-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathwinssh.ps1
124 lines (110 loc) · 3.98 KB
/
winssh.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
param(
[Parameter(Mandatory=$False)][string]$RunMode = "default"
)
# Common functions
# ---------------------------------------------------------------------------------------#
Function is_elevated{
If (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(`
[Security.Principal.WindowsBuiltInRole] "Administrator")) {
Write-warning "This script requires elevated privileges to change Install Windows Features and change files."
Write-Host "Please re-launch the Powershell Session as Administrator." -foreground "red" -background "black"
break
}
}
Function install_ssh{
try {
Write-Host "Installing SSHd and Set Powershell as default Session" -foregroundcolor "yellow"
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
Set-Service sshd -StartupType Automatic
Set-Service ssh-agent -StartupType Automatic
Start-Service sshd
Start-Service ssh-agent
New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force
Get-Service *ssh*
Write-Host "OK" -foregroundcolor "green"
}
catch {
Write-Error "Fail to Install SSHd"
break
}
}
# Security Settings
# ---------------------------------------------------------------------------------------#
Function add_key{
try {
$key = "$(Invoke-RestMethod -uri http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key)"
add-Content -Path 'C:\ProgramData\ssh\administrators_authorized_keys' -Value $key
$acl = Get-Acl C:\ProgramData\ssh\administrators_authorized_keys
$acl.SetAccessRuleProtection($true, $false)
$administratorsRule = New-Object system.security.accesscontrol.filesystemaccessrule("Administrators","FullControl","Allow")
$systemRule = New-Object system.security.accesscontrol.filesystemaccessrule("SYSTEM","FullControl","Allow")
$acl.SetAccessRule($administratorsRule)
$acl.SetAccessRule($systemRule)
$acl | Set-Acl
}
catch {
Write-Error "Fail to set ssh key"
break
}
}
Function add_useradm{
try {
New-LocalUser -Name "ec2-user" -Description "ec2-user without password." -NoPassword
Add-LocalGroupMember -Group "Administrators" -Member "ec2-user"
}
catch {
Write-Error "Fail to Create ec2-user without password"
break
}
}
Function disable_password_auth{
try {
Stop-service sshd
$Filepath = "C:\ProgramData\ssh\sshd_config"
$File = (Get-Content "C:\ProgramData\ssh\sshd_config")
IF($File -match "#PasswordAuthentication yes"){
$File -Replace "#PasswordAuthentication yes","PasswordAuthentication no" | Set-Content $Filepath}
Start-Service sshd
}
catch {
Write-Error "Fail to modify sshd_config file"
break
}
}
Function powerash{
try {
Invoke-WebRequest -OutFile powerash.ps1 https://raw.githubusercontent.com/bgsilvait/powerash/master/powerash.ps1
.\powerash.ps1
}
catch {
Write-Error "Fail to run powerash"
break
}
}
Function install{
is_elevated
install_ssh
}
Function key_withoutpass{
install
add_key
add_useradm
disable_password_auth
}
Function full{
key_withoutpass
powerash
}
if ($RunMode -eq "default"){
Write-Host "Running Default Mode" -foregroundcolor "green"
install
} elseif ($RunMode -eq "key"){
Write-Host "Running Key Mode" -foregroundcolor "blue"
key_withoutpass
} elseif ($RunMode -eq "full"){
Write-Host "RUnning Full Mode" -foregroundcolor "blue"
full
} else {
Write-Host "You need to specify either default, key or full RunMode" -ForegroundColor "red"
Break
}