What BASH and SSH Mean for Windows Systems Administration
-
@RamblingBiped said:
I'm curious to know how much this increases the attack surface of the Windows platform. I'm in silent celebration at the idea of being able to access my Windows servers remotely via SSH, but I wonder how tight the integration really is with BASH and if that is REALLY a good thing... I mean, how many attack vectors does an already highly targeted closed system need?
How does SSH increase the attack surface? It is another protocol, but do you leave your servers open to access from the public internet in the first place?
-
@scottalanmiller said:
BASH isn't a good answer because Linux used it. Linux chose it because it was a good answer. Decades of research, testing and use showed the Bourne Shell model to be a very, very good one. It has been honed to an incredible degree. It could be improved, for sure, and that's where ZSH and FISH come in. Still Bourne, but more advanced. Windows could have done that. Instead they decided to go out on a limb and forge their own path unlike what anyone else had seen work in almost five decades of shell design. It was bold, but it proved to not make sense, for the most part. They tried to take people who were GUI only and leap frog the simple, text work of UNIX to go to a powerful, but very difficult and non-intuitive object model and it was way too much for their community. PowerShell requires knowing a lot more up front than BASH. BASH you just work with what's on the screen. PS doesn't let you just pick it up and run.
I don't follow this - They both require you to learn a set of command, and the options that go with those commands.
Are you saying that the command that exist within BASH would have been enough to manage Windows? Wouldn't there have always been a need to create Windows unique command for say, interacting with the registry?
I'm guessing that by installing mySQL the command line commands are added to the BASH shell (and if not really added, they are in the PATH, so they just execute like any command line command does)? So installing Exchange for example would add the needed CLI commands, and the admins would need to learn them just like they learn mySQL commands.
Or am I completely off base, and there are no extra commands needed to administer mySQL other than what is included in BASH?
-
@JaredBusch said:
@RamblingBiped said:
I'm curious to know how much this increases the attack surface of the Windows platform. I'm in silent celebration at the idea of being able to access my Windows servers remotely via SSH, but I wonder how tight the integration really is with BASH and if that is REALLY a good thing... I mean, how many attack vectors does an already highly targeted closed system need?
How does SSH increase the attack surface? It is another protocol, but do you leave your servers open to access from the public internet in the first place?
It's not the SSH implementation that increases the attack surface, it's their implementation of BASH and specifically how it interfaces with the Windows side of things. I'm fairly ignorant of specifics in regards to how limited everything is in their BASH implementation and how it interfaces with the Windows kernel (standard WIndows API? an additional interface/api built on top?).
-
@Dashrender said:
@scottalanmiller said:
BASH isn't a good answer because Linux used it. Linux chose it because it was a good answer. Decades of research, testing and use showed the Bourne Shell model to be a very, very good one. It has been honed to an incredible degree. It could be improved, for sure, and that's where ZSH and FISH come in. Still Bourne, but more advanced. Windows could have done that. Instead they decided to go out on a limb and forge their own path unlike what anyone else had seen work in almost five decades of shell design. It was bold, but it proved to not make sense, for the most part. They tried to take people who were GUI only and leap frog the simple, text work of UNIX to go to a powerful, but very difficult and non-intuitive object model and it was way too much for their community. PowerShell requires knowing a lot more up front than BASH. BASH you just work with what's on the screen. PS doesn't let you just pick it up and run.
I don't follow this - They both require you to learn a set of command, and the options that go with those commands.
Are you saying that the command that exist within BASH would have been enough to manage Windows? Wouldn't there have always been a need to create Windows unique command for say, interacting with the registry?
I'm guessing that by installing mySQL the command line commands are added to the BASH shell (and if not really added, they are in the PATH, so they just execute like any command line command does)? So installing Exchange for example would add the needed CLI commands, and the admins would need to learn them just like they learn mySQL commands.
Or am I completely off base, and there are no extra commands needed to administer mySQL other than what is included in BASH?
It's like you said though... Commands to administer MySQL are generally just in the Path. So... Windows... Linux... shouldn't matter... mysql -h myserver -u myuser -pwouldn'tyouliketoknow should work the same on Windows as it would in LInux.
