OpenSSH Server

1. Information

Computer        IP Address      Operating System        OpenSSH OpenSSH OpenSSL Remark
--------        ------------    -------------------     ------- ------- ------- ------
SMRU-PMS-MKT    192.168.25.6    Windows 10 Ent 22H2     9.5.2.1                 Fails
SMRU-PMS-WPA    192.168.27.6    Windows 10 Ent 22H2     9.5.2.1                 Fails
SMRU-PMS-MSL    192.168.28.6    Windows 10 Ent 22H2     8.1.0.1 8.1p1   3.0.2   OK
SMRU-PMS-MSL    192.168.28.6    Windows 10 Ent 22H2     8.9.0.0 8.9p1   3.4.2   Fails
SMRUWS-IT07     DHCP            Windows 10 Ent 22H2     8.9.1.0 8.9p1   3.4.3   Fails
SMRUWS-IT11     DHCP            Windows 10 Ent 22H2     8.9.1.0 8.9p1   3.4.3   Fails
TBHFWS-IT01     DHCP            Windows 11 Pro 23H2     9.5.0.0 9.5p1   3.8.2   Fails
TBHFWS-IT02     DHCP            Windows 10 Ent 22H2     9.5.0.0 9.5p1   3.8.2   Fails
TBHFWS-IT03     10.10.1.6       Windows 11 Pro 23H2     8.6.0.1 8.6p1           OK
TBHFWS-IT03     10.10.1.6       Windows 11 Pro 23H2     8.9.0.0 8.9p1   3.4.2   Fails

Computer        IP Address      Operating System        OpenSSH OpenSSL Remark
--------        ------------    ----------------        ------- ------- ------
tbhf-anc-mrm    10.10.1.2       Debian 8.11             6.7p1   1.0.1t  Fails
tbhf-anc-mkt    192.168.25.2    Debian 8.11             6.7p1   1.0.1t  Fails
tbhf-anc-wpa    192.168.27.2    Debian 8.11             6.7p1   1.0.1t  Fails
tbhf-anc-msl    192.168.28.2    Debian 10.13            7.9p1   1.1.1n  OK
tbhf-ops-mrm    10.10.1.4       Debian 12.7             9.2p1   3.0.14  OK
tbhf-tst-mrm    10.10.1.5       Debian 11.11            8.4p1   1.1.1w  OK
tbhf-web-mrm    10.10.0.1       Debian 9.13             7.4p1   1.1.0l  ?

Computer        IP Address      Operating System        OpenSSH OpenSSL Remark
--------        ------------    ----------------        ------- ------- ------
vbox-debian     DHCP            Debian 8.11             6.7p1   1.0.1t  Fails
vbox-debian     10.0.2.15       Debian 9.13             7.4p1   1.0.2u  OK
vbox-debian     10.0.2.15       Debian 10.8             7.9p1   1.1.1d  OK

cat /etc/debian_version
ssh -v smru@1.1.1.1
sudo scp -p smru@10.10.1.2:/media/Windows/Software/_Delta/id_rsa-auto /root
sudo chmod 0400 /root/id_rsa-auto
sudo ls -al /root/id_rsa-auto
sudo /usr/bin/scp -B -i "/root/id_rsa-auto" -o "StrictHostKeyChecking=no" -p "/etc/debian_version" "Administrator@SMRU-PMS-WPA:C:/Tmp

sudo scp -p delta@10.10.1.2:/media/Windows/Software/_Delta/delta-linux-tools-#.#.#-1-all.deb .
sudo dpkg -i delta-linux-tools-#.#.#-1-all.deb
sudo smru config openssh
sudo systemctl restart ssh
sudo systemctl status ssh

:: Checking internet connectivity.
:: Configuring openssh.
:: Configuring openssh-client with new ed25519 key pair inside /home/delta/.ssh folder.
:: Configuring openssh-server.

See https://www.openssh.com/txt/release-8.8.

