I want to run some commands from a Linux server to remotely execute PowerShell module like DNSserver on a Windows machine to retrieve DNS information. I am using OpenSSH to SSH from Linux to Windows.
I have PowerShell 6.2.3 on both Windows server and Linux server. I started from Linux:
>pwsh
PS /home/user1> Enter-PSSession -HostName WinServer-IP -UserName user2
If I don't setup the key authentication on the Windows site (add public key in the C:\ProgramData\ssh\administrators_authorized_keys file, and set the correct permissions on the file), PowerShell will ask me for user2 password. After I enter the password, I am on the Windows server, and I can run my PowerShell scripts and they all working fine.
But if I setup the key auth - add public key in the C:\ProgramData\ssh\administrators_authorized_keys file, and set the correct permissions on the file. PowerShell will not ask for user2 password and I get the same prompt as above,
I can do something like Get-Module etc. but when I run my script that does:
Get-DnsServerResourceRecord -ComputerName 'DNSServer-IP' -ZoneName 'example.net' -RRType A
I got the error:
Get-DnsServerResourceRecord : Failed to get the zone information for
example.net. on server DNSServer-IP.
At C:\Users\user2\scripts\retrieve_ips.ps1:1 char:1
+ Get-DnsServerResourceRecord -ComputerName 'DNSServer-IP' -ZoneName 'ex ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (example.net.:root/Microsoft/Wind\u2026erverResourceRecord) [Get-DnsServerResourceRecord], CimException
+ FullyQualifiedErrorId : WIN32 5,Get-DnsServerResourceRecord
It seems like the SSH public key authentication does not really get me in as "users", but I can not find out what it is.
user2 is a local user on the Windows server, but I have to add it to the Active Directory as AD needs to know this user before it will allow user2 to run DNSserver module...
What did I do wrong, or missed?
Without the SSH public key authentication, the same script works and I could get the A records our of the DNS server.
Related
I am facing some login problem for accessing instance. While login to the server console (its a live server) it shows as Permission denied (publickey), Also am accessing with sudo also same issue persists. AWS instance, should reboot, no change while login issue persists.
As explained in AWS docs your key needs correct permissions:
If you are connecting from MacOS or Linux, run the following command to fix this error, substituting the path for your private key file.
chmod 0400 .ssh/my_private_key.pem
If you got a public key when you set up the server and you saved it (.pem file), you first need to change permissions to it. If in Linux cd to the directory holding the .pem file, then do this:
chmod 400 /path/to/your_public_key.pem for only-read permission.
Then with your EC2 instance public DNS ( get it in AWS EC2 console when you click on your instance ID) which is similar to ec2-x-xxx-xx.us-east-3.compute.amazonaws.com ,you can ssh into your server as follows. Assuming your user account name in the server is ubuntu like in most of the Linux based AMIs in AWS, do:
ssh -i your_public_key.pem ubuntu#ec2-x-xxx-xx.us-east-3.compute.amazonaws.com and if prompted for a password, provide it.
Good luck:)
I tried to connect to Azure Linux VM where Ubuntu installed from https://shell.azure.com/bash
ssh username#ipaddress
above command is throwing error as Permission Denied (publickey) .
I have created SSH public key and added it to VM while creating Azure Linux VM following below article.
https://learn.microsoft.com/en-us/azure/virtual-machines/linux/quick-create-portal
But still facing Permission Denied issue.
Also, I tried to run bolt command on Azure Linux VM remotely from another windows machine powershell.
I got error as below
Host key verification failed for '10.20.30.40':fingerprint
SHA256:mssgkeghbfnb9883yygebwndjhk is unknown for '10.20.30.40'
How to fix above issues. Kindly suggest.
Permission denied (publickey) means that your public key is not in the authorized_keys file. Copy the public key manually to that user's ~/.ssh/authorized_keys file, or use ssh-copy-id which comes with OpenSSH.
Also, make sure you're SSH'ing to the right user with ssh user#host
I'm running a set of powerCLI scripts from Ubuntu to connect to VCenter do a bunch of configuration changes. Every script is invoked via SSH, so it is connecting and disconnecting to the VCenter everytime. This is rather time consuming, is it possible to setup powerCLI/powershell environment to connect to a VCenter automatically? Or, maintain a session of a powerCLI/powershell so remote connections can re-use it? One possibility is to use "screen" command to share the session, but i'm hoping someone has a more elegant idea.
You can use PowerCLI6.5.1 to do most of what you are asking. Install
from the PowerShell gallery.
