https://linzeyan.github.io/categories/windows/Recent content in Windows on RickyHugo -- gohugo.ioenTue, 03 Jan 2023 12:36:00 +0800https://linzeyan.github.io/posts/2023/20230103-windows-ssh-setup/Tue, 03 Jan 2023 12:36:00 +0800https://linzeyan.github.io/posts/2023/20230103-windows-ssh-setup/<ul> <li><a href="https://ansible.cloudns.pro/post/windows-ssh-setup/" target="_blank" rel="noopener">Windows SSH Setup</a></li> <li><a href="https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse" target="_blank" rel="noopener">Install OpenSSH for Windows</a></li> </ul> <ol> <li>The default shell is cmd. The docs say to change the ansible_shell_type variable if needed. This should be set as a host variable in inventory: ansible_shell_type, with value cmd or powershell.</li> <li>Add the ansible_connection host variable in inventory to indicate SSH connections. (<code>192.168.192.11 ansible_user=Administrator ansible_connection=ssh ansible_shell_type=cmd </code>)</li> <li>You may need to add remote_tmp in ansible.cfg and set it to C:\TEMP.</li> <li>In playbooks, use modules prefixed with <code>win_</code>, or use the raw module.</li> </ol>https://linzeyan.github.io/posts/2020/20201230-e4619f17e8d252b9ff72579ac271881c/Wed, 30 Dec 2020 21:24:12 +0800https://linzeyan.github.io/posts/2020/20201230-e4619f17e8d252b9ff72579ac271881c/<ul> <li><a href="https://gist.github.com/doggy8088/e4619f17e8d252b9ff72579ac271881c" target="_blank" rel="noopener">WSL 2 .wslconfig configuration explained</a></li> <li><a href="https://docs.microsoft.com/en-us/windows/wsl/release-notes#build-18945" target="_blank" rel="noopener">Release Notes for Windows Subsystem for Linux | Microsoft Docs - Build 18945</a></li> <li><a href="https://www.huanlintalk.com/2020/02/wsl-2-installation.html" target="_blank" rel="noopener">Install WSL 2 on Windows 10</a></li> <li><a href="https://blog.miniasp.com/post/2020/07/26/Multiple-Linux-Dev-Environment-build-on-WSL-2#google_vignette" target="_blank" rel="noopener">Build a multi-Linux development environment with WSL 2</a></li> </ul> <hr> <p>Steps to install WSL 2:</p> <ul> <li>Join the Windows Insider Program (required)</li> <li>Enable required WSL components</li> <li>Install a Linux distribution</li> <li>Set the Linux distribution to use WSL 2</li> <li>WSL 2 troubleshooting: compressed virtual disk files cannot be converted to the WSL 2 architecture</li> <li>Install and start Docker</li> <li>Install Docker Desktop v2.2.1.0</li> </ul> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-powershell" data-lang="powershell"><span style="display:flex;"><span><span style="color:#75715e"># Enable required WSL components</span> </span></span><span style="display:flex;"><span>dism.exe /online /enable-feature /featurename<span style="color:#960050;background-color:#1e0010">:</span>Microsoft-Windows-Subsystem-Linux /all /norestart </span></span><span style="display:flex;"><span>dism.exe /online /enable-feature /featurename<span style="color:#960050;background-color:#1e0010">:</span>VirtualMachinePlatform /all /norestart </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Set the Linux distribution to WSL 2</span> </span></span><span style="display:flex;"><span>wsl --set-version ubuntu <span style="color:#ae81ff">2</span> </span></span><span style="display:flex;"><span>wsl --set-default-version <span style="color:#ae81ff">2</span> </span></span></code></pre></div><hr> <ul> <li> <p>Edit <code>%UserProfile%\.wslconfig</code></p>https://linzeyan.github.io/posts/2020/20201210-setting-powershell-theme-with-oh-my-posh/Thu, 10 Dec 2020 13:15:59 +0800https://linzeyan.github.io/posts/2020/20201210-setting-powershell-theme-with-oh-my-posh/<ul> <li><a href="https://blog.poychang.net/setting-powershell-theme-with-oh-my-posh/" target="_blank" rel="noopener">Style PowerShell with oh-my-posh</a></li> </ul> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-powershell" data-lang="powershell"><span style="display:flex;"><span><span style="color:#75715e"># This downloads and installs the posh-git and oh-my-posh modules from PowerShell Gallery.</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># The former shows Git info in the prompt, and the latter provides the themes.