{"id":15779943,"url":"https://github.com/rgl/openssh-server-windows-vagrant","last_synced_at":"2025-11-01T06:03:49.780Z","repository":{"id":42651698,"uuid":"89471667","full_name":"rgl/openssh-server-windows-vagrant","owner":"rgl","description":" vagrant environment to test PowerShell/Win32-OpenSSH","archived":false,"fork":false,"pushed_at":"2025-04-12T17:11:42.000Z","size":325,"stargazers_count":4,"open_issues_count":2,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-12T18:25:06.900Z","etag":null,"topics":["ssh","ssh-server","vagrant","windows"],"latest_commit_sha":null,"homepage":null,"language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rgl.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-04-26T11:07:40.000Z","updated_at":"2025-04-12T17:11:46.000Z","dependencies_parsed_at":"2023-12-22T08:29:44.648Z","dependency_job_id":null,"html_url":"https://github.com/rgl/openssh-server-windows-vagrant","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/rgl/openssh-server-windows-vagrant","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rgl%2Fopenssh-server-windows-vagrant","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rgl%2Fopenssh-server-windows-vagrant/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rgl%2Fopenssh-server-windows-vagrant/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rgl%2Fopenssh-server-windows-vagrant/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rgl","download_url":"https://codeload.github.com/rgl/openssh-server-windows-vagrant/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rgl%2Fopenssh-server-windows-vagrant/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":266409570,"owners_count":23924286,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-21T11:47:31.412Z","response_time":64,"last_error":null,"robots_txt_status":null,"robots_txt_updated_at":null,"robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ssh","ssh-server","vagrant","windows"],"created_at":"2024-10-04T18:22:03.024Z","updated_at":"2025-11-01T06:03:49.764Z","avatar_url":"https://github.com/rgl.png","language":"PowerShell","funding_links":[],"categories":[],"sub_categories":[],"readme":"This is a vagrant environment to test the [PowerShell/Win32-OpenSSH](https://github.com/PowerShell/Win32-OpenSSH) service,\nwhich intents to be integrated into the upstream [Portable OpenSSH](https://github.com/openssh/openssh-portable) project\nas the native SSHD for Windows.\n\nIn this environment you'll also find [several language examples](examples/) on how to access a machine through SSH. \n\n# Usage\n\n[Build and install the Windows 2022 base image](https://github.com/rgl/windows-vagrant).\n\nLaunch the SSH server machine:\n\n```bash\nvagrant up sshd --no-destroy-on-error\n```\n\n**NB** this step will also create a SSH key at `tmp/ida_rsa` which we will later use to connect to the `vagrant` account.\n\nSee the allocated SSH port:\n\n```bash\nvagrant ssh-config sshd\n```\n\nYou should see something like:\n\n```plain\nHost sshd\n  HostName 127.0.0.1\n  User vagrant\n  Port 2222\n  ...\n```\n\nTry accessing the ssh server at that port with the created SSH key:\n\n```bash\nssh -i tmp/id_rsa vagrant@127.0.0.1 -p 2222 \"whoami /all\"\n```\n\nNow try the same, but from within the Windows Client machine. First launch it:\n\n```bash\nvagrant up windows --no-destroy-on-error\n```\n\nThen login into the Windows Desktop, and inside a PowerShell window run:\n\n```powershell\n\u0026'C:/Program Files/OpenSSH/ssh' -i c:/vagrant/tmp/id_rsa vagrant@sshd.example.com \"whoami /all\"\n```\n\nList this repository dependencies (and which have newer versions):\n\n```bash\nexport GITHUB_COM_TOKEN='YOUR_GITHUB_PERSONAL_TOKEN'\n./renovate.sh\n```\n\n# sshd audit\n\n\u003cpre\u003e\u003cspan style=\"color: #00ffff\"\u003e# general\u003c/span\u003e\n\u003cspan style=\"color: #00ff00\"\u003e(gen) banner: SSH-2.0-OpenSSH_for_Windows_9.8 Win32-OpenSSH-GitHub\u003c/span\u003e\n\u003cspan style=\"color: #00ff00\"\u003e(gen) compatibility: OpenSSH 9.6+, Dropbear SSH 2020.79+\u003c/span\u003e\n\u003cspan style=\"color: #00ff00\"\u003e(gen) compression: enabled (zlib@openssh.com)\u003c/span\u003e\n\n\u003cspan style=\"color: #00ffff\"\u003e# key