DEV Community: Jung Hyun, Nam The latest articles on DEV Community by Jung Hyun, Nam (@rkttu). https://dev.to/rkttu https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F82693%2F3066a6a6-2539-48a5-8e61-d698a22dcd9b.png DEV Community: Jung Hyun, Nam https://dev.to/rkttu en What if calling Python from C# took 4 lines, supported Native AOT, and didn't need a project file? Just shipped DotNetPy v0.5.0 β€” a lightweight Python interop library built for modern .NET. πŸ“¦ https://github.com/rkttu/dotnetpy Jung Hyun, Nam Thu, 19 Mar 2026 07:01:43 +0000 https://dev.to/rkttu/what-if-calling-python-from-c-took-4-lines-supported-native-aot-and-didnt-need-a-project-file-2na8 https://dev.to/rkttu/what-if-calling-python-from-c-took-4-lines-supported-native-aot-and-didnt-need-a-project-file-2na8 <p> </p> <div class="crayons-card c-embed text-styles text-styles--secondary"> <div class="c-embed__content"> <div class="c-embed__cover"> <a href="https://github.com/rkttu/dotnetpy" class="c-link align-middle" rel="noopener noreferrer"> <img alt="" src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fopengraph.githubassets.com%2F8183b55a473a9623ab32eb873c567ed15707eccedda7a45a17991db1559feeb7%2Frkttu%2Fdotnetpy" height="auto" class="m-0"> </a> </div> <div class="c-embed__body"> <h2 class="fs-xl lh-tight"> <a href="https://github.com/rkttu/dotnetpy" rel="noopener noreferrer" class="c-link"> GitHub - rkttu/dotnetpy: Lightweight and AOT-compatible Python Interop Library Β· GitHub </a> </h2> <p class="truncate-at-3"> Lightweight and AOT-compatible Python Interop Library - rkttu/dotnetpy </p> <div class="color-secondary fs-s flex items-center"> <img alt="favicon" class="c-embed__favicon m-0 mr-2 radius-0" src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.githubassets.com%2Ffavicons%2Ffavicon.svg"> github.com </div> </div> </div> </div> csharp dotnet python showdev Introducing DotNetPy: Python Interop for Modern .NET, Reimagined Jung Hyun, Nam Thu, 19 Mar 2026 06:58:50 +0000 https://dev.to/rkttu/introducing-dotnetpy-python-interop-for-modern-net-reimagined-32gi https://dev.to/rkttu/introducing-dotnetpy-python-interop-for-modern-net-reimagined-32gi <h2> The Problem </h2> <p>.NET and Python are two of the most widely used platforms in enterprise software today, yet bringing them together has always been painful. Existing interop libraries either require heavy runtime dependencies, lack support for modern .NET features like Native AOT, or demand complex project configurations with Source Generators.</p> <p>If you've ever wanted to leverage Python's rich data science and ML ecosystem from a C# application β€” without leaving your .NET toolchain β€” you know the friction.</p> <p><strong>DotNetPy</strong> is my answer to that problem. Version 0.5.0 is now available on NuGet.</p> <h2> What Is DotNetPy? </h2> <p>DotNetPy (pronounced <em>dot-net-pie</em>) is a .NET library for executing Python code directly from C#. It wraps the Python C API behind a clean, minimal interface.</p> <p>Here's the entire "hello world":<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="kt">var</span> <span class="n">executor</span> <span class="p">=</span> <span class="n">Python</span><span class="p">.</span><span class="nf">GetInstance</span><span class="p">();</span> <span class="kt">var</span> <span class="n">temperatures</span> <span class="p">=</span> <span class="k">new</span><span class="p">[]</span> <span class="p">{</span> <span class="m">23.5</span><span class="p">,</span> <span class="m">19.2</span><span class="p">,</span> <span class="m">31.8</span><span class="p">,</span> <span class="m">27.4</span><span class="p">,</span> <span class="m">22.1</span> <span class="p">};</span> <span class="k">using</span> <span class="nn">var</span> <span class="n">result</span> <span class="p">=</span> <span class="n">executor</span><span class="p">.</span><span class="nf">ExecuteAndCapture</span><span class="p">(</span><span class="s">@" import statistics result = {'mean': statistics.mean(data), 'stdev': statistics.stdev(data)} "</span><span class="p">,</span> <span class="k">new</span> <span class="n">Dictionary</span><span class="p">&lt;</span><span class="kt">string</span><span class="p">,</span> <span class="kt">object</span><span class="p">?&gt;</span> <span class="p">{</span> <span class="p">{</span> <span class="s">"data"</span><span class="p">,</span> <span class="n">temperatures</span> <span class="p">}</span> <span class="p">});</span> <span class="n">Console</span><span class="p">.</span><span class="nf">WriteLine</span><span class="p">(</span><span class="s">$"Mean: </span><span class="p">{</span><span class="n">result</span><span class="p">?.</span><span class="nf">GetDouble</span><span class="p">(</span><span class="s">"mean"</span><span class="p">):</span><span class="n">F1</span><span class="p">}</span><span class="s">Β°C Β± </span><span class="p">{</span><span class="n">result</span><span class="p">?.</span><span class="nf">GetDouble</span><span class="p">(</span><span class="s">"stdev"</span><span class="p">):</span><span class="n">F1</span><span class="p">}</span><span class="s">"</span><span class="p">);</span> </code></pre> </div> <p>No separate <code>.py</code> files. No Source Generators. No complex setup.</p> <h2> Why Another Interop Library? </h2> <p>There are established options β€” pythonnet, CSnakes, IronPython. Each has strengths, but none was designed for where .NET is heading in 2025 and beyond. DotNetPy fills that gap with three design pillars:</p> <h3> 1. Native AOT Support </h3> <p>DotNetPy is the <strong>only</strong> .NET-Python interop library that works with <code>PublishAot=true</code>. If you're building self-contained, ahead-of-time compiled applications, DotNetPy won't hold you back. Neither pythonnet nor CSnakes support this today.</p> <h3> 2. File-based App Ready (.NET 10+) </h3> <p>.NET 10 introduces file-based apps β€” run a single <code>.cs</code> file with <code>dotnet run script.cs</code>, no project file required. DotNetPy is designed to work in this scenario from day one.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># No csproj needed</span> dotnet run my-analysis.cs </code></pre> </div> <p>This makes it ideal for scripting, prototyping, and lightweight automation tasks where spinning up a full project is overkill.</p> <h3> 3. Declarative uv Integration </h3> <p>Managing Python environments from .NET has always been a manual, error-prone process. DotNetPy integrates with <a href="https://github.com/astral-sh/uv" rel="noopener noreferrer">uv</a>, the fast Python package manager, so you can declare your entire Python environment in C#:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">using</span> <span class="nn">var</span> <span class="n">project</span> <span class="p">=</span> <span class="n">PythonProject</span><span class="p">.</span><span class="nf">CreateBuilder</span><span class="p">()</span> <span class="p">.</span><span class="nf">WithProjectName</span><span class="p">(</span><span class="s">"my-analysis"</span><span class="p">)</span> <span class="p">.</span><span class="nf">WithPythonVersion</span><span class="p">(</span><span class="s">"&gt;=3.10"</span><span class="p">)</span> <span class="p">.</span><span class="nf">AddDependencies</span><span class="p">(</span><span class="s">"numpy&gt;=1.24.0"</span><span class="p">,</span> <span class="s">"pandas&gt;=2.0.0"</span><span class="p">)</span> <span class="p">.</span><span class="nf">Build</span><span class="p">();</span> <span class="k">await</span> <span class="n">project</span><span class="p">.</span><span class="nf">InitializeAsync</span><span class="p">();</span> <span class="c1">// Downloads Python, creates venv, installs packages</span> <span class="kt">var</span> <span class="n">executor</span> <span class="p">=</span> <span class="n">project</span><span class="p">.</span><span class="nf">GetExecutor</span><span class="p">();</span> <span class="n">executor</span><span class="p">.</span><span class="nf">Execute</span><span class="p">(</span><span class="s">"import numpy as np; print(np.mean([1,2,3]))"</span><span class="p">);</span> </code></pre> </div> <p>One call to <code>InitializeAsync()</code> handles Python download, virtual environment creation, and dependency installation. No more "works on my machine" issues.</p> <h2> How Does It Compare? </h2> <p>Here's a quick comparison with the existing ecosystem:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th></th> <th><strong>DotNetPy</strong></th> <th><strong>pythonnet</strong></th> <th><strong>CSnakes</strong></th> <th><strong>IronPython</strong></th> </tr> </thead> <tbody> <tr> <td>Native AOT</td> <td>βœ…</td> <td>❌</td> <td>❌</td> <td>❌</td> </tr> <tr> <td>File-based Apps</td> <td>βœ…</td> <td>❌</td> <td>❌</td> <td>❌</td> </tr> <tr> <td>Source Generator Required</td> <td>No</td> <td>No</td> <td>Yes</td> <td>No</td> </tr> <tr> <td>uv Integration</td> <td>Built-in</td> <td>None</td> <td>Supported</td> <td>None</td> </tr> <tr> <td>Bidirectional Calls</td> <td>C#β†’Py</td> <td>C#↔Py</td> <td>C#β†’Py</td> <td>C#↔Py</td> </tr> <tr> <td>Learning Curve</td> <td>Very Low</td> <td>Medium</td> <td>High</td> <td>Low</td> </tr> </tbody> </table></div> <p>DotNetPy deliberately focuses on the <strong>C# β†’ Python</strong> direction. If you need Python calling back into .NET objects, pythonnet remains the right choice. DotNetPy is for scenarios where .NET is the host and Python is the tool.