3. Use Powershell to configure SSH remote management

Enterprise 2023-12-17 18:44:48 views: null

Configure SSH remote management using Powershell

lab environment

CPU name IP address Serve
Windows001 10.1.220.101 Openssh-Server
Client Any (as long as it can communicate with the server) Openssh-Client
1. Configure SSH server
#获取OpenSSH的可用名称
Get-WindowsCapability -Online | ? Name -like 'OpenSSH*' 
#安装OpenSSH服务端
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 
#启动SSH服务
Start-Service -Name "sshd" 
#设置SSH服务自启动
Set-Service -Name "sshd" -StartupType Automatic 
#验证SSH服务运行
Get-Service -Name "sshd" | Select-Object *

#新建防火墙规则允许22端口运行
New-NetFirewallRule -Name "SSH" `
-DisplayName "SSH" `
-Description "Allow SSH" `
-Profile Any `
-Direction Inbound `
-Action Allow `
-Protocol TCP `
-Program Any `
-LocalAddress Any `
-RemoteAddress Any `
-LocalPort 22 `
-RemotePort Any
2. Configure SSH client

On Windows Server 2022, the OpenSSH client is installed by default, but if it is not already installed,
run PowerShell with administrator rights and install it as shown below. 

#获取OpenSSH的可用名称
Get-WindowsCapability -Online | ? Name -like 'OpenSSH*' 
#安装OpenSSH服务端
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
3. Configure SSH key pair

According to the OpenSSH default settings on Windows, the public key file name for ordinary users is the same as the Linux default (authorized_keys). However, the [administrators] group is configured with another file name, so please pay attention to the configuration.

# 服务端配置
# 查看SSH服务端SSH服务配置
Get-Content C:\ProgramData\ssh\sshd_config | Select-String -Pattern "^AuthorizedKeysFile" 
AuthorizedKeysFile      .ssh/authorized_keys
# 所有用户的默认位置,则需要注释掉以下2行
Get-Content C:\ProgramData\ssh\sshd_config -Tail 3 
# Match Group administrators
#      AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

# 生成密钥对
ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (C:\Users\Administrator/.ssh/id_rsa): #是否更改文件存储位置
Created directory 'C:\Users\Administrator/.ssh'.
Enter passphrase (empty for no passphrase):   # 设置私钥密码
Enter same passphrase again:
Your identification has been saved in C:\Users\Administrator/.ssh/id_rsa.
Your public key has been saved in C:\Users\Administrator/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:mOyrz2MfAghFfjgBsnPVhFR3rDC3rtWbrz6kNc/2/DQ Administrator@Windows001
The key's randomart image is:

# 重命名公钥名称
PS C:\Users\Administrator\.ssh> mv id_rsa.pub authorized_keys
# 查看密钥权限 由于Everyone权限会影响认证所以删除其权限
icacls authorized_keys
icacls authorized_keys /remove Everyone

# 客户端配置
mkdir .ssh 
cd .ssh
#下载私钥到客户机
scp [email protected]:'C:\Users\Administrator\.ssh\id_rsa' ./
#测试是否生效
ssh Administrator@10.1.220.101 hostname

# 服务端配置
# 设置关闭密码身份验证(可选)
(Get-Content C:\ProgramData\ssh\sshd_config).Replace("#PasswordAuthentication yes","PasswordAuthentication no") | Set-Content C:\ProgramData\ssh\sshd_config 

# 重启SSH服务
Restart-Service -Name "sshd"
4.Certificate Password Agent

By default, SSH-Agent is installed with the OpenSSH client program, however, it is disabled by default, so go to enable and start the service.

# 查看ssh-agent代理是否启用
Get-Service ssh-agent 

Status   Name               DisplayName
------   ----               -----------
Stopped  ssh-agent          OpenSSH Authentication Agent
# 启用ssh-agent服务
Start-Service -Name "ssh-agent" 
# 设置ssh-agent服务自启动
Set-Service -Name "ssh-agent" -StartupType Automatic 

# 添加密码代理
ssh-add '.ssh\id_rsa' 
Enter passphrase for .ssh\id_rsa: # 输入证书密码
Identity added: .ssh\id_rsa (administrator@Windows001)
# 查看代理密钥
ssh-add -l
3072 SHA256:1/WGNYBjT42BRlug/lTWr61InaqyZRFO2FZ6drG3zLU administrator@Windows001 (RSA)
# 删除所有代理密钥 
ssh-add -D

Notice:

This only makes sense if the certificate has a password set

Automate password entry on key pair authentication using SSH Agent

5. Set default remote access using Powershell

When logging into the OpenSSH server from a client, the command prompt runs as the defaultCommand Lineadministrator, however, if you want to change it For PowerShell, configure it as follows. 

# 确认powershell命令的PATH
Get-Command powershell | Format-Table -AutoSize -Wrap 
# 在 OpenSSH 的注册表项中设置 DefaultShell=PowerShell
# 对于 PowerShell 的 PATH,指定上面的结果
New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force

Guess you like

Origin blog.csdn.net/Selina_lv/article/details/132268504
Recommended
Rushing to the GitHub hot list——How can open source programming languages and frameworks be so cute?
Beijing Humanoid Robot Innovation Center launches Tiangong, the world's first full-size humanoid robot with purely electric drive for anthropomorphic running
Ranking
8个无需编写代码即可使用 Python 内置库的方法
Java collections interview knowledge Lite
Machine learning algorithms foundation - Introduction a (watermelon materials for the book)
(Easy) Ransom Note - LeetCode
[Five days] Qt from entry to actual combat: the second day
Remember once extremely pit father can not download Maven Jar package of issues: IDEA question
The minimum cost Shortest
OSPF study map (the most complete version)
Network Takeaways
GnuPG
Daily
More
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)

Code World

© 2018 codetd.com