--- # See https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse?tabs=powershell - name: Set Powershell Execution to Remote Signed ansible.windows.win_powershell: script: "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope LocalMachine" changed_when: _fw.changed - name: Install the OpenSSH Server ansible.windows.win_powershell: script: "Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0" changed_when: _fw.changed - name: Set service startup mode to auto and ensure sshd is started ansible.windows.win_service: name: sshd start_mode: auto state: started - name: Configure Powershell as default ansible.windows.win_powershell: script: 'New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "$Env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force' changed_when: _fw.changed #- name: Configure ACL and ssh keys # ansible.windows.win_powershell: # script: | # # set acl on administrators_authorized_keys # $admins = ([System.Security.Principal.SecurityIdentifier]'S-1-5-32-544').Translate( [System.Security.Principal.NTAccount]).Value # $acl = Get-Acl $Env:ProgramData\ssh\administrators_authorized_keys # $acl.SetAccessRuleProtection($true, $false) # $administratorsRule = New-Object system.security.accesscontrol.filesystemaccessrule($admins,"FullControl","Allow") # $systemRule = New-Object system.security.accesscontrol.filesystemaccessrule("SYSTEM","FullControl","Allow") # $acl.SetAccessRule($administratorsRule) # $acl.SetAccessRule($systemRule) # $acl | Set-Acl # changed_when: _fw.changed