SSH, or secure shell, is the mainstay of remote access and administration in the Linux world, and the lack of any straightforward equivalent has always been an awkward feature of the Windows world. While there are various third-party options, Windows lacks both a native SSH client, for connecting to Linux machines, and it lacks an SSH server, to support inbound connections from Linux machines.
The PowerShell team announced that this is going to change: Microsoft is going to work with and contribute to OpenSSH, the de facto standard SSH implementation in the Unix world, to bring its SSH client and server to Windows.
Possible plot twist: Is this newfound support for the SSH protocol and the OpenSSH project actually a new "in" for the NSA to sneak a new backdoor into the protocol?
Original Submission
(Score: 5, Informative) by maxwell demon on Thursday June 04 2015, @02:44PM
You forgot to close the <small> tag.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by cmn32480 on Thursday June 04 2015, @03:13PM
Whoops! Thanks for the heads up. The error has been rectified.
As janrinok says... "It's always my fault...."
"It's a dog eat dog world, and I'm wearing Milkbone underwear" - Norm Peterson
(Score: 2) by Jeremiah Cornelius on Thursday June 04 2015, @02:52PM
No. We won't use their cypher suite. We won't trust their contribution or implementation.
You're betting on the pantomime horse...
(Score: 2) by ikanreed on Thursday June 04 2015, @03:05PM
You know that you can still authenticate against untrusted sources, right?
Having to type your password every time you log in isn't some gigantic burden.
(Score: 2) by mcgrew on Thursday June 04 2015, @05:55PM
True, but it's still a deterrent to using it.
mcgrewbooks.com mcgrew.info nooze.org
(Score: 2) by Jeremiah Cornelius on Friday June 05 2015, @02:40PM
I can't trust Microsoft supplied cypher suites. The same way I can't trust RSA Bsafe.
You're betting on the pantomime horse...
(Score: 3, Insightful) by WizardFusion on Thursday June 04 2015, @03:10PM
I'll stick with puTTY for my client side needs, thanks
(Score: 3, Interesting) by ikanreed on Thursday June 04 2015, @03:23PM
The main advantage here would be that power shell can run as a host or server for an ssh client.
It makes remote administration of windows machines less of a GUI based clusterfuck, and most large (windows based) IT departments have some sort of powershell script deployment system to act as a painfully kludgey replication of SSH.
(Score: 3, Insightful) by Nerdfest on Thursday June 04 2015, @03:27PM
It will be handy, but I'll still be waiting for the "extend and extinguish" steps, although the 'extinguish' is not really possible.
(Score: 2) by ikanreed on Thursday June 04 2015, @04:04PM
Yeah, and you people have been saying that about mono since, what now? 2004?
Not every open foray by microsoft is intended to eliminate things. Especially since they're not the monopoly they once were.
(Score: 2, Insightful) by stormreaver on Thursday June 04 2015, @06:00PM
Yeah, and you people have been saying that about mono since, what now? 2004?
J++ was Microsoft's EEE attempt, and it failed.
Dot Net was Microsoft's reaction to J++ failing to EEE.
Mono was was/is a misguided 3rd party trap that has failed to serve Microsoft (so far).
(Score: 2) by ikanreed on Thursday June 04 2015, @06:07PM
Mono isn't in widespread corporate use, but it's in plenty of places, servicing it's niche well.
It's been 11 years, and mono has some real market share in places like Unity. You're paranoid.
(Score: 0) by Anonymous Coward on Thursday June 04 2015, @06:18PM
I agree, but it's not because you're paranoid that they're not out to get you...
(Score: 0) by Anonymous Coward on Friday June 05 2015, @10:01AM
Paranoid people think someone is out to get them specifically. People informed of history tend to recognize that certain things or organizations are prone to corruption and abuses of power. This is not the same as paranoia.
(Score: 2) by ikanreed on Friday June 05 2015, @01:59PM
Thanks, but it was a colloquial description of unjustified anxieties on the internet, not a clinical diagnosis of a recurring condition.
