Mike Swanson
5cbd49ce24
Move 150+ scripts from root and scripts/ into client/project directories: - clients/dataforth/scripts/ (110 files: AD2, sync, SSH, DB, DOS scripts) - clients/bg-builders/scripts/ (14 files: Lesley mgmt, Exchange, termination) - clients/internal-infrastructure/scripts/ (10 files: GDAP, Gitea, backups) - projects/msp-tools/scripts/ (9 files: CIPP, MSP onboarding, Datto) - projects/gururmm-agent/scripts/ (3 files: API test, JWT, record counts) - clients/glaztech/scripts/ (1 file: CentraStage removal) Also reorganized: - VPN scripts → infrastructure/vpn-configs/ - Retrieved API/JS files → api/ - Forum posts → projects/community-forum/forum-posts/ - SSH docs → clients/internal-infrastructure/docs/ - NWTOC/CTONW docs → projects/wrightstown-smarthome/docs/ - ACG website files → projects/internal/acg-website-2025/ - Dataforth docs → clients/dataforth/docs/ - schema-retrieved.sql → docs/database/ Deleted 24 tmp_*.ps1 one-off debug scripts (preserved in git history). Root reduced from 220+ files to 62 items (docs + directories only). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
152 lines
6.2 KiB
PowerShell
152 lines
6.2 KiB
PowerShell
# Setup OpenSSH-based sync for AD2 -> NAS transfers
|
|
# This replaces PuTTY (pscp/plink) with OpenSSH (scp/ssh)
|
|
|
|
$password = ConvertTo-SecureString "Paper123!@#" -AsPlainText -Force
|
|
$cred = New-Object System.Management.Automation.PSCredential("INTRANET\sysadmin", $password)
|
|
|
|
Write-Host "=== Setting Up OpenSSH Sync (AD2 -> NAS) ===" -ForegroundColor Cyan
|
|
Write-Host ""
|
|
|
|
Invoke-Command -ComputerName 192.168.0.6 -Credential $cred -ScriptBlock {
|
|
$NAS_IP = "192.168.0.9"
|
|
$NAS_USER = "root"
|
|
$SCRIPTS_DIR = "C:\Shares\test\scripts"
|
|
$SSH_DIR = "$SCRIPTS_DIR\.ssh"
|
|
$KNOWN_HOSTS = "$SSH_DIR\known_hosts"
|
|
|
|
Write-Host "[1] Creating SSH directory for sync keys" -ForegroundColor Yellow
|
|
Write-Host "=" * 80 -ForegroundColor Gray
|
|
|
|
if (-not (Test-Path $SSH_DIR)) {
|
|
New-Item -ItemType Directory -Path $SSH_DIR -Force | Out-Null
|
|
Write-Host "[OK] Created: $SSH_DIR" -ForegroundColor Green
|
|
} else {
|
|
Write-Host "[OK] Directory exists: $SSH_DIR" -ForegroundColor Green
|
|
}
|
|
|
|
# Set permissions (only SYSTEM and Administrators)
|
|
$acl = Get-Acl $SSH_DIR
|
|
$acl.SetAccessRuleProtection($true, $false)
|
|
$acl.Access | ForEach-Object { $acl.RemoveAccessRule($_) | Out-Null }
|
|
|
|
# Add SYSTEM
|
|
$systemRule = New-Object System.Security.AccessControl.FileSystemAccessRule(
|
|
"SYSTEM", "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow"
|
|
)
|
|
$acl.AddAccessRule($systemRule)
|
|
|
|
# Add Administrators
|
|
$adminRule = New-Object System.Security.AccessControl.FileSystemAccessRule(
|
|
"Administrators", "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow"
|
|
)
|
|
$acl.AddAccessRule($adminRule)
|
|
|
|
Set-Acl -Path $SSH_DIR -AclObject $acl
|
|
Write-Host "[OK] Set secure permissions on SSH directory" -ForegroundColor Green
|
|
Write-Host ""
|
|
|
|
Write-Host "[2] Generating SSH key for NAS sync (ED25519)" -ForegroundColor Yellow
|
|
Write-Host "=" * 80 -ForegroundColor Gray
|
|
|
|
$keyPath = "$SSH_DIR\id_ed25519_nas"
|
|
|
|
if (Test-Path $keyPath) {
|
|
Write-Host "[SKIP] Key already exists: $keyPath" -ForegroundColor Yellow
|
|
Write-Host " Using existing key" -ForegroundColor Gray
|
|
} else {
|
|
# Generate SSH key without passphrase
|
|
& "C:\Program Files\OpenSSH\ssh-keygen.exe" -t ed25519 -f $keyPath -N '""' -C "AD2-NAS-Sync"
|
|
|
|
if (Test-Path $keyPath) {
|
|
Write-Host "[OK] Generated SSH key: $keyPath" -ForegroundColor Green
|
|
} else {
|
|
Write-Host "[ERROR] Failed to generate SSH key" -ForegroundColor Red
|
|
return
|
|
}
|
|
}
|
|
