Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <#
- Script to create SFTP account to Bitvise WinSSHD
- #>
- # stop if any error occurs
- $ErrorActionPreference = "Stop"
- # Check for WinRM
- Try {
- Test-WSMan
- }
- # WinRM not running, lets fix it:
- Catch {
- Write-Verbose "WinRM is not running, trying to start it"
- $command = "sc.exe \\$env:COMPUTERNAME config WinRM start= delayed-auto"
- $Output = Invoke-Expression -Command $Command -ErrorAction Stop
- if($LASTEXITCODE -ne 0){
- Write-Error "Failed to set WinRM to delayed start: $Output"
- }
- else {
- Write-Verbose "Successfully changed WinRM service to delayed start"
- Write-Verbose "Starting WinRM"
- Start-Service WinRM
- Write-Verbose "Adding server to TrustedHosts"
- $command = "winrm set winrm/config/client `'@{TrustedHosts=`"BITVISE_SERVER_ADDRESS`"}`'"
- Write-Verbose $command
- $Output = Invoke-Expression -Command $Command -ErrorAction Stop
- if($LASTEXITCODE -ne 0){
- Write-Error "Failed to trust server: $Output"
- }
- else {
- Write-Verbose "Succesfully added server to WinRM TrustedHosts"
- }
- }
- }
- Function GET-Temppassword() {
- Param(
- [int]$length=10
- )
- $alphabet=$NULL;For ($a=65;$a –le 90;$a++) {$alphabet+=,[char][byte]$a }
- For ($loop=1; $loop –le $length; $loop++) {
- $TempPassword+=($alphabet | GET-RANDOM)
- }
- return $TempPassword
- }
- $username = "YOUR_BITVISE_HOST_USERNAME"
- $secpasswd = ConvertTo-SecureString "YOUR_BITVISE_HOST_PASSWORD" -AsPlainText -Force
- $Cred = New-Object System.Management.Automation.PSCredential ($username, $secpasswd)
- $computername = "YOUR_BITVISE_HOST"
- # show verbose messages
- $VerbosePreference = "Continue"
- # ask username
- $username = Read-Host 'SFTP Username '
- # Remove sftp_ prefix, it will be added later
- if($username -like "sftp_*") {
- $username = $username.Substring(5)
- }
- # generate password 8 chars long
- $password = GET-Temppassword -length 8
- Write-Verbose "USERNAME: sftp_$username"
- Write-Verbose "PASSWORD: $password"
- $choice = ""
- while ($choice -notmatch "[y|n]"){
- $choice = read-host "Continue? (Y/N)"
- }
- if ($choice -eq "n"){
- Exit
- }
- Invoke-Command -ComputerName $computername -Credential $Cred -ArgumentList $username,$password -ScriptBlock {
- try {
- $cfg = New-Object -ComObject BssCfg645.BssCfg645
- }
- Catch {
- Write-Error "Failed to load COM objects, Check WinsshdCfgManip.idl for version"
- }
- try {
- # Lock settings so there wont be concurrency
- $cfg.LockServerSettings()
- # Load current settings to memory
- $cfg.LoadServerSettings()
- # Insert account
- $cfg.ProcessInstruction("access.virtAccounts.New.virtAccount " + '"sftp_' + $args[0] + '"')
- $cfg.ProcessInstruction("access.virtAccounts.New.virtPassword.Set " + '"' + $args[1] + '"')
- $cfg.ProcessInstruction("access.virtAccounts.New.group " + '"Virtual Users"')
- $cfg.ProcessInstruction("access.virtAccounts.New.loginAllowed " + 'yes')
- $cfg.ProcessInstruction("access.virtAccounts.New.auth.passwordAuth " + 'required')
- $cfg.ProcessInstruction("access.virtAccounts.New.permitRemoteAdmin " + 'no')
- $cfg.ProcessInstruction("access.virtAccounts.New.session.mapRemoteHomeDir " + 'yes')
- $cfg.ProcessInstruction("access.virtAccounts.New.term.shellCustom.permitTerminalShell " + 'no')
- $cfg.ProcessInstruction("access.virtAccounts.New.term.shellCustom.permitExecRequests " + 'no')
- $cfg.ProcessInstruction("access.virtAccounts.New.xfer.permitSftp " + 'yes')
- #deprecated
- #$cfg.ProcessInstruction("access.virtAccounts.New.sfsMap.useDefaultSfsMap " + 'false')
- # Insert "Virtual mount point"
- $cfg.ProcessInstruction("access.virtAccounts.New.xfer.mountPoints.CreateNewWithId " + '1')
- $cfg.ProcessInstruction("access.virtAccounts.New.xfer.mountPoints.New.sfsMountPath " + '"/"')
- $cfg.ProcessInstruction("access.virtAccounts.New.xfer.mountPoints.New.realRootPath " + '"D:\\data\\sftp\\sftp_'+$args[0]+'"')
- $cfg.ProcessInstruction("access.virtAccounts.New.xfer.mountPoints.New.providerDll " + '"FlowSfsWin"')
- $cfg.ProcessInstruction("access.virtAccounts.New.xfer.mountPoints.NewCommit")
- $cfg.ProcessInstruction("access.virtAccounts.NewCommit")
- # save settings
- $cfg.SaveServerSettings()
- # unlock settings
- $cfg.UnlockServerSettings()
- }
- Catch {
- Write-Error "Script failed" $_.Exception.Message
- }
- # Lets unlock settings so it wont stay locked forever
- finally {
- $cfg.UnlockServerSettings();
- }
- }
- Write-Verbose "SFTP account has been created"
- Write-Verbose "Creating directory: d:\data\sftp\sftp_$username"
- Invoke-Command -ComputerName $computername -Credential $Cred -ScriptBlock {
- new-item ("d:\data\sftp\sftp_" + $args[0]) -itemtype directory
- } -ArgumentList $username | Out-Null
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement