Skip to content

Releases: PowerShell/Win32-OpenSSH

v0.0.2.0

23 Oct 19:49
Compare
Choose a tag to compare

_This is a pre-release (non-production ready)_

This release adds Unicode support improvements in Windows. The problem with Unicode differences between Unix (UTF-8) and Windows (UTF-16) is tackled by:

  • Defining a Unicode entry point for each executable. The entry point (wmain) is implemented in a common Windows compat library. This takes in UTF-16 arguments/parameters and converts them to UTF-8 before feeding them to OpenSSH original code.
  • Making all POSIX structures calls in our wrapper UTF-8 compliant, overriding Unicode differing clals (like fopen) with UTF-8 compliant ones.

The changes

  • Kept the internals of OpenSSH code intact (UTF-8 based) including original "main" routines.
  • Got rid of Windows specific UTF-16 based code around configuration and user profile structures.

With these changes, following are supported:

  • Addressing Unicode targets
  • Generating and consuming Unicode configuration and key files (UTF-8 files on Windows can include BOM)
  • Using Unicode directories and file paths and user names
  • Unicode console prompts and input

TBD:

  • SFTP and SCP are not Unicode ported yet. This is current work in progress.

This release also includes the following fixes:

  • removed previous restrictions on scp and sftp around running them from their root directory.
  • support on Nano. Nano does not support server side PTY changes. A remote session to Nano can be opened without a TTY/PTY as follows:
    • ssh user@nano cmd
    • ssh user@nano powershell -File -
  • relative sub-system paths. Relative Sub-system executables can now be picked up from installation root. Ex the following in sshd_config would work for sftp:
    • SFTP sftp-server.exe //sftp-server.exe will be picked up from sshd.exe installation path

v0.0.1.0

01 Oct 06:10
Compare
Choose a tag to compare

_This is a pre-release (non-production ready)_

This release improves on the terminal experience by including a rewritten ANSI client side parser and an ANSI compliant server side PTY for Windows console applications. Direction keys, Tab (auto completion) and Ctrl+C should now be enabled. This means that many server side console applications will now work seamlessly over remote ssh sessions. Powershell has so far been launched as "Powershell -File -". These std io redirecting arguments are no longer required. You may launch Powershell.exe directly and should see its rich native experience.

When talking to an Unix target from Windows 10, use "Legacy Mode" in console to work around "vi" and "top" issues.

NOTE: The server side changes do not work on Nano yet.

See features/improvements here

v0.0.0.9

18 Sep 06:19
Compare
Choose a tag to compare

_This is a pre-release (non-production ready)_

See features\improvements here

5_30_2016

30 May 22:25
Compare
Choose a tag to compare

_This is a pre-release (non-production ready)_

See release notes of 5_15_2016. Following issues are fixed in this release:

  • ssh and sftp now log into user's profile folder (if user's profile exists) 209
  • fix to issue 229
  • fixes to issue 218

5_15_2016

15 May 20:28
Compare
Choose a tag to compare

_This is a pre-release (non-production ready)_

The release adds the following security enhancements:

  • sshd now runs in the context of a restricted service account. This account (visible in task manager as "sshd") only has SeAssignPrimaryTokenPrivilege required to spawn off session processes under client context).
  • ssh-agent in implemented for Windows as a service running as "SYSTEM". This will execute key related privileged operations on sshd's behalf. It differs from UNIX version of ssh-agent as follows - it provides persistent storage of ssh private keys (both user and host). The keys are locked using user's password (using Data protection APIs). The storage is ACLed system only. As long as system is root-trusted, this ensures that the private keys are protected from malware. This also provides a single-sign on experience for Windows. Additional details
    • ssh-agent service can be started by any user but can only be stopped by admin
    • keys can be added to ssh-agent using ssh-add. Following flags are supported - lLdD
    • see wiki for details on how to register and secure host-keys.
  • ssh-agent also implements key-based authentication for Windows - this includes verification of signature, authorizing the public key and generating client token. support for domain accounts is now added.
    • ssh-lsa from previous versions needs to be uninstalled and replaced with latest version. See wiki for details on how to do ths.

Known REGRESSIONS in this release:

  • Secure loading of user profile is currently being worked on. Logging in using ssh and sftp will take you to %Windir%. If you are blocked on this, work around is to run sshd as Local System instead. This is being tracked as this issue

4_5_2016

06 Apr 05:49
Compare
Choose a tag to compare

_This is a pre-release (non-production ready)_

This release has the following in addition to 3_19_2016

  • SIGALRM support added. This enables the following
    • SFTP progress bar
    • ConnectTimeout for ssh client
    • Login grace timeout in sshd
  • SIGCHLD support added. This helped in converging Unix and Windows code around child process management
  • Misc code refactoring to remove redundant code
  • Fixing the artifact around misbehaving "ENTER" on most clients - work around added in server to minimize impact.

Note: "sshd -install" is no longer supported. Service can be installed using the provided PS script. See updated wiki for instructions

3_19_2016

20 Mar 06:35
Compare
Choose a tag to compare

_This is a pre-release (non-production ready)_

_Note: Thanks to folks testing this release - we have identified an issue on 2012 R2 (and possibly Win8) with read() routine of underlying transport. This manifests as a failure while starting sshd. Try using 1.1 versions if you see this issue_

What's in this release:

  • Completely rewritten underlying transport that adapts POSIX calls to Win32 overlapped APIs.
  • Transport is now truly single threaded with no synchronization overhead. Stream throughput over loopback has improved ~15%.
  • Transport has been stress tested with 10 tunnelled TCP (port forwarded) full duplex full throughput streams multiplexed over a single connection/session (ssh and sshd running with AppVerifier enabled). It held well, compared to the previous transport that froze after 5 streams. Hopefully, connection reliability issues reported so far will be resolved with this update.
  • PW auth will now result in network logon so admins will end up with sessions capable of performing admin tasks.
  • SCP is taken offline as it needs significant changes to get it on board the new transpor and I'm still working on it.
  • ssh-add and ssh-agent are taken offline as we are working on the right security model and user experience for Windows.
  • there are not changes to ssh-lsa.dll (for key based auth). So you may continue to use the previous version if its already installed.

I haven't yet fixed ssh-lsa installation script issue on Windows 7. Please continue to use the work around for now
reg add HKLM\System\CurrentControlSet\Control\Lsa /v "Authentication Packages" /t REG_MULTI_SZ /d msv1_0\0ssh-lsa.dll -f

There will be some regressions in terminal experience as I refactored related code that was coupled with protocol code. That said, its understood that current terminal experience is very primitive. Focus over the next couple of months will be on enriching this experience along with security enhancements.

2_25_2016

26 Feb 03:27
Compare
Choose a tag to compare

_This is a pre-release (non-production ready)_

64-bit and 32-bit payload from Master on 2/25/2016. Slight modification in how ssh-lsa.dll is installed. See deployment instructions in wiki

NOTE: It has been reported that ssh-lsa installation script is not working on Windows 7. Please use this work around for now
reg add HKLM\System\CurrentControlSet\Control\Lsa /v "Authentication Packages" /t REG_MULTI_SZ /d msv1_0\0ssh-lsa.dll -f

12_22_2015

26 Feb 05:09
Compare
Choose a tag to compare
12_22_2015 Pre-release
Pre-release

This release contains 64 bit build of OpenSSH binaries. See Deployment instructions in Wiki for more details. Build is from 12_22_2015 sources

11_09_2015

10 Nov 06:43
Compare
Choose a tag to compare
11_09_2015 Pre-release
Pre-release

The release contains several fixes to improve ssh.exe terminal experience. Also includes changes to support launching sshd as service. See Deployment instructions in Wiki for more details.