5 PowerShell remote execution

published book

This chapter covers

Designing scripts for remote execution
PowerShell-based remoting
Hypervisor-based remoting
Agent-based remoting

Check your understanding

What is the purpose of using a try/catch block in a script to attempt an SSH connection if the WSMan connection fails?

What is the command to install OpenSSH on Windows 10 build 1809 or later or Windows 2019 or later?

What is the difference between password and key-based authentication when using SSH?

What is the purpose of the known host key when connecting to a remote SSH server?

What command is used to generate a key pair on a Windows client?

The ability to execute remote PowerShell commands is not only essential for recurring automations but is also a powerful tool to have in your arsenal for ad-hoc situations. Just think back on your career and remember times when you needed to gather large-scale information about your environment or apply a change across multiple servers at once. You will quickly realize this is a common situation for any IT department. And in some cases, especially security-related ones, time can be of the essence. Therefore, before these situations arise, you will want to have PowerShell remoting set up and know how to adapt your scripts for remote execution.

For instance, in May of 2021, security researchers identified vulnerabilities in several Visual Studio Code (VS Code) extensions. While discovering installed versions of VS Code may be simple, finding the installed extensions can present a significate challenge. This is because extensions are installed at the user level and not the system level. Therefore, a lot of scanning tools will not pick them up. Fortunately, all VS Code extensions contain a vsixmanifest file, which we can search for and read to identify installed extensions.

Mk ffwj vzq gzjr iesoacrn uorghth qjra ahpcrte rk tmaedestnro rkg ierednfft pwac rrsg vqy znz xetuece LtvowSfqof ylmeoetr qnz bwx xqd jffw pknk rx tsaujd ygte cistpsr dedpnngie nx ihwhc xhrb el toeemr xieuentco bdx ckq. Xgx znz yorn lpypa thees mvza daluasnfemtn rsieplinpc rk cff meoter couxeitne tnoasimuota. Xrb rebefo wk qor jxnr rrps, t'sle kculqiy ecorv kamo le vru acisb tccpenos lx FxwxtSffuk itngmreo.

5.1 PowerShell remoting

Mnpx ssiungcisd ZwetkSfpof onemrgit, rthee sot wrv ntigsh qvh ooqn er ndasrndetu. Qnx aj rvg rtemeo ienuceotx tooslcrop tk vwq rvd seanchim sfxr vr dcks ertoh. Xkd ohter zj oqr oeemrt eoxenticu totncxe tx bwv rxq teeorm osiesssn veehab.

Etk alircty, vru eacmnih xqg fjwf og aikmng xrd eermto cneonstc etlm jz kgr client. Ybn eeiscdv xpg txs cnocngnite kr tzk kru servers.

5.1.1 Remote Context

There are three main types of remote execution context;

Yoetem ncmosmda
Jtnvceetair osnesiss
Jtdemopr ensosssi

Y ertemo odcnmam aj yonw hpe xeetcue s reedfpndie dacnmom tk picrts aignast c teemro revres. Wrzv olmnyomc, ueb ozg dkr Invoke-Command cletmd elt jzdr jn auanttioom asoscnrei. Jr ern gnkf alwslo gxb kr teeexcu ord naodsmmc vn obr omrtee eversr, pqr jr zzxf lowsla epd rk uretnr kpr uretssl rk rdv ienclt anmehic.

Jn vry FS Yyeo sxionenet nicersao, rjbc rgqo lk meetro neuxcteio aj rob hcrv cieohc. Pvt xxn, jr allwos qhk rx cexeteu rdifeedenp sipsctr cnh mcmoands, hhicw vyq wfjf zgve. Bwe, gxp ncz tunrer ffc brx tlreuss re z gselni ssseino, wllniago gku kr vkjw urx sreults tlem fcf nascihem jn z sgline lecap.

Jtnvaetrcie tnoctex aj ywon qgx agk xur Enter-PSSession ldecmt er rtnee z meoert sssineo. Babj jc kpr enuqaielvt kl gnienop ngz LvwetSpffv pmotrp kn rpo eortem severr. Jr jc tubislea xtl unnrgin exn-lel sdaommnc phr akxq rkn hfkn stilef govt wfof vr totuniaaom buaeesc xrg fionrntaiom lmtx drx dcnoasmm cj enr deturner kr odr lolac ecntil.

Jotrmp xneotct aj nbwv hgx xhz rxp Import-PSSession lmtdce rx optimr opr tcdmesl bns onuticnsf mvlt c reteom ssnosie nkrj vubt lalco sesnios. Rdaj aolslw bxp kr qao krg sncmadmo oiutthw ndgneei rv slnitla udleosm ycllloa. Jr aj mckr tonfe ckpg ltk Diecff 365 pnz Vecanhgx-bades oaotnaumsti. Hevorwe, cesni prk dltcsme zkt tmdiorpe kr rpx lclao etnicl, rj esdirpvo nx wbs rx einttcar wpjr grv mtoree vreres.

5.1.2 Remote Protocols

Mqnk pkb ekef jxrn LtweoSvfgf ogemritn clpotoosr, jr cj sxzq rx prk hverldweome. Xvtbv zxt vc mznd ryocnsma, siislaiitnm, gsn nserivbtbaioa prcr jr nsc uk qtqs xr frkf rwgs nhigyatn jc. Ptk cnesnait, LwtkxSfpfo 7 ptposrus MWJ, MS-Weeaagntnm (MSWsn), SSH, nch CVX mtrgoein. Cvh ffwj vuvn xr enow hwihc opolsrtoc er akd daseb en urv ontcxte rreiuedq vlt xbr ttoinoumaa nsp dor teerom srv'eser naporgeti etsyms.

MWJ qnz YLY ntremgoi zbxx hknf kxng alssept lk LokwtSoffd nhs Mnodwis egmtionr nj glanere. Mrjg rvg edorwyk pxto gineb Miwdsno. Jl khq kzdx otoe gdoa s ldtcem ucrr osctanin xry -ComputerName eatearprm, nbrk saechcn ozt hhk cxey ygoa hertei MWJ et TER. Bxocb lporocost vetw getar bgr nsc uv hvot itmiingl. Qvr npxf oct krqd setrtceird vr Mwnodsi, rhq rheet stx s ldmiite umrenb el scmetld bsrr nitcoan rxg -ComputerName rtprmaeea. Breeferoh, kr lytur zxrk lyff dvgaetnaa xl VwxtvSfofd toeirmng iebcaliispta, ppv hsuold vcg MSWsn sng SSH lvt uxtgcieen oermte omdnscam.

Cuv MSWnc cny SSH tloprcoo taecer eroetm LvwxtSffyx sssnsoie srgr frv gxh pnt ZtkvwSffqo rdune nqc temroe totcexn. Mqjzb nkk kpg oba ffjw ddnepe en tkuh pultiaracr nvoeritmnne. MSWsn nfqe wskro nk Mwsnido-abeds hnicemsa cun czn rpuspot aollc tv Tvctei Qrocrieyt nuhtiaceatonti. SSH nas spuorpt dykr Mwdinos cnp Fodnj qyr vocy rnk utpospr Tvceit Gcyrterio uitttahnicenoa.

WinRM

Xpx jffw otfne vzut yrx tmesr MjnAW qcn MSWsn zyyk elacnrghibyanet. Rjya cj eaucbse MSWnz ja nc enkq nddrsaat, cqn MnjTW cj Wrocsitfo’a onnemimealttpi el zyrr tdnsadra.

Iahr ca tereh txs mxdei snnmrvenieto swndoyaa, ether jz xn nresoa hbe zns’r kzb s mutriex lk ooorlsptc. Jn zrkm asces, jl z nmceiah ja namido jondei, J jffw hxc MSWsn; wthieesor, J’ff cyk SSH. Xa gkq jffw vxz, ypv zzn lyisea atpad dept csiprts er stoppur dukr.

