Ndagara ndichishungurudzika nekubatanidza kumaWindows machines. Kwete, handisi mupikisi kana mutsigiri weMicrosoft uye zvigadzirwa zvavo. Chigadzirwa chimwe nechimwe chiripo nekuda kwechinangwa chayo, asi handizvo zviri pamusoro peizvi.
Zvagara zvichirwadza zvakanyanya kwandiri kuti ndibatanidze kumaseva eWindows, nekuti izvi zvinongedzo zvinogadziriswa kuburikidza nenzvimbo imwe (mhoro WinRM neHTTPS) kana kusashanda zvakanyanya (mhoro RDP kune chaiwo muchina mhiri kwemakungwa).
Naizvozvo, wasangana netsaona purojekiti , ndakasarudza kugovera ruzivo rwangu rwekugadzirisa. Zvichida chishandiso ichi chichaponesa munhu tsinga dzakawanda.
Sarudzo dzekuisa:
- Through the Chokoreti uye
- Via Ansible, semuenzaniso basa
Zvadaro, ini ndichataura pamusoro pekutanga, sezvo zvinhu zvose zviri zvishoma kana zvishoma zvakajeka nezvimwe.
Ndinoda kuziva kuti chirongwa ichi chichiri padanho rebeta, saka hazvikurudzirwe kuishandisa mukugadzira.
Saka, dhawunirodha yazvino kuburitswa, panguva yazvino . Kune shanduro dzeese 32 uye 64 bit system.
Vhura mukati C: Chirongwa FilesOpenSSH
Chinhu chinosungirwa chekushanda chaiko: chete iyo SYSTEM uye admin group.
Kuisa masevhisi uchishandisa chinyorwa install-sshd.ps1 iri mudhairekitori rino
powershell.exe -ExecutionPolicy Bypass -File install-sshd.ps1Bvumira zvinopinda zvinongedzo pane port 22:
New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22Kujekesa: applet Nyowani-NetFirewallRule inoshandiswa paWindows Server 2012 uye gare gare. Mune ekare masisitimu (kana desktop) unogona kushandisa rairo:
netsh advfirewall firewall add rule name=sshd dir=in action=allow protocol=TCP localport=22
Ngatitangei sevhisi:
net start sshdPakutanga, makiyi ekugamuchira anozogadzirwa otomatiki (kana akashaikwa) mukati %programdata%ssh
Tinogona kugonesa autostart yebasa kana sisitimu yatanga nekuraira:
Set-Service sshd -StartupType AutomaticIwe unogona zvakare kushandura iyo default command shell (mushure mekuiswa, iyo default ndeye cmd):
New-ItemProperty -Path "HKLM:SOFTWAREOpenSSH" -Name DefaultShell -Value "C:WindowsSystem32WindowsPowerShellv1.0powershell.exe" -PropertyType String -ForceKujekesa: Unofanira kutsanangura nzira yakakwana.
Chii chinotevera?
Uye tobva tagadzirisa sshd_config, yatichaisa mairi C: Purogiramu Data. Somuenzaniso:
PasswordAuthentication no
PubkeyAuthentication yesUye gadzira dhairekitori mune mushandisi folda .ssh, uye mairi faira mvumo_makiyi. Tinonyora pasi makiyi eruzhinji ipapo.
Kujekeswa kwakakosha: mushandisi chete mune iro dhairekitori ririmo faira ndiye anofanira kuve nekodzero yekunyora kune iyi faira.
Asi kana uine matambudziko neizvi, unogona kugara uchidzima kodzero yekutarisa mune config:
StrictModes noNenzira, in C: Chirongwa FilesOpenSSH pane 2 zvinyorwa (FixHostFilePermissions.ps1, FixUserFilePermissions.ps1), iyo inofanirwa asi isingasungirwe kugadzirisa kodzero, kusanganisira ne mvumo_makiyi, asi nokuda kwechimwe chikonzero havanyore.
Usakanganwa kutangazve sevhisi ssh mushure mekushandisa shanduko.
ru-mbp-666:infrastructure$ ssh [email protected] -i ~/.ssh/id_rsa
Windows PowerShell
Copyright (C) 2016 Microsoft Corporation. All rights reserved.
PS C:UsersAdministrator> Get-Host
Name : ConsoleHost
Version : 5.1.14393.2791
InstanceId : 653210bd-6f58-445e-80a0-66f66666f6f6
UI : System.Management.Automation.Internal.Host.InternalHostUserInterface
CurrentCulture : en-US
CurrentUICulture : en-US
PrivateData : Microsoft.PowerShell.ConsoleHost+ConsoleColorProxy
DebuggerEnabled : True
IsRunspacePushed : False
Runspace : System.Management.Automation.Runspaces.LocalRunspace
PS C:UsersAdministrator>Subjective pros/cons.
Pros:
- Yakajairika nzira yekubatanidza kune maseva.
Kana paine mashoma eWindows michina, zvinonetsa kana:
Saka, hezvino tinoenda ne ssh, uye pano tinoshandisa rdp,
uye kazhinji, yakanakisa-kudzidzira nemabastion kutanga ssh tunnel, uye RDP kuburikidza nayo. - Kureruka kwekugadzirisa
Ndinofunga izvi zviri pachena. - Kumhanyisa kwekubatanidza uye kushanda nemuchina uri kure
Iko hakuna graphical shell, inochengetedza ese ese server zviwanikwa uye huwandu hwe data inofambiswa.
Cons:
- Haisi kutsiva zvachose RDP.
Hazvisi zvese zvinogona kuitwa kubva kune console, maiwe. Ndinoreva mamiriro apo GUI inodiwa.
Zvishandiso zvakashandiswa muchinyorwa:
Sarudzo dzekuisa dzakakopwa zvisinganyare kubva .
Source: www.habr.com