Windows 10 OpenSSH 试用
20 Dec 2017工作涉及到 Linux 和 Windows 互为 Server/Client 的测试场景,一直期待 Windows 有内建的 ssh client/server (第三方的工具也试用过,但总是各种不方便,不好自动化)。最近有点时间又开始找有什么好的方案。
*最先搜到的是 “SSH Server Broker” and “SSH Server Proxy” 方案,打开/enable 方式很奇葩,而且也不好用,很失望。
昨天又搜到 powershell team blog 的文章,一通折腾终于 Windows 10 ssh client/server 都可以用了 :)
记录一下踩过的坑
权限/安全策略:
按照 msdn 的博客文章安装后 ssh client 工作良好。但是 ssh server 启动不了,又搜了一堆链接 发现是权限问题,
需要搜索 secpol 调出 "Local Security Policy Editor" 修改
Local Policies -> User Rights Assignment -> Replace a process level token
Local Policies -> User Rights Assignment -> Log on as a service
添加用户组 "NT Service\sshd"
对应命令行:(https://ss64.com/nt/ntrights.html)
ntrights.exe -u "NT SERVICE\SSHD" +r SeServiceLogonRight
ntrights.exe -u "NT SERVICE\SSHD" +r SeAssignPrimaryTokenPrivilege
用户名:
登陆用户名是 Windows 上 whoami 命令的结果,跟登录 Windows 的账户名不一样,
格式通常是: 'hostname\username'。
比如在 linux 上 ssh 连接我的 Windows 主机:
ssh deskmini-yin\\testuser@Windows-10
TODO:
Enable:
Get-WindowsCapability -Online | ? Name -like 'OpenSSH*'
# dism /Online /Get-Capabilities | findstr OpenSSH
# Install the OpenSSH Client
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
# dism /Online /Add-Capability /CapabilityName:OpenSSH.Client~~~~0.0.1.0
# Install the OpenSSH Server
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
# dism /Online /Add-Capability /CapabilityName:OpenSSH.Server~~~~0.0.1.0
Ref
https://blogs.msdn.microsoft.com/powershell/2017/12/15/using-the-openssh-beta-in-windows-10-fall-creators-update-and-windows-server-1709/
https://poweruser.blog/enabling-the-hidden-openssh-server-in-windows-10-fall-creators-update-1709-and-why-its-great-51c9d06db8df
https://www.bleepingcomputer.com/news/microsoft/how-to-install-the-built-in-windows-10-openssh-server/
https://github.com/PowerShell/Win32-OpenSSH/issues/290