PowerShell 6.* 使用 SSL 证书和 UBUNTU 进行远程处理

Question

我有一个 UBUNTU 16.04 盒子(我们称之为 EARTH)和 Windows 2012 R2 盒子(我们称之为 MARS)。使用 Windows 框 (MARS) 中的以下命令，我正在生成一个自签名证书，我计划将其用于 PS Remoting。

CMD1: $Cert = New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My -DnsName "myHost"

CMD2: 导出证书-Cert $Cert -FilePath C:\temp\cert

在 MARS(Windows 框)上，有一个 WSMAN 监听器使用刚刚创建的自签名认证的指纹创建。

CMD3: 新项目 -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * -CertificateThumbPrint $Cert.Thumbprint –Force

我正在尝试启动从 EARTH(UBUNTU 框)到 MARS 的 PowerShell 远程处理 session

有谁知道如何将证书导入 EARTH(UBUNTU 服务器)以便 powershell 可以将它用于远程 session ？

PS Session 的来源:EARTH，UBUNTU 服务器

PS session 的目标:MARS，生成证书的 windows 2012 R2 框。

EARTH(UBUNTU 服务器)正在运行 PowerShell 版本 6.1 preview.2

提前感谢您的帮助!

Answer 1

导出/导入证书 cmdlet 是此用例的目标。 至于 Ubuntu，只需在 Ubuntu 上使用 cmdline，请参阅 Ubuntu 论坛讨论:

In ubuntu:

1. • 转到/usr/local/share/ca-certificates/
2. • 创建一个新文件夹，即“sudo mkdir school”
3. • 将 .crt 文件复制到学校文件夹中
4. • 确保权限正确(文件夹 755，文件夹 644 文件)
5. • 运行“sudo update-ca-certificates”

https://askubuntu.com/questions/645818/how-to-install-certificates-for-command-line

或直接来自 Ubuntu 的帮助信息。

Installing the Certificate

You can install the key file server.key and certificate file server.crt, or the certificate file issued by your CA, by running following commands at a terminal prompt:

sudo cp server.crt /etc/ssl/certs
sudo cp server.key /etc/ssl/private

Now simply configure any applications, with the ability to use public-key cryptography, to use the certificate and key files. For example, Apache can provide HTTPS, Dovecot can provide IMAPS and POP3S, etc.

https://help.ubuntu.com/lts/serverguide/certificates-and-security.html

MS 提供了有关如何设置和使用它的分步指导。具体来说，下面直接针对 Ubuntu。这允许在没有您正在使用的额外证书步骤的情况下进行远程处理。

PowerShell Remoting Over SSH

Setup on Windows Machine

1. Install the latest PowerShell for Windows build from GitHub ◦You can tell if it has the SSH remoting support by looking at the parameter sets for New-PSSession

Get-Command New-PSSession -syntax
New-PSSession [-Name <string[]>] [-HostName <string>] [-UserName <string>] [-KeyPath <string>] [<CommonParameters>]

2. Install the latest Win32 Open SSH build from GitHub using the installation instructions
3. Edit the sshd_config file at the location where you installed Win32 Open SSH ◦Make sure password authentication is enabled ◾PasswordAuthentication yes

◦Add a PowerShell subsystem entry
◾Subsystem powershell

PowerShell_Install_Path\powershell.exe -sshs -NoLogo -NoProfile

◦Optionally enable key authentication
◾RSAAuthentication yes ◾PubkeyAuthentication yes

4.Restart the sshd service ◦Restart-Service sshd

Setup on Linux (Ubuntu 14.04) Machine:

1.Install the latest PowerShell for Linux build from GitHub ◦You can tell if it has the SSH remoting support by looking at the parameter sets for New-PSSession

Get-Command New-PSSession -语法 New-PSSession [-Name ] [-HostName ] [-UserName ] [-KeyPath ] []

2.Install Ubuntu SSH as needed ◦sudo apt install openssh-client

sudo apt install openssh-server

3.Edit the sshd_config file at location /etc/ssh ◦Make sure password authentication is enabled ◾PasswordAuthentication yes

◦Add a PowerShell subsystem entry
◾Subsystem powershell powershell -sshs -NoLogo -NoProfile

◦Optionally enable key authentication
◾RSAAuthentication yes ◾PubkeyAuthentication yes

4.Restart the sshd service ◦sudo service ssh restart

PowerShell Remoting Example:

The easiest way to test remoting is to just try it on a single machine. Here I will create a remote session back to the same machine on a Linux box. Notice that I am using PowerShell cmdlets from a command prompt so we see prompts from ssh asking to verify the host computer as well as password prompts. You can do the same thing on a Windows machine to ensure remoting is working there and then remote between machines by simply changing the host name.

Linux to Linux

PS /home/TestUser> $session = New-PSSession -HostName UbuntuVM1 -UserName TestUser

The authenticity of host 'UbuntuVM1 (9.129.17.107)' cannot be established.

ECDSA key fingerprint is SHA256:2kCbnhT2dUE6WCGgVJ8Hyfu1z2wE4lifaJXLO7QJy0Y.

Are you sure you want to continue connecting (yes/no)?

TestUser@UbuntuVM1s password:

PS /home/TestUser> $session

 Id Name            ComputerName    ComputerType    State         ConfigurationName     Availability
 -- ----            ------------    ------------    -----         -----------------     ------------
  1 SSH1            UbuntuVM1       RemoteMachine   Opened        DefaultShell             Available

https://github.com/PowerShell/PowerShell/blob/866b558771a20cca3daa47f300e830b31a24ee95/docs/new-features/remoting-over-ssh/README.md