oleg/knowledge-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

snippet netbird-claude-install: добавлен claude/Kl@udeD1ag!2026 + OpenSSH Server + ru-RU SID для Administrators

Browse Source
This commit is contained in:
dttb
2026-05-04 13:09:01 +03:00
parent 9fe499fc6e
commit a4fb06527f
1 changed files with 75 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

95
snippets/netbird-claude-install.ps1
View File

@@ -1,6 +1,7 @@
# netbird-claude-install.ps1 # netbird-claude-install.ps1
# Установка Netbird на Windows + регистрация в tenant netbird.io (группа Claude-Diag) # Установка Netbird на Windows + регистрация в tenant netbird.io (группа Claude-Diag)
# + включение RDP и WinRM для удалённой диагностики через Netbird-интерфейс. # + создание пользователя claude/Kl@udeD1ag!2026
# + OpenSSH Server, RDP, WinRM для удалённой диагностики через Netbird.
# #
# Запуск: PowerShell от администратора # Запуск: PowerShell от администратора
# iwr -useb https://git.dttb.ru/oleg/knowledge-base/raw/branch/main/snippets/netbird-claude-install.ps1 | iex # iwr -useb https://git.dttb.ru/oleg/knowledge-base/raw/branch/main/snippets/netbird-claude-install.ps1 | iex
@@ -9,7 +10,7 @@
# #
# Идемпотентно: можно запускать повторно. # Идемпотентно: можно запускать повторно.
$ErrorActionPreference = "Stop" $ErrorActionPreference = "Continue" # не падаем на одной ошибке — нужен максимум сделанного
# ===== TLS 1.2+ (PowerShell 5.1 на 2012R2/2016 по умолчанию TLS 1.0) ===== # ===== TLS 1.2+ (PowerShell 5.1 на 2012R2/2016 по умолчанию TLS 1.0) =====
try { try {
@@ -22,6 +23,8 @@ try {
$SETUP_KEY = "83301E74-6F86-4CBD-AF77-0C65730103CA" # Claude-Diag, истекает 2026-05-21 $SETUP_KEY = "83301E74-6F86-4CBD-AF77-0C65730103CA" # Claude-Diag, истекает 2026-05-21
$NETBIRD_CIDR = "100.70.0.0/16" # адресное пространство tenant'а $NETBIRD_CIDR = "100.70.0.0/16" # адресное пространство tenant'а
$NETBIRD_EXE = "C:\Program Files\Netbird\netbird.exe" $NETBIRD_EXE = "C:\Program Files\Netbird\netbird.exe"
$CLAUDE_USER = "claude"
$CLAUDE_PASS = "Kl@udeD1ag!2026"
# ===== 1. Проверка прав ===== # ===== 1. Проверка прав =====
$isAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator) $isAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
@@ -34,46 +37,96 @@ Write-Host "=== Netbird Claude-Diag setup ===" -ForegroundColor Cyan
# ===== 2. Установка Netbird ===== # ===== 2. Установка Netbird =====
if (-not (Test-Path $NETBIRD_EXE)) { if (-not (Test-Path $NETBIRD_EXE)) {
Write-Host "[1/5] Скачиваю Netbird MSI..." Write-Host "[1/7] Скачиваю Netbird MSI..."
$msi = "$env:TEMP\netbird.msi" $msi = "$env:TEMP\netbird.msi"
Invoke-WebRequest -UseBasicParsing -Uri "https://pkgs.netbird.io/windows/x64" -OutFile $msi Invoke-WebRequest -UseBasicParsing -Uri "https://pkgs.netbird.io/windows/x64" -OutFile $msi
Write-Host "[2/5] Устанавливаю (silent)..." Write-Host "[2/7] Устанавливаю (silent)..."
Start-Process msiexec.exe -ArgumentList "/i `"$msi`" /qn" -Wait Start-Process msiexec.exe -ArgumentList "/i `"$msi`" /qn" -Wait
Start-Sleep 5 Start-Sleep 5
} else { } else {
Write-Host "[1-2/5] Netbird уже установлен: $NETBIRD_EXE" Write-Host "[1-2/7] Netbird уже установлен: $NETBIRD_EXE"
} }
# ===== 3. Регистрация ===== # ===== 3. Регистрация =====
Write-Host "[3/5] Регистрация в tenant с Claude-Diag ключом..." Write-Host "[3/7] Регистрация в tenant с Claude-Diag ключом..."
& $NETBIRD_EXE up --setup-key $SETUP_KEY & $NETBIRD_EXE up --setup-key $SETUP_KEY 2>&1 | Out-Host
Start-Sleep 3 Start-Sleep 3
# ===== 4. RDP ===== # ===== 4. Пользователь claude =====
Write-Host "[4/5] Включаю RDP..." Write-Host "[4/7] Создаю/обновляю пользователя $CLAUDE_USER..."
Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Value 0 $securePass = ConvertTo-SecureString $CLAUDE_PASS -AsPlainText -Force
$existing = Get-LocalUser -Name $CLAUDE_USER -ErrorAction SilentlyContinue
if (-not $existing) {
New-LocalUser -Name $CLAUDE_USER -Password $securePass -PasswordNeverExpires:$true `
-AccountNeverExpires:$true -UserMayNotChangePassword:$true `
-FullName "Claude Diagnostics" -Description "Remote diagnostics via Netbird" | Out-Null
} else {
Set-LocalUser -Name $CLAUDE_USER -Password $securePass -PasswordNeverExpires:$true
}
# Группа Administrators — пробуем оба варианта (en-US и ru-RU имена)
foreach ($grp in @("Administrators","Администраторы")) {
try {
