What BASH and SSH Mean for Windows Systems Administration
-
BASH isn't a good answer because Linux used it. Linux chose it because it was a good answer. Decades of research, testing and use showed the Bourne Shell model to be a very, very good one. It has been honed to an incredible degree. It could be improved, for sure, and that's where ZSH and FISH come in. Still Bourne, but more advanced. Windows could have done that. Instead they decided to go out on a limb and forge their own path unlike what anyone else had seen work in almost five decades of shell design. It was bold, but it proved to not make sense, for the most part. They tried to take people who were GUI only and leap frog the simple, text work of UNIX to go to a powerful, but very difficult and non-intuitive object model and it was way too much for their community. PowerShell requires knowing a lot more up front than BASH. BASH you just work with what's on the screen. PS doesn't let you just pick it up and run.
-
Oh. Well I hope that this doesn't change anything and MS continue to develop and push PowerShell.
-
@Carnival-Boy said:
Oh. Well I hope that this doesn't change anything and MS continue to develop and push PowerShell.
Oh, I have zero doubt that they will for a few reasons...
- They don't want to burn bridges with their best existing admins. The people using PS today are their strongest supports and best selling tool in the field.
- PowerShell is probably the most advanced shell on the market, it is a competitive advantage over UNIX (until someone makes its equivalent available there.)
- They don't want to break existing scripts and tools - which is something MS is very against. MS is all about legacy compatibility so even if they want to leave PS behind, it would go against their culture.
-
It's not that PS is bad, it's that PS isn't the generic command line tool that Windows has needed. BASH, ZSH or FISH would be the tool for that. I think that they are going to BASH for the recognition more than anything. ZSH clearly would make more sense technically.
I'd be surprised if ZSH and FISH weren't on Windows very soon.
-
I'm curious to know how much this increases the attack surface of the Windows platform. I'm in silent celebration at the idea of being able to access my Windows servers remotely via SSH, but I wonder how tight the integration really is with BASH and if that is REALLY a good thing... I mean, how many attack vectors does an already highly targeted closed system need?
-
@RamblingBiped said:
I'm curious to know how much this increases the attack surface of the Windows platform. I'm in silent celebration at the idea of being able to access my Windows servers remotely via SSH, but I wonder how tight the integration really is with BASH and if that is REALLY a good thing... I mean, how many attack vectors does an already highly targeted closed system need?
How does SSH increase the attack surface? It is another protocol, but do you leave your servers open to access from the public internet in the first place?
-
@scottalanmiller said:
BASH isn't a good answer because Linux used it. Linux chose it because it was a good answer. Decades of research, testing and use showed the Bourne Shell model to be a very, very good one. It has been honed to an incredible degree. It could be improved, for sure, and that's where ZSH and FISH come in. Still Bourne, but more advanced. Windows could have done that. Instead they decided to go out on a limb and forge their own path unlike what anyone else had seen work in almost five decades of shell design. It was bold, but it proved to not make sense, for the most part. They tried to take people who were GUI only and leap frog the simple, text work of UNIX to go to a powerful, but very difficult and non-intuitive object model and it was way too much for their community. PowerShell requires knowing a lot more up front than BASH. BASH you just work with what's on the screen. PS doesn't let you just pick it up and run.
I don't follow this - They both require you to learn a set of command, and the options that go with those commands.
Are you saying that the command that exist within BASH would have been enough to manage Windows? Wouldn't there have always been a need to create Windows unique command for say, interacting with the registry?
I'm guessing that by installing mySQL the command line commands are added to the BASH shell (and if not really added, they are in the PATH, so they just execute like any command line command does)? So installing Exchange for example would add the needed CLI commands, and the admins would need to learn them just like they learn mySQL commands.
Or am I completely off base, and there are no extra commands needed to administer mySQL other than what is included in BASH?
-
@JaredBusch said:
@RamblingBiped said:
I'm curious to know how much this increases the attack surface of the Windows platform. I'm in silent celebration at the idea of being able to access my Windows servers remotely via SSH, but I wonder how tight the integration really is with BASH and if that is REALLY a good thing... I mean, how many attack vectors does an already highly targeted closed system need?
How does SSH increase the attack surface? It is another protocol, but do you leave your servers open to access from the public internet in the first place?
It's not the SSH implementation that increases the attack surface, it's their implementation of BASH and specifically how it interfaces with the Windows side of things. I'm fairly ignorant of specifics in regards to how limited everything is in their BASH implementation and how it interfaces with the Windows kernel (standard WIndows API? an additional interface/api built on top?).
-
@Dashrender said:
@scottalanmiller said:
BASH isn't a good answer because Linux used it. Linux chose it because it was a good answer. Decades of research, testing and use showed the Bourne Shell model to be a very, very good one. It has been honed to an incredible degree. It could be improved, for sure, and that's where ZSH and FISH come in. Still Bourne, but more advanced. Windows could have done that. Instead they decided to go out on a limb and forge their own path unlike what anyone else had seen work in almost five decades of shell design. It was bold, but it proved to not make sense, for the most part. They tried to take people who were GUI only and leap frog the simple, text work of UNIX to go to a powerful, but very difficult and non-intuitive object model and it was way too much for their community. PowerShell requires knowing a lot more up front than BASH. BASH you just work with what's on the screen. PS doesn't let you just pick it up and run.
I don't follow this - They both require you to learn a set of command, and the options that go with those commands.
Are you saying that the command that exist within BASH would have been enough to manage Windows? Wouldn't there have always been a need to create Windows unique command for say, interacting with the registry?
I'm guessing that by installing mySQL the command line commands are added to the BASH shell (and if not really added, they are in the PATH, so they just execute like any command line command does)? So installing Exchange for example would add the needed CLI commands, and the admins would need to learn them just like they learn mySQL commands.
Or am I completely off base, and there are no extra commands needed to administer mySQL other than what is included in BASH?
It's like you said though... Commands to administer MySQL are generally just in the Path. So... Windows... Linux... shouldn't matter... mysql -h myserver -u myuser -pwouldn'tyouliketoknow should work the same on Windows as it would in LInux.
-
So other than SSH specifically - does PS not have a remote access port that can be secured and uses encryption? - are admins unhappy because they didn't have ls, grep, etc?
I hear about these shells, but I'm lost on the differences between them other than the built in commands they come with.
-
@JaredBusch said:
@RamblingBiped said:
I'm curious to know how much this increases the attack surface of the Windows platform. I'm in silent celebration at the idea of being able to access my Windows servers remotely via SSH, but I wonder how tight the integration really is with BASH and if that is REALLY a good thing... I mean, how many attack vectors does an already highly targeted closed system need?
How does SSH increase the attack surface? It is another protocol, but do you leave your servers open to access from the public internet in the first place?
And I did some quick googling to try and soften my ignorance and found this:
"Third, note that Bash and Linux tools cannot interact with Windows applications and tools, and vice-versa. So you won’t be able to run Notepad from Bash, or run Ruby in Bash from PowerShell." - https://blogs.windows.com/buildingapps/2016/03/30/run-bash-on-ubuntu-on-windows/
So if I am comprehending what I read properly it looks like this is a native BASH environment that is pretty well locked down and only intended for development. It can access Windows filesystems, but not applications. So currently not intended to be all that useful in regards to systems administration.
-
@RamblingBiped said:
So if I am comprehending what I read properly it looks like this is a native BASH environment that is pretty well locked down and only intended for development. It can access Windows filesystems, but not applications. So currently not intended to be all that useful in regards to systems administration.
It's a near literally as possible to WINE but for Linux apps on Windows.
-
@RamblingBiped said:
So currently not intended to be all that useful in regards to systems administration.
Hmmn, yeah. It doesn't look that useful. It certainly doesn't appear to be as bigger deal as the OP makes out.
-
@Carnival-Boy said:
@RamblingBiped said:
So currently not intended to be all that useful in regards to systems administration.
Hmmn, yeah. It doesn't look that useful. It certainly doesn't appear to be as bigger deal as the OP makes out.
I think he's somewhat pointing that out actually
-
Another discussion on the topic happening on the homelab subreddit:
https://www.reddit.com/r/homelab/comments/4dot5v/bash_on_windows_works_i_can_run_stuff_for_you/
-
Currently no SSH daemon available. So you can SSH from a Windows machine, but not to a Windows machine.
-
Anyone know if this is available on the LTS version?
-
@coliver said:
Anyone know if this is available on the LTS version?
It isn't a version of Ubuntu at all. I'm pretty sure all this is doing is abstracting the Ubuntu Linux user space and translating the system calls to the Linux kernel space to the Windows Kernel space. There is no Linux kernel, just the the Linux binaries that exist in the User space. If that makes sense. It really is like the inverse of WINE on Linux.
And while they say it is self contained and unable to execute Windows binaries, it does seem to have indirect access to the Windows kernel via this interface/api they have created to translate the calls to the Linux kernel. And because all of that is not currently open source, I would kind of think there is some potential for exploitation there.
-
@RamblingBiped said:
@coliver said:
Anyone know if this is available on the LTS version?
It isn't a version of Ubuntu at all. I'm pretty sure all this is doing is abstracting the Ubuntu Linux user space and translating the system calls to the Linux kernel space to the Windows Kernel space. There is no Linux kernel, just the the Linux binaries that exist in the User space. If that makes sense. It really is like the inverse of WINE on Linux.
And while they say it is self contained and unable to execute Windows binaries, it does seem to have indirect access to the Windows kernel via this interface/api they have created to translate the calls to the Linux kernel. And because all of that is not currently open source, I would kind of think there is some potential for exploitation there.
The Windows 10 LTS release.
-
@coliver said:
@RamblingBiped said:
@coliver said:
Anyone know if this is available on the LTS version?
It isn't a version of Ubuntu at all. I'm pretty sure all this is doing is abstracting the Ubuntu Linux user space and translating the system calls to the Linux kernel space to the Windows Kernel space. There is no Linux kernel, just the the Linux binaries that exist in the User space. If that makes sense. It really is like the inverse of WINE on Linux.
And while they say it is self contained and unable to execute Windows binaries, it does seem to have indirect access to the Windows kernel via this interface/api they have created to translate the calls to the Linux kernel. And because all of that is not currently open source, I would kind of think there is some potential for exploitation there.
The Windows 10 LTS release.
Ha! Sorry, misunderstood.