Unbuntu 18.4 I use for Nagios to monitor my VM’s
I am writing script to restart HTTP application pools on the VM
The WM is a Windows 2019 Server in this case I have others
So when Nagios chceks the application pool and finds it stopped I have a powershell command to restart the app pool.
start-webapppool -name “SecurityTokenServiceApplicationPool”
So I installed PowerShell 7.0 on my Unbuntu VM and when I run this powershell command
PS /home/thomas> invoke-command -Computername SERV027-N1 -scriptblock {get-service nscp}
Invoke-Command: MI_RESULT_ACCESS_DENIED
The Ubuntu VM is domain joined to my Active Directory as is SERV027-N1
WinRM is setup on all my servers. on the windows side.
From my Windows 10 Desktop I can run the same command with success.
PS C:\util> invoke-command -ComputerName SERV027-N1 -ScriptBlock {get-service nscp}
Status Name DisplayName PSComputerName
Running nscp NSClient++ (x64) SERV027-N1
Any ideas
I am new to powershell on Ubuntu
Thank you
Tom
Can you clarify if the working command on windows is PS7 or 5.1?
Doug,
All my Windows servers are running 5.1
Have Windows 2012 R2
Windows 2016
Windows 2019
I was researching this do I need openssh on the windows side ?
Thank you
Tom
I would just like you to test PS7 on windows as well. Maybe the issue is less of an “on Ubuntu” issue and more of a “PS7” one.
You are connecting to a Windows VM and the user accounts on both Ubuntu and Windows are not same. Specify the credentials while connecting via Invoke-Command.
$cred = get-credential mydomain\administrator
PS /home/thomas> $cred
UserName Password
mydomain\administrator System.Security.SecureString
Using -Hostname
PS /home/thomas> invoke-command -hostname “SERV027-N1” -credential $cred -scriptblock {get-service nscp}
Invoke-Command: Parameter set cannot be resolved using the specified named parameters. One or more parameters issued cannot be used together or an insufficient number of parameters were provided.
Using -Computername
PS /home/thomas> invoke-command -computername “SERV027-N1” -credential $cred -scriptblock {get-service nscp}
Invoke-Command: MI_RESULT_ACCESS_DENIED
cred not working either
Still curious if PS7 on windows works like 5.1 or not.
Doug
I install PowerShell 7.0 on my Windows server but 5.1 is still installed. So how do I know it is connecting via PowerShell 7.0?
Tried with creds using -computername
PS /home/thomas> invoke-command -computername “SERV027-N1” -credential $cred -scriptblock {get-service nscp}
Invoke-Command: MI_RESULT_ACCESS_DENIED
tried with creds using -computername
PS /home/thomas> invoke-command -computername “SERV027-N1” -scriptblock {get-service nscp}
Invoke-Command: MI_RESULT_ACCESS_DENIED
Without creds using -hostname
PS /home/thomas> invoke-command -hostname “SERV027-N1” -scriptblock {get-service nscp}
OpenError: [serv027-n1] The background process reported an error with the following message: The SSH client session has ended with error message: ssh: connect to host serv027-n1 port 22: Connection timed out.
Then I added a inbound port on the Windows firewall for port 22
PS /home/thomas> invoke-command -hostname “SERV027-N1” -scriptblock {get-service nscp}
OpenError: [srv027-n1] The background process reported an error with the following message: The SSH client session has ended with error message: ssh: connect to host serv027-n1 port 22: Connection timed out.
Using Creds with -hostname
PS /home/thomas> invoke-command -hostname “SERV027-N1” -credential $cred -scriptblock {get-service nscp}
Invoke-Command: Parameter set cannot be resolved using the specified named parameters. One or more parameters issued cannot be used together or an insufficient number of parameters were provided.
PS /home/thomas>
Any ideas?
You run pwsh.exe instead of powershell.exe. If you run $PSVersiontable inside you will see which version. Once installed you should also be able to find shortcut for either version in your start menu.
Can you give more details about the ubuntu machine. You said it’s a VM, is it running in hyperv, esxi, virtualbox?
Doug,
My Ubuntu machine is a VM on VMware 6.7 ESXI 6.7 Host
My windows Serve IS ALSO A vm on VMware 6.7 ESXI 6.7 host.
