Advertisement
J2897

Deploy Cygwin and OpenSSH

Jan 11th, 2015
2,479
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Batch 12.76 KB | None | 0 0
  1. :: Released under the GNU General Public License version 3+ by J2897.
  2.  
  3. @echo OFF
  4. setlocal
  5. pushd "%~dp0"
  6. set "TITLE=Deploy Cygwin and OpenSSH"
  7. title %TITLE%
  8. cls
  9.  
  10. :: Tested successfully using version 2.874 (DLL 2.5.1) of the Cygwin Setup File on:
  11. ::
  12. ::  Windows 10      [64-Bit]
  13. ::  Windows 8.1     [64-Bit]
  14. ::  Windows 7       [64-Bit]
  15. ::  Windows 2003    [32-Bit]
  16.  
  17. REM #################### README #################### > BEGIN
  18. :: Filename:    deploy-cygwin-openssh.bat
  19. :: Version:     3.3
  20. :: Flowchart:   https://db.tt/Piue2nze
  21. :: Latest:      https://pastebin.com/nZjyYRLa
  22. :: Contact:     https://pastebin.com/message_compose?to=J2897
  23. ::
  24. :: This script will download and install Cygwin and the OpenSSH package, and then
  25. :: will run SSH-HOST-CONFIG, open the SSH port in Windows Firewall and start the
  26. :: OpenSSH service ready for you to log in via PuTTY using your Windows account.
  27. ::
  28. :: If you don't have PowerShell installed, you'll be prompted to manually
  29. :: download the Cygwin Setup File and to put it in the Local Storage Folder.
  30. ::
  31. :: WARNING: If you add a key to the "authorized_keys" file using Nano, check
  32. :: it again after saving!
  33. ::
  34. :: The key-type, key and key-name should all be on the same line. Example:
  35. :: ssh-rsa AAAADAQABAAABAQDCro54dL... David
  36. ::
  37. :: List of Microsoft's NT version numbers: http://ss64.com/nt/ver.html
  38. REM #################### README #################### > END
  39.  
  40. REM Get Window's NT version numbers.
  41. for /f "tokens=2 delims=[]" %%G in ('ver') do (set NT_VER=%%G)
  42. for /f "tokens=2,3,4 delims=. " %%G in ('echo %NT_VER%') do (set V1=%%G& set V2=%%H& set V3=%%I)
  43.  
  44. REM Figure out which operating system we're using.
  45. if %V1% EQU 10 (set "OS=Windows 10 or Windows Server 2016") else (
  46.     if %V1%.%V2% EQU 6.3 (set "OS=Windows 8.1 or Windows Server 2012 R2") else (
  47.         if %V1%.%V2% EQU 6.2 (set "OS=Windows 8 or Windows Server 2012") else (
  48.             if %V1%.%V2% EQU 6.1 (set "OS=Windows 7 or Windows Server 2008 R2") else (
  49.                 if %V1%.%V2% EQU 6.0 (set "OS=Windows Vista or Windows Server 2008") else (
  50.                     if %V1% EQU 5 (set "OS=Windows XP or Windows Server 2003") else (
  51.                         echo Unsupported operating system.
  52.                         echo.
  53.                         goto :End
  54.                     )
  55.                 )
  56.             )
  57.         )
  58.     )
  59. )
  60.  
  61. if not "%OS%"=="Windows XP or Windows Server 2003" (
  62.     REM Do OPENFILES to check for administrative privileges.
  63.     openfiles >nul
  64.     if errorlevel 1 (
  65.         color cf
  66.         echo Right-click on this file and select "Run as administrator".
  67.         endlocal
  68.         popd
  69.         pause
  70.         color
  71.         exit /b 1
  72.     )
  73. )
  74.  
  75. color 1b
  76. REM #################### MODIFY #################### > BEGIN
  77. set "AUTO_UPDATE=0" || REM Setting this to 1 will add the upgrade script to the Windows Task Scheduler.
  78. set "PAUSES=1" || REM This toggles all but the first and last pause.
