In this tutorial we set up cross-platform SSH-based remoting with PowerShell Core 6.0 and test it on Windows Server and Linux servers.

Traditionally, PowerShell (PS) remoting took place using a combination of two protocols:

  • PowerShell Remoting Protocol (MS-PSRP), for runspace creation and session management
  • Windows Remote Management (WinRM), Microsoft's implementation of the Web Services-Management (WS-Man) protocol, for the HTTP(S) endpoint listeners and the underlying transport

Using WS-Man with PSRP unlocks much flexibility in terms of how a Windows computer can host one or more PowerShell remoting sessions. Specifically, you can define custom session configurations to manage incoming session requests. This includes the implementation of constrained Just Enough Administration (JEA) endpoints.

Alas, we live in a cross-platform world nowadays. The PowerShell development team understands the need to bring the PowerShell engine to Linux and macOS devices. They also recognize the ubiquity of the Secure Shell (SSH) communications protocol.

Today we have .NET Core, PowerShell Core 6.0, and a Win32 OpenSSH port. Eventually administrators will be able to select either WS-Man or SSH as their PowerShell remoting transport protocol, depending on their connectivity needs. That said, SSH transport functionality is under active development and remains a bit limited as of this writing in early March 2018.

Specifically, we don't yet have full PS session support, which takes both custom session configurations and JEA off the table for now. According to the GitHub issues list, sudo doesn't yet work in a remoting session on a Linux machine.

Here we'll set up a simple cross-platform environment and test what's currently available in PowerShell Core 6.

The environment ^

In my lab, I have a Windows VM set up as follows:

  • Windows Server 2016 domain controller and DNS server
  • OpenSSH server and client installed and running along with TCP port 22 open on the firewall
  • PowerShell Core 6.0 installed
  • WinRM PowerShell remoting enabled with the relevant firewall ports open

I also have an Ubuntu Linux 14.04 server set up like this:

  • Located on the same IPv4 subnet as the Windows box
  • Registered in the Windows Server DNS domain zone
  • OpenSSH server and client installed
  • PowerShell Core 6.0 installed
  • Firewall disabled (didn't want to horse around with Linux firewall configuration for this lab)

All systems require both OpenSSH and PowerShell 6.0 installed. Don't worry, PowerShell 6.0 Core can coexist side by side with Windows PowerShell already installed on the Windows server.

Let's get this party started!

Set up Windows ^

Follow these instructions to install the OpenSSH test release. In a nutshell, what you're doing is:

  • Downloading the release files as a .zip archive
  • Unpacking the .zip into the path C:\Program Files\OpenSSH (pro tip: add this path to your system's PATH environment variable so you can start the SSH tools from any location at a command prompt)
  • Running the installation script
  • Modifying Windows Firewall to allow inbound SSH connections

Install PowerShell Core 6.0 on Windows by downloading the latest .msi release package from the PowerShell/PowerShell GitHub repository. You can grab the 64-bit (x64) or 32-bit (x86) package as necessary.

Next, simply do a "click-click-next" installation—it's that simple! And the fact the the .NET Core and PowerShell Core bits can sit side by side with Desktop PowerShell is fantastic news.

Set up Linux ^

Now let's turn our attention to configuring the Ubuntu 14.04 system. This is a Debian Linux distribution, so we can bring the system software up to date by running the following commands from a freshly opened Terminal:

sudo apt-get update
sudo apt-get upgrade

If you don't already have it installed, you'll need an OpenSSH server and client:

sudo apt-get install openssh-client -y
sudo apt-get install openssh-server -y

Follow the instructions at GitHub to configure the OpenSSH configuration file to enable password authentication and define an entry for the PowerShell subsystem.

Finally, we'll install PowerShell Core 6.0. We'll start by importing the Microsoft Ubuntu software repository's public key and registering with the repo:

curl https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add -
curl https://packages.microsoft.com/config/ubuntu/14.04/prod.list | 
sudo tee /etc/apt/sources.list.d/microsoft.list

We then should update our local package list:

sudo apt-get update

And install PowerShell Core 6.0:

sudo apt-get install powershell -y

This admittedly takes me some getting used to, but you start PowerShell with pwsh. That's true for Windows as well.

Test remoting ^

In the first example, we'll attempt a Windows-to-Linux remoting connection by creating a session and then entering it:

$session = New-PSSession -HostName ubuntu1 -Username timw ‑SSHTransport
Enter-PSSession -Session $session

Some notes:

  • Notice the -HostName This is part of a parameter set in which you must also specify the -SSHTransport switch parameter.
  • It will prompt you to accept the remote machine's SSH public key, which is normal for SSH communication.
  • Remember we set up our SSH servers to use password authentication. This is why you'll need both a valid username on the Linux box, but also the account password.

In the following screenshot I demonstrate a Mac-to-Mac PowerShell session.

Mac to Mac remoting

Mac to Mac remoting

Next, we'll use Invoke-Command to send a PowerShell command from Linux to Windows:

Invoke-Command -HostName dc1 -Username tim -SSHTransport -ScriptBlock {Get-Service}

More notes:

  • Use -ComputerName when you want to use WinRM/WS-Man and ‑Hostname when you want to use SSH transport.
  • If the SSH server is configured for key-based authentication, add the ‑KeyFilePath
  • In this case, tim is the name of an account valid on the remote machine, not the local one.

Wrap-up ^

Today we got a glimpse into the future. Eventually, we will be able to open a PowerShell console on any Windows, Linux, or macOS computer and perform remote management on nearly any type of hardware. This includes routers, switches, or any other device capable of hosting a Common Information Model (CIM) server with Open Management Infrastructure (OMI).

Subscribe to 4sysops newsletter!

Although PowerShell Core 6.0 is now generally available, the SSH remoting is still under development. For homework, I assign you the following task: Test WS-Man remoting using the -ComputerName and -Credential parameters of Enter-PSSession and Invoke-Command!

0 Comments

Leave a reply

Please enclose code in pre tags

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2022

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account