lboulard · March 17, 2021 08:25
diff --git a/.gitattributes b/.gitattributes
 *.bat     eol=crlf
 *.ps1     eol=crlf
diff --git a/install-ssh-agent.ps1 b/install-ssh-agent.ps1
 # @manojampalam - authored initial script
 # @friism - Fixed issue with invalid SDDL on Set-Acl
 # @manojampalam - removed ntrights.exe dependency
 # @bingbing8 - removed secedit.exe dependency

 $scriptpath = $MyInvocation.MyCommand.Path
 $scriptdir = Split-Path $scriptpath

 $sshdpath = Join-Path $scriptdir "sshd.exe"
 $sshagentpath = Join-Path $scriptdir "ssh-agent.exe"
 $etwman = Join-Path $scriptdir "openssh-events.man"

 if (-not (Test-Path $sshdpath)) {
    throw "sshd.exe is not present in script path"
 }

 if (Get-Service sshd -ErrorAction SilentlyContinue) 
 {
   Stop-Service sshd
   sc.exe delete sshd 1>$null
 }

 if (Get-Service ssh-agent -ErrorAction SilentlyContinue) 
 {
   Stop-Service ssh-agent
   sc.exe delete ssh-agent 1>$null
 }

 # unregister etw provider
 wevtutil um `"$etwman`"

 # adjust provider resource path in instrumentation manifest
 [XML]$xml = Get-Content $etwman
 $xml.instrumentationManifest.instrumentation.events.provider.resourceFileName = $sshagentpath.ToString()
 $xml.instrumentationManifest.instrumentation.events.provider.messageFileName = $sshagentpath.ToString()

 $streamWriter = $null
 $xmlWriter = $null
 try {
    $streamWriter = new-object System.IO.StreamWriter($etwman)
    $xmlWriter = [System.Xml.XmlWriter]::Create($streamWriter)    
    $xml.Save($xmlWriter)
 }
 finally {
    if($streamWriter) {
        $streamWriter.Close()
    }
 }

 #register etw provider
 wevtutil im `"$etwman`"

 $agentDesc = "Agent to hold private keys used for public key authentication."
 New-Service -Name ssh-agent -DisplayName "OpenSSH Authentication Agent" -BinaryPathName `"$sshagentpath`" -Description $agentDesc -StartupType Manual | Out-Null
 sc.exe sdset ssh-agent "D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;RP;;;AU)"
 sc.exe privs ssh-agent SeImpersonatePrivilege

 ## We comment out these lines in order to only install ssh-agent
 # $sshdDesc = "SSH protocol based service to provide secure encrypted communications between two untrusted hosts over an insecure network."
 # New-Service -Name sshd -DisplayName "OpenSSH SSH Server" -BinaryPathName `"$sshdpath`" -Description $sshdDesc -StartupType Manual | Out-Null
 # sc.exe privs sshd SeAssignPrimaryTokenPrivilege/SeTcbPrivilege/SeBackupPrivilege/SeRestorePrivilege/SeImpersonatePrivilege

 Write-Host -ForegroundColor Green "sshd and ssh-agent services successfully installed"
diff --git a/windows-git-openssh.bat b/windows-git-openssh.bat
 @SETLOCAL

 setx GIT_SSH "%~dp0OpenSSH-Win64\ssh.exe"
 REG delete HKCU\Environment /F /V SSH_AUTH_SOCK

 @:: Pause if not interactive
 @ECHO %cmdcmdline% | FIND /i "%~0" >NUL
 @IF NOT ERRORLEVEL 1 PAUSE
diff --git a/windows-git-pageant.bat b/windows-git-pageant.bat
 @SETLOCAL

 REG delete HKCU\Environment /F /V GIT_SSH
 setx SSH_AUTH_SOCK /tmp/.ssh-pageant-lboulard

 @:: Pause if not interactive
 @ECHO %cmdcmdline% | FIND /i "%~0" >NUL
 @IF NOT ERRORLEVEL 1 PAUSE
diff --git a/Windows-OpenSSH.md b/Windows-OpenSSH.md
	# @manojampalam - authored initial script
	# @friism - Fixed issue with invalid SDDL on Set-Acl
	# @manojampalam - removed ntrights.exe dependency
	# @bingbing8 - removed secedit.exe dependency

	$scriptpath = $MyInvocation.MyCommand.Path
	$scriptdir = Split-Path $scriptpath

	$sshdpath = Join-Path $scriptdir "sshd.exe"
	$sshagentpath = Join-Path $scriptdir "ssh-agent.exe"
	$etwman = Join-Path $scriptdir "openssh-events.man"

	if (-not (Test-Path $sshdpath)) {
	throw "sshd.exe is not present in script path"
	}

	if (Get-Service sshd -ErrorAction SilentlyContinue)
	{
	Stop-Service sshd
	sc.exe delete sshd 1>$null
	}

	if (Get-Service ssh-agent -ErrorAction SilentlyContinue)
	{
	Stop-Service ssh-agent
	sc.exe delete ssh-agent 1>$null
	}

	# unregister etw provider
	wevtutil um `"$etwman`"

	# adjust provider resource path in instrumentation manifest
	[XML]$xml = Get-Content $etwman
	$xml.instrumentationManifest.instrumentation.events.provider.resourceFileName = $sshagentpath.ToString()
	$xml.instrumentationManifest.instrumentation.events.provider.messageFileName = $sshagentpath.ToString()

	$streamWriter = $null
	$xmlWriter = $null
	try {
	$streamWriter = new-object System.IO.StreamWriter($etwman)
	$xmlWriter = [System.Xml.XmlWriter]::Create($streamWriter)
	$xml.Save($xmlWriter)
	}
	finally {
	if($streamWriter) {
	$streamWriter.Close()
	}
	}

	#register etw provider
	wevtutil im `"$etwman`"

	$agentDesc = "Agent to hold private keys used for public key authentication."
	New-Service -Name ssh-agent -DisplayName "OpenSSH Authentication Agent" -BinaryPathName `"$sshagentpath`" -Description $agentDesc -StartupType Manual \| Out-Null
	sc.exe sdset ssh-agent "D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;RP;;;AU)"
	sc.exe privs ssh-agent SeImpersonatePrivilege

	## We comment out these lines in order to only install ssh-agent
	# $sshdDesc = "SSH protocol based service to provide secure encrypted communications between two untrusted hosts over an insecure network."
	# New-Service -Name sshd -DisplayName "OpenSSH SSH Server" -BinaryPathName `"$sshdpath`" -Description $sshdDesc -StartupType Manual \| Out-Null
	# sc.exe privs sshd SeAssignPrimaryTokenPrivilege/SeTcbPrivilege/SeBackupPrivilege/SeRestorePrivilege/SeImpersonatePrivilege

	Write-Host -ForegroundColor Green "sshd and ssh-agent services successfully installed"
	@SETLOCAL

	setx GIT_SSH "%~dp0OpenSSH-Win64\ssh.exe"
	REG delete HKCU\Environment /F /V SSH_AUTH_SOCK

	@:: Pause if not interactive
	@ECHO %cmdcmdline% \| FIND /i "%~0" >NUL
	@IF NOT ERRORLEVEL 1 PAUSE
	@SETLOCAL

	REG delete HKCU\Environment /F /V GIT_SSH
	setx SSH_AUTH_SOCK /tmp/.ssh-pageant-lboulard

	@:: Pause if not interactive
	@ECHO %cmdcmdline% \| FIND /i "%~0" >NUL
	@IF NOT ERRORLEVEL 1 PAUSE