trackd · October 28, 2024 15:04
diff --git a/Enable-SSH.ps1 b/Enable-SSH.ps1
 function Enable-SSH {
    [cmdletbinding(SupportsShouldProcess, ConfirmImpact = 'High')]
    param()

    # could just set it to require administrator but that gets annoying if including it in a module.
    $CurrentScope = [Security.Principal.WindowsPrincipal]::new([Security.Principal.WindowsIdentity]::GetCurrent())

    if (-Not $CurrentScope.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
        $PSCmdlet.ThrowTerminatingError(
            [System.Management.Automation.ErrorRecord]::new(
                [System.UnauthorizedAccessException]::new('This function must be run as an Administrator'),
                'NotAdministrator',
                [System.Management.Automation.ErrorCategory]::PermissionDenied,
                $CurrentScope.Identities.Name
            )
        )
    }

    Get-WindowsCapability -Online -Name OpenSSH.* | ForEach-Object {
        if ($_.State -ne 'Installed') {
            if (-Not $PSCmdlet.ShouldProcess($_.Name)) {
                return
            }
            $null = Add-WindowsCapability -Online -Name $_.Name
        }
    }

    $sshdCap2 = Get-WindowsCapability -Online -Name OpenSSH.Server* | Where-Object { $_.State -ne 'Installed' }
    if ($sshdCap2) {
        $PSCmdlet.ThrowTerminatingError(
            [System.Management.Automation.ErrorRecord]::new(
                [System.InvalidOperationException]::new('OpenSSH Server is not installed'),
                'NotInstalled',
                [System.Management.Automation.ErrorCategory]::NotInstalled,
                $sshdCap2
            )
        )
    }

    $ServiceConfig = Get-Service -Name sshd
    if ($ServiceConfig.StartType -ne 'Automatic') {
        $null = Set-Service -Name sshd -StartupType 'Automatic'
    }
    if ($ServiceConfig.Status -ne 'Running') {
        $null = Start-Service -Name sshd
    }
    if ($sshdCap.RestartNeeded) {
        Write-Warning 'Restart the computer to complete the installation'
    }
    <#
    $fwParams = @{
        Name        = 'OpenSSH-Server-In-TCP'
        DisplayName = 'OpenSSH Server'
        Enabled     = $true
        Direction   = 'Inbound'
        Protocol    = 'TCP'
        Action      = 'Allow'
        LocalPort   = 22
    }
    New-NetFirewallRule @fwParams
    #>
    $fwRules = Get-NetFirewallRule -Name 'OpenSSH-Server-In-TCP' | Where-Object { $_.Enabled -ne $true }
    if ($fwRules -and $PSCmdlet.ShouldProcess($fwRules.Name, 'Enabling OpenSSH-Server-In-TCP rule')) {
        Write-Host 'Enabling OpenSSH-Server-In-TCP rule'
        $null = $fwRules | Set-NetFirewallRule -Profile 'Any' -Enabled true
    }
    <#
    $pingRule = Get-NetFirewallRule -Name "CoreNet-Diag-ICMP4-EchoRequest-In" | Where-Object { $_.Enabled -ne $true }
    if ($pingRule -and $PSCmdlet.ShouldProcess($pingRule.Name, 'Enabling ICMP echo request rule')) {
        $msg = 'Enabling ICMP echo request rule'
        if ($PSCmdlet.ShouldProcess($pingRule, $msg)) {
            $null = $pingRule | Set-NetFirewallRule -Profile 'Any' -Enabled true
        }
    }
    #>
    Get-Content "$env:ProgramData\ssh\sshd_config" |
        Where-Object { $_ -notmatch '^\s*#' -and -not [String]::IsNullOrEmpty($_) } |
        ForEach-Object {
            $key, $value, $option = $_.Trim() -split '\b\s+', 3
            [PSCustomObject]@{
                Key    = $key
                Value  = $value
                Option = $option
            }
        }

    $Regkey = Get-ItemPropertyValue -Path 'HKLM:\SOFTWARE\OpenSSH' -Name 'DefaultShell' -ErrorAction 'Ignore'
    if (-Not $Regkey -And $PSCmdlet.ShouldProcess('Setting Powershell as DefaultShell?')) {
        $TestPS = Get-Command -Name pwsh -CommandType Application -ErrorAction Ignore
        if (-Not $TestPS) {
            $TestPS = Get-Command -Name powershell -CommandType Application -ErrorAction Ignore
        }
        $regParams = @{
            Path         = 'HKLM:\SOFTWARE\OpenSSH'
            Name         = 'DefaultShell'
            Value        = $TestPS.Path
            PropertyType = 'String'
            Force        = $true
        }
        New-ItemProperty @regParams
    }
 }
	function Enable-SSH {
	[cmdletbinding(SupportsShouldProcess, ConfirmImpact = 'High')]
	param()

