Dell PowerProtect Cyber Recovery 19.12 Installation Guide

Installing and configuring OpenSSH with public key authentication on Windows

For the Cyber Recovery deployment to support the NetWorker application for Windows, install and then configure OpenSSH.

1. Open a PowerShell session on the Windows host.
2. Create a temporary folder in which to download the OpenSSH binaries:

   New-Item -Path c:\ -Name temp -ItemType Directory

3. Go to the c:\temp directory.
4. Download the OpenSSH binaries from GitHub at https://github.com/PowerShell/openssh-portable/archive/refs/tags/v8.1.0.0.zip.
5. Extract the files to the c:\program files\OpenSSH directory.

   Expand-Archive -Path "c:\temp\OpenSSH-Win64.zip -DestinationPath "C:\Program Files\OpenSSH"

   The c:\Program Files\OpenSSH\OpenSSH-Win64 folder is created and contains the binary and executable files.

6. Run the installation procedure:

   c:\Program Files\OpenSSH\OpenSSH-Win64 folder\install-sshd.ps1

   The sshd and ssh-agent services successful installed message is displayed.
7. Configure the firewall to allow the sshd service.

   New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22

8. Set the sshd service to start automatically:

   Set-Service sshd -StartupType Automatic

9. Start the sshd service to create the template file to configure the sshd service:

   start-service sshd

   The c:\ProgramData\ssh folder is created and contains the sshd_config file and template file for the private and public key.

10. Edit the sshd_config file and set the public key authentication to yes:

    ((Get-Content -path C:\ProgramData\ssh\sshd_config -Raw) -replace '#PubkeyAuthentication yes', 'PubkeyAuthentication yes'  -replace 'Match Group administrators','#Match Group administrators') | Set-Content -Path C:\ProgramData\ssh\sshd_config

11. Start the sshd service again so that the changes to the sshd_config file are in effect:

    Restart-Service sshd

    To verify that the SSH server is configured correctly, connect to the server from another Linux host using the ssh Administrator@<yourWindowshost> command. You are prompted to enter your password.

12. Set the default logging shell from Command Prompt to PowerShell:

    New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force

13. Create the user .ssh folder.

    New-Item -Path $env:USERPROFILE -Name .ssh -ItemType Directory -force

14. Disable User Account Control (AUC) to enable NetWorker to run in elevated mode:

    Set-ItemProperty -Path REGISTRY::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -Name ConsentPromptBehaviorAdmin -Value 0