├── tasks
    ├── main.yml
    └── install.yml
├── vars
    └── main.yml
├── handlers
    └── main.yml
├── templates
    ├── install-openssh.ps1.j2
    └── sshd_config.j2
├── LICENSE
├── defaults
    └── main.yml
└── README.md


/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - include: install.yml
3 | 


--------------------------------------------------------------------------------
/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # vars file for windows-openssh
3 | 


--------------------------------------------------------------------------------
/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: restart sshd
3 |   win_service:
4 |     name: SSHD
5 |     state: restarted
6 | 
7 | 


--------------------------------------------------------------------------------
/templates/install-openssh.ps1.j2:
--------------------------------------------------------------------------------
 1 | #!powershell
 2 | 
 3 | # Move into the openssh directory (Mandatory, don't ask)
 4 | cd {{ openssh_extract_dir }}\{{ openssh_archive_name }}
 5 | 
 6 | # Steps documented in: https://github.com/PowerShell/Win32-OpenSSH/wiki/Install-Win32-OpenSSH
 7 | .\ssh-keygen -A
 8 | New-NetFirewallRule -Protocol TCP -LocalPort 22 -Direction Inbound -Action Allow -DisplayName SSH
 9 | .\sshd.exe install
10 | Start-Service sshd
11 | Set-Service sshd -StartupType Automatic
12 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | The MIT License (MIT)
 2 | 
 3 | Copyright (c) 2016 Ableton AG, Berlin 
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/tasks/install.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | - name: Create temporary directory
 3 |   win_file:
 4 |     path: "{{ openssh_temporary_dir }}"
 5 |     state: directory
 6 | 
 7 | - name: Get openssh for windows release
 8 |   win_get_url:
 9 |     url: "{{ openssh_download_url }}"
10 |     dest: "{{ openssh_temporary_dir }}\\openssh.zip"
11 |     force: no
12 | 
13 | - name: Unzip openssh in extraction dir
14 |   win_unzip:
15 |     src: "{{ openssh_temporary_dir }}\\openssh.zip"
16 |     dest: "{{ openssh_extract_dir }}"
17 |     creates: "{{ openssh_extract_dir }}"
18 | 
19 | - name: Check if ssh private key exists
20 |   win_stat: path="{{ openssh_extract_dir }}\\{{ openssh_archive_name }}\\ssh_host_dsa_key"
21 |   register: private_key
22 | 
23 | - name: Copy installation script
24 |   win_template:
25 |     src: "{{ role_path }}/templates/install-openssh.ps1.j2"
26 |     dest: "C:\\install-openssh.ps1"
27 |   when: not private_key.stat.exists
28 | 
29 | - name: Run installation script
30 |   raw: "C:\\install-openssh.ps1"
31 |   when: not private_key.stat.exists
32 | 
33 | - name: Deploy ssh server configuration
34 |   win_template:
35 |     src: "{{ role_path }}/templates/sshd_config.j2"
36 |     dest: "{{ openssh_extract_dir }}\\{{ openssh_archive_name }}\\sshd_config"
37 |   notify:
38 |     - restart sshd
39 | 


