Windows/SSH
< Windows
Chocolatey
Set-ExecutionPolicy Bypass -Scope Process -Force [System.Net.ServicePointManager]::SecurityProtocol = 3072 iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1')) $env:chocolateyUseWindowsCompression = 'true' choco install -y openssh -params '"/SSHServerFeature"'
Config
C:\ProgramData\ssh
sshd_config: AuthorizedKeysFile .ssh/authorized_keys
Match Group administrators AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
SSH Keys
For standard users:
%USERPROFILE%/.ssh/authorized_keys
For users who are administrators, they must put their keys in
C:\ProgramData\ssh\administrators_authorized_keys
%PROGRAMDATA%\ssh\administrators_authorized_keys %ALLUSERSPROFILE%\ssh\administrators_authorized_keys
Fix the permissions with Powershell:
$acl = Get-Acl C:\ProgramData\ssh\administrators_authorized_keys $acl.SetAccessRuleProtection($true, $false) $administratorsRule = New-Object system.security.accesscontrol.filesystemaccessrule("Administrators","FullControl","Allow") $systemRule = New-Object system.security.accesscontrol.filesystemaccessrule("SYSTEM","FullControl","Allow") $acl.SetAccessRule($administratorsRule) $acl.SetAccessRule($systemRule) $acl | Set-Acl
ref: https://www.concurrency.com/blog/may-2019/key-based-authentication-for-openssh-on-windows
Ansible
- name: Install openssh win_chocolatey: name: openssh package_params: /SSHServerFeature state: present tags: openssh