Skip to content

Instantly share code, notes, and snippets.

@valorad
Created June 5, 2022 13:41
Show Gist options
  • Save valorad/b606259077b0a487783c5535b98ef960 to your computer and use it in GitHub Desktop.
Save valorad/b606259077b0a487783c5535b98ef960 to your computer and use it in GitHub Desktop.
OpenSSH Instructions

Linux

ssh-keygen -t ed25519

cat ~/.ssh/id_ed25519.pub > ~/.ssh/authorized_keys
chmod 700 ~/.ssh
chmod 400 ~/.ssh/authorized_keys
chmod 400 ~/.ssh/id_ed25519

Windows

(Admin Powershell)

  • Check if server is installed
Get-WindowsCapability -Online | ? Name -like 'OpenSSH*'
  • If not, make sure Windows Update is enabled, then install by:
Add-WindowsCapability -Online -Name OpenSSH.Server
  • Start the sshd service
Start-Service sshd
Set-Service -Name sshd -StartupType 'Automatic'
  • Configure firewall
Get-NetFirewallRule -Name *ssh*
  • If the firewall does not exist, create one
New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
  • Generate ssh key pair
ssh-keygen -t ed25519
cp ~/.ssh/id_ed25519.pub C:\ProgramData\ssh\administrators_authorized_keys
  • Fix Permission: Disable inheritance, only system full control and admin full control, delete the rest.

    • => svcore (powershell, no GUI)

    • Check current permissions

    $path = 'C:\ProgramData\ssh\administrators_authorized_keys'
    $acl = Get-ACL -Path $path
    $acl | fl
    
    • disable folder inheritance
    $acl.SetAccessRuleProtection($True, $True)
    # the first $True shows if the folder is protected, the second $True specifies if the current NTFS permissions have to be copied
    Set-Acl -Path $path -AclObject $acl
    
    • remove the NTFS permission to access a folder for a user
    $acl = Get-Acl $path
    $rules = $acl.Access | where IsInherited -eq $false
    $targetrule = $rules | where IdentityReference -eq "NT AUTHORITY\Authenticated Users"
    $acl.RemoveAccessRule($targetrule)
    $acl | Set-Acl -Path $path
    
    • Check result
    Get-ACL -Path $path | fl
    
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment