[UPDATE]: Read more about our detailed plans, roadmap, and where you can play with the in-progress code here.
As Microsoft has shifted towards a more customer-oriented culture, Microsoft engineers are using social networks, tech communities and direct customer feedback as an integral part on how we make decisions about future investments. A popular request the PowerShell team has received is to use Secure Shell protocol and Shell session (aka SSH) to interoperate between Windows and Linux – both Linux connecting to and managing Windows via SSH and, vice versa, Windows connecting to and managing Linux via SSH. Thus, the combination of PowerShell and SSH will deliver a robust and secure solution to automate and to remotely manage Linux and Windows systems.
SSH solutions are available today by a number of vendors and communities, especially in the Linux world. However, there are limited implementations customers can deploy in Windows production environments. After reviewing these alternatives, the PowerShell team realized the best option will be for our team to adopt an industry proven solution while providing tight integration with Windows; a solution that Microsoft will deliver in Windows while working closely with subject matter experts across the planet to build it. Based on these goals, I’m pleased to announce that the PowerShell team will support and contribute to the OpenSSH community – Very excited to work with the OpenSSH community to deliver the PowerShell and Windows SSH solution!
A follow up question the reader might have is When and How will the SSH support be available? The team is in the early planning phase, and there’re not exact days yet. However the PowerShell team will provide details in the near future on availability dates.
Finally, I’d like to share some background on today’s announcement, because this is the 3rd time the PowerShell team has attempted to support SSH. The first attempts were during PowerShell V1 and V2 and were rejected. Given our changes in leadership and culture, we decided to give it another try and this time, because we are able to show the clear and compelling customer value, the company is very supportive. So I want to take a minute and thank all of you in the community who have been clearly and articulately making the case for why and how we should support SSH! Your voices matter and we do listen.
Thank you!
Angel Calvo
Group Software Engineering Manager
PowerShell Team
Additional Information
For more information on SSH please go to http://www.ietf.org/rfc/rfc4251.txt
For information on OpenSSH go to: http://www.openssh.com/index.html
Angel,
Any thoughts on a better terminal / console for windows?
The reality is that people often need to work with multiple operating systems, particularly in larger enterprises. Microsoft lost a lot of share to Apple on the desktop, and iTerm2 over CMD/PowerShell is definitely a huge contributor for those working with multiple platforms.
I think many people, like myself, made the switch to OS X because working with *NIX was dramatically easier with a native bash shell. Features that have become essential: easily resizing the terminal, split windows, simple copy/paste, searchable buffers, command history, GNU tool support like grep, tmux support, broadcasting I/O to multiple terminals/panels, not having to deal with CRLF issues, using a standard path separator, etc.
PowerShell and OpenSSH support is definitely a step in the right direction, it builds a strong foundation required for better tooling. But I still find the Windows OS horribly cumbersome to work with on the desktop (unless using putty+cygwin+sshd, which isn’t always easy to setup and maintain).
Any plans for replacing the CMD / PS interface with a better console/terminal?
@ives it’s funny, you find Windows cumbersome and I found OSX so painfully boring. Different strokes I guess.
I noticed this didn’t have packaging yet – so I put together a chocolatey package for it. More details here: https://www.linkedin.com/pulse/fastest-way-get-your-hands-new-win32-openssh-darwin-sanoy
First of all thank you very much for you effort.
My UseCase is: I'm developing a crossplatform (windows, linux) cluster software. In my tests some nodes are on Windows and some are on Linux at the same time. I have to manage cluster nodes somehow. The simplest way is to issue console commands on them (I already have them ready). And I also have to deploy nodes gather logs and clear something between tests. The SSH is a clear solution because it supports both shell and files. But I've found that there is no simple yet functional implementation for Windows.
@Camilo Santana: Please see the comment I posted above yours: we have had a (very early) working, in-progress build available on GitHub since October 2015.
I've also posted an update on the top of this blog to direct anyone who's finding this post for the first time.
Thanks!
Joey
PM, PowerShell
and yet, months later, no development.
fluff piece. when it arrives, it will be too irrelevant. too late.
@Blogger: We actually published an updated roadmap for the OpenSSH port here: blogs.msdn.com/…/10648817.aspx
Per that roadmap, we still hope to deliver a production-quality Windows port of OpenSSH within the first half of 2016.
