
Re: (Score:1)
I think it's funny to see Microsoft haters struggling to find reasons to criticize everything they're doing, rather than simply acknowledge that they're making good choices.
Re:Interesting (Score:4, Informative)
ONE good deed still doesn't excuse their telemetry / spyware shit.
Re: (Score:1)
What good does a shell access do in a Windows server, where all the maintenance has to be done using Metro UI? Can a shell access be used to perform the daily re-uninstall of the Candy crush and other crapware MS force-pushed there? If it can, it could be somewhat useful.
Re: (Score:2)
The powershell command to remove a modern app is remove-appxpackage and it does work from shell access. If you want it to not be installed by default for new users the command is remove-appxprovisionedpackage.
If you are having to remove it every day, something is wrong and you might consider having a professional look into it. If Candy Crush specifically is appearing on your server operating system then you definitely need some help.
Someday they'll manage to turn it into Unix (Score:1)
Re: (Score:1)
Re: Someday they'll manage to turn it into Unix (Score:2)
Re: (Score:3)
Re: (Score:1)
Up-and-coming server OS gets basic server feature (Score:4, Funny)
Nice. Good going, Microsoft.
Who knows... at this rate, in a few years, Windows Server might even be ready for the enterprise.
Rogue developer warning! (Score:1)
James Kelly from Microsoft here. We have a rogue developer who's illegally tinkering with the Windows source code to add illegal Linux software to Windows Server. Do NOT use OpenSSH on Windows Server 2019 or else your license will be invalidated and you will be raided by our License Auditing Team.
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
Re: (Score:1)
I was really surprised the last time I was in Vegas to see Carrot Top on billboards as some kind of Vegas attraction. I mean, I get Cher, even Britney Spears, devolving to Vegas status. But who says "we need a really great recurring talent for our casino, I know, let's get fucking Carrot Top!"
That not-very-funny guy Carrot Top. (Score:2)
Re: (Score:1)
Vegas is like that. The first time I went to Vegas, I saw billboards all over for this one guy and it was like "who the fuck is this guy? I have never heard of him." They seem to latch on to certain people and they end up like permanent fixtures.
Client or server? (Score:2)
So is this just the SSH client? (Which is still a step in the right direction -- sorry, Putty!)
Or are we talking as a server, to ssh into a Windows computer?
And if we're talking server, can we ssh -X and run an actual GUI application?
Re: (Score:1)
Re: (Score:2)
It's Windows that you'll be talking to. So no X forwarding.
I understand. What I meant by -X was "will we be able to run Windows apps remotely?" Or does SSH only give us command-line access?
Re: (Score:2)
You could use SSH to port-forward an RDP conneciton to the localhost that is otherwise blocked by the firewall. One might also access a CygWin hosted X session. But otherwise, I see no obvious graphical access over the SSH connection.
From microsoft's page (Score:1)
Secure Scripting Host??
It's supposed to be Secure SHell
Re: (Score:2)
"Shell [wikipedia.org]" has a different meaning in Windows.
Re: (Score:1)
Least necessary definition ever (Score:3, Informative)
Re: Least necessary definition ever (Score:1)
Well considering on Microsoft's own page they call it Secure Scripting Host, maybe somebody should tell them what it really means
Re: Least necessary definition ever (Score:3)
Re: (Score:2)
That was true at one time but you haven't been paying attention if you haven't noticed how many clueless dolts have flocked to this sight in the last several years.
Total user volume is way, way, way down compared to years past. I doubt there are even 2000 users left here who post regularly. Most of the ID numbers that are much above 1M are likely spambots that are set up by people who don't realize the traffic here isn't enough to make it worth their while to partake in any spamming here. This place makes google plus look like a happening place to be.
Netcraft confirms ... (Score:3)
Netcraft has Slashdot ranked around 50,500th, a bit ahead of jp.match.com and a bit behind linkedin.fr.
My overactive imagination presumes that linkedin.jp and fr.match.com would both have enormously larger traffic shares (but what do I know about the relative power dynamics of wives and mistresses, here and abroad?)
Even so, given that there are now on the order of 100 million registered web sites, the Slashdot effect remains as potent as ever.