(Score: 1) by stormreaver on Monday June 08 2015, @11:40AM
It's been 11 years, and mono has some real market share in places like Unity. You're paranoid.
Those who fail to learn the lessons of history are doomed to repeat them. You have just given me a very powerful reason to not use Ubuntu.
(Score: 3, Touché) by frojack on Thursday June 04 2015, @06:09PM
he main advantage here would be that power shell can run as a host or server for an ssh client.
This!
Having ssh access TO a windows machine isn't good for very much.
Having some sort of a valid/native shell for the ssh to connect to opens a lot of possibilities.
No, you are mistaken. I've always had this sig.
(Score: 1) by TWX on Thursday June 04 2015, @08:37PM
I've been using a version of SSH that was ported to be able to run from a Microsoft command prompt window, but it's not a perfect port as it gets very angry about the lack of conventional UNIX paths. It doesn't store any key information properly, for example. I would like that fixed; the bulk of what I use a computer for uses SSH and Linux isn't as happy on tablet-convertible laptops as I wish it was.
IBM had PL/1, with syntax worse than JOSS...
and everywhere the language went, it was a total loss.
(Score: 2) by turgid on Thursday June 04 2015, @07:40PM
I thought you could put Cygwin on a Windows box and use it remotely like a real computer? It's been a few years since I had to use Windows for real work, but I put Cygwin on and could do some things with it, like run my bash scripts. Have I misremembered, or can you run the ssh server under Cygwin?
I refuse to engage in a battle of wits with an unarmed opponent [wikipedia.org].
(Score: 2) by jimshatt on Thursday June 04 2015, @08:01PM
(Score: 3, Informative) by tempest on Thursday June 04 2015, @04:12PM
I've been using putty for years, but it seems like the project is getting stale. More often these days I keep bumping into things putty can't do. ECDSA keys not supported, AES-GCM probably not going to happen, Chacha20 not going to happen. The other day I was messing with Kexalgorithms and Macs on the server side - putty doesn't support the "more secure" versions of those either. From the user interface perspective, aside from the pain in the ass way of importing profiles, I have no complaints. But the back end feature set is lagging far behind openssh.
Microsoft has been fair with encryption support so I could see this as a good thing, although I get this bad feeling that configuring the guts will be a huge pain in the ass like IIS.
(Score: 0) by Anonymous Coward on Thursday June 04 2015, @05:27PM
(Score: 2) by frojack on Thursday June 04 2015, @06:15PM
But you've been using putty to ssh FROM a windows machine TO something else (non-windows), Right?
I'm not sure that is the focus of this announcement.
No, you are mistaken. I've always had this sig.
(Score: 2) by tempest on Thursday June 04 2015, @07:42PM
Yes, I'm just saying this in context of "I'll keep using putty". For me SSH support will be mostly a wait and see thing on the server side depending on how well the shell integration works. I've only had mediocre experiences with Powershell, but I think a big part of that has been the lack of something like ssh. No-GUI isn't an option on the windows servers I admin.
(Score: 4, Insightful) by danomac on Thursday June 04 2015, @03:37PM
In typical Microsoft fashion, they're 20 years late to the party.
(Score: 2) by Katastic on Thursday June 04 2015, @06:43PM
Just like their "magical" new invention of Virtual Desktops.
(Score: 0) by Anonymous Coward on Thursday June 04 2015, @03:45PM
The NSA is getting sick of people using SSH on Win32/64, and has asked their pals in Redmond to make a version that can be pwnd on-demand with the Feds auto-update injection framework.
I'm wondering what OpenSSH maintainers have to say about this. Certainly OpenSSH's trademark is weakened by the association. Has anybody asked them whether they've accepted the offer of help? The announcement is like a muddy dog declaring it's intent to walk on a clean carpet; it can bark all it wants, that doesn't mean anybody has to open the door.
(Score: 3, Informative) by Anonymous Coward on Thursday June 04 2015, @04:15PM
They don't need to corrupt SSH, or any other piece of application software to do that.
