Windows/SSH

From Omnia
Jump to navigation Jump to search

Chocolatey

Set-ExecutionPolicy Bypass -Scope Process -Force
[System.Net.ServicePointManager]::SecurityProtocol = 3072
iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))


$env:chocolateyUseWindowsCompression = 'true'
choco install -y openssh -params '"/SSHServerFeature"'

Config

C:\ProgramData\ssh
sshd_config:
 AuthorizedKeysFile	.ssh/authorized_keys
Match Group administrators
       AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

SSH Keys

For standard users:

%USERPROFILE%/.ssh/authorized_keys

For users who are administrators, they must put their keys in

C:\ProgramData\ssh\administrators_authorized_keys
%PROGRAMDATA%\ssh\administrators_authorized_keys
%ALLUSERSPROFILE%\ssh\administrators_authorized_keys


Fix the permissions with Powershell:

$acl = Get-Acl C:\ProgramData\ssh\administrators_authorized_keys
$acl.SetAccessRuleProtection($true, $false)
$administratorsRule = New-Object system.security.accesscontrol.filesystemaccessrule("Administrators","FullControl","Allow")
$systemRule = New-Object system.security.accesscontrol.filesystemaccessrule("SYSTEM","FullControl","Allow")
$acl.SetAccessRule($administratorsRule)
$acl.SetAccessRule($systemRule)
$acl | Set-Acl

ref: https://www.concurrency.com/blog/may-2019/key-based-authentication-for-openssh-on-windows

Ansible

- name: Install openssh
  win_chocolatey:
    name: openssh
    package_params: /SSHServerFeature
    state: present
  tags: openssh

ref: https://curiousdba.netlify.app/post/windowsopenssh/