# TLS 1.2 + Fallback-Versionen aktivieren (Windows Server 2016) [Net.ServicePointManager]::SecurityProtocol = ` [Net.SecurityProtocolType]::Tls12 -bor ` [Net.SecurityProtocolType]::Tls11 -bor ` [Net.SecurityProtocolType]::Tls # Adminrechte pruefen und ggf. neu starten $isAdmin = ([Security.Principal.WindowsPrincipal] ` [Security.Principal.WindowsIdentity]::GetCurrent() ` ).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator) if (-not $isAdmin) { Start-Process powershell.exe ` "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" ` -Verb RunAs exit } Write-Host "============================================================" Write-Host " upterm Setup" Write-Host "============================================================" Write-Host "" # 1. Execution Policy pruefen Write-Host "[1/4] Pruefe Execution Policy..." $policy = Get-ExecutionPolicy -Scope CurrentUser if ($policy -in @('Bypass', 'Unrestricted', 'RemoteSigned')) { Write-Host " OK (aktuell: $policy)" } else { try { Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser -Force Write-Host " OK" } catch { $effective = Get-ExecutionPolicy if ($effective -in @('Bypass', 'Unrestricted', 'RemoteSigned')) { Write-Host " GPO-Override - Policy '$effective' ist ausreichend" } else { Write-Host "FEHLER: Execution Policy '$effective' blockiert Ausfuehrung." Read-Host "Enter zum Beenden"; exit 1 } } } # Hilfsfunktion: Scoop-Installer herunterladen und ausfuehren function Install-Scoop { $url = 'https://get.scoop.sh' # Scoop verweigert Installation als Admin ohne explizites Flag # Loesung: Installer-Script laden und mit -RunAsAdmin aufrufen $runAsAdmin = $isAdmin # Hilfsfunktion: Script-Inhalt herunterladen mit SSL-Bypass-Fallback function Get-InstallerScript($url) { try { return Invoke-RestMethod -Uri $url } catch {} try { return (New-Object System.Net.WebClient).DownloadString($url) } catch {} # SSL-Bypass (Server 2016 fehlende Zertifikatskette) Write-Host " SSL-Bypass aktiv (Server 2016/2022 Zertifikatskette)..." $cb = [Net.ServicePointManager]::ServerCertificateValidationCallback [Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} try { return (New-Object System.Net.WebClient).DownloadString($url) } catch { Write-Host "FEHLER: Scoop-Download fehlgeschlagen: $_" Write-Host " - Windows Update ausfuehren (fehlende Root-Zertifikate)" Write-Host " - Proxy auf HTTPS-Durchlass pruefen" return $null } finally { [Net.ServicePointManager]::ServerCertificateValidationCallback = $cb } } $script = Get-InstallerScript $url if (-not $script) { return $false } try { $sb = [scriptblock]::Create($script) if ($runAsAdmin) { # -RunAsAdmin ueberschreibt Scoop-Sperre fuer Administrator-Konten & $sb -RunAsAdmin } else { & $sb } return $true } catch { Write-Host "FEHLER: Scoop-Installation fehlgeschlagen: $_" return $false } } # 2. Scoop pruefen / installieren Write-Host "[2/4] Pruefe Scoop..." $scoopShims = "$env:USERPROFILE\scoop\shims" $scoopInstalled = (Test-Path "$scoopShims\scoop.ps1") -or (Test-Path "$scoopShims\scoop.cmd") if (-not $scoopInstalled) { Write-Host " Scoop nicht gefunden - wird installiert..." if (-not (Install-Scoop)) { Read-Host "Enter zum Beenden"; exit 1 } if (-not ((Test-Path "$scoopShims\scoop.ps1") -or (Test-Path "$scoopShims\scoop.cmd"))) { Write-Host "FEHLER: Scoop-Installation fehlgeschlagen (Verzeichnis fehlt)." Read-Host "Enter zum Beenden"; exit 1 } Write-Host " Scoop installiert." } else { Write-Host " Scoop bereits vorhanden." } # PATH dieser Session aktualisieren if ($env:PATH -notlike "*$scoopShims*") { $env:PATH = "$env:PATH;$scoopShims" } # 3. 7zip mit lessmsi-Workaround Write-Host "[3/4] Installiere 7zip via lessmsi..." scoop config use_lessmsi true $7zipOk = $false try { scoop install 7zip 2>&1 | Out-Null; $7zipOk = $true } catch {} if (-not $7zipOk) { Write-Host " 7zip fehlgeschlagen - bereinige und versuche erneut..." try { scoop uninstall 7zip } catch {} try { scoop cache rm 7zip } catch {} Remove-Item -Recurse -Force "$env:USERPROFILE\scoop\apps\7zip" -ErrorAction SilentlyContinue try { scoop install 7zip; $7zipOk = $true } catch { Write-Host "FEHLER: 7zip konnte nicht installiert werden: $_" Read-Host "Enter zum Beenden"; exit 1 } } Write-Host " OK" # 4. upterm (git wird fuer Scoop-Buckets benoetigt) Write-Host "[4/4] Installiere upterm..." # git pruefen / installieren if (-not (Get-Command git -ErrorAction SilentlyContinue)) { Write-Host " git nicht gefunden - wird installiert..." scoop install git # PATH aktualisieren $gitShim = "$env:USERPROFILE\scoop\shims" if ($env:PATH -notlike "*$gitShim*") { $env:PATH = "$env:PATH;$gitShim" } if (-not (Get-Command git -ErrorAction SilentlyContinue)) { Write-Host "FEHLER: git Installation fehlgeschlagen." Read-Host "Enter zum Beenden"; exit 1 } Write-Host " git installiert." } else { Write-Host " git bereits vorhanden." } scoop bucket add upterm https://github.com/owenthereal/scoop-upterm 2>&1 | Out-Null scoop install upterm 2>&1 | Tee-Object -Variable scoopOut if (-not (Get-Command upterm -ErrorAction SilentlyContinue)) { Write-Host "FEHLER: upterm wurde nicht installiert." Write-Host $scoopOut Read-Host "Enter zum Beenden"; exit 1 } Write-Host " OK" # 5. SSH-Key generieren (benoetigt fuer upterm-Authentifizierung) Write-Host "[5/5] Pruefe SSH-Key..." $sshDir = "$env:USERPROFILE\.ssh" $keyFile = "$sshDir\id_ed25519" if (-not (Test-Path $keyFile)) { Write-Host " Kein SSH-Key gefunden - generiere ed25519-Key..." if (-not (Test-Path $sshDir)) { New-Item -ItemType Directory -Path $sshDir | Out-Null } ssh-keygen -t ed25519 -f $keyFile -N '""' -q Write-Host " SSH-Key erstellt: $keyFile" } else { Write-Host " SSH-Key bereits vorhanden." } Write-Host "" Write-Host "============================================================" Write-Host " Installation abgeschlossen!" Write-Host "============================================================" Write-Host "" Write-Host " PowerShell NEU STARTEN, dann Session teilen mit:" Write-Host "" Write-Host " upterm host --server ssh://upterm.ebesch.de:2222 --accept" Write-Host "" Write-Host " Client verbindet sich mit:" Write-Host " ssh TOKEN:HASH@upterm.ebesch.de -p 2222" Write-Host "" Read-Host "Enter zum Beenden"