|
|
# Read public key
|
|
$pubKey = Get-Content "$keyPath.pub"
|
|
Write-Host ""
|
|
Write-Host "Public key to add to NAS:" -ForegroundColor Cyan
|
|
Write-Host $pubKey -ForegroundColor White
|
|
Write-Host ""
|
|
|
|
Write-Host "[3] Adding NAS host key to known_hosts" -ForegroundColor Yellow
|
|
Write-Host "=" * 80 -ForegroundColor Gray
|
|
|
|
# Get NAS host key using ssh-keyscan
|
|
$nasHostKey = & "C:\Program Files\OpenSSH\ssh-keyscan.exe" -H $NAS_IP 2>$null
|
|
|
|
if ($nasHostKey) {
|
|
$nasHostKey | Out-File -FilePath $KNOWN_HOSTS -Encoding ASCII -Append
|
|
Write-Host "[OK] Added NAS host key to known_hosts" -ForegroundColor Green
|
|
} else {
|
|
Write-Host "[WARNING] Could not retrieve NAS host key" -ForegroundColor Yellow
|
|
Write-Host " Will use StrictHostKeyChecking=accept-new" -ForegroundColor Gray
|
|
}
|
|
Write-Host ""
|
|
|
|
Write-Host "[4] Testing SSH connection to NAS (with password first)" -ForegroundColor Yellow
|
|
Write-Host "=" * 80 -ForegroundColor Gray
|
|
Write-Host "Attempting to copy public key to NAS..." -ForegroundColor White
|
|
Write-Host ""
|
|
|
|
# Note: We need to manually add the public key to NAS /root/.ssh/authorized_keys
|
|
Write-Host "[ACTION REQUIRED] Add public key to NAS" -ForegroundColor Yellow
|
|
Write-Host "=" * 80 -ForegroundColor Gray
|
|
Write-Host ""
|
|
Write-Host "Run this on the NAS (192.168.0.9) as root:" -ForegroundColor Cyan
|
|
Write-Host ""
|
|
Write-Host "mkdir -p ~/.ssh" -ForegroundColor White
|
|
Write-Host "chmod 700 ~/.ssh" -ForegroundColor White
|
|
Write-Host "echo '$pubKey' >> ~/.ssh/authorized_keys" -ForegroundColor White
|
|
Write-Host "chmod 600 ~/.ssh/authorized_keys" -ForegroundColor White
|
|
Write-Host ""
|
|
Write-Host "Or from AD2 (requires NAS password):" -ForegroundColor Cyan
|
|
Write-Host "ssh root@$NAS_IP 'mkdir -p ~/.ssh && chmod 700 ~/.ssh'" -ForegroundColor White
|
|
Write-Host "ssh root@$NAS_IP 'echo `"$pubKey`" >> ~/.ssh/authorized_keys'" -ForegroundColor White
|
|
Write-Host "ssh root@$NAS_IP 'chmod 600 ~/.ssh/authorized_keys'" -ForegroundColor White
|
|
Write-Host ""
|
|
|
|
Write-Host "[5] Backing up current sync script" -ForegroundColor Yellow
|
|
Write-Host "=" * 80 -ForegroundColor Gray
|
|
|
|
$scriptPath = "$SCRIPTS_DIR\Sync-FromNAS.ps1"
|
|
$backupPath = "$SCRIPTS_DIR\Sync-FromNAS.ps1.backup-$(Get-Date -Format 'yyyyMMdd-HHmmss')"
|
|
|
|
if (Test-Path $scriptPath) {
|
|
Copy-Item -Path $scriptPath -Destination $backupPath -Force
|
|
Write-Host "[OK] Backup created: $backupPath" -ForegroundColor Green
|
|
} else {
|
|
Write-Host "[WARNING] Original script not found: $scriptPath" -ForegroundColor Yellow
|
|
}
|
|
Write-Host ""
|
|
|
|
Write-Host "[6] Configuration Summary" -ForegroundColor Yellow
|
|
Write-Host "=" * 80 -ForegroundColor Gray
|
|
Write-Host "SSH Directory: $SSH_DIR" -ForegroundColor White
|
|
Write-Host "Private Key: $keyPath" -ForegroundColor White
|
|
Write-Host "Public Key: $keyPath.pub" -ForegroundColor White
|
|
Write-Host "Known Hosts: $KNOWN_HOSTS" -ForegroundColor White
|
|
Write-Host "NAS IP: $NAS_IP" -ForegroundColor White
|
|
Write-Host "NAS User: $NAS_USER" -ForegroundColor White
|
|
Write-Host ""
|
|
|
|
# Return the public key for NAS setup
|
|
return @{
|
|
PublicKey = $pubKey
|
|
KeyPath = $keyPath
|
|
KnownHosts = $KNOWN_HOSTS
|
|
}
|
|
}
|
|
|
|
Write-Host ""
|
|
Write-Host "=== Setup Phase 1 Complete ===" -ForegroundColor Cyan
|
|
Write-Host ""
|
|
Write-Host "Next steps:" -ForegroundColor Yellow
|
|
Write-Host "1. Add the public key to NAS (shown above)" -ForegroundColor White
|
|
Write-Host "2. Test SSH key authentication" -ForegroundColor White
|
|
Write-Host "3. Update Sync-FromNAS.ps1 to use OpenSSH" -ForegroundColor White
|
|
Write-Host ""
|