Potentially-incompatible changes

This release disables RSA signatures using the SHA-1 hash algorithm by default. This change has been made as the SHA-1 hash algorithm is cryptographically broken, and it is possible to create chosen-prefix hash collisions for <USD$50K [1]

For most users, this change should be invisible and there is no need to replace ssh-rsa keys. OpenSSH has supported RFC8332 RSA/SHA-256/512 signatures since release 7.2 and existing ssh-rsa keys will automatically use the stronger algorithm where possible.

Incompatibility is more likely when connecting to older SSH implementations that have not been upgraded or have not closely tracked improvements in the SSH protocol. For these cases, it may be necessary to selectively re-enable RSA/SHA1 to allow connection and/or user authentication via the HostkeyAlgorithms and PubkeyAcceptedAlgorithms options. For example, the following stanza in ~/.ssh/config will enable RSA/SHA1 for host and user authentication for a single destination host:

   Host old-host
       HostkeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa

We recommend enabling RSA/SHA1 only as a stopgap measure until legacy implementations can be upgraded or reconfigured with another key type (such as ECDSA or Ed25519).

2. Linux

3. macOS

Start System Preferences.
Select Sharing.
Check Remote Login.
Close System Preferences.

4. Windows

Note: There are two ways to install OpenSSH on Windows. Either use the OpenSSH-Win64-v9.8.2.0.msi Microsoft Windows Installer file or use the Add-WindowsCapability PowerShell command.

4.1. Microsoft Windows Installer

It allows the latest version of OpenSSH to be installed.
It allows installation of OpenSSH versions 8.9.1.0, 9.2.2.0, 9.4.0.0, 9.5.0.0, 9.8.2.0.
It does not automatically add an inbound firewall rule.
However, it looks like version 9.4.0.0 and later do automatically add the OpenSSH SSH Server Preview (sshd) inbound firewall rule.
It installs OpenSSH in the C:\Program Files\OpenSSH folder.

4.2. PowerShell

It automatically adds an inbound firewall rule that is not removed when restoring the Windows Defender Firewall to its default settings.
It installs OpenSSH version 8.6.0.1.
It does not allow the latest version of OpenSSH to be installed.
It installs OpenSSH in the C:\Windows\System32\OpenSSH folder.
It is only available on Windows 10 version 1709 and later.

4.3. Windows 10 1607 and earlier

4.3.1. Installation

Run the OpenSSH-Win64-v9.8.2.0.msi file.
Enter the following commands at a Command Prompt with administrative privileges.
```
Set-ConfigOpenSshServer
Set-ConfigWindowsFirewall
```

4.4. Windows 10 1709 and later

4.4.1. Installation

See https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse.

Start Local Group Policy Editor (gpedit.msc) with administrative privileges.
Select Computer Configuration | Administrative Templates | System.
Double-click Specify settings for optional component installation and component repair.
Choose Enabled.
Check Download repair content and optional features directly from Windows Update instead of Windows Server Update Services (WSUS).
Click Apply.
Click OK.
Close Local Group Policy Editor.

CLI ~ Command Prompt

Enter the following commands at a Command Prompt with administrative privileges.

powershell.exe Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
powershell.exe Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
powershell.exe Get-NetFirewallRule -Name *ssh*
Set-ConfigOpenSshServer
Set-ConfigWindowsFirewall

CLI ~ PowerShell

Enter the following commands at a PowerShell Command Prompt with administrative privileges.

. 'C:\Program Files\Delta Software Labs\Windows-Tools\Debug.ps1'


Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
Get-NetFirewallRule -Name *ssh*


Set-ConfigBitviseSshServer
Set-ConfigOpenSshServer
Set-ConfigWindowsFirewall

GUI

Enter the following commands at a Command Prompt with administrative privileges.

Start Settings.
Select Apps.
Select Apps & features.
Select Optional features.
Select Add a feature.
Select OpenSSH Server.
Click Install.
Close Settings.

Enter the following commands at a Command Prompt with administrative privileges.
```
Set-ConfigOpenSshServer
Set-ConfigWindowsFirewall
```

4.5. Build

See https://github.com/PowerShell/Win32-OpenSSH/wiki/Building-OpenSSH-for-Windows-(using-LibreSSL-crypto).