윈도우에 OpenSSH 서버 설치

/ Windows / 글쓴이
Print Friendly, PDF & Email
############################################################
# OpenSSH를 설치하기 전 OpenSSH로 접속할
# 윈도우 사용자를 미리 만들어 놓는다.
# (명령 프롬프트에서 실행)
############################################################
NET USER fortify /ADD
NET USER fortify /FULLNAME:"MicroFocus Fortify SCA/SSC" /EXPIRES:NEVER /COMMENT:"OpenSSH User" /LOGONPASSWORDCHG:NO /PASSWORDCHG:YES /PASSWORDREQ:YES /ACTIVE:YES
REM NET LOCALGROUP Administrators fortify /ADD
WMIC USERACCOUNT WHERE "NAME='fortify'" SET PASSWORDEXPIRES=FALSE
NET USER fortify Pass12!@

############################################################
# OpenSSH를 설치하기 전 윈도우 업데이트를 활성화 한다.
# (명령 프롬프트에서 실행)
############################################################
# 윈도우 업데이트 서비스 시작
SC CONFIG "WUAUSERV" START= AUTO
SC START "WUAUSERV"

############################################################
# OpenSSH를 설치
# (PowerShell 에서 실행)
############################################################
# 윈도우 추가 패키지 중 OpenSSH 관련 패키지 검색
Get-WindowsCapability -Online | ? Name -like 'OpenSSH*'

# OpenSSH Server 설치
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

############################################################
# OpenSSH 설정 편집
############################################################
%ProgramData%\ssh\sshd_config 파일을 편집하여 아래를 추가한다.
--------------

#HostKeyAlgorithms ssh-dss,ssh-rsa
#KexAlgorithms diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

AllowUsers fortify

Match Group Administrators
        AllowAgentForwarding no
        AllowTcpForwarding no
        PermitTunnel no
        AllowTcpForwarding no
        ForceCommand internal-sftp
        PermitTTY no
        X11Forwarding no
        ChrootDirectory D:\0_tmp

Match Group Users
        AllowAgentForwarding no
        AllowTcpForwarding no
        PermitTunnel no
        AllowTcpForwarding no
        ForceCommand internal-sftp
        PermitTTY no
        ChrootDirectory D:\0_tmp

--------------

############################################################
# OpenSSH 실행 및
# (PowerShell 에서 실행)
############################################################
# Start Service
Start-Service sshd

# Status
Get-Service -Name sshd

# OPTIONAL but recommended:
Set-Service -Name sshd -StartupType 'Automatic'

# Confirm the Firewall rule is configured. It should be created automatically by setup.
Get-NetFirewallRule -Name *ssh*

# There should be a firewall rule named "OpenSSH-Server-In-TCP", which should be enabled
# If the firewall does not exist, create one
New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22

############################################################
# 윈도우 업데이트를 비활성화 한다. (OPTIONAL)
# (명령 프롬프트에서 실행)
############################################################
SC CONFIG "WUAUSERV" START= DISABLED
SC STOP "WUAUSERV"

############################################################
# OpenSSH 제거
# (PowerShell 에서 실행)
############################################################
Remove-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
Remove-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0

############################################################
# 사용자의 홈디렉토리가 아닌 다른 디렉토리로 마운트하기 위해
# 사용자 홈 디렉토리에 심볼릭 링크를 만든다.
# (명령 프롬프트에서 실행)
############################################################
MKDIR D:\sca_data
RMDIR C:\Users\fortify\DATA_DIR
MKLINK /D C:\Users\fortify\DATA_DIR D:\sca_data
위로 스크롤