SOLVED

b26063 - Questions on SSH optional feature

MVP

Dear Windows Server Insider Team,

I have a question about SSH. Once I've heard that
- the OpenSSH Optional Feature component in Windows 10/11 is outdated,
- it had a security issue due to this circumstance
- one could not simply patch with with a CU

This all sound too strange to be true, so what's about this rumour?
Most of all with the b26063 and SSH being enabled per default, is this still the case or is the OpenSSH now component updated with this step?

Thank you so much, to shed more light onto this.

3 Replies
best response confirmed by Karl_Wester-Ebbinghaus (MVP)
Solution

@Karl_Wester-Ebbinghaus It's worth noting that it isn't enabled by default, just installed by default.

 

From the release notes:


Starting in Windows Server 2025 the Win32-OpenSSH server side component (SSHD) will ship installed by default. Previously, the Win32-OpenSSH server component shipped as an optional feature that needed to be installed.  Additionally, there is a new option in the Server Manager UI to enabled/disable SSHD, as well as a new group, “OpenSSH Users”. To use SSHD, the feature only has to be enabled, not installed. When enabled, SSHD is allowed only on private networks on default port 22

Having a look at the sshd binary in `C:\Windows\System32\OpenSSH` indicates that the in-box version is `OpenSSH_9.5p1 for Windows` which appears to be up to date.
Releases · PowerShell/Win32-OpenSSH (github.com)

Thank you for this correction, Ben!
addendum: As Ben said, it is installed disabled by default. It can be enabled and disabled on the Windows Server Manager Overview tab, too. This is nice and lately, the second addition to Server Manager, after Arc integration.
1 best response

Accepted Solutions
best response confirmed by Karl_Wester-Ebbinghaus (MVP)
Solution

@Karl_Wester-Ebbinghaus It's worth noting that it isn't enabled by default, just installed by default.

 

From the release notes:


Starting in Windows Server 2025 the Win32-OpenSSH server side component (SSHD) will ship installed by default. Previously, the Win32-OpenSSH server component shipped as an optional feature that needed to be installed.  Additionally, there is a new option in the Server Manager UI to enabled/disable SSHD, as well as a new group, “OpenSSH Users”. To use SSHD, the feature only has to be enabled, not installed. When enabled, SSHD is allowed only on private networks on default port 22

Having a look at the sshd binary in `C:\Windows\System32\OpenSSH` indicates that the in-box version is `OpenSSH_9.5p1 for Windows` which appears to be up to date.
Releases · PowerShell/Win32-OpenSSH (github.com)

View solution in original post