Windows 10 Insider: integrated SSH server

As far as I can remember, Microsoft Windows only had a Telnet server integrated, if we don’t count recent PowerShell Remoting (using Windows Remote Management, or WinRM). Still, it wasn’t SSH. Since 14352, people were finding traces, of what proved to be an integrated Microsoft SSH Server for Windows. Because Microsoft is also contributing to OpenSSH for Windows project, and that it’s getting to a fairly usable stage, I found the inclusion of the service quite interesting.

SSH server on Windows? Are you insane?


First, I’ve been using SSH server on my Windows machines for quite some time now. It has always been a Cygwin-based solution, though. This SSH and SFTP server allowed me to access my files remotely and do some basic work with them, as well as launch some command-line apps. (I wasn’t fan of launching Windows apps through CLI, but it did prove useful at times.

Last year, a bomb was dropped by a PowerShell team in Microsoft, where they announced that they are going to adopt OpenSSH and modify it so that it can run on Windows and use Windows crypto. And, of course, they wanted to push the changes back upstream. This was a major announcement because, up to that point, Microsoft management always refused to allow SSH work, for one reason or another.

As the year went, PowerShell team posted another update with a nice large slice of completed work and first public release. Since then, there have been more releases and precompiled binaries for all releases are available at their Github releases page. Both key-based and password-based (interactive) auth is supported and the terminal works somehow. SFTP also works.

Twist: Microsoft’s own SSH server

But, a Microsoft’s own SSH server has made a quiet appearance in 14352, where two new services popped up in services.msc:

SSH Server Broker (SshBroker) and SSH Server Proxy (SshProxy)

Surprise? Depends on who you ask. It was a surprise for me, for reasons that I’ve outlined above, but splipstream/RoL on Twitter actually pointed out that SSH/SFTP server is present in both Windows 10 Mobile (in developer mode) and Windows 10 IoT Core for quite some time now.

What’s more: There’s a Microsoft guide for using SSH in Windows IoT and unofficial guide for accessing SFTP on Windows 10 Mobile on XDA, because the SSH server was apparently used to activate Android subsystem on Windows, among other things.

But the SSH server in full Windows 10 is a bit different. Mainly because you can play with the settings.

What can it do?

It can provide you with a cmd.exe. But that’s not all, folks!

First: why two services?

Second: how do I log in?

You can actually take a look for yourself: the registry key is HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Ssh. When you then use Process Monitor from Sysinternals, you can exactly see which keys the services access.

Third: how do I transfer files?

Microsoft SFTP server

Is it better than the OpenSSH for Windows?

I think not:

  1. it has obviously a very special purpose and it’s clearly not intended for an ordinary user
  2. the configuration options are very limited and most of them is inaccessible (you need to modify ownership and permissions on the registry keys). Obviously, you can have a list of possible login options, so you don’t have to allow password login.

On the other hand,

  1. the cmd.exe kinda doesn’t work correctly in the OpenSSH server (you’ll terribly miss arrows and Tab, for instance)
  2. one interesting thing, and I should maybe add -

!! A word of caution !!

OpenSSH for Windows will not respect the UAC! When you log in under an administrator account, you can even delete system files and the apps will run with the maximum rights that your user theoretically has!

Using OpenSSH for Windows, you can run non-interactive command-line apps and get output from them, and you can also try to run apps with UI. These will run, but without any window or anything shown on the screen! I found it interesting that even my account did not have access to the processes running under my account! And yet, these apps running under sshd had all the privileges any hacker could wish for. Let’s show a couple of shots:

First, procexp without any special rights

Then, procexp run under administrator

Inspecting a regular process under my account (with UAC)

Inspecting a process running under sshd, with a looooot of rights

But, also, because this is OpenSSH, you have a lot more options to protect your account, for example with a keyfile, and disable password logon as an example. (So many articles have been written about the correct settings, but I’m not posting it since I haven’t tried it yet.) So, be careful, but definitely experiment, you’ll never know where it leads you!

Can I run Bash on OpenSSH for Win?

Definitely not under admin :)

But… I have been able to run Bash under the DevToolsUser!

I can run more tests if there’s a demand, just write below!