Forum Discussion

Karl-WE's avatar
Karl-WE
MVP
Feb 22, 2024
Solved

b26063 - Questions on SSH optional feature

Dear Windows Server Insider Team,

I have a question about SSH. Once I've heard that
- the OpenSSH Optional Feature component in Windows 10/11 is outdated,
- it had a security issue due to this circumstance
- one could not simply patch with with a CU

This all sound too strange to be true, so what's about this rumour?
Most of all with the b26063 and SSH being enabled per default, is this still the case or is the OpenSSH now component updated with this step?

Thank you so much, to shed more light onto this.

Developer Platform
General
management
security
  • NZ_BenThomas's avatar
    NZ_BenThomas
    Mar 03, 2024

    Karl-WE It's worth noting that it isn't enabled by default, just installed by default.

     

    From the release notes:

    Starting in Windows Server 2025 the Win32-OpenSSH server side component (SSHD) will ship installed by default. Previously, the Win32-OpenSSH server component shipped as an optional feature that needed to be installed.  Additionally, there is a new option in the Server Manager UI to enabled/disable SSHD, as well as a new group, “OpenSSH Users”. To use SSHD, the feature only has to be enabled, not installed. When enabled, SSHD is allowed only on private networks on default port 22

    Having a look at the sshd binary in `C:\Windows\System32\OpenSSH` indicates that the in-box version is `OpenSSH_9.5p1 for Windows` which appears to be up to date.
    Releases · PowerShell/Win32-OpenSSH (github.com)

3 Replies

Sort By
  • Karl-WE's avatar
    Karl-WE
    MVP
    Mar 05, 2024
    addendum: As Ben said, it is installed disabled by default. It can be enabled and disabled on the Windows Server Manager Overview tab, too. This is nice and lately, the second addition to Server Manager, after Arc integration.
  • NZ_BenThomas's avatar
    NZ_BenThomas
    MVP
    Mar 03, 2024

    Karl-WE It's worth noting that it isn't enabled by default, just installed by default.

     

    From the release notes:

    Starting in Windows Server 2025 the Win32-OpenSSH server side component (SSHD) will ship installed by default. Previously, the Win32-OpenSSH server component shipped as an optional feature that needed to be installed.  Additionally, there is a new option in the Server Manager UI to enabled/disable SSHD, as well as a new group, “OpenSSH Users”. To use SSHD, the feature only has to be enabled, not installed. When enabled, SSHD is allowed only on private networks on default port 22

    Having a look at the sshd binary in `C:\Windows\System32\OpenSSH` indicates that the in-box version is `OpenSSH_9.5p1 for Windows` which appears to be up to date.
    Releases · PowerShell/Win32-OpenSSH (github.com)

Resources