diff --git a/wfvm/autounattend.nix b/wfvm/autounattend.nix index 8af25f7..99b0429 100644 --- a/wfvm/autounattend.nix +++ b/wfvm/autounattend.nix @@ -50,12 +50,8 @@ let # mkDirsDesc ++ writeKeysDesc ++ [ { - Path = ''powershell.exe Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 -Source ${driveLetter}\fod -LimitAccess''; - Description = "Add OpenSSH service."; - } - { - Path = ''powershell.exe Set-Service -Name sshd -StartupType Automatic''; - Description = "Enable SSH by default."; + Path = ''powershell.exe ${driveLetter}\install-ssh.ps1''; + Description = "Install OpenSSH service."; } ]; @@ -77,7 +73,7 @@ let ++ setupCommands ++ [ { - Path = ''powershell.exe ${driveLetter}\ssh-setup.ps1''; + Path = ''powershell.exe ${driveLetter}\setup.ps1''; Description = "Setup SSH and keys"; } ] @@ -314,7 +310,7 @@ in { ''; # autounattend.xml is _super_ picky about quotes and other things - setupScript = pkgs.writeText "ssh-setup.ps1" ( + setupScript = pkgs.writeText "setup.ps1" ( '' # Setup SSH and keys '' + diff --git a/wfvm/install-ssh.ps1 b/wfvm/install-ssh.ps1 new file mode 100644 index 0000000..14fc230 --- /dev/null +++ b/wfvm/install-ssh.ps1 @@ -0,0 +1,42 @@ +Write-Host "Expanding OpenSSH" +Expand-Archive D:\OpenSSH-Win64.zip C:\ + +Push-Location C:\OpenSSH-Win64 + +Write-Host "Installing OpenSSH" +& .\install-sshd.ps1 + +Write-Host "Generating host keys" +.\ssh-keygen.exe -A + +Write-Host "Fixing host file permissions" +& .\FixHostFilePermissions.ps1 -Confirm:$false + +Write-Host "Fixing user file permissions" +& .\FixUserFilePermissions.ps1 -Confirm:$false + +Pop-Location + +$newPath = 'C:\OpenSSH-Win64;' + [Environment]::GetEnvironmentVariable("PATH", [EnvironmentVariableTarget]::Machine) +[Environment]::SetEnvironmentVariable("PATH", $newPath, [EnvironmentVariableTarget]::Machine) + +#Write-Host "Adding public key to authorized_keys" +#$keyPath = "~\.ssh\authorized_keys" +#New-Item -Type Directory ~\.ssh > $null +#$sshKey | Out-File $keyPath -Encoding Ascii + +Write-Host "Opening firewall port 22" +New-NetFirewallRule -Protocol TCP -LocalPort 22 -Direction Inbound -Action Allow -DisplayName SSH + +Write-Host "Setting sshd service startup type to 'Automatic'" +Set-Service sshd -StartupType Automatic +Set-Service ssh-agent -StartupType Automatic +Write-Host "Setting sshd service restart behavior" +sc.exe failure sshd reset= 86400 actions= restart/500 + +#Write-Host "Configuring sshd" +#(Get-Content C:\ProgramData\ssh\sshd_config).replace('#TCPKeepAlive yes', 'TCPKeepAlive yes').replace('#ClientAliveInterval 0', 'ClientAliveInterval 300').replace('#ClientAliveCountMax 3', 'ClientAliveCountMax 3') | Set-Content C:\ProgramData\ssh\sshd_config + +Write-Host "Starting sshd service" +Start-Service sshd +Start-Service ssh-agent diff --git a/wfvm/openssh/README.md b/wfvm/openssh/README.md deleted file mode 100644 index 78f9817..0000000 --- a/wfvm/openssh/README.md +++ /dev/null @@ -1 +0,0 @@ -This file is not publicaly acessible anywhere so had to be extracted from a connected instance diff --git a/wfvm/openssh/server-package.cab b/wfvm/openssh/server-package.cab deleted file mode 100644 index fd9170c..0000000 Binary files a/wfvm/openssh/server-package.cab and /dev/null differ diff --git a/wfvm/win.nix b/wfvm/win.nix index 6c9de29..a8f24a7 100644 --- a/wfvm/win.nix +++ b/wfvm/win.nix @@ -47,7 +47,10 @@ let sha256 = "11n3kjyawiwacmi3jmfmn311g9xvfn6m0ccdwnjxw1brzb4kqaxg"; }; - openSshServerPackage = ./openssh/server-package.cab; + openSshServerPackage = pkgs.fetchurl { + url = "https://github.com/PowerShell/Win32-OpenSSH/releases/download/V8.6.0.0p1-Beta/OpenSSH-Win64.zip"; + sha256 = "1dw6n054r0939501dpxfm7ghv21ihmypdx034van8cl21gf1b4lz"; + }; autounattend = import ./autounattend.nix ( attrs // { @@ -69,17 +72,16 @@ let # Packages required to drive installation of other packages bootstrapPkgs = runQemuCommand "bootstrap-win-pkgs.img" '' - mkdir -p pkgs/fod - 7z x -y ${virtioWinIso} -opkgs/virtio cp ${bundleInstaller} pkgs/"$(stripHash "${bundleInstaller}")" # Install optional windows features - cp ${openSshServerPackage} pkgs/fod/OpenSSH-Server-Package~31bf3856ad364e35~amd64~~.cab + cp ${openSshServerPackage} pkgs/OpenSSH-Win64.zip # SSH setup script goes here because windows XML parser sucks - cp ${autounattend.setupScript} pkgs/ssh-setup.ps1 + cp ${./install-ssh.ps1} pkgs/install-ssh.ps1 + cp ${autounattend.setupScript} pkgs/setup.ps1 virt-make-fs --partition --type=fat pkgs/ $out '';