exchange algorithms\u003c/span\u003e\n\u003cspan style=\"color: #00ff00\"\u003e(kex) curve25519-sha256                     -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76\u003c/span\u003e\n\u003cspan style=\"color: #00ff00\"\u003e                                            `- [info] default key exchange from OpenSSH 7.4 to 8.9\u003c/span\u003e\n\u003cspan style=\"color: #00ff00\"\u003e(kex) curve25519-sha256@libssh.org          -- [info] available since OpenSSH 6.4, Dropbear SSH 2013.62\u003c/span\u003e\n\u003cspan style=\"color: #00ff00\"\u003e                                            `- [info] default key exchange from OpenSSH 6.5 to 7.3\u003c/span\u003e\n\u003cspan style=\"color: #ff0000\"\u003e(kex) ecdh-sha2-nistp256                    -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency\u003c/span\u003e\n                                            `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62\n\u003cspan style=\"color: #ff0000\"\u003e(kex) ecdh-sha2-nistp384                    -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency\u003c/span\u003e\n                                            `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62\n\u003cspan style=\"color: #ff0000\"\u003e(kex) ecdh-sha2-nistp521                    -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency\u003c/span\u003e\n                                            `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62\n\u003cspan style=\"color: #00ff00\"\u003e(kex) diffie-hellman-group-exchange-sha256 (3072-bit) -- [info] available since OpenSSH 4.4\u003c/span\u003e\n\u003cspan style=\"color: #00ff00\"\u003e                                                      `- [info] OpenSSH's GEX fallback mechanism was triggered during testing. Very old SSH clients will still be able to create connections using a 2048-bit modulus, though modern clients will use 3072. This can only be disabled by recompiling the code (see https://github.com/openssh/openssh-portable/blob/V_9_4/dh.c#L477).\u003c/span\u003e\n\u003cspan style=\"color: #00ff00\"\u003e(kex) diffie-hellman-group16-sha512         -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73\u003c/span\u003e\n\u003cspan style=\"color: #00ff00\"\u003e(kex) diffie-hellman-group18-sha512         -- [info] available since OpenSSH 7.3\u003c/span\u003e\n\u003cspan style=\"color: #ffff00\"\u003e(kex) diffie-hellman-group14-sha256         -- [warn] 2048-bit modulus only provides 112-bits of symmetric strength\u003c/span\u003e\n                                            `- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73\n\u003cspan style=\"color: #00ff00\"\u003e(kex) ext-info-s                            -- [info] available since OpenSSH 9.6\u003c/span\u003e\n\u003cspan style=\"color: #00ff00\"\u003e                                            `- [info] pseudo-algorithm that denotes the peer supports RFC8308 extensions\u003c/span\u003e\n\u003cspan style=\"color: #00ff00\"\u003e(kex) kex-strict-s-v00@openssh.com          -- [info] pseudo-algorithm that denotes the peer supports a stricter key exchange method as a counter-measure to the Terrapin attack (CVE-2023-48795)\u003c/span\u003e\n\n\u003cspan style=\"color: #00ffff\"\u003e# host-key algorithms\u003c/span\u003e\n\u003cspan style=\"color: #00ff00\"\u003e(key) rsa-sha2-512 (3072-bit)               -- [info] available since OpenSSH 7.2\u003c/span\u003e\n\u003cspan style=\"color: #00ff00\"\u003e(key) rsa-sha2-256 (3072-bit)               -- [info] available since OpenSSH 7.2, Dropbear SSH 2020.79\u003c/span\u003e\n\u003cspan style=\"color: #ff0000\"\u003e(key) ecdsa-sha2-nistp384                   -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency\u003c/span\u003e\n\u003cspan style=\"color: #ffff00\"\u003e                                            `- [warn] using weak random number generator could reveal the key\u003c/span\u003e\n                                            `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62\n\u003cspan style=\"color: #00ff00\"\u003e(key) ssh-ed25519                           -- [info] available since OpenSSH 6.5, Dropbear SSH 2020.79\u003c/span\u003e\n\n\u003cspan