From 24c6706ab2f87954eba46a748dd320ea16200b9e Mon Sep 17 00:00:00 2001
From: Gabi <218829269+GabiNun2@users.noreply.github.com>
Date: Fri, 27 Mar 2026 16:26:36 +0300
Subject: [PATCH] Update Invoke-WinUtilSSHServer.ps1 (#4254)

* Update Invoke-WinUtilSSHServer.ps1

* fix: correct ssh-agent restart, use USERPROFILE path, add sshd_config idempotency check

* Cleanup for Invoke-WinUtilSSHServer.ps1

* Update Invoke-WinUtilSSHServer.ps1

* Merge branch 'ChrisTitusTech:main' into patch-2

* Update Invoke-WinUtilSSHServer.ps1

* Update Invoke-WinUtilSSHServer.ps1

* Merge branch 'main' into patch-2

* Update Invoke-WinUtilSSHServer.ps1

* typo
---
 functions/private/Invoke-WinUtilSSHServer.ps1 | 75 +++++++------------
 1 file changed, 27 insertions(+), 48 deletions(-)

diff --git a/functions/private/Invoke-WinUtilSSHServer.ps1 b/functions/private/Invoke-WinUtilSSHServer.ps1
index d29682e5..08903f6c 100644
--- a/functions/private/Invoke-WinUtilSSHServer.ps1
+++ b/functions/private/Invoke-WinUtilSSHServer.ps1
@@ -4,63 +4,29 @@ function Invoke-WinUtilSSHServer {
         Enables OpenSSH server to remote into your windows device
     #>
 
-    # Get the latest version of OpenSSH Server
-    $FeatureName = Get-WindowsCapability -Online | Where-Object { $_.Name -like "OpenSSH.Server*" }
-
     # Install the OpenSSH Server feature if not already installed
-    if ($FeatureName.State -ne "Installed") {
-        Write-Host "Enabling OpenSSH Server..."
-        Add-WindowsCapability -Online -Name $FeatureName.Name
+    if ((Get-WindowsCapability -Name OpenSSH.Server -Online).State -ne "Installed") {
+        Write-Host "Enabling OpenSSH Server... This will take a long time"
+        Add-WindowsCapability -Name OpenSSH.Server -Online
     }
 
-    # Sets up the OpenSSH Server service
-    Write-Host "Starting the services..."
-    Start-Service -Name sshd
+    Write-Host "Starting the services"
+
     Set-Service -Name sshd -StartupType Automatic
+    Start-Service -Name sshd
 
-    # Sets up the ssh-agent service
-    Start-Service 'ssh-agent'
-    Set-Service -Name 'ssh-agent' -StartupType 'Automatic'
-
-    # Confirm the required services are running
-    $SSHDaemonService = Get-Service -Name sshd
-    $SSHAgentService = Get-Service -Name 'ssh-agent'
-
-    if ($SSHDaemonService.Status -eq 'Running') {
-        Write-Host "OpenSSH Server is running."
-    } else {
-        try {
-            Write-Host "OpenSSH Server is not running. Attempting to restart..."
-            Restart-Service -Name sshd -Force
-            Write-Host "OpenSSH Server has been restarted successfully."
-        } catch {
-            Write-Host "Failed to restart OpenSSH Server: $_"
-        }
-    }
-    if ($SSHAgentService.Status -eq 'Running') {
-        Write-Host "ssh-agent is running."
-    } else {
-        try {
-            Write-Host "ssh-agent is not running. Attempting to restart..."
-            Restart-Service -Name sshd -Force
-            Write-Host "ssh-agent has been restarted successfully."
-        } catch {
-            Write-Host "Failed to restart ssh-agent : $_"
-        }
-    }
+    Set-Service -Name ssh-agent -StartupType Automatic
+    Start-Service -Name ssh-agent
 
     #Adding Firewall rule for port 22
-    Write-Host "Setting up firewall rules..."
-    $firewallRule = (Get-NetFirewallRule -Name 'sshd').Enabled
-    if ($firewallRule) {
-        Write-Host "Firewall rule for OpenSSH Server (sshd) already exists."
-    } else {
+    Write-Host "Setting up firewall rules"
+    if (-not ((Get-NetFirewallRule -Name 'sshd').Enabled)) {
         New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
         Write-Host "Firewall rule for OpenSSH Server created and enabled."
     }
 
     # Check for the authorized_keys file
-    $sshFolderPath = "$env:HOMEDRIVE\$env:HOMEPATH\.ssh"
+    $sshFolderPath = "$Home\.ssh"
     $authorizedKeysPath = "$sshFolderPath\authorized_keys"
 
     if (-not (Test-Path -Path $sshFolderPath)) {
@@ -72,10 +38,23 @@ function Invoke-WinUtilSSHServer {
         Write-Host "Creating authorized_keys file..."
         New-Item -Path $authorizedKeysPath -ItemType File -Force
         Write-Host "authorized_keys file created at $authorizedKeysPath."
-    } else {
-        Write-Host "authorized_keys file already exists at $authorizedKeysPath."
     }
+
+    Write-Host "Configuring sshd_config for standard authorized_keys behavior..."
+    $sshdConfigPath = "C:\ProgramData\ssh\sshd_config"
+
+    $configContent = Get-Content -Path $sshdConfigPath -Raw
+
+    $updatedContent = $configContent -replace '(?m)^(Match Group administrators)$', '# $1'
+    $updatedContent = $updatedContent -replace '(?m)^(\s+AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys)$', '# $1'
+
+    if ($updatedContent -ne $configContent) {
+        Set-Content -Path $sshdConfigPath -Value $updatedContent -Force
+        Write-Host "Commented out administrator-specific SSH key configuration in sshd_config"
+        Restart-Service -Name sshd -Force
+    }
+
     Write-Host "OpenSSH server was successfully enabled."
-    Write-Host "The config file can be located at C:\ProgramData\ssh\sshd_config "
+    Write-Host "The config file can be located at C:\ProgramData\ssh\sshd_config"
     Write-Host "Add your public keys to this file -> $authorizedKeysPath"
 }