sciagent code + Gitea Actions CI/CD
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,143 @@
|
||||
# ============================================================================
|
||||
# 00 — Enable OpenSSH Server trên Windows Server
|
||||
# USAGE:
|
||||
# 1. RDP vào VPS (103.124.94.58:3389)
|
||||
# 2. Mở PowerShell AS ADMINISTRATOR
|
||||
# 3. Copy-paste TOÀN BỘ file này vào PowerShell rồi Enter
|
||||
# 4. Chờ ~1 phút, script sẽ print "DONE" khi xong
|
||||
# 5. Báo lại cho dev để test SSH
|
||||
#
|
||||
# Script idempotent — chạy nhiều lần OK.
|
||||
# ============================================================================
|
||||
|
||||
#Requires -RunAsAdministrator
|
||||
|
||||
$ErrorActionPreference = 'Stop'
|
||||
$ProgressPreference = 'SilentlyContinue'
|
||||
|
||||
Write-Host ""
|
||||
Write-Host "=========================================================" -ForegroundColor Cyan
|
||||
Write-Host " DYD — Enable OpenSSH Server on Windows" -ForegroundColor Cyan
|
||||
Write-Host "=========================================================" -ForegroundColor Cyan
|
||||
|
||||
# --- 1. Install OpenSSH Server capability ---
|
||||
Write-Host ""
|
||||
Write-Host "[1/6] Install OpenSSH.Server capability ..." -ForegroundColor Yellow
|
||||
$cap = Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH.Server*'
|
||||
if ($cap.State -ne 'Installed') {
|
||||
Add-WindowsCapability -Online -Name $cap.Name | Out-Null
|
||||
Write-Host " [OK] Installed" -ForegroundColor Green
|
||||
}
|
||||
else {
|
||||
Write-Host " [OK] Already installed" -ForegroundColor Green
|
||||
}
|
||||
|
||||
# --- 2. Start sshd + auto-start ---
|
||||
Write-Host ""
|
||||
Write-Host "[2/6] Start sshd service ..." -ForegroundColor Yellow
|
||||
Start-Service sshd
|
||||
Set-Service -Name sshd -StartupType Automatic
|
||||
# Start ssh-agent too (tùy, cho key management)
|
||||
Set-Service -Name ssh-agent -StartupType Automatic
|
||||
Start-Service ssh-agent -ErrorAction SilentlyContinue
|
||||
Write-Host " [OK] sshd running, auto-start enabled" -ForegroundColor Green
|
||||
|
||||
# --- 3. Firewall rule port 22 ---
|
||||
Write-Host ""
|
||||
Write-Host "[3/6] Firewall rule port 22 ..." -ForegroundColor Yellow
|
||||
$rule = Get-NetFirewallRule -Name 'OpenSSH-Server-In-TCP' -ErrorAction SilentlyContinue
|
||||
if (-not $rule) {
|
||||
New-NetFirewallRule -Name 'OpenSSH-Server-In-TCP' `
|
||||
-DisplayName 'OpenSSH SSH Server (sshd)' `
|
||||
-Enabled True -Direction Inbound -Protocol TCP -Action Allow `
|
||||
-LocalPort 22 | Out-Null
|
||||
Write-Host " [OK] Firewall rule created" -ForegroundColor Green
|
||||
}
|
||||
else {
|
||||
Enable-NetFirewallRule -Name 'OpenSSH-Server-In-TCP'
|
||||
Write-Host " [OK] Firewall rule enabled" -ForegroundColor Green
|
||||
}
|
||||
|
||||
# --- 4. Set DefaultShell = PowerShell (thay cho cmd) ---
|
||||
Write-Host ""
|
||||
Write-Host "[4/6] Set DefaultShell = PowerShell ..." -ForegroundColor Yellow
|
||||
New-ItemProperty -Path 'HKLM:\SOFTWARE\OpenSSH' `
|
||||
-Name DefaultShell `
|
||||
-Value 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' `
|
||||
-PropertyType String -Force | Out-Null
|
||||
Write-Host " [OK] DefaultShell set to PowerShell" -ForegroundColor Green
|
||||
|
||||
# --- 5. Add dev machine public key to authorized_keys ---
|
||||
