Win10XPE : Enable SSH Server with Public Key Authentication

Kyhi said:

If this is something you would to see as part of the project - please forward the script

The script is still being tested. It isn't fully automated yet. I suppose RoyM should release it. Thanks!


-Gamma

Hey GammaP, Glad it all worked.
One question about a comment you said:
"Later I found that the netsh advfirewall context is not available. That's the reason the firewall rules are not added."

Were you talking about some of the commands in OpenSSH.cmd:
:: *** Set firewall rules *******************************************
netsh advfirewall firewall add rule name=sshd dir=in action=allow protocol=TCP localport=22
netsh advfirewall firewall add rule name=sshd dir=in action=allow protocol=UDP localport=22
netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=yes
netsh advfirewall firewall set rule group="Network Discovery" new enable=Yes

Also, Keep all your files in X:\ProgramData\OpenSSH, X:\Windows\System32\OpenSSH,
X:\Users\Default\ssh <-- IF you logon as System
X:\Users\Administrator\ssh <-- IF you logon as Admin
Nowhere else, it is a permission thing, "ONLY" 'SYSTEM and Administrators' have access to these folders.
If you add/attach your cert files to the script, it will extract them to the right place.
And set the permissions, Read the instructions for how.

@Kyhi, Of course it should be added, Any Self-respecting Tech would want this tool in their toolbox
But, it seems there's may be a bug I may need to work out in the OpenSSH.cmd.
I need some more input from GammaP.
If you like, I can send you a link, so that you can play with it,
but I can't send private messages, can you maybe fix that please.

@ALL
My biggest issue is with creating the sshd user from command line.
In a FULL Win10 Install, the sshd Account belongs to NO groups,
Not even the User group, and therefore it does not show up on Login screen.

IN Booted Win10XPE: After I fixed the lusrmgr.msc plugin, I was able to accomplish it, just not from command line yet.
lusrmgr.msc\Users\right-click new user\User name= sshd, Full name= sshd, password= sshd, checked= never expire ONLY
It will throw an error but still create sshd user, it belongs to NO Groups.

IN Full 10: lusrmg.msc\Users\right-click new user\User name= sshd, Full name= sshd, password= sshd, checked= never expire ONLY,
Open up the new sshd user,open 'Member of' Tab, Select Users, Remove

Any help or tips are welcome.

Regards
RoyM

- - - Updated - - -

I got your PM Kyhi.
I am still having difficulty sending a pm.
I have the .script .zipped up and ready to go.
I can provide a link to you, but privately please.

Regards
RoyM

- - - Updated - - -
@Kyhi I am having difficulties trying to PM or communicate discretely.
I am ready to share the .script with you for testing, and assistance.
I think GammaP communicated with me through public messages first time, and
I was able to communicate with him, perhaps we could try that.
I am getting frustrated with my inabilties to communicate.
Regards
RoyM

Hello RoyM,

Thank you for the reply. He is my response to that.


1.

RoyM said:

Were you talking about some of the commands in OpenSSH.cmd : ....

Yes. Maybe, my build is missing netsh advfirewall context ....?


2.

RoyM said:

Also, Keep all your files in X:\ProgramData\OpenSSH, X:\Windows\System32\OpenSSH,
X:\Users\Default\ssh <-- IF you logon as System
X:\Users\Administrator\ssh <-- IF you logon as Admin
Nowhere else, it is a permission thing, "ONLY" 'SYSTEM and Administrators' have access to these folders.
If you add/attach your cert files to the script, it will extract them to the right place.
And set the permissions, Read the instructions for how.

I haven't got a certificate. All that I have is a public-private key pair. The script is looking for authorized_keys in X:\Windows\.ssh\authorized_keys . Is this intended behaviour? I agree that certificates is a better way to organise the credentials. But a simpler option will be nice to have.


Hope my clarifications help. Thank you!


-Gamma

I have added some error checking to OpenSSH.cmd.
I feel that it is safer to release to general public.

OpenSSH.cmd is the batch file that launches OpenSSH in a PE Environment,
it uses setacle.exe in a for loop,
that if not used as intended could seriously hose System Files.

I Intend to release OpenSSH.script with the wishes that it will fall into supportive hands.
So that we may develop this .script for all that wish to build.

I still have some minor errors/issues, that I have added as notes in the .script.

Shamelessly I need to reach 10 posts so that I may acquire PM privileges.
So If I double post, or perhaps post some jibberish,
I apologize in advance.

Regards
RoyM

- - - Updated - - -

Shameless Post.


- - - Updated - - -

Me Again.

- - - Updated - - -

Getting reply count up.
Regards
RoyM

- - - Updated - - -

RoyM said:

I have added some error checking to OpenSSH.cmd.
I feel that it is safer to release to general public.

OpenSSH.cmd is the batch file that launches OpenSSH in a PE Environment,
it uses setacle.exe in a for loop,
that if not used as intended could seriously hose System Files.

I Intend to release OpenSSH.script with the wishes that it will fall into supportive hands.
So that we may develop this .script for all that wish to build.

I still have some minor errors/issues, that I have added as notes in the .script.

Shamelessly I need to reach 10 posts so that I may acquire PM privileges.
So If I double post, or perhaps post some jibberish,
I apologize in advance.

Regards
RoyM

- - - Updated - - -

Shameless Post.


- - - Updated - - -

Me Again.

- - - Updated - - -

Getting reply count up.
Regards
RoyM

Quoting Self
WhoHooo

- - - Updated - - -

Shamless advanced reply:
Regards
RoyM

Thanks RoyM ! Wonderful news indeed.
-Gamma