Microsoft Adds an OpenSSH Client to Windows 10

It drops into cmd, but it is configurable (and there's actually a Chocolatey community package for it that I believe prompts you for which default shell you want at install-time).

With PowerShell Core 6, we also support PowerShell Remoting Protocol (PSRP) over SSH as a transport, which means that you can do stuff like New-PSSession and Enter-PSSession without WinRM. (PowerShell just gets registered as a "subsystem" of sshd, same thing sftp-server does.) You can check that out here: https://github.com/powershell/powershell/tree/master/demos/S...

Please say powershell... Please say powershell...

I don't have a good answer for you right now, but we're tracking it here and I'll be responding back here with some info when I have it: https://github.com/PowerShell/Win32-OpenSSH/issues/926

Don't worry, you'll also be able to license your OpenSSH server per core (minimum 4 per-core licenses).

I'm joking.

Haven't seen that error message before but I highly encourage you to use our GitHub builds where we've fixed a ton of issues related to path parsing and VT100/ANSI compatibility.

Those builds will also be showing up in Insider builds over the next few weeks (if they haven't already).

I had the same issue, plus -t rsa didn't work, and my existing keys weren't accepted anymore. I ended up uninstalling it.

Yup! We support down to Windows 7 and Windows Server 2008R2. You just have to install the bits from GitHub (but they're actually more up-to-date because we can ship there a lot faster).

Probably not. The Windows Subsystem for Linux was introduced with Windows 10.

What kind of network drive support are you looking for specifically?

If you mean, "interact with them from an interactive shell like cmd or PowerShell", yes, you can absolutely do that. Our implementation literally stands up a console host on the server side, so whatever you can do in that console host with the privileges you have, you can do over SSH.

If you mean, "do you support SCP and SFTP for transferring files in a network-drivey way" the answer is also yes. SCP is supported directly against sshd, and we ship both an SFTP server and client.

If you're talking about something NFS or SMB related, I'd be curious to hear more details.

I don't sit within the console host team, but I do work very closely with them and their PM Rich Turner is very active on Twitter (@richturn_ms). They're tracking the (very popular) request for tabs at https://wpdev.uservoice.com/forums/266908-command-prompt-con...

For me, this is a huge thing.

When I bought my first Mac, back in the days of MacOS 10.2, I did so because of the BSD system underneath. Having a Unix system, whether its GNU or BSD, gives me access to tools that I'm familiar with and sometimes prefer to their GUI counterparts (e.g., scp/sftp vs FileZilla).

Now that Windows has this, switching back is something that I'm giving serious consideration to.

I've been using WSL + wsltty [1] + Xming [2] for months and didn't encounter major issues. wsltty also added support to the Microsoft Store version recently.

For Xming, simply set DISPLAY in shell and local GUI programs just work, as well as SSH X forwarding.

[1] https://github.com/mintty/wsltty

[2] https://sourceforge.net/projects/xming/

(EDIT: typo)

I tried this, but I found that my Ubuntu subsystem could not access my wifi connection at all, no matter what I tried. I remember reading Microsoft forums where developers from Microsoft acknowledged they were working through the issue. It still hadn't been resolved the last time I checked.

I'm on a Dell XPS 15 9560 if that matters.

Is there any advantages over using Ubuntu itself directly?

I haven't done this yet, thanks for the reminder! I've been curious to try it as I've gone through probably every other bash emulator on Windows and not been overly satisfied.

That's all fine and dandy until you want to develop Windows applications using Ubuntu on Windows.

There's still a place for windows native tools.

I install OpenSUSE Command line from the Windows Store.

I second this recommendation. It’s a really great tool; I really like the combined SSH and FTP integration so I can browse and edit files with my favorite text editor on the machine I’m ssh’ed into really efficiently while also running commands at the same time.

Another "me too!" for MobaXterm. Sessions in tabs, easy file transfer, built-in and automatic X forwarding.

I like PuTTY, and have used it a lot, but MobaXterm has been great.

Also love MobaXterm

I wish Cygwin performed better on Windows, git operations on Linux take minutes on Windows because it has to spin up the whole cygwin environment. This kind of still makes me want to use Linux, but MobaXTerm makes my Windows desktop very usable for administration.

You should try WSL with cmder [1], a lightweight windows terminal that feels great and is heavily customizable. It’s the iTerm2 of Windows IMO.

