tyler.durden/Win32-OpenSSH
1
0
Fork 0
mirror of https://github.com/PowerShell/Win32-OpenSSH.git synced 2025-07-25 23:14:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Updated Install Win32 OpenSSH (markdown)

Manoj Ampalam 2018-01-19 19:22:34 -08:00
parent d9fc5eeeae
commit 6574e94d62
1 changed files with 1 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
Install-Win32-OpenSSH.md

@ -17,18 +17,6 @@ To figure out if this is the case, look for TCP port bindings on port 22 and the
* To use existing customized sshd_config, you need to copy it from binary location to %programdata%\ssh\sshd_config (Note that %programdata% is a hidden directory).
* To use existing host keys, you need to copy them from binary location to %programdata%\ssh\
* Prior versions required SSHD resources (sshd_config, host keys and authorized_keys) to have READ access to "NT Service\SSHD". This is no longer a requirement and the corresponding ACL entry should be removed. You may run Powershell.exe -ExecutionPolicy Bypass -Command '. .\FixHostFilePermissions.ps1 -Confirm:$false' (Note the first "." is a call operator.) to fix up these permissions.
1. Secure SSH host keys (optional)
* `Start-Service ssh-agent`
* Download psexec from [here](https://technet.microsoft.com/en-us/sysinternals/pstools)
* Launch cmd.exe as SYSTEM
* `psexec.exe -i -s cmd.exe`
* register host keys in above cmd.exe
* `ssh-add ssh_host_dsa_key`
* `ssh-add ssh_host_rsa_key`
* `ssh-add ssh_host_ecdsa_key`
* `ssh-add ssh_host_ed25519_key`
* Host private keys are now securely stored by ssh-agent, private key files can be deleted at this point.
[`sdelete`](https://docs.microsoft.com/en-us/sysinternals/downloads/sdelete) may be used to securely erase them.
1. Open the firewall for sshd.exe to allow inbound SSH connections
* `New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Service sshd -Enabled True -Direction Inbound -Protocol TCP -Action Allow`
@ -40,7 +28,7 @@ To figure out if this is the case, look for TCP port bindings on port 22 and the
1. Setup `sshd` and `ssh-agent` to auto-start (optional)
* `Set-Service sshd -StartupType Automatic`
* `Set-Service ssh-agent -StartupType Automatic`
1. Start the `sshd` and `ssh-agent`
1. Start `sshd`
* `net start sshd`
1. Configuring the default ssh shell (optional)