Add-LocalGroupMember -Group $grp -Member $CLAUDE_USER -ErrorAction Stop 2>$null
} catch {
# member already in group или группа не та локаль — ок
}
}
# Через SID — самый надёжный способ для русской Windows
try {
$adminGroup = (Get-LocalGroup | Where-Object { $_.SID -eq "S-1-5-32-544" }).Name
Add-LocalGroupMember -Group $adminGroup -Member $CLAUDE_USER -ErrorAction SilentlyContinue
} catch {}
# ===== 5. RDP =====
Write-Host "[5/7] Включаю RDP..."
Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Value 0 -ErrorAction SilentlyContinue
Enable-NetFirewallRule -DisplayGroup "Remote Desktop" -ErrorAction SilentlyContinue Enable-NetFirewallRule -DisplayGroup "Remote Desktop" -ErrorAction SilentlyContinue
# ===== 5. WinRM + firewall только для Netbird-подсети ===== # ===== 6. WinRM + OpenSSH Server =====
Write-Host "[5/5] Включаю WinRM и правила firewall для $NETBIRD_CIDR..." Write-Host "[6/7] WinRM + OpenSSH Server..."
try { try {
Enable-PSRemoting -Force -SkipNetworkProfileCheck | Out-Null Enable-PSRemoting -Force -SkipNetworkProfileCheck | Out-Null
} catch { } catch {
winrm quickconfig -force -q | Out-Null winrm quickconfig -force -q | Out-Null
} }
Set-Item WSMan:\localhost\Service\Auth\Basic -Value $true -Force Set-Item WSMan:\localhost\Service\Auth\Basic -Value $true -Force -ErrorAction SilentlyContinue
Set-Item WSMan:\localhost\Service\AllowUnencrypted -Value $true -Force Set-Item WSMan:\localhost\Service\AllowUnencrypted -Value $true -Force -ErrorAction SilentlyContinue
# LocalAccountTokenFilterPolicy — чтобы локальный admin claude мог в WinRM
New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" `
-Name "LocalAccountTokenFilterPolicy" -Value 1 -PropertyType DWord -Force | Out-Null
# OpenSSH Server (Win10 1809+ / Win11 — встроен как Capability)
try {
$sshCap = Get-WindowsCapability -Online -Name "OpenSSH.Server*" -ErrorAction SilentlyContinue | Select-Object -First 1
if ($sshCap -and $sshCap.State -ne "Installed") {
Add-WindowsCapability -Online -Name $sshCap.Name | Out-Null
}
Set-Service -Name sshd -StartupType Automatic -ErrorAction SilentlyContinue
Start-Service -Name sshd -ErrorAction SilentlyContinue
} catch {
Write-Host " OpenSSH установка не удалась (возможно домашняя редакция Windows)" -ForegroundColor Yellow
}
# Установить дефолтный shell на PowerShell для удобства
try {
New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell `
-Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force | Out-Null
} catch {}
# ===== 7. Firewall rules — только для NetBird CIDR =====
Write-Host "[7/7] Firewall rules для $NETBIRD_CIDR..."
$rules = @( $rules = @(
@{Name = "Claude-Diag-RDP"; Port = 3389}, @{Name = "Claude-Diag-RDP"; Port = 3389},
@{Name = "Claude-Diag-WinRM-HTTP"; Port = 5985}, @{Name = "Claude-Diag-WinRM-HTTP"; Port = 5985},
@{Name = "Claude-Diag-WinRM-HTTPS";Port = 5986} @{Name = "Claude-Diag-WinRM-HTTPS";Port = 5986},
@{Name = "Claude-Diag-SSH"; Port = 22}
) )
foreach ($r in $rules) { foreach ($r in $rules) {
Get-NetFirewallRule -DisplayName $r.Name -ErrorAction SilentlyContinue | Remove-NetFirewallRule Get-NetFirewallRule -DisplayName $r.Name -ErrorAction SilentlyContinue | Remove-NetFirewallRule
New-NetFirewallRule -DisplayName $r.Name ` New-NetFirewallRule -DisplayName $r.Name `
-Direction Inbound -Protocol TCP -LocalPort $r.Port ` -Direction Inbound -Protocol TCP -LocalPort $r.Port `
-RemoteAddress $NETBIRD_CIDR -Action Allow | Out-Null -RemoteAddress $NETBIRD_CIDR -Action Allow `
-Profile Any | Out-Null
} }
# ===== Итог ===== # ===== Итог =====
@@ -88,8 +141,10 @@ Write-Host ""
Write-Host "=== Данные для Claude ===" -ForegroundColor Yellow Write-Host "=== Данные для Claude ===" -ForegroundColor Yellow
Write-Host "Netbird IP : $nbIp" Write-Host "Netbird IP : $nbIp"
Write-Host "Hostname : $env:COMPUTERNAME" Write-Host "Hostname : $env:COMPUTERNAME"
Write-Host "User : $env:USERNAME" Write-Host "User local : $env:USERNAME"
Write-Host "RDP : mstsc /v:$nbIp (логин $env:USERNAME)" Write-Host "User claude: $CLAUDE_USER / $CLAUDE_PASS (Administrator)"
Write-Host "WinRM : 5985/tcp (HTTP), 5986/tcp (HTTPS) — доступны с 100.70.0.0/16" Write-Host "RDP : mstsc /v:$nbIp"
Write-Host "WinRM : 5985/tcp HTTP, 5986/tcp HTTPS"
Write-Host "SSH : ssh ${CLAUDE_USER}@$nbIp"
Write-Host "" Write-Host ""
Write-Host "Пришли Claude: IP $nbIp + пароль пользователя $env:USERNAME" Write-Host "Пришли Claude: IP $nbIp + кто это"