-
So other than SSH specifically - does PS not have a remote access port that can be secured and uses encryption? - are admins unhappy because they didn't have ls, grep, etc?
I hear about these shells, but I'm lost on the differences between them other than the built in commands they come with.
-
@JaredBusch said:
@RamblingBiped said:
I'm curious to know how much this increases the attack surface of the Windows platform. I'm in silent celebration at the idea of being able to access my Windows servers remotely via SSH, but I wonder how tight the integration really is with BASH and if that is REALLY a good thing... I mean, how many attack vectors does an already highly targeted closed system need?
How does SSH increase the attack surface? It is another protocol, but do you leave your servers open to access from the public internet in the first place?
And I did some quick googling to try and soften my ignorance and found this:
"Third, note that Bash and Linux tools cannot interact with Windows applications and tools, and vice-versa. So you won’t be able to run Notepad from Bash, or run Ruby in Bash from PowerShell." - https://blogs.windows.com/buildingapps/2016/03/30/run-bash-on-ubuntu-on-windows/
So if I am comprehending what I read properly it looks like this is a native BASH environment that is pretty well locked down and only intended for development. It can access Windows filesystems, but not applications. So currently not intended to be all that useful in regards to systems administration.
-
@RamblingBiped said:
So if I am comprehending what I read properly it looks like this is a native BASH environment that is pretty well locked down and only intended for development. It can access Windows filesystems, but not applications. So currently not intended to be all that useful in regards to systems administration.
It's a near literally as possible to WINE but for Linux apps on Windows.
-
@RamblingBiped said:
So currently not intended to be all that useful in regards to systems administration.
Hmmn, yeah. It doesn't look that useful. It certainly doesn't appear to be as bigger deal as the OP makes out.
-
@Carnival-Boy said:
@RamblingBiped said:
So currently not intended to be all that useful in regards to systems administration.
Hmmn, yeah. It doesn't look that useful. It certainly doesn't appear to be as bigger deal as the OP makes out.
I think he's somewhat pointing that out actually
-
Another discussion on the topic happening on the homelab subreddit:
https://www.reddit.com/r/homelab/comments/4dot5v/bash_on_windows_works_i_can_run_stuff_for_you/
-
Currently no SSH daemon available. So you can SSH from a Windows machine, but not to a Windows machine.
-
Anyone know if this is available on the LTS version?
-
@coliver said:
Anyone know if this is available on the LTS version?
It isn't a version of Ubuntu at all. I'm pretty sure all this is doing is abstracting the Ubuntu Linux user space and translating the system calls to the Linux kernel space to the Windows Kernel space. There is no Linux kernel, just the the Linux binaries that exist in the User space. If that makes sense. It really is like the inverse of WINE on Linux.
And while they say it is self contained and unable to execute Windows binaries, it does seem to have indirect access to the Windows kernel via this interface/api they have created to translate the calls to the Linux kernel. And because all of that is not currently open source, I would kind of think there is some potential for exploitation there.
-
@RamblingBiped said:
@coliver said:
Anyone know if this is available on the LTS version?
It isn't a version of Ubuntu at all. I'm pretty sure all this is doing is abstracting the Ubuntu Linux user space and translating the system calls to the Linux kernel space to the Windows Kernel space. There is no Linux kernel, just the the Linux binaries that exist in the User space. If that makes sense. It really is like the inverse of WINE on Linux.
And while they say it is self contained and unable to execute Windows binaries, it does seem to have indirect access to the Windows kernel via this interface/api they have created to translate the calls to the Linux kernel. And because all of that is not currently open source, I would kind of think there is some potential for exploitation there.
The Windows 10 LTS release.
-
@coliver said:
@RamblingBiped said:
@coliver said:
Anyone know if this is available on the LTS version?
It isn't a version of Ubuntu at all. I'm pretty sure all this is doing is abstracting the Ubuntu Linux user space and translating the system calls to the Linux kernel space to the Windows Kernel space. There is no Linux kernel, just the the Linux binaries that exist in the User space. If that makes sense. It really is like the inverse of WINE on Linux.