Find the Module
Find-Module -Name VMware.PowerCLI
Install
Install-Module -Name VMware.PowerCLI –Scope CurrentUser
if you run into an error during installation I fixed it with AllowClobber "-AllowClobber" command
Import-Module VMware.PowerCLI
A couple of examples
Connect-VIServer "Server" -SessionId $sessionId
Connect to a server and save the session ID - $serverObject.SessionId You will be able to restore a existing server connection.
Connect-VIServer "Server" -User user -Password pass -SaveCredentials
Will save the credentials to the credential store. That way you can reuse them and they are encrypted.
See here for more info
https://blogs.vmware.com/PowerCLI/2017/04/powercli-install-process-powershell-gallery.html
I need to launch an openconnect VPN on a linux router from a powershell script on Windows.
I have a working script on the linux router:
echo PASSWORD | sudo openconnect -b --no-dtls --interface=sslvpn host.isp.com --authgroup=SharedVPN --user=username --passwd-on-stdin
When I run the script locally on the router, the vpn launches perfectly.
Here is my powershell script from the windows machine:
Import-Module SSH-Sessions
New-SshSession -ComputerName "10.1.43.11" -Username "ubuntu" -KeyFile "C:\keys.pem"
Invoke-SshCommand -ComputerName "10.1.43.11" -Command '/usr/local/sbin/InitializeVPN'
Remove-SshSession -computername "10.1.43.11"
When I run the powershell script, it does launch the VPN, but freezes there, waiting for the VPN to end. I can kill the process on the router and then the powershell script finishes. I need the VPN to run in the background. So I modified the script on the router like this:
echo PASSWORD | sudo openconnect -b --no-dtls --interface=sslvpn host.isp.com --authgroup=SharedVPN --user=username --passwd-on-stdin &
Now when I run the powershell script, it does seem to send it into the background, but the VPN doesn't stay up and I only get partial output to the screen:
Key file specified. Will override password. Trying to read key file...
Successfully connected to 10.1.43.11
10.1.43.11: POST https://host.isp.com/
Connected to ip_addr:443
SSL negotiation with host.isp.com
Connected to HTTPS on host.isp.com
XML POST enabled
POST https://host.isp.com/
Connected to ip_addr:443
SSL negotiation with host.isp.com
Connected to HTTPS on host.isp.com
XML POST enabled
10.1.43.11 should now be disconnected and disposed.
When I run it directly on the router, there is more after the last "XML POST enabled":
Please enter your username and password.
POST https://host.isp.com/
Got CONNECT response: HTTP/1.1 200 OK
CSTP connected. DPD 30, Keepalive 20
Connected as 10.251.0.29, using SSL
Continuing in background; pid 11049
Connect Banner:
| Access to this system is restricted to authorized users. Unauthorized use is strictly prohibited. Information on this system may be intercepted, recorded, read, copied, and disclosed by and to authorized personnel for official purposes, including criminal investigations. Access or use of this system whether authorized or unauthorized, constitutes your awareness and consent to these terms. DISCONNECT IMMEDIATELY if you do not agree to the conditions stated in this warning.
|
How do I get the VPN to launch in the background?
I'm using ubuntu 16.04, openconnect 7.08, powershell 5.1, windows server 2016,
downloaded SSH-Sessions from http://www.powershelladmin.com/wiki/SSH_from_PowerShell_using_the_SSH.NET_library#Downloads
Well, I got it working using plink:
C:\bin\plink.exe -i C:\key.ppk ubuntu#10.1.43.11 "nohup /usr/local/sbin/InitializeVPN >/home/ubuntu/VPN.out 2>/home/ubuntu/VPN.err </dev/null &"
stdin, stdout, and stderr had to be redirected and use nohup.
I found it here: Getting ssh to execute a command in the background on target machine
Don't know if I'll take the time to get it working with PowerShell and SSH-Sessions now. Maybe if I need something more complex in the future.
I've created a Ubuntu 12.04 virtual machine in Microsoft Windows Azure and set a password. When I use my SSH client to connect to it, I enter the password but the server refuses it and says I'm entering the wrong password. Anyone else experience this problem? Am I doing something wrong?
Thanks!
just make sure about a couple of points which I listed below,
you write your username correct when you connect to your
server, its usually "azureuser" by default
you type in your dns or your global ip correctly
that the status of your virtual machine is "running"
your ssh command looks like this "ssh -p 22
username#dns.cloudapp.net" , note this command is used when u don't
have public key set, but if you do have public key, use this "ssh -p
22 -i key.key username#dns.cloudapp.net" , since you said in your
question , you only set password, then the first ssh command is the
one you should use