We've also been publicly working on the port on GitHub (github.com/…/Win32-OpenSSH) where you can also find some very early pre-release bits (github.com/…/releases) and instructions on testing out the functionality that's already been enabled (github.com/…/wiki).
Thanks,
Joey
It is now Jan of 2016.
Still no sign of SSH on Windows.
3rd party SSH server provider is buggy and usable.
Powershell is a island.
@Geoff: Yup! We posted an update here back in October: blogs.msdn.com/…/openssh-for-windows-update.aspx
Since then, we've been executing on the roadmap there out of this GitHub repo: github.com/…/Win32-OpenSSH
Any update on when SSH will be available?
This is great news! Please don't f*ck this up Microsoft! Please!
I want to use sshfs by just running sshfs command in PowerShell!
OpenSSH for Windows Update (19 Oct 2015)
blogs.msdn.com/…/openssh-for-windows-update.aspx
OpenSSH for Windows Update
blogs.msdn.com/…/openssh-for-windows-update.aspx
Any status updates yet?
Awesome! Do it the right classic/standard SSH way
Could we get an update as to what stage is the development in? We are eager to get our hands on the result.
Also, please get Windows Credential Store integration and sub-terminal support (aka. Enter-SSHSession) with the ability to open other sub-terminals (vim for eg.) inside the session. These would be jolly good!
can't wait for this. It will allow us to finally replace some non-Windows physical servers with Windows VMs, and run automated scripts on them from other non-Windows servers, that are difficult to migrate to Windows…
http://www.powershellmagazine.com/…/posh-ssh-open-source-ssh-powershell-module
Great News. This is very positive for the development community
When can we expect this to be available to us?
Excellent! Now I hope we can try it out soon, was just in need of a new client. Putty can't handle multiple private keys…
Stoked! Thank you.
I very much hope the efforts will manifest in a timely manner. Providing some interoperation with the Windows Credential Store would rock! Enter-SSHSession with subterminal support would be the next best thing to ice cream.
Good news finally 🙂
Thank you, I can't wait this was need for a long time now. I will be able to use one shell to do everything now!
that is is hilairious that SSH support was rejected in V1 and V2. Looks like MS has seen the light, or now can, bc they got rid of the ladder climbers that couldn't see past their own agendas
Finally – if it'll be done right – I can get rid of any OS containing "nux" as a client. Don't get me wrong, they still belong on any server. Windows just won't be able to provide e.g. something like a package manager with the power & repositories of "apt" or "yum" in the near future.
Cygwin had the same problems as "cmd" regarding width etc. and just wasn't as good as any terminal on unix based systems. PuTTy… well it just looks like any other unix GUI. I haven't seen much tools that seem to have any kind of knowledge about UX
As Microsoft has shifted towards a more customer-oriented culture, a popular request is to interoperate between Windows and Linux. Some background: this is the 3rd time the PowerShell team has attempted to support SSH.
Note that the Subsystem For Unix (SFU) was deprecated by Microsoft in Windows 8.0, and desupported in Windows 8.1. Using that subsystem and the Interix Tools, it was possible to have a supported SSH server and client.
I hope that the PowerShell team is successful in bringing back some of the functionality, such as SSH, that used to be supported between Windows XP and Windows 8.0, and that perhaps the rest of the interoperability for Unix (and Linux) will come back.
This is awesome!
Looking forward to it. This would make my life in daily system/application management a lot easier and will make powershell THE tool to use for maintaining our environment.
Can't wait ? Check this out ….
http://www.powershellserver.com
15 years behind Linux and BSD, okay… I'm excited
Great News! Can't wait for availability
Thats a great news!
I forgot to add that if you add SSH to PS then in that same time you should add full screen mode to PS (like any Unix) terminal have 😀
nice, if you can add not only OpenSSH but also tmux then PS can be my default GUI 😀
Dear Powershell Team, thank you for the great news! Will it be possible to make PowerShell ISE to run ssh client (as well as Telnet client) in its tabs? For now you can run Telnet from in single PowerShell window, but not from ISE. I use ISE as a good native Windows multititerminal rather than a scripting enviromnent, and I hope I'm not alone who would like to it to have an ability to host remote command line connections in the tabs. It would be nice for those, for whom multiterminal with the possibility to easily copy-paste between local an remote sessions and to run command-line network maintenance utilities is a main tool for managing routers, switches and servers in big networks. Best regards and keep good job!