</p> <h2> Built-in Security </h2> <p>Executing dynamic code always carries risk. DotNetPy ships with a <strong>Roslyn analyzer</strong> that detects potential code injection at compile time.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// ❌ The analyzer flags this β€” user input as code</span> <span class="n">executor</span><span class="p">.</span><span class="nf">Execute</span><span class="p">(</span><span class="n">userInput</span><span class="p">);</span> <span class="c1">// βœ… Safe β€” user data passed as variables</span> <span class="n">executor</span><span class="p">.</span><span class="nf">Execute</span><span class="p">(</span> <span class="s">"result = sum(numbers)"</span><span class="p">,</span> <span class="k">new</span> <span class="n">Dictionary</span><span class="p">&lt;</span><span class="kt">string</span><span class="p">,</span> <span class="kt">object</span><span class="p">?&gt;</span> <span class="p">{</span> <span class="p">{</span> <span class="s">"numbers"</span><span class="p">,</span> <span class="n">userNumbers</span> <span class="p">}</span> <span class="p">}</span> <span class="p">);</span> </code></pre> </div> <p>This is a deliberate design choice: make the safe path easy and the dangerous path visible.</p> <h2> Features at a Glance </h2> <ul> <li> <strong>Automatic Python Discovery</strong> β€” cross-platform detection of installed Python distributions</li> <li> <strong>Data Marshaling</strong> β€” pass .NET arrays, dictionaries, and primitives to Python and back</li> <li> <strong>Variable Management</strong> β€” capture, check, delete, and clear Python variables from C#</li> <li> <strong>Free-threaded Python Support</strong> β€” detects Python 3.13+ builds with <code>--disable-gil</code> </li> <li> <strong>Thread Safety</strong> β€” automatic GIL management for safe concurrent access</li> </ul> <h2> Getting Started </h2> <p>Install from NuGet:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>dotnet add package DotNetPy <span class="nt">--version</span> 0.5.0 </code></pre> </div> <p>Initialize and run:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">using</span> <span class="nn">DotNetPy</span><span class="p">;</span> <span class="n">Python</span><span class="p">.</span><span class="nf">Initialize</span><span class="p">(</span><span class="s">"/path/to/python313.dll"</span><span class="p">);</span> <span class="kt">var</span> <span class="n">executor</span> <span class="p">=</span> <span class="n">Python</span><span class="p">.</span><span class="nf">GetInstance</span><span class="p">();</span> <span class="kt">var</span> <span class="n">sum</span> <span class="p">=</span> <span class="n">executor</span><span class="p">.</span><span class="nf">Evaluate</span><span class="p">(</span><span class="s">"sum([1,2,3,4,5])"</span><span class="p">)?.</span><span class="nf">GetInt32</span><span class="p">();</span> <span class="n">Console</span><span class="p">.</span><span class="nf">WriteLine</span><span class="p">(</span><span class="n">sum</span><span class="p">);</span> <span class="c1">// 15</span> </code></pre> </div> <p>Or let DotNetPy find Python automatically:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="n">Python</span><span class="p">.</span><span class="nf">Initialize</span><span class="p">(</span><span class="n">PythonDiscovery</span><span class="p">.</span><span class="nf">FindPython</span><span class="p">());</span> </code></pre> </div> <h2> Use Cases I'm Targeting </h2> <ul> <li> <strong>AI/ML integration</strong>: Call scikit-learn, PyTorch, or Hugging Face models from a .NET service</li> <li> <strong>Data analysis scripts</strong>: Run pandas/numpy workloads inline without a separate Python service</li> <li> <strong>Automation &amp; scripting</strong>: Use <code>.NET 10</code> file-based apps as Python-capable scripts</li> <li> <strong>Legacy modernization</strong>: Gradually introduce Python capabilities into existing .NET applications</li> </ul> <h2> What's Next </h2> <p>The roadmap includes embeddable Python support on Windows (for simplified deployment) and specialized optimizations for AI and data science workflows. This is v0.5.0 β€” the API is stabilizing, and feedback at this stage is especially valuable.</p> <h2> Links </h2> <ul> <li> <strong>GitHub</strong>: <a href="https://github.com/rkttu/dotnetpy" rel="noopener noreferrer">github.com/rkttu/dotnetpy</a> </li> <li> <strong>NuGet</strong>: <a href="https://www.nuget.org/packages/DotNetPy" rel="noopener noreferrer">DotNetPy 0.5.0</a> </li> <li> <strong>Docs</strong>: <a href="https://github.com/rkttu/dotnetpy/blob/main/docs/USAGE.md" rel="noopener noreferrer">Usage Examples</a> Β· <a href="https://github.com/rkttu/dotnetpy/blob/main/docs/SECURITY.md" rel="noopener noreferrer">Security Guide</a> Β· <a href="https://github.com/rkttu/dotnetpy/blob/main/docs/COMPARISON.md" rel="noopener noreferrer">Comparison</a> </li> <li> <strong>License</strong>: Apache 2.0</li> </ul> <p>If you're a .NET developer who's been eyeing Python's ecosystem, give DotNetPy a try. Issues, stars, and feedback are all welcome.</p> dotnet python csharp opensource Make Your WSL Environment Programmable Jung Hyun, Nam Sat, 10 Jul 2021 16:48:28 +0000 https://dev.to/rkttu/make-your-wsl-environment-programmable-fi5 https://dev.to/rkttu/make-your-wsl-environment-programmable-fi5 <p>Original Post: <a href="https://cloudeveloper.net/make-your-wsl-environment-programmable-72be5907d1ff" rel="noopener noreferrer">https://cloudeveloper.net/make-your-wsl-environment-programmable-72be5907d1ff</a></p> <p>I have been fascinated by WSL architecture since its debut. It has the elegant and beautiful architecture to achieve interoperability between Windows and the Linux world. Eventually, I dive into the WSL Win32 APIs, its registry model, and internal too.</p> <p>But there was only slight WSL API documentation and sample. Later, I realized that Microsoft does not intend to use the WSL API for general purposes but WSL distribution developers. Also, the CLI tool known as WSL.exe and distro launchers is moving parts (because each Windows 10 major release has different features, command-line options). So these situations make it hard to automate the WSL environment.</p> <p>After many trials and errors, I developed a small but effective automation tool called WSL SDK. This tool is an out-of-process style COM server so that you can access the SDK with any COM-supported language.<br> In this article, I want to share the walkthrough of the WSL SDK to overcome the difficulties of using official Win32 WSL APIs.</p> <h2> Hidden treasures ofΒ WSL </h2> <p>If you are interested in the WSL APIs, you might get a hint about the API. For example, the API WslLaunch returns an HRESULT code. A WSL-related COM interface is in its internal composition known as LxssUserSession, and this API wraps around the COM object.</p> <p>Sadly, the internal COM object was completely hiding by Microsoft, and it looks like it was pretty intended. I guess that there are reasonable decisions about this direction. However, its internal COM object also does not have documentation well.</p> <h2> Unkindness of the WSLΒ APIs </h2> <p>Because of that, there is well-known and by-design behavior about the WSL APIs. If you call the WSL APIs with P/Invoke via PowerShell, LINQPad, or any COM-enabled environment, you cannot reach any WSL APIs. Many enthusiasts tried the APIs, but there is no luck.<br> And why is that? Those environments I mentioned already initiated with another CoInitializeSecurity call. Sadly, WSL APIs require a particular initialization parameter. And the CoInitializeSecurity called in somewhere; you can never invoke the CoInitializeSecurity again. To overcome this issue, inevitably, I should choose the out-of-process model.<br> Excavating the oldΒ samples<br> However, the out-of-process model makes cumbersome steps to use the API. You should check the existence of the process. You will have to define how to communicate with the external process such as pipe, internal networking, or any marshaling protocols. Moreover, this approach makes it hard to extend and maintain the API calls and functionalities.</p> <p>I stuck at this point so a long time. But, thanks to the old project named All-In-One Code Framework developed by Microsoft, I found a beautiful solution. Yes. The out-of-process COM server model! So I adapted the sample out-of-process COM server code, and it works like a charm.</p> <h2> Under theΒ hood </h2> <p>When the client application requests a WSL SDK service object via COM API, Windows automatically launches the executable file to obtain an appropriate object reference. Then, wrap it with a proxy interface, and the client application retrieves that reference. For better understanding, please look at the below picture.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fn1f6i983t1khey4btuza.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fn1f6i983t1khey4btuza.jpg" alt="Excerpted from http://docwiki.embarcadero.com/RADStudio/Sydney/en/In-process,_Out-of-process,_and_Remote_Servers" width="412" height="264"></a></p> <p>Justly, WSL SDK executable file invokes CoInitializeAPI with a correct parameter to communicate with WSL APIs. Then start a message pump to handle external RPC requests and any Windows GUI-related requests. When an object reference is requested, its reference count will increase or decrease. Then the count reaches zero; the executable process will shut down. And again, another request arrived, the same round will occur again until unregistering the COM information from the registry.