Releases: PowerShell/Win32-OpenSSH
v1.0.0.0-Beta
This is a pre-release (non-production ready)
This release includes changes to further prepare this fork for future integration to upstream repository. Also included are changes incorporating community feedback.
-
Unix styled privilege separation is implemented for Windows
- OpenSSh privilege separation model - http://www.citi.umich.edu/u/provos/ssh/privsep.html
- Posix_spawn is implemented in POSIX adapter as an alternative to fork() that is heavily used in Privilege separation.
- Additional state info is added to sshd to accommodate distinguishing the various modes (privileged monitor, unprivileged child, authenticated child).
- Required service state (like config and host keys) is transmitted over pipes from monitor to child processes.
- For every remote session, you'll now see 2 sshd processes, one running as SYSTEM and one running as the USER (similar to what you would see on Unix)
-
Changes to installation steps to adhere to the new architecture
- SSHD server is installed to run as SYSTEM
- SSHD no longer depends on ssh-agent server
- SSHD resources (sshd_config, hostkeys and authorized_keys) no longer need "READ" access to NT Service\SSHD.
-
Config/State separation
- SSHD resources - sshd_config, hostkeys are moved to a dedicated hidden directory - %ProgramData%\ssh
- SSH global resources - ssh_config and ssh_known_hosts will now work and can be placed in the above directory
- Logs would be written to the above directory too. This is a temporary solution while we evaluate moving logs to ETW sessions.
-
SSHD prerequisites auto setup
- SSHD service prereq resources - sshd_config and hostkeys, if they don't already exist - will now be automatically generated as part of service startup.
- This will reduce instllation steps to all but one step - i.e to run installsshd.ps1. There will be no more configuration steps needed.
-
Other misc issues listed here
Breaking Changes
- You need to be SYSTEM to do SSHD debug mode (sshd -d), typically used in troubleshooting scenarios. Running as an administrator is no longer sufficient. You may use
psexec -s cmdto open up cmd.exe running as SYSTEM. - To use existing customized sshd_config, you need to copy it to %programdata%\ssh\sshd_config (Note that %programdata% is a hidden directory).
- To use existing host keys, you need to copy them from binary location to %programdata%\ssh\
- Prior versions required SSHD resources (sshd_config, host keys and authorized_keys) to have READ access to "NT Service\SSHD". This is no longer a requirement and the corresponding ACL entry should be removed. You may run
Powershell.exe -ExecutionPolicy Bypass -Command '. .\FixHostFilePermissions.ps1 -Confirm:$false'to fix up these permissions. - Make sure binary location has the write permissions to just SYSTEM, Administrator groups. It is recommended to extract binaries to
%ProgramFiles%\OpenSSH
Known Issues:
- You may not be able to connect with sshd logs showing that "unable to get security token for user sshd". Please see #1053
- Match Blocks support has regressed. This will be fixed in the upcoming release.
v0.0.24.0
This is a pre-release (non-production ready)
This release includes the following bug fixes/enhancements:
v0.0.23.0
v0.0.22.0
v0.0.21.0
This is a pre-release (non-production ready)
This release includes the following bug fixes/enhancements:
- Support certificate authentication
- Setup issue on Windows 10 via Azure's Custom Script Extension (#880)
- Fixes on win7 (#873, #874)
- Fixes to various terminal related issues and misc issues listed here
v0.0.20.0
This is a pre-release (non-production ready)
This release includes the following bug fixes/enhancements:
v0.0.19.0
v0.0.18.0
This is a pre-release (non-production ready)
This release includes the following bug fixes/enhancements:
- Security enhancements (#13, #814)
- Various terminal related fixes and enhancements (#252, #799, #802, #805, #806, #807, #813)
- Other misc issues listed here
Known issue:
- sshd service failed to start on 32-bit Windows 7 (#795).
v0.0.17.0
This is a pre-release (non-production ready)
This release includes the following bug fixes/enhancements:
- Security enhancements (#596, #766, #783, #789)
- Improvements to UtilityScripts (#771) to work on localized machine
- Support for windows-style absolute
AuthorizedKeysFilepath (#779) - Other misc issues listed here
Known issue:
- sshd service failed to start after installation on Windows 7 (#770). See issue details for a workaround.
v0.0.16.0
This is a pre-release (non-production ready)
This release includes the following bug fixes/enhancements:
- Crypto transitioned from OpenSSL to LibreSSL
- Improvements to UtilityScripts (#749, #750, #751, #756, #758)
- Support for SFTP only server for Windows (#757)
- Support for Unicode input in interactive sessions (#711)
- UX issues with warning and passphrase promts (#692)
- Other misc issues listed here
Known issue:
- sshd service failed to start after installation on Win7(#770). See issue details for a work around.
- UtilityScripts does not handle Localized User correctly(#771). See Security protection wiki to manually fix the file permissions if you run on non-English build.