My original post mentioned that the referenced article https://4sysops.com/archives/powershell-remoting-between-windows-and-linux needs an update because it was tested with PS 6 Alpha and things have now changed.
- In the Linux to Windows remote session, the command used is
$cred = Get-Credential
Enter-PSSession -ComputerName 'winserver1' -Credential $cred -Authentication Basic
However, when I tried that I got the following error
PS /home/vortiz> enter-pssession -ComputerName w81o2010.bjtest.com -credential (Get-Credential) -authentication basic
PowerShell credential request
Enter your credentials.
Password for user bjtest/administrator: ***********
enter-pssession : Basic authentication is not supported over HTTP on Unix.
At line:1 char:1
+ enter-pssession -ComputerName w81o2010.bjtest.com -credential (Get-Cr ...
+ CategoryInfo : InvalidArgument: (w81o2010.bjtest.com:String) [Enter-PSSession], PSRemotingTransportException
+ FullyQualifiedErrorId : CreateRemoteRunspaceFailed
That restriction came after this article was written, so there is nothing I can do to make it work that way. I had to implement Kerberos client in Linux, following the instructions found at https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/introduction so I ended up joining my Windows Domain, and was able to authenticate using Kerberos and not Basic. Something to notice is that when the KDC is already configured to point to the Domain Controller, the userid passed at the Credentials must have the domain specified in uppercase (i.e. userid@DOMAIN.LOCAL) otherwise it is not going to work. That made the trick and I was able to finally have a remote session from Linux to Windows.
- For the Windows to Linux remote session, more instructions need also updating.
It is much easier now to install omi-psrp-server using yum. It will provide WinRM with SSL support
yum install -y omi-psrp-server
However, even after this I couldn't make it work, until I realized the installation instructions did not ask to open port 5986, which is the default for WinRM SSL.
[root@linux7 ~]# netstat -plnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1723/master
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 84149/sshd
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 1277/smbd
tcp 0 0 0.0.0.0:5986 0.0.0.0:* LISTEN 1364/omiengine
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 1277/smbd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 711/rpcbind
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1728/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1209/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1207/cupsd
tcp6 0 0 ::1:25 :::* LISTEN 1723/master
tcp6 0 0 ::1:6010 :::* LISTEN 84149/sshd
tcp6 0 0 :::445 :::* LISTEN 1277/smbd
tcp6 0 0 :::139 :::* LISTEN 1277/smbd
tcp6 0 0 :::111 :::* LISTEN 711/rpcbind
tcp6 0 0 :::22 :::* LISTEN 1209/sshd
tcp6 0 0 ::1:631 :::* LISTEN 1207/cupsd
firewall-cmd --permanent --zone=public --add-port=5986/tcp --permanent
After this, I was able to connect from Windows to Linux using the commands stated in the referenced article. I was also able to change from Basic to Kerberos authentication when connecting to Domain computers, by specifying the domain user as userid@DOMAIN.NAME in the credentials (yes, in uppercase).
Installing, as suggested, one of the many SSH modules is also a possibility I will explore later on.