1.先確認目前的作業系統有包含 OpenSSH 相關功能
JamesDoge
Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH*'
得到還沒安裝的內容
Name : OpenSSH.Client~~~~0.0.1.0
State : NotPresent
Name : OpenSSH.Server~~~~0.0.1.0
State : NotPresent
2.設了Proxy,因為在無對外網路的Windows Server 2019環境,使用管理權限的PowerShell
$Proxy = "http://10.99.99.99:80"
$ENV:HTTP_PROXY=$proxy
$ENV:HTTPS_PROXY=$proxy
註:Proxy為示意IP
3.安裝 OpenSSH
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
proxy 對外有通, 結果報錯
Add-WindowsCapability : Add-WindowsCapability failed. Error code = 0x800f0954
At line:1 char:1
+ Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Add-WindowsCapability], COMException
+ FullyQualifiedErrorId : Microsoft.Dism.Commands.AddWindowsCapabilityCommand
4.無法安裝的錯誤碼 Error code = 0x800f0954,參考網路上的解法後。
5.打開 gpedit.msc
6.選 Computer Configuration -> Administrative Templates -> System
7.選 Enabled
9.回到你的 Powershell 視窗,執行 gpupdate /force
gpupdate /force
10.再次重新運行Add-WindowsCapability以安裝該功能
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
11.安裝成功後確認
Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH*'
會得到還已安裝的內容
Name : OpenSSH.Client~~~~0.0.1.0
State : Installed
Name : OpenSSH.Server~~~~0.0.1.0
State : Installed
12.啟動 OpenSSH Server 服務
Start-Service sshd
13.設定 sshd 服務自動啟動
Set-Service -Name sshd -StartupType 'Automatic'
14.確認設定防火牆規則 (通常安裝後會自動設定完成,此步驟只是再確認一次)
if (!(Get-NetFirewallRule -Name "OpenSSH-Server-In-TCP" -ErrorAction SilentlyContinue | Select-Object Name, Enabled)) {
Write-Output "Firewall Rule 'OpenSSH-Server-In-TCP' does not exist, creating it..."
New-NetFirewallRule -Name 'OpenSSH-Server-In-TCP' -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
} else {
Write-Output "Firewall rule 'OpenSSH-Server-In-TCP' has been created and exists."
}
15.回到我的本地客戶端測試連看看SSH
ssh James@10.9.9.5
結果連不進去訊息為
Connection reset by 10.9.9.5 port 22
sshd -d
得到
debug1: sshd version OpenSSH_for_Windows_9.1, LibreSSL 3.6.1
debug1: get_passwd: lookup_sid() failed: 1789.
debug1: private host key #0: ssh-rsa SHA256:/LHJf****8aMUlnwfFSF6rICx****RNr6ySBw
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:z8vED****iwN4oxdOp6D2****Ok5USMj1gU
debug1: private host key #2: ssh-ed25519 SHA256:fjs0+XFc+IkO****M5rzOZmv3IpUqIAdUg
debug1: rexec_argv[0]='C:\\Program Files\\OpenSSH\\sshd.exe'
debug1: rexec_argv[1]='-d'
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
獲得關鍵線索
debug1: get_passwd: lookup_sid() failed: 1789. 有一個解決方法
Match Group administrators
AuthorizedKeysFile PROGRAMDATA /ssh/administrators_authorized_keys
改為
#Match Group administrators
#AuthorizedKeysFile PROGRAMDATA /ssh/administrators_authorized_keys
存檔覆蓋。
net stop sshd
net start sshd
Microsoft Windows [Version 10.0.17763.3653]
(c) 2018 Microsoft Corporation. All rights reserved.
COM\JAMES@DEV99 C:\Users\JAMES>dir
Volume in drive C has no label.
Volume Serial Number is 3A0B-C803
Directory of C:\Users\JAMES
12/29/2022 03:26 PM <DIR> .
12/29/2022 03:26 PM <DIR> ..
12/29/2022 03:26 PM <DIR> .ssh
12/29/2022 10:30 AM <DIR> 3D Objects
12/29/2022 10:30 AM <DIR> Contacts
12/29/2022 10:30 AM <DIR> Desktop
12/29/2022 10:30 AM <DIR> Documents
12/29/2022 11:10 AM <DIR> Downloads
12/29/2022 10:30 AM <DIR> Favorites
12/29/2022 10:30 AM <DIR> Links
12/29/2022 10:30 AM <DIR> Music
12/29/2022 10:45 AM 3,659,296 OpenSSH-Win64.zip
12/29/2022 10:30 AM <DIR> Pictures
12/29/2022 10:30 AM <DIR> Saved Games
12/29/2022 10:30 AM <DIR> Searches
12/29/2022 10:30 AM <DIR> Videos
1 File(s) 3,659,296 bytes
15 Dir(s) 116,917,039,104 bytes free
COM\JAMES@DEV99 C:\Users\JAMES>
參考文章:
iThome鐵人賽
看影片追技術