</p> <p>So the WSL SDK decouples the COM security model between the application's one and WSL's requirement. And process lifecycle management handled by the operating system's infrastructure and a reference count mechanism. Every WSL SDK client does not need to care about any details. They request a WSL SDK interface as usual, and all things are going well.</p> <h2> Comparing direct P/Invoke to the WSL API and using WSLΒ SDK </h2> <p>I will show a simple demonstration.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fl6c4i8uesu1m50enuiz8.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fl6c4i8uesu1m50enuiz8.png" alt="Comparing direct P/Invoke to the WSL API and using WSL SDK" width="800" height="477"></a></p> <p>A PowerShell sample code looks like below. I excerpted a sample code from the GitHub issue WSL API does not work in PowerShell Β· Issue #4058 Β· microsoft/WSL (github.com).<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="c"># Excerpted from https://github.com/microsoft/WSL/issues/4058</span><span class="w"> </span><span class="n">Write-Host</span><span class="w"> </span><span class="s1">'Calling WslIsDistributionRegistered directrly (Ubuntu-20.04):'</span><span class="w"> </span><span class="n">Add-Type</span><span class="w"> </span><span class="nt">-TypeDefinition</span><span class="w"> </span><span class="sh">@' using System.Runtime.InteropServices; public class wslutil { [DllImport("wslapi.dll", CharSet = CharSet.Unicode)] public static extern uint WslIsDistributionRegistered([In, MarshalAs(UnmanagedType.LPWStr)] string distributionName); public static void Main(string[] args) { System.Console.WriteLine(WslIsDistributionRegistered("Ubuntu-20.04")); } } '@</span><span class="w"> </span><span class="p">[</span><span class="n">wslutil</span><span class="p">]::</span><span class="n">Main</span><span class="p">({})</span><span class="w"> </span><span class="n">Write-Host</span><span class="w"> </span></code></pre> </div> <p>The PowerShell code references a C-function from the WSLAPI.dll. Seemingly, it makes sense and should work well. But the code returns zero, does not reflect the current status.</p> <p>However, WSL SDK returns the correct value.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Write-Host</span><span class="w"> </span><span class="s1">'Calling WSL SDK API (Ubuntu-20.04):'</span><span class="w"> </span><span class="nv">$DistroName</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s1">'Ubuntu-20.04'</span><span class="w"> </span><span class="nv">$obj</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">New-Object</span><span class="w"> </span><span class="nt">-ComObject</span><span class="w"> </span><span class="s1">'WslSdk.WslService'</span><span class="w"> </span><span class="nv">$Result</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">$obj</span><span class="o">.</span><span class="nf">IsDistroRegistered</span><span class="p">(</span><span class="nv">$DistroName</span><span class="p">)</span><span class="w"> </span><span class="n">Write-Host</span><span class="w"> </span><span class="s2">"</span><span class="nv">$Result</span><span class="s2">"</span><span class="w"> </span><span class="n">Write-Host</span><span class="w"> </span></code></pre> </div> <p>Essentially, both code depends on the WslIsDistributionRegistered function, but the PowerShell already calls the CoInitializeSecurity which does not meet requirements for WSL APIs. The first example will not work because of that.</p> <h2> A Demo: Sandboxing WSLΒ distro </h2> <p>I will show another, more complex example script. The below code will automatically download the Alpine Linux root filesystem image from the official mirror. Then, add the VI improved editor to the distribution.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="bp">$Error</span><span class="n">ActionPreference</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"Stop"</span><span class="w"> </span><span class="nv">$obj</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">New-Object</span><span class="w"> </span><span class="nt">-ComObject</span><span class="w"> </span><span class="s1">'WslSdk.WslService'</span><span class="w"> </span><span class="n">Write-Output</span><span class="w"> </span><span class="s1">'A WslSdk.WslService object is created.'</span><span class="w"> </span><span class="n">Pause</span><span class="w"> </span><span class="c"># Get installed distro list</span><span class="w"> </span><span class="n">Write-Output</span><span class="w"> </span><span class="s1">'Currently installed WSL distro list: '</span><span class="w"> </span><span class="nv">$list</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">$obj</span><span class="o">.</span><span class="nf">GetDistroList</span><span class="p">()</span><span class="w"> </span><span class="n">Write-Output</span><span class="w"> </span><span class="nv">$list</span><span class="w"> </span><span class="n">Pause</span><span class="w"> </span><span class="c"># Generate Random Name</span><span class="w"> </span><span class="nv">$RandomName</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">$obj</span><span class="o">.</span><span class="nf">GenerateRandomName</span><span class="p">(</span><span class="bp">$false</span><span class="p">)</span><span class="w"> </span><span class="n">Write-Output</span><span class="w"> </span><span class="s2">"We will use </span><span class="nv">$RandomName</span><span class="s2"> as a new distro"</span><span class="w"> </span><span class="c"># Download Alpine Linux RootFS Image</span><span class="w"> </span><span class="n">Write-Output</span><span class="w"> </span><span class="s1">'Downloading alpine linux root file system image'</span><span class="w"> </span><span class="nv">$TargetUrl</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s1">'https://dl-cdn.alpinelinux.org/alpine/v3.14/releases/x86_64/alpine-minirootfs-3.14.0-x86_64.tar.gz'</span><span class="w"> </span><span class="nv">$RootfsFilePath</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"</span><span class="nv">$</span><span class="nn">env</span><span class="p">:</span><span class="nv">TEMP</span><span class="s2">\alpine.tar.gz"</span><span class="w"> </span><span class="nv">$InstallPath</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"C:\Distro\</span><span class="nv">$RandomName</span><span class="s2">"</span><span class="w"> </span><span class="n">Invoke-WebRequest</span><span class="w"> </span><span class="nt">-UseBasicParsing</span><span class="w"> </span><span class="nt">-Uri</span><span class="w"> </span><span class="nv">$TargetUrl</span><span class="w"> </span><span class="nt">-OutFile</span><span class="w"> </span><span class="nv">$RootfsFilePath</span><span class="w"> </span><span class="n">Pause</span><span class="w"> </span><span class="c"># Register Distro</span><span class="w"> </span><span class="n">Write-Output</span><span class="w"> </span><span class="s2">"Distro installation begins"</span><span class="w"> </span><span class="n">Write-Output</span><span class="w"> </span><span class="s2">" - Distro Name: </span><span class="nv">$RandomName</span><span class="s2">"</span><span class="w"> </span><span class="n">Write-Output</span><span class="w"> </span><span class="s2">" - Source RootFS File Path: </span><span class="nv">$RootfsFilePath</span><span class="s2">"</span><span class="w"> </span><span class="n">Write-Output</span><span class="w"> </span><span class="s2">" - Destination Install Path: </span><span class="nv">$InstallPath</span><span class="s2">"</span><span class="w"> </span><span class="nv">$obj</span><span class="o">.</span><span class="nf">RegisterDistro</span><span class="p">(</span><span class="nv">$RandomName</span><span class="p">,</span><span class="w"> </span><span class="nv">$RootfsFilePath</span><span class="p">,</span><span class="w"> </span><span class="nv">$InstallPath</span><span class="p">)</span><span class="w"> </span><span class="n">Pause</span><span class="w"> </span><span class="c"># Distro Register Check</span><span class="w"> </span><span class="nv">$Result</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">$obj</span><span class="o">.</span><span class="nf">IsDistroRegistered</span><span class="p">(</span><span class="nv">$RandomName</span><span class="p">)</span><span class="w"> </span><span class="n">Write-Output</span><span class="w"> </span><span class="s2">"Distro Name </span><span class="nv">$RandomName</span><span class="s2"> Installed: </span><span class="nv">$Result</span><span class="s2">"</span><span class="w"> </span><span class="n">Pause</span><span class="w"> </span><span class="c"># Metadata Query</span><span class="w"> </span><span class="n">Write-Output</span><span class="w"> </span><span class="s2">"Querying </span><span class="nv">$RandomName</span><span class="s2"> metadata..."</span><span class="w"> </span><span class="nv">$o</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">$obj</span><span class="o">.