openssh server improvements, debloat mode

postproc/openssh-server/openssh_acl.py

@@ -20,5 +20,7 @@ apply_sd_recursively(
             ACE(ACE.ALLOW, MASK_FULL_CONTROL, SID_SYSTEM),
             ACE(ACE.ALLOW, MASK_FULL_CONTROL, SID_ADMINISTRATORS) ,
             ACE(ACE.ALLOW, MASK_READ_EXECUTE, SID_EVERYONE)
-        ], dacl_inherit=False)
+        ], dacl_inherit=False),
+        set_owner=True,
+        set_group=True,
 )

postproc/openssh-server/setup.sh

@@ -14,5 +14,6 @@ fi
 cp -rT OpenSSH-Win64 "$mnt/Program Files/OpenSSH"
 
 hivexregedit --merge --prefix 'HKEY_LOCAL_MACHINE\SYSTEM' "$mnt"/Windows/System32/config/SYSTEM "$my_dir/sshd_service.reg"
+hivexregedit --merge --prefix 'HKEY_LOCAL_MACHINE\SYSTEM' "$mnt"/Windows/System32/config/SYSTEM "$my_dir/sshd_firewall.reg"
 "$my_dir/openssh_acl.py" "$mnt"
 

postproc/openssh-server/sshd_firewall.reg

@@ -0,0 +1,5 @@
+Windows Registry Editor Version 5.00
+
+[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
+"sshd"="v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=22|Name=sshd|"
+