Difference between revisions of "Openssh windows"
Jump to navigation
Jump to search
| (4 intermediate revisions by the same user not shown) | |||
| Line 11: | Line 11: | ||
``` | ``` | ||
New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force | New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force | ||
| + | Set-Service -Name sshd -StartupType Automatic | ||
| + | start-service sshd | ||
``` | ``` | ||
| − | Fix Permissions | + | # Fix SSH Authorized Keys Permissions |
| + | |||
| + | ## Short version | ||
``` | ``` | ||
| + | $authorizedKey="ssh-ed25519 AAAAC3Nza you key..." | ||
| + | New-Item -Force -ItemType Directory -Path $env:USERPROFILE\.ssh; Add-Content -Force -Path C:\ProgramData\ssh\administrators_authorized_keys -Value "$authorizedKey" | ||
| + | get-acl C:\ProgramData\ssh\ssh_host_dsa_key | set-acl C:\ProgramData\ssh\administrators_authorized_keys | ||
| + | ``` | ||
| + | |||
| + | ## Long version | ||
| + | https://superuser.com/questions/1445976/windows-ssh-server-refuses-key-based-authentication-from-client | ||
| + | |||
https://stackoverflow.com/questions/16212816/setting-up-openssh-for-windows-using-public-key-authentication | https://stackoverflow.com/questions/16212816/setting-up-openssh-for-windows-using-public-key-authentication | ||
| + | ``` | ||
| + | # New-Item -Force -ItemType Directory -Path $env:USERPROFILE\.ssh; Add-Content -Force -Path $env:USERPROFILE\.ssh\authorized_keys -Value "$authorizedKey" | ||
| + | $authorizedKey="ssh-ed25519 AAAAC3Nza you key..." | ||
| + | New-Item -Force -ItemType Directory -Path $env:USERPROFILE\.ssh; Add-Content -Force -Path C:\ProgramData\ssh\administrators_authorized_keys -Value "$authorizedKey" | ||
| + | $acl = Get-Acl C:\ProgramData\ssh\administrators_authorized_keys | ||
| + | $acl.SetAccessRuleProtection($true, $false) | ||
| + | $administratorsRule = New-Object system.security.accesscontrol.filesystemaccessrule("Administrators","FullControl","Allow") | ||
| + | $systemRule = New-Object system.security.accesscontrol.filesystemaccessrule("SYSTEM","FullControl","Allow") | ||
| + | $acl.SetAccessRule($administratorsRule) | ||
| + | $acl.SetAccessRule($systemRule) | ||
| + | $acl | Set-Acl | ||
``` | ``` | ||
Latest revision as of 15:58, 12 November 2023
https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_server_configuration
https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_keymanagement
Add-WindowsCapability -Online -Name OpenSSH.Serve\~\~\~\~0.0.1.0 Add-WindowsCapability -Online -Name OpenSSH.Client\~\~\~\~0.0.1.0
New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force Set-Service -Name sshd -StartupType Automatic start-service sshd
Fix SSH Authorized Keys Permissions
Short version
$authorizedKey="ssh-ed25519 AAAAC3Nza you key..." New-Item -Force -ItemType Directory -Path $env:USERPROFILE\.ssh; Add-Content -Force -Path C:\ProgramData\ssh\administrators_authorized_keys -Value "$authorizedKey" get-acl C:\ProgramData\ssh\ssh_host_dsa_key | set-acl C:\ProgramData\ssh\administrators_authorized_keys
Long version
# New-Item -Force -ItemType Directory -Path $env:USERPROFILE\.ssh; Add-Content -Force -Path $env:USERPROFILE\.ssh\authorized_keys -Value "$authorizedKey"
$authorizedKey="ssh-ed25519 AAAAC3Nza you key..."
New-Item -Force -ItemType Directory -Path $env:USERPROFILE\.ssh; Add-Content -Force -Path C:\ProgramData\ssh\administrators_authorized_keys -Value "$authorizedKey"
$acl = Get-Acl C:\ProgramData\ssh\administrators_authorized_keys
$acl.SetAccessRuleProtection($true, $false)
$administratorsRule = New-Object system.security.accesscontrol.filesystemaccessrule("Administrators","FullControl","Allow")
$systemRule = New-Object system.security.accesscontrol.filesystemaccessrule("SYSTEM","FullControl","Allow")
$acl.SetAccessRule($administratorsRule)
$acl.SetAccessRule($systemRule)
$acl | Set-Acl