Updating OpenSSH client and server on Windows
Daniel Nashed – 20 November 2021 10:00:20
I ran into this when working on a project integrating Domino and Veeam.
The restore operation needs to issue a mount command from the Domino server OS to the Veeam server invoking a PowerShell script.
In error situations the PowerShell commands could not write their error messages to STDERR — no matter how much I tried to redirect the output via 2>&1 or similar methods.
STDERR output worked well on my Win2022 machine, but failed on Win2019.
The limitation is fixed in newer OpenSSH versions.
It turned out that Microsoft is not updating the OpenSSH server installed with Windows to later versions automatically.
You have to download and install/update it manually to get a current version of SSH and the OpenSSH server.
By the way, a never version will also allow to use more modern key types like ED25519.
And it is really advisable to use current OpenSSH and OpenSSL versions in general — also for other security fixes and new features improving your security.
Here are the versions installed by default in Windows (with a current patch level).
And I have a link for your, to update those versions with a PowerShell based installer shipped with it.
The installer would also install the OpenSSH Service automatically if not yet installed.
Both the SSH client and server are included in one package — in contrast Windows splits it in client and server — the SSH client is installed by default.
Windows 2019
OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5 (05.04.2018)
Windows 10 / Windows11 / Windows 2022
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2 (18.12.2019)
Current Version
OpenSSH_for_Windows_8.6p1, LibreSSL 3.3.3 (26.05.2021)
You can see that beside Windows 2019 all other Windows versions have a never OpenSSH and SSL version.
And there is a more up to date version provided by Microsoft in their PowerShell/Win32-OpenSSH project.
The download page has all the information and details:
https://github.com/PowerShell/Win32-OpenSSH/releases
LibSSL
By the way Microsoft’s OpenSSH implementation is not based on OpenSSL.
They are using a project, which has been forked a while ago —> https://www.libressl.org/.
Donwload of a more current version
The download comes with an install Powershell script creates which can create the OpenSSH server service.
But it only works if no OpenSSH is installed.
The version shipping with more current Windows version is perfectly OK to use and on a level most other Linux distributions are using.
You can see below that CentOS 7 ships even an older version than Windows 2019 with a quite old OpenSSL version.
On Linux switching to a later OpenSSL version isn’t that simple. The distributions update their OpenSSL major releases only with major releases of their OS.
So CentOS Stream 9 and RHEL 9 are the first Linux distributions I have made the switch to OpenSSL 3.0.
And even Linux versions like CentOS 7 are still supported and maintained, you cannot expect the latest packages for important security packages like OpenSSL and OpenSSH.
Those older versions are still security patched, but they don’t provide all features you might want like using more modern key types etc.
— Daniel
Linux version list OpenSSH
CentOS 7
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
CentOS Stream 8
OpenSSH_8.0p1, OpenSSL 1.1.1k FIPS 25 Mar 2021
SUSE Leap 15.2
OpenSSH_8.1p1, OpenSSL 1.1.1d 10 Sep 2019
SUSE Leap 15.3
OpenSSH_8.4p1, OpenSSL 1.1.1d 10 Sep 2019
CentOS Stream 9
OpenSSH_8.7p1, OpenSSL 3.0.0 7 sep 2021
References:
Official Micosoft documentation
https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_overview
Official Microsoft project
https://github.com/PowerShell/openssh-portable
Project documentation
https://github.com/PowerShell/Win32-OpenSSH
- Comments [0]
update-openssh-windows
Few command lines to get OpenSSH updated manually.
Download binary files from latest release
Get the latest release from this repo https://github.com/PowerShell/Win32-OpenSSH/releases
Unzip it on a folder. Execute the following commands with elevated privileges in powershell.
$oldAcl = Get-Acl -Path C:\Windows\System32\OpenSSH\
$uname = $env:username
takeown.exe /a /r /f C:\Windows\System32\OpenSSH\
$openSshBins = (Get-ChildItem 'C:\WINDOWS\System32\OpenSSH\').Name
$perm = $uname + ":F"
$openSshBins | %{ icacls "C:\Windows\System32\OpenSSH\$_" /grant $perm /T }
Path on this command takes binary downloaded files
$openSshBins | %{ Copy-Item -Path .\openssh\$_ -Destination C:\Windows\System32\OpenSSH\ }
$perm = $uname
$openSshBins | %{ icacls "C:\Windows\System32\OpenSSH\$_" /remove $perm /T }
Set-Acl -Path C:\Windows\System32\OpenSSH\ -AclObject $oldAcl
Check OpenSSH version
ssh -V
Example output
PS C:\ > ssh -V
OpenSSH_for_Windows_8.1p1, LibreSSL 2.6.5
- How do I update SSH client?
- How do I update OpenSSH to latest version?
- What is the latest SSH version?
- How do I check my ssh client version?
- How do I enable SSH in PowerShell?
- How do I enable SSH on Windows?
- How check if SSH is open windows?
- How do I find OpenSSH version in Linux?
- How do I update OpenSSH on Mac?
- What is SSH written in?
- What is the difference between SSL and SSH?
- What is SSH command?
How do I update SSH client?
To install it, head to Settings > Apps and click “Manage optional features” under Apps & features. Click “Add a feature” at the top of the list of installed features. If you already have the SSH client installed, it will appear in the list here.
How do I update OpenSSH to latest version?
Install / upgrade OpenSSH 7.2 on a OpenBSD unix system
- Download OpenSSH 7.2. Type the following command: …
- Extract tar ball. Use the tar command as follows to extract files: …
- Compile and install. Type the following commands: …
- Install new config files. …
- Restart sshd. …
- Verify it.
What is the latest SSH version?
SSH Secure Shell for Workstations Windows client uses SSH protocol version 2 (SSH2), but supports also connections to SSH version 1 (SSH1) servers. Note, however, that SSH version 2 (SSH2) is a more advanced protocol than the legacy version SSH1.
How do I check my ssh client version?
Use ssh –V to identify the version number.
How do I enable SSH in PowerShell?
Step by step set up SSH remoting on Windows
- Step 1: First, you will need to install PowerShell 7 on Windows. …
- Step 2: Install OpenSSH Client and Open SSH Server. …
- Step 3: Configure and edit the sshd_config file located at $env:ProgramData\ssh on the target machine.
- Step 4: Restart the sshd service.
How do I enable SSH on Windows?
Install OpenSSH using Windows Settings
- Open Settings, select Apps > Apps & Features, then select Optional Features.
- Scan the list to see if the OpenSSH is already installed. If not, at the top of the page, select Add a feature, then: On Windows 10, find OpenSSH Client, then click Install.
How check if SSH is open windows?
You can verify that your Windows 10 version has it enabled by opening Windows Settings and navigating to Apps > Optional features and verifying that Open SSH Client is shown. If it is not installed, you may be able to do so by clicking Add a feature.
How do I find OpenSSH version in Linux?
On Linux, we can use ssh -v localhost or ssh -V to check the OpenSSH version currently installed.
How do I update OpenSSH on Mac?
Manually upgrade OpenSSH on OS 10.9. x
- Install Brew: Install Homebrew prereqs: xcode-select —install. …
- Upgrade OpenSSL which is required for OpenSSH. brew install openssl.
- Upgrade OpenSSH. …
- Change default ssh-agent used by system. …
- Replace the ssh system binary with a symlink to the new Brew’ed ssh binary. …
- Remove homebrew dupes.
What is SSH written in?
OpenSSH
| «Keeping your communiqués secret» | |
|---|---|
| Developer(s) | The OpenBSD Project |
| Written in | C, Assembly |
| Operating system | Cross-platform |
| Standard(s) | RFC 4250, RFC 4251, RFC 4252, RFC 4253, RFC 4254, RFC 4255, RFC 4256, RFC 4335, RFC 4344, RFC 4345, RFC 4419, RFC 4462, RFC 5656, RFC 6594, RFC 6668, RFC 7479 |
What is the difference between SSL and SSH?
The key difference between SSH vs SSL is that SSH is used for creating a secure tunnel to another computer from which you can issue commands, transfer data, etc. On the other end, SSL is used for securely transferring data between two parties – it does not let you issue commands as you can with SSH.
What is SSH command?
The ssh command provides a secure encrypted connection between two hosts over an insecure network. This connection can also be used for terminal access, file transfers, and for tunneling other applications. Graphical X11 applications can also be run securely over SSH from a remote location.
Windows 10: How to update to OpenSSH 8.5?
Discus and support How to update to OpenSSH 8.5? in Windows 10 Software and Apps to solve the problem; I need to update openSSH to version 8.5 for the company’s security requirements.Can someone assist?…
Discussion in ‘Windows 10 Software and Apps’ started by Nevash Gobin, Feb 7, 2023.
-
How to update to OpenSSH 8.5?
I need to update openSSH to version 8.5 for the company’s security requirements.Can someone assist?
-
how to use openssh
how to use openssh step by step process
-
OpenSSH server configuration on Windows10
O.K.,
It seems I got it working:
- Do the following as administrator:
cd to C:\Windows\System32\OpenSSH and execute ssh-keygen -A
Install-Module -Name OpenSSHUtils -RequiredVersion 0.0.2.0 in a windows-powershell
Download and unzip OpenSSH-Win64.zip from Release v0.0.15.0 . PowerShell/Win32-OpenSSH . GitHub
Copy FixHostFilePermissions.ps1 to C:\Windows\System32\OpenSSH
In a windows-powershell cd to C:\Windows\System32\OpenSSH and execute .\FixHostFilePermissions
Now the sshd service can be started and -guess what- you can finally ssh to your windows10 computer
Ain’t this genuine pure crap ???
- Do the following as administrator:
-
How to update to OpenSSH 8.5?
OpenSSH server configuration on Windows10 Wel done
Now I’m in the pub for some decent sat Night Drinks.
Cheers
jimbo
How to update to OpenSSH 8.5?
-
How to update to OpenSSH 8.5? — Similar Threads — update OpenSSH
-
issues with openssh service after win10 update
in Windows 10 Installation and Upgrade
issues with openssh service after win10 update: Hello.I’ve been using OpenSSH server on Win10 for a long time.But recently I’ve noticed that after update which was installed circa 10 of october 2024 OpenSSH service stopped working. Service is stopped and I can’t start it.Does anyone know what could be the cause of the… -
issues with openssh service after win10 update
in Windows 10 Gaming
issues with openssh service after win10 update: Hello.I’ve been using OpenSSH server on Win10 for a long time.But recently I’ve noticed that after update which was installed circa 10 of october 2024 OpenSSH service stopped working. Service is stopped and I can’t start it.Does anyone know what could be the cause of the… -
issues with openssh service after win10 update
in Windows 10 Software and Apps
issues with openssh service after win10 update: Hello.I’ve been using OpenSSH server on Win10 for a long time.But recently I’ve noticed that after update which was installed circa 10 of october 2024 OpenSSH service stopped working. Service is stopped and I can’t start it.Does anyone know what could be the cause of the… -
Update schedule for Windows’ OpenSSH
in Windows 10 Gaming
Update schedule for Windows’ OpenSSH: Hello everyone!I was looking at Windows OpenSSH that can be installed in Settings under System -> Optional Features -> OpenSSH.The version of SSH that is installed by Windows this way is 8.6p1 which was released just under 3 years ago. The latest OpenSSH for Windows available… -
Update schedule for Windows’ OpenSSH
in Windows 10 Software and Apps
Update schedule for Windows’ OpenSSH: Hello everyone!I was looking at Windows OpenSSH that can be installed in Settings under System -> Optional Features -> OpenSSH.The version of SSH that is installed by Windows this way is 8.6p1 which was released just under 3 years ago. The latest OpenSSH for Windows available… -
How to update to OpenSSH 8.5?
in Windows 10 Gaming
How to update to OpenSSH 8.5?: I need to update openSSH to version 8.5 for the company’s security requirements.Can someone assist?https://answers.microsoft.com/en-us/windows/forum/all/how-to-update-to-openssh-85/a570aca3-4d07-46c9-acfe-e0ae3ab912ae
-
How to update to OpenSSH 8.5?
in AntiVirus, Firewalls and System Security
How to update to OpenSSH 8.5?: I need to update openSSH to version 8.5 for the company’s security requirements.Can someone assist?https://answers.microsoft.com/en-us/windows/forum/all/how-to-update-to-openssh-85/a570aca3-4d07-46c9-acfe-e0ae3ab912ae
-
OpenSSH server does not remember its startup settings in Services after a Windows update
in Windows 10 Gaming
OpenSSH server does not remember its startup settings in Services after a Windows update: I have filed 5 bug complaints about this, but have received no fixes or feedback.In Windows 11 Developers build, I have set OpenSSH Server to start automatically. I use this to connect from my Mac. It is MUCH faster than smb.But after every Windows update, OpenSSH is set to… -
OpenSSH server does not remember its startup settings in Services after a Windows update
in Windows 10 Software and Apps
OpenSSH server does not remember its startup settings in Services after a Windows update: I have filed 5 bug complaints about this, but have received no fixes or feedback.In Windows 11 Developers build, I have set OpenSSH Server to start automatically. I use this to connect from my Mac. It is MUCH faster than smb.But after every Windows update, OpenSSH is set to…
This is all done with Chocolatey Package Manager for Windows. The following commands are important to know:
1. Information about the package:
choco info OpenSSH
2. Upgrade installed package:
choco upgrade OpenSSH
3. Remove installed package:
choco uninstall OpenSSH
4. Seach for a package:
choco search OpenSSH
Now, this is very important to know as these packages gets update without any notice and avoiding upgrades could impact the system.
As of the writing of this post, the latest version of Win32 OpenSSH is v0.0.24.0.
[sourcecode language=”powershell”]
## – Chocolatey package information command:
choco info OpenSSH
[/sourcecode]
Keep in mind, all these steps need to be executed with administrator privileges.
Upgrading Win32 OpenSSH
The upgrade process should be enough to get the package to the latest build. Now, I notice my latest upgrade step, I found files that shouldn’t be in the folder.
[sourcecode language=”powershell”]
## – Chocolatey upgrade package command:
choco upgrade OpenSSH
[/sourcecode]
So, take the time to verify and confirm everything is installed as expected. Don’t forget to document and/or save any file, such as: sshd_config.
Uninstalling/Installing Win32 OpenSSH
In the other hand, it doesn’t hurt to uninstall everything, check there are no files left in the folder, and that event the folder was removed. In other words, a clean installation will be perfect.
Before uninstalling, I would recommend a few extra steps, such as:
1. Stop SSH services: sshd and ssh-agent
[sourcecode language=”powershell”]
## – Stopping SSH Services:
Stop-Service sshd
Stop-Service ssh-agent
[/sourcecode]
2. Proceed to uninstall SSH services and change directory:
[sourcecode language=”powershell”]
## – Execute uninstall ssh services script from the OpenSSH folder:
.\uninstall-sshd.ps1
cd c:\
[/sourcecode]
3. Before, doing the uninstall step, make sure there are no process using OpenSSH that may have open file(s).
[sourcecode language=”powershell”]
## – Execute uninstall command:
choco uninstall OpenSSH
[/sourcecode]
Sample of the uninstall error due to an open file:
In this case, just rerun the uninstall step. The goal is to have everything removed including folders.
Now, you’re ready to do a clean installation of Win32 OpenSSH.
Please refer to the following blog post which I have recently added few thing I missed last time: http://www.maxtblog.com/2017/12/powershell-core-updated-setup-openssh-in-windows-and-linux/
For information about Chocolatey The package manager for Windows:
https://chocolatey.org/
Be Bold!! Learn PowerShell Core!!