blob: 654b836bbe0fa58a6973f928559e833abeef9787 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
$ErrorActionPreference = "Stop"
. "${PSScriptRoot}\utils.ps1"
$VIRTIO_WIN_PATH = "E:\"
# Install QEMU quest agent
Write-Output "Installing QEMU guest agent"
$p = Start-Process -FilePath "msiexec.exe" -ArgumentList @("/i", "${VIRTIO_WIN_PATH}\guest-agent\qemu-ga-x86_64.msi", "/qn") -NoNewWindow -PassThru -Wait
if($p.ExitCode) {
Throw "The QEMU guest agent installation failed. Exit code: $($p.ExitCode)"
}
Write-Output "Successfully installed QEMU guest agent"
# Install OpenSSH server
Start-ExecuteWithRetry {
Get-WindowsCapability -Online -Name OpenSSH* | Add-WindowsCapability -Online
}
# Start OpenSSH server
Set-Service -Name "sshd" -StartupType Automatic
Start-Service -Name "sshd"
# Set PowerShell as default SSH shell
New-ItemProperty -PropertyType String -Force -Name DefaultShell -Path "HKLM:\SOFTWARE\OpenSSH" -Value (Get-Command powershell.exe).Source
# Create SSH firewall rule
New-NetFirewallRule -Name "sshd" -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
# Authorize the SSH key
$authorizedKeysFile = Join-Path $env:ProgramData "ssh\administrators_authorized_keys"
Set-Content -Path $authorizedKeysFile -Value (Get-Content "${PSScriptRoot}\id_rsa.pub") -Encoding ascii
$acl = Get-Acl $authorizedKeysFile
$acl.SetAccessRuleProtection($true, $false)
$administratorsRule = New-Object system.security.accesscontrol.filesystemaccessrule("Administrators", "FullControl", "Allow")
$systemRule = New-Object system.security.accesscontrol.filesystemaccessrule("SYSTEM", "FullControl", "Allow")
$acl.SetAccessRule($administratorsRule)
$acl.SetAccessRule($systemRule)
$acl | Set-Acl
# Reboot the machine to complete first logon process
Restart-Computer -Force -Confirm:$false
|