</span><span class="nf">QueryDistroInfo</span><span class="p">(</span><span class="nv">$RandomName</span><span class="p">)</span><span class="w"> </span><span class="n">Write-Output</span><span class="w"> </span><span class="s2">" - Distro ID: </span><span class="si">$(</span><span class="nv">$o</span><span class="o">.</span><span class="nf">DistroId</span><span class="p">()</span><span class="s2">)"</span><span class="w"> </span><span class="n">Write-Output</span><span class="w"> </span><span class="s2">" - Distro Name: </span><span class="si">$(</span><span class="nv">$o</span><span class="o">.</span><span class="nf">DistroName</span><span class="p">()</span><span class="s2">)"</span><span class="w"> </span><span class="n">Write-Output</span><span class="w"> </span><span class="s2">" - Environment Variabls: </span><span class="si">$(</span><span class="nv">$o</span><span class="o">.</span><span class="nf">DefaultEnvironmentVariables</span><span class="p">()</span><span class="s2">)"</span><span class="w"> </span><span class="n">Write-Output</span><span class="w"> </span><span class="s2">" - Default Uid: </span><span class="si">$(</span><span class="nv">$o</span><span class="o">.</span><span class="nf">DefaultUid</span><span class="p">()</span><span class="s2">)"</span><span class="w"> </span><span class="n">Write-Output</span><span class="w"> </span><span class="s2">" - Flags: </span><span class="si">$(</span><span class="nv">$o</span><span class="o">.</span><span class="nf">DistroFlags</span><span class="p">()</span><span class="s2">)"</span><span class="w"> </span><span class="n">Write-Output</span><span class="w"> </span><span class="s2">" - Win32 Interop Enabled: </span><span class="si">$(</span><span class="nv">$o</span><span class="o">.</span><span class="nf">EnableInterop</span><span class="p">()</span><span class="s2">)"</span><span class="w"> </span><span class="n">Write-Output</span><span class="w"> </span><span class="s2">" - Drive Mounting Enabled: </span><span class="si">$(</span><span class="nv">$o</span><span class="o">.</span><span class="nf">EnableDriveMounting</span><span class="p">()</span><span class="s2">)"</span><span class="w"> </span><span class="n">Write-Output</span><span class="w"> </span><span class="s2">" - NT Path Append Enabled: </span><span class="si">$(</span><span class="nv">$o</span><span class="o">.</span><span class="nf">AppendNtPath</span><span class="p">()</span><span class="s2">)"</span><span class="w"> </span><span class="n">Write-Output</span><span class="w"> </span><span class="s2">" - WSL Version: </span><span class="si">$(</span><span class="nv">$o</span><span class="o">.</span><span class="nf">WslVersion</span><span class="p">()</span><span class="s2">)"</span><span class="w"> </span><span class="n">Pause</span><span class="w"> </span><span class="c"># Run WSL command</span><span class="w"> </span><span class="n">Write-Output</span><span class="w"> </span><span class="s2">"Installing vim..."</span><span class="w"> </span><span class="nv">$res</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">$obj</span><span class="o">.</span><span class="nf">RunWslCommand</span><span class="p">(</span><span class="nv">$o</span><span class="o">.</span><span class="nf">DistroName</span><span class="p">(),</span><span class="w"> </span><span class="s2">"apk add vim"</span><span class="p">)</span><span class="w"> </span><span class="nx">Write-Output</span><span class="w"> </span><span class="nv">$res</span><span class="w"> </span><span class="n">Pause</span><span class="w"> </span><span class="c"># Revealing launcher executable</span><span class="w"> </span><span class="n">Write-Output</span><span class="w"> </span><span class="s2">"Revealing launcher executable file"</span><span class="w"> </span><span class="n">Start-Process</span><span class="w"> </span><span class="nt">-FilePath</span><span class="w"> </span><span class="s2">"</span><span class="nv">$</span><span class="nn">env</span><span class="p">:</span><span class="nv">windir</span><span class="s2">\explorer.exe"</span><span class="w"> </span><span class="nt">-ArgumentList</span><span class="w"> </span><span class="s2">"/select,</span><span class="nv">$InstallPath</span><span class="s2">\</span><span class="nv">$RandomName</span><span class="s2">.exe"</span><span class="w"> </span><span class="n">Pause</span><span class="w"> </span><span class="c"># Unregister Distro</span><span class="w"> </span><span class="n">Write-Output</span><span class="w"> </span><span class="s2">"Unregister </span><span class="nv">$RandomName</span><span class="s2"> distro..."</span><span class="w"> </span><span class="nv">$obj</span><span class="o">.</span><span class="nf">UnregisterDistro</span><span class="p">(</span><span class="nv">$RandomName</span><span class="p">)</span><span class="w"> </span><span class="n">Pause</span><span class="w"> </span><span class="c"># Get installed distro list</span><span class="w"> </span><span class="n">Write-Output</span><span class="w"> </span><span class="s1">'Currently installed WSL distro list: '</span><span class="w"> </span><span class="nv">$list</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">$obj</span><span class="o">.</span><span class="nf">GetDistroList</span><span class="p">()</span><span class="w"> </span><span class="n">Write-Output</span><span class="w"> </span><span class="nv">$list</span><span class="w"> </span><span class="n">Pause</span><span class="w"> </span><span class="nv">$obj</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="bp">$null</span><span class="w"> </span></code></pre> </div> <p>It is a basic root filesystem image does not design for the WSL. As you already know, WSL supports importing any Linux root filesystem image which meets exact processor architecture.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fh4yhloqftlop5zu86rwu.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fh4yhloqftlop5zu86rwu.png" alt="Sandboxing WSL distro" width="800" height="450"></a></p> <p>WSL SDK handles dynamic distribution registration and manipulation even in the PowerShell environment.</p> <p>Just for fun, even in Microsoft Excel, you can interact with the WSL environment.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fes587f80ouwao4fwjivn.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fes587f80ouwao4fwjivn.png" alt="Running WSL SDK via Excel with VBA" width="800" height="554"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fiir2pdici2gyqi4y7tmk.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fiir2pdici2gyqi4y7tmk.png" alt="Automating WSL in the Microsoft VB for Applications" width="800" height="426"></a></p> <p>You can access a variety of sample codes of WSL SDKs here: <a href="https://github.com/wslhub/wsl-sdk-com/tree/main/sample" rel="noopener noreferrer">https://github.com/wslhub/wsl-sdk-com/tree/main/sample</a>.</p> <h2> Future Roadmap </h2> <p>I recently created a GitHub action pipeline thanks to the <a href="https://github.com/marketplace/actions/setup-wsl" rel="noopener noreferrer">https://github.com/marketplace/actions/setup-wsl</a> plugin and the GitHub team's decision to enable the WSL component in their Windows Server workload.</p> <p>Because of that, I could create a continuous integration for WSL SDK, which makes more confident releases. (<a href="https://github.com/wslhub/wsl-sdk-com/actions/workflows/wsl-sdk-com-build.yml" rel="noopener noreferrer">https://github.com/wslhub/wsl-sdk-com/actions/workflows/wsl-sdk-com-build.yml</a>) This work is a significant achievement of the WSL SDK roadmap.</p> <p>Moreover, my bucket list contains those goals.</p> <ul> <li>Registration-free COM server (If possible)</li> <li>ARM64 native support</li> <li>Adopting WSL SDK to another of my previous project (WSL Manager)</li> <li>Various language wrappers (C#, Python, Go-lang, PowerShell, or any COM supported languages)</li> </ul> <p>If you are interested in the WSL SDK project, please come and contribute to the GitHub repo. (<a href="https://github.com/wslhub/wsl-sdk-com" rel="noopener noreferrer">https://github.com/wslhub/wsl-sdk-com</a>)</p> wsl2 linux windows devops Set up your SSH server in Windows 10 native way Jung Hyun, Nam Sun, 02 Feb 2020 07:50:53 +0000 https://dev.to/rkttu/set-up-an-ssh-server-in-windows-10-native-way-22d9 https://dev.to/rkttu/set-up-an-ssh-server-in-windows-10-native-way-22d9 <p><a href="https://dev.to/rkttu/set-up-ssh-key-and-git-integration-in-windows-10-native-way-o4i">Continuing from the last post</a>, we'll look at how to set up a built-in SSH server starting with Windows 10 and Windows Server 1709. This method allows Windows Server to connect remotely using SSH, just like a traditional Linux server. We will also look at how you can use Remote Desktop securely without modifying your firewall settings using SSH port tunneling.</p> <h1> Installing and configuring OpenSSH Server </h1> <p>You can install OpenSSH Server the same way you installed the SSH client in the previous article.<br> </p> <div class="highlight"><pre class="highlight powershell"><code><span class="nv">$OpenSSHServer</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nf">Get-WindowsCapability</span><span class="w"> </span><span class="nt">-Online</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="err">?