[1] http://cmder.net/

WSL has exited beta on the mainline release. You can now install Ubuntu/Suse from the windows store. Look up the processes to extract data from your current wall, unintall the legacy edition and get the new addition. It's not clear yet how the legacy version will be impacted it may be easier to migrate sooner rather than later

It felt like x-mas when I discovered msys. The package management blew my mind. Getting a qt kit set up took about 1 minute.

Great wiki about set up and use here: https://github.com/msys2/msys2/wiki

MSYS2 is highly underated, it works perfectly and I cannot work without it now.

Yes! OOTB package mgmt...

Yeah, but doesn't Putty force you to use it's goofball ssh keys? With git bash you can use regular ssh keys. And, you can generate them the way you're used to (assuming you already use Linux). Idk, I think git bash works just fine in most cases.

Wow. Way slower? Git bash is just as fast for me. And MUCH more convenient.

you can install the tools into your global path so that you can use git's openssh from powershell.

I'm not entirely sure what you are trying to do, but if you leave the terminal icon in your Dock, dragging any folder from Finder onto it will launch terminal in that directory. Any good?

Instead of ranting, perhaps post your broken AppleScript so we can help you fix that. It really ought to be < 10 lines of AppleScript.

Highly unlikely. You'd only deprecate them if they serve the exact same purpose, but they don't. Many users will switch, but not those who want a posix runtime environment for a win32 executable that can run on machines that don't have WSL installed (cygwin, and the fork msys2 which git-bash is based on); or to use the gcc compilers to target win32 executables that use the windows native (non-posix) runtime - mingw. Do you know that you can use gcc to build windows executables and dlls from Linux, Mac, or WSL? That's mingw and it's not going away.

I have bash scripts within cygwin that control Windows firewall via netsh interface.

I still can't run those command under Windows Subsystem for Linux.

Can't agree more. This was also what made me to buy my first Mac: the fact I have a natively supported terminal (that's blazingly fast), with ssh client (and server too, whenever I need it), with shell that's not some kind of ugly hack (geez, CygWin nightmares) and BSD userland tools at my fingertips is the quality no computer/OS maker can deliver up till today, so despite being displeased with some recent design choices (I love my 'old school' Mac keyboard, I love my MagSafe adapter, I love my 2015 MBPR ports and form factor, thank you) I keep buying Macs.

I'm a Linux guy myself, but whenever I see colleagues use a terminal on Mac OS or Windows, the amount of little annoyances on Windows really sticks out. It's nothing major (hard to configure colour schemes, awkward copy/paste operations, PuTTY), but it compounds to an unpleasant experience.

This. 10 times this. I moved to MacOS 10.3 in 2004 because the things I did professionally were almost all in Linux (which I had been running in the data center literally since 1994), and MacOS felt and acted like Linux with a nice GUI. I lived most of my life in Terminal and rarely noticed the difference between when I was ssh'd in to a server or working locally. Awesome stuff.

I doubt Windows 10's inclusion of ssh alone addresses this use case; for that you'd want a full cygwin or something. I don't know anymore - I don't use Windows for any purpose other than games on dedicated gaming computers these days. Despite Apple going backwards with each successive macOS release (probably since 10.8) it's still a much more usable OS for the majority of the things I do than Windows 10. I do like Windows 10 better than Vista and 7, though, on my current gaming computer.

> PuTTy sucks

Never been a problem for me. What are your complaints?

I barely notice the difference, but if I had to choose I'd take putty over Terminal.app, which has default keyboard-shortcuts that clash with Bash. (I believe it was Alt-b, Alt-d, or maybe Alt-f. I forget exactly.)

The big problem is the filesystem is still vastly different.

The web, Unix, Linux, OSX, pretty much everything other than Microsoft uses properly namespace driven forward-slash separated paths with no drives and case sensitivity.

That you can't fix, merely abstract it away. I am tired of mapping between the two.

   scp myfile.txt winmachine:/d/Users/Whoever/Documents/Projects/X/File.txt

Then I cut and paste. Oh no wait I can't. Now I have to replace all the /'s with \'s and d with d:...

Or

   scp myfile.txt linmachine:/home/whoever/documents/projects/x/file.txt

I'm done and moved over the fence. \ means escape. / means path separator. No \\ problems either.

