Skip to content

Latest commit

 

History

History
95 lines (85 loc) · 2.86 KB

README_OpenSSH.md

File metadata and controls

95 lines (85 loc) · 2.86 KB

  1. Remove the OS feature

    dism.exe /online /remove-capability /CapabilityName:OpenSSH.Client~~~~0.0.1.0

  2. Download the latest version of OpenSSH for windows from here.

  3. Extract the zip to the root of the C drive (for convenience)

    $archive = "${home}\downloads\OpenSSH-Win64.zip"
Expand-Archive -Path $archive -DestinationPath 'c:\'

  4. Set the permissions appropriately

    $ssh_path = "C:\OpenSSH-Win64"
$acl = Get-Acl $ssh_path

# Configure the owner
$owner = New-Object `
  -TypeName System.Security.Principal.NTAccount `
  -ArgumentList @("Builtin","Administrators")
$acl.SetOwner($owner)

# Give Builtin Administrators and SYSTEM full control
$rules = @{
  "BUILTIN\Administrators" = @{
    "Rights"      = @("FullControl")
    "Inheritance" = @("ContainerInherit","ObjectInherit")
    "Propagation" = @("None")
    "Type"        = "Allow"
  };
  "NT AUTHORITY\SYSTEM" = @{
    "Rights"      = @("FullControl")
    "Inheritance" = @("ContainerInherit","ObjectInherit")
    "Propagation" = @("None")
    "Type"        = "Allow"
  }
  "BUILTIN\Users" = @{
    "Rights"      = @("ReadAndExecute", "Synchronize")
    "Inheritance" = @("ContainerInherit","ObjectInherit")
    "Propagation" = @("None")
    "Type"        = "Allow"
  }
  "NT AUTHORITY\Authenticated Users" = @{
    "Rights"      = @("ReadAndExecute", "Synchronize")
    "Inheritance" = @("ContainerInherit","ObjectInherit")
    "Propagation" = @("None")
    "Type"        = "Allow"
  }
}
foreach($r in $rules.GetEnumerator()) {
  $name = $r.Key
  $data = $r.Value
  $args = @(
    $name,
    $data.Rights,
    $data.Inheritance
    $data.Propagation
    $data.Type
  )
  $rule = New-Object `
    -TypeName System.Security.AccessControl.FileSystemAccessRule `
    -ArgumentList $args
  $acl.SetAccessRule($rule)
}

# Disable inheritance without preserving rules
$acl.SetAccessRuleProtection($True, $False)

Set-Acl -Path $ssh_path -AclObject $acl

  5. Add the new location to the system path.

    $new_path = $ssh_path
$target = [EnvironmentVariableTarget]::Machine
$current_path = [Environment]::GetEnvironmentVariable(
  "Path",
  $target)
$new_pattern = [regex]::Escape($new_path)
if ($current_path -notmatch $new_pattern) {
    Write-Host "Adding '${new_path}' to User Path"
    [Environment]::SetEnvironmentVariable(
       "Path",
        "${current_path};${new_path}",
        $target)
}

  6. Finally, install the services

    powershell.exe -ExecutionPolicy Bypass -File $ssh_path\install-sshd.ps1