Win10 native SSH with BASH for Windows



  • I have this instance of Windows 10 (VM) in which all networking is blocked incoming and outgoing at the Windows firewall level. Especially LAN traffic, and especially SMB/cifs/nfs/etc... on the LAN. (actually I just deleted all firewall rules and block all by default to make it easy) Computer is off domain, and basically completely separate from everything else. Basically just a teamviewer host with access only to a couple specific internal web servers, and some data sync'd (pushed) to it.

    The main point I'm trying to get to is that there's data on other servers, that needs to be synchronized to this Win10 client. So how did I do this to such an isolated client?

    WinSCP scheduled task on the server(s), and Win10 native SSH on the Win10 client (using BASH for windows)!

    The Win10 client has two local users, a local admin account, and a regular non-admin user.

    The caveat, is that the only way I could get it to work is if you have an open running powershell or CMD window open with BASH running in it, and you have restarted ssh manually after running BASH (sudo service ssh --full-restart). After you do that, you can switch user to the regular non-admin user, verify TeamViewer is running, and close the VM.

    Now the servers can sync their appropriate data to the isolated Win10 client via WinSCP (I have incoming port 22 opened up).

    So basically, user TeamViewers in to Win10 client (which is logged on as normal user), has read-only access to some sync'd data, can access a couple internal websites (via port 80 outgoing only), and can't access or do anything else.

    It's cool that I actually found an actual use for BASH on windows... never thought I would.

    I've been trying to find a way to get it to run right without having to do that thing with switching user, even created a startup script to run powershell and run BASH... but after that ssh needs to be restarted or the servers WinSCP can't access it... I'm still trying to figure it out, but at least it's working in the meantime.


  • Service Provider

    @Tim_G said in Win10 native SSH with BASH for Windows:

    WinSCP scheduled task on the server(s), and Win10 native SSH on the Win10 client (using BASH for windows)!

    I've got native SSH on Windows 10, love it, but how did you get BASH on Windows? I know that Cygwin or whatever has it. Which BASH package are you using and how do I get this?



  • You have to enable developer mode first, hit start and type developer and you'll find it.

    Then in add windows features, enable linux subsystem for Windows or whatever they call it.

    Then open a powershell or cmd, type bash and hit enter.

    Do a sudo apt-get update first.


  • Service Provider

    @Tim_G said in Win10 native SSH with BASH for Windows:

    You have to enable developer mode first, hit start and type developer and you'll find it.

    Then in add windows features, enable linux subsystem for Windows or whatever they call it.

    Then open a powershell or cmd, type bash and hit enter.

    Do a sudo apt-get update first.

    Oh, but that isn't BASH on Windows, it's BASH in a container. You can't use it for managing Windows. It's only a command line shell for the "subsystem".



  • @scottalanmiller said in Win10 native SSH with BASH for Windows:

    @Tim_G said in Win10 native SSH with BASH for Windows:

    You have to enable developer mode first, hit start and type developer and you'll find it.

    Then in add windows features, enable linux subsystem for Windows or whatever they call it.

    Then open a powershell or cmd, type bash and hit enter.

    Do a sudo apt-get update first.

    Oh, but that isn't BASH on Windows, it's BASH in a container. You can't use it for managing Windows. It's only a command line shell for the "subsystem".

    Okay. Then BASH "in a container, on Windows"...

    The point is, however, that you can run bash.exe, and in there you can run ssh. Now it comes native to Win10 and I found a real use for it being a non-developer in a production environment. I got it working for my needs and I'm wondering if anyone has a fix for the caveat I ran in to.


  • Service Provider

    @Tim_G said in Win10 native SSH with BASH for Windows:

    @scottalanmiller said in Win10 native SSH with BASH for Windows:

    @Tim_G said in Win10 native SSH with BASH for Windows:

    You have to enable developer mode first, hit start and type developer and you'll find it.

    Then in add windows features, enable linux subsystem for Windows or whatever they call it.

    Then open a powershell or cmd, type bash and hit enter.

    Do a sudo apt-get update first.

    Oh, but that isn't BASH on Windows, it's BASH in a container. You can't use it for managing Windows. It's only a command line shell for the "subsystem".

    Okay. Then BASH "in a container, on Windows"...

    The point is, however, that you can run bash.exe, and in there you can run ssh. Now it comes native to Win10 and I found a real use for it being a non-developer in a production environment. I got it working for my needs and I'm wondering if anyone has a fix for the caveat I ran in to.

    The confusing bit is that SSH is available for Windows. Microsoft has provided it for a while now. It's real SSH for Windows. If you just want SSH to a container you have had that for decades with virtual machines with Linux on top of Windows. But there is no good BASH on windows option yet. What MS provides can't interact with the Windows machine.



  • @scottalanmiller said in Win10 native SSH with BASH for Windows:

    The confusing bit is that SSH is available for Windows. Microsoft has provided it for a while now. It's real SSH for Windows. If you just want SSH to a container you have had that for decades with virtual machines with Linux on top of Windows.

    I had one simple goal. It was to securely transfer files from WinServer1 to Win10Client1 via SSH.

    I figured out a rather simple way to do just that by doing nothing more than enabling developer mode in Win10, and enabling Windows Subsystem for Linux.

    If Microsoft has their own native Windows client SSH server (as you suggested), then I was not aware of it. That would be much better than how I am doing it now, as long as it's just as secure as open-ssh and supports RSA Authentication. I would prefer to have developer mode off, and I would also prefer to not have to do it through a Linux container on the Win10 client. Additionally, I would also prefer to not have to use WinSCP on WinServer1.

    Could you provide me with a link to Microsoft's SSH Server? I did a quick search and found things like this:

    Going off of that stuff, it looks like a witch hunt and a real pain to get set up, unless I am misinterpreting it. I unfortunately don't know what to do to get it installed and set up just from looking at it quick in the above links. The way you worded it, seemed like a quick double-click .exe to install, configure, done. That doesn't seem to be the case.

    So I think I'll keep what I have, as it's just so simple to do and doesn't require any more time.

    Did you have a better direction to point me to?


  • Service Provider

    @Tim_G the Microsoft "official" server is an MS port of OpenSSH. So you get the full OpenSSH stack. I use Chocolatey to deploy it. MS provides it via NuGet and Chocolatey picks it up directly.


  • Service Provider

    Chocolatey and NuGet make it easier than even dealing with exe installers as you don't even need to know a site to go to or anything. It's one of the first MS packages that they are handling via repos like most Linux distros do.



  • @scottalanmiller said in Win10 native SSH with BASH for Windows:

    @Tim_G the Microsoft "official" server is an MS port of OpenSSH. So you get the full OpenSSH stack. I use Chocolatey to deploy it. MS provides it via NuGet and Chocolatey picks it up directly.

    Oh perfect!

    I seen Chocolatey and Win32 OpenSSH references in Google/Bing searches, but kept seeing the word "[DEPRECATED]" next to it, so I kept ignoring Chocolatey and links to it. They should really remove that from search results. I would have found the current version if had they done so:

    https://chocolatey.org/packages/openssh

    Thanks for clarifying the reference. This looks a lot more like a real solution to my original "simple goal" than my "BASH in a Win10 container for Windows" solution.

    I will give this a go on Monday.

    I'll provide feedback of the results and steps to help others who are potentially in the same situation.



  • That worked, here's what I did: (it's rather stupid simple... but now I know)

    1. Install chocolatey (powershell)
      iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
    2. Install openssh
      choco install openssh

  • Service Provider

    They need to get Chocolatey built in, that's the big gap that's missing. Most Linux distros have that, making installations so much simpler.


  • Service Provider

    @Tim_G said in Win10 native SSH with BASH for Windows:

    That worked, here's what I did: (it's rather stupid simple... but now I know)

    1. Install chocolatey (powershell)
      iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
    2. Install openssh
      choco install openssh

    You generally need to Set-ExecutionPolicy RemoteSigned first to make sure you have no issues with the powershell command to install chocolatey.

    Also, you only need to use a single backtick for inline code. If you want it in the full code block, the triple backtick needs to be on it's own line.



  • @JaredBusch said in Win10 native SSH with BASH for Windows:

    Also, you only need to use a single backtick for inline code. If you want it in the full code block, the triple backtick needs to be on it's own line.

    Good to know, thanks!

    Finding a table with all of this stuff is not convenient. There something I can bookmark? Could most of this be added as a button to the editor? This is the main reason I went away from "mediaWiki" for some things. Just got tired of all the manual formatting.


  • Service Provider




Log in to reply
 

Looks like your connection to MangoLassi was lost, please wait while we try to reconnect.