</span><span class="w"> </span><span class="nf">Name</span><span class="w"> </span><span class="o">-like</span><span class="w"> </span><span class="err">β€˜</span><span class="nx">OpenSSH.Server</span><span class="o">*</span><span class="err">’</span><span class="w"> </span><span class="nf">Add-WindowsCapability</span><span class="w"> </span><span class="nt">-Online</span><span class="w"> </span><span class="nt">-Name</span><span class="w"> </span><span class="nv">$OpenSSHServer</span><span class="o">.</span><span class="nf">Name</span><span class="w"> </span></code></pre></div> <p>After installing the OpenSSH server program, start and stop the NT service once to create the necessary initial configuration files.<br> </p> <div class="highlight"><pre class="highlight powershell"><code><span class="nv">$SSHDaemonSvc</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nf">Get-Service</span><span class="w"> </span><span class="nt">-Name</span><span class="w"> </span><span class="err">β€˜</span><span class="nx">sshd</span><span class="err">’</span><span class="w"> </span><span class="nf">Start-Service</span><span class="w"> </span><span class="nt">-Name</span><span class="w"> </span><span class="nv">$SSHDaemonSvc</span><span class="o">.</span><span class="nf">Name</span><span class="w"> </span><span class="nx">Stop-Service</span><span class="w"> </span><span class="nt">-Name</span><span class="w"> </span><span class="nv">$SSHDaemonSvc</span><span class="o">.</span><span class="nf">Name</span><span class="w"> </span></code></pre></div> <h1> Apply asymmetric key authentication </h1> <p>It is highly recommended that you use the public key authentication method and disable the password authentication method to prevent attacks through password assignment. To enable this authentication feature, start PowerShell as an administrator and open the file in the path below with notepad. (Or you can use another text editor of your choice.)<br> </p> <div class="highlight"><pre class="highlight powershell"><code><span class="nf">notepad.exe</span><span class="w"> </span><span class="nv">$</span><span class="nn">env</span><span class="p">:</span><span class="nv">PROGRAMDATA</span><span class="nx">\ssh\sshd_config</span><span class="w"> </span></code></pre></div> <p>For the following items, uncomment the items and apply the value as follows:</p> <ul> <li><code>PubkeyAuthentication yes</code></li> <li><code>PasswordAuthentication no</code></li> <li><code>PermitEmptyPasswords no</code></li> </ul> <p>Then choose your preferred method of managing SSH public keys. Starting with Windows Server 2019 (or 1809), there are two ways to describe SSH public keys. One of which is the traditional way of creating an authorized_keys file in the user's home directory.</p> <h2> Using <code>$HOME\.ssh\authorized_keys</code> </h2> <p>To use this method, comment out the following block of code at the bottom of the configuration file:<br> </p> <div class="highlight"><pre class="highlight plaintext"><code>Match Group administrators AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys </code></pre></div> <p>Then go to the user home directory you want to log in to and create a <code>.ssh</code> directory.<br> </p> <div class="highlight"><pre class="highlight powershell"><code><span class="nf">mkdir</span><span class="w"> </span><span class="s2">"</span><span class="bp">$HOME</span><span class="s2">\.ssh"</span><span class="w"> </span></code></pre></div> <p>Create an <code>authorized_keys</code> file (without the extension) inside the newly created directory and open it with your favorite text editor.<br> </p> <div class="highlight"><pre class="highlight powershell"><code><span class="nv">$authorizedKeyFilePath</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="err">β€œ</span><span class="bp">$HOME</span><span class="nf">\.ssh\authorized_keys</span><span class="err">”</span><span class="w"> </span><span class="nf">New-Item</span><span class="w"> </span><span class="nv">$authorizedKeyFilePath</span><span class="w"> </span><span class="nf">notepad.exe</span><span class="w"> </span><span class="nv">$authorizedKeyFilePath</span><span class="w"> </span></code></pre></div> <p>Add the SSH public key value you are using here.</p> <p>When you save the file, you must change the file permission settings as described in the section <strong>Setting File Permissions with Authentication Key Information</strong>. If this setting is missing, the SSH connection will fail.</p> <h2> Using <code>administrators_authorized_keys</code> </h2> <p>This is the default used by OpenSSH included in Windows Server 2019 (1809). Instead of registering a new SSH key for each user, you can manage your files in one place.</p> <p>If you use this method, all public keys must be stored in the <code>$env: PROGRAMDATA\ssh\administrators_authorized_keys</code> file, except for non-administrative users (that is, users who do not belong to the Administrators group). If you try, this setting will be used instead of the setting in your home directory, so if there is no key here, the connection will fail.</p> <p>The <code>administrators_authorized_keys</code> file does not exist by default and must be created.<br> </p> <div class="highlight"><pre class="highlight powershell"><code><span class="nv">$authorizedKeyFilePath</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="err">β€œ</span><span class="nv">$</span><span class="nn">env</span><span class="p">:</span><span class="nv">ProgramData</span><span class="nf">\ssh\administrators_authorized_keys</span><span class="err">”</span><span class="w"> </span><span class="nf">New-Item</span><span class="w"> </span><span class="nv">$authorizedKeyFilePath</span><span class="w"> </span><span class="nf">notepad.exe</span><span class="w"> </span><span class="nv">$authorizedKeyFilePath</span><span class="w"> </span></code></pre></div> <p>Add the SSH public key value you are using here.</p> <p>When you save the file, you must change the file permission settings as described in the section <strong>Setting File Permissions with Authentication Key Information</strong>. If this setting is missing, the SSH connection will fail.</p> <h1> Setting File Permissions with Authentication Key Information </h1> <p>A common and very tough problem that you will face about using the OpenSSH server for Windows is this. SSH key file permission should have correct and limited file permission. Windows version of SSH also follows this rule, but especially in Windows, configuring file permission can be unintuitive.</p> <p>Depending on the method you chose in the previous step, you must verify the path of the <code>authorized_keys</code> file or <code>administrators_authorized_keys</code> file and change the permissions so that only the system account can access it using the <code>icacls.exe</code> utility and the <code>Get-Acl</code> and <code>Set-Acl</code> commands.<br> </p> <div class="highlight"><pre class="highlight powershell"><code><span class="nv">$authorizedKeyFilePath</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"..."</span><span class="w"> </span><span class="nf">icacls.exe</span><span class="w"> </span><span class="nv">$authorizedKeyFilePath</span><span class="w"> </span><span class="nx">/remove</span><span class="w"> </span><span class="err">β€œ</span><span class="nx">NT</span><span class="w"> </span><span class="nx">AUTHORITY\Authenticated</span><span class="w"> </span><span class="nx">Users</span><span class="err">”</span><span class="w"> </span><span class="nf">icacls.exe</span><span class="w"> </span><span class="nv">$authorizedKeyFilePath</span><span class="w"> </span><span class="nx">/inheritance:r</span><span class="w"> </span><span class="nf">Get-Acl</span><span class="w"> </span><span class="err">β€œ</span><span class="nv">$</span><span class="nn">env</span><span class="p">:</span><span class="nv">ProgramData</span><span class="nx">\ssh\ssh_host_dsa_key</span><span class="err">”</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nf">Set-Acl</span><span class="w"> </span><span class="nv">$authorizedKeyFilePath</span><span class="w"> </span></code></pre></div> <h1> Changing the SSH Default Shell </h1> <p>Basically, for compatibility reasons, the Windows operating system has provided a shell-based interpreter that recognizes DOS commands for a long time. But now, with more and more features than working with DOS commands, PowerShell is becoming a good alternative.</p> <p>If necessary, you can specify that PowerShell as the default shell for SSH instead of the DOS interpreter. However, the settings here are specific to SSH sessions, not for the Remote Desktop or console session.<br> </p> <div class="highlight"><pre class="highlight powershell"><code><span class="nf">New-ItemProperty</span><span class="w"> </span><span class="nt">-Path</span><span class="w"> </span><span class="s2">"HKLM:\SOFTWARE\OpenSSH"</span><span class="w"> </span><span class="nt">-Name</span><span class="w"> </span><span class="nx">DefaultShell</span><span class="w"> </span><span class="nt">-Value</span><span class="w"> </span><span class="s2">"</span><span class="nv">$</span><span class="nn">env</span><span class="p">:</span><span class="nv">WINDIR</span><span class="s2">\System32\WindowsPowerShell\v1.0\powershell.exe"</span><span class="w"> </span><span class="nt">-PropertyType</span><span class="w"> </span><span class="nx">String</span><span class="w"> </span><span class="nt">-Force</span><span class="w"> </span></code></pre></div> <h1> Staring SSH Server </h1> <p>You are now ready to start your SSH server. The SSH server is set to manual run by default, so you can change the startup mode to automatic. Then starts the service.