macOS 以 SSH key 連線至 Windows

# 產生 SSH key
# ssh-keygen -t ed25519 -C "[email protected]" -f ~/.ssh/hh-rd -N ""
ssh-keygen -t ed25519 -C "[email protected]" -f ~/.ssh/hh-rd -N ""

# 建立 .ssh/authorized_keys，並設定權限
Set-Location ~/.ssh; New-Item authorized_keys -ItemType File
$path = "$env:USERPROFILE\.ssh\authorized_keys"
icacls $path /inheritance:r
icacls $path /remove "BUILTIN\Administrators"
icacls $path /grant:r "${env:USERNAME}:(F)"
icacls $path /grant:r "SYSTEM:(F)"

# 修改父級目錄 (.ssh) 權限
$dir = "$env:USERPROFILE\.ssh"
icacls $dir /inheritance:r
icacls $dir /grant:r "${env:USERNAME}:(F)"
icacls $dir /grant:r "SYSTEM:(F)"

# 寫入公鑰（確保是純文字格式，無 BOM，換行字元符合規範）
# $pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKcLqJou/VMYiwiM4hrRGD3CvYl16M2PfBcpa3bjfsKa [email protected]"
# [System.IO.File]::WriteAllLines("$env:USERPROFILE\.ssh\authorized_keys", $pubkey)
$pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAmyXg5l/fDgXHrSPTlF4PzvZABPYSnUp6IchVwfKH8H [email protected]"
[System.IO.File]::AppendAllLines("$env:USERPROFILE\.ssh\authorized_keys", [string[]]$pubkey)

# 開放 known_hosts 的權限給自己（Windows OpenSSH 需要對 known_hosts 也有適當權限）
$kh_path = "$env:USERPROFILE\.ssh\known_hosts"
if (!(Test-Path $kh_path)) { New-Item -ItemType File -Path $kh_path -Force } # 如果檔案不存在，先建立一個空的
icacls $kh_path /grant:r "${env:USERNAME}:(F)"
$ssh_dir = "$env:USERPROFILE\.ssh"
icacls $ssh_dir /grant:r "${env:USERNAME}:(OI)(CI)(F)"