Write-Host ""
|
||||
Write-Host "[5/6] Add dev public key ..." -ForegroundColor Yellow
|
||||
|
||||
# === PUBLIC KEY ĐÃ EMBED — KHÔNG commit private key ===
|
||||
$PublicKey = 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM/SmlEVa41JmeIAwQOtEkdzUo1BLPJbJ+oDqDYm1ywQ dyd-vps-deploy-20260415'
|
||||
|
||||
# For Administrator account, dùng C:\ProgramData\ssh\administrators_authorized_keys
|
||||
# (KHÔNG dùng ~/.ssh/authorized_keys)
|
||||
$authFile = 'C:\ProgramData\ssh\administrators_authorized_keys'
|
||||
|
||||
# Ensure directory exists
|
||||
$authDir = Split-Path $authFile
|
||||
if (-not (Test-Path $authDir)) {
|
||||
New-Item -ItemType Directory -Path $authDir -Force | Out-Null
|
||||
}
|
||||
|
||||
# Append key nếu chưa có (idempotent)
|
||||
$existing = if (Test-Path $authFile) { Get-Content $authFile -Raw } else { '' }
|
||||
if ($existing -notmatch [regex]::Escape($PublicKey)) {
|
||||
Add-Content -Path $authFile -Value $PublicKey -Encoding UTF8
|
||||
Write-Host " [OK] Public key added" -ForegroundColor Green
|
||||
}
|
||||
else {
|
||||
Write-Host " [OK] Public key already present" -ForegroundColor Green
|
||||
}
|
||||
|
||||
# Fix permission — QUAN TRỌNG, sai permission = SSH silently reject key
|
||||
# Chỉ Administrators + SYSTEM được đọc
|
||||
icacls $authFile /inheritance:r | Out-Null
|
||||
icacls $authFile /grant 'Administrators:F' /grant 'SYSTEM:F' | Out-Null
|
||||
Write-Host " [OK] Permission locked (Admin + SYSTEM only)" -ForegroundColor Green
|
||||
|
||||
# --- 6. Verify ---
|
||||
Write-Host ""
|
||||
Write-Host "[6/6] Verify ..." -ForegroundColor Yellow
|
||||
|
||||
$sshd = Get-Service sshd
|
||||
if ($sshd.Status -eq 'Running') {
|
||||
Write-Host " [OK] sshd: Running" -ForegroundColor Green
|
||||
}
|
||||
else {
|
||||
Write-Host " [FAIL] sshd: $($sshd.Status)" -ForegroundColor Red
|
||||
}
|
||||
|
||||
# Test listener
|
||||
$listening = Get-NetTCPConnection -LocalPort 22 -State Listen -ErrorAction SilentlyContinue
|
||||
if ($listening) {
|
||||
Write-Host " [OK] Port 22: listening on $($listening[0].LocalAddress)" -ForegroundColor Green
|
||||
}
|
||||
else {
|
||||
Write-Host " [WARN] Port 22: not listening (may need restart)" -ForegroundColor Yellow
|
||||
}
|
||||
|
||||
# Test firewall
|
||||
$fw = Get-NetFirewallRule -Name 'OpenSSH-Server-In-TCP' -ErrorAction SilentlyContinue
|
||||
if ($fw -and $fw.Enabled -eq 'True') {
|
||||
Write-Host " [OK] Firewall: allowed" -ForegroundColor Green
|
||||
}
|
||||
|
||||
# --- DONE ---
|
||||
Write-Host ""
|
||||
Write-Host "=========================================================" -ForegroundColor Green
|
||||
Write-Host " DONE — SSH server ready" -ForegroundColor Green
|
||||
Write-Host "=========================================================" -ForegroundColor Green
|
||||
Write-Host ""
|
||||
Write-Host "Dev machine can now connect:"
|
||||
Write-Host " ssh -i ~/.ssh/dyd_vps Administrator@103.124.94.58" -ForegroundColor Yellow
|
||||
Write-Host ""
|
||||
Write-Host "Test từ máy dev:"
|
||||
Write-Host " ssh -i ~/.ssh/dyd_vps Administrator@103.124.94.58 hostname" -ForegroundColor Yellow
|
||||
Write-Host ""
|
||||
Write-Host "[!] Nếu đổi ý muốn disable SSH sau, chạy:"
|
||||
Write-Host " Stop-Service sshd; Set-Service sshd -StartupType Disabled"
|
||||
Reference in New Issue
Block a user