Unveiling The OpenSSH Universal Automated Installer

Unveiling The OpenSSH Universal Automated Installer

Darwin Sanoy's photo
Darwin Sanoy
·

4 min read

Table of contents

You may have heard some of the buzz about the open source project undertaken by the Mirosoft PowerShell team to create a native, standards compliant edition of OpenSSH. I have been working on the installation packaging for the OpenSSH project and I wanted to make sure everyone knew about the universal automated installer available to install it on any version of Windows.

A Chocolatey Genesis

The OpenSSH universal automated installer started life as a Chocolatey package - and indeed the bits are still wrapped in Chocolatey goodness.

What is not commonly known is that the original package has been dramatically enhanced to run in any installation scenario - including ones that do not involve the Chocolatey client. It also runs in minimalized environments such as Nano and Windows containers.

Chocolatey Value-Add

While the underlying bits can run in many installation scenarios, Chocolatey provides a rich and flexible package management experience for OSes that support it. It does not require PowerShell 5 (PackageManagement) and it easily works back to Windows 7. Unlike Window’s PackageManagement, the native Chocolatey client also works in shells besides PowerShell (CMD, Python, Ruby, etc). The Chocolate.org repository also provides global distribution of the files.

Package Support Details

Tested On

  • Nano RTM (PSH 5 & PackageManagement & no 32-bit)
  • Server 2012 R2 (PSH 4)
  • Windows 10 Anniversary (PSH 5, Chocolatey)
  • Windows 7 x64 (PSH 2, Chocolatey)

NO RESTRICTIONS, ENHANCED FUNCTIONALITY

Other installation methods may require one or more of the following that are NOT required for this universal installer

  • NOT REQUIRED: 32-bit Subsystem (WOW64) - some installers utilize 32-bit utilities like psexec.exe or ntrights.exe
  • NOT REQUIRED: Full .NET - some installers use CMDLets beyond those in .NET Core
  • NOT REQUIRED: Internet Access - some installers source everything from public repositories - download everything you need to on-premises.
  • NOT REQUIRED: PowerShell Newer Than Version 2.0 - some installers use CMDlets in newer versions or using syntax that only works in 3.0 or later.
  • NOT REQUIRED: Manual Fussing for Upgrades - most installers presume a first time install on a clean system - this universal installer knows when it is doing an upgrade.
  • NOT REQUIRED: Chocolatey Itself - for scenarios where it cannot or should not be installed.
  • NOT REQUIRED: PSH 5 PackageManagement - for scenarios where PSH 5 is not currently installed.
  • ENABLED: Docker - Docker is supported and Dockerfiles are provided in this repo.
  • ENABLED: Detects OS bitness (32 or 64) and installs appropriate version.
  • ENABLED: Uninstaller - cleanly uninstalls.
  • ENABLED: Checks for Port Conflicts
  • ENABLED: Advanced Configuration Switches - allows changing the SSHD port, installing only client tools, changing the logging level, overwriting SSH_CONF to reset configuration.

Supported Install Scenarios

  1. Source files are internal - making it easier to curate the package into your own private repository and to use offline.
  2. It can be used to install on machines that do not (or cannot) have Chocolatey (Nano) nor WOW64 (ServerCore w/out WOW64 installed) - see the instructions later in this document.
  3. It can be used to install when target machine being built has no internet access.
  4. The scripts included can install Chocolatey in-line and then install this openssh all in one command line - see later in this document.
  5. It can be used to install SSH under docker.

Under the Covers: How Non-Chocolatey Install Scenarios Supported

Here are some of the design points of how the Non-Chocolatey install scenarios are supported by this installer:

  • All files needed for install, including the original OpenSSH files are included in the package - as long as this archive can be sourced and extracted it can be installed on that platform.
  • .nupkg files are really just .zip files - rename them to .zip and any unzipper can be used to extract the files.
  • ChocolateyInstall.ps1 detects whether it is actually running under Chocolatey or not and does not run chocolatey specific APIs when it is not.
  • BarebonesInstaller.ps1 provides a non-chocolatey kicker - it takes regular PowerShell parameters whose names equate to the variables that Chocolatey parameters are normally set to - by doing this it provides a pure PowerShell way to deliver the parameters into a ChocolateyInstall.ps1
  • On Nano (and any OS with PSH 5), the NuGet provider of PackageManagement can be used to download and extract the .nupkg from Chocolatey.org. This is necessary because PackageManagement providers normally have their own implementations for processing packages and therefore do not usually reuse existing code bases such as the regular Chocolatey client available from Chocolatey.org. In light of the need to constantly be maintaining an duplicate implementation from the regular Chocolatey Client code, the ChocolateyProvider has not been thriving after Microsoft turned it over to the open source community for ongoing development.

How Tos For Using The Universal OpenSSH Installer

For details on the commands to use for various installation scenarios, please see: https://gitlab.com/DarwinJS/ChocoPackages/-/blob/master/openssh/readme.md

PowershellautomationcodeDeep Dive