Category Archives: Open Source

Installing OpenSSH Server on Windows 10

So in yesterday’s post we learned that the OpenSSH client is included with the Windows 10, Update 1803!  Guess, what else is included in this server, an OpenSSH Server! Yes, that’s right…you can now run an OpenSSH server on your Windows 10 system and get a remote terminal! So in this post, let’s check out what we need to do to get OpenSSH Server up and running.

First, we’ll need to ensure we update the system to Windows 10, Update 1803. Do that using your normal update mechanisms.

With that installed, let’s check out the new Windows Capabilities (Features) available in this Update, we can use PowerShell to search through them.

PS C:\> Get-WindowsCapability -Online | Where-Object -Property Name -Like "OpenSSH*"

Name : OpenSSH.Client~~~~0.0.1.0
State : Installed

Name : OpenSSH.Server~~~~0.0.1.0
State : NotPresent

Now to install OpenSSH server, we can use the Add-WindowsCapability cmdlet

PS C:\WINDOWS\system32> Add-WindowsCapability -Online -Name  OpenSSH.Server~~~~0.0.1.0

To confirm it’s installation we can use the Get-WindowsCapability cmdlet again, and this time it’s state is “Installed”

PS C:\WINDOWS\system32> Get-WindowsCapability -Online | Where-Object -Property Name -Like "OpenSSH.Server*"

Name  : OpenSSH.Server~~~~0.0.1.0
State : Installed

With that installed, let’s take a look at where sshd lives on our Windows system and that’s in C:\Windows\System32\OpenSSH\

PS C:\> Get-ChildItem C:\Windows\System32\OpenSSH\

Directory: C:\Windows\System32\OpenSSH

Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 3/10/2018 12:20 PM 343552 scp.exe
-a---- 3/10/2018 8:20  PM 355840 sftp-server.exe
-a---- 3/10/2018 12:20 PM 408064 sftp.exe
-a---- 3/10/2018 12:20 PM 531968 ssh-add.exe
-a---- 3/10/2018 12:20 PM 495616 ssh-agent.exe
-a---- 3/10/2018 12:20 PM 657920 ssh-keygen.exe
-a---- 3/10/2018 12:20 PM 594944 ssh-keyscan.exe
-a---- 3/10/2018 8:20  PM 154624 ssh-shellhost.exe
-a---- 3/10/2018 12:20 PM 894464 ssh.exe
-a---- 3/10/2018 8:20  PM 970752 sshd.exe
-a---- 1/30/2018 7:55  PM 2143   sshd_config_default

On Windows systems, network daemons run as “Services”. We can see with the Get-Service cmdlet, the installer added ssd and also ssh-agent!

PS C:\Users\aen> Get-Service -Name *ssh*

Status   Name               DisplayName
------   ----               -----------
Stopped  ssh-agent          OpenSSH Authentication Agent
Stopped  sshd               OpenSSH SSH Server

As you can see the state is stopped, so let’s start the Services and also set them to start on boot

PS C:\WINDOWS\system32> Get-Service -Name *ssh* | Set-Service -StartupType Automatic
PS C:\WINDOWS\system32> Get-Service -Name *ssh* | Start-Service

We can use netstat to see if we’re up and running

PS C:\WINDOWS\system32> netstat -bano | more

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    0.0.0.0:22             0.0.0.0:0              LISTENING       12764
 [sshd.exe]

So now that it’s up and running, you should know that the configuration files and host keys live in ProgramData\ssh\ so if you need to change the behavior of SSH you’ll head for the sshd_config file and when finished, restart your service with Restart-Service -Name sshd 

PS C:\Users\aen> Get-ChildItem -Path 'C:\ProgramData\ssh\'

    Directory: C:\ProgramData\ssh

Mode                LastWriteTime         Length Name
----                -------------         ------ ----
d-----        5/17/2018   8:35 AM                logs
-a----        5/17/2018   8:35 AM              7 sshd.pid
-a----        1/30/2018   4:55 PM           2143 sshd_config
-a----        5/17/2018   8:35 AM            668 ssh_host_dsa_key
-a----        5/17/2018   8:35 AM            613 ssh_host_dsa_key.pub
-a----        5/17/2018   8:35 AM            227 ssh_host_ecdsa_key
-a----        5/17/2018   8:35 AM            185 ssh_host_ecdsa_key.pub
-a----        5/17/2018   8:35 AM            419 ssh_host_ed25519_key
-a----        5/17/2018   8:35 AM            105 ssh_host_ed25519_key.pub
-a----        5/17/2018   8:35 AM           1675 ssh_host_rsa_key
-a----        5/17/2018   8:35 AM            405 ssh_host_rsa_key.pub

