Install and Setup OpenSSH (Windows)

Written by Ibhadogiemu Esemuede Okougbo on the 26th Aug 2021

Exported on 26-Aug-2021 12:30:07

Install and Setup OpenSSH (Windows) Blueprint

This is a Blueprints for installing and setting up OpenSSH for windows.

Parameters

Name Type Script Reference Default Value Comment
Attune Node Windows Server attuneNode This is my Attune Node
Attune Node Credentials Windows OS Credential attuneNodeCredentials

1 - Install-OpenSSH

Install OpenSSH

Region for ExecutionPolicy

  • The script above first gets the execution policy of the current PowerShell session.

  • Then checks if it is set to Unrestricted.

  • If it is set, then skips and echos a message to the screen.

- Else it sets the execution policy to Unrestricted.

Region for Installing OpenSSH
  • First gets a version of OpenSSH from Microsoft's GitHub repository and saves it in TEMP folder on the Target Node.
  • Then unzips it to ProgramFiles Folder.
  • Next OpenSSH is installed.
  • Finally the file downloaded from the GitHub Repo in the TEMP folder is deleted.
The connection details have changed from the last step.

Login as user on node

  1. Connect via RDP 
    mstsc /admin /v:Attune Node
  2. Login as user {Attune Node Credentials}
  3. Then open a command prompt
This is a PowerShell Script make sure you run it with powershell.exe Click start menu, enter "powershell" in the search bar, then select the powersehll program 
#Region for ExecutionPolicy
# ===========================================================================
# Get Execution Policy of the current process
$Script:ProcessEP = Get-ExecutionPolicy -Scope Process

#Get the value of the Execution Policy and save it in the Variable
$Script:ValueProcessEP = ($Script:ProcessEP).value__

# Check if the Execution Policy of the process is set to Unrestricted
if ($Script:ValueProcessEP -eq 0) {

    # echo the message
    Write-Output "Execution Policy is already set to Unrestricted for the Process"
# Check if the Execution Policy of the process is already set
}else{

    # Set the ExecutionPolicy of the Process to Unrestricted
    Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted -Force -Confirm:$false

    # Checks if the Execution Policy has been set
    if ((Get-ExecutionPolicy -Scope Process).value__ -eq 0) {

        # echo the message
        Write-Output "Execution Policy is now set to Unrestricted for the Process"
    }
}
# ===========================================================================
#EndRegion for ExecutionPolicy 



# Download OpenSSH (64bit) from Microsoft github repo
$Sourcerepo = "https://github.com/PowerShell/Win32-OpenSSH/releases/download/V8.6.0.0p1-Beta/OpenSSH-Win64.zip"
$Destination = ($env:TMP + "\OpenSSH-Win64.zip")
Invoke-RestMethod -Uri $Sourcerepo -OutFile $Destination

# Unzip the file from the downloaded repo to Program Files on C Drive
Expand-Archive -Path ($env:TMP + "\OpenSSH-Win64.zip")`
-DestinationPath ($env:ProgramFiles)

# Write Out message to the screen
Write-Output "Installing OpenSSH....."

# Pause the script for 1 millisecond
Start-Sleep -m 1

# Install OpenSSH
. ($env:ProgramFiles + "\OpenSSH-Win64\install-sshd.ps1")

# Remove the Downloaded OpenSSH file 
Remove-Item -Path ($env:TMP + "\OpenSSH-Win64.zip") -Force

2 - Set-OpenSSHFirewallRule

Set-OpenSSHFirewallRule

Region for ExecutionPolicy

  • The script above first gets the execution policy of the current PowerShell session.

  • Then checks if it is set to Unrestricted.

  • If it is set, then skips and echos a message to the screen.

- Else it sets the execution policy to Unrestricted.

Region for Firewall Rule
  • First checks if there is any existing Firewall rule for ssh.
  • If there is none then it creates one.
  • Else it does not create one and then echo a message to the screen.

Login as user on node

  1. Connect via RDP 
    mstsc /admin /v:Attune Node
  2. Login as user {Attune Node Credentials}
  3. Then open a command prompt
This is a PowerShell Script make sure you run it with powershell.exe Click start menu, enter "powershell" in the search bar, then select the powersehll program 
#Region for ExecutionPolicy
# ===========================================================================
# Get Execution Policy of the current process
$Script:ProcessEP = Get-ExecutionPolicy -Scope Process

#Get the value of the Execution Policy and save it in the Variable
$Script:ValueProcessEP = ($Script:ProcessEP).value__

# Check if the Execution Policy of the process is set to Unrestricted
if ($Script:ValueProcessEP -eq 0) {

    # echo the message
    Write-Output "Execution Policy is already set to Unrestricted for the Process"
# Check if the Execution Policy of the process is already set
}else{

    # Set the ExecutionPolicy of the Process to Unrestricted
    Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted -Force -Confirm:$false

    # Checks if the Execution Policy has been set
    if ((Get-ExecutionPolicy -Scope Process).value__ -eq 0) {

        # echo the message
        Write-Output "Execution Policy is now set to Unrestricted for the Process"
    }
}
# ===========================================================================
#EndRegion for ExecutionPolicy 



# Confirm the firewall rule is configured. It should be created automatically by setup.
if (!(Get-NetFirewallRule -Name *ssh*)) {
    # Write Out message to the screen
    Write-Output "Creating New Firewall Rule called sshd....."

    # Set firewall permissions
    New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
}else {
    # Write Out message to the screen
    Write-Output "Firewall Rule sshd already exist"
}

3 - Start-OpenSSHService

Start-OpenSSHService

Region for ExecutionPolicy

  • The script above first gets the execution policy of the current PowerShell session.

  • Then checks if it is set to Unrestricted.

  • If it is set, then skips and echos a message to the screen.

- Else it sets the execution policy to Unrestricted.

Region for OpenSSH Service
  • First set the service called sshd for OpenSSH to Automatic.
  • Then starts the sshd service.

Login as user on node

  1. Connect via RDP 
    mstsc /admin /v:Attune Node
  2. Login as user {Attune Node Credentials}
  3. Then open a command prompt
This is a PowerShell Script make sure you run it with powershell.exe Click start menu, enter "powershell" in the search bar, then select the powersehll program 
#Region for ExecutionPolicy
# ===========================================================================
# Get Execution Policy of the current process
$Script:ProcessEP = Get-ExecutionPolicy -Scope Process

#Get the value of the Execution Policy and save it in the Variable
$Script:ValueProcessEP = ($Script:ProcessEP).value__

# Check if the Execution Policy of the process is set to Unrestricted
if ($Script:ValueProcessEP -eq 0) {

    # echo the message
    Write-Output "Execution Policy is already set to Unrestricted for the Process"
# Check if the Execution Policy of the process is already set
}else{

    # Set the ExecutionPolicy of the Process to Unrestricted
    Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted -Force -Confirm:$false

    # Checks if the Execution Policy has been set
    if ((Get-ExecutionPolicy -Scope Process).value__ -eq 0) {

        # echo the message
        Write-Output "Execution Policy is now set to Unrestricted for the Process"
    }
}
# ===========================================================================
#EndRegion for ExecutionPolicy



# Write Out message to the screen
Write-Output "Setting sshd service startup type to Automatic"

# Set service startup to Automatic
Set-Service sshd -StartupType Automatic

# Write Out message to the screen
Write-Output "Starting sshd service..."

# Start sshd service
Start-Service sshd