get chocolatey pkg mgr to install openssh, then configure locally for sshd usage

bootstrap-w10-orch.ps1

<# -----------------------------------------------------------------------------
 bootstrap_w10_orch.ps1

 .Description
    Get a Windows 10 box into a state where SSH is ready and available.
    Also try to get Windows Subsystem for Linux (WSL) prepped and ready.
    
    When run via CSE, this script is downloaded into:
     C:\Packages\...
     
    SSH can be authed against with the Windows credentials.
    
    .\bootstrap_w10_orch.ps1
----------------------------------------------------------------------------- #>
Start-Transcript -Path "C:\bootstrap-w10-orch.log"

Write-Output "Creating directories"
if (!(Test-Path "C:\_maintainer")) {
    New-Item -Type Directory "C:\_maintainer"
}

if (!(Test-Path "C:\Orchestrate")) {
    New-Item -Type Directory "C:\Orchestrate"
}

Write-Output "Setting Execution policy"
# set execution policy
Set-ExecutionPolicy 'Unrestricted' -Force

Write-Output "Installing Chocolatey"
# install chocolatey
iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
& choco install sysinternals -y

Write-Output "Ensuring TEMP directory for system exists"
try {
    if (!(Test-Path C:\Windows\system32\config\systemprofile\AppData\Local\Temp\)) {
        New-Item -ItemType Directory "C:\Windows\system32\config\systemprofile\AppData\Local\Temp\"
    }
}
catch {
    Write-Error "Error creating TEMP directory: $_"
}

Write-Output "Installing OpenSSH"
try
{
    #iex ((New-Object System.Net.WebClient).DownloadString('https://gist.githubusercontent.com/gravcat/4a3a76e464bf6ee24a901f17bb364b99/raw/f2f8d270bd4fa9cde0368bd99253f6f439f98768/raw-win32-openssh-install.ps1'))
    Invoke-WebRequest -Uri 'https://gist.githubusercontent.com/gravcat/4a3a76e464bf6ee24a901f17bb364b99/raw/914b65d5ee4ad368007d5ebbda10d693937a93ed/raw-win32-openssh-install.ps1' -OutFile "C:\_maintainer\raw-win32-openssh-install.ps1"
    #& psexec -i -s powershell -File C:\_maintainer\raw-win32-openssh-install.ps1
    . "C:\_maintainer\raw-win32-openssh-install.ps1"
}
catch
{
    Write-Error "Error running OpenSSH install: $_"
}

Write-Output "Configuring pidfile location in sshd_config"
# Put the pidfile in a writable location
(Get-Content "C:\Program Files\OpenSSH-Win64\sshd_config") -replace '#PidFile /var/run/sshd.pid,PidFile Logs/sshd.pid' | Set-Content "C:\Program Files\OpenSSH-Win64\sshd_config"

Write-Output "Enabling developer mode"
# enable developer mode (brings WSL availability)
## https://gallery.technet.microsoft.com/scriptcenter/Enable-developer-mode-27008e86
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock" /t REG_DWORD /f /v "AllowDevelopmentWithoutDevLicense" /d "1"

Write-Output "Enabling WSL feature"
# enable WSL feature
Enable-WindowsOptionalFeature -Online -NoRestart -FeatureName Microsoft-Windows-Subsystem-Linux

# handling LXSS stuff via Task Scheduler
iex ((New-Object System.Net.WebClient).DownloadString('https://gist.githubusercontent.com/gravcat/723d3a3461dba4a660a18ca4b1472618/raw/762abaac8d99f9bc4c7ffc25561a34631c374292/lxss-via-tasksched.ps1'))

# we need a reboot to make WSL install-able
#Restart-Computer -Force

# set AV exclusions
Add-MpPreference -ExclusionPath "C:\Orchestrate"
Add-MpPreference -ExclusionPath "C:\Program Files\OpenSSH-Win64"

# "friendly accommodations" for better experience for Desktop users
iex ((New-Object System.NetWebClient).DownloadString('https://gist.githubusercontent.com/gravcat/fb55eae8fb3b9b15d6239985c79e6c02/raw/6fd731e57b68f5fcf1379a0c773114e54fa090ef/friendly-accommodations-w10-orch.ps1'))

Stop-Transcript

update coming soon to also set acl on sshd_config, and a conditional to not run the reg add and the feature install if not w10. also it appears a sleep (10) is needed right after install-sshd.ps1 as the Set-Service manipulation can happen before the service is installed.

executed via https://gist.github.com/gravcat/2b9d610dfabe4038f14f0f367ff89035