# ============================================================================ # COPY TOÀN BỘ block PowerShell BÊN DƯỚI, paste vào PowerShell Admin trên VPS # (Nhỏ gọn ~4KB, clipboard RDP paste tốt) # ============================================================================ $ErrorActionPreference='Stop'; Write-Host "[DYD SSH] Start..." -F Cyan $cap = Get-WindowsCapability -Online | ? Name -like 'OpenSSH.Server*' if ($cap.State -ne 'Installed') { Add-WindowsCapability -Online -Name $cap.Name | Out-Null; Write-Host "[OK] OpenSSH installed" -F Green } else { Write-Host "[OK] OpenSSH already installed" -F Green } Start-Service sshd; Set-Service sshd -StartupType Automatic; Set-Service ssh-agent -StartupType Automatic; Start-Service ssh-agent -ErrorAction SilentlyContinue if (-not (Get-NetFirewallRule -Name 'OpenSSH-Server-In-TCP' -ErrorAction SilentlyContinue)) { New-NetFirewallRule -Name 'OpenSSH-Server-In-TCP' -DisplayName 'OpenSSH SSH Server' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22 | Out-Null } New-ItemProperty -Path 'HKLM:\SOFTWARE\OpenSSH' -Name DefaultShell -Value 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -PropertyType String -Force | Out-Null $pub = 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM/SmlEVa41JmeIAwQOtEkdzUo1BLPJbJ+oDqDYm1ywQ dyd-vps-deploy-20260415' $authFile = 'C:\ProgramData\ssh\administrators_authorized_keys' if (-not (Test-Path (Split-Path $authFile))) { New-Item -ItemType Directory -Path (Split-Path $authFile) -Force | Out-Null } $existing = if (Test-Path $authFile) { Get-Content $authFile -Raw } else { '' } if ($existing -notmatch [regex]::Escape($pub)) { Add-Content -Path $authFile -Value $pub -Encoding UTF8 } icacls $authFile /inheritance:r | Out-Null; icacls $authFile /grant 'Administrators:F' /grant 'SYSTEM:F' | Out-Null Restart-Service sshd $sshd = Get-Service sshd; $listen = Get-NetTCPConnection -LocalPort 22 -State Listen -ErrorAction SilentlyContinue Write-Host ""; Write-Host "=====================================" -F Green; Write-Host " DONE — SSH server ready" -F Green; Write-Host "=====================================" -F Green Write-Host " sshd status : $($sshd.Status)" -F Green Write-Host " port 22 : $(if($listen){'LISTENING'}else{'NOT listening'})" -F $(if($listen){'Green'}else{'Red'}) Write-Host " public key : added to $authFile" -F Green Write-Host ""; Write-Host "Dev can test:" -F Yellow Write-Host " ssh -i ~/.ssh/dyd_vps Administrator@103.124.94.58 hostname" -F Yellow