> Losing as the most popular OS has made Microsoft start doing some of the right things.

While Microsoft has started doing good things which I can agree on, when did they lose OS market share to the point of not being number one? If we're talking about Apple hardware outselling any one vendor, that's true, but there's volume. Also, one of the first things I did after getting my MacBook Pro (and others I know who don't want to leverage VMs/Parallels. I like Windows and OSX being separate from a context point of view) was dual boot Windows.

Not that I have anything against MacBooks, but was installing some Linux distro (or a BSD) not an option?

Check out MobaXterm ( https://mobaxterm.mobatek.net/ ), it's the best terminal for windows I ever tried. Have a really handy list for remote connections, an X server, sftp browser for connected servers, Linux Subsystem fro Windows support, and a lot of other useful features. (I am not connected in any way to the developers)

Not to forget iTerm 2 on macOS is amazing. I find it much more pleasurable to use than the default Terminal.app

> PuTTy sucks

PuTTy is amazing, and my experience of using windows over the years would have been far worse without it.

However I do understand the point - compared to using a real terminal, it does indeed suck to be stuck on windows using PuTTy

For a terminal on windows, I have now taken to install cygwin, X on cygwin, and then xfce-terminal on top. It's not perfect either, but it is better.

I've recently discovered cmder and it actually makes Windoze bearable to use. Of course I would never give up Linux if it were my own choice, buy work is work. So they've got an SSH client at last, but still no decent terminal, I suppose.

I think the question is not whether someone would buy a MacBook because it has these tools built in but rather, why would someone buy Windoze given that it doesn't have these tools built in?

Primary reason I'm on OSX is due to working 100% Linux servers. The hardware of a MBP is unbeatable to me.

Try Cygiwin + ConEmu + MinTTY . It was I used when I was force to work on Windows to get a decent shell & terminal.

Bitvise SSH Client is the best one on Windows that I have ever tried. I agree - using Putty sucks massively.

Or maybe some people just need PuTTY for the SSH stuff, because they feel Powershell is superior to bash and related Unix shells.

Exactly; bash+ssh comes with decent options for terminal-based text editing. That's a huge win over Notepad and friends.

Microsoft are writing a proper, tabbed multiprocess terminal for a future Windows 10 release.

> I might've made it 6-7 months

Hat's off to you, I didn't even make it that many weeks.

Between filenames/paths being too long, poor terminals with janky colour schemes (save for Mobaxterm, it's great), WSL issues (like umask handling), gvim/vim issues with plugins, and loads of other annoying bits I just went back to Linux.

Linux is FAR from perfect, especially as I have an Nvidia graphics card, but there's a lot to like there too. Having run Fedora 27/Ubuntu 17.10 I've found I really really like Gnome. I seem to be in a club of one there (and it's buggy as hell on 17.10) but for me it's been great to use.

Not that I wouldn't use Mac if I found a couple grand down the back of the sofa, but as a daily driver Linux has been less painful. Even on the laptop, though I do have one of those Dell certified ones.

You can do all that stuff using Cygwin at least as far back as 2005, because I was running Unix dump and rsync through ssh from a Windows backup server back then. Cygwin eventually adapted PuTTY as its terminal emulator too, in the form of MinTTY.

You can do SSH proxying with PuTTY, too. It's just called something different:

https://stackoverflow.com/questions/28926612/putty-configura...

Plus PuTTY has a command line interface and everything. You can do all the things you mention with PuTTY from a cmd.exe or PowerShell prompt.

> cmd.exe isn't exactly usable

Depends, for the occasional deep into CLI world to run a script, is quite ok.

Granted, the defaults regarding mouse copy-paste and window size were only improved on Windows 10.

> Not to mention that since developers are only using Linux and Mac, you will have libraries which does not work on windows (because nobody even tried).

Not all developers are pure UNIX devs doing POSIXy stuff.

> You needed to install Cygwin

Just install Ubuntu Shell.

Also, it's not like you don't need to install iTerm, zsh, docker, python libraries etc on mac. It's not like it comes with them by default. Your argument is kind of moot.

Not to disagree with you on anything but same gazillion dollar company is now doubling down of a Javascript code editor because writing high quality native code is so difficult and expensive.