They own the kernel, BIOS, etc. They can log all the keystrokes before the application
software even comes into play, let alone the encryption components.
(Score: 1) by beardedchimp on Friday June 05 2015, @12:14PM
They can log them but they can't transmit that data without being noticed. If you weaken ssh in some way, the traffic will look normal but the NSA will be able to read it.
(Score: 2) by EvilSS on Thursday June 04 2015, @04:21PM
I think you and Andy need to loosen up your tinfoil hats a bit. OpenSSH is still an open source project. So unless you are telling me the rest of the contributors are completely incompetent and would not notice a backdoor submitted to the project I don't see how the NSA factors into this at all. And if that were true, then the NSA could have already done it anyway!
Even if MS creates proprietary server/client for Windows, it doesn't change the security of the underlying protocol, and since they want this for Windows Linux interoperability reasons they can't break OpenSSH to enable a backdoor without altering the open source components as well.
(Score: 5, Informative) by jummama on Thursday June 04 2015, @05:34PM
It would be 100% compliant with the BSD license to have their own secret patches, and only distribute those patches in binary form.
(Score: 2) by EvilSS on Thursday June 04 2015, @06:11PM
Yes, but that would only affect Windows users, not the OpenSSH project itself. If MS is in the NSA pocket like the OP and Editor implied, what's the point? They could already compromise ANY SSH client running on Windows if they can own the OS itself. If I own the input, hardware, display, memory, network, and storage stacks in the OS, you can't do anything with software I can't see anyway.
(Score: 2) by frojack on Thursday June 04 2015, @06:34PM
Giving Microsoft the (historically unwarranted) benefit of the doubt.....
When every windows machine has powershell acting as the endpoint of an inward ssh connection, the juiciness of the target does become rather sweet. I suspect we are going to have to watch this implementation very closely for a while and pay close attention to inbound connection attempts.
No, you are mistaken. I've always had this sig.
(Score: 2) by EvilSS on Thursday June 04 2015, @08:02PM
There are plenty of ways to remote a windows machine already, including those built into powershell now. I imagine that this will also be something that has to be turned on, it won't be on by default.
(Score: 2) by Freeman on Thursday June 04 2015, @08:51PM
You're faith in Microsoft's default practices seems somewhat misplaced.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 2) by EvilSS on Thursday June 04 2015, @11:31PM
Considering you have to manually install things like the telnet client (not server, client) on Windows these days I don't think they are misplaced at all.
(Score: 0) by Anonymous Coward on Thursday June 04 2015, @08:01PM
You don't have to be incompetent to not notice a backdoor in submitted code, I'm sure expert programmers could get some past competent run-of-the-mill programmers, backdoors don't have to be obvious and can be made to look like innocuous code. That said OpenSSH is maintained by the OpenBSD team, who are heavily focused on security, so I doubt it will be easy to get backdoored code past them.
(Score: 3, Insightful) by Dunbal on Thursday June 04 2015, @03:46PM
Getting ready for extend and extinguish.
(Score: 3, Funny) by EvilSS on Thursday June 04 2015, @04:16PM
Why, did Google buy the project and it's dev team?
(Score: 3, Funny) by kaszz on Thursday June 04 2015, @05:35PM
I'm still waiting for the special option:
ssh..
-K K..K....K...K.k..kill kenny! Use with care, will download zero-day expl01t and wipe out any Microsoft computer on sight.
The SSH protocol probably needs this "extension" so that any free operating system may extinguish yucky things on the network in an efficient way. In some firewalls it's possible to identify TCP stack and block traffic based on that..
(Score: 0) by Anonymous Coward on Thursday June 04 2015, @07:21PM
Because I just love the feel of a penguin cock up my ass.
(Score: 1) by mmarujo on Friday June 05 2015, @11:03AM
Now Microsoft just needs to brainstorm some futuristic way to allow me not to grab a mouse when I want to paste stuff in the command line...
When will CMD.exe support keyboard shortcuts (Copy + Paste)?