Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Initial setup of OpenSSH. Please follow official instalation documentation from Microsoft.
  2. Set up the PowerShell as the default shell for SSH:
    New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force
  3. Create an account for Perun on the target machine (or create as a domain account). It's recomended to load user profile using following command:
    Start-Process cmd /c -Credential $credentials -ErrorAction SilentlyContinue -LoadUserProfile
  4. Allow SSH only for the specific account by adding the following line to end of the %programdata%\ssh\sshd_config file. Official documentation on allowing or denying accounts
    # For local account
    AllowUsers username

  5. Forbid password authentication by changing sshd_config.
    # From
    #PasswordAuthentication yes
    # To
    PasswordAuthentication no

  6. Copy the public key for Perun to following files in format: 
    command="& c:\scripts\perun\perun_connector.ps1 $input; exit $LASTEXITCODE" ssh-rsa publickey perun@idm.ics.muni.cz
    - C:\Users\<PERUN_USER>\.ssh\authorized_keys
    - C:\ProgramData\ssh\administrators_authorized_keys
  7. Restart sshd service

    Restart-Service sshd

  8. Test connection