You’ll likely need to open your Windows firewall, which can be done with the following cmdlet on PowerShell 5.1

New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22

So let’s test it out, I’m going to ssh from my Mac into my Windows 10 laptop

My-MacBook-Pro:~ aen$ ssh demo@192.168.0.111
The authenticity of host '192.168.0.111 (192.168.0.111)' can't be established.
ECDSA key fingerprint is SHA256:eQti/VKAXhTgbLGTqD3n/QOxcPvfdIT6rwuIK+8F5Vs.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.111' (ECDSA) to the list of known hosts.
demo@192.168.0.111's password:

Microsoft Windows [Version 10.0.17134.48]
(c) 2018 Microsoft Corporation. All rights reserved.

demo@W10LAPPY C:\Users\demo>

And that’s it, you can now install OpenSSH server on your Windows 10 system. I can only imagine it’s a matter of time before this hits the server side of things! Bravo PowerShell Team, bravo!

OpenSSH is now Part of Windows!

Today is a big day! The OpenSSH client version 7.6p1 is now part of the Windows 10 operating system! Microsoft released Windows 10 Update 1803 and included in that release is the OpenSSH client, which is installed as part of the update.

That’s right an SSH client as part of the Windows operating system by default! Also included with this update is the OpenSSH Server which is included as an Windows Feature on Demand.

Let’s take a look at what this is all made of!

Start off by updating your system to Windows 10, version 1803. You can do this via your normal Windows Update mechanism.

Here you see I have installed Windows 10, version 1803.

Screen Shot 2018 05 16 at 8 07 53 PM

With that, let’s look at what we got in the update! We’ll search our Windows Capabilities (Features)

PS C:\> Get-WindowsCapability -Online | Where-Object -Property Name -Like "OpenSSH*"

Name : OpenSSH.Client~~~~0.0.1.0
State : Installed

Name : OpenSSH.Server~~~~0.0.1.0
State : NotPresent

Cool, so we know OpenSSH is installed, but where? Let’s check out C:\Windows\System32\OpenSSH\

PS C:\> Get-ChildItem C:\Windows\System32\OpenSSH\

Directory: C:\Windows\System32\OpenSSH

Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 3/10/2018 12:20 PM 343552 scp.exe
-a---- 3/10/2018 8:20  PM 355840 sftp-server.exe
-a---- 3/10/2018 12:20 PM 408064 sftp.exe
-a---- 3/10/2018 12:20 PM 531968 ssh-add.exe
-a---- 3/10/2018 12:20 PM 495616 ssh-agent.exe
-a---- 3/10/2018 12:20 PM 657920 ssh-keygen.exe
-a---- 3/10/2018 12:20 PM 594944 ssh-keyscan.exe
-a---- 3/10/2018 8:20  PM 154624 ssh-shellhost.exe
-a---- 3/10/2018 12:20 PM 894464 ssh.exe
-a---- 3/10/2018 8:20  PM 970752 sshd.exe
-a---- 1/30/2018 7:55  PM 2143   sshd_config_default

Let’s look a littler closer at the ssh.exe

PS C:\> C:\windows\system32\OpenSSH\ssh.exe -V OpenSSH_for_Windows_7.6p1, LibreSSL 2.6.4

So this looks like all of the usual suspects in an OpenSSH installation. But it does look like sshd.exe and ssh_config_default came along for the ride during the update even though we didn’t install the OpenSSH.Server Feature!  More on that in my next blog post…

A big shoutout goes out to the PowerShell team for making this happen, check out the project on GitHub. The code is here and the issues and releases are here!

TechMentor Dine Around

Next week I’ll be speaking at TechMentor in Redmond, I’m doing a 1/2 day workshop on Linux OS Fundamentals for the Windows Admin be sure to come see me!

If you’re there on Monday night (August 7th) and let’s get together for dinner! We’ll talk tech and hopefully make a few new friends and networking connections!

Where – We’ll start at the Hyatt Regency Bellevue, light appetizers will be provided. Then we’ll head on over to Lot No. 3 for dinner. I’ll pick up the first round of drinks and the appetizers!

When – Monday 6:30PM at Hyatt. Dinner at 7:30PM at Lot No. 3

What – The purpose of this event is so that conference attendees and speakers and get together and have a lively conversation about whatever they see fit.

Discussion Topics for our group – Microsoft and Linux! Things like PowerShell on Linux, SQL Server on Linux, Windows Services for Linux and more. In addition to me, we’re going to have a special guest join us for dinner, a world renowned SQL Server expert! You’ll have to come to the dinner to find out who.

I’m going to limit our dinner to 8 attendees, please email me at aen@centinosystems.com if you’re interested in attending! There are other events that night so please feel free to come to the hotel and find a group to meet up with.

 

TechMentor

Building Open Source PowerShell

Open Source PowerShell is available on several operating systems, that really what’s special about the whole project! To get PowerShell to function on these various systems we need to build (compile) the software in that environment. This is what will produce the actual executable program that is powershell.

To facilitate the build process the PowerShell team has documented how to do this for the currently available platforms, Linux, MacOS and Windows. In this post I want to talk about why this is important, point you to the resources available online to help you build Open Source PowerShell and tell you my experiences building PowerShell on the Windows, macOS and Linux!

Why would one want to build PowerShell?

Well for me, I’m and internals geek and I want to be able to debug running PowerShell code so I can follow the flow of control during program execution. This will enable me to learn the internals of certain commands. A great way to see what’s happening on the inside.

Another reason is perhaps you want to contribute, you yourself can download the code…make a change and submit it to the PowerShell team for review. Pretty cool stuff at the “New Microsoft”. Following these steps you’ll be able to have a functioning environment to develop in.

Getting Started with building PowerShell

In general building complex software projects is not a trivial task, but the PowerShell team has done an exceptional job making this as easy as possible for everyone. The documented build processes leverage PowerShell scripts for installing the appropriate dependencies on your system and then managing the build process itself. At a high level, it’s really five easy steps. For more details on building for your platform, check out the links at the bottom of this post.

  1. Download the code from GitHub
  2. Install PowerShell
  3. Import the build module – build.psm1
  4. Install the build dependencies (toolchain setup) with Start-PSBootStrap
  5. Build PowerShell with Start-PSBootBuild (once this is finished, you’ll have a powershell executable)

My notes on building PowerShell

  • On the Linux side of things, it was VERY easy. The PowerShell team includes installation of all build dependencies and package installation for things like make and g++ inside Start-PSBootStrap then built powershell with Start-PSBootBuild
     
  • Well Windows was pretty easy too, but I had to install a few things manually. First I installed Visual Studio 2015, added the required C++ components, installed Chocolatey, installed cmake, downloaded the PowerShell source, ran Start-PSBootStrap to get the build dependencies, then built PowerShell with  Start-PSBootBuild
     
  • macOS was a little tougher, updated my installation of XCode, I installed Brew, installed cmake, downloaded the source, ran Start-PSBootStrap to get the build dependencies, then built PowerShell with Start-PSBootBuild. It failed with this error (which has since been corrected)
     
    •       deprecated in macOS 10.12 – syscall(2) is unsupported; please switch to a supported interface. For SYS_kdebug_trace use kdebug_signpost().

            [-Werror,-Wdeprecated-declarations]

          tid = syscall(SYS_thread_selfid);

                ^

      /usr/include/unistd.h:733:6: note: ‘syscall’ has been explicitly marked deprecated here

      int      syscall(int, …);

               ^

    • Basically what’s going on here is there’s a deprecated system call on macOS 10.12 which causes the completion to fail. To get the build to work, I changed the function to just return 0. Doing this will likely break something, so I’m not suggesting you do this. I just did this to get the build to work.  I’ve submitted this issue to the PowerShell team via GitHub here

What’s next?

Well, now that I’m able to get Open Source PowerShell built on three major operating systems I’m going to take some time using debugging techniques on each to see what’s going on under the hood inside of PowerShell when I execute certain commands. And of course, up first…Get-Process ;)

Resources for building Open Source PowerShell 

Here are some resources for you to get started working with the PowerShell Projects.