Windows/SSH

Enable SSH

How to SSH into Windows 10 or 11?
https://gist.github.com/teocci/5a96568ab9bf93a592d7a1a237ebb6ea

Powershell:

Add-WindowsCapability -Online -Name OpenSSH.Server*

Enable Firewall Rule:

New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22

Chocolatey

Set-ExecutionPolicy Bypass -Scope Process -Force
[System.Net.ServicePointManager]::SecurityProtocol = 3072
iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))


$env:chocolateyUseWindowsCompression = 'true'
choco install -y openssh -params '"/SSHServerFeature"'

Config

C:\ProgramData\ssh

sshd_config:
 AuthorizedKeysFile	.ssh/authorized_keys

Match Group administrators
       AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

SSH Keys

For standard users:

%USERPROFILE%/.ssh/authorized_keys

For users who are administrators, they must put their keys in

C:\ProgramData\ssh\administrators_authorized_keys

%PROGRAMDATA%\ssh\administrators_authorized_keys
%ALLUSERSPROFILE%\ssh\administrators_authorized_keys

Fix the permissions with Powershell:

$acl = Get-Acl C:\ProgramData\ssh\administrators_authorized_keys
$acl.SetAccessRuleProtection($true, $false)
$administratorsRule = New-Object system.security.accesscontrol.filesystemaccessrule("Administrators","FullControl","Allow")
$systemRule = New-Object system.security.accesscontrol.filesystemaccessrule("SYSTEM","FullControl","Allow")
$acl.SetAccessRule($administratorsRule)
$acl.SetAccessRule($systemRule)
$acl | Set-Acl

ref: https://www.concurrency.com/blog/may-2019/key-based-authentication-for-openssh-on-windows

Ansible

- name: Install openssh
  win_chocolatey:
    name: openssh
    package_params: /SSHServerFeature
    state: present
  tags: openssh

ref: https://curiousdba.netlify.app/post/windowsopenssh/