В рамках данной статьи, опишу процесс автоматической установки и настройки PowerShell Core и OpenSSH под Windows Server 2019 Build 17763. В качестве клиентской ОС – будет выступать CentOS Linux release 7.5.1804.
|
Name
|
Role
|
OS
|
|
srv-contoso-dc01
|
ADDS, DNS
|
Windows Server 2019 Build 17763
|
|
cl-centos-01
|
Client
|
CentOS Linux release 7.5.1804
|
1. Установка PowerShell Core на CentOS 7.5
Процесс довольно прост и хорошо описан по ссылке — Installing PowerShell Core on Linux
# Register the Microsoft RedHat repository curl https://packages.microsoft.com/config/rhel/7/prod.repo | sudo tee /etc/yum.repos.d/microsoft.repo # Install PowerShell sudo yum install -y powershell # Start PowerShell pwsh
Результат выполнения – PSVersion 6.1.0 :
2. Установка PowerShell Core и Win32-OpenSSH на Windows Server 2019
Процесс, как и в предыдущем случае несложен, и легко автоматизируется. Разобьем на несколько этапов:
1. Скачивание дистрибутивов с GitHub
https://github.com/PowerShell/PowerShell/releases/latest
https://github.com/PowerShell/Win32-OpenSSH/releases/latest
There is a bug in OpenSSH for Windows that prevents spaces from working in subsystem executable paths. For more information, see this GitHub issue.
One solution is to create a symlink to the Powershell installation directory that doesn’t have spaces.
— Создаем новый конфиг $env:ProgramData\ssh\sshd_config
— Параметры конфига sshd_config
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication yes
PubkeyAuthentication yes
Subsystem sftp sftp-server.exe
Subsystem powershell $SymbolicLinkPath\pwsh.exe -sshs -NoLogo –NoProfile
4. Удаление файлов с дистрибутивами
Текущие ограничения, можно посмотреть на странице — remoting-over-ssh:
Known Issues:
- You can currently establish a connection either interactively with user name and password or via key authentication. PSCredential is not yet supported.
- SSH connection attempt errors are not currently surfaced. There is a pull request with a fix for this. But for now you need to use Ctrl+C to abort the connection attempt and wait for the one minute session close timeout. To avoid connection errors make sure HostName and UserName names are correct and that the sshd service is running on the target machine.
- Endpoint configuration and JEA is not yet supported.
- Remote debugging from Linux to Windows does not work. However, remote debugging from Windows to Linux does work.
- Fan out to multiple machines not yet supported.
- sudo command does not work in remote session to Linux machine.
Запуск скрипта — pwsh_openssh_install_win64.ps1.txt:
& C:\pwsh_openssh_install_win64.ps1 -Verbose
Статус выполнения:
Переходим на Linux и подключаемся к нашему DC:
Теперь можно использовать модуль Active Directory, DnsServer и многие другие в PowerShell Core.
Полезные ссылки:
https://github.com/PowerShell/Win32-OpenSSH/issues/784
https://github.com/PowerShell/Win32-OpenSSH/wiki/Install-Win32-OpenSSH
https://github.com/PowerShell/Win32-OpenSSH/wiki/How-to-retrieve-links-to-latest-packages
PS. Скрипт автоматической установки — pwsh_openssh_install_win64.ps1.txt