Oh, people, if you also will make a nice multi-terminal with EASY copy-paste (like left – select, middle or right-paste) and hot keys to navigate tabs, to make it possible to run multiple local shell, telnet and ssh connections in the same window, some network admins will start considering Windows a usable tool for their trade 🙂 Also add "vim" and "less" by default, please 🙂
Well done ! I`ve been waiting for this
THANK GOD!!!!!!!!
microsoft
Perhaps microsoft can show up apple and redhat by being the first huge vendor to do the right communal thing? I'm not sure whether google has but I'm not sure their products use openssh yet.
"www.openssh.org" – "In the 10 years since the inception of the OpenSSH project, these companies have contributed not even a dime of thanks in support of the OpenSSH project (despite numerous requests)."
@chris29
In fact as long as you disable ipv6 as I do, you can still run OpenBSD from over a decade ago as a network firewall without any security issues, of course many bugs have been fixed and the packet filter had major improvements since then. OpenSSH depended on openssl but was not vulnerable to heartbleed and I don't remember a major issue ever. It now depends on LibreSSL which was forked from openssl precisely because of stjpid bugs like heartbleed.
p.s. openssh on openbsd doesn't use pam at all and I am glad because pam has had security issues.
Best news I've heard all day.
To echo other posters, can you confirm:
1) SFTP support (for native secure file transfer)
2) client key authentication (so *nix automated SSH scripts will work)
2a) if yes, will client keys be integrated in AD?
When is this going to happen? Weeks? Months? Years?
@Cirrus32, yes, original link was broken, the port is now available here: http://www.nomachine.com/NoMachine-OSS-ports
I'm really glad to see Microsoft's change in attitude towards products they didn't create or buy. Most of us work in a world where we have to make the products our employers purchase work together. Having a vendor intentionally make it difficult or impossible just makes my life that much harder. I am hoping that things keep going in a direction that helps me every day instead of making me cuss out Microsoft when our TAM is on site.
Does this include support for sending files over SSH like SCP?
This is great news. I can't wait to see what we will get.
Who cares… it's like building a monorail to hell.
While still holding on firmly to my OpenBSD/PuTTY combination for all external access to our network, I am hoping this announcement will bring usable results.
I sleep at nights confident in the knowledge that the OpenBSD team is more paranoid and much smarter than I am.
I highly recommend that Microsoft management purchase an OpenBSD CD set for everyone of their developers and point them to the OpenBSD email lists. I know that sounds old school, but the resulting education would raise Microsoft development skills to a much higher level. The attitude change alone would be worth the cost of each CD pack. And don't order one CD set and copy it; buy individual CD sets for each developer. You'll see why this is a good idea after you spend some time on the mailing list.
Awesome!
Any word on timeline? Will it be ready in time for Nano Server?
Is there some way we can also tie in Public Key Authentication to this and the ability to jam that into Active Directory as well. This would make so many things so much easier. Especially from a Managed Services perspective.
Thanks to everyone for your support. I like to address a comment from Gastone Canali and a few others:
<Don't forget, client and server sides>
The SSH implementation will support both Client and Server.
-Angel
I nearly fall of my chair.
Very excited to see how this is implemented. The ability to script into a Microsoft OS from *nix opens up so many automation possibilities. One thing that frustrates me at the moment is lack of a reliable method of accessing WMI from an Ubuntu or Debian machine, for example. The ability to leverage ssh to obtain this information directly from the MS CLI (I assume) would be fantastic.
VERY VERY GOOD NEWS!!!
Don't forget, client and server sides …
Port Forwarding and Sftp are foundamental!
ssh key basedauthentication is important too
chrooted enviroment, interesting
chris29: OpenSSL and OpenSSH are, despite the similar names, entirely separate projects with very different track records. OpenSSH is a project from the OpenBSD people, and is generally thought to be of very high quality – none of the issues you mention were in OpenSSH.
That is awesome!!! I've been using various ssh modules for years, but almost always go back to something like putty due to compatibility/functionality issues. Having SSH support baked into PowerShell will solve a lot of security issues we have on installing third-party toolsets on our boxes.
Now, if the PowerShell team would join up with CoreCLR/Roslyn/etc… and open-source PowerShell my dreams would come true….
"Windows and Linux"
Nice job of mentioning the better unix-like operating systems (you didn't do a good job, 0 BSDs were mentioned)
Far from being part of the OpenSSL/Heartbleed debacle, OpenBSD has launched a competing project to get out from under it.
This is very welcome news! Looking forward to tears free windows automation.
@Chris29 Chris, OpenSSH is developed by the OpenBSD project. OpenSSL is a completely separate project with completely separate developers! All the pain recently around OpenSSL is not in any way the responsibility of the people behind OpenBSD and OpenSSH. Completely different people!
Blaming the OpenBSD/OpenSSH developers for OpenSSL bugs, is no different to blaming Microsoft for Apple bugs.
You can't lump these projects together just because they share the OpenXXX naming. The OpenBSD and OpenSSH code is very high quality. In fact, the OpenBSD project have taken it upon themselves to fix the disaster that is OpenSSL, by forking it into a new project they have named LibreSSL.
Also note that poor implementations of OpenSSH Portable in other projects, are also not the responsibility of the OpenBSD and OpenSSH developers. They can't stop other people from shooting themselves in the foot by doing something silly.
The OpenBSD/OpenSSH developers are famous for their code security, quality, stability and excellent reaction time to fixing bugs.
This is indeed very, very good news.
I second the wishes for
– port forwarding
– multiple sshds
– sshd not too tightly bound to powershell.exe
I've been working with *NIX since before ssh even appeared on the scene, and have always missed proper ways to open a proper remote session to a windows host. Thumbs up.
i think shell is the name of .net forms and these is prompet or terminal.it must load up first.
Good news!
My best wishes for both projects.
Hi Team,
I understand your wanting to couple SSHD to PowerShell but I would ask you NOT to tightly couple this to powershell.exe At the least put a registry entry that allows us to run multiple sshd's on different ports, and allow us to exec cmd.exe or any other command-line Windows program we want from sshd.
Good News for the All Admins , Hoping for the best.
How will SSH integrate into an object oriented scripting language? Will this compete with WSMan or enhance it in some way? Will it just be some powershell wrapper around sftp? So much confused…so little clarity.
Honestly, I never bothered with Powershell because I could do everything I needed with the old cmd shell.
In the past I tried to run various sshd implementations and all ended in (even more) frustration with Microsoft.
For me, an sshd providing a Powershell environment will be the Powershell "killer app".
Wait, what? Really? This is great!
I'm one of the install-Cygwin-for-sshd-on-windows guys. My use case is copying binary streams around (really files, but my usage case was far too complex for scp). I'm really hoping I can do
PS> ssh -i id_rsa_box2 user@box2 myscraperprog.exe | myreceiverprog.exe, where the pipe is 8 bit clean binary.
Setting up this infrastructure in Cygwin saved me hundreds of hours over building infrastructure.
This has been needed for so long. Hopefully it goes through. Windows support for SSH would make the world a better place.
Thanks Microsoft for pioneering in the implementation of this novel software!
@Bicentennial.M: Isn't it more important in OSS to contribute code? Just shoveling money around so that people can play around on someone else's time isn't a proper contribution. If I want XYZ in an OSS project, I can submit a pull request. If I just donate money, there's no guarantee that the money won't just buy tacos.
This is great addition. Vice versa, would love to see PowerShell tools on Mac OSX client as well.
Better late than never – THANK YOU!!!
Just realized this moved to PowerShell blog so posting here too:
Here is hoping for a high-fidelity implementation, that works with all Windows console applications. PowerShell ISE and remoting currently have difficulty handling the I/O (for me, most troublesome with the input side) of programs started from PowerShell that are not cmdlets.
Although Windows lacks pseudo-TTYs (ptys), I'm led to believe that the console drivers may be capable of more than is obvious/documented. The reason I think this is that there is a VTNT telnet terminal type documented as "use the VTNT terminal type if you are running advanced command-line applications". (windows.microsoft.com/…/telnet-commands) IIRC, this supported redirection features that preserved color and even mouse input in the Telnet Server component in the past.
