Windows SSH 资产要求

Windows 资产的测试连接、硬件信息获取、用户自动推送功能需要进行以下相关设置

注意:按照下面的文档部署好 Openssh 后,在 Web 的资产列表里面找到您的 Windows 资产,在协议组中加入 rdp 3389和 ssh 22协议,然后就可以使用资产测试连接、硬件信息获取、用户自动推送的功能。

Win7/Win2008 需要升级 powershell 到 3.0 以上,详情请参考 ansible 客户端需求

1 安装 OpenSSH

下载最新的 OpenSSH-Win64.msi
- 通过管理员身份的直接运行即可,安装过程无需交互,安装完成后不需要任何配置即可直接使用。

2 使用 Private Key

  1. ssh-keygen.exe -t rsa
  2. cp $env:USERPROFILE\.ssh\id_rsa.pub $env:USERPROFILE\.ssh\authorized_keys
  1. notepad C:\ProgramData\ssh\sshd_config
  1. # This is the sshd server system-wide configuration file. See
  2. # sshd_config(5) for more information.
  3. # The strategy used for options in the default sshd_config shipped with
  4. # OpenSSH is to specify options with their default value where
  5. # possible, but leave them commented. Uncommented options override the
  6. # default value.
  7. #Port 22
  8. #AddressFamily any
  9. #ListenAddress 0.0.0.0
  10. #ListenAddress ::
  11. #HostKey __PROGRAMDATA__/ssh/ssh_host_rsa_key
  12. #HostKey __PROGRAMDATA__/ssh/ssh_host_dsa_key
  13. #HostKey __PROGRAMDATA__/ssh/ssh_host_ecdsa_key
  14. #HostKey __PROGRAMDATA__/ssh/ssh_host_ed25519_key
  15. # Ciphers and keying
  16. #RekeyLimit default none
  17. # Logging
  18. #SyslogFacility AUTH
  19. #LogLevel INFO
  20. # Authentication:
  21. #LoginGraceTime 2m
  22. #PermitRootLogin prohibit-password
  23. #StrictModes yes
  24. #MaxAuthTries 6
  25. #MaxSessions 10
  26. PubkeyAuthentication yes
  27. # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
  28. # but this is overridden so installations will only check .ssh/authorized_keys
  29. AuthorizedKeysFile .ssh/authorized_keys
  30. #AuthorizedPrincipalsFile none
  31. # For this to work you will also need host keys in %programData%/ssh/ssh_known_hosts
  32. #HostbasedAuthentication no
  33. # Change to yes if you don't trust ~/.ssh/known_hosts for
  34. # HostbasedAuthentication
  35. #IgnoreUserKnownHosts no
  36. # Don't read the user's ~/.rhosts and ~/.shosts files
  37. #IgnoreRhosts yes
  38. # To disable tunneled clear text passwords, change to no here!
  39. #PasswordAuthentication yes
  40. #PermitEmptyPasswords no
  41. # GSSAPI options
  42. #GSSAPIAuthentication no
  43. #AllowAgentForwarding yes
  44. #AllowTcpForwarding yes
  45. #GatewayPorts no
  46. #PermitTTY yes
  47. #PrintMotd yes
  48. #PrintLastLog yes
  49. #TCPKeepAlive yes
  50. #UseLogin no
  51. #PermitUserEnvironment no
  52. #ClientAliveInterval 0
  53. #ClientAliveCountMax 3
  54. #UseDNS no
  55. #PidFile /var/run/sshd.pid
  56. #MaxStartups 10:30:100
  57. #PermitTunnel no
  58. #ChrootDirectory none
  59. #VersionAddendum none
  60. # no default banner path
  61. #Banner none
  62. # override default of no subsystems
  63. Subsystem sftp sftp-server.exe
  64. # Example of overriding settings on a per-user basis
  65. #Match User anoncvs
  66. # AllowTcpForwarding no
  67. # PermitTTY no
  68. # ForceCommand cvs server
  69. # 注释下面两行
  70. #Match Group administrators
  71. # AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
  1. net stop sshd
  2. net start sshd

3 Private Key 使用方式

  1. ssh user@ip -i <private_key_absolute_path> (local users)
  2. ssh user@domain@ip -i <private_key_absolute_path> (Domain users)