style=\"color: #00ffff\"\u003e# encryption algorithms (ciphers)\u003c/span\u003e\n\u003cspan style=\"color: #00ff00\"\u003e(enc) chacha20-poly1305@openssh.com         -- [info] available since OpenSSH 6.5, Dropbear SSH 2020.79\u003c/span\u003e\n\u003cspan style=\"color: #00ff00\"\u003e                                            `- [info] default cipher since OpenSSH 6.9\u003c/span\u003e\n\u003cspan style=\"color: #00ff00\"\u003e(enc) aes128-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52\u003c/span\u003e\n\u003cspan style=\"color: #00ff00\"\u003e(enc) aes192-ctr                            -- [info] available since OpenSSH 3.7\u003c/span\u003e\n\u003cspan style=\"color: #00ff00\"\u003e(enc) aes256-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52\u003c/span\u003e\n\u003cspan style=\"color: #00ff00\"\u003e(enc) aes128-gcm@openssh.com                -- [info] available since OpenSSH 6.2\u003c/span\u003e\n\u003cspan style=\"color: #00ff00\"\u003e(enc) aes256-gcm@openssh.com                -- [info] available since OpenSSH 6.2\u003c/span\u003e\n\n\u003cspan style=\"color: #00ffff\"\u003e# message authentication code algorithms\u003c/span\u003e\n\u003cspan style=\"color: #ffff00\"\u003e(mac) umac-64-etm@openssh.com               -- [warn] using small 64-bit tag size\u003c/span\u003e\n                                            `- [info] available since OpenSSH 6.2\n\u003cspan style=\"color: #00ff00\"\u003e(mac) umac-128-etm@openssh.com              -- [info] available since OpenSSH 6.2\u003c/span\u003e\n\u003cspan style=\"color: #00ff00\"\u003e(mac) hmac-sha2-256-etm@openssh.com         -- [info] available since OpenSSH 6.2\u003c/span\u003e\n\u003cspan style=\"color: #00ff00\"\u003e(mac) hmac-sha2-512-etm@openssh.com         -- [info] available since OpenSSH 6.2\u003c/span\u003e\n\u003cspan style=\"color: #ffff00\"\u003e(mac) umac-64@openssh.com                   -- [warn] using encrypt-and-MAC mode\u003c/span\u003e\n\u003cspan style=\"color: #ffff00\"\u003e                                            `- [warn] using small 64-bit tag size\u003c/span\u003e\n                                            `- [info] available since OpenSSH 4.7\n\u003cspan style=\"color: #ffff00\"\u003e(mac) umac-128@openssh.com                  -- [warn] using encrypt-and-MAC mode\u003c/span\u003e\n                                            `- [info] available since OpenSSH 6.2\n\u003cspan style=\"color: #ffff00\"\u003e(mac) hmac-sha2-256                         -- [warn] using encrypt-and-MAC mode\u003c/span\u003e\n                                            `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56\n\u003cspan style=\"color: #ffff00\"\u003e(mac) hmac-sha2-512                         -- [warn] using encrypt-and-MAC mode\u003c/span\u003e\n                                            `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56\n\n\u003cspan style=\"color: #00ffff\"\u003e# fingerprints\u003c/span\u003e\n\u003cspan style=\"color: #00ff00\"\u003e(fin) ssh-ed25519: SHA256:REDACTED\u003c/span\u003e\n\u003cspan style=\"color: #00ff00\"\u003e(fin) ssh-rsa: SHA256:REDACTED\u003c/span\u003e\n\n\u003cspan style=\"color: #00ffff\"\u003e# additional info\u003c/span\u003e\n\u003cspan style=\"color: #ffff00\"\u003e(nfo) Be aware that, while this target properly supports the strict key exchange method (via the kex-strict-?-v00@openssh.com marker) needed to protect against the Terrapin vulnerability (CVE-2023-48795), all peers must also support this feature as well, otherwise the vulnerability will still be present.  The following algorithms would allow an unpatched peer to create vulnerable SSH channels with this target: chacha20-poly1305@openssh.com.  If any CBC ciphers are in this list, you may remove them while leaving the *-etm@openssh.com MACs in place; these MACs are fine while paired with non-CBC cipher types.\u003c/span\u003e\n\u003c/pre\u003e\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frgl%2Fopenssh-server-windows-vagrant","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frgl%2Fopenssh-server-windows-vagrant","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frgl%2Fopenssh-server-windows-vagrant/lists"}