Tricky getting it to accept ssh details (incl key).
.\Setup-BackrestSSH.ps1 -KeyPath "C:\Users\j\.ssh\id_rsa" -HostIP "192.168.1.100" -Username "youruser" -HostName "rock"
# Setup-BackrestSSH.ps1
param(
[Parameter(Mandatory=$true)]
[string]$KeyPath,
[Parameter(Mandatory=$true)]
[string]$HostIP,
[Parameter(Mandatory=$true)]
[string]$Username,
[string]$HostName = "backup"
)
$dir = "C:\Windows\System32\config\systemprofile\.ssh"
New-Item -ItemType Directory -Path $dir -Force | Out-Null
Copy-Item $KeyPath "$dir\id_rsa"
@"
Host $HostName
HostName $HostIP
User $Username
IdentityFile C:/Windows/System32/config/systemprofile/.ssh/id_rsa
StrictHostKeyChecking no
"@ | Set-Content "$dir\config"
$sys = (New-Object System.Security.Principal.SecurityIdentifier("S-1-5-18")).Translate([System.Security.Principal.NTAccount])
foreach ($file in @("$dir\config", "$dir\id_rsa")) {
$acl = Get-Acl $file
$acl.SetOwner($sys)
$acl.SetAccessRuleProtection($true, $false)
$acl.Access | ForEach-Object { $acl.RemoveAccessRule($_) | Out-Null }
$acl.AddAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule($sys, "FullControl", "Allow")))
Set-Acl $file $acl
}
[System.Environment]::SetEnvironmentVariable("HOME", "C:\Windows\System32\config\systemprofile", [System.EnvironmentVariableTarget]::Machine)
Stop-ScheduledTask -TaskName "Backrest" -ErrorAction SilentlyContinue
Start-Sleep -Seconds 2
Start-ScheduledTask -TaskName "Backrest" -ErrorAction SilentlyContinue
Write-Host "Done! Reboot if connection still fails." -ForegroundColor Green
# Take ownership
takeown /f "C:\Windows\System32\config\systemprofile\.ssh\config"
# Grant yourself permissions
icacls "C:\Windows\System32\config\systemprofile\.ssh\config" /grant "$env:USERNAME`:F"
# Now edit
notepad "C:\Windows\System32\config\systemprofile\.ssh\config"
# Get SYSTEM account
$systemAccount = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-18")
$systemUser = $systemAccount.Translate([System.Security.Principal.NTAccount])
# Fix SSH config file permissions
$acl = Get-Acl "C:\Windows\System32\config\systemprofile\.ssh\config"
$acl.SetOwner($systemUser)
$acl.SetAccessRuleProtection($true, $false)
$acl.Access | ForEach-Object { $acl.RemoveAccessRule($_) | Out-Null }
$systemRule = New-Object System.Security.AccessControl.FileSystemAccessRule($systemUser, "FullControl", "Allow")
$acl.AddAccessRule($systemRule)
Set-Acl "C:\Windows\System32\config\systemprofile\.ssh\config" $acl
# Fix SSH private key permissions
$acl = Get-Acl "C:\Windows\System32\config\systemprofile\.ssh\id_rsa"
$acl.SetOwner($systemUser)
$acl.SetAccessRuleProtection($true, $false)
$acl.Access | ForEach-Object { $acl.RemoveAccessRule($_) | Out-Null }
$acl.AddAccessRule($systemRule)
Set-Acl "C:\Windows\System32\config\systemprofile\.ssh\id_rsa" $acl
# Fix SSH private key permissions
$acl = Get-Acl "C:\Windows\System32\config\systemprofile\.ssh\id_ed25519"
$acl.SetOwner($systemUser)
$acl.SetAccessRuleProtection($true, $false)
$acl.Access | ForEach-Object { $acl.RemoveAccessRule($_) | Out-Null }
$acl.AddAccessRule($systemRule)
Set-Acl "C:\Windows\System32\config\systemprofile\.ssh\id_ed25519" $acl
# Restart Backrest
Stop-ScheduledTask -TaskName "Backrest"
Start-Sleep -Seconds 2
Start-ScheduledTask -TaskName "Backrest"