# Win10XPE : Enable SSH Server with Public Key Authentication

1. Kyhi said:
If this is something you would to see as part of the project - please forward the script
The script is still being tested. It isn't fully automated yet. I suppose RoyM should release it. Thanks!

-Gamma
My Computer

2. Hey GammaP, Glad it all worked.
One question about a comment you said:
"Later I found that the netsh advfirewall context is not available. That's the reason the firewall rules are not added."

Were you talking about some of the commands in OpenSSH.cmd:
:: *** Set firewall rules *******************************************
netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=yes
netsh advfirewall firewall set rule group="Network Discovery" new enable=Yes

Also, Keep all your files in X:\ProgramData\OpenSSH, X:\Windows\System32\OpenSSH,
X:\Users\Default\ssh <-- IF you logon as System
If you add/attach your cert files to the script, it will extract them to the right place.
And set the permissions, Read the instructions for how.

@Kyhi, Of course it should be added, Any Self-respecting Tech would want this tool in their toolbox
But, it seems there's may be a bug I may need to work out in the OpenSSH.cmd.
I need some more input from GammaP.
If you like, I can send you a link, so that you can play with it,
but I can't send private messages, can you maybe fix that please.

@ALL
My biggest issue is with creating the sshd user from command line.
In a FULL Win10 Install, the sshd Account belongs to NO groups,
Not even the User group, and therefore it does not show up on Login screen.

IN Booted Win10XPE: After I fixed the lusrmgr.msc plugin, I was able to accomplish it, just not from command line yet.
lusrmgr.msc\Users\right-click new user\User name= sshd, Full name= sshd, password= sshd, checked= never expire ONLY
It will throw an error but still create sshd user, it belongs to NO Groups.

IN Full 10: lusrmg.msc\Users\right-click new user\User name= sshd, Full name= sshd, password= sshd, checked= never expire ONLY,
Open up the new sshd user,open 'Member of' Tab, Select Users, Remove

Any help or tips are welcome.

Regards
RoyM

- - - Updated - - -

I am still having difficulty sending a pm.
I have the .script .zipped up and ready to go.

Regards
RoyM

- - - Updated - - -
@Kyhi I am having difficulties trying to PM or communicate discretely.
I am ready to share the .script with you for testing, and assistance.
I think GammaP communicated with me through public messages first time, and
I was able to communicate with him, perhaps we could try that.
I am getting frustrated with my inabilties to communicate.
Regards
RoyM
My Computer

3. ## netsh advfirewall and authorized_keys location

Hello RoyM,

Thank you for the reply. He is my response to that.

1.

RoyM said:
Were you talking about some of the commands in OpenSSH.cmd : ....

Yes. Maybe, my build is missing netsh advfirewall context ....?

2.

RoyM said:
Also, Keep all your files in X:\ProgramData\OpenSSH, X:\Windows\System32\OpenSSH,
X:\Users\Default\ssh <-- IF you logon as System
If you add/attach your cert files to the script, it will extract them to the right place.
And set the permissions, Read the instructions for how.

I haven't got a certificate. All that I have is a public-private key pair. The script is looking for authorized_keys in X:\Windows\.ssh\authorized_keys . Is this intended behaviour? I agree that certificates is a better way to organise the credentials. But a simpler option will be nice to have.

Hope my clarifications help. Thank you!

-Gamma
My Computer

4. I believe you need 10 posts before you are allowed to send Messages
My Computer

5. I have added some error checking to OpenSSH.cmd.
I feel that it is safer to release to general public.

OpenSSH.cmd is the batch file that launches OpenSSH in a PE Environment,
it uses setacle.exe in a for loop,
that if not used as intended could seriously hose System Files.

I Intend to release OpenSSH.script with the wishes that it will fall into supportive hands.
So that we may develop this .script for all that wish to build.

I still have some minor errors/issues, that I have added as notes in the .script.

Shamelessly I need to reach 10 posts so that I may acquire PM privileges.
So If I double post, or perhaps post some jibberish,

Regards
RoyM

- - - Updated - - -

Shameless Post.

- - - Updated - - -

Me Again.

- - - Updated - - -

Regards
RoyM

- - - Updated - - -

RoyM said:
I have added some error checking to OpenSSH.cmd.
I feel that it is safer to release to general public.

OpenSSH.cmd is the batch file that launches OpenSSH in a PE Environment,
it uses setacle.exe in a for loop,
that if not used as intended could seriously hose System Files.

I Intend to release OpenSSH.script with the wishes that it will fall into supportive hands.
So that we may develop this .script for all that wish to build.

I still have some minor errors/issues, that I have added as notes in the .script.

Shamelessly I need to reach 10 posts so that I may acquire PM privileges.
So If I double post, or perhaps post some jibberish,

Regards
RoyM

- - - Updated - - -

Shameless Post.

- - - Updated - - -

Me Again.

- - - Updated - - -

Regards
RoyM
Quoting Self
WhoHooo

- - - Updated - - -

Regards
RoyM
My Computer

6. Thanks RoyM ! Wonderful news indeed.
-Gamma
My Computer

7. @RoyM
You need to clear some things out of your Mailbox (message limit exceeded)

Here are the results when testing Edited Script running within booted Win10XPE (Basic Build > Requires MS Powershell) Windows 10 20H1

Cmd - error messages (need to run "netsh" from System32 not system32/openssh (also requires system file > Timeout )
Regshot - after running openssh-start
Reg Import file (to avoid penalty)
my SSH host keys (Registry also contains OpenSSH Key entries)

PM me for link to files...........

My Computer

Related Discussions
Our Sites