--------------------------------------------------------------------------------
/defaults/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | openssh_download_url: "https://github.com/PowerShell/Win32-OpenSSH/releases/download/2_25_2016/OpenSSH-Win64.zip"
 3 | openssh_temporary_dir: "C:\\Temp"
 4 | openssh_archive_name: "OpenSSH-Win64"
 5 | openssh_extract_dir: "C:\\OpenSSH"
 6 | 
 7 | 
 8 | # Openssh daemon configuration (sshd_config)
 9 | openssh_sshd_ports: 
10 |   - 22
11 | openssh_sshd_listen_addresses: 
12 |   - "0.0.0.0"
13 |   - "::"
14 | openssh_sshd_protocol: 2
15 | openssh_sshd_host_keys:
16 |   - \\ssh_host_rsa_key
17 |   - \\ssh_host_dsa_key
18 |   - \\ssh_host_ecdsa_key
19 | 
20 | # Openssh daemon logging configuration (sshd_config)
21 | openssh_sshd_syslog_facility: AUTH
22 | openssh_sshd_log_level: INFO
23 | 
24 | # Openssh daemon authentication configuration (sshd_config)
25 | openssh_sshd_login_grace_time: "2m"
26 | openssh_sshd_permit_root_login: True
27 | openssh_sshd_strict_modes: True
28 | openssh_sshd_max_auth_tries: 6
29 | openssh_sshd_max_sessions: 10
30 | openssh_sshd_rsa_authentication: True
31 | openssh_sshd_pubkey_authentication: True
32 | 
33 | openssh_sshd_authorized_keys_file: ".ssh/authorized_keys"
34 | openssh_sshd_rhosts_rsa_authentication: False
35 | openssh_sshd_host_based_authentication: False
36 | openssh_sshd_ignore_user_known_hosts: False
37 | openssh_sshd_ignore_rhosts: True
38 | 
39 | openssh_sshd_password_authentication: True
40 | openssh_sshd_permit_empty_passwords: False
41 | openssh_sshd_challenge_response_authentication: True
42 | 
43 | openssh_sshd_allow_agent_forwarding: True
44 | openssh_sshd_allow_tcp_forwarding: True
45 | openssh_sshd_gateway_ports: False
46 | openssh_sshd_x11_forwarding: False
47 | openssh_sshd_x11_display_offset: 10
48 | openssh_sshd_x11_use_localhost: True
49 | openssh_sshd_print_motd: True
50 | openssh_sshd_print_last_log: True
51 | openssh_sshd_tcp_keep_alive: True
52 | openssh_sshd_use_login: False
53 | openssh_sshd_use_privilege_separation: True
54 | openssh_sshd_permit_user_environment: False
55 | openssh_sshd_compression: delayed
56 | openssh_sshd_client_alive_interval: 0
57 | openssh_sshd_client_alive_count_max: 3
58 | openssh_sshd_use_dns: True
59 | openssh_sshd_pid_file: /var/run/sshd.pid
60 | openssh_sshd_max_startups: 10
61 | openssh_sshd_permit_tunnel: False
62 | openssh_sshd_chroot_directory: none
63 | 
64 | openssh_sshd_banner: none
65 | 
66 | openssh_sshd_subsystems:
67 |   sftp: /win32openssh/bin/sftp-server.exe
68 |   scp: /win32openssh/bin/scp.exe
69 | 
70 | 


