What BASH and SSH Mean for Windows Systems Administration
-
We have been hearing that BASH and SSH are being readied for Windows Server this year. On the surface this sounds great, PowerShell is convoluted and hard to use, remoting to Windows is difficult and non-standard, these things will fix that. As someone coming from the UNIX world these things are awesome. But I think that there are a lot of factors that Windows Admins have not considered.
In the past, the introduction of PowerShell, for example, was not all that disruptive. Sure, it changed things, but Windows Admins did not en masse run out and learn PowerShell or stop using the GUI. PS Remoting didn't make people start using PS remotely very often. PS has languished, even though it is very powerful and very capable. The learning curve is just steep and the usability is low.
Windows Server continues to suffer from a culture push to use the GUI and, quite sadly, an administration community that is overpopulated with underqualified admins. It is so easy to admin a Windows Server, or to appear to, because of the ubiquitous GUI and socially accepted norms of administration based on decades of SMB-focused, GUI-centric culture that anyone and everyone claims to be a Windows Admin. As many companies cannot evaluate who is and who is not doing a good job on Windows, this is caused the market to have driven salaries down as the value of the average Windows Admin is low and those that are good have little way to prove themselves and raise their perceived value.
How does BASH and SSH (and to a lesser degree the new Linux on Windows subsystem that replaces the old UNIX on Windows POSIX layer) change this? Essentially overnight, modern Windows Servers are going to look and feel just like Linux does. Most Windows Admins already confuse the BASH shell with Linux itself so adding BASH to Windows is the same as turning Windows into Linux from that point of view (it, of course, is not.) Add SSH to the mix and the remote access methods and tools from the Linux world, which are completely ubiquitous, will be available to the Windows world.
Stop for a second and think about what that means. Overnight.... the world and culture of the high cost, high skilled, high efficiency Linux Administration space are going to be available to the Windows world. There is a very real possibility that GUIless Windows deployments will be the norm, remote access will be pooled with the existing remote access of the Linux world, that servers will be administered together rather than in two groups and that the Windows Administration world may shift to the Linux one, more or less overnight.
Microsoft knows what it is doing and embracing an entire field of administrators that have long been unavailable to it or that mocked it for lacking a strong CLI and remote access method will suddenly be able to work on Windows as if it were native.
This may be the move that prepares Microsoft to recycle its ecosystem, to dump the existing global pool of administrators and shake up IT bringing their own culture in line with their competition, making themselves far more viable for the world of cloud computing and removing decades of kruft that has collected around their culture and ecosystem.
BASH and SSH should be a wake up call to Windows Admins everywhere. Microsoft knows where the future is and it isn't in the way that Windows as been running in the past. It's time for the Windows Admin world to evolve or quite possibly, simply lose all relevancy and cease to exist.
-
What's wrong with PowerShell?
-
@Carnival-Boy said:
What's wrong with PowerShell?
Complexity. Vastly more complex than BASH and non-standard. The later isn't necessarily bad but it has been a barrier to both adoption from the Windows world and the non-Windows world. It is powerful, but very hard to use and learn and non-intuitive. It breaks simple interface design practices like showing text but not treating it as text. It is less predictable than BASH.
-
BASH isn't a good answer because Linux used it. Linux chose it because it was a good answer. Decades of research, testing and use showed the Bourne Shell model to be a very, very good one. It has been honed to an incredible degree. It could be improved, for sure, and that's where ZSH and FISH come in. Still Bourne, but more advanced. Windows could have done that. Instead they decided to go out on a limb and forge their own path unlike what anyone else had seen work in almost five decades of shell design. It was bold, but it proved to not make sense, for the most part. They tried to take people who were GUI only and leap frog the simple, text work of UNIX to go to a powerful, but very difficult and non-intuitive object model and it was way too much for their community. PowerShell requires knowing a lot more up front than BASH. BASH you just work with what's on the screen. PS doesn't let you just pick it up and run.
-
Oh. Well I hope that this doesn't change anything and MS continue to develop and push PowerShell.
-
@Carnival-Boy said:
Oh. Well I hope that this doesn't change anything and MS continue to develop and push PowerShell.
Oh, I have zero doubt that they will for a few reasons...
- They don't want to burn bridges with their best existing admins. The people using PS today are their strongest supports and best selling tool in the field.
- PowerShell is probably the most advanced shell on the market, it is a competitive advantage over UNIX (until someone makes its equivalent available there.)
- They don't want to break existing scripts and tools - which is something MS is very against. MS is all about legacy compatibility so even if they want to leave PS behind, it would go against their culture.
-
It's not that PS is bad, it's that PS isn't the generic command line tool that Windows has needed. BASH, ZSH or FISH would be the tool for that. I think that they are going to BASH for the recognition more than anything. ZSH clearly would make more sense technically.
I'd be surprised if ZSH and FISH weren't on Windows very soon.
-
I'm curious to know how much this increases the attack surface of the Windows platform. I'm in silent celebration at the idea of being able to access my Windows servers remotely via SSH, but I wonder how tight the integration really is with BASH and if that is REALLY a good thing... I mean, how many attack vectors does an already highly targeted closed system need?
-
@RamblingBiped said:
I'm curious to know how much this increases the attack surface of the Windows platform. I'm in silent celebration at the idea of being able to access my Windows servers remotely via SSH, but I wonder how tight the integration really is with BASH and if that is REALLY a good thing... I mean, how many attack vectors does an already highly targeted closed system need?
How does SSH increase the attack surface? It is another protocol, but do you leave your servers open to access from the public internet in the first place?
