Windows Server 2016 and SSH SL3 Environment

Hi All

Our use case is very specific. We are looking at an isolated, country-wide network that has around 500 workstations and 1300 servers that control highly critical assets.
Every Machine runs a hardened Windows Server 2016 OS with a custom shell. There is no AD, DNS, PKI. Everything is IP based.

The custom OS Setup, i.e., already contains extensive local policy settings, many of which apply to WinRM.
A lot of manual work would have to be accomplished to re-configure towards a working WinRM as any change also goes through the authorities, not to mention the time and planning required as downtime is basically non-existent.

As an alternative, is there an SSH Server that we could deploy on Windows Server 2016 and that would be supported with a i.e. Red Hat Ansible Control Host coupled with Ansible Engine Enterprise Support?

I understand that this is a technical and licensing question, but some guidance on the technical feasibility would be highly appreciated.

Kind Regards
Lukas

The only working SSH server is https://github.com/PowerShell/Win32-OpenSSH but this is really experimental and it was only working since Ansible 2.8. You can try it out but it won’t be supported under the Ansible Engine agreement.

Putting that aside if you are planning on adding an SSH server to your Windows hosts then surely that would require approval and planning as well. It’s adding another remote login vector that under a hardened environment a security team surely wouldn’t agree to it unless there was a strong business case. If you wanted to go the supported route I strongly suggest you work on WinRM. Unless those policies are disabling WinRM then Ansible should still work with it.

Thanks

Jordan