From my Windows 2019 server
PowerShell 7.0.0
Copyright (c) Microsoft Corporation. All rights reserved.
Type ‘help’ to get help.
PS C:\Windows\System32> $PSVersionTable
Name Value
PSVersion 7.0.0
PSEdition Core
GitCommitId 7.0.0
OS Microsoft Windows 10.0.17763
Platform Win32NT
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0
From my Ubuntu
~# pwsh
PowerShell 7.0.0
Copyright (c) Microsoft Corporation. All rights reserved.
Type ‘help’ to get help.
PS /root> $PSVersionTable
Name Value
PSVersion 7.0.0
PSEdition Core
GitCommitId 7.0.0
OS Linux 4.4.0-177-generic #207-Ubuntu SMP Mon Mar…
Platform Unix
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0
I tried enter-possession and I get same error
I tried to enter possession from my ubuntu to my ubuntu that gets a little further
PS /root> enter-pssession -Hostname TGCS018 -UserName thomas
thomas@serv018’s password:
Enter-PSSession: The background process reported an error with the following message: The SSH client session has ended with error message: subsystem request failed on channel 0.
PS /root>
I whole heartedly believe the answer to your woes is in one of those links.
Doug
I am now able to SSH from my Ubuntu server to my Windows Server I had to install OpenSSH on the Windows Server Port 22 is now listening on the Windows server.
But I still can not run the invoke-command with or without creds they are still failing.
Any ideas? I would rather not need to use creds at all since this will be a script and will run standalone
Thanks
Tom
Doug,
Update 2 I am now able to run invoke-command from Ubuntu to Windows Server.
It was the sshd_config file on the windows server that needed updating
My only problem is it still prompts me for the password.
Trying to be able to run this without creds
Any ideas?
When running the cmdlets interactively, you're prompted for a password. You can also, use SSH key authentication using a private key file with the KeyFilePath
parameter.
And, you must enable password or key-based authentication.
Need to figure out what’s wrong with your keys?
https://docs.microsoft.com/en-us/powershell/scripting/learn/remoting/ssh-remoting-in-powershell-core?view=powershell-7
Doug,
Yes
My issue is that I am unable to copy my SSH Key from Ubuntu to my Windows Server for some reason
Something on my Ubuntu server trying to troubleshoot that now.
Very strange all I find is Openssh windows to windows examples the ubuntu to windows examples does not go into details
Doug update
I used scp to copy the file from ubuntu to windows but it still prompts me
Still researching this.
The password works consistently otherwise?
Doug
Yes when I enter the password it presents the results.
PS /home/thomas> invoke-command -hostname SERV027-N1 {get-service ssh-agent}
thomas@serv027-n1’s password:
Status Name DisplayName PSComputerName
Running ssh-agent OpenSSH Authentication Agent serv027-n1
Thanks for responding to my other posting too
Doug,
Now that I have OpenSSHUTilS module installed I was able to run this
PS C:\Users\thomas.ssh> Repair-AuthorizedKeyPermission authorized_keys
[*] authorized_keys
‘NT AUTHORITY\SYSTEM’ needs FullControl access to ‘authorized_keys’.
Shall I make the above change?
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is “Y”): y
‘NT AUTHORITY\SYSTEM’ now has FullControl to ‘authorized_keys’.
Repaired permissions
PS C:\Users\thomas.ssh> get-acl authorized_keys
Directory: C:\Users\thomas\.ssh
Path Owner Access
authorized_keys BUILTIN\Administrators NT AUTHORITY\SYSTEM Allow FullControl…
PS C:\Users\thomas.ssh> get-acl authorized_keys | fl
Path : Microsoft.PowerShell.Core\FileSystem::C:\Users\thomas.ssh\authorized_keys
Owner : BUILTIN\Administrators
Group : OUR\Domain Users
Access : NT AUTHORITY\SYSTEM Allow FullControl
OUR\thomas Allow FullControl
Audit :
Sddl : O:BAG:DUD:PAI(A;;FA;;;SY)(A;;FA;;;S-1-5-21-3054588571-1341459584-784128302-4702)
The Repair-AuthorizedKeyPermission command set the proper permissions
I then restarted sshd
And now from my Ubuntu server I can run invoke-command with out creds
I am documenting the process so I can work on my other servers.
Thank you for your help
This is resolved.