From ebe15f72239c496e0028c053987d60ba730e9a5e Mon Sep 17 00:00:00 2001 From: Joey Aiello Date: Mon, 15 May 2017 14:44:22 -0700 Subject: [PATCH] Make some formatting fixes and clarifications based on internal feedback --- Install-Win32-OpenSSH.md | 70 ++++++++++++++++++++++------------------ 1 file changed, 39 insertions(+), 31 deletions(-) diff --git a/Install-Win32-OpenSSH.md b/Install-Win32-OpenSSH.md index 2725295..d721881 100644 --- a/Install-Win32-OpenSSH.md +++ b/Install-Win32-OpenSSH.md @@ -1,35 +1,41 @@ ## Install Win32 OpenSSH (test release) -* Download the [latest](https://github.com/PowerShell/Win32-OpenSSH/releases/latest/) build. To get links to latest downloads - see [here](https://github.com/PowerShell/Win32-OpenSSH/wiki/How-to-retrieve-links-to-latest-packages). A [Chocolatey package](https://chocolatey.org/packages/openssh) is also available if you prefer. For compat issues on Nano see [issues on Nano](https://github.com/PowerShell/Win32-OpenSSH/issues/234). See [here](https://github.com/PowerShell/Win32-OpenSSH/issues/332) for PS script to automate installation and configuration. -* Extract contents to `C:\Program Files\OpenSSH` -* Start Powershell as Administrator - * `cd 'C:\Program Files\OpenSSH'` -* On Windows 10, in developer mode, a different implementation of SSH exists in-box. Look for TCP port bindings on port 22 and these processes - “SSH Server Broker” and “SSH Server Proxy” - * `netstat -anop TCP` - * If you do see 22 occupied, [#610](https://github.com/PowerShell/Win32-OpenSSH/issues/610) has workarounds to deal with port conflict. -* Install sshd and ssh-agent services. - * `powershell -executionpolicy bypass -file install-sshd.ps1` -* Setup SSH host keys - * `.\ssh-keygen.exe -A`. -for instructions to set the right permissions on host keys. +* Download the [latest](https://github.com/PowerShell/Win32-OpenSSH/releases/latest/) build of OpenSSH. +To get links to latest downloads [this wiki page](https://github.com/PowerShell/Win32-OpenSSH/wiki/How-to-retrieve-links-to-latest-packages). +A [Chocolatey package](https://chocolatey.org/packages/openssh) is also available if you prefer using Chocolatey. +For compatibility issues on Nano see [issues on Nano](https://github.com/PowerShell/Win32-OpenSSH/issues/234). +If you're interested in a PowerShell script to automate installation and configuration check out [this issue](https://github.com/PowerShell/Win32-OpenSSH/issues/332). +* Extract contents of the latest build to `C:\Program Files\OpenSSH` +* Start Windows Powershell as Administrator +* Navigate to the OpenSSH directory + * `cd 'C:\Program Files\OpenSSH'` +* On Windows 10, if you've [enabled Developer Mode](https://docs.microsoft.com/en-us/windows/uwp/get-started/enable-your-device-for-development), you probably have another implementation of SSH installed on your machine. +To figure out if this is the case, look for TCP port bindings on port 22 and these services: “SSH Server Broker” and “SSH Server Proxy” + * `netstat -anop TCP` + * If you do see 22 occupied, [#610](https://github.com/PowerShell/Win32-OpenSSH/issues/610) has workarounds to deal with port conflict. +* Install `sshd` and `ssh-agent` services. + * `powershell -ExecutionPolicy Bypass -File install-sshd.ps1` +* Generate SSH host keys + * `.\ssh-keygen.exe -A` +* Check out [this wiki page][Secure file] for instructions on how to set proper permissions on these host keys. * Secure SSH host keys (optional) - * `Start-Service ssh-agent` - * download psexec from [here](https://technet.microsoft.com/en-us/sysinternals/pstools) - * launch cmd.exe as SYSTEM - `psexec.exe -i -s cmd.exe` - * register host keys in above cmd.exe - * `ssh-add ssh_host_dsa_key` - * `ssh-add ssh_host_rsa_key` - * `ssh-add ssh_host_ecdsa_key` - * `ssh-add ssh_host_ed25519_key` - * host private keys are now securely stored by ssh-agent, private key files can be removed at this point. -* Open Firewall - * `New-NetFirewallRule -Protocol TCP -LocalPort 22 -Direction Inbound -Action Allow -DisplayName SSH` -* Set sshd in auto-start mode and open up firewall (optional) - * `Set-Service sshd -StartupType Automatic` - * `Set-Service ssh-agent -StartupType Automatic` - * Make the service start on boot (PowerShell): `Set-Service sshd -StartupType Automatic` + * `Start-Service ssh-agent` + * Download psexec from [here](https://technet.microsoft.com/en-us/sysinternals/pstools) + * Launch cmd.exe as SYSTEM + * `psexec.exe -i -s cmd.exe` + * register host keys in above cmd.exe + * `ssh-add ssh_host_dsa_key` + * `ssh-add ssh_host_rsa_key` + * `ssh-add ssh_host_ecdsa_key` + * `ssh-add ssh_host_ed25519_key` + * Host private keys are now securely stored by ssh-agent, private key files can be deleted at this point. +* Open the firewall on TCP port 22 to allow inbound SSH connections + * `New-NetFirewallRule -Protocol TCP -LocalPort 22 -Direction Inbound -Action Allow -DisplayName SSH` +* Setup `sshd` and `ssh-agent` to auto-start (optional) + * `Set-Service sshd -StartupType Automatic` + * `Set-Service ssh-agent -StartupType Automatic` -`New-NetFirewallRule` is for servers only. If you're on a workstation try: +Note: `New-NetFirewallRule` is for servers only. If you're on a client desktop machine (like Windows 10) try: ``` netsh advfirewall firewall add rule name='SSH Port' dir=in action=allow protocol=TCP localport=22 @@ -37,9 +43,11 @@ netsh advfirewall firewall add rule name='SSH Port' dir=in action=allow protocol ## Uninstall Win32 OpenSSH -* Start Powershell as Administrator -* Uninstall - * `powershell.exe -executionpolicy bypass -file uninstall-sshd.ps1` +* Start Windows Powershell as Administrator +* Navigate to the OpenSSH directory + * `cd 'C:\Program Files\OpenSSH'` +* Run the uninstall script + * `powershell.exe -ExecutionPolicy Bypass -File uninstall-sshd.ps1` [Secure file]: https://github.com/PowerShell/Win32-OpenSSH/wiki/Security-protection-of-various-files-in-win32-openssh [build13]: https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v0.0.13.0 \ No newline at end of file