Win10XPE : Enable SSH Server with Public Key Authentication

Page 2 of 2 FirstFirst 12

  1. Posts : 38
    Win10 Enterprise 22H2
    Thread Starter
       #11

    Kyhi said:
    If this is something you would to see as part of the project - please forward the script
    The script is still being tested. It isn't fully automated yet. I suppose RoyM should release it. Thanks!


    -Gamma
      My Computer


  2. Posts : 5
    10 x64
       #12

    Hey GammaP, Glad it all worked.
    One question about a comment you said:
    "Later I found that the netsh advfirewall context is not available. That's the reason the firewall rules are not added."

    Were you talking about some of the commands in OpenSSH.cmd:
    :: *** Set firewall rules *******************************************
    netsh advfirewall firewall add rule name=sshd dir=in action=allow protocol=TCP localport=22
    netsh advfirewall firewall add rule name=sshd dir=in action=allow protocol=UDP localport=22
    netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=yes
    netsh advfirewall firewall set rule group="Network Discovery" new enable=Yes

    Also, Keep all your files in X:\ProgramData\OpenSSH, X:\Windows\System32\OpenSSH,
    X:\Users\Default\ssh <-- IF you logon as System
    X:\Users\Administrator\ssh <-- IF you logon as Admin
    Nowhere else, it is a permission thing, "ONLY" 'SYSTEM and Administrators' have access to these folders.
    If you add/attach your cert files to the script, it will extract them to the right place.
    And set the permissions, Read the instructions for how.

    @Kyhi, Of course it should be added, Any Self-respecting Tech would want this tool in their toolbox
    But, it seems there's may be a bug I may need to work out in the OpenSSH.cmd.
    I need some more input from GammaP.
    If you like, I can send you a link, so that you can play with it,
    but I can't send private messages, can you maybe fix that please.

    @ALL
    My biggest issue is with creating the sshd user from command line.
    In a FULL Win10 Install, the sshd Account belongs to NO groups,
    Not even the User group, and therefore it does not show up on Login screen.

    IN Booted Win10XPE: After I fixed the lusrmgr.msc plugin, I was able to accomplish it, just not from command line yet.
    lusrmgr.msc\Users\right-click new user\User name= sshd, Full name= sshd, password= sshd, checked= never expire ONLY
    It will throw an error but still create sshd user, it belongs to NO Groups.

    IN Full 10: lusrmg.msc\Users\right-click new user\User name= sshd, Full name= sshd, password= sshd, checked= never expire ONLY,
    Open up the new sshd user,open 'Member of' Tab, Select Users, Remove

    Any help or tips are welcome.

    Regards
    RoyM

    - - - Updated - - -

    I got your PM Kyhi.
    I am still having difficulty sending a pm.
    I have the .script .zipped up and ready to go.
    I can provide a link to you, but privately please.

    Regards
    RoyM

    - - - Updated - - -
    @Kyhi I am having difficulties trying to PM or communicate discretely.
    I am ready to share the .script with you for testing, and assistance.
    I think GammaP communicated with me through public messages first time, and
    I was able to communicate with him, perhaps we could try that.
    I am getting frustrated with my inabilties to communicate.
    Regards
    RoyM
      My Computer


  3. Posts : 38
    Win10 Enterprise 22H2
    Thread Starter
       #13

    netsh advfirewall and authorized_keys location


    Hello RoyM,

    Thank you for the reply. He is my response to that.


    1.

    RoyM said:
    Were you talking about some of the commands in OpenSSH.cmd : ....

    Yes. Maybe, my build is missing netsh advfirewall context ....?


    2.

    RoyM said:
    Also, Keep all your files in X:\ProgramData\OpenSSH, X:\Windows\System32\OpenSSH,
    X:\Users\Default\ssh <-- IF you logon as System
    X:\Users\Administrator\ssh <-- IF you logon as Admin
    Nowhere else, it is a permission thing, "ONLY" 'SYSTEM and Administrators' have access to these folders.
    If you add/attach your cert files to the script, it will extract them to the right place.
    And set the permissions, Read the instructions for how.

    I haven't got a certificate. All that I have is a public-private key pair. The script is looking for authorized_keys in X:\Windows\.ssh\authorized_keys . Is this intended behaviour? I agree that certificates is a better way to organise the credentials. But a simpler option will be nice to have.


    Hope my clarifications help. Thank you!


    -Gamma
      My Computer


  4. Posts : 3,963
    Windows 3.1 to Windows 11
       #14

    I believe you need 10 posts before you are allowed to send Messages
      My Computer


  5. Posts : 5
    10 x64
       #15

    I have added some error checking to OpenSSH.cmd.
    I feel that it is safer to release to general public.

    OpenSSH.cmd is the batch file that launches OpenSSH in a PE Environment,
    it uses setacle.exe in a for loop,
    that if not used as intended could seriously hose System Files.

    I Intend to release OpenSSH.script with the wishes that it will fall into supportive hands.
    So that we may develop this .script for all that wish to build.

    I still have some minor errors/issues, that I have added as notes in the .script.

    Shamelessly I need to reach 10 posts so that I may acquire PM privileges.
    So If I double post, or perhaps post some jibberish,
    I apologize in advance.

    Regards
    RoyM

    - - - Updated - - -

    Shameless Post.


    - - - Updated - - -

    Me Again.

    - - - Updated - - -

    Getting reply count up.
    Regards
    RoyM

    - - - Updated - - -

    RoyM said:
    I have added some error checking to OpenSSH.cmd.
    I feel that it is safer to release to general public.

    OpenSSH.cmd is the batch file that launches OpenSSH in a PE Environment,
    it uses setacle.exe in a for loop,
    that if not used as intended could seriously hose System Files.

    I Intend to release OpenSSH.script with the wishes that it will fall into supportive hands.
    So that we may develop this .script for all that wish to build.

    I still have some minor errors/issues, that I have added as notes in the .script.

    Shamelessly I need to reach 10 posts so that I may acquire PM privileges.
    So If I double post, or perhaps post some jibberish,
    I apologize in advance.

    Regards
    RoyM

    - - - Updated - - -

    Shameless Post.


    - - - Updated - - -

    Me Again.

    - - - Updated - - -

    Getting reply count up.
    Regards
    RoyM
    Quoting Self
    WhoHooo

    - - - Updated - - -

    Shamless advanced reply:
    Regards
    RoyM
      My Computer


  6. Posts : 38
    Win10 Enterprise 22H2
    Thread Starter
       #16

    Thanks RoyM ! Wonderful news indeed.
    -Gamma
      My Computer


  7. Posts : 3,963
    Windows 3.1 to Windows 11
       #17

    @RoyM
    You need to clear some things out of your Mailbox (message limit exceeded)

    Here are the results when testing Edited Script running within booted Win10XPE (Basic Build > Requires MS Powershell) Windows 10 20H1

    Cmd - error messages (need to run "netsh" from System32 not system32/openssh (also requires system file > Timeout )
    Regshot - after running openssh-start
    Reg Import file (to avoid penalty)
    my SSH host keys (Registry also contains OpenSSH Key entries)

    PM me for link to files...........

    PS, I know nothing about this program or how it works.... So relying on your testing..
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 17:45.
Find Us




Windows 10 Forums