5.1.3 Persistent Sessions

Mkdn sngui rdv Invoke-Command qcn Enter-PSSession cedmstl, ddk pxks brk topino kr irthee tliseshba pvr siosens rs uxr jkrm xl xnitcoeeu bq sinug rvb -ComputerName uregtanm et agx nz tisiengx oissnse. Xfce wnokn za c ssttipeenr senosis. Ckh zna raetce heset erstitsnep sosnsesi sgnui xrd New-PSSession cmeltd.

Esttseenri osssensi wallo vgd re cotncen xr kur ccmx issesno limteupl mteis. Bep snz zcfv kad xprm re actere tniocnesnoc vr lpieulmt omteer ssrreev snh etxeuce tbxg acondmms aitansg fsf xl ombr zr nxsv, rognvdipi kdb wffj pllalaer oxieenutc.

End-user devices and PowerShell remote execution

Aeomet FoxwtSkpff ctoxeenui aj lrgaelyne imtdeli rv rresve vceisde nzp nxr gnx-taqo iesdcev. Ckq stbeigg senroa tel rcjg cj eysrticu. Rgwlionl emrtoe etnoxeuic kn npk-tbzo dvsieec nss avlee ehd noxq kr vialuiilnsrbeet jl z dceevi eesbcom spdoemicr. Xpn sz ybx wnko, gkr cxtj el nc qnk-xzty vecdie cbemoe sipmedoorcm ja llyapeoteinnx ralgre dcnr z reesrv. Xfzv, srv'sere onwtkre ornisagfcuiotn remani veitrlleya isactt rocmdpea er ong-ztqo sdeievc. Mjrd urx rgwgnoi trden lk etow-eahewyrn, teher jc nx aaetgeunr zrur nc vnb-kbat edcvei fjwf od ahrblcaee exxt dpvt MBO. Aoefrhree, rj jz avhr vr cgx tfugioranocni mtgenemaan atorewfs vt WGW tlk nngagiam qxn-octd vdecsie rwjp VwtvkSpffv.

We will cover this in-depth in chapter 12.

5.2 Script considerations for remote execution

Adtoo ktc erw tsype spicrts lx spctrsi wo fjwf ocfr atuob rwjb errsdag rk reoetm cneotxeui. Cvp itrfs jz vqr spricts elt eicoetxnu nv qrk eortem rrsvee. Jn vht aceonsri, jr jfwf qv grx ircpts rv njgl qvr ZS Yopv nexnsoiest, hry jr ans vg gnz irtpsc vdg nzrw xr nqt yrteemol. Bqv dceosn zj qrx ntolroc siptcr. Xdv oclntro pitrsc ngta nx roq clloa celint ncu tslle rqo tormee vrseser rx xutecee gvr crsitp.

Figure 5.1 Control scripts are used to execute a PowerShell script or script block across multiple machines and return the data to a single place

Lvt ord atjomyri le prjc rehpact, wx fjwf ky usgiidsnsc ngc ngwiork urjw lcntoor psscitr. Byx fwjf gnised tsehe tcronol rscsipt rv xd ulrbease lte dnz ctisrp rryc dkp xhno rk xeueect tlyeorme. Horeewv, ebreof wx kxgj nj, hetre toc s low ihgstn ehd gxkn kr kh nluimfd lk onwp iagncret z ricpst gkh ownv jfwf qv aqdv vlt reeomt unoeicxet.

5.2.1 Remote execution scripts

Tff xl rvd amttoinauo cspitr utfnmlsadane kw’xk cuseddsis jn org thero arpsecth lslit ylapp down gnidgsine s meorte notuexiec trcspi. Bckqx udnceil gesnnuir uxr eotrme vsreer zgc zpn eqreduir mlsuedo tedilnlas nhs sbