gpt4 book ai didi

PowerShell 6.* 使用 SSL 证书和 UBUNTU 进行远程处理

转载 作者:太空宇宙 更新时间:2023-11-03 14:32:13 25 4
gpt4 key购买 nike

我有一个 UBUNTU 16.04 盒子(我们称之为 EARTH)和 Windows 2012 R2 盒子(我们称之为 MARS)。使用 Windows 框 (MARS) 中的以下命令,我正在生成一个自签名证书,我计划将其用于 PS Remoting。

CMD1:$Cert = New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My -DnsName "myHost"

CMD2:导出证书-Cert $Cert -FilePath C:\temp\cert

MARS(Windows 框)上,有一个 WSMAN 监听器使用刚刚创建的自签名认证的指纹创建。

CMD3:新项目 -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * -CertificateThumbPrint $Cert.Thumbprint –Force

我正在尝试启动从 EARTH(UBUNTU 框)到 MARS 的 PowerShell 远程处理 session

有谁知道如何将证书导入 EARTH(UBUNTU 服务器)以便 powershell 可以将它用于远程 session ?

PS Session 的来源:EARTH,UBUNTU 服务器

PS session 的目标:MARS,生成证书的 windows 2012 R2 框。

EARTH(UBUNTU 服务器)正在运行 PowerShell 版本 6.1 preview.2

提前感谢您的帮助!

最佳答案

导出/导入证书 cmdlet 是此用例的目标。至于 Ubuntu,只需在 Ubuntu 上使用 cmdline,请参阅 Ubuntu 论坛讨论:

In ubuntu:

    • 转到/usr/local/share/ca-certificates/
    • 创建一个新文件夹,即“sudo mkdir school”
    • 将 .crt 文件复制到学校文件夹中
    • 确保权限正确(文件夹 755,文件夹 644文件)
    • 运行“sudo update-ca-certificates”

https://askubuntu.com/questions/645818/how-to-install-certificates-for-command-line

或直接来自 Ubuntu 的帮助信息。

Installing the Certificate

You can install the key file server.key and certificate file server.crt, or the certificate file issued by your CA, by running following commands at a terminal prompt:

sudo cp server.crt /etc/ssl/certs
sudo cp server.key /etc/ssl/private

Now simply configure any applications, with the ability to use public-key cryptography, to use the certificate and key files. For example, Apache can provide HTTPS, Dovecot can provide IMAPS and POP3S, etc.

https://help.ubuntu.com/lts/serverguide/certificates-and-security.html

MS 提供了有关如何设置和使用它的分步指导。具体来说,下面直接针对 Ubuntu。这允许在没有您正在使用的额外证书步骤的情况下进行远程处理。

PowerShell Remoting Over SSH

Setup on Windows Machine

  1. Install the latest PowerShell for Windows build from GitHub ◦You can tell if it has the SSH remoting support by looking at the parameter sets for New-PSSession
Get-Command New-PSSession -syntax
New-PSSession [-Name <string[]>] [-HostName <string>] [-UserName <string>] [-KeyPath <string>] [<CommonParameters>]
  1. Install the latest Win32 Open SSH build from GitHub using the installation instructions
  2. Edit the sshd_config file at the location where you installed Win32 Open SSH ◦Make sure password authentication is enabled ◾PasswordAuthentication yes

◦Add a PowerShell subsystem entry
◾Subsystem powershell

PowerShell_Install_Path\powershell.exe -sshs -NoLogo -NoProfile

◦Optionally enable key authentication
◾RSAAuthentication yes ◾PubkeyAuthentication yes

4.Restart the sshd service ◦Restart-Service sshd

Setup on Linux (Ubuntu 14.04) Machine:

1.Install the latest PowerShell for Linux build from GitHub ◦You can tell if it has the SSH remoting support by looking at the parameter sets for New-PSSession

Get-Command New-PSSession -语法 New-PSSession [-Name ] [-HostName ] [-UserName ] [-KeyPath ] []

2.Install Ubuntu SSH as needed ◦sudo apt install openssh-client

sudo apt install openssh-server

3.Edit the sshd_config file at location /etc/ssh ◦Make sure password authentication is enabled ◾PasswordAuthentication yes

◦Add a PowerShell subsystem entry
◾Subsystem powershell powershell -sshs -NoLogo -NoProfile

◦Optionally enable key authentication
◾RSAAuthentication yes ◾PubkeyAuthentication yes

4.Restart the sshd service ◦sudo service ssh restart

PowerShell Remoting Example:

The easiest way to test remoting is to just try it on a single machine. Here I will create a remote session back to the same machine on a Linux box. Notice that I am using PowerShell cmdlets from a command prompt so we see prompts from ssh asking to verify the host computer as well as password prompts. You can do the same thing on a Windows machine to ensure remoting is working there and then remote between machines by simply changing the host name.

Linux to Linux

PS /home/TestUser> $session = New-PSSession -HostName UbuntuVM1 -UserName TestUser

The authenticity of host 'UbuntuVM1 (9.129.17.107)' cannot be established.

ECDSA key fingerprint is SHA256:2kCbnhT2dUE6WCGgVJ8Hyfu1z2wE4lifaJXLO7QJy0Y.

Are you sure you want to continue connecting (yes/no)?

TestUser@UbuntuVM1s password:

PS /home/TestUser> $session

Id Name ComputerName ComputerType State ConfigurationName Availability
-- ---- ------------ ------------ ----- ----------------- ------------
1 SSH1 UbuntuVM1 RemoteMachine Opened DefaultShell Available

https://github.com/PowerShell/PowerShell/blob/866b558771a20cca3daa47f300e830b31a24ee95/docs/new-features/remoting-over-ssh/README.md

关于PowerShell 6.* 使用 SSL 证书和 UBUNTU 进行远程处理,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/51713015/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com