Skip to content

@manojampalam manojampalam released this Jan 20, 2018 · 24 commits to L1-Prod since this release

This is a pre-release (non-production ready)

This release includes changes to further prepare this fork for future integration to upstream repository. Also included are changes incorporating community feedback.

  • Unix styled privilege separation is implemented for Windows

    • OpenSSh privilege separation model - http://www.citi.umich.edu/u/provos/ssh/privsep.html
    • Posix_spawn is implemented in POSIX adapter as an alternative to fork() that is heavily used in Privilege separation.
    • Additional state info is added to sshd to accommodate distinguishing the various modes (privileged monitor, unprivileged child, authenticated child).
    • Required service state (like config and host keys) is transmitted over pipes from monitor to child processes.
    • For every remote session, you'll now see 2 sshd processes, one running as SYSTEM and one running as the USER (similar to what you would see on Unix)
  • Changes to installation steps to adhere to the new architecture

    • SSHD server is installed to run as SYSTEM
    • SSHD no longer depends on ssh-agent server
    • SSHD resources (sshd_config, hostkeys and authorized_keys) no longer need "READ" access to NT Service\SSHD.
  • Config/State separation

    • SSHD resources - sshd_config, hostkeys are moved to a dedicated hidden directory - %ProgramData%\ssh
    • SSH global resources - ssh_config and ssh_known_hosts will now work and can be placed in the above directory
    • Logs would be written to the above directory too. This is a temporary solution while we evaluate moving logs to ETW sessions.
  • SSHD prerequisites auto setup

    • SSHD service prereq resources - sshd_config and hostkeys, if they don't already exist - will now be automatically generated as part of service startup.
    • This will reduce instllation steps to all but one step - i.e to run installsshd.ps1. There will be no more configuration steps needed.
  • Other misc issues listed here

Breaking Changes

  • You need to be SYSTEM to do SSHD debug mode (sshd -d), typically used in troubleshooting scenarios. Running as an administrator is no longer sufficient. You may use psexec -s cmd to open up cmd.exe running as SYSTEM.
  • To use existing customized sshd_config, you need to copy it to %programdata%\ssh\sshd_config (Note that %programdata% is a hidden directory).
  • To use existing host keys, you need to copy them from binary location to %programdata%\ssh\
  • Prior versions required SSHD resources (sshd_config, host keys and authorized_keys) to have READ access to "NT Service\SSHD". This is no longer a requirement and the corresponding ACL entry should be removed. You may run Powershell.exe -ExecutionPolicy Bypass -Command '. .\FixHostFilePermissions.ps1 -Confirm:$false' to fix up these permissions.
  • Make sure binary location has the write permissions to just SYSTEM, Administrator groups. It is recommended to extract binaries to %ProgramFiles%\OpenSSH

Known Issues:

  • You may not be able to connect with sshd logs showing that "unable to get security token for user sshd". Please see #1053
  • Match Blocks support has regressed. This will be fixed in the upcoming release.
Assets 6
You can’t perform that action at this time.