gamethis.win_openssh
Ansible Role win_openssh
This role installs Win32-OpenSSH on a Windows machine.
Note: This role has been tested with Win32-OpenSSH version 7.7.2.0p1-Beta. Newer versions might work, but there's no guarantee.
By default, this role will:
- Install
Win32-OpenSSHtoC:\Program Files\OpenSSHusing the latest release from GitHub - Set up the
sshdandssh-agentservices to start automatically - Create a firewall rule to allow incoming traffic on port
22fordomainandprivatenetworks - Configure the
sshd_configfile to allow public key and password authentication
You can also set some optional configurations:
- Choose a specific version to download from GitHub or another URL
- Specify the installation directory for the binaries
- Decide whether to set up the SSH server services
- Control if the SSH services will start automatically
- Define the firewall profiles for incoming SSH traffic
- Choose the port and other settings in
sshd_config - Add public key(s) to the current user's account
Requirements
- Windows Server 2008 R2 or later
Variables
Mandatory Variables
None. The role will function with default settings.
Optional Variables
opt_openssh_architecture: Choose either32or64(default:64).opt_openssh_firewall_profiles: Specify firewall profiles for SSH traffic (default:domain,private).opt_openssh_install_path: Directory for installing OpenSSH binaries (default:C:\Program Files\OpenSSH).opt_openssh_pubkeys: Add a string or list of strings to the user'sauthorized_keysfile; none will be added by default. Ifopt_openssh_shared_admin_keyisTrue, these keys won't affect admin user authentication.opt_openssh_shared_admin_pubkeys: String or list of strings for adding to administrator'sauthorized_keys.opt_openssh_setup_service: Choose whether to install the sshd service components or only the client executables (default:True).opt_openssh_skip_start: Choose not to startsshdandssh-agentservices automatically (default:False).opt_openssh_temp_path: Temporary directory to download the zip and extracted files (default:C:\Windows\TEMP).opt_openssh_url: Defines the download location for the OpenSSH zip; if omitted, it defaults to GitHub.opt_openssh_version: Sets a specific version to download from GitHub (default:latest).opt_openssh_zip_file: Defines a path to an OpenSSH zip file for installation. Used instead ofopt_openssh_urlif provided.opt_openssh_zip_remote_src: (default:False)
You can also customize the following sshd_config settings:
opt_openssh_port: Sets the port for the SSH service (default:22).opt_openssh_pubkey_auth: Allows or disallows SSH key authentication (default:True).opt_openssh_password_auth: Allows or disallows password authentication (default:True).opt_openssh_shared_admin_key: Set toTruefor a shared key for Administrators. Set toFalseto use individual users' keys (default:False).
Customize how the sshd service starts a new shell:
opt_openssh_default_shell: Change the default shell for OpenSSH. Provide the full path to the executable.opt_openssh_default_shell_command_option: Set arguments for the shell invocation; usually not adjusted.opt_openssh_default_shell_escape_args: Skip automatic argument escaping when invoking the shell.opt_openssh_powershell_subsystem: Set the PowerShell remoting subsystem path (default:undefined).
Output Variables
None
Role Dependencies
None
Example Playbook
- name: install Win32-OpenSSH with default settings
hosts: windows
gather_facts: no
roles:
- jborean93.win_openssh
- name: install specific version of Win32-OpenSSH to a custom folder
hosts: windows
gather_facts: no
roles:
- role: jborean93.win_openssh
opt_openssh_install_path: C:\OpenSSH
opt_openssh_version: v7.7.2.0p1-Beta
- name: install only the client components of Win32-OpenSSH
hosts: windows
gather_facts: no
roles:
- role: jborean93.win_openssh
opt_openssh_setup_service: False
Testing
To test this role, navigate to the tests folder and run vagrant up. This will launch a Windows Server 2019 host for testing. If the host is online, run vagrant provision to rerun the tests.
Backlog
No current features to add, but suggestions are welcome!