Updating Windows Over SSH

 Computing, Linux, Working Notes  No Responses »
Jul 032024
 

Well, this is kind of a weird one. But most of the systems I run are Linux-based, and over the years I have ‘developed’ a simple script that I run from my main workstation which iterates through all of the systems applying updates.

As non-interactively as possible – it could even be scheduled to run automatically (although I don’t for no good reason).

But it had one great weakness – it didn’t update my Windows 11 virtual machine. Which wasn’t a serious problem because Windows could and did update itself. But it did result in software installed with winget getting left behind.

So I sorted it …

  1. Install OpenSSH server on Windows: PS: Add-WindowsCapability -Online -Name OpenSSH.Server (this might need the version number which is best obtained using Get-WindowsCapability -Online | Where-Object Name -like ‘OpenSSH*’.
  2. Copy your chosen ssh authentication public key into c:\users\${username}\.ssh\authorized_keys file.
  3. Configure c:\programdata\ssh\sshd_config to permit public key authentication (“PubkeyAuthentication yes”).
  4. Whilst in the same file, comment out the section with the line beginning “Match Group administrators” which whilst makes things less secure did at least work! The section does refer to a file: c:/ProgramData/ssh/administrators_authorized_keys but adding to this file didn’t seem to work for me.
  5. Verify that the daemon is running: PS: get-service -name sshd
    • If it shows as not running, enable with: PS: set-service -name sshd -startuptype ‘automatic’
    • And either reboot, or start it manually: PS: start-service -name sshd
  6. At this point you should be able to login with a simple ssh username@hostname command. If not you’ve either left something out, or I have!

At this point you should be able to run the relevant update commands :-

  1. ssh username@hostname UsoClient ScanInstallWait. Operating system updates which may or may not work, so I wouldn’t disable the automatic updates at this point.
  2. ssh username@hostname winget upgrade –all. This updates additional software (something I’ve called “layered products” in the past) installed via winget (or the Microsoft “Store”. This can sometimes stop with a mysterious error but should usually work.

No guarantees with this sort of thing!

Peering At Each Other