Microsoft Validation OS, built on the foundation of Windows 11, offers a controlled environment for software testing and validation, ensuring compatibility and reliability. Microsoft Validation OS includes various core features and come with installed but not configured OpenSSH server. However, by following a series of straightforward steps, system administrators and developers can configure the OpenSSH server, enabling secure remote access to Microsoft Validation OS. This article will provide a comprehensive guide, outlining the necessary configuration steps and best practices to successfully set up the OpenSSH server on Microsoft Validation OS, empowering users with secure remote administration capabilities and streamlined file transfer functionalities.
Microsoft Validation OS is a lightweight, fast, and customizable Windows 11-based operating system that you can use on the factory floor to diagnose, mitigate and repair hardware defects during Windows device manufacturing. Validation OS boots into a Command Line environment to increase reliability on the factory floor and supports running Win32 apps, smoothing the transition from early hardware bring-up to retail OS and apps development.
Image customization in general
Microsoft provides enough documentation to customize image and add necessary software:
The important point for all steps is select proper WIM image. From Microsoft note:
- Use index:1 if you’ll be applying your image to a device’s hard drive.
- Use index:2 if you’ll be using the image to boot from a USB drive.
In case when we prepare image for VM boot from ISO we should use
/index:2 in the DISM command.
What should be done for SSH access:
- Generate SSH key pair
- Copy SSH public key into Validation OS as a authorized key
- Add OpenSSH server to autostart
- Export new image
Microsoft provide non-bootable Validation OS ISO. This image should be used only as a base.
- Download Validation OS from the link above and extract is to some folder (C:\validation_os)
- Start the Deployment and Imaging Tools Environment as an administrator.
copypeto create a working copy of the Windows PE files.
copype amd64 C:\WinPE_amd64
- Copy Validation OS wim and replace the WinPE boot.wim
xcopy C:\validation_os\ValidationOS.wim C:\WinPE_amd64\media\sources\boot.wim
- Create a folder where you’ll mount your image
- Use DISM to mount the image
DISM /Mount-Image /imagefile:"C:\WinPE_amd64\media\sources\boot.wim" /index:2 /MountDir:"C:\mount"
- Generate SSH key pair
md c:\validation_ssh ssh-keygen -t ed25519 -C "firstname.lastname@example.org" -f c:\validation_ssh\id_ed25519
- Configure SSH server and add SSH public key as a authorized key
copy C:\mount\Windows\System32\OpenSSH\sshd_config_default C:\mount\ProgramData\ssh\sshd_config type c:\validation_ssh\id_ed25519.pub > C:\mount\ProgramData\ssh\administrators_authorized_keys
- Create and configure the SSH startup script
C:\mount\sshd.batwith the following content
rem "Generate SSH host keys" cmd /c "ssh-keygen -A" rem "Start SSH server" cmd /k "c:\Windows\System32\OpenSSH\sshd.exe"
- Add script to startup via registry
reg load HKLM\Image_SOFTWARE C:\mount\windows\system32\config\software reg add "HKLM\Image_SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /t REG_SZ /F /D "cmd /k c:\sshd.bat" reg unload HKLM\Image_SOFTWARE
- Unmount image and apply changes
DISM /Unmount-Image /MountDir:"C:\mount" /Commit
- Generate bootable iso
MakeWinPEMedia /ISO C:\WinPE_amd64 C:\ValidationOS_SSH.iso
Usage of created ISO
- Boot any VM with ethernet adapter from
- Use the following SSH command to connect
ssh -i c:\validation_ssh\id_ed25519 -o IdentitiesOnly=yes Administrator@<VM_IP>
In conclusion, configuring the OpenSSH server on Microsoft Validation OS opens up a world of possibilities for secure remote access within this specialized testing and validation environment. By following the steps outlined in this article, you can establish a robust infrastructure that ensures the confidentiality, integrity, and authenticity of your remote connections. With the OpenSSH server in place, you can confidently administer and manage Microsoft Validation OS, transfer files securely, and streamline your workflows. Embracing the power of OpenSSH within the Microsoft Validation OS environment not only enhances your productivity but also reinforces your commitment to maintaining a strong security posture.