<br> </p> <div class="highlight"><pre class="highlight powershell"><code><span class="nv">$SSHDaemonSvc</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nf">Get-Service</span><span class="w"> </span><span class="nt">-Name</span><span class="w"> </span><span class="err">β€˜</span><span class="nx">sshd</span><span class="err">’</span><span class="w"> </span><span class="nf">Set-Service</span><span class="w"> </span><span class="nt">-Name</span><span class="w"> </span><span class="nv">$SSHDaemonSvc</span><span class="o">.</span><span class="nf">Name</span><span class="w"> </span><span class="nt">-StartupType</span><span class="w"> </span><span class="nx">Automatic</span><span class="w"> </span><span class="nx">Start-Service</span><span class="w"> </span><span class="nt">-Name</span><span class="w"> </span><span class="nv">$SSHDaemonSvc</span><span class="o">.</span><span class="nf">Name</span><span class="w"> </span></code></pre></div> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--LDgkf4-s--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://miro.medium.com/max/4388/1%2AgJry9InM3arljQZjgdKP9A.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--LDgkf4-s--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://miro.medium.com/max/4388/1%2AgJry9InM3arljQZjgdKP9A.png" alt="SSH to Windows Server"></a></p> <p>Congratulations! From now, you can connect to Windows with SSH-key authentication.</p> <h1> How to Secure Remote Desktops </h1> <p>Unlike Linux, Windows still runs much of the system on a graphical interface rather than on the command line. So if you try to do something with a terminal like this, you may not have much to do as you might expect.</p> <p>Remote Desktop, however, is a well-known food for many hackers and script kiddies as is well known. You may encounter the dilemma of choosing between convenience and security.</p> <p>Fortunately, SSH provides the concept of tunneling, supporting the ability to relay other network connections securely. Remote desktop connections can also be protected in this way so that you can use them with confidence.</p> <p>Start by blocking the TCP 3389 and UDP 3389 ports. You can do this because you will use Remote Desktop only with SSH tunneling.<br> </p> <div class="highlight"><pre class="highlight powershell"><code><span class="nf">Set-NetFirewallRule</span><span class="w"> </span><span class="nt">-DisplayName</span><span class="w"> </span><span class="err">β€œ</span><span class="nx">Remote</span><span class="w"> </span><span class="nx">Desktop</span><span class="w"> </span><span class="nf">-</span><span class="w"> </span><span class="nx">User</span><span class="w"> </span><span class="nx">Mode</span><span class="w"> </span><span class="p">(</span><span class="nx">UDP-In</span><span class="p">)</span><span class="err">”</span><span class="w"> </span><span class="nt">-Action</span><span class="w"> </span><span class="nf">Block</span><span class="w"> </span><span class="nf">Set-NetFirewallRule</span><span class="w"> </span><span class="nt">-DisplayName</span><span class="w"> </span><span class="err">β€œ</span><span class="nx">Remote</span><span class="w"> </span><span class="nx">Desktop</span><span class="w"> </span><span class="nf">-</span><span class="w"> </span><span class="nx">User</span><span class="w"> </span><span class="nx">Mode</span><span class="w"> </span><span class="p">(</span><span class="nx">TCP-In</span><span class="p">)</span><span class="err">”</span><span class="w"> </span><span class="nt">-Action</span><span class="w"> </span><span class="nf">Block</span><span class="w"> </span></code></pre></div> <p>Next, you must change the registry flag value so that the remote desktop server can accept the connection.<br> </p> <div class="highlight"><pre class="highlight powershell"><code><span class="nf">Set-ItemProperty</span><span class="w"> </span><span class="nt">-Path</span><span class="w"> </span><span class="err">β€˜</span><span class="nx">HKLM:\System\CurrentControlSet\Control\Terminal</span><span class="w"> </span><span class="nx">Server</span><span class="err">’</span><span class="w"> </span><span class="nt">-Name</span><span class="w"> </span><span class="err">β€œ</span><span class="nx">fDenyTSConnections</span><span class="err">”</span><span class="w"> </span><span class="nt">-Value</span><span class="w"> </span><span class="nx">0</span><span class="w"> </span></code></pre></div> <p>And the part that I'm going to explain right now is really cool. As you saw earlier, you will not be asked for your password when you connect to OpenSSH, so you can set up a randomly generated strong password each time you use it. It is very useful to have a simple script in the system directory that can do this.</p> <p>Choose the type of script you want to create a file called <code>ChangePassword.ps1</code>. We will keep the file in the system directory for your convenience.<br> </p> <div class="highlight"><pre class="highlight powershell"><code><span class="nv">$change_pwd_script_path</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="err">β€œ</span><span class="nv">$</span><span class="nn">env</span><span class="p">:</span><span class="nv">WINDIR</span><span class="nf">\ChangePassword.ps1</span><span class="err">”</span><span class="w"> </span><span class="nf">Clear-Content</span><span class="w"> </span><span class="nv">$change_pwd_script_path</span><span class="w"> </span><span class="nt">-ErrorAction</span><span class="w"> </span><span class="nx">SilentlyContinue</span><span class="w"> </span><span class="nf">notepad.exe</span><span class="w"> </span><span class="nv">$change_pwd_script_path</span><span class="w"> </span></code></pre></div> <h2> Set your desired password </h2> <p>Create the contents of the <code>ChangePassword.ps1</code> file as follows:<br> </p> <div class="highlight"><pre class="highlight powershell"><code><span class="nv">$Password</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nf">Read-Host</span><span class="w"> </span><span class="nt">-Prompt</span><span class="w"> </span><span class="s2">"Provide your new account password"</span><span class="w"> </span><span class="nt">-AsSecureString</span><span class="w"> </span><span class="nf">Set-LocalUser</span><span class="w"> </span><span class="nt">-Name</span><span class="w"> </span><span class="s2">"</span><span class="nv">$</span><span class="nn">env</span><span class="p">:</span><span class="nv">UserName</span><span class="s2">"</span><span class="w"> </span><span class="nt">-Password</span><span class="w"> </span><span class="nv">$Password</span><span class="w"> </span><span class="nf">Clear-Variable</span><span class="w"> </span><span class="s2">"Password"</span><span class="w"> </span><span class="nf">Write-Host</span><span class="w"> </span><span class="s2">"Detailed settings such as remote desktop settings, WinRM connection settings, and Windows Update can be controlled using the sconfig command."</span><span class="w"> </span></code></pre></div> <p>This script allows you to enter your own password. However, unless you change the policy, you can only use passwords that pass the Windows Server enhanced default password rules. You must specify a password that must meet all of the following conditions.</p> <ul> <li>English capital letters (A through Z)</li> <li>Lowercase English letters (a through z)</li> <li>Arabic numerals (0 to 9)</li> <li>Special symbols (e.g.!, $, #,%)</li> </ul> <h2> Generate a new password every time </h2> <p>Create the contents of the <code>ChangePassword.ps1</code> file as follows:<br> </p> <div class="highlight"><pre class="highlight powershell"><code><span class="nf">Add-Type</span><span class="w"> </span><span class="nt">-AssemblyName</span><span class="w"> </span><span class="nx">System.Web</span><span class="w"> </span><span class="nv">$Password</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">[</span><span class="no">System.Web.Security.</span><span class="kt">Membership</span><span class="p">]::</span><span class="nf">GeneratePassword</span><span class="p">(</span><span class="mi">30</span><span class="p">,</span><span class="mi">10</span><span class="p">)</span><span class="w"> </span><span class="nf">Set-LocalUser</span><span class="w"> </span><span class="nt">-Name</span><span class="w"> </span><span class="s2">"</span><span class="nv">$</span><span class="nn">env</span><span class="p">:</span><span class="nv">UserName</span><span class="s2">"</span><span class="w"> </span><span class="nt">-Password</span><span class="w"> </span><span class="p">(</span><span class="nv">$Password</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nf">ConvertTo-SecureString</span><span class="w"> </span><span class="nt">-AsPlainText</span><span class="w"> </span><span class="nt">-Force</span><span class="p">)</span><span class="w"> </span><span class="nf">Write-Host</span><span class="w"> </span><span class="s2">"Your New Password is:</span><span class="se">`r`n`r`n</span><span class="nv">$Password</span><span class="s2">"</span><span class="w"> </span><span class="nf">Write-Host</span><span class="w"> </span><span class="s2">"Detailed settings such as remote desktop settings, WinRM connection settings, and Windows Update can be controlled using the sconfig command."</span><span class="w"> </span><span class="nf">Clear-Variable</span><span class="w"> </span><span class="s2">"Password"</span><span class="w"> </span></code></pre></div> <p>This way, you can set a strong password every time. If you forget your password, you can rest assured that you can still use public key authentication as a secondary means of authentication.</p> <h2> Try logging in to Remote Desktop with Tunneling </h2> <p>Now enter the following command to run the above script. After that, just set the password as guided by the script and verify that the remote desktop connection is working.<br> </p> <div class="highlight"><pre class="highlight powershell"><code><span class="nf">ChangePassword</span><span class="w"> </span></code></pre></div> <p>To log in to the remote desktop, run SSH as follows:<br> </p> <div class="highlight"><pre class="highlight shell"><code>ssh <span class="nt">-L</span> 3389:localhost:3389 &lt;user_id&gt;@&lt;host_address&gt; </code></pre></div> <p>The first 3389 is the port number on the server-side, and the second address is the port number you want to use locally. If you have changed the remote desktop's port number from the registry to another number on the server, you can enter the changed port number instead of 3389.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--jOKYzAKh--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://miro.medium.com/max/5912/1%2AO4WNnaXe9_LaeQ2Ed5s_6g.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--jOKYzAKh--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://miro.medium.com/max/5912/1%2AO4WNnaXe9_LaeQ2Ed5s_6g.png" alt="Access to remote desktop using SSH tunneling with Remote Desktop 10 on macOS"></a></p> <p>If you try to connect to a remote desktop using only the <code>&lt;host_address&gt;</code> part as before, the firewall will block the connection as previously set up. So no one can access the remote desktop directly unless the user has registered a public key that matches the SSH secret key with that server.</p> <h1> Using secure file sending and receiving </h1> <p>Not surprisingly, it is possible to use SSH based SFTP. This feature can be used to securely handle large file transfers in place of the remote desktop's folder sharing feature.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--uWj1M1nT--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://miro.medium.com/max/5080/1%2AD-5vXZxRln1qBEFrzX0ihQ.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--uWj1M1nT--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://miro.medium.com/max/5080/1%2AD-5vXZxRln1qBEFrzX0ihQ.png" alt="Access to Windows Server using FileZilla's SFTP feature"></a></p> <p>Any client that supports the SFTP feature, such as FileZilla, is compatible and has an management advantage, as there is no need to apply complex firewall open policies like traditional FTP.</p> <h1> Wrap-up </h1> <p>This walks you through all the new SSH features that have been added since Windows 10 1709. Both articles are available for Windows 10 and Windows Server 2019, so please take a moment to set them up for even more security.</p> <h1> Credits </h1> <p>The following articles helped me as I wrote this article.</p> <ul> <li><a href="https://ilovepowershell.com/2018/05/28/awesome-and-simple-way-to-generate-random-passwords-with-powershell/">https://ilovepowershell.com/2018/05/28/awesome-and-simple-way-to-generate-random-passwords-with-powershell/</a></li> <li><a href="https://stackoverflow.com/questions/16212816/setting-up-openssh-for-windows-using-public-key-authentication">https://stackoverflow.com/questions/16212816/setting-up-openssh-for-windows-using-public-key-authentication</a></li> </ul> openssh sftp rdp windowsserver Set up SSH Key and Git integration in Windows 10 native way Jung Hyun, Nam Sun, 27 Oct 2019 16:18:36 +0000 https://dev.to/rkttu/set-up-ssh-key-and-git-integration-in-windows-10-native-way-o4i https://dev.to/rkttu/set-up-ssh-key-and-git-integration-in-windows-10-native-way-o4i <p>Did you know that Windows 10 comes with an OpenSSH client?</p> <p>Starting with the Windows 10 Fall Creators Update (1709), OpenSSH clients are starting to be offered as Windows add-ons. However, it is easy to misunderstand that it is only provided by unfamiliar usage that differs from Linux, or that it is still not supported properly.</p> <p>In this article, we'll look at how to set up the commonly used client environment related to OpenSSH in a way that's built into Windows 10, and I'll give you some useful tips.</p> <h1> Configure Windows OpenSSH </h1> <p>Start PowerShell as an administrator and use the PowerShell commands below to add Windows components.</p> <p>Microsoft's current installation of OpenSSH is an add-on package, Feature-On-Demand, not an item in the <code>Add/Remove Windows Components</code> dialog box of the classic Control Panel <code>control.exe</code>. You can install it only by using the following command:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="nv">$OpenSSHClient</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">Get-WindowsCapability</span><span class="w"> </span><span class="nt">-Online</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nf">?</span><span class="w"> </span><span class="nx">Name</span><span class="w"> </span><span class="o">-like</span><span class="w"> </span><span class="err">β€˜</span><span class="nx">OpenSSH.Client</span><span class="o">*</span><span class="err">’</span><span class="w"> </span><span class="n">Add-WindowsCapability</span><span class="w"> </span><span class="nt">-Online</span><span class="w"> </span><span class="nt">-Name</span><span class="w"> </span><span class="nv">$OpenSSHClient</span><span class="o">.</span><span class="nf">Name</span><span class="w"> </span></code></pre> </div> <p>Normally, no system restart is required after installation.</p> <p>After completing the installation, you may enable the ssh-agent service. This service is used to register to not ask for the SSH key password every time. Initially, the service is disabled and stopped, so set the service to autostart, and start it now.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="nv">$SSHAgentSvc</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">Get-Service</span><span class="w"> </span><span class="nt">-Name</span><span class="w"> </span><span class="err">β€˜</span><span class="nx">ssh-agent</span><span class="err">’</span><span class="w"> </span><span class="n">Set-Service</span><span class="w"> </span><span class="nt">-Name</span><span class="w"> </span><span class="nv">$SSHAgentSvc</span><span class="o">.</span><span class="nf">Name</span><span class="w"> </span><span class="nt">-StartupType</span><span class="w"> </span><span class="nx">Automatic</span><span class="w"> </span><span class="n">Start-Service</span><span class="w"> </span><span class="nt">-Name</span><span class="w"> </span><span class="nv">$SSHAgentSvc</span><span class="o">.</span><span class="nf">Name</span><span class="w"> </span></code></pre> </div> <p>You should now close the PowerShell window in administrator mode and work with the PowerShell window open as normal.</p> <p>Since we are setting up a new system, let's create a new SSH key. Some common utilities have been added along with the OpenSSH client package. Run the <code>ssh-keygen</code> command and answer questions.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">ssh-keygen</span><span class="w"> </span></code></pre> </div> <p>This creates a key pair from the <code>$HOME\.ssh\id_rsa</code> file and the <code>$HOME\.ssh\id_rsa.pub</code> file.</p> <p>Now run the <code>ssh-add</code> command to add this key pair to the ssh-agent service.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">ssh-add</span><span class="w"> </span></code></pre> </div> <p>It automatically registers the <code>$HOME\.ssh\id_rsa</code> key pair, and now you can authenticate with that key pair.</p> <blockquote> <p>Note: Sometimes the system may have several <code>ssh.exe</code> binary files installed, and the <code>ssh.exe</code> binary path may be duplicated in the <code>PATH</code> environment variable. To debug this problem, review the contents of the <code>path</code> command or the <code>PATH</code> environment variable and change the folder path containing the <code>ssh.exe</code> binary to be used first, or keep only one.</p> </blockquote> <h1> Registering SSH Keys on Github </h1> <p>You need to register the public key of this SSH Key Pair to Github or your Git repository.</p> <p>Enter the following PowerShell command to copy the public key value to register other systems.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Get-Content</span><span class="w"> </span><span class="nt">-Path</span><span class="w"> </span><span class="bp">$HOME</span><span class="nx">\.ssh\id_rsa.pub</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">Set-Clipboard</span><span class="w"> </span></code></pre> </div> <p>With this command, public key automatically entered on the clipboard.</p> <p>Then enter the following command to open the GitHub configuration page. (Or you can open the URL below directly in your preferred browser instead of your default browser.)