Ansible Role win_openssh

This role installs Win32-OpenSSH on a Windows system.

Note: This role has been tested with Win32-OpenSSH version 7.7.2.0p1-Beta, but newer versions may also work.

By default, this role will:

• Install Win32-OpenSSH in C:\Program Files\OpenSSH using the latest release from GitHub
• Set up the sshd and ssh-agent services to start automatically
• Create a firewall rule to allow incoming traffic on port 22 for domain and private networks
• Configure the sshd_config file to allow public key and password authentication

You can also customize the following settings with optional variables:

• Choose a specific version to download from GitHub or another URL
• Specify the installation directory for the binaries
• Decide whether to install the SSH server services
• Set whether the SSH services should start automatically
• Define which firewall profiles allow incoming SSH traffic
• Specify the port and other sshd_config settings
• Add public key(s) to the current user’s profile

Requirements

• Windows Server 2008 R2 or later

Variables

Mandatory Variables

None, the role will use default settings.

Optional Variables

• opt_openssh_architecture: Specify Windows architecture as either 32 or 64 (default: 64).
• opt_openssh_firewall_profiles: Firewall profiles to permit incoming SSH traffic (default: domain,private).
• opt_openssh_install_path: Directory for installing the OpenSSH binaries (default: C:\Program Files\OpenSSH).
• opt_openssh_pubkeys: Strings or a list of strings to be added to the user's authorized_keys file (default: none).
• opt_openssh_setup_service: Whether to install sshd service components or just the client executables (default: True).
• opt_openssh_skip_start: Prevents starting the sshd and ssh-agent services automatically (default: False).
• opt_openssh_temp_path: Temporary directory for downloading and extracting files (default: C:\Windows\TEMP).
• opt_openssh_url: Sets the download location for the OpenSSH zip; defaults to GitHub if omitted.
• opt_openssh_version: Sets the specific version to download from GitHub (default: latest).
• opt_openssh_zip_file: Path to the OpenSSH zip file for installation (if defined, overrides opt_openssh_url).
• opt_openssh_zip_remote_src: Indicates if the path to the zip file is remote or local (default: False).

You can customize the following sshd_config settings:

• opt_openssh_port: The port the SSH service will listen on (default: 22).
• opt_openssh_pubkey_auth: Allow authentication with SSH keys (default: True).
• opt_openssh_password_auth: Allow authentication with passwords (default: True).
• opt_openssh_shared_admin_key: Use a shared authorization key for Administrators (default: False).

You can customize shell options for starting the sshd service:

• opt_openssh_default_shell: Specify the shell to use for SSH sessions.
• opt_openssh_default_shell_command_option: Set arguments when invoking the shell.
• opt_openssh_default_shell_escape_args: Skip automatic escaping of arguments when starting the shell.
• opt_openssh_powershell_subsystem: Specify the path for PowerShell remoting (default: undefined).

Output Variables

None

Role Dependencies

None

Example Playbook

- name: install Win32-OpenSSH with the defaults
  hosts: windows
  gather_facts: no
  roles:
  - jborean93.win_openssh

- name: install specific version of Win32-OpenSSH
  hosts: windows
  gather_facts: no
  roles:
  - role: jborean93.win_openssh
    opt_openssh_install_path: C:\OpenSSH
    opt_openssh_version: v7.7.2.0p1-Beta

- name: install client components of Win32-OpenSSH only
  hosts: windows
  gather_facts: no
  roles:
  - role: jborean93.win_openssh
    opt_openssh_setup_service: False

Testing

To test this role, navigate to the tests folder and run vagrant up. This will set up a Windows Server 2019 host for testing. If the host is already running, use vagrant provision to re-run the tests.

Backlog

None - feature requests are welcome.