</span> </span></span><span style="display:flex;"><span>Install-Module posh-git -Scope CurrentUser </span></span><span style="display:flex;"><span>Install-Module oh-my-posh -Scope CurrentUser </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Next, edit the PowerShell profile loaded at startup. In PowerShell, $PROFILE shows the current</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># user&#39;s profile path. The file may not exist; run the commands below to create it and open it.</span> </span></span><span style="display:flex;"><span><span style="color:#66d9ef">if</span> (!(Test-Path -Path $PROFILE )) { New-Item -Type File -Path $PROFILE -Force } </span></span><span style="display:flex;"><span>notepad $PROFILE </span></span></code></pre></div><p>Add the following commands to the profile file:</p>https://linzeyan.github.io/posts/2020/20201203-provisioning-a-windows-server-vagrant-box-with-iis-net-4-5-and-octopus-deploy/Thu, 03 Dec 2020 12:39:01 +0800https://linzeyan.github.io/posts/2020/20201203-provisioning-a-windows-server-vagrant-box-with-iis-net-4-5-and-octopus-deploy/<ul> <li><a href="https://kwilson.io/blog/provisioning-a-windows-server-vagrant-box-with-iis-net-4-5-and-octopus-deploy/" target="_blank" rel="noopener">Provisioning a Windows Server Vagrant box with IIS, .NET 4.5 and Octopus Deploy</a></li> <li><a href="https://stackoverflow.com/questions/64242931/how-to-use-a-powershell-script-during-vagrant-up-on-host-correctly" target="_blank" rel="noopener">How to use a powershell script during vagrant up on host correctly?</a></li> <li><a href="https://akrabat.com/first-steps-with-windows-on-vagrant/" target="_blank" rel="noopener">First steps with Windows on Vagrant</a></li> <li><a href="https://followkman.com/2016/07/27/vagrant-up-on-windows-10-with-hyper-v/" target="_blank" rel="noopener">https://followkman.com/2016/07/27/vagrant-up-on-windows-10-with-hyper-v/</a></li> </ul>https://linzeyan.github.io/posts/2020/20200917-5b892a0b2b71775d1ce04eff/Thu, 17 Sep 2020 13:15:33 +0800https://linzeyan.github.io/posts/2020/20200917-5b892a0b2b71775d1ce04eff/<ul> <li><a href="https://www.twblogs.net/a/5b892a0b2b71775d1ce04eff" target="_blank" rel="noopener">Deploying OpenVPN with AD domain authentication</a></li> <li><a href="https://jameschien.no-ip.biz/wordpress/2020/02/19/openvpn-pam-sssd-active-directory/" target="_blank" rel="noopener">OpenVPN + PAM + SSSD + Active Directory</a></li> <li><a href="https://computingforgeeks.com/install-and-configure-openvpn-server-on-rhel-centos-8/" target="_blank" rel="noopener">https://computingforgeeks.com/install-and-configure-openvpn-server-on-rhel-centos-8/</a></li> <li><a href="https://www.redhat.com/en/blog/consistent-security-crypto-policies-red-hat-enterprise-linux-8" target="_blank" rel="noopener">https://www.redhat.com/en/blog/consistent-security-crypto-policies-red-hat-enterprise-linux-8</a></li> <li><a href="https://medium.com/jerrynotes/linux-authentication-windows-ad-without-join-domain-7963c3fd44c5" target="_blank" rel="noopener">https://medium.com/jerrynotes/linux-authentication-windows-ad-without-join-domain-7963c3fd44c5</a></li> </ul> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e"># Install OpenVPN</span> </span></span><span style="display:flex;"><span>yum install openvpn -y </span></span><span style="display:flex;"><span>yum -y install openssl openssl-devel -y </span></span><span style="display:flex;"><span>yum -y install lzo lzo-devel -y </span></span><span style="display:flex;"><span>yum install -y libgcrypt libgpg-error libgcrypt-devel </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Install OpenVPN auth plugin</span> </span></span><span style="display:flex;"><span>yum install openvpn-auth-ldap -y </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Install easy-rsa</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Since openvpn 2.3 removed easy-rsa from the package, install it separately.</span> </span></span><span style="display:flex;"><span>yum install easy-rsa </span></span><span style="display:flex;"><span>cp -rf /usr/share/easy-rsa/2.0 /etc/opevpn/ </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Generate OpenVPN keys and certificates</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Edit `/opt/openvpn/etc/easy-rsa/2.0/vars` parameters</span> </span></span><span style="display:flex;"><span>export KEY_COUNTRY<span style="color:#f92672">=</span><span style="color:#e6db74">&#34;CN&#34;</span> <span style="color:#75715e"># Country</span> </span></span><span style="display:flex;"><span>export KEY_PROVINCE<span style="color:#f92672">=</span><span style="color:#e6db74">&#34;ZJ&#34;</span> <span style="color:#75715e"># Province</span> </span></span><span