Closed lmayorga1980 closed 4 years ago
I've never gotten around to figuring out how to connect via winrm to any windows AWS instance using a non-Administrator user. Even setting users in the administrators group hasn't seemed to be enough for me -- there's probably some other lever you have to pull to allow remote access for non-administrator users.
You may have better luck reaching out to the mailing list or community forum for help since I'm not a WinRM expert.
Since this is a configuration question and not a bug/feature request I'm going to close it to keep it off our github bug tracker but if you figure it out can you open a Documentation PR?
@SwampDragons
This is the final configuration to set SSH under the userdata.ps1
using Windows SSH. I can send a PR on the docs but I will need to workout at least a couple of provisioners too.
<powershell>
##User for Kevin
cmd /c net user myuser mypassword /add /y
cmd /c 'wmic UserAccount where Name="myuser" set PasswordExpires=False'
cmd /c net localgroup administrators myuser /add
write-output "Running User Data Script"
write-host "(host) Running User Data Script"
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
Start-Service sshd
# OPTIONAL but recommended:
Set-Service -Name sshd -StartupType 'Automatic'
# Confirm the Firewall rule is configured. It should be created automatically by setup.
Get-NetFirewallRule -Name *ssh*
# There should be a firewall rule named "OpenSSH-Server-In-TCP", which should be enabled
# If the firewall does not exist, create one
New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force
#REPLACE BY YOUR KEY COMING FROM SOMEWHERE ELSE INSTEAD OF HARDCODING
New-Item -Path $Env:Programdata/ssh -Name "administrators_authorized_keys" -ItemType "file" -Value "ssh-rsa <YOUR-PUBLIC-KEY>"
$acl = Get-Acl C:\ProgramData\ssh\administrators_authorized_keys
$acl.SetAccessRuleProtection($true, $false)
$administratorsRule = New-Object system.security.accesscontrol.filesystemaccessrule("Administrators","FullControl","Allow")
$systemRule = New-Object system.security.accesscontrol.filesystemaccessrule("SYSTEM","FullControl","Allow")
$acl.SetAccessRule($administratorsRule)
$acl.SetAccessRule($systemRule)
$acl | Set-Acl
Restart-Service sshd
cmd.exe /c netsh advfirewall firewall set rule group="remote administration" new enable=yes
</powershell>
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
I am trying to connect to a Windows SSH Server using the following snippet from the
user_data.ps1
.Anything else to make it work for WinRM?