ssh-keygen -t ed25519
cat ~/.ssh/id_ed25519.pub > ~/.ssh/authorized_keys
chmod 700 ~/.ssh
chmod 400 ~/.ssh/authorized_keys
chmod 400 ~/.ssh/id_ed25519
(Admin Powershell)
- Check if server is installed
Get-WindowsCapability -Online | ? Name -like 'OpenSSH*'
- If not, make sure Windows Update is enabled, then install by:
Add-WindowsCapability -Online -Name OpenSSH.Server
- Start the sshd service
Start-Service sshd
Set-Service -Name sshd -StartupType 'Automatic'
- Configure firewall
Get-NetFirewallRule -Name *ssh*
- If the firewall does not exist, create one
New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
- Generate ssh key pair
ssh-keygen -t ed25519
cp ~/.ssh/id_ed25519.pub C:\ProgramData\ssh\administrators_authorized_keys
-
Fix Permission: Disable inheritance, only system full control and admin full control, delete the rest.
-
=> svcore (powershell, no GUI)
-
Check current permissions
$path = 'C:\ProgramData\ssh\administrators_authorized_keys' $acl = Get-ACL -Path $path $acl | fl
- disable folder inheritance
$acl.SetAccessRuleProtection($True, $True) # the first $True shows if the folder is protected, the second $True specifies if the current NTFS permissions have to be copied Set-Acl -Path $path -AclObject $acl
- remove the NTFS permission to access a folder for a user
$acl = Get-Acl $path $rules = $acl.Access | where IsInherited -eq $false $targetrule = $rules | where IdentityReference -eq "NT AUTHORITY\Authenticated Users" $acl.RemoveAccessRule($targetrule) $acl | Set-Acl -Path $path
- Check result
Get-ACL -Path $path | fl
-