--------------------------------------------------------------------------------
/templates/sshd_config.j2:
--------------------------------------------------------------------------------
  1 | #jinja2: newline_sequence:'\r\n'
  2 | 
  3 | #       $OpenBSD: sshd_config,v 1.84 2011/05/23 03:30:07 djm Exp $
  4 | 
  5 | # This is the sshd server system-wide configuration file.  See
  6 | # sshd_config(5) for more information.
  7 | 
  8 | # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
  9 | 
 10 | # The strategy used for options in the default sshd_config shipped with
 11 | # OpenSSH is to specify options with their default value where
 12 | # possible, but leave them commented.  Uncommented options override the
 13 | # default value.
 14 | 
 15 | {% for port in openssh_sshd_ports %}
 16 | Port {{ port }}
 17 | {% endfor %}
 18 | 
 19 | {% for address in openssh_sshd_listen_addresses %}
 20 | ListenAddress {{ address }}
 21 | {% endfor %}
 22 | 
 23 | # The default requires explicit activation of protocol 1
 24 | Protocol {{ openssh_sshd_protocol }}
 25 | 
 26 | # HostKeys
 27 | {% for host_key in openssh_sshd_host_keys %}
 28 | HostKey {{ host_key }}
 29 | {% endfor %}
 30 | 
 31 | # Lifetime and size of ephemeral version 1 server key
 32 | #KeyRegenerationInterval 1h
 33 | #ServerKeyBits 1024
 34 | 
 35 | # Logging
 36 | # obsoletes QuietMode and FascistLogging
 37 | SyslogFacility {{ openssh_sshd_syslog_facility }}
 38 | LogLevel {{ openssh_sshd_log_level }}
 39 | 
 40 | # Authentication:
 41 | 
 42 | LoginGraceTime {{ openssh_sshd_login_grace_time }}
 43 | PermitRootLogin {{ 'yes' if openssh_sshd_permit_root_login else 'no' }}
 44 | StrictModes {{ 'yes' if openssh_sshd_strict_modes else 'no' }}
 45 | MaxAuthTries {{ openssh_sshd_max_auth_tries }}
 46 | MaxSessions {{ openssh_sshd_max_sessions }}
 47 | 
 48 | RSAAuthentication {{ 'yes' if openssh_sshd_rsa_authentication else 'no' }}
 49 | PubkeyAuthentication {{ 'yes' if openssh_sshd_pubkey_authentication else 'no' }}
 50 | 
 51 | # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
 52 | # but this is overridden so installations will only check .ssh/authorized_keys
 53 | AuthorizedKeysFile      {{ openssh_sshd_authorized_keys_file }}
 54 | 
 55 | # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
 56 | RhostsRSAAuthentication {{ 'yes' if openssh_sshd_rhosts_rsa_authentication else 'no' }}
 57 | # similar for protocol version 2
 58 | HostbasedAuthentication {{ 'yes' if openssh_sshd_host_based_authentication else 'no' }}
 59 | # Change to yes if you don't trust ~/.ssh/known_hosts for
 60 | # RhostsRSAAuthentication and HostbasedAuthentication
 61 | IgnoreUserKnownHosts {{ 'yes' if openssh_sshd_ignore_user_known_hosts else 'no' }}
 62 | # Don't read the user's ~/.rhosts and ~/.shosts files
 63 | IgnoreRhosts {{ 'yes' if openssh_sshd_ignore_rhosts else 'no' }}
 64 | 
 65 | # To disable tunneled clear text passwords, change to no here!
 66 | PasswordAuthentication {{ 'yes' if openssh_sshd_password_authentication else 'no' }}
 67 | PermitEmptyPasswords {{ 'yes' if openssh_sshd_permit_empty_passwords else 'no' }}
 68 | 
 69 | # Change to no to disable s/key passwords
 70 | ChallengeResponseAuthentication {{ 'yes' if openssh_sshd_challenge_response_authentication else 'no' }}
 71 | 
 72 | AllowAgentForwarding {{ 'yes' if openssh_sshd_allow_agent_forwarding else 'no' }}
 73 | AllowTcpForwarding  {{ 'yes' if openssh_sshd_allow_tcp_forwarding else 'no' }}
 74 | GatewayPorts  {{ 'yes' if openssh_sshd_gateway_ports else 'no' }}
 75 | X11Forwarding {{ 'yes' if openssh_sshd_x11_forwarding else 'no' }}
 76 | X11DisplayOffset {{ openssh_sshd_x11_display_offset }}
 77 | X11UseLocalhost {{ 'yes' if openssh_sshd_x11_use_localhost else 'no' }}
 78 | PrintMotd {{ 'yes' if openssh_sshd_print_motd else 'no' }}
 79 | PrintLastLog  {{ 'yes' if openssh_sshd_print_last_log else 'no' }}
 80 | TCPKeepAlive {{ 'yes' if openssh_sshd_tcp_keep_alive else 'no' }}
 81 | UseLogin {{ 'yes' if openssh_sshd_use_login else 'no' }}
 82 | UsePrivilegeSeparation {{ 'yes' if openssh_sshd_use_privilege_separation else 'no' }}
 83 | PermitUserEnvironment {{ 'yes' if openssh_sshd_permit_user_environment else 'no' }}
 84 | Compression {{ openssh_sshd_compression }}
 85 | ClientAliveInterval {{ openssh_sshd_client_alive_interval }}
 86 | ClientAliveCountMax {{ openssh_sshd_client_alive_count_max }}
 87 | UseDNS {{ 'yes' if openssh_sshd_use_dns else 'no' }}
 88 | PidFile {{ openssh_sshd_pid_file }}
 89 | MaxStartups {{ openssh_sshd_max_startups }}
 90 | PermitTunnel {{ 'yes' if openssh_sshd_permit_tunnel else 'no' }}
 91 | ChrootDirectory {{ openssh_sshd_chroot_directory }}
 92 | 
 93 | # no default banner path
 94 | Banner {{ openssh_sshd_banner }}
 95 | 
 96 | # override default of no subsystems
 97 | {% for key, value in openssh_sshd_subsystems.iteritems() %}
 98 | Subsystem       {{ key }}   {{ value }}
 99 | {% endfor %}
100 | 
101 | # Example of overriding settings on a per-user basis
102 | #Match User anoncvs
103 | #       X11Forwarding no
104 | #       AllowTcpForwarding no
105 | #       ForceCommand cvs server
