Windows SSH 资产要求

Windows 资产测试连接, 获取硬件, 自动推送需要进行相关设置

注意: 按照下面的文档部署好 openssh 后, 在 web 的资产列表里面找到你的 windows 资产, 在协议组里面加入 rdp 3389, 再添加一个 ssh 22, 然后就可以使用 测试连接, 获取硬件, 自动推送 功能了

Win7/Win2008 需要升级 powershell 到 3.0 以上, 详情请参考 ansible 客户端需求

下载最新的 OpenSSH
解压后,重命名到 C:\Program Files\OpenSSH
通过管理员身份的方式打开 powershell , 并在 powershell 里面执行下面命令

1. 安装 OpenSSH

  1. cd "C:\Program Files\OpenSSH"
  2. powershell.exe -ExecutionPolicy Bypass -File install-sshd.ps1

2. 设置 Firewalld

  1. New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22

如果 win7/win2008 执行上面的命令报错请执行此处的命令

  1. netsh advfirewall firewall add rule name=sshd dir=in action=allow protocol=TCP localport=22

3. 启动 OpenSSH

  1. net start sshd
  2. Set-Service sshd -StartupType Automatic

4. 使用 Private Key

  1. ssh-keygen.exe -t rsa
  2. cp $env:USERPROFILE\.ssh\id_rsa.pub $env:USERPROFILE\.ssh\authorized_keys
  1. notepad C:\ProgramData\ssh\sshd_config
  1. # This is the sshd server system-wide configuration file. See
  2. # sshd_config(5) for more information.
  3. # The strategy used for options in the default sshd_config shipped with
  4. # OpenSSH is to specify options with their default value where
  5. # possible, but leave them commented. Uncommented options override the
  6. # default value.
  7. #Port 22
  8. #AddressFamily any
  9. #ListenAddress 0.0.0.0
  10. #ListenAddress ::
  11. #HostKey __PROGRAMDATA__/ssh/ssh_host_rsa_key
  12. #HostKey __PROGRAMDATA__/ssh/ssh_host_dsa_key
  13. #HostKey __PROGRAMDATA__/ssh/ssh_host_ecdsa_key
  14. #HostKey __PROGRAMDATA__/ssh/ssh_host_ed25519_key
  15. # Ciphers and keying
  16. #RekeyLimit default none
  17. # Logging
  18. #SyslogFacility AUTH
  19. #LogLevel INFO
  20. # Authentication:
  21. #LoginGraceTime 2m
  22. #PermitRootLogin prohibit-password
  23. #StrictModes yes
  24. #MaxAuthTries 6
  25. #MaxSessions 10
  26. PubkeyAuthentication yes
  27. # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
  28. # but this is overridden so installations will only check .ssh/authorized_keys
  29. AuthorizedKeysFile .ssh/authorized_keys
  30. #AuthorizedPrincipalsFile none
  31. # For this to work you will also need host keys in %programData%/ssh/ssh_known_hosts
  32. #HostbasedAuthentication no
  33. # Change to yes if you don't trust ~/.ssh/known_hosts for
  34. # HostbasedAuthentication
  35. #IgnoreUserKnownHosts no
  36. # Don't read the user's ~/.rhosts and ~/.shosts files
  37. #IgnoreRhosts yes
  38. # To disable tunneled clear text passwords, change to no here!
  39. #PasswordAuthentication yes
  40. #PermitEmptyPasswords no
  41. # GSSAPI options
  42. #GSSAPIAuthentication no
  43. #AllowAgentForwarding yes
  44. #AllowTcpForwarding yes
  45. #GatewayPorts no
  46. #PermitTTY yes
  47. #PrintMotd yes
  48. #PrintLastLog yes
  49. #TCPKeepAlive yes
  50. #UseLogin no
  51. #PermitUserEnvironment no
  52. #ClientAliveInterval 0
  53. #ClientAliveCountMax 3
  54. #UseDNS no
  55. #PidFile /var/run/sshd.pid
  56. #MaxStartups 10:30:100
  57. #PermitTunnel no
  58. #ChrootDirectory none
  59. #VersionAddendum none
  60. # no default banner path
  61. #Banner none
  62. # override default of no subsystems
  63. Subsystem sftp sftp-server.exe
  64. # Example of overriding settings on a per-user basis
  65. #Match User anoncvs
  66. # AllowTcpForwarding no
  67. # PermitTTY no
  68. # ForceCommand cvs server
  69. # 注释下面两行
  70. #Match Group administrators
  71. # AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
  1. net stop sshd
  2. net start sshd

Private Key 使用方式

  1. ssh user@ip -i <private_key_absolute_path> (local users)
  2. ssh user@domain@ip -i <private_key_absolute_path> (Domain users)