win_ansible_role_sshd/tasks/powershell.yml
2022-12-31 15:50:42 +01:00

36 lines
1.6 KiB
YAML

---
# See https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse?tabs=powershell
- name: Set Powershell Execution to Remote Signed
ansible.windows.win_powershell:
script: "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope LocalMachine"
changed_when: _fw.changed
- name: Install the OpenSSH Server
ansible.windows.win_powershell:
script: "Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0"
changed_when: _fw.changed
- name: Set service startup mode to auto and ensure sshd is started
ansible.windows.win_service:
name: sshd
start_mode: auto
state: started
- name: Configure Powershell as default
ansible.windows.win_powershell:
script: 'New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "$Env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force'
changed_when: _fw.changed
#- name: Configure ACL and ssh keys
# ansible.windows.win_powershell:
# script: |
# # set acl on administrators_authorized_keys
# $admins = ([System.Security.Principal.SecurityIdentifier]'S-1-5-32-544').Translate( [System.Security.Principal.NTAccount]).Value
# $acl = Get-Acl $Env:ProgramData\ssh\administrators_authorized_keys
# $acl.SetAccessRuleProtection($true, $false)
# $administratorsRule = New-Object system.security.accesscontrol.filesystemaccessrule($admins,"FullControl","Allow")
# $systemRule = New-Object system.security.accesscontrol.filesystemaccessrule("SYSTEM","FullControl","Allow")
# $acl.SetAccessRule($administratorsRule)
# $acl.SetAccessRule($systemRule)
# $acl | Set-Acl
# changed_when: _fw.changed