-
-
Save MartinSGill/0d29fbddfae9f742abfd04ce83dd7f67 to your computer and use it in GitHub Desktop.
FROM microsoft/windowsservercore:1709 | |
# Install Powershell | |
ADD https://github.com/PowerShell/PowerShell/releases/download/v6.0.0/PowerShell-6.0.0-win-x64.zip c:/powershell.zip | |
RUN powershell.exe -Command Expand-Archive c:/powershell.zip c:/PS6 ; Remove-Item c:/powershell.zip | |
RUN C:/PS6/pwsh.EXE -Command C:/PS6/Install-PowerShellRemoting.ps1 | |
# Install SSH | |
ADD https://github.com/PowerShell/Win32-OpenSSH/releases/download/0.0.24.0/OpenSSH-Win64.zip c:/openssh.zip | |
RUN c:/PS6/pwsh.exe -Command Expand-Archive c:/openssh.zip c:/ ; Remove-Item c:/openssh.zip | |
RUN c:/PS6/pwsh.exe -Command c:/OpenSSH-Win64/Install-SSHd.ps1 | |
# Configure SSH | |
COPY sshd_config c:/OpenSSH-Win64/sshd_config | |
COPY sshd_banner c:/OpenSSH-Win64/sshd_banner | |
WORKDIR c:/OpenSSH-Win64/ | |
# Don't use powershell as -f paramtere causes problems. | |
RUN c:/OpenSSH-Win64/ssh-keygen.exe -t dsa -N "" -f ssh_host_dsa_key && \ | |
c:/OpenSSH-Win64/ssh-keygen.exe -t rsa -N "" -f ssh_host_rsa_key && \ | |
c:/OpenSSH-Win64/ssh-keygen.exe -t ecdsa -N "" -f ssh_host_ecdsa_key && \ | |
c:/OpenSSH-Win64/ssh-keygen.exe -t ed25519 -N "" -f ssh_host_ed25519_key | |
# Create a user to login, as containeradministrator password is unknown | |
RUN net USER ssh "Passw0rd" /ADD && net localgroup "Administrators" "ssh" /ADD | |
# Set PS6 as default shell | |
RUN C:/PS6/pwsh.EXE -Command \ | |
New-Item -Path HKLM:\SOFTWARE -Name OpenSSH -Force; \ | |
New-ItemProperty -Path HKLM:\SOFTWARE\OpenSSH -Name DefaultShell -Value c:\ps6\pwsh.exe -PropertyType string -Force ; | |
RUN C:/PS6/pwsh.EXE -Command \ | |
./Install-sshd.ps1; \ | |
./FixHostFilePermissions.ps1 -Confirm:$false; | |
EXPOSE 22 | |
# For some reason SSH stops after build. So start it again when container runs. | |
CMD [ "c:/ps6/pwsh.exe", "-NoExit", "-Command", "Start-Service" ,"sshd" ] |
Port 22 | |
Protocol 2 | |
LogLevel DEBUG | |
# Authentication: | |
#LoginGraceTime 2m | |
PermitRootLogin yes | |
#StrictModes yes | |
#MaxAuthTries 6 | |
#MaxSessions 10 | |
#RSAAuthentication yes | |
#PubkeyAuthentication yes | |
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 | |
# but this is overridden so installations will only check .ssh/authorized_keys | |
AuthorizedKeysFile .ssh/authorized_keys | |
# To disable tunneled clear text passwords, change to no here! | |
PasswordAuthentication yes | |
PermitEmptyPasswords yes | |
Banner sshd_banner | |
Subsystem sftp sftp-server.exe | |
hostkeyagent \\.\pipe\openssh-ssh-agent |
I updated locally to current windows, powershell and openssh versions, and it seems to work for me:
FROM mcr.microsoft.com/windows/servercore:ltsc2019 # Install Powershell ADD https://github.com/PowerShell/PowerShell/releases/download/v7.3.6/PowerShell-7.3.6-win-x64.zip c:/powershell.zip RUN powershell.exe -Command Expand-Archive c:/powershell.zip c:/PS7 ; Remove-Item c:/powershell.zip RUN C:/PS7/pwsh.EXE -Command C:/PS7/Install-PowerShellRemoting.ps1 # Install SSH ADD https://github.com/PowerShell/Win32-OpenSSH/releases/download/v9.2.2.0p1-Beta/OpenSSH-Win64.zip c:/openssh.zip RUN c:/PS7/pwsh.exe -Command Expand-Archive c:/openssh.zip c:/ ; Remove-Item c:/openssh.zip RUN c:/PS7/pwsh.exe -Command c:/OpenSSH-Win64/Install-SSHd.ps1 # Configure SSH COPY sshd_config c:/OpenSSH-Win64/sshd_config COPY sshd_banner c:/OpenSSH-Win64/sshd_banner WORKDIR c:/OpenSSH-Win64/ # Don't use powershell as -f paramtere causes problems. RUN c:/OpenSSH-Win64/ssh-keygen.exe -t dsa -N "" -f ssh_host_dsa_key && \ c:/OpenSSH-Win64/ssh-keygen.exe -t rsa -N "" -f ssh_host_rsa_key && \ c:/OpenSSH-Win64/ssh-keygen.exe -t ecdsa -N "" -f ssh_host_ecdsa_key && \ c:/OpenSSH-Win64/ssh-keygen.exe -t ed25519 -N "" -f ssh_host_ed25519_key # Create a user to login, as containeradministrator password is unknown RUN net USER ssh "Passw0rd" /ADD && net localgroup "Administrators" "ssh" /ADD # Set PS7 as default shell RUN C:/PS7/pwsh.EXE -Command \ New-Item -Path HKLM:\SOFTWARE -Name OpenSSH -Force; \ New-ItemProperty -Path HKLM:\SOFTWARE\OpenSSH -Name DefaultShell -Value c:\ps7\pwsh.exe -PropertyType string -Force ; RUN C:/PS7/pwsh.EXE -Command \ ./Install-sshd.ps1; \ ./FixHostFilePermissions.ps1 -Confirm:$false; EXPOSE 22 # For some reason SSH stops after build. So start it again when container runs. CMD [ "c:/ps7/pwsh.exe", "-NoExit", "-Command", "Start-Service" ,"sshd" ]
Great work Martin et al, thanks ever so much. This is really helpful. Love the banner!
For applications that only require Powershell 5.1, I've been able to produce a much simpler Dockerfile, based on these commands:
https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse?tabs=powershell
I've got it to run based on a servercore:ltsc2022 image, and carried out a basic test of it within a Github Actions windows-2022 runner (sshing from a different process in the job using Python & Fabric). FYI there are official Powershell images now to use, if you do want a later Powershell version. You just need to figure out the path to powershell.exe if you want it as the log in shell - the docker files are on Github.
# escape=`
FROM mcr.microsoft.com/windows/servercore:ltsc2022
# hadolint shell=powershell
USER ContainerAdministrator
SHELL ["cmd.exe", "/C"]
RUN net USER ssh "Passw0rd" /ADD && net localgroup "Administrators" "ssh" /ADD
SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]
RUN New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force
RUN Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0; `
Start-Service sshd; `
Set-Service -Name sshd -StartupType 'Automatic'
EXPOSE 22
# Ping self to keep container alive
CMD ["cmd.exe", "/c", "ping", "-t", "localhost", ">", "NUL"]
The same Dockerfile with more comments, a Github Action workflow, a Python test script, and test results are in this repo:
https://github.com/JamesParrott/Windows__ssh_server_with_powershell/
Hi,
I've got this error:
Solution:
Replace this
RUN C:/PS6/pwsh.EXE -Command C:/PS6/Install-PowerShellRemoting.ps1
with this
RUN C:/PS6/pwsh.EXE -Command C:/PS6/Install-PowerShellRemoting.ps1 -PowerShellHome c:/PS6