Forked from samhocevar/gist:00eec26d9e9988d080ac
Last active
January 13, 2024 21:28
-
-
Save jtattermusch/9c8d340120d820f482fa to your computer and use it in GitHub Desktop.
Configure sshd on MSYS2 and run it as a Windows service
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # | |
| # sshd setup script for gRPC Jenkins windows worker. | |
| # | |
| # Prerequisites: | |
| # — MSYS2 itself: http://sourceforge.net/projects/msys2/ | |
| # — admin tools: pacman -S openssh cygrunsrv mingw-w64-x86_64-editrights | |
| # | |
| # This script is a cleaned up and improved version of the procedure initially | |
| # found at https://ghc.haskell.org/trac/ghc/wiki/Building/Windows/SSHD | |
| # | |
| # Changelog: | |
| # 24 Aug 2015 — run server with -e to redirect logs to /var/log/sshd.log | |
| # | |
| set -e | |
| # | |
| # Configuration | |
| # | |
| PRIV_USER_PASSWORD="$1" | |
| PRIV_USER=jenkins # The script expects this user to already exist and to be admin. | |
| PRIV_NAME="Privileged user for sshd" | |
| UNPRIV_USER=sshd # DO NOT CHANGE; this username is hardcoded in the openssh code | |
| UNPRIV_NAME="Privilege separation user for sshd" | |
| EMPTY_DIR=/var/empty | |
| # | |
| # Check installation sanity | |
| # | |
| if ! /mingw64/bin/editrights -h >/dev/null; then | |
| echo "ERROR: Missing 'editrights'. Try: pacman -S mingw-w64-x86_64-editrights." | |
| exit 1 | |
| fi | |
| if ! cygrunsrv -v >/dev/null; then | |
| echo "ERROR: Missing 'cygrunsrv'. Try: pacman -S cygrunsrv." | |
| exit 1 | |
| fi | |
| if ! ssh-keygen -A; then | |
| echo "ERROR: Missing 'ssh-keygen'. Try: pacman -S openssh." | |
| exit 1 | |
| fi | |
| # set required privileges | |
| for flag in SeAssignPrimaryTokenPrivilege SeCreateTokenPrivilege \ | |
| SeTcbPrivilege SeServiceLogonRight; do | |
| if ! /mingw64/bin/editrights -a "${flag}" -u "${PRIV_USER}"; then | |
| echo "ERROR: Unable to give ${flag} rights to user ${PRIV_USER}" | |
| exit 1 | |
| fi | |
| done | |
| # | |
| # The unprivileged sshd user (for privilege separation) | |
| # | |
| add="$(if ! net user "${UNPRIV_USER}" >/dev/null; then echo "//add"; fi)" | |
| if ! net user "${UNPRIV_USER}" ${add} //fullname:"${UNPRIV_NAME}" \ | |
| //homedir:"$(cygpath -w ${EMPTY_DIR})" //active:no; then | |
| echo "ERROR: Unable to create Windows user ${PRIV_USER}" | |
| exit 1 | |
| fi | |
| # Add ForceCommand to ensure that all env vars will be available | |
| echo "ForceCommand /home/jenkins/ssh_command.sh" >> /etc/ssh/sshd_config | |
| # | |
| # Add or update /etc/passwd entries | |
| # | |
| touch /etc/passwd | |
| for u in "${UNPRIV_USER}"; do | |
| sed -i -e '/^'"${u}"':/d' /etc/passwd | |
| SED='/^'"${u}"':/s?^\(\([^:]*:\)\{5\}\).*?\1'"${EMPTY_DIR}"':/bin/false?p' | |
| mkpasswd -l -u "${u}" | sed -e 's/^[^:]*+//' | sed -ne "${SED}" \ | |
| >> /etc/passwd | |
| done | |
| # | |
| # Finally, register service with cygrunsrv and start it | |
| # | |
| cygrunsrv -R sshd || true | |
| cygrunsrv -I sshd -d "MSYS2 sshd" -p \ | |
| /usr/bin/sshd.exe -a "-D -e" -y tcpip -u "${PRIV_USER}" -w "${PRIV_USER_PASSWORD}" | |
| # The SSH service should start automatically when Windows is rebooted. You can | |
| # manually restart the service by running `net stop sshd` + `net start sshd` | |
| if ! net start sshd; then | |
| echo "ERROR: Unable to start sshd service" | |
| exit 1 | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
and how do I run notepad from it?