  79. set "SSH_USER=cyg_server" || REM You'll never use this account. It's used by the Cygwin program only.
  80. set "SSH_PW=password" || REM You will never need to enter this password. But change it anyway for security reasons.
  81. set "SSH_PORT=22"
  82. set "MIRROR=http://mirrors.kernel.org/sourceware/cygwin/"
  83. set "PACKAGES=openssh,wget,nano"
  84. REM #################### MODIFY #################### > END
  85.  
  86. set "TAB=   "
  87. set "SITE=http://cygwin.com"
  88.  
  89. set "CYGFILE32=setup-x86.exe"
  90. set "CYGFILE64=setup-x86_64.exe"
  91. set "CYGDIR32=%SYSTEMDRIVE%\cygwin"
  92. set "CYGDIR64=%SYSTEMDRIVE%\cygwin64"
  93.  
  94. set "CU=cyg-upgrade.bat"
  95. set "CU_URL=http://pastebin.com/raw/c2q3SH9T"
  96. set "UCS=update-cygwin-setup.py"
  97. set "UCS_URL=http://pastebin.com/raw/xPN2cYat"
  98.  
  99. set "INSTALL_LOG=Cygwin Installation.log"
  100. set "SSH_HOST_CONFIG_LOG=Cygwin OpenSSH Host Configuration.log"
  101.  
  102. if "%SSH_PW%"=="password" (
  103.     echo Please open the "%~nx0" file in a text editor.
  104.     echo.
  105.     echo You must at least change the password between the "modify" lines...
  106.     echo.
  107.     findstr /N "MODIFY" "%~nx0" | find /V "findstr"
  108.     echo.
  109.     goto :End
  110. )
  111.  
  112. REM #################### HEADER #################### > BEGIN
  113. if "%OS%"=="Windows 10 or Windows Server 2016" (
  114.     set "SPACEX=                    "
  115. ) else (
  116.     set "SPACEX="
  117. )
  118. set "SPACELICENSE=    %SPACEX%"
  119. set "SPACETITLE=                           %SPACEX%"
  120. set "SPACENOTE1=                        %SPACEX%"
  121. set "SPACENOTE2=             %SPACEX%"
  122. set "SPACENOTE3=                      %SPACEX%"
  123. echo ^<^<^<%SPACELICENSE%Released under the GNU General Public License version 3+ by J2897.%SPACELICENSE%^>^>^>
  124. echo %SPACETITLE%%TITLE%
  125. echo.
  126. echo %SPACENOTE1%Copyright (C) 2015-2018 J2897.
  127. echo %SPACENOTE2%You are free to change and redistribute this software.
  128. echo %SPACENOTE3%^<http://gnu.org/licenses/gpl.html^>
  129. echo.
  130. REM #################### HEADER #################### > END
  131.  
  132. REM Detect OS architecture.
  133. set "ARCHITECTURE=64-Bit"
  134. if "%PROCESSOR_ARCHITECTURE%"=="x86" (
  135.     if not defined PROCESSOR_ARCHITEW6432 (set "ARCHITECTURE=32-Bit")
  136. )
  137.  
  138. REM Select the appropriate Setup File and the Main Cygwin Folder.
  139. if "%ARCHITECTURE%"=="32-Bit" (
  140.     set "SF=%CYGFILE32%"
  141.     set "MCF=%CYGDIR32%"
  142. ) else (
  143.     set "SF=%CYGFILE64%"
  144.     set "MCF=%CYGDIR64%"
  145. )
  146.  
  147. echo Windows Account:%TAB%%USERNAME%
  148. echo Operating System:%TAB%%OS%
  149. echo NT Version:%TAB%%TAB%%V1%.%V2%
  150. echo.
  151.  
  152. echo Setup File:%TAB%%TAB%%SF%
  153. echo Main Cygwin Folder:%TAB%%MCF%
  154.  
  155. REM Create the Local Storage Folder.
  156. set "LSF=%SYSTEMDRIVE%\cygstore"
  157. if not exist "%LSF%" (md "%LSF%")
  158. echo Local Storage Folder:%TAB%%LSF%
  159.  
  160. set "LSSF=%LSF%\scripts"
  161. if %AUTO_UPDATE% EQU 1 (
  162.     REM Create the Local Storage Scripts Folder.
  163.     if not exist "%LSSF%" (md "%LSSF%")
  164.     echo Local Scripts Folder:%TAB%%LSSF%
  165. )
  166.  
  167. REM Display notice.
  168. echo.
  169. echo This will download, install and configure Cygwin with the OpenSSH package. You
  170. echo must have a password set on your Windows account. If your Windows account is
  171. echo not password protected, please set one now before proceeding. You will use this
  172. echo same account to connect to this machine using PuTTY or any other SSH client.
  173. echo.
  174. pause
  175.  
  176. REM Is PowerShell installed?
  177. for /f "tokens=3" %%A in (
  178.     'reg query "HKLM\SOFTWARE\Microsoft\PowerShell\1" /v Install ^| find "Install"'
  179. ) do set "POWERSHELLINSTALLED=%%A"
  180. if not "%POWERSHELLINSTALLED%"=="0x1" (
  181.     echo.
  182.     echo PowerShell's not installed. So cannot download the most recent Setup File.
  183.     echo.
  184.     REM Is the Cygwin Setup File in the Local Storage Folder?
  185.     if exist "%LSF%\%SF%" (
  186.         echo Installing the local version instead.
  187.         goto :Install
  188.     ) else (
  189.         echo Put the %ARCHITECTURE% Cygwin Setup File in the Local Storage Folder and try again:
  190.         echo %LSF%
  191.         %WINDIR%\explorer.exe "%LSF%"
  192.         echo.
  193.         goto :End
  194.     )
  195. )
  196.  
  197. REM Does the install log exist?
  198. if exist "%USERPROFILE%\Logs\%INSTALL_LOG%" (
  199.     echo.
  200.     echo Cygwin seems to have already been installed:
  201.     echo %USERPROFILE%\Logs\%INSTALL_LOG%
  202.     echo.
  203.     choice /c YN /m "Would you like to skip this part"
  204.     if not errorlevel 2 (
  205.         echo.
  206.         echo Skipping Cygwin installation . . .
  207.         goto :Configure
  208.     )
  209. )
  210.  
  211. REM Download the Setup File.
  212. echo.
  213. echo Downloading the Cygwin Setup File to the Local Storage Folder . . .
  214. powershell -command "& { (New-Object Net.WebClient).DownloadFile('%SITE%/%SF%', '%LSF%\%SF%') }"
  215. if not exist "%LSF%\%SF%" (
  216.     echo Failed to download:%TAB%%LSF%\%SF%
  217.     echo.
  218.     goto :End
  219. )
  220.  
  221. :Install
  222. REM Install Cygwin with the OpenSSH package.
  223. title Deployment of %ARCHITECTURE% Cygwin and OpenSSH in progress...
  224. echo.
  225. echo Installing . . .
  226. if not exist "%USERPROFILE%\Logs" (md "%USERPROFILE%\Logs")
  227. :: https://cygwin.com/faq/faq.html#faq.setup.cli
  228. "%LSF%\%SF%" -q -s "%MIRROR%" -R "%MCF%" -P "%PACKAGES%" -l "%LSF%" >"%USERPROFILE%\Logs\%INSTALL_LOG%"
  229. %WINDIR%\explorer.exe "%USERPROFILE%\Logs"
  230.  
  231. REM Download Update Scripts.
  232. if %AUTO_UPDATE% EQU 1 (
  233.     echo.
  234.     if "%POWERSHELLINSTALLED%"=="0x1" (
  235.         echo Downloading the Upgrade Scripts to the Local Scripts Folder . . .
  236.         powershell -command "& { (New-Object Net.WebClient).DownloadFile('%CU_URL%', '%LSSF%\%CU%') }"
  237.         powershell -command "& { (New-Object Net.WebClient).DownloadFile('%UCS_URL%', '%LSSF%\%UCS%') }"
  238.     ) else (echo Add the %CU% file to the Windows Task Scheduler manually.)
  239. ) else (goto :Profile)
  240.  
  241. REM Add task to Windows Task Scheduler.
  242. echo 
  243. set "IMPORT_TASK_FAILED=0"
  244. if "%OS%"=="Windows XP or Windows Server 2003" (
  245.     schtasks /Create /SC MONTHLY /M JAN,FEB,MAR,APR,MAY,JUN,JUL,AUG,SEP,OCT,NOV,DEC /TN "Update Cygwin" /ST 05:00 /TR "%LSSF%\%CU%" /RU %USERNAME% /RP * /F
  246.     if %ERRORLEVEL% NEQ 0 (set "IMPORT_TASK_FAILED=1")
  247. ) else (
  248.     schtasks /Create /SC MONTHLY /M JAN,FEB,MAR,APR,MAY,JUN,JUL,AUG,SEP,OCT,NOV,DEC /TN "\Updates\Update Cygwin" /ST 05:00 /TR "%LSSF%\%CU%" /RU %USERNAME% /RP * /RL HIGHEST /F
  249.     if %ERRORLEVEL% NEQ 0 (set "IMPORT_TASK_FAILED=1")
  250. )
  251. if %IMPORT_TASK_FAILED% EQU 1 (
  252.     echo.
  253.     echo If you did not spell your password incorrectly, it may contain incompatible
  254.     echo special characters. So Cygwin will not be upgraded automatically. If this is
  255.     echo important to you, simply add the %CU% file to the Windows Task
  256.     echo Scheduler manually.
  257.     explorer /select,"%LSSF%\%CU%"
  258. )
  259. :Profile
  260. echo.
  261.  
  262. REM Use the Windows profile folders as the Cygwin home folders.
  263. echo Setting the Windows profile folders as the Cygwin home folders . . .
  264. echo.
  265. ::"%MCF%\bin\bash" --login -c "mkpasswd -l -p \"$(cygpath -H)\" > /etc/passwd" || REM This is the old method.
  266. "%MCF%\bin\bash" --login -c "echo \"db_home: windows\" >> /etc/nsswitch.conf" || REM This is the new method recommended by Cygwin.
  267. echo.
  268. move "%MCF%\home\%USERNAME%\*" "%USERPROFILE%"
  269. echo.
  270. echo Skeleton files were moved to:
  271. echo %USERPROFILE%
  272. echo.
  273. if %PAUSES% EQU 1 (pause)
  274. :Configure
  275.  
  276. REM Does the configuration log exist?
  277. if exist "%USERPROFILE%\Logs\%SSH_HOST_CONFIG_LOG%" (
  278.     echo OpenSSH seems to have already been configured:
  279.     echo %USERPROFILE%\Logs\%SSH_HOST_CONFIG_LOG%
  280.     echo.
  281.     choice /c YN /m "Would you like to skip this part"
  282.     if not errorlevel 2 (
  283.         echo.
  284.         echo Skipping OpenSSH host configuration . . .
  285.         echo.
  286.         goto :Firewall
  287.     ) else (
  288.         echo.
  289.     )
  290. )
  291.  
  292. REM Configure OpenSSH.
  293. echo.
  294. echo Configuring OpenSSH . . .
  295. echo.
  296. if not exist "%USERPROFILE%\Logs" (md "%USERPROFILE%\Logs")
  297. "%MCF%\bin\bash" --login -c "/bin/ssh-host-config -y -p %SSH_PORT% -u %SSH_USER% -w %SSH_PW%" | more /E /P >"%USERPROFILE%\Logs\%SSH_HOST_CONFIG_LOG%" 2>&1
  298.  
  299. REM Prepare PKA and set the correct permissions.
  300. echo Preparing Public Key Authentication . . .