Hopefully the OpenSSH Server is a full remote console, not just a PowerShell frontend. And maybe the low level hook/redirection APIs could be improved and/or documented, perhaps to the point that PowerShell ISE and remoting features can take advantage as well to improve support for running all console applications from within PowerShell.
Between the enhancements in Windows 10 and this announcement, I am extremely excited to be on the Microsoft train right now.
Oh No,
we have so much pain with openxxx software and thousands of Vulnerabilities.
OpenSSH and OpenSSL is the biggest pain ever, after month of no reaction for bugs "special" packages for the each software products are needed. The Source Code is extremely buggy, with a lot of source codes from hobby programmers. When Microsoft do that, we can schedule daily patch day's for the whole openxxx software.
Please learn from Heartbleed,Poodle, SSL Bug(disable SSL), etc.
And please implement a switch to remove openxxx software completely from power shell from beginning.
OMG!!! Thank you! Thank you! Thank you! I have been suggesting this since 2002! It's been an obstacle in a heterogeneous environment, to say the least. Couldn't happen soon enough!!
Saying that there's a huge approach change @ Microsoft seems like an understatement… Interoperability FTW!
Go go! Now!
This is very exciting news!
I'm especially pleased to read "contribute to the OpenSSH community". I also hope this means that the talented OpenBSD/OpenSSH hackers will get some financial assistance!
I've been using OpenBSD and OpenSSH since '99 and the quality of security focused code this talented team puts out is fantastic. I'm always excited to read the What's New for each release: http://www.openbsd.org/57.html
YAY
This is a turning point in Microsoft and is attempt to get the developer community even to consider it again. I love Linux, but need to use Windows some time. Now, I will not be so against it.
James
This is great news, as I'm using OpenBSD and PowerShell on a daily basis. But please consider donating to the OpenBSD project as there are lots of good stuff that were developed by the OpenBSD hackers.
Hopefully your "contributions" to SSH will be rejected by the community for third time.
Integrate whatever you want in Win powershell… but Linux ecosystem will do well without MS security backdoors in openssh.
Thanks.
awesome! can't wait!
Powershell v5 ? ! ? Maybe ?? ! ?? …still in preview? ..please?
Powershell v5 already is changing the windows world… SSH into powershell would not just change it, it would bring relevance back!
Will SFTP support be part of this?
I got goosebumps in anticipation when reading this. 🙂
Great news!
you may have changed the link and fixed the grammar error I pointed out, but you still have more. this one for example, "customer-oriented culture, Microsoft engineers are using social networks, tech communities and direct customer feedback ", where you are missing a comma needed before the and. Don't you all proof read?
Finally, awesome!
{quote}
… both Linux connecting to and managing Windows via SSH and, vice versa …
{quote}
This to me, sounds like there will be sshd daemon side as well? Will there be some sort of PAM_sshd to bridge to login to AD based? Or certs based only via ssh-copy-id? Though it may be outside the PowerShell issue, please also consider some sort of MTA (both AWS and Google Compute has them) for login (pam_google_authenticator on Windows may be a great way).
If it is indeed going to be part of OpenSSH, this would also mean you'll be supporting port-forwarding on both sshd and ssh client side, correct? Sometimes using "-L" and "-D" options on ssh client comes in quite handy to determine issues of firewalls, proxy, etc.
Last but not least, hopefully, it'll be library accessible, so we can also write deployment tools and even MSI CustomAction.
Once again, thank you very much!
Finally! These are great news!
It is a good news that Microsoft opened their views and doors to the world and *nix community.
Just to remind those in Microsoft, please remember to implement the SSH in the industry standard way, don't try to come up your own SSH implementation/protocol standards and skew or confuse people who are using SSH!!!
Do NOT repeat what you guys did in Internet Explorer with messing up HTTP/HTML standards that come with some non-standard, HTML pages/language that only IE can understand!
Looking all over for the Like button!
It seems that more and more exciting changes are occurring at Microsoft every day. I can't wait to see where this all goes.
Hell… it's about time!
http://www.youtube.com/watch
Excellent news! I've been waiting and asking for ssh support for years 😉
Thank you very much!
Hopefully this means that Microsoft will be sponsoring OpenBSD development, which maintains the OpenSSH project:
http://www.openbsdfoundation.org/campaign2015.html
http://www.openbsd.org/donations.html