我有一个 UBUNTU 16.04 盒子(我们称之为 EARTH)和 Windows 2012 R2 盒子(我们称之为 MARS)。使用 Windows 框 (MARS) 中的以下命令,我正在生成一个自签名证书,我计划将其用于 PS Remoting。
CMD1: $Cert = New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My -DnsName "myHost"
CMD2: 导出证书-Cert $Cert -FilePath C:\temp\cert
在 MARS(Windows 框)上,有一个 WSMAN 监听器使用刚刚创建的自签名认证的指纹创建。
CMD3: 新项目 -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * -CertificateThumbPrint $Cert.Thumbprint –Force
我正在尝试启动从 EARTH(UBUNTU 框)到 MARS 的 PowerShell 远程处理 session
有谁知道如何将证书导入 EARTH(UBUNTU 服务器)以便 powershell 可以将它用于远程 session ?
PS Session 的来源:EARTH,UBUNTU 服务器
PS session 的目标:MARS,生成证书的 windows 2012 R2 框。
EARTH(UBUNTU 服务器)正在运行 PowerShell 版本 6.1 preview.2
提前感谢您的帮助!
最佳答案
导出/导入证书 cmdlet 是此用例的目标。 至于 Ubuntu,只需在 Ubuntu 上使用 cmdline,请参阅 Ubuntu 论坛讨论:
In ubuntu:
- 转到/usr/local/share/ca-certificates/
- 创建一个新文件夹,即“sudo mkdir school”
- 将 .crt 文件复制到学校文件夹中
- 确保权限正确(文件夹 755,文件夹 644 文件)
- 运行“sudo update-ca-certificates”
https://askubuntu.com/questions/645818/how-to-install-certificates-for-command-line
或直接来自 Ubuntu 的帮助信息。
Installing the Certificate
You can install the key file server.key and certificate file server.crt, or the certificate file issued by your CA, by running following commands at a terminal prompt:
sudo cp server.crt /etc/ssl/certs
sudo cp server.key /etc/ssl/private
Now simply configure any applications, with the ability to use public-key cryptography, to use the certificate and key files. For example, Apache can provide HTTPS, Dovecot can provide IMAPS and POP3S, etc.
https://help.ubuntu.com/lts/serverguide/certificates-and-security.html
MS 提供了有关如何设置和使用它的分步指导。具体来说,下面直接针对 Ubuntu。这允许在没有您正在使用的额外证书步骤的情况下进行远程处理。
PowerShell Remoting Over SSH
Setup on Windows Machine
- Install the latest PowerShell for Windows build from GitHub ◦You can tell if it has the SSH remoting support by looking at the parameter sets for New-PSSession
Get-Command New-PSSession -syntax
New-PSSession [-Name <string[]>] [-HostName <string>] [-UserName <string>] [-KeyPath <string>] [<CommonParameters>]
- Install the latest Win32 Open SSH build from GitHub using the installation instructions
- Edit the sshd_config file at the location where you installed Win32 Open SSH ◦Make sure password authentication is enabled ◾PasswordAuthentication yes
◦Add a PowerShell subsystem entry
◾Subsystem powershell
PowerShell_Install_Path\powershell.exe -sshs -NoLogo -NoProfile
◦Optionally enable key authentication
◾RSAAuthentication yes ◾PubkeyAuthentication yes4.Restart the sshd service ◦Restart-Service sshd
Setup on Linux (Ubuntu 14.04) Machine:
1.Install the latest PowerShell for Linux build from GitHub ◦You can tell if it has the SSH remoting support by looking at the parameter sets for New-PSSession
Get-Command New-PSSession -语法 New-PSSession [-Name ] [-HostName ] [-UserName ] [-KeyPath ] []
2.Install Ubuntu SSH as needed ◦sudo apt install openssh-client
sudo apt install openssh-server
3.Edit the sshd_config file at location /etc/ssh ◦Make sure password authentication is enabled ◾PasswordAuthentication yes
◦Add a PowerShell subsystem entry
◾Subsystem powershell powershell -sshs -NoLogo -NoProfile◦Optionally enable key authentication
◾RSAAuthentication yes ◾PubkeyAuthentication yes4.Restart the sshd service ◦sudo service ssh restart
PowerShell Remoting Example:
The easiest way to test remoting is to just try it on a single machine. Here I will create a remote session back to the same machine on a Linux box. Notice that I am using PowerShell cmdlets from a command prompt so we see prompts from ssh asking to verify the host computer as well as password prompts. You can do the same thing on a Windows machine to ensure remoting is working there and then remote between machines by simply changing the host name.
Linux to Linux
PS /home/TestUser> $session = New-PSSession -HostName UbuntuVM1 -UserName TestUser
The authenticity of host 'UbuntuVM1 (9.129.17.107)' cannot be established.
ECDSA key fingerprint is SHA256:2kCbnhT2dUE6WCGgVJ8Hyfu1z2wE4lifaJXLO7QJy0Y.
Are you sure you want to continue connecting (yes/no)?
TestUser@UbuntuVM1s password:
PS /home/TestUser> $session
Id Name ComputerName ComputerType State ConfigurationName Availability
-- ---- ------------ ------------ ----- ----------------- ------------
1 SSH1 UbuntuVM1 RemoteMachine Opened DefaultShell Available
关于PowerShell 6.* 使用 SSL 证书和 UBUNTU 进行远程处理,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/51713015/