Re: (Score:2)
You know, Douglas Adams was infamous for fiddling with his language for 50 drafts, but it just dawned on me that instance of "accidentally" really should have been "inadvertently".
It wasn't his finest hour, nor his best quote, either, but even his seconds are not bad.
Re: (Score:2)
Netcraft has Slashdot ranked around 50,500th, a bit ahead of jp.match.com and a bit behind linkedin.fr.
That really isn't much to be proud of compared to where slashdot used to be. This community used to be much more active. If you want to compare to linkedin.fr, it is important to note that the population of France is ~67M. At most maybe 25% of the population might have an interest in LinkedIn (probably much less), which would give you a maximum user base of ~17M. Except that a lot of them are going to use linkedin from other countries if they are looking to further their careers, which would probably a
Re: (Score:2)
Re: (Score:2)
Only a portion of nerds are interested in IT Operations.
ssh is not just a tool for "IT Operations". There is zero reason for anyone who has any interest in managing a server (which is the focus of the article) - running any OS from the past decade - to not be familiar with ssh. This is above even the vi / emacs feuds, everyone uses ssh.
Re: (Score:2)
Re: (Score:1)
Re: (Score:3)
Re: (Score:1)
It's all open source and on github. So go audit the code if you think they're doing something nefarious.
I did that, and I spotted the new source subtree where they've linked in ncurses and used it to display "live tiles" on the client terminal. By default, the first tile links to an ascii-art version of Candy Crush.
oh cool (Score:1)
$ ssh peter@winpc.local
Password:
C:\Users\peter>ls
'ls' is not recognized as an internal or external command,
operable program or batch file.
pretty awesome
Re: (Score:2)
$ ssh peter@winpc.local
Password:
Peter, you forgot to provide us with the IP and password so we can test as well.
Advantage over RDP? (Score:4, Interesting)
As a Unix / OpenBSD fan, I think this is kinda cool, but unless one needs to login to Windows from a Unix box, what would be the advantage of this over RDP? With RDP I can access graphical features, easily map local resources such as drives and printers, connect through a TS gateway, etc.
Re: (Score:2, Insightful)
SSH is universal
It is simple
It is fast
It can run remote commands
It can run through pipes
It can be scripted
It can run well over low bandwidth
You can run other protocols through it
You can create a VPN using it
RPD is not native on *ix
It has lots of uses beyond what RDP doesn't do. It is a great tool for lower-level stuff.
Re: (Score:2)
SSH is not native on *ix. Native implies that it is a function of the underlying system. It is a separate program that just so happens to be installed on nearly every *IX platform by default. And on that vane there's an RDP client and server for every *IX out there.
Re: (Score:3)
1) Speed & latency, especially over broadband. Even the connection time for RDP is often slow.
2) Security maybe? Everybody knows the security capabilities of OpenSSH. RDP is closed source so who knows?
Re: (Score:3)
It's easily tuned to allow authorized_keys to limit access on a key by key basis to specific hostnames, IP addresses, and forced commands by allowing users to manipulate authorized_keys files.
wow, only 3 years (Score:2)
Reminds me of when they broke the TCP/IP stack AOL provided for Windows and told a judge it was a mistake and they'd have it fixed in 6 months.
Then the time they said they would release a JBDC driver for MS SQL Server with an 18 month release schedule.
But hey, that many monkeys hitting buttons on keyboards take time to get it righ
OpenSSH client is not OpenSSH server (Score:2)
Let's be aware that the server is not the same as the client. There are a number of working clients available, but the server relies on technologies such as forking off distinct copies of the server daemon, especially so that one failed daemon does not disable the service altogether. I'm curious how Microsoft is configuring this to prevent a distributed denial of service attack, and what settings they are using for single-sign-on kerberized connecitons.
I'll stick with Cygwin thanks (Score:1)
I've been using OpenSSH on Cygwin for 16 years. Still works great.
Version 1803 (Score:2)
Named after the year everyone else got this basic functionality from their server OS.
Azure (Score:1)
This is really about Azure. This is another example where MS isn't thinking about on-prem.
Let's hope it works out of the box this time (Score:2)
Let's hope it works out of the box this time instead of unnecessarily requiring lots of tweaking and manual configuration [bleepingcomputer.com].
It would be nice if it supported more ciphers, too.