And while they say it is self contained and unable to execute Windows binaries, it does seem to have indirect access to the Windows kernel via this interface/api they have created to translate the calls to the Linux kernel. And because all of that is not currently open source, I would kind of think there is some potential for exploitation there.
The Windows 10 LTS release.
Ha! Sorry, misunderstood.
-
@coliver said:
@RamblingBiped said:
@coliver said:
Anyone know if this is available on the LTS version?
It isn't a version of Ubuntu at all. I'm pretty sure all this is doing is abstracting the Ubuntu Linux user space and translating the system calls to the Linux kernel space to the Windows Kernel space. There is no Linux kernel, just the the Linux binaries that exist in the User space. If that makes sense. It really is like the inverse of WINE on Linux.
And while they say it is self contained and unable to execute Windows binaries, it does seem to have indirect access to the Windows kernel via this interface/api they have created to translate the calls to the Linux kernel. And because all of that is not currently open source, I would kind of think there is some potential for exploitation there.
The Windows 10 LTS release.
When Red Stone becomes LTS, probably, until then, nope.
-
@Dashrender said:
@coliver said:
@RamblingBiped said:
@coliver said:
Anyone know if this is available on the LTS version?
It isn't a version of Ubuntu at all. I'm pretty sure all this is doing is abstracting the Ubuntu Linux user space and translating the system calls to the Linux kernel space to the Windows Kernel space. There is no Linux kernel, just the the Linux binaries that exist in the User space. If that makes sense. It really is like the inverse of WINE on Linux.
And while they say it is self contained and unable to execute Windows binaries, it does seem to have indirect access to the Windows kernel via this interface/api they have created to translate the calls to the Linux kernel. And because all of that is not currently open source, I would kind of think there is some potential for exploitation there.
The Windows 10 LTS release.
When Red Stone becomes LTS, probably, until then, nope.
It was literally just added to the current Insider Preview. What are you wanting.
-
@RamblingBiped said:
@coliver said:
Anyone know if this is available on the LTS version?
It isn't a version of Ubuntu at all. I'm pretty sure all this is doing is abstracting the Ubuntu Linux user space and translating the system calls to the Linux kernel space to the Windows Kernel space. There is no Linux kernel, just the the Linux binaries that exist in the User space. If that makes sense. It really is like the inverse of WINE on Linux.
And while they say it is self contained and unable to execute Windows binaries, it does seem to have indirect access to the Windows kernel via this interface/api they have created to translate the calls to the Linux kernel. And because all of that is not currently open source, I would kind of think there is some potential for exploitation there.
That's correct. It's a POSIX subsystem exactly like the old UNIX one that Windows has had for twenty years. Only now instead of being a version of Xenix, it is based on Ubuntu. So it will be a Ubuntu system call layer.
Everyone saying Ubuntu on Windows is just confused. That's marketing hype, there isn't anything remotely like Ubuntu on Windows. This is just the opposite of Wine.
-
@RamblingBiped said:
Currently no SSH daemon available. So you can SSH from a Windows machine, but not to a Windows machine.
Once the Linux subsystem is available, that will be all fixed.
-
This article seems to have been written by someone who doesn't do windows administration, and is looking from the outside in, not understanding its power nor how it has vastly changed administration in the past decade. The claim that powershell has languished is a joke. Real windows admins after about 10-15 minutes of fiddling, shouted for joy and immediately burned all their VBS books. Warmed by the pire of the past they saddled up to that magical blue window and changed their work lives forever.
If a windows admin isn't using powershell... move along, they're not a windows admin, they're a novice or a hobbyist, or someone at a small company that does 37 other things in addition to adding user accounts twice a month to their Small Business Edition 2008R2 server that also has their GP and Exchange instance running on it (tho, that's the guy that should be making the most of PS)
Powershell IS windows administration. To claim otherwise is intentional ignorance. Adding SSH is fantastic, and adding BASH will make process management in multi OS shops very nice (depending on how deep you can get with whatever bash commands are available) but powershell is going to remain the heavy lifter, the every day use script language that flipped windows management on its ear. It is a glorious and easy to use script language, one that will continue to expand its presence, not diminish.