  301. "%MCF%\bin\bash" --login -c "echo \"StrictModes no\" >> /etc/sshd_config"
  302. if not exist "%USERPROFILE%\.ssh" (
  303.     "%MCF%\bin\bash" --login -c "mkdir ~/.ssh;setfacl -b ~/.ssh;chmod 700 ~/.ssh;touch ~/.ssh/authorized_keys;chmod 600 ~/.ssh/authorized_keys"
  304. ) else (
  305.     "%MCF%\bin\bash" --login -c "setfacl -b ~/.ssh;chmod 700 ~/.ssh"
  306.     if not exist "%USERPROFILE%\.ssh\authorized_keys" (
  307.         "%MCF%\bin\bash" --login -c "touch ~/.ssh/authorized_keys;chmod 600 ~/.ssh/authorized_keys"
  308.     ) else (
  309.         "%MCF%\bin\bash" --login -c "chmod 600 ~/.ssh/authorized_keys"
  310.     )
  311. )
  312. echo.
  313.  
  314. REM Remove user from the Windows Logon screen.
  315. echo Removing %SSH_USER% from the Windows Logon screen . . .
  316. echo.
  317. reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /v %SSH_USER% /t REG_DWORD /d 0 /f
  318. echo.
  319. if %PAUSES% EQU 1 (pause & echo.)
  320.  
  321. :Firewall
  322. REM Punch a hole through Windows Firewall.
  323. echo Openning TCP port %SSH_PORT% in Windows Firewall . . .
  324. echo.
  325. if "%OS%"=="Windows XP or Windows Server 2003" (
  326.     netsh firewall add portopening protocol=TCP port=%SSH_PORT% name=OpenSSH
  327. ) else (
  328.     netsh advfirewall firewall add rule name=OpenSSH dir=in action=allow protocol=tcp localport=%SSH_PORT%
  329. )
  330. if %PAUSES% EQU 1 (pause & echo.)
  331.  
  332. REM Start OpenSSH.
  333. echo Starting OpenSSH . . .
  334. echo.
  335. net start cygsshd
  336.  
  337. REM Display connection information.
  338. echo Connect via PuTTY to:
  339. echo.
  340.  
  341. :: Connect by local IPv4 address...
  342. if "%OS%"=="Windows XP or Windows Server 2003" (
  343.     for /F "tokens=2 delims=:" %%I in ('"ipconfig | findstr Address"') do set "LOCAL_IP=%%I"
  344. ) else (
  345.     for /F "tokens=2 delims=:" %%I in ('"ipconfig | findstr IPv4"') do set "LOCAL_IP=%%I"
  346. )
  347. set "LOCAL_IP=%LOCAL_IP: =%"
  348. echo %TAB%%USERNAME%^@%LOCAL_IP%
  349.  
  350. :: Connect by fully qualified domain name...
  351. for /f "tokens=2,* delims= " %%A in ('ipconfig ^/all ^| findstr "Primary Dns"') do set "TEMPSUFFIX=%%B"
  352. for /f "tokens=1,2 delims=:" %%A in ('echo %TEMPSUFFIX%') do set "DNSSUFFIX=%%B"
  353. set "FQDN=%COMPUTERNAME%.%DNSSUFFIX:~1%"
  354. if not "%DNSSUFFIX%"==" " (
  355.     echo %TAB%%USERNAME%^@%FQDN%
  356. )
  357.  
  358. echo.
  359. echo Use the same password that you use to log in to Windows.
  360. echo.
  361. echo Alternatively, Public Key Authentication is set up too. So you can just add
  362. echo your key to the ~/.ssh/authorized_keys file. Typing 'rsshd' will restart the
  363. echo service, although that should not be necessary.
  364. echo.
  365. echo Remember to adjust the settings in the /etc/sshd_config file to harden your
  366. echo server's security.
  367. echo.
  368. "%MCF%\bin\bash" --login -c "echo \"alias rsshd='net stop cygsshd ^&^& net start cygsshd'\" >> ~/.bashrc"
  369.  
  370. :End
  371. endlocal
  372. popd
  373. title Finished.
  374. pause
  375. color
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement