Menu

Virtual Geek

Tales from real IT system administrators world and non-production environment

Configure PowerShell remoting between Windows and Linux

After opensource PowerShell core 6 for linux was available to download, I wrote an article on it - How to Install and Use Microsoft PowerShell on Linux. This is just an addition to same guide. Few of my linux servers were installed with PowerShell core and they were installed with few PS modules for management purpose. I was looking for remote solution to access those modules using windows powershell by remotely connecting them, This is a step by step guide to configure powershell remoting on Linux, My linux distribution is CentOS version 7, All the required RPMs are downloaded from below 3 links, I have selected stable versions and it should be installed in below given orders. My linux is a plain vanilla deployment.

1) https://github.com/powershell/powershell
        From this link I have downloaded powershell-x.x.x-rhel.x.x86_64.rpm. The main Powershell core rpm package bundle for linux.

2) https://github.com/Microsoft/omi/releases/tag/v1.6.0
        This is an Open Management Infrastructure (OMI) is an open source project to further the development of a production quality implementation of the DMTF CIM/WBEM standards. The OMI CIMOM is also designed to be portable and highly modular. Hompage is https://github.com/Microsoft/omi. Filename format is omi-x.x.x-x.ssl_xxx.ulinux.x64.rpm. While selecting this package run openssl version and choose the matching version of OMI package.

3) https://github.com/PowerShell/psl-omi-provider
        This is last rpm package must be installed psrp-x.x.x-xx.universal.x64.rpm. PowerShell Remoting Protocol: PSRP communication is tunneled through the Open Management Infrastructure (OMI) using this OMI provider.

Part 1: Configure PowerShell remoting between Windows and Linux
Part 2: Getting started with Powershell Desired State Configuration (DSC) on Linux

Get powershell on linux  between windows, download rpm deb msi omi ulinux psrp-server, psl omi provider, Open Management Infrastructure, desired state configuration powershelldsc dsc, devops windows.png

All the 3 RPM packages are uploaded on Linux using WinSCP to /root home folder.

winscp rpm secure file transfer protocol, omi, psrp universal powershell Remoting Protocol, wsman winrm, Enable-psremoting on linux, desired state configuration, dsc powershelldsc, devops powershell.png

Use ssh putty to connect linux system, use below command to change directory location.

cd /root

running ls shows the all uploaded rpm files, their color must be red means they it will not get installed as there is no execute permission.

Change permission of rpm files allow execute.

chmod 777 *.rpm

running ls again show files are good to execute and color change to green.

I need internet to update yum repository, which help me to auto resolve and install required dependencies from internet while installation for RPMs (if any), for this purpose I am configuring proxy on linux, this is temporary proxy setting.

export http_proxy="http://server:port"
export https_proxy="http://server:port"
export ftp_proxy="http://server:port"

Run command yum update to start update, I just want metadata to be updated and don't need complete packages to install.

PowerShell on Linux root chmod 777 rpm install export proxy setting, yum update, powershell remoting, Enable-psremoting, upload scp powershell, desired state configuration, poewershelldsc dsc, winrm, wsman.png

I will go ahead with installation of RPM files one by one. I am installing first major software package  PowerShell core.

yum install powershell-6.2.0-1.rhel.7.x86_64.rpm

Type y to proceed with installation. It will show complete! message in the last.

centos linux yum install Powershell rpm package on linux powershell remoting, Enable-PSRemoting, desired State configuration, dsc powershelldsc. microsoft windows devops, ansible.png

Next package is omi. Note down the certificate location while installation which will require later. Start installation by using below cmd.

yum install omi-1.6.0-0.ssl_100.ulinux.x64.rpm

microsoft windows powershell yum install omi, omiserver, omiengine, dependancies, desired state configuration, powershell dsc on linux installation powershell omi rpm on centos rhel red hat linux.png

This is last package and should be always installed last after OMI package. 

yum install psrp-1.4.1-28.universal.x64.rpm

As by default PSRemoting is enabled on linux server after powershell core installation, it uses https port 5986, there is no http connection available. I can verify the same. using below command from windows system by using telnet.

Test-NetConnection -Computername 192.168.34.13 -Port 5986

On the first run you will see WARNING: TCP connection to server:port failed, and TcpTestSucceeded with False status. This is Because firewall on linux is blocking connection. Disable and Stop firewall on linux with below commands.

systemctl disable firewalld
systemctl stop firewalld

Check telnet second time, this should show port 5986 is opened now.

powershell on linux test-netconnection telnet port sytemctl disable firewalld stop firewall iptables linux, powershell remoting psremoting port https 5986 http 5985, desired state configuration.png

Use below 3 lines of code to connect Linux server from Windows system over pssession.

#Linux username and password (root)
$credential = Get-Credential root

#Powershell session options skip several checks ie: certificate authority, revocation and common name of certificate
$options =  New-PSSessionOption -SkipCACheck -SkipRevocationCheck -SkipCNCheck

#Connect to Linux server using SSL with basic authentication.
Enter-PSSession -ComputerName 192.168.34.13 -Credential $credential -Authentication basic -UseSSL -SessionOption $options

It will end up with below error. To resolve it you will need to use your own SSL certificate, I suspect the certificate file generated while OMI installation is older version and doesn't works well. To resolve it follow further steps.

Enter-PSSession : Connecting to remote server 192.168.34.13 failed with the following error message : The server certificate on the destination computer (192.168.34.13:5986) has the following errors:
The SSL certificate is expired. For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ Enter-PSSession -ComputerName 192.168.34.13 -Credential $credential - ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (192.168.34.13:String) [Enter-PSSession], PSRemotingTransportException
    + FullyQualifiedErrorId : CreateRemoteRunspaceFailed

Powershell linux remoting winrm get-credential, new-pssessionoption -skipcacheck -skiprevocationcheck -skipcncheck enter-pssession authentication -usessl ssl certificate is expired sessionoptions dsc.png

I am using self signed certificate generated on windows using OPENSSL, here is my configuration template download ssl.cnf file here. For more on openssl configuration on your windows system check and follow my one of the article Generate new self-signed certificates for ESXi using OpenSSL. Run below commands to process with selfsigned cert.

openssl genrsa -out omikey.pem 2048
openssl req -new -key omikey.pem -out Request.csr -config ssl.cnf
openssl x509 -req -days 365 -signkey omikey.pem -in Request.csr -out omi.pem -extensions v3_req -extfile ssl.cnf

dsc powershell on linux, enable-psremoting, openssl genrsa omikey.pem omi.pem ssl.cnf desired state configuration, powershelldsc, currupted certificate, enable-psremoting, replace ssl pem certificate.png

I have generated my new pem self signed certificate files. On the linux omi pem are location under /etc/opt/omi/ssl. I will take backup of existing certificate files first.

mv /etc/opt/omi/ssl/omikey.pem /etc/opt/omi/ssl/omikey.pem.bak
mv /etc/opt/omi/ssl/omi.pem /etc/opt/omi/ssl/omi.pem.bak
mv /etc/opt/omi/ssl/ssl.cnf.pem /etc/opt/omi/ssl/ssl.cnf.bak

Microsoft powershell etc opt omi ssl linux omikey.pem omi.pem ssl.cnf backup bak, openssl generated certificates replace rename backup certificate centos psremoting certificate expired.png

Use WinSCP to upload newly windows openssl generated omi.pem, omikey.pem, ssl.cnf on linux server to folder location /etc/opt/omi/ssl.

winscp ssl ssl.cnf omi.pem omikey.pem Powershell upload file upload scp linux powershell copy ssl certificate for powershell remoting enable-psremoting, desired state configuration powershelldsc resource.png

Verify on putty, that files are successfully copied, using ls /etc/opt/omi/ssl, next step restart omiserver and omiengine daemons (services), just for your information purpose locate processes using ps -A | grep omi.  To take effect of new SSL certificate, restart services use sudo /opt/omi/bin/service_control restart

Powershell on linux desired state configuration etc opt omi ssl omikey.pem ssl certificate replacement omiserver omiengine service restart daemon service_control desired state configuration dsc psremoting.png

Running below command again this time will be successful without any error.
Enter-PSSession -ComputerName 192.168.34.13 -Credential $credential -Authentication basic -UseSSL -SessionOption $options

powershell core linux psremoting get-credential new-psessionoption -skipcacheck -skiprevocationcheck -skipcncheck enter-pssession credential -authentication basic -usessl -sessionoptions dsc.png

Useful articles
POWERSHELL PS REMOTING BETWEEN STANDALONE WORKGROUP COMPUTERS  
POWERSHELL DSC XACTIVEDIRECTORY ERROR - A NETBIOS DOMAIN NAME MUST BE SPECIFIED 
DSC (DESIRED STATE CONFIGURATION) : DEPLOYING ACTIVE DIRECTORY 
THE POWERSHELL XACTIVEDIRECTORY PROVIDER DOES NOT EXIST AT THE POWERSHELL MODULE PATH NOR IS IT REGISTERED AS A WMI PROVIDER
PowerShell remoting over HTTPS using self-signed SSL certificate
Configure Powershell WinRM to use OpenSSL generated Self-Signed certificate
Powershell WinRM HTTPs CA signed certificate configuration
Powershell Generate Self-signed certificate with Self-Signed Root CA Signer

Go Back

Comment

Blog Search

Page Views

12085228

Follow me on Blogarama