3

In Windows Server 2019, SSH is fully supported by Microsoft. From PuTTY I SSHd into a Windows Server 2019 machine, logged on, and it gave me a cmd. While I did this I also had a RDP session to the Server. Both using the same user.

In the SSH session, I typed Notepad; When you do this in a RDP session, it just opens up a Notepad. Here it did nothing BUT if I looked in Task Manager, there was indeed a new Notepad process with the same user I have in the SSH session and the RDP connection.

My question is: What is happening? I understand that since there is no GUI, Notepad cannot appear thru the SSH session but where is it stored? Is there any way to display it when I RDP back in?

riahc3
  • 506
  • 4
  • 11
  • 28

1 Answers1

1

EDIT: Thank you to Harry Johnston for helping me realize this. I am correcting my answer to reflect the accuracy of what actually happens. Refer the comments of this answer for more information. However, the gist of it all is that if you run a process logged in as SSH, regardless of the security context that the process is run in, the process is run under conhost.exe / the command line. As such, it actually doesn't appear on the desktop of the user, but rather runs under and is owned by the command line service, if that makes sense. There are plenty more people more talented than myself in Windows system administration, but I felt it was my duty to correct the answer before stirring up more confusion.

Thank you once more to Harry for making me aware of this! We all learn something every day! :D

I've attached a photo of Process Explorer to help make more sense of it all.

enter image description here

Original Answer: It did what it does normally - it opened the Notepad process on the user's desktop. Just because you are in a terminal session and you cannot view the desktop doesn't mean that the desktop is not active, just that it is not showing.

I would bet with a very high certainty that if you did that and went back to the server through an RDP or a local session and logged back into the user account, that you would see the Notepad window. The process is running on the user's graphical desktop, but you can't see it through the SSH session for obvious reasons.

kelvintechie
  • 373
  • 1
  • 10
  • I don't know for sure, but I think it unlikely that the SSH service goes to the trouble of setting up an RDP session for the user that they could then connect to. My guess is that in this scenario notepad is running on a non-interactive desktop, probably belonging to a system service. Shouldn't be too hard to check what happens, Process Explorer (available from the MS web site) should do the trick. – Harry Johnston Feb 05 '19 at 02:19
  • I don't exactly understand the premise of your comment. I never said that the SSH service opens up an RDP session for the user. I said that if a user were to RDP to the system after running Notepad through SSH, then they would see Notepad on the desktop. When you log into SSH, you're logging in with your own administrator account and as such, all commands originate from your account. Therefore, it shouldn't be executing processes owned by a system service. The user's desktop is active regardless of what connection method you use (i.e. RDP, SSH, terminal session, etc.). Could be wrong though. – kelvintechie Feb 05 '19 at 03:20
  • Doesn't work that way. By default, processes inherit the desktop of the parent process, regardless of what security context they are run in. And when you log in via RDP (or at the physical console) a new desktop is created for you, even if there are existing desktops already belonging to you - the only exception is that if you already have an existing RDP session you may be reconnected to that. – Harry Johnston Feb 05 '19 at 04:11
  • ... but I don't have a Windows Server 2019 server to try this on. While I'd be astonished if it behaved any differently to previous versions of Windows, it wouldn't be the first time Microsoft has surprised me. :-) – Harry Johnston Feb 05 '19 at 04:12
  • That hasn’t been how it’s worked for me in Win Server 2016... maybe I ought to try this in a WS2019 VM, time permitting. I’ll report back, I’m actually really interested in this. It would seem logical though that a process run by a user logged in through SSH would belong to that user, but you could just as easily be right. :) – kelvintechie Feb 05 '19 at 05:42
  • Refer to my edited answer, Harry. Turns out you were right. I guess we all learn something every day! :D - Thanks so much! – kelvintechie Feb 05 '19 at 06:25