Add script to install OpenSSH server

2021-07-18 16:26:00 +02:00
parent ddc316ad9e
commit c0b46695b5
5 changed files with 553 additions and 13 deletions
--- a/postproc/openssh-server/openssh_acl.py
+++ b/postproc/openssh-server/openssh_acl.py
@@ -0,0 +1,24 @@
+#!/usr/bin/python3
+
+import sys,os
+from pathlib import Path
+
+sys.path.append(str(Path(__file__).parent.parent.parent))
+print(sys.path)
+
+from ntfs_acl import *
+
+
+mnt = Path(sys.argv[1])
+openssh_dir = mnt / "Program Files/OpenSSH"
+
+
+# Make sure only Administrators and SYSTEM can write to OpenSSH install dir
+apply_sd_recursively(
+        openssh_dir,
+        SecurityDescriptor(dacl=[
+            ACE(ACE.ALLOW, MASK_FULL_CONTROL, SID_SYSTEM),
+            ACE(ACE.ALLOW, MASK_FULL_CONTROL, SID_ADMINISTRATORS) ,
+            ACE(ACE.ALLOW, MASK_READ_EXECUTE, SID_EVERYONE)
+        ], dacl_inherit=False)
+)
--- a/postproc/openssh-server/setup.sh
+++ b/postproc/openssh-server/setup.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+mnt="$(readlink -f "$1")"
+
+my_dir="$(dirname "$0")"
+cd "$my_dir"
+
+if [[ ! -e OpenSSH-Win64 ]]; then
+    # adapted from https://github.com/PowerShell/Win32-OpenSSH/wiki/How-to-retrieve-links-to-latest-packages
+    url="$(curl -v https://github.com/PowerShell/Win32-OpenSSH/releases/latest/ 2>&1 |grep -i '< location:'  | awk '{print $3}' |tr -d '\r\n'|sed -re 's/tag/download/')/OpenSSH-Win64.zip"
+    curl "$url" -Lfo OpenSSH-Win64.zip
+    unzip OpenSSH-Win64
+fi
+cp -rT OpenSSH-Win64 "$mnt/Program Files/OpenSSH"
+
+hivexregedit --merge --prefix 'HKEY_LOCAL_MACHINE\SYSTEM' "$mnt"/Windows/System32/config/SYSTEM "$my_dir/sshd_service.reg"
+"$my_dir/openssh_acl.py" "$mnt"
+
--- a/postproc/openssh-server/sshd_service.reg
+++ b/postproc/openssh-server/sshd_service.reg
@@ -0,0 +1,20 @@
+Windows Registry Editor Version 5.00
+
+[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sshd]
+"Description"="SSH protocol based service to provide secure encrypted communications between two untrusted hosts over an insecure network."
+"DisplayName"="OpenSSH SSH Server"
+"ErrorControl"=dword:00000001
+"ImagePath"="C:\\Program Files\\OpenSSH\\sshd.exe"
+"ObjectName"="LocalSystem"
+"RequiredPrivileges"=hex(7):53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,50,\
+  00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,\
+  72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,54,00,63,\
+  00,62,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,\
+  65,00,42,00,61,00,63,00,6b,00,75,00,70,00,50,00,72,00,69,00,76,00,69,00,6c,\
+  00,65,00,67,00,65,00,00,00,53,00,65,00,52,00,65,00,73,00,74,00,6f,00,72,00,\
+  65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,\
+  00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,00,61,00,74,00,65,00,50,00,\
+  72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
+"Start"=dword:00000002
+"Type"=dword:00000010
+