Automate the Installation and Configuration of SSH on Windows

Written by Vinay

In the absence of WINRM, how to connect between windows to windows or windows to Linux or vice versa? SSH is here to RULE!

Below batch script runs on one or multiple target computers to install, configure and exchange the public keys. Here the use case is to establish Public Key-based authentication between the Rundeck Primary node with all the Windows AD connected hosts. 

:: This is a batch script to install and setup OpenSSH on Windows Systems (2012 and onwards)
:: Minimum requirements - 1. Pstools 2. Admin account 3. Working DNS to reach out target computers (FQDN) which are part of AD
:: pclist.txt - add hosts with its FQDN ex: server1.example.local one per line
:: Firewall - Network team to open Port 22 for the target computers

:: Get the password of rundeck

   @Echo Off   
   :HInput
   ::Version 3.0     
   SetLocal DisableDelayedExpansion
Echo Enter the 'rundeck' password below:
   Set "Line="
   Rem Save 0x08 character in BS variable
   For /F %%# In (
   '"Prompt;$H&For %%# in (1) Do Rem"'
   ) Do Set "BS=%%#"
   
   :HILoop
   Set "Key="
   For /F "delims=" %%# In (
   'Xcopy /L /W "%~f0" "%~f0" 2^>Nul'
   ) Do If Not Defined Key Set "Key=%%#"
   Set "Key=%Key:~-1%"
   SetLocal EnableDelayedExpansion
   If Not Defined Key Goto :HIEnd
   If %BS%==^%Key% (Set /P "=%BS% %BS%" <Nul
   Set "Key="
   If Defined Line Set "Line=!Line:~0,-1!"
   ) Else Set /P "=*" <Nul
   If Not Defined Line (EndLocal &Set "Line=%Key%"
   ) Else For /F delims^=^ eol^= %%# In (
   "!Line!") Do EndLocal &Set "Line=%%#%Key%"
   Goto :HILoop
   
   :HIEnd
   Echo(
Echo Starting Script Execution... 
   Pause
   ::Goto :Eof

:: Change directory to where 'psexec.exe' file exists 
cd C:\pstools
:: Copy pclist.txt to the same directory where 'psexec.exe' file exists
copy C:\ADComputers\pclist.txt c:\pstools\pclist.txt /y

:: Part 1: Copy, Install and Configure OpenSSH

:: create directory OpenSSH-Win64 in C:\Program Files in the target computers 
for /f %%a in (pclist.txt) do (mkdir \\%%a\c$\progra~1\OpenSSH-Win64)
:: Copy files from source computer to target computers
for /f %%a in (pclist.txt) do (copy /y c:\progra~1\OpenSSH-Win64 \\%%a\c$\progra~1\OpenSSH-Win64)
:: Install SSH using powershell script
psexec @pclist.txt /s cmd /c "echo . |powershell.exe -ExecutionPolicy Bypass -file c:\progra~1\OpenSSH-Win64\install-sshd.ps1" 
:: Start SSH service - Note: Please work with Network team to open SSH port between Rundeck master, nodes, Source and target computers
PsExec.exe @pclist.txt /s cmd /c net start sshd

:: Part 2: Create rundeck user profile, .ssh folder, create key pairs, share public keys 

:: Create .ssh folder in the rundeck
:: psexec @pclist.txt /s cmd /c "mkdir c:\users\rundeck\"
for /f %%a in (pclist.txt) do (echo Y | plink -ssh rundeck@%%a -pw !Line! mkdir %homepath%\.ssh)
:: Create SSH keys (id_rsa and id_rsa.pub) inside .ssh folder
psexec @pclist.txt /s cmd /c "echo N | c:\progra~1\OpenSSH-Win64\ssh-keygen.exe -q -f c:\Users\rundeck\.ssh\id_rsa -t rsa -N \'\'"
:: Copy authorized keys from source to target computers
for /f %%a in (pclist.txt) do (copy /y c:\Users\rundeck\.ssh\authorized_keys \\%%a\c$\Users\rundeck\.ssh\authorized_keys )
:: Copy the content of source computer's public key to target computers
for /f %%a in (pclist.txt) do (type c:\Users\rundeck\.ssh\id_rsa.pub >> \\%%a\c$\Users\rundeck\.ssh\authorized_keys)
:: Copy the content of target computer's public key to source computers
for /f %%a in (pclist.txt) do (type \\%%a\c$\Users\rundeck\.ssh\id_rsa.pub >> c:\Users\rundeck\.ssh\authorized_keys)
:: Copy authorized_keys file from source to target computer's C:\ProgramData\ssh folder
for /f %%a in (pclist.txt) do (copy /y c:\Users\rundeck\.ssh\authorized_keys \\%%a\c$\ProgramData\ssh\authorized_keys)
:: Run Host permissions fix script on all the remote computers
psexec @pclist.txt  /s cmd /c echo Y |powershell.exe -ExecutionPolicy Bypass -file c:\progra~1\openssh-win64\FixHostFilePermissions.ps1
:: Run User permissions fix script on all the remote computers
psexec @pclist.txt  /s cmd /c echo Y |powershell.exe -ExecutionPolicy Bypass -file c:\progra~1\openssh-win64\FixUserFilePermissions.ps1
:: Copy updated authorized_keys from source to Rundeck maser and nodes
c:\progra~1\openssh-win64\ssh rundeck@10.241.112.245 "ssh rundeck@10.241.116.59 'type c:\users\rundeck\.ssh\authorized_keys' >> /home/rundeck/.ssh/authorized_keys"
:: Test Connectivity
for /f %%a in (pclist.txt) do (echo %%a & c:\progra~1\OpenSSH-Win64\ssh  -o StrictHostKeyChecking=no rundeck@%%a "whoami & hostname & date /t")

Hope you’ve followed all the steps and able to setup OpenSSH on all windows hosts. NOTE: Works on Windows 2008 onwards…

If you enjoyed this post, I’d be very grateful if you’d help it spread by emailing it to a friend, or sharing it on your social platforms. Thank you!

What am I missing here? Let me know in the comments and I’ll add it in!

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s