This is a pre-release (non-production ready)

This release includes changes to further prepare this fork for future integration to upstream repository. Also included are changes incorporating community feedback.

• Unix styled privilege separation is implemented for Windows

  • OpenSSh privilege separation model - http://www.citi.umich.edu/u/provos/ssh/privsep.html
  • Posix_spawn is implemented in POSIX adapter as an alternative to fork() that is heavily used in Privilege separation.
  • Additional state info is added to sshd to accommodate distinguishing the various modes (privileged monitor, unprivileged child, authenticated child).
  • Required service state (like config and host keys) is transmitted over pipes from monitor to child processes.
  • For every remote session, you'll now see 2 sshd processes, one running as SYSTEM and one running as the USER (similar to what you would see on Unix)

• Changes to installation steps to adhere to the new architecture

  • SSHD server is installed to run as SYSTEM
  • SSHD no longer depends on ssh-agent server
  • SSHD resources (sshd_config, hostkeys and authorized_keys) no longer need "READ" access to NT Service\SSHD.

• Config/State separation

  • SSHD resources - sshd_config, hostkeys are moved to a dedicated hidden directory - %ProgramData%\ssh
  • SSH global resources - ssh_config and ssh_known_hosts will now work and can be placed in the above directory
  • Logs would be written to the above directory too. This is a temporary solution while we evaluate moving logs to ETW sessions.

• SSHD prerequisites auto setup

  • SSHD service prereq resources - sshd_config and hostkeys, if they don't already exist - will now be automatically generated as part of service startup.
  • This will reduce instllation steps to all but one step - i.e to run installsshd.ps1. There will be no more configuration steps needed.

• Other misc issues listed here

Breaking Changes

• You need to be SYSTEM to do SSHD debug mode (sshd -d), typically used in troubleshooting scenarios. Running as an administrator is no longer sufficient. You may use psexec -s cmd to open up cmd.exe running as SYSTEM.
• To use existing customized sshd_config, you need to copy it to %programdata%\ssh\sshd_config (Note that %programdata% is a hidden directory).
• To use existing host keys, you need to copy them from binary location to %programdata%\ssh\
• Prior versions required SSHD resources (sshd_config, host keys and authorized_keys) to have READ access to "NT Service\SSHD". This is no longer a requirement and the corresponding ACL entry should be removed. You may run Powershell.exe -ExecutionPolicy Bypass -Command '. .\FixHostFilePermissions.ps1 -Confirm:$false' to fix up these permissions.
• Make sure binary location has the write permissions to just SYSTEM, Administrator groups. It is recommended to extract binaries to %ProgramFiles%\OpenSSH

Known Issues:

• You may not be able to connect with sshd logs showing that "unable to get security token for user sshd". Please see #1053
• Match Blocks support has regressed. This will be fixed in the upcoming release.