	# could just set it to require administrator but that gets annoying if including it in a module.
	$CurrentScope = [Security.Principal.WindowsPrincipal]::new([Security.Principal.WindowsIdentity]::GetCurrent())

	if (-Not $CurrentScope.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
	$PSCmdlet.ThrowTerminatingError(
	[System.Management.Automation.ErrorRecord]::new(
	[System.UnauthorizedAccessException]::new('This function must be run as an Administrator'),
	'NotAdministrator',
	[System.Management.Automation.ErrorCategory]::PermissionDenied,
	$CurrentScope.Identities.Name
	)
	)
	}

	Get-WindowsCapability -Online -Name OpenSSH.* \| ForEach-Object {
	if ($_.State -ne 'Installed') {
	if (-Not $PSCmdlet.ShouldProcess($_.Name)) {
	return
	}
	$null = Add-WindowsCapability -Online -Name $_.Name
	}
	}

	$sshdCap2 = Get-WindowsCapability -Online -Name OpenSSH.Server* \| Where-Object { $_.State -ne 'Installed' }
	if ($sshdCap2) {
	$PSCmdlet.ThrowTerminatingError(
	[System.Management.Automation.ErrorRecord]::new(
	[System.InvalidOperationException]::new('OpenSSH Server is not installed'),
	'NotInstalled',
	[System.Management.Automation.ErrorCategory]::NotInstalled,
	$sshdCap2
	)
	)
	}

	$ServiceConfig = Get-Service -Name sshd
	if ($ServiceConfig.StartType -ne 'Automatic') {
	$null = Set-Service -Name sshd -StartupType 'Automatic'
	}
	if ($ServiceConfig.Status -ne 'Running') {
	$null = Start-Service -Name sshd
	}
	if ($sshdCap.RestartNeeded) {
	Write-Warning 'Restart the computer to complete the installation'
	}
	<#
	$fwParams = @{
	Name = 'OpenSSH-Server-In-TCP'
	DisplayName = 'OpenSSH Server'
	Enabled = $true
	Direction = 'Inbound'
	Protocol = 'TCP'
	Action = 'Allow'
	LocalPort = 22
	}
	New-NetFirewallRule @fwParams
	#>
	$fwRules = Get-NetFirewallRule -Name 'OpenSSH-Server-In-TCP' \| Where-Object { $_.Enabled -ne $true }
	if ($fwRules -and $PSCmdlet.ShouldProcess($fwRules.Name, 'Enabling OpenSSH-Server-In-TCP rule')) {
	Write-Host 'Enabling OpenSSH-Server-In-TCP rule'
	$null = $fwRules \| Set-NetFirewallRule -Profile 'Any' -Enabled true
	}
	<#
	$pingRule = Get-NetFirewallRule -Name "CoreNet-Diag-ICMP4-EchoRequest-In" \| Where-Object { $_.Enabled -ne $true }
	if ($pingRule -and $PSCmdlet.ShouldProcess($pingRule.Name, 'Enabling ICMP echo request rule')) {
	$msg = 'Enabling ICMP echo request rule'
	if ($PSCmdlet.ShouldProcess($pingRule, $msg)) {
	$null = $pingRule \| Set-NetFirewallRule -Profile 'Any' -Enabled true
	}
	}
	#>
	Get-Content "$env:ProgramData\ssh\sshd_config" \|
	Where-Object { $_ -notmatch '^\s*#' -and -not [String]::IsNullOrEmpty($_) } \|
	ForEach-Object {
	$key, $value, $option = $_.Trim() -split '\b\s+', 3
	[PSCustomObject]@{
	Key = $key
	Value = $value
	Option = $option
	}
	}

	$Regkey = Get-ItemPropertyValue -Path 'HKLM:\SOFTWARE\OpenSSH' -Name 'DefaultShell' -ErrorAction 'Ignore'
	if (-Not $Regkey -And $PSCmdlet.ShouldProcess('Setting Powershell as DefaultShell?')) {
	$TestPS = Get-Command -Name pwsh -CommandType Application -ErrorAction Ignore
	if (-Not $TestPS) {
	$TestPS = Get-Command -Name powershell -CommandType Application -ErrorAction Ignore
	}
	$regParams = @{
	Path = 'HKLM:\SOFTWARE\OpenSSH'
	Name = 'DefaultShell'
	Value = $TestPS.Path
	PropertyType = 'String'
	Force = $true
	}
	New-ItemProperty @regParams
	}
	}