mirror of
https://github.com/PowerShell/Win32-OpenSSH.git
synced 2025-08-16 15:38:34 +02:00
72 lines
2.5 KiB
PowerShell
72 lines
2.5 KiB
PowerShell
# @manojampalam - authored initial script
|
|
# @friism - Fixed issue with invalid SDDL on Set-Acl
|
|
# @manojampalam - removed ntrights.exe dependency
|
|
# @bingbing8 - removed secedit.exe dependency
|
|
|
|
$scriptpath = $MyInvocation.MyCommand.Path
|
|
$scriptdir = Split-Path $scriptpath
|
|
|
|
$sshdpath = Join-Path $scriptdir "sshd.exe"
|
|
$sshagentpath = Join-Path $scriptdir "ssh-agent.exe"
|
|
$sshdir = Join-Path $env:ProgramData "\ssh"
|
|
$logsdir = Join-Path $sshdir "logs"
|
|
|
|
if (-not (Test-Path $sshdpath)) {
|
|
throw "sshd.exe is not present in script path"
|
|
}
|
|
|
|
if (Get-Service sshd -ErrorAction SilentlyContinue)
|
|
{
|
|
Stop-Service sshd
|
|
sc.exe delete sshd 1>$null
|
|
}
|
|
|
|
if (Get-Service ssh-agent -ErrorAction SilentlyContinue)
|
|
{
|
|
Stop-Service ssh-agent
|
|
sc.exe delete ssh-agent 1>$null
|
|
}
|
|
|
|
New-Service -Name ssh-agent -BinaryPathName `"$sshagentpath`" -Description "SSH Agent" -StartupType Manual | Out-Null
|
|
cmd.exe /c 'sc.exe sdset ssh-agent D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;RP;;;AU)'
|
|
|
|
New-Service -Name sshd -BinaryPathName `"$sshdpath`" -Description "SSH Daemon" -StartupType Manual | Out-Null
|
|
|
|
#create the ssh config folder and set its permissions
|
|
if(-not (test-path $sshdir -PathType Container))
|
|
{
|
|
$null = New-Item $sshdir -ItemType Directory -Force -ErrorAction Stop
|
|
}
|
|
$acl = Get-Acl -Path $sshdir
|
|
# following SDDL implies
|
|
# - owner - built in Administrators
|
|
# - disabled inheritance
|
|
# - Full access to System
|
|
# - Full access to built in Administrators
|
|
$acl.SetSecurityDescriptorSddlForm("O:BAD:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;AU)")
|
|
Set-Acl -Path $sshdir -AclObject $acl
|
|
|
|
# create logs folder and set its permissions
|
|
if(-not (test-path $logsdir -PathType Container))
|
|
{
|
|
$null = New-Item $logsdir -ItemType Directory -Force -ErrorAction Stop
|
|
}
|
|
$acl = Get-Acl -Path $logsdir
|
|
# following SDDL implies
|
|
# - owner - built in Administrators
|
|
# - disabled inheritance
|
|
# - Full access to System
|
|
# - Full access to built in Administrators
|
|
$acl.SetSecurityDescriptorSddlForm("O:BAD:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)")
|
|
Set-Acl -Path $logsdir -AclObject $acl
|
|
|
|
#copy sshd_config_default to $sshdir\sshd_config
|
|
$sshdconfigpath = Join-Path $sshdir "sshd_config"
|
|
$sshddefaultconfigpath = Join-Path $scriptdir "sshd_config_default"
|
|
if(-not (test-path $sshdconfigpath -PathType Leaf))
|
|
{
|
|
$null = Copy-Item $sshddefaultconfigpath -Destination $sshdconfigpath -ErrorAction Stop
|
|
}
|
|
|
|
Write-Host -ForegroundColor Green "sshd and ssh-agent services successfully installed"
|