# Setup OpenSSH-based sync for AD2 -> NAS transfers # This replaces PuTTY (pscp/plink) with OpenSSH (scp/ssh) $password = ConvertTo-SecureString "Paper123!@#" -AsPlainText -Force $cred = New-Object System.Management.Automation.PSCredential("INTRANET\sysadmin", $password) Write-Host "=== Setting Up OpenSSH Sync (AD2 -> NAS) ===" -ForegroundColor Cyan Write-Host "" Invoke-Command -ComputerName 192.168.0.6 -Credential $cred -ScriptBlock { $NAS_IP = "192.168.0.9" $NAS_USER = "root" $SCRIPTS_DIR = "C:\Shares\test\scripts" $SSH_DIR = "$SCRIPTS_DIR\.ssh" $KNOWN_HOSTS = "$SSH_DIR\known_hosts" Write-Host "[1] Creating SSH directory for sync keys" -ForegroundColor Yellow Write-Host "=" * 80 -ForegroundColor Gray if (-not (Test-Path $SSH_DIR)) { New-Item -ItemType Directory -Path $SSH_DIR -Force | Out-Null Write-Host "[OK] Created: $SSH_DIR" -ForegroundColor Green } else { Write-Host "[OK] Directory exists: $SSH_DIR" -ForegroundColor Green } # Set permissions (only SYSTEM and Administrators) $acl = Get-Acl $SSH_DIR $acl.SetAccessRuleProtection($true, $false) $acl.Access | ForEach-Object { $acl.RemoveAccessRule($_) | Out-Null } # Add SYSTEM $systemRule = New-Object System.Security.AccessControl.FileSystemAccessRule( "SYSTEM", "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow" ) $acl.AddAccessRule($systemRule) # Add Administrators $adminRule = New-Object System.Security.AccessControl.FileSystemAccessRule( "Administrators", "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow" ) $acl.AddAccessRule($adminRule) Set-Acl -Path $SSH_DIR -AclObject $acl Write-Host "[OK] Set secure permissions on SSH directory" -ForegroundColor Green Write-Host "" Write-Host "[2] Generating SSH key for NAS sync (ED25519)" -ForegroundColor Yellow Write-Host "=" * 80 -ForegroundColor Gray $keyPath = "$SSH_DIR\id_ed25519_nas" if (Test-Path $keyPath) { Write-Host "[SKIP] Key already exists: $keyPath" -ForegroundColor Yellow Write-Host " Using existing key" -ForegroundColor Gray } else { # Generate SSH key without passphrase & "C:\Program Files\OpenSSH\ssh-keygen.exe" -t ed25519 -f $keyPath -N '""' -C "AD2-NAS-Sync" if (Test-Path $keyPath) { Write-Host "[OK] Generated SSH key: $keyPath" -ForegroundColor Green } else { Write-Host "[ERROR] Failed to generate SSH key" -ForegroundColor Red return } } # Read public key $pubKey = Get-Content "$keyPath.pub" Write-Host "" Write-Host "Public key to add to NAS:" -ForegroundColor Cyan Write-Host $pubKey -ForegroundColor White Write-Host "" Write-Host "[3] Adding NAS host key to known_hosts" -ForegroundColor Yellow Write-Host "=" * 80 -ForegroundColor Gray # Get NAS host key using ssh-keyscan $nasHostKey = & "C:\Program Files\OpenSSH\ssh-keyscan.exe" -H $NAS_IP 2>$null if ($nasHostKey) { $nasHostKey | Out-File -FilePath $KNOWN_HOSTS -Encoding ASCII -Append Write-Host "[OK] Added NAS host key to known_hosts" -ForegroundColor Green } else { Write-Host "[WARNING] Could not retrieve NAS host key" -ForegroundColor Yellow Write-Host " Will use StrictHostKeyChecking=accept-new" -ForegroundColor Gray } Write-Host "" Write-Host "[4] Testing SSH connection to NAS (with password first)" -ForegroundColor Yellow Write-Host "=" * 80 -ForegroundColor Gray Write-Host "Attempting to copy public key to NAS..." -ForegroundColor White Write-Host "" # Note: We need to manually add the public key to NAS /root/.ssh/authorized_keys Write-Host "[ACTION REQUIRED] Add public key to NAS" -ForegroundColor Yellow Write-Host "=" * 80 -ForegroundColor Gray Write-Host "" Write-Host "Run this on the NAS (192.168.0.9) as root:" -ForegroundColor Cyan Write-Host "" Write-Host "mkdir -p ~/.ssh" -ForegroundColor White Write-Host "chmod 700 ~/.ssh" -ForegroundColor White Write-Host "echo '$pubKey' >> ~/.ssh/authorized_keys" -ForegroundColor White Write-Host "chmod 600 ~/.ssh/authorized_keys" -ForegroundColor White Write-Host "" Write-Host "Or from AD2 (requires NAS password):" -ForegroundColor Cyan Write-Host "ssh root@$NAS_IP 'mkdir -p ~/.ssh && chmod 700 ~/.ssh'" -ForegroundColor White Write-Host "ssh root@$NAS_IP 'echo `"$pubKey`" >> ~/.ssh/authorized_keys'" -ForegroundColor White Write-Host "ssh root@$NAS_IP 'chmod 600 ~/.ssh/authorized_keys'" -ForegroundColor White Write-Host "" Write-Host "[5] Backing up current sync script" -ForegroundColor Yellow Write-Host "=" * 80 -ForegroundColor Gray $scriptPath = "$SCRIPTS_DIR\Sync-FromNAS.ps1" $backupPath = "$SCRIPTS_DIR\Sync-FromNAS.ps1.backup-$(Get-Date -Format 'yyyyMMdd-HHmmss')" if (Test-Path $scriptPath) { Copy-Item -Path $scriptPath -Destination $backupPath -Force Write-Host "[OK] Backup created: $backupPath" -ForegroundColor Green } else { Write-Host "[WARNING] Original script not found: $scriptPath" -ForegroundColor Yellow } Write-Host "" Write-Host "[6] Configuration Summary" -ForegroundColor Yellow Write-Host "=" * 80 -ForegroundColor Gray Write-Host "SSH Directory: $SSH_DIR" -ForegroundColor White Write-Host "Private Key: $keyPath" -ForegroundColor White Write-Host "Public Key: $keyPath.pub" -ForegroundColor White Write-Host "Known Hosts: $KNOWN_HOSTS" -ForegroundColor White Write-Host "NAS IP: $NAS_IP" -ForegroundColor White Write-Host "NAS User: $NAS_USER" -ForegroundColor White Write-Host "" # Return the public key for NAS setup return @{ PublicKey = $pubKey KeyPath = $keyPath KnownHosts = $KNOWN_HOSTS } } Write-Host "" Write-Host "=== Setup Phase 1 Complete ===" -ForegroundColor Cyan Write-Host "" Write-Host "Next steps:" -ForegroundColor Yellow Write-Host "1. Add the public key to NAS (shown above)" -ForegroundColor White Write-Host "2. Test SSH key authentication" -ForegroundColor White Write-Host "3. Update Sync-FromNAS.ps1 to use OpenSSH" -ForegroundColor White Write-Host ""