Remote PowerShell from Fedora to Windows
-
So your saying MS can't even get this right ?
-
On Ubuntu 19.10, after installing
powershell
orpowershell-preview
via snap, you still have to installedgss-ntlmssp
too. -
@DustinB3403 said in Remote PowerShell from Fedora to Windows:
So your saying MS can't even get this right ?
Using
-Authentication Negotiate
specifically, requires NTLM libraries that aren't in Linux by default.MS doesn't recommend using NTLM. You should be using SSH with Enter-PSSession. Ideally key based.
MS is doing it right in this case. The wrong doesn't appear to be on their end ^_^
-
Is this on a domain joined box? Can you just use Kerberos for your authentication?
-
@stacksofplates said in Remote PowerShell from Fedora to Windows:
Is this on a domain joined box?
Fedora is not joined but the Windows computer is joined to a domain.
-
@stacksofplates said in Remote PowerShell from Fedora to Windows:
Can you just use Kerberos for your authentication?
This didn't work for
Enter-PSSession -ComputerName hostname -Authentication Kerberos -Credential 'username'
Enter-PSSession : Connecting to remote server hostname failed with the following error message : Kerberos verify cred with password failed No credentials were supplied, or the credentials were unavailable or inaccessible For more information, see the about_Remote_Troubleshooting Help topic. At line:1 char:1 + Enter-PSSession -ComputerName hostname -Authentication Kerberos -Cr ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidArgument: (hostname:String) [Enter-PSSession], PSRemotingTransportException + FullyQualifiedErrorId : CreateRemoteRunspaceFailed
-
@black3dynamite said in Remote PowerShell from Fedora to Windows:
@stacksofplates said in Remote PowerShell from Fedora to Windows:
Can you just use Kerberos for your authentication?
This didn't work for
Enter-PSSession -ComputerName hostname -Authentication Kerberos -Credential 'username'
Enter-PSSession : Connecting to remote server hostname failed with the following error message : Kerberos verify cred with password failed No credentials were supplied, or the credentials were unavailable or inaccessible For more information, see the about_Remote_Troubleshooting Help topic. At line:1 char:1 + Enter-PSSession -ComputerName hostname -Authentication Kerberos -Cr ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidArgument: (hostname:String) [Enter-PSSession], PSRemotingTransportException + FullyQualifiedErrorId : CreateRemoteRunspaceFailed
You'd have to join the Fedora system to the domain. Luckily it's really easy with sssd and realmd.
Then you can use Kerberos for both SSH and hopefully this connection as well.
-
@stacksofplates said in Remote PowerShell from Fedora to Windows:
You'd have to join the Fedora system to the domain. Luckily it's really easy with sssd and realmd.
That's annoying when you manage lots of different domains.
-
@scottalanmiller said in Remote PowerShell from Fedora to Windows:
@stacksofplates said in Remote PowerShell from Fedora to Windows:
You'd have to join the Fedora system to the domain. Luckily it's really easy with sssd and realmd.
That's annoying when you manage lots of different domains.
Sssd works with multiple domains. But that wasn't mentioned here.
Kerberos is more secure than strictly key based authentication, and easier from the user perspective anyway.
-
@stacksofplates said in Remote PowerShell from Fedora to Windows:
Sssd works with multiple domains.
If sssd is installed will I be able to use
-Authentication Kerberos
without needing to join to a domain or when accessing Windows machines that isn’t joined to a domain? -
@black3dynamite said in Remote PowerShell from Fedora to Windows:
@stacksofplates said in Remote PowerShell from Fedora to Windows:
Sssd works with multiple domains.
If sssd is installed will I be able to use
-Authentication Kerberos
without needing to join to a domain or when accessing Windows machines that isn’t joined to a domain?No it only works for domains.