RFC0012 - Enable SSH Remoting

[SteveL-MSFT]

Feedback for https://github.com/PowerShell/PowerShell-RFC/blob/master/1-Draft/RFC0012-Enable-SSH-Remoting.md

[cobracmder]

Howdy.

Can you explain the following statement?

Alternate forms of authentication, such as key base authentication, will not be supported as it requires safely generating and distributing private/public keys.

Are y'all referring to:

• actually generating ssh keys (ssh on server creates a set of keys for host authentication using ssh-keygen) because key generation might be vulnerable to someone monitoring memory/cache? or
• generating a user key (via ssh-keygen) and distributing it to a potential remote host (which is done with ssh-copy-id on other platforms)?

If the latter, I see that as easily addressable since there are plenty of other examples out there.

[SteveL-MSFT]

-Scope All

Not a fan of 'All', would prefer 'ClientAndServer' as it makes it more clear what will happen.

Regarding public key auth, we have an issue open against our OpenSSH port to create a version of ssh-copy-id for Windows as it's currently implemented as a Bash script. It's probably better to have the user understand public key auth and generate their own keys rather than for this cmdlet to do that. This cmdlet is just targeting the novice user and really making it easy to install OpenSSH and modify sshd_config to enable PSRP.

[cobracmder]

Fair enough.

[joeyaiello]

@PowerShell/powershell-committee today only included myself, @JamesWTruher, @SteveL-MSFT, and @daxian-dbw. Without making a statement on implementation or timing, we agree that the alternate proposal here of only validating the sshd install and adding a line to sshd_config for subsystem should the minimal approach.

Also, we noticed that the WinSSH module already takes care of some of this. We should look at that implementation has a strawman.