Script to enable OpenSSH server on Windows 10+

Enable-OpenSSHServer.ps1

<#
.SYNOPSIS
    This script installs and enables the OpenSSH server service on Windows 10 and 11 client machines.

.DESCRIPTION
    This script installs the OpenSSH server service on Windows 10 and 11 client machines, allows it through Windows Firewall, and sets it to start automatically. It also includes an optional section to restrict incoming connections to only RFC1918 IPv4 addresses when a parameter is passed to the script.

.PARAMETER RestrictToRFC1918
    When specified, restricts incoming connections to the OpenSSH server to only RFC1918 IPv4 addresses.

.NOTES
    Version:        1.0
    Author:         Bing and Matt
    Creation Date:  2023-06-26
#>

param (
    [switch]$RestrictToRFC1918
)

# Check if the OpenSSH server service is installed
$service = Get-Service -Name sshd -ErrorAction SilentlyContinue

if ($null -eq $service) {
    # Install the OpenSSH Server
    Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

    # Set the OpenSSH server service to start automatically
    Set-Service -Name sshd -StartupType Automatic

    # Start the OpenSSH server service
    Start-Service sshd

    # Check if the OpenSSH-Server-In-TCP firewall rule is enabled
    $firewallRule = Get-NetFirewallRule -Name *OpenSSH-Server-In-TCP* -ErrorAction SilentlyContinue

    # If the rule is not enabled, enable it
    if ($firewallRule.Enabled -eq "False") {
        Enable-NetFirewallRule -Name *OpenSSH-Server-In-TCP*
    }
}

# If the RestrictToRFC1918 parameter is specified, restrict incoming connections to only RFC1918 IPv4 addresses
if ($RestrictToRFC1918) {
    # Define the allowed remote IP addresses (RFC1918 IPv4 addresses)
    $remoteAddresses = "10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"

    # Update the OpenSSH-Server-In-TCP firewall rule to only allow incoming connections from the specified remote IP addresses
    Set-NetFirewallRule -Name *OpenSSH-Server-In-TCP* -RemoteAddress $remoteAddresses
}