I agree that it is wise to be skeptical about adding the ssh plugin due to known security vulnerabilities (SECURITY-2093 and SECURITY-2315).
As far as I know, there is nothing in the ssh plugin that will allow a shell step (“sh”) to run on Windows computers. I’m surprised that installing the ssh plugin made any change to how Pipeline steps execute on Windows agents.
Windows agents almost always use “bat” and “powershell” steps to perform their operations. Some users may have found ways to configure their Windows computers to also include a program that is compatible with “sh” and runs on Windows, but that is not the typical way that Windows agents are used.