在 Windows Server 2019 安装 Open-SSH 无错版笔记

1.先确认目前的作业系统有包含 OpenSSH 相关功能

Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH*'

得到还没安装的内容

Name  : OpenSSH.Client~~~~0.0.1.0State : NotPresentName  : OpenSSH.Server~~~~0.0.1.0State : NotPresent

2.设了Proxy，因为在无对外网路的Windows Server 2019环境，使用管理权限的PowerShell

$Proxy = "http://10.99.99.99:80"$ENV:HTTP_PROXY=$proxy$ENV:HTTPS_PROXY=$proxy

注：Proxy为示意IP

3.安装 OpenSSH

Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

proxy 对外有通, 结果报错

Add-WindowsCapability : Add-WindowsCapability failed. Error code = 0x800f0954At line:1 char:1+ Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~    + CategoryInfo          : NotSpecified: (:) [Add-WindowsCapability], COMException    + FullyQualifiedErrorId : Microsoft.Dism.Commands.AddWindowsCapabilityCommand

4.无法安装的错误码 Error code = 0x800f0954，参考网路上的解法后。
5.打开 gpedit.msc

6.选 Computer Configuration -> Administrative Templates -> System

7.选 Enabled

点击 Download repair content and optional features directly from Windows Updates instead of Windows Server Updates Services (WSUS)

9.回到你的 Powershell 视窗，执行 gpupdate /force

gpupdate /force

10.再次重新运行Add-WindowsCapability以安装该功能

Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

11.安装成功后确认

Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH*'

会得到还已安装的内容

Name  : OpenSSH.Client~~~~0.0.1.0State : InstalledName  : OpenSSH.Server~~~~0.0.1.0State : Installed

12.启动 OpenSSH Server 服务

Start-Service sshd

13.设定 sshd 服务自动启动

Set-Service -Name sshd -StartupType 'Automatic'

14.确认设定防火墙规则 (通常安装后会自动设定完成，此步骤只是再确认一次)

if (!(Get-NetFirewallRule -Name "OpenSSH-Server-In-TCP" -ErrorAction SilentlyContinue | Select-Object Name, Enabled)) {    Write-Output "Firewall Rule 'OpenSSH-Server-In-TCP' does not exist, creating it..."    New-NetFirewallRule -Name 'OpenSSH-Server-In-TCP' -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22} else {    Write-Output "Firewall rule 'OpenSSH-Server-In-TCP' has been created and exists."}

15.回到我的本地客户端测试连看看SSH

ssh James@10.9.9.5

结果连不进去讯息为

Connection reset by 10.9.9.5 port 22

透过SSH DEBUG指令

sshd -d

得到

debug1: sshd version OpenSSH_for_Windows_9.1, LibreSSL 3.6.1debug1: get_passwd: lookup_sid() failed: 1789.debug1: private host key #0: ssh-rsa SHA256:/LHJf****8aMUlnwfFSF6rICx****RNr6ySBwdebug1: private host key #1: ecdsa-sha2-nistp256 SHA256:z8vED****iwN4oxdOp6D2****Ok5USMj1gUdebug1: private host key #2: ssh-ed25519 SHA256:fjs0+XFc+IkO****M5rzOZmv3IpUqIAdUgdebug1: rexec_argv[0]='C:\\Program Files\\OpenSSH\\sshd.exe'debug1: rexec_argv[1]='-d'debug1: Bind to port 22 on ::.Server listening on :: port 22.debug1: Bind to port 22 on 0.0.0.0.Server listening on 0.0.0.0 port 22.

获得关键线索

debug1: get_passwd: lookup_sid() failed: 1789. 有一个解决方法

回到Server里，用笔记本打开 $env:programdata\ssh\sshd_config注释掉以下内容：

Match Group administratorsAuthorizedKeysFile PROGRAMDATA /ssh/administrators_authorized_keys

改为

#Match Group administrators#AuthorizedKeysFile PROGRAMDATA /ssh/administrators_authorized_keys

存档覆盖。

重新启动服务

net stop sshdnet start sshd

终于连上了.....

Microsoft Windows [Version 10.0.17763.3653](c) 2018 Microsoft Corporation. All rights reserved.COM\JAMES@DEV99 C:\Users\JAMES>dir Volume in drive C has no label. Volume Serial Number is 3A0B-C803 Directory of C:\Users\JAMES12/29/2022  03:26 PM    <DIR>          .12/29/2022  03:26 PM    <DIR>          ..12/29/2022  03:26 PM    <DIR>          .ssh12/29/2022  10:30 AM    <DIR>          3D Objects12/29/2022  10:30 AM    <DIR>          Contacts12/29/2022  10:30 AM    <DIR>          Desktop12/29/2022  10:30 AM    <DIR>          Documents12/29/2022  11:10 AM    <DIR>          Downloads12/29/2022  10:30 AM    <DIR>          Favorites12/29/2022  10:30 AM    <DIR>          Links12/29/2022  10:30 AM    <DIR>          Music12/29/2022  10:45 AM         3,659,296 OpenSSH-Win64.zip12/29/2022  10:30 AM    <DIR>          Pictures12/29/2022  10:30 AM    <DIR>          Saved Games12/29/2022  10:30 AM    <DIR>          Searches12/29/2022  10:30 AM    <DIR>          Videos               1 File(s)      3,659,296 bytes              15 Dir(s)  116,917,039,104 bytes freeCOM\JAMES@DEV99 C:\Users\JAMES>

参考文章：

https://github.com/PowerShell/Win32-OpenSSH/issues/1476https://blog.miniasp.com/post/2021/12/11/How-to-setup-OpenSSH-Server-in-Windowshttps://thesysadminchannel.com/solved-add-windowscapability-failed-error-code-0x800f0954-rsat-fix/