style="display:flex;"><span>export KEY_CITY<span style="color:#f92672">=</span><span style="color:#e6db74">&#34;NingBo&#34;</span> <span style="color:#75715e"># City</span> </span></span><span style="display:flex;"><span>export KEY_ORG<span style="color:#f92672">=</span><span style="color:#e6db74">&#34;TEST-VPN&#34;</span> <span style="color:#75715e"># Organization</span> </span></span><span style="display:flex;"><span>exportKEY_EMAIL<span style="color:#f92672">=</span><span style="color:#e6db74">&#34;81367070@qq.com&#34;</span> <span style="color:#75715e"># Email</span> </span></span><span style="display:flex;"><span>export KEY_OU<span style="color:#f92672">=</span><span style="color:#e6db74">&#34;baidu&#34;</span> <span style="color:#75715e"># Unit</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>source vars </span></span><span style="display:flex;"><span>./clean-all </span></span><span style="display:flex;"><span>./build-ca </span></span><span style="display:flex;"><span>./build-dh </span></span><span style="display:flex;"><span>./build-key-server server </span></span><span style="display:flex;"><span>./build-key client1 </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Edit the OpenVPN server config: `/etc/openvpn/server.conf`</span> </span></span><span style="display:flex;"><span>port <span style="color:#ae81ff">1194</span> </span></span><span style="display:flex;"><span>proto udp </span></span><span style="display:flex;"><span>dev tun </span></span><span style="display:flex;"><span>ca keys/ca.crt </span></span><span style="display:flex;"><span>cert keys/server.crt </span></span><span style="display:flex;"><span>key keys/server.key <span style="color:#75715e"># This file should be kept secret</span> </span></span><span style="display:flex;"><span>dh keys/dh2048.pem </span></span><span style="display:flex;"><span>server 10.8.0.0 255.255.255.0 // client IP pool </span></span><span style="display:flex;"><span>push <span style="color:#e6db74">&#34;route 192.168.1.0 255.255.255.0&#34;</span> // push route to clients </span></span><span style="display:flex;"><span>push <span style="color:#e6db74">&#34;redirect-gateway&#34;</span> // change client gateway to route VPN traffic </span></span><span style="display:flex;"><span>ifconfig-pool-persist ipp.txt </span></span><span style="display:flex;"><span>keepalive <span style="color:#ae81ff">10</span> <span style="color:#ae81ff">120</span> </span></span><span style="display:flex;"><span>comp-lzo </span></span><span style="display:flex;"><span>persist-key </span></span><span style="display:flex;"><span>persist-tun </span></span><span style="display:flex;"><span>status openvpn-status.log </span></span><span style="display:flex;"><span>verb <span style="color:#ae81ff">3</span> </span></span><span style="display:flex;"><span>plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-ldap.so <span style="color:#e6db74">&#34;/etc/openvpn/auth/ldap.conf&#34;</span> </span></span><span style="display:flex;"><span>client-cert-not-required </span></span><span style="display:flex;"><span>username-as-common-name </span></span><span style="display:flex;"><span>log /var/log/openvpn.log </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Edit openvpn-ldap-auth config: `/etc/openvpn/auth/ldap.conf`</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># /etc/openvpn/auth/ldap.conf</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>&lt;LDAP&gt; </span></span><span style="display:flex;"><span> <span style="color:#75715e"># LDAP server URL</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Change to the AD server IP</span> </span></span><span style="display:flex;"><span> URL ldap://172.16.76.238:389 </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Bind DN (If your LDAP server doesn&#39;t support anonymous binds)</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># BindDN uid=Manager,ou=People,dc=example,dc=com</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Change to the domain admin DN; you can query it with ldapsearch</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Replace the IP in -h with the server IP, -D with the admin DN, -b with the base DN, and * for all</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># ldapsearch -LLL -x -h 172.16.76.238 -D &#34;administrator@xx.com&#34; -W -b &#34;dc=xx,dc=com&#34; &#34;*&#34;</span> </span></span><span style="display:flex;"><span> BindDN <span style="color:#e6db74">&#34;cn=administrator,cn=Users,dc=xx,dc=com&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Bind Password</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Password SecretPassword</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Domain admin password</span> </span></span><span style="display:flex;"><span> Password passwd </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Network timeout (in seconds)</span> </span></span><span style="display:flex;"><span> Timeout <span style="color:#ae81ff">15</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Enable Start TLS</span> </span></span><span style="display:flex;"><span> TLSEnable no </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Follow LDAP Referrals (anonymously)</span> </span></span><span style="display:flex;"><span> FollowReferrals no </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># TLS CA Certificate File</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># TLSCACertFile /usr/local/etc/ssl/ca.pem</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># TLS CA Certificate Directory</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># TLSCACertDir /etc/ssl/certs</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Client Certificate and key</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># If TLS client authentication is required</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># TLSCertFile /usr/local/etc/ssl/client-cert.pem</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># TLSKeyFile /usr/local/etc/ssl/client-key.pem</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Cipher Suite</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># The defaults are usually fine here</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># TLSCipherSuite ALL:!ADH:@STRENGTH</span> </span></span><span style="display:flex;"><span>&lt;/LDAP&gt; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>&lt;Authorization&gt; </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Base DN</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Base DN for auth search</span> </span></span><span style="display:flex;"><span> BaseDN <span style="color:#e6db74">&#34;dc=boqii-inc,dc=com&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># User Search Filter</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># SearchFilter &#34;(&amp;(uid=%u)(accountStatus=active))&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># sAMAccountName=%u uses the sAMAccountName value as the username,</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># and &#34;memberof=CN=myvpn,DC=xx,DC=com&#34; points to the VPN user group to authenticate,</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># so any user can use VPN once they are in this group.</span> </span></span><span style="display:flex;"><span> SearchFilter <span style="color:#e6db74">&#34;(&amp;(sAMAccountName=%u)(memberof=CN=myvpn,DC=boqii-inc,DC=com))&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Require Group Membership</span> </span></span><span style="display:flex;"><span> RequireGroup false </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Add non-group members to a PF table (disabled)</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># PFTable ips_vpn_users</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> &lt;Group&gt; </span></span><span style="display:flex;"><span> <span style="color:#75715e"># BaseDN &#34;ou=Groups,dc=example,dc=com&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># SearchFilter &#34;(|(cn=developers)(cn=artists))&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># MemberAttribute uniqueMember</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Add group members to a PF table (disabled)</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># PFTable ips_vpn_eng</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> BaseDN <span style="color:#e6db74">&#34;ou=vpn,dc=boqii-inc,dc=com&#34;</span> </span></span><span style="display:flex;"><span> SearchFilter <span style="color:#e6db74">&#34;(cn=openvpn)&#34;</span> </span></span><span style="display:flex;"><span> MemberAttribute <span style="color:#e6db74">&#34;member&#34;</span> </span></span><span style="display:flex;"><span> &lt;/Group&gt; </span></span><span style="display:flex;"><span>&lt;/Authorization&gt; </span></span></code></pre></div><p>Copy the <code>ca.crt</code> certificate under <code>/etc/openvpn/key</code> for client use.</p>