Windows SSH 资产要求

Windows 资产的测试连接、硬件信息获取、用户自动推送功能需要进行以下相关设置

注意:按照下面的文档部署好 Openssh 后,在 Web 的资产列表里面找到您的 Windows 资产,在协议组中加入 rdp 3389和 ssh 22协议,然后就可以使用资产测试连接、硬件信息获取、用户自动推送的功能。

Win7/Win2008 需要升级 powershell 到 3.0 以上,详情请参考 ansible 客户端需求

1 安装 OpenSSH

下载最新的 OpenSSH-Win64.msi
- 通过管理员身份的直接运行即可,安装过程无需交互,安装完成后不需要任何配置即可直接使用。

2 使用 Private Key

  1. ssh-keygen.exe -t rsa
  2. cp $env:USERPROFILE\.ssh\id_rsa.pub $env:USERPROFILE\.ssh\authorized_keys
  1. notepad C:\ProgramData\ssh\sshd_config
  1. # This is the sshd server system-wide configuration file.  See
  2. # sshd_config(5) for more information.
  4. # The strategy used for options in the default sshd_config shipped with
  5. # OpenSSH is to specify options with their default value where
  6. # possible, but leave them commented.  Uncommented options override the
  7. # default value.
  9. #Port 22
  10. #AddressFamily any
  11. #ListenAddress 0.0.0.0
  12. #ListenAddress ::
  14. #HostKey __PROGRAMDATA__/ssh/ssh_host_rsa_key
  15. #HostKey __PROGRAMDATA__/ssh/ssh_host_dsa_key
  16. #HostKey __PROGRAMDATA__/ssh/ssh_host_ecdsa_key
  17. #HostKey __PROGRAMDATA__/ssh/ssh_host_ed25519_key
  19. # Ciphers and keying
  20. #RekeyLimit default none
  22. # Logging
  23. #SyslogFacility AUTH
  24. #LogLevel INFO
  26. # Authentication:
  28. #LoginGraceTime 2m
  29. #PermitRootLogin prohibit-password
  30. #StrictModes yes
  31. #MaxAuthTries 6
  32. #MaxSessions 10
  34. PubkeyAuthentication yes
  36. # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
  37. # but this is overridden so installations will only check .ssh/authorized_keys
  38. AuthorizedKeysFile  .ssh/authorized_keys
  40. #AuthorizedPrincipalsFile none
  42. # For this to work you will also need host keys in %programData%/ssh/ssh_known_hosts
  43. #HostbasedAuthentication no
  44. # Change to yes if you don't trust ~/.ssh/known_hosts for
  45. # HostbasedAuthentication
  46. #IgnoreUserKnownHosts no
  47. # Don't read the user's ~/.rhosts and ~/.shosts files
  48. #IgnoreRhosts yes
  50. # To disable tunneled clear text passwords, change to no here!
  51. #PasswordAuthentication yes
  52. #PermitEmptyPasswords no
  54. # GSSAPI options
  55. #GSSAPIAuthentication no
  57. #AllowAgentForwarding yes
  58. #AllowTcpForwarding yes
  59. #GatewayPorts no
  60. #PermitTTY yes
  61. #PrintMotd yes
  62. #PrintLastLog yes
  63. #TCPKeepAlive yes
  64. #UseLogin no
  65. #PermitUserEnvironment no
  66. #ClientAliveInterval 0
  67. #ClientAliveCountMax 3
  68. #UseDNS no
  69. #PidFile /var/run/sshd.pid
  70. #MaxStartups 10:30:100
  71. #PermitTunnel no
  72. #ChrootDirectory none
  73. #VersionAddendum none
  75. # no default banner path
  76. #Banner none
  78. # override default of no subsystems
  79. Subsystem   sftp    sftp-server.exe
  81. # Example of overriding settings on a per-user basis
  82. #Match User anoncvs
  83. #   AllowTcpForwarding no
  84. #   PermitTTY no
  85. #   ForceCommand cvs server
  87. # 注释下面两行
  88. #Match Group administrators
  89. #       AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
  1. net stop sshd
  2. net start sshd

3 Private Key 使用方式

  1. ssh user@ip -i <private_key_absolute_path>        (local users)
  2. ssh user@domain@ip -i <private_key_absolute_path> (Domain users)