{"id":13217,"date":"2017-05-01T11:02:55","date_gmt":"2017-05-01T19:02:55","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/powershell\/?p=13217"},"modified":"2019-02-18T12:38:00","modified_gmt":"2019-02-18T19:38:00","slug":"openssh-security-testing-kick-off","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/powershell\/openssh-security-testing-kick-off\/","title":{"rendered":"OpenSSH Security Testing Kick Off"},"content":{"rendered":"<p>Over the past while, we\u2019ve been very busy <a href=\"https:\/\/blogs.msdn.microsoft.com\/powershell\/2015\/06\/03\/looking-forward-microsoft-support-for-secure-shell-ssh\/\">porting OpenSSH to Win32<\/a>. We\u2019ve been working with the OpenSSH community in our <a href=\"https:\/\/github.com\/PowerShell\/Win32-OpenSSH\">GitHub repository<\/a>, and are nearing a point where we are taking steps to make it production ready.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/cuongquach.com\/wp-content\/uploads\/2016\/12\/openssh-logo.png\" alt=\"Image result for openssh logo\" class=\"aligncenter\" \/><\/p>\n<p>Security is obviously something that we have focused on during every phase of the project. As part of this production readiness phase, however, we are additionally funding an extensive penetration test. We have engaged <a href=\"https:\/\/casaba.com\/\">Casaba Security<\/a> as part of this effort, who will be digging deep into the implementation over the next 1-2 months.<\/p>\n<p>As with all aspects of this project, one of our main goals is to contribute to the OpenSSH community as a whole, not just to create a Microsoft fork. As such, the scope of this analysis will include Microsoft contributions, but will dedicate significant time to OpenSSH core as well.<\/p>\n<p>We will of course share the findings and final report from this review with the community.<\/p>\n<h2>Please Join Us!<\/h2>\n<p>As part of this phase, we\u2019d love your participation, as well!<\/p>\n<p>We\u2019re keeping <a href=\"https:\/\/github.com\/PowerShell\/Win32-OpenSSH\/wiki\/About-Win32-OpenSSH-and-Design-Details\">extensive design documentation<\/a> for all decisions we\u2019ve been making, especially security-sensitive ones. We\u2019ve been tracking <a href=\"https:\/\/github.com\/PowerShell\/Win32-OpenSSH\/issues?utf8=%E2%9C%93&amp;q=security\">security discussions and issues<\/a> as they arise. And there\u2019s code. <a href=\"https:\/\/github.com\/PowerShell\/Win32-OpenSSH\">Lots of it<\/a> J<\/p>\n<p>We\u2019d appreciate any expertise you\u2019d like to contribute: security design reviews, security code reviews, security fixes for open issues, security testing, fuzzing, you name it. And don\u2019t limit yourself to the Windows parts \u2013 findings in any aspect of OpenSSH improve the security of the whole community and industry.<\/p>\n<h2>Reporting Issues<\/h2>\n<p>If you think you\u2019ve found a security vulnerability, please follow the <a href=\"https:\/\/www.openssh.com\/report.html\">OpenSSH reporting guidance<\/a> by sending an email to <a href=\"mailto:openssh@openssh.com\">openssh@openssh.com<\/a>.<\/p>\n<p>If you\u2019ve got other forms of security feedback (for example, design feedback or defence-in-depth feedback), please use the [Security] prefix and file a <a href=\"https:\/\/github.com\/PowerShell\/Win32-OpenSSH\/issues\">GitHub issue<\/a>.<\/p>\n<p>&nbsp;<\/p>\n<p>We look forward to your feedback!<\/p>\n<p>&nbsp;<\/p>\n<p>Lee Holmes\nPrincipal Security Architect\nAzure Management<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Over the past while, we\u2019ve been very busy porting OpenSSH to Win32. We\u2019ve been working with the OpenSSH community in our GitHub repository, and are nearing a point where we are taking steps to make it production ready. Security is obviously something that we have focused on during every phase of the project. As part [&hellip;]<\/p>\n","protected":false},"author":600,"featured_media":13641,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-13217","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-powershell"],"acf":[],"blog_post_summary":"<p>Over the past while, we\u2019ve been very busy porting OpenSSH to Win32. We\u2019ve been working with the OpenSSH community in our GitHub repository, and are nearing a point where we are taking steps to make it production ready. Security is obviously something that we have focused on during every phase of the project. As part [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/posts\/13217","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/users\/600"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/comments?post=13217"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/posts\/13217\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/media\/13641"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/media?parent=13217"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/categories?post=13217"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/tags?post=13217"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}