<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Start-Process</span><span class="w"> </span><span class="err">β€˜</span><span class="nx">https://github.com/settings/ssh/new</span><span class="s1">' </span></code></pre> </div> <p>After that, paste the public key from the clipboard and register it by adding a clear description of the key.</p> <h1> Install Git Client and SSH Client </h1> <p>There are many ways to install the Git client, but I personally recommend the Chocolatey Package Manager as the most intuitive and easy way.</p> <p>The official Git client installation package exposes a lot of options that can cause side effects, so if you install it incorrectly, you may run into difficulties due to unintended features.</p> <p>First install the Chocolatey Package Manager if it is not already installed. Because this is a system-level addition of software, allow a few minutes to open a new PowerShell window as an administrator.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Set-ExecutionPolicy</span><span class="w"> </span><span class="nx">Bypass</span><span class="w"> </span><span class="nt">-Scope</span><span class="w"> </span><span class="nx">Process</span><span class="w"> </span><span class="nt">-Force</span><span class="p">;</span><span class="w"> </span><span class="n">iex</span><span class="w"> </span><span class="p">((</span><span class="n">New-Object</span><span class="w"> </span><span class="nx">System.Net.WebClient</span><span class="p">)</span><span class="o">.</span><span class="nf">DownloadString</span><span class="p">(</span><span class="err">β€˜</span><span class="nx">https://chocolatey.org/install.ps1</span><span class="s1">')) </span></code></pre> </div> <p>Now enter the command to install the Git for Windows client.</p> <blockquote> <p>Note: Often, if the Chocolatey.org website enters a regular checkout period, the installation may not proceed properly. In this case, check the Chocolatey.org website and try again later.<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">choco</span><span class="w"> </span><span class="nx">install</span><span class="w"> </span><span class="nx">git</span><span class="w"> </span><span class="nt">-y</span><span class="w"> </span></code></pre> </div> <p>Back in the regular PowerShell window, set the GIT_SSH environment variable. You must specify this environment variable so that Git clients can properly recognize SSH clients on Windows 10.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="nv">$SSHPath</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">(</span><span class="n">Get-Command</span><span class="w"> </span><span class="nt">-Name</span><span class="w"> </span><span class="err">β€˜</span><span class="nx">ssh.exe</span><span class="err">’</span><span class="p">)</span><span class="o">.</span><span class="nf">Source</span><span class="w"> </span><span class="p">[</span><span class="n">Environment</span><span class="p">]::</span><span class="nx">SetEnvironmentVariable</span><span class="p">(</span><span class="err">β€˜</span><span class="n">GIT_SSH</span><span class="err">’</span><span class="p">,</span><span class="w"> </span><span class="nv">$SSHPath</span><span class="p">,</span><span class="w"> </span><span class="err">β€˜</span><span class="nx">User</span><span class="err">’</span><span class="p">)</span><span class="w"> </span></code></pre> </div> <h1> Powering PowerShell with oh-my-posh </h1> <p>As the name suggests, oh-my-posh is a Windows PowerShell version of oh-my-zsh that is popular on macOS and Linux these days. And interestingly, it supports some of the features that oh-my-zsh provides.</p> <p>First run the oh-my-posh installation script. It's listed in PowerShell's official module repository, so the commands are not complicated and simple.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Install-Module</span><span class="w"> </span><span class="nx">posh-git</span><span class="w"> </span><span class="nt">-Scope</span><span class="w"> </span><span class="nx">CurrentUser</span><span class="w"> </span><span class="n">Install-Module</span><span class="w"> </span><span class="nx">oh-my-posh</span><span class="w"> </span><span class="nt">-Scope</span><span class="w"> </span><span class="nx">CurrentUser</span><span class="w"> </span></code></pre> </div> <p>If you are installing on PowerShell Core for Windows (6.x or later), run the following command.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Install-Module</span><span class="w"> </span><span class="nt">-Name</span><span class="w"> </span><span class="nx">PSReadLine</span><span class="w"> </span><span class="nt">-AllowPrerelease</span><span class="w"> </span><span class="nt">-Scope</span><span class="w"> </span><span class="nx">CurrentUser</span><span class="w"> </span><span class="nt">-Force</span><span class="w"> </span><span class="nt">-SkipPublisherCheck</span><span class="w"> </span></code></pre> </div> <p>Edit the Profile file so that the oh-my-posh shell can be loaded automatically when PowerShell starts. If you run the command below, the file will be created if it doesn't exist.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="kr">if</span><span class="w"> </span><span class="p">(</span><span class="o">!</span><span class="p">(</span><span class="n">Test-Path</span><span class="w"> </span><span class="nt">-Path</span><span class="w"> </span><span class="bp">$PROFILE</span><span class="w"> </span><span class="p">))</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="n">New-Item</span><span class="w"> </span><span class="nt">-Type</span><span class="w"> </span><span class="nx">File</span><span class="w"> </span><span class="nt">-Path</span><span class="w"> </span><span class="bp">$PROFILE</span><span class="w"> </span><span class="nt">-Force</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="n">notepad.exe</span><span class="w"> </span><span class="bp">$PROFILE</span><span class="w"> </span></code></pre> </div> <p>Add the following code at the end of the script and save it.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Import-Module</span><span class="w"> </span><span class="nx">posh-git</span><span class="w"> </span><span class="n">Import-Module</span><span class="w"> </span><span class="nx">oh-my-posh</span><span class="w"> </span><span class="n">Set-Theme</span><span class="w"> </span><span class="nx">Paradox</span><span class="w"> </span></code></pre> </div> <p>As a side note, using a programming font with powerline patching looks pretty and doesn't break the glyphs. Run the following command again in an elevated PowerShell and update the console window's font settings with the D2Coding font.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Import-Module</span><span class="w"> </span><span class="nx">posh-git</span><span class="w"> </span><span class="n">Import-Module</span><span class="w"> </span><span class="nx">oh-my-posh</span><span class="w"> </span><span class="n">Set-Theme</span><span class="w"> </span><span class="nx">Paradox</span><span class="w"> </span></code></pre> </div> <p>When all the settings are applied, you will see something like the picture below, and if you move the directory to the Git repository, you will see the branch name look good. This seems to have some assortment. 😎</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2F4zs154z63bur997lse0d.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2F4zs154z63bur997lse0d.png" alt="oh-my-posh in action!"></a></p> <h1> Appendix 1: Installing the Windows Terminal App </h1> <p>You can go directly to the Windows Terminal app store page by running the following command in PowerShell: As is well known, using Windows Terminal gives you all the benefits of a modern CLI development environment.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Start-Process</span><span class="w"> </span><span class="s1">'https://www.microsoft.com/store/productId/9N0DX20HK701'</span><span class="w"> </span></code></pre> </div> <p>After installation, you can launch the Windows Terminal app directly with <code>wt.exe</code> or <code>wt</code> shortcuts. That is, on Windows, remember <code>wt</code> instead of <code>cmd</code>, <code>powershell</code> or <code>pwsh</code>. 😏</p> <h1> Appendix 2: For SourceTree </h1> <p>Unfortunately, the Git client used by SourceTree does not work with the SSH Agent service provided by Windows. Instead, you can use the keys you created.<br> In the SourceTree Options window, change the SSH client to OpenSSH as shown below.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2Fqabitx4yj5jgvekiomq0.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2Fqabitx4yj5jgvekiomq0.png" alt="Setting up existing SSH key on SourceTree"></a></p> <p>At this point, verify that the SSH key is the same as the <code>$HOME\.ssh\id_rsa</code> file created in the previous step. If it is different, specify it again.<br> When done, press the OK button to save the settings.</p> <h1> Appendix 3: Integrating with Visual Studio Code </h1> <p>If <code>GIT_SSH</code> environment variable is registered properly, integration is completed without any special setting. However, even though you have completed the configuration, if you are still in progress without any message when performing git pull, you can run the <code>ssh-add -l</code> command built-in terminal to check the connection status with the ssh-agent service.</p> windows10 ssh git github