Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide guidance public guidance on "SSH Server Broker" and "SSH Server Proxy" in Win10 #318

Closed
DarwinJS opened this issue Sep 18, 2016 · 22 comments
Closed

Provide guidance public guidance on "SSH Server Broker" and "SSH Server Proxy" in Win10 #318

DarwinJS opened this issue Sep 18, 2016 · 22 comments
Labels
Resolution - Answered

Comments

@DarwinJS
Copy link

I discovered this while packaging 0.0.0.9 on Windows 10 Anniversary Update.

Is there anything that a Win32-OpenSSH install should do to account for this?

Should it:

  1. Just ignore this and install anyway?
  2. Do something to integrate with built-in SSH services?
  3. Refuse to install, but have an override switch to disable built-in SSH so that those doing the install can decide which way they want it. I am especially interested in the release cycles of both initiatives - if Win32-OpenSSH will be released more frequently than the built-it, I would think many people would want to use it instead - even if these code bases are on a "to be merged" course.
@jdunn0
Copy link

jdunn0 commented Sep 19, 2016
edited
Loading

I noticed those services too but it wasn't right after the Anniversary Update.
It was after I enabled "Developer Mode" in the Settings App to let me install the Bash on Windows feature that the SSH Server was installed.
I googled it and found the page at https://noise.paulos.cz/post/windows10-14352-ssh-server/ which seems to indicate that the builtin SSH Server is something used for development tools somehow and is not designed or intended for use by normal users.

@DarwinJS
Copy link
Author

@jdunn0 - you have a better root cause than I - the entire reason I grabbed the Anniversary update was to enable bash - so I guess this is part of the "Windows Subsystem for Linux" for feature then?

@jdunn0
Copy link

jdunn0 commented Sep 19, 2016
edited
Loading

From what I can tell, the "Microsoft SSH Server" is just something installed when developer mode is turned and is not related to the "Windows Subsystem for Linux" feature but I don't know for sure.
I would need to do some testing to see when the service appears and such.
Besides the pages I linked above, I couldn't find much on what this "Microsoft SSH Server" is.
There are however, many pages talking about the "Windows Subsystem for Linux" so I would imagine that if they were related, it would be more well known.

@joeyaiello
Copy link

joeyaiello commented Sep 19, 2016
edited
Loading

Sorry for the confusion, everyone. The "Microsoft SSH Server" is installed when you enable developer mode but is unrelated to the Windows Subsystem for Linux. As @jdunn0 said, it's used for the very specific scenario of deploying and testing UWP apps. You can read more about the server and scenario here: https://msdn.microsoft.com/en-us/windows/uwp/get-started/enable-your-device-for-development#ssh

@DarwinJS: the OpenSSH releases from this repo install fine side-by-side with the "Microsoft SSH Server". If you want to run both of them at the same time, you do have to run the OpenSSH sshd on a port other than 22. You can do this by changing the Port 22' line in yoursshd_config`. Quoting from the official OpenSSH docs:

Port: Specifies the port number that sshd(8) listens on. The default is 22. Multiple options of this type are permitted. See also ListenAddress.

Personally, I just disable both the "SSH Server Broker" and "SSH Server Proxy" services as soon as I enable developer mode, and everything OpenSSH runs perfectly fine.

I do want to be very clear: for what you'd consider "traditional" SSH scenarios (basically everything except UWP scenarios), we are going with OpenSSH. Right now, the "Microsoft SSH Server" doesn't support interactive scenarios, tunneling, SFTP/SCP, etc., and there are currently no plans to extend the "Microsoft SSH Server" to support anything except UWP deployment. We're also working with the team that owns the "Microsoft SSH Server" to understand how we can avoid forcing everyone with developer mode enabled to use a non-standard SSH port. As soon as we have something to share there, we'll let you guys know.

@DarwinJS
Copy link
Author

I can then also detect developer mode SSH and error out and telling the user that they need to either [a] specify the switch for an alternate SSH port or [b] specify the switch to disable developer mode SSH.

FYI - in the chocolatey package I can provide a switch to [a] provide an alternate port, [b] disable developer mode SSH if it exists.

Unfortunately it seems like this could be a relatively common conflict since those interested in SSH are probably also interested in bash.

@joeyaiello
Copy link

Yeah, I think we'd probably prefer for that functionality not to exist in OpenSSH itself, so a runtime switch on the Chocolatey install sounds like a totally reasonable approach to me.

Unfortunately it seems like this could be a relatively common conflict since those interested in SSH are probably also interested in bash.

Yeah, you're absolutely right. That's why we really are looking to solve this in a way that doesn't restrict OpenSSH or force users to look around for a solution (like you had to).

@DarwinJS
Copy link
Author

@joeyaiello - can you tell me the best way to disable the feature. My first thought is to be the least destructive possible - just shutdown the two services and mark them disabled. Then if the individual discovers they actually need it more than Win32 OpenSSH, they have a relatively easy path to reenable.

What I don't have a feel for is whether simply disabling the services will be sufficient disablement to prevent conflicts with Win32 OpenSSH.

Are you able to ask the authors of the Developer Mode SSH?

@manojampalam
Copy link
Contributor

@DarwinJS AFAIK, stopping the services and setting them to manual mode should be sufficient. Port should be the only conflict between the two. They can work independently if they run on different ports. (they dont share binaries and configuration)

@DarwinJS
Copy link
Author

DarwinJS commented Sep 20, 2016
edited
Loading

Cool - I proceed with that assumption. If the Developer Mode SSH is found AND IF the package has not been asked to another port for SSH - it will error out. It will also note that they have the Developer Mode SSH and they can either disable the two services and try again or use the new /SSHServerPort parameter to specify that Win32-OpenSSH Server run on another port.

I also dramatically improved conflict checking for whatever port is used for /SSHServerPort (and the default is 22 if not specified).

@DarwinJS DarwinJS mentioned this issue Oct 16, 2016
Closed
@clarity99
Copy link

manual mode is not enough, on my machine the service get somehow started even when set to manual

@DarwinJS
Copy link
Author

@clarity99 - if you use the chocolatey package you can change the port that OpenSSH uses.

@clarity99
Copy link

@DarwinJS I know of this, but it's not a good solution, as then I have to specify a different port for each command, unnecessary and annoying. In any case, just wanted to point out that one needs to actually disable the services, not just set them to manual, as they will be started in that case.

@manojampalam manojampalam mentioned this issue Mar 7, 2017
Closed
@FKasa
Copy link

FKasa commented Mar 26, 2017

"Microsoft SSH Server" doesn't support interactive scenarios, tunneling, SFTP/SCP, etc., and there are currently no plans to extend the "Microsoft SSH Server" to support anything except UWP deployment.

It would had been very helpful if I had read that instead of:

Part of Microsoft SSH Server for Windows

on the service description. I was troubleshooting tunneling from both WSL and Git Bash for a few hours.
I could get an interactive shell and successfully created some text files remotely so I just thought maybe I had the tunneling commands wrong.

@WojtekKozaczynski WojtekKozaczynski mentioned this issue Mar 30, 2017
Closed
@manojampalam manojampalam mentioned this issue May 30, 2017
Closed
@ylluminate ylluminate mentioned this issue May 31, 2017
Closed
@ylluminate
Copy link

ylluminate commented May 31, 2017
edited
Loading

The Microsoft SSH Server definitely needs to be running on another port instead of default 22 at first. That's pretty insane to be frank as it gives entirely wrong impressions. It may also want to be renamed Microsoft UWP Conduit Server Broker and Microsoft UWP Conduit Server Proxy. ESPECIALLY since these are just entirely irrelevant for anyone actually interested in SSH. Big mistake on Microsoft's part in keeping SSH in the name.

@ylluminate
Copy link

So for those of us who are refugees of this misnomer battle field, can you please instruct us as to the "proper" way to install OpenSSH SSHD on Windows 10 that will be preserved going forward with the upcoming integration?

Would very much like to use OpenSSH properly now and to avoid issues coming up soon.

@joeyaiello
Copy link

@ylluminate preaching to the choir, my friend. 😄

Expect a blog in the next week or two as our bits here make their way into Windows Insiders builds as an optional Feature on Demand. I'll be detailing exactly what you should do to avoid running into issues with the "Microsoft SSH Server".

@DarwinJS
Copy link
Author

DarwinJS commented Jun 1, 2017
edited
Loading

@joeyaiello - I am hoping the article cover how to disable or reconfigure the port of the Microsoft SSH Server? (Versus putting OpenSSH on a different port?)

Also - will it give code rather than GUI walkthroughs for making the changes?

Thanks.

@joeyaiello
Copy link

@DarwinJS I should caveat I've written nothing yet. I'm just holding off until the aforementioned FOD is in a stable state. But I'll try to have some helper scripts within the post.

The solution will likely be to disable that server altogether with the warning that it will break UWP app deploy/debug scenarios. Unfortunately, that server cannot be reconfigured to use another port (but I'd rather that our OpenSSH users stay with port 22).

@ylluminate
Copy link

@DarwinJS disabling it is just a matter of going into services.msc and disabling two aforementioned services... I do wish there was a way to change the port, but it seems that MS has baked this punk in as far as testing requirements and I've not yet found a config file for this.

@joeyaiello
Copy link

I will say that even if you could change the port, the scenario that it supports would not be able to consume the new port...

@sunilmut sunilmut mentioned this issue Jun 6, 2017
Closed
@joeyaiello joeyaiello changed the title Windows 10 Anniversary Update Has "SSH Server Broker" and "SSH Server Proxy" Microsoft Services Running Provide guidance public guidance on "SSH Server Broker" and "SSH Server Proxy" in Win10 Jun 7, 2017
@joeyaiello joeyaiello added the Issue-Enhancement Feature request label Jun 7, 2017
@joeyaiello joeyaiello self-assigned this Jun 7, 2017
@joeyaiello
Copy link

Renaming the issue to make sure I eventually address this. 😄

@maertendMSFT
Copy link
Collaborator

This is no longer applicable

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Resolution - Answered
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@clarity99 @ylluminate @joeyaiello @FKasa @jdunn0 @DarwinJS @manojampalam @maertendMSFT