Windows SSH 资产要求

Windows 资产测试连接, 获取硬件, 自动推送需要进行相关设置

注意: 按照下面的文档部署好 openssh 后, 在 web 的资产列表里面找到你的 windows 资产, 在协议组里面加入 rdp 3389, 再添加一个 ssh 22, 然后就可以使用 测试连接, 获取硬件, 自动推送 功能了

Win7/Win2008 需要升级 powershell 到 3.0 以上, 详情请参考 ansible 客户端需求

下载最新的 OpenSSH
解压后,重命名到 C:\Program Files\OpenSSH
通过管理员身份的方式打开 powershell , 并在 powershell 里面执行下面命令

1. 安装 OpenSSH

  1. cd "C:\Program Files\OpenSSH"
  2. powershell.exe -ExecutionPolicy Bypass -File install-sshd.ps1

2. 设置 Firewalld

  1. New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22

如果 win7/win2008 执行上面的命令报错请执行此处的命令

  1. netsh advfirewall firewall add rule name=sshd dir=in action=allow protocol=TCP localport=22

3. 启动 OpenSSH

  1. net start sshd
  2. Set-Service sshd -StartupType Automatic

4. 使用 Private Key

  1. ssh-keygen.exe -t rsa
  2. cp $env:USERPROFILE\.ssh\id_rsa.pub $env:USERPROFILE\.ssh\authorized_keys
  1. notepad C:\ProgramData\ssh\sshd_config
  1. # This is the sshd server system-wide configuration file.  See
  2. # sshd_config(5) for more information.
  4. # The strategy used for options in the default sshd_config shipped with
  5. # OpenSSH is to specify options with their default value where
  6. # possible, but leave them commented.  Uncommented options override the
  7. # default value.
  9. #Port 22
  10. #AddressFamily any
  11. #ListenAddress 0.0.0.0
  12. #ListenAddress ::
  14. #HostKey __PROGRAMDATA__/ssh/ssh_host_rsa_key
  15. #HostKey __PROGRAMDATA__/ssh/ssh_host_dsa_key
  16. #HostKey __PROGRAMDATA__/ssh/ssh_host_ecdsa_key
  17. #HostKey __PROGRAMDATA__/ssh/ssh_host_ed25519_key
  19. # Ciphers and keying
  20. #RekeyLimit default none
  22. # Logging
  23. #SyslogFacility AUTH
  24. #LogLevel INFO
  26. # Authentication:
  28. #LoginGraceTime 2m
  29. #PermitRootLogin prohibit-password
  30. #StrictModes yes
  31. #MaxAuthTries 6
  32. #MaxSessions 10
  34. PubkeyAuthentication yes
  36. # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
  37. # but this is overridden so installations will only check .ssh/authorized_keys
  38. AuthorizedKeysFile  .ssh/authorized_keys
  40. #AuthorizedPrincipalsFile none
  42. # For this to work you will also need host keys in %programData%/ssh/ssh_known_hosts
  43. #HostbasedAuthentication no
  44. # Change to yes if you don't trust ~/.ssh/known_hosts for
  45. # HostbasedAuthentication
  46. #IgnoreUserKnownHosts no
  47. # Don't read the user's ~/.rhosts and ~/.shosts files
  48. #IgnoreRhosts yes
  50. # To disable tunneled clear text passwords, change to no here!
  51. #PasswordAuthentication yes
  52. #PermitEmptyPasswords no
  54. # GSSAPI options
  55. #GSSAPIAuthentication no
  57. #AllowAgentForwarding yes
  58. #AllowTcpForwarding yes
  59. #GatewayPorts no
  60. #PermitTTY yes
  61. #PrintMotd yes
  62. #PrintLastLog yes
  63. #TCPKeepAlive yes
  64. #UseLogin no
  65. #PermitUserEnvironment no
  66. #ClientAliveInterval 0
  67. #ClientAliveCountMax 3
  68. #UseDNS no
  69. #PidFile /var/run/sshd.pid
  70. #MaxStartups 10:30:100
  71. #PermitTunnel no
  72. #ChrootDirectory none
  73. #VersionAddendum none
  75. # no default banner path
  76. #Banner none
  78. # override default of no subsystems
  79. Subsystem   sftp    sftp-server.exe
  81. # Example of overriding settings on a per-user basis
  82. #Match User anoncvs
  83. #   AllowTcpForwarding no
  84. #   PermitTTY no
  85. #   ForceCommand cvs server
  87. # 注释下面两行
  88. #Match Group administrators
  89. #       AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
  1. net stop sshd
  2. net start sshd

Private Key 使用方式

  1. ssh user@ip -i <private_key_absolute_path>        (local users)
  2. ssh user@domain@ip -i <private_key_absolute_path> (Domain users)