106 | PubkeyAcceptedKeyTypes ssh-ed25519*,ssh-rsa*,ssh-dss*,ecdsa-sha2*
107 | 
108 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # This Repository is Unmaintained
  2 | 
  3 | This repository is currently unmaintained and will not see any further development.
  4 | 
  5 | windows-openssh
  6 | ===============
  7 | 
  8 | This ansible role helps to install and configure OpenSSH server on Windows hosts. It deploys the [official OpenSSH
  9 | port for Windows by Microsoft](https://github.com/PowerShell/Win32-OpenSSH).
 10 | 
 11 | Requirements
 12 | ------------
 13 | 
 14 | This role requires Ansible 2.0 or higher, and will only work against Windows 7 or higher hosts.
 15 | 
 16 | Role Variables
 17 | --------------
 18 | 
 19 | The variables that can be passed to this role and a brief description about them are as follows:
 20 | 
 21 | ```yaml
 22 | openssh_download_url: "https://github.com/PowerShell/Win32-OpenSSH/releases/download/2_25_2016/OpenSSH-Win64.zip"
 23 | openssh_temporary_dir: "C:\\Temp"      # Where to download the archive. If you change it make sure it exists
 24 | openssh_archive_name: "OpenSSH-Win64"  # Name of the root folder contained in the archive
 25 | openssh_extract_dir: "C:\\OpenSSH"     # Where to extract the archive
 26 | 
 27 | 
 28 | ### SSHD config file variables ###
 29 | openssh_sshd_ports: 
 30 |   - 22
 31 | openssh_sshd_listen_addresses: 
 32 |   - "0.0.0.0"
 33 |   - "::"
 34 | openssh_sshd_protocol: 2
 35 | openssh_sshd_host_keys:
 36 |   - \\ssh_host_rsa_key
 37 |   - \\ssh_host_dsa_key
 38 |   - \\ssh_host_ecdsa_key
 39 | 
 40 | openssh_sshd_syslog_facility: AUTH
 41 | openssh_sshd_log_level: INFO
 42 | 
 43 | openssh_sshd_login_grace_time: "2m"
 44 | openssh_sshd_permit_root_login: True
 45 | openssh_sshd_strict_modes: True
 46 | openssh_sshd_max_auth_tries: 6
 47 | openssh_sshd_max_sessions: 10
 48 | openssh_sshd_rsa_authentication: True
 49 | openssh_sshd_pubkey_authentication: True
 50 | 
 51 | openssh_sshd_authorized_keys_file: ".ssh/authorized_keys"
 52 | openssh_sshd_rhosts_rsa_authentication: False
 53 | openssh_sshd_host_based_authentication: False
 54 | openssh_sshd_ignore_user_known_hosts: False
 55 | openssh_sshd_ignore_rhosts: True
 56 | 
 57 | openssh_sshd_password_authentication: True
 58 | openssh_sshd_permit_empty_passwords: False
 59 | openssh_sshd_challenge_response_authentication: True
 60 | 
 61 | openssh_sshd_allow_agent_forwarding: True
 62 | openssh_sshd_allow_tcp_forwarding: True
 63 | openssh_sshd_gateway_ports: False
 64 | openssh_sshd_x11_forwarding: False
 65 | openssh_sshd_x11_display_offset: 10
 66 | openssh_sshd_x11_use_localhost: True
 67 | openssh_sshd_print_motd: True
 68 | openssh_sshd_print_last_log: True
 69 | openssh_sshd_tcp_keep_alive: True
 70 | openssh_sshd_use_login: False
 71 | openssh_sshd_use_privilege_separation: True
 72 | openssh_sshd_permit_user_environment: False
 73 | openssh_sshd_compression: delayed
 74 | openssh_sshd_client_alive_interval: 0
 75 | openssh_sshd_client_alive_count_max: 3
 76 | openssh_sshd_use_dns: True
 77 | openssh_sshd_pid_file: /var/run/sshd.pid
 78 | openssh_sshd_max_startups: 10
 79 | openssh_sshd_permit_tunnel: False
 80 | openssh_sshd_chroot_directory: none
 81 | 
 82 | openssh_sshd_banner: none
 83 | 
 84 | openssh_sshd_banner: none
 85 | 
 86 | openssh_sshd_subsystems:
 87 |   sftp: /win32openssh/bin/sftp-server.exe
 88 |   scp: /win32openssh/bin/scp.exe
 89 | ```
 90 | 
 91 | Example Playbook
 92 | ----------------
 93 | 
 94 | Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
 95 | 
 96 |     - hosts: mywindowshost
 97 |       roles:
 98 |          - { role: windows-openssh, openssh_sshd_port: 4242 }
 99 | 
100 | License
101 | -------
102 | 
103 | The MIT License (MIT)
104 | 
105 | Copyright (c) 2016 Ableton AG, Berlin.
106 | 
107 | Permission is hereby granted, free of charge, to any person obtaining a copy
108 | of this software and associated documentation files (the "Software"), to deal
109 | in the Software without restriction, including without limitation the rights
110 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
111 | copies of the Software, and to permit persons to whom the Software is
112 | furnished to do so, subject to the following conditions:
113 | 
114 | The above copyright notice and this permission notice shall be included in all
115 | copies or substantial portions of the Software.
116 | 
117 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
118 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
119 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
120 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
121 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
122 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
123 | SOFTWARE.
124 | 
125 | Author Information
126 | ------------------
127 | 
128 | [Theo Crevon](https://github.com/tcr-ableton)
129 | 
130 | Maintainers
131 | -----------
132 | 
133 | * [tcr-ableton](https://github.com/tcr-ableton)
134 | 


--------------------------------------------------------------------------------