Admins cannot install stuff? Then who can? :)

Good point - as Mel Brooks said, "It's good to be the king!" In my last job, I was IT; I dread going to some place where they force Windows upon me!

It was foisted on me, but I created a group in our approved software policy with just me in it, added Virtualbox to the group and managed to get the change request signed off! I use Ubuntu now for everything but MS Office and the dreaded ERP client.

Obviously somebody in those corporations chose it.

Running a large fleet of non-Windows computers means writing your own software to manage them, just like Google had to do [0]. Not every business wants to do that.

[0] https://9to5mac.com/2013/11/27/how-google-manages-over-40000...

Part of this though is because software was historically built for windows in a way that it isn't anymore. Even at tech companies, where the majority of employees are using macbooks, you'll often see people in the finance department using windows machines.

I imagine as the growth of SaaS continues we will see less of this, especially because it's much easier for the IT department to manage one type of computer where macs tend to have a higher build quality than most windows based machines.

I'm working now to move my Win 8 install to a VM then I can format this damn machine an install a real OS. All I need Windows for really is Skype and MS Teams.

Foisted is a very apt term

Os X is Unix on the desktop

If only Office on macOS actually worked as well as its Windows counterpart

That sounds like a minus to me.

I find it really convenient to run the same OS on my laptop, as on the servers I administrate.

Others probably feel the same, and I suspect that was the GP's point as well. :)

Also, almost nobody care about Unix certification. Linux isn't certified, and except for really niche things, Linux is all that matters (if you aren't running Windows).

I think their point is that there's no point in trying to force Windows to behave like a Unix when you can just use a Mac or install/dualboot Linux. There are a lot of reasons (fascism-based IT department, can't afford a Mac, etc.), but it's a good point. Once I stopped trying to trick Windows into working like Linux and just freaking installed Linux, my workflow became SUPER smooth.

Was there a problem installing Putty?

I did out of irritation the nth time I wanted to delete a file that it insisted was open (which should not be a problem anyway).

> "I remember hand coding an XFree86Config file almost two > decades ago to get three monitors setup."

Yeah, it's come a long way since then ;) It's 100% plug and play, at least with fedora/ubuntu/debian. Haven't played much outside that realm.

Two decades ago you had to fiddle with config.sys, autoexec.bat and win.ini too. Do you still judge Windows based on that experience?

Otherwise, multi-monitor setup is plug-and-play. I even have an anecdote, where Thinkpad with Fedora saved a meeting ;)

Just as another anecdote, I use my Linux laptop with an external monitor every single day. Even have StumpWM configured with keystrokes to switch between portrait and landscape modes (using arandr).

You are, of course, absolutely correct. And I hope this is what internal package maintainers in large companies and individuals using putty as their standard SSH client do. However, for many of us putty is a backup when they are not on their linux/osx machine and just quickly need an SSH client to do something. The workflow there is google->putty->first result->download->execute. You absolutely shouldn't, but we also shouldn't drink and sleep 8h a night :)

How do you know the public key is correct?

That still allows an attacker to deliver you an older binary than you previously had installed — potentially one with major vulnerabilities.

Signing doesn't prevent downgrade attacks, HTTPS does.

Thanks for pointing this out; I'd forgotten about that (having given up on Putty after discovering the difficulty of sharing configuration https://stackoverflow.com/q/13023920).

Putty.org links to the Putty download page with a disclaimer separating promotion of Bitvise software below. The contrast in marketing language between "source code [...] developed and supported by a group of volunteers" vs. "developed and supported professionally" definitely appeals directly to the Windows mindset! Unfortunately Bitvise's "growth hacking" makes commercial sense, even if it does cost them potential users.

It is always interesting to contrast various SEO approaches; for example: contrasting https://www.chiark.greenend.org.uk/~sgtatham/putty and https://winscp.net. It would be neat if the Putty author would chime in here; perhaps a funding drive for putty.net is in order!

Does it support setting colors via escape sequence from the shell? because that's the whole point.

Oops, that was supposed to be a a footnote (just my acknowledgement that there had been some changes to cmd for Windows 10), but I decided to put it inline. Can't edit with the HN app I'm using currently.

PowerShell has been around forever and it's super powerful. Just never got much adoption.

I know all about the alternative terminals for Windows and none of them are much better. ConEmu feels so hacky and way out of scope for what it's supposed to be doing. Does it still require Administrator, and hook directly into the framebuffer?