-
@scottalanmiller said:
BASH isn't a good answer because Linux used it. Linux chose it because it was a good answer. Decades of research, testing and use showed the Bourne Shell model to be a very, very good one. It has been honed to an incredible degree. It could be improved, for sure, and that's where ZSH and FISH come in. Still Bourne, but more advanced. Windows could have done that. Instead they decided to go out on a limb and forge their own path unlike what anyone else had seen work in almost five decades of shell design. It was bold, but it proved to not make sense, for the most part. They tried to take people who were GUI only and leap frog the simple, text work of UNIX to go to a powerful, but very difficult and non-intuitive object model and it was way too much for their community. PowerShell requires knowing a lot more up front than BASH. BASH you just work with what's on the screen. PS doesn't let you just pick it up and run.
I don't follow this - They both require you to learn a set of command, and the options that go with those commands.
Are you saying that the command that exist within BASH would have been enough to manage Windows? Wouldn't there have always been a need to create Windows unique command for say, interacting with the registry?
I'm guessing that by installing mySQL the command line commands are added to the BASH shell (and if not really added, they are in the PATH, so they just execute like any command line command does)? So installing Exchange for example would add the needed CLI commands, and the admins would need to learn them just like they learn mySQL commands.
Or am I completely off base, and there are no extra commands needed to administer mySQL other than what is included in BASH?
-
@JaredBusch said:
@RamblingBiped said:
I'm curious to know how much this increases the attack surface of the Windows platform. I'm in silent celebration at the idea of being able to access my Windows servers remotely via SSH, but I wonder how tight the integration really is with BASH and if that is REALLY a good thing... I mean, how many attack vectors does an already highly targeted closed system need?
How does SSH increase the attack surface? It is another protocol, but do you leave your servers open to access from the public internet in the first place?
It's not the SSH implementation that increases the attack surface, it's their implementation of BASH and specifically how it interfaces with the Windows side of things. I'm fairly ignorant of specifics in regards to how limited everything is in their BASH implementation and how it interfaces with the Windows kernel (standard WIndows API? an additional interface/api built on top?).
-
@Dashrender said:
@scottalanmiller said:
BASH isn't a good answer because Linux used it. Linux chose it because it was a good answer. Decades of research, testing and use showed the Bourne Shell model to be a very, very good one. It has been honed to an incredible degree. It could be improved, for sure, and that's where ZSH and FISH come in. Still Bourne, but more advanced. Windows could have done that. Instead they decided to go out on a limb and forge their own path unlike what anyone else had seen work in almost five decades of shell design. It was bold, but it proved to not make sense, for the most part. They tried to take people who were GUI only and leap frog the simple, text work of UNIX to go to a powerful, but very difficult and non-intuitive object model and it was way too much for their community. PowerShell requires knowing a lot more up front than BASH. BASH you just work with what's on the screen. PS doesn't let you just pick it up and run.
I don't follow this - They both require you to learn a set of command, and the options that go with those commands.
Are you saying that the command that exist within BASH would have been enough to manage Windows? Wouldn't there have always been a need to create Windows unique command for say, interacting with the registry?
I'm guessing that by installing mySQL the command line commands are added to the BASH shell (and if not really added, they are in the PATH, so they just execute like any command line command does)? So installing Exchange for example would add the needed CLI commands, and the admins would need to learn them just like they learn mySQL commands.
Or am I completely off base, and there are no extra commands needed to administer mySQL other than what is included in BASH?
It's like you said though... Commands to administer MySQL are generally just in the Path. So... Windows... Linux... shouldn't matter... mysql -h myserver -u myuser -pwouldn'tyouliketoknow should work the same on Windows as it would in LInux.
-
So other than SSH specifically - does PS not have a remote access port that can be secured and uses encryption? - are admins unhappy because they didn't have ls, grep, etc?
I hear about these shells, but I'm lost on the differences between them other than the built in commands they come with.
-
@JaredBusch said:
@RamblingBiped said:
I'm curious to know how much this increases the attack surface of the Windows platform. I'm in silent celebration at the idea of being able to access my Windows servers remotely via SSH, but I wonder how tight the integration really is with BASH and if that is REALLY a good thing... I mean, how many attack vectors does an already highly targeted closed system need?
How does SSH increase the attack surface? It is another protocol, but do you leave your servers open to access from the public internet in the first place?
And I did some quick googling to try and soften my ignorance and found this:
"Third, note that Bash and Linux tools cannot interact with Windows applications and tools, and vice-versa. So you won’t be able to run Notepad from Bash, or run Ruby in Bash from PowerShell." - https://blogs.windows.com/buildingapps/2016/03/30/run-bash-on-ubuntu-on-windows/
So if I am comprehending what I read properly it looks like this is a native BASH environment that is pretty well locked down and only intended for development. It can access Windows filesystems, but not applications. So currently not intended to be all that useful in regards to systems administration.
-
@RamblingBiped said:
So if I am comprehending what I read properly it looks like this is a native BASH environment that is pretty well locked down and only intended for development. It can access Windows filesystems, but not applications. So currently not intended to be all that useful in regards to systems administration.
It's a near literally as possible to WINE but for Linux apps on Windows.
-
@RamblingBiped said:
So currently not intended to be all that useful in regards to systems administration.
Hmmn, yeah. It doesn't look that useful. It certainly doesn't appear to be as bigger deal as the OP makes out.
-
@Carnival-Boy said:
@RamblingBiped said:
So currently not intended to be all that useful in regards to systems administration.
Hmmn, yeah. It doesn't look that useful. It certainly doesn't appear to be as bigger deal as the OP makes out.
I think he's somewhat pointing that out actually
-
Another discussion on the topic happening on the homelab subreddit:
https://www.reddit.com/r/homelab/comments/4dot5v/bash_on_windows_works_i_can_run_stuff_for_you/
-
Currently no SSH daemon available. So you can SSH from a Windows machine, but not to a Windows machine.
-
Anyone know if this is available on the LTS version?
