36 lines
1.6 KiB
YAML
36 lines
1.6 KiB
YAML
---
|
|
# See https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse?tabs=powershell
|
|
- name: Set Powershell Execution to Remote Signed
|
|
ansible.windows.win_powershell:
|
|
script: "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope LocalMachine"
|
|
changed_when: _fw.changed
|
|
|
|
- name: Install the OpenSSH Server
|
|
ansible.windows.win_powershell:
|
|
script: "Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0"
|
|
changed_when: _fw.changed
|
|
|
|
- name: Set service startup mode to auto and ensure sshd is started
|
|
ansible.windows.win_service:
|
|
name: sshd
|
|
start_mode: auto
|
|
state: started
|
|
|
|
- name: Configure Powershell as default
|
|
ansible.windows.win_powershell:
|
|
script: 'New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "$Env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force'
|
|
changed_when: _fw.changed
|
|
|
|
#- name: Configure ACL and ssh keys
|
|
# ansible.windows.win_powershell:
|
|
# script: |
|
|
# # set acl on administrators_authorized_keys
|
|
# $admins = ([System.Security.Principal.SecurityIdentifier]'S-1-5-32-544').Translate( [System.Security.Principal.NTAccount]).Value
|
|
# $acl = Get-Acl $Env:ProgramData\ssh\administrators_authorized_keys
|
|
# $acl.SetAccessRuleProtection($true, $false)
|
|
# $administratorsRule = New-Object system.security.accesscontrol.filesystemaccessrule($admins,"FullControl","Allow")
|
|
# $systemRule = New-Object system.security.accesscontrol.filesystemaccessrule("SYSTEM","FullControl","Allow")
|
|
# $acl.SetAccessRule($administratorsRule)
|
|
# $acl.SetAccessRule($systemRule)
|
|
# $acl | Set-Acl
|
|
# changed_when: _fw.changed
|