Maybe YouTube should have a "kudos, this video was so good that I'll watch an extra 30-second ad just to thank you"-button.

(I assume most of these videos are so unnecessarily long because it increases ad earnings for the content creators.)

You have to join Windows Insider preview program to get it today. Should be in retail when the current build is released.

This is from memory so it might be slightly wrong, but in PowerShell you can write:

Add-WindowsCapability -Online -Name OpenSSH.Client

I usually point people to specific steps of this DO guide https://www.digitalocean.com/community/tutorials/how-to-use-....

It gets even worse too because in some of my courses (like my Let's Encrypt course) I request people to securely transfer files to their DO server.

So now they have to set up WinSCP or a comparable tool, which has its own set of lengthly instructions.

And for comparison on MacOS, Linux or WSL it's just:

Create SSH key: ssh-keygen -t rsa (hit enter a couple of times)

SSH into a server: ssh user@host

SCP a file to a server: scp foo.conf user@host:/tmp

Yeah it's handy to have by default, no doubt. But unless it also includes all the other client modes as well (scp, sftp, etc) and all the features found in Putty to boot I think the author's conclusion that Putty's days are numbered is a bit unrealistic.

I will say if this includes active directory integration so that ssh'ing from a windows box to a kerberos-protected unix one that could be slightly helpful. And if not that's just another reason to keep using putty. LOL.

Downloading putty.exe (or executing on a USB or share) is less invasive than installing the OpenSSH client feature.

I don't work for Microsoft, but my guess would be in order to securely access a shell. (Remotely, but srsh doesn't roll off the tongue)

Honestly though, I'm more interested in an SSH server for Windows. I haven't tried for many years, but last time I did, getting something more secure than telnet was a massive pain.

How else are you going to use your Azure server? :)

For the same reason Windows came with a telnet client?

From the article:

> For years, Apple MacBooks have been the go-to choice for many admins partly because getting to a ssh shell is so easy.

Why did they include it now?

ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

without these you'll likely be unable to connect to Cisco devices, vCenter, etc.

Point being, those who wanted SSH or unix tools under windows - there have always been options, even with the most zealous of corporate desktop policy that I have encountered and in the worst cases, you can use the corporate security policy to make that happen.

It can't work with network shares or non-ntfs volumes though.

According to the MSYS2 devs, MSYS2 is slightly slower than Cygwin, and it has a significantly different project objective, leading to much reduced command-line environment:

https://stackoverflow.com/a/25755481/3712 (MSYS2 dev)

As for whether it's slower, I expect there'd be very little difference but MSYS2 would be a tiny amount slower due to the extra conversion work.

https://github.com/msys2/msys2/wiki/How-does-MSYS2-differ-fr...

MSYS2 provies a minimal shell required to run autotools and other build systems which get the source for software from the Internet from different repositories, configure them and build them. The shell and core tools exist mainly to allow porting Unix programs to run natively on Windows (i.e. without requiring a POSIX emulation layer). MSYS2 doesn't try to duplicate Cygwin's efforts more than necessary, so the number of provided POSIX-emulated software is very small.

(I recommend Cygwin, I've been using it for 15 years or so, and have access to almost everything I've ever needed from Linux command line. The slowest thing is forking; emulating it in Win32 executables is not easy on NT kernel. MSYS2 doesn't fix that.

Also, apt-cyg is pretty decent for installing packages on Cygwin.)

So they finally got mouse selection working? Font size scales according to screen resolution? They must have woken up to the 21st century.

Thank you for the link, I had no idea. I haven't kept tabs on the recent developments. Not sure if I'll ever upgrade to Windows 10, but I keep it in a cage somewhere, so I'll take a look.

I was happily surprised a while back when I started using WSL, but there are a few things that I still miss:

* tabs * splitting a pane * a default font with a high unicode coverage * better theme support (the current system is clunky)

And access to file system through /mnt/c even longer.

Unfortunately I am somewhat older and I am cursed with a very good memory. The behaviour I describe in the OP used to be the standard for Microsoft.

Feel free to audit the source code if you want, I'm not using Windows any more so I don't really care.

you miss the point that the right ssh keys will be used by default. currently malware would have to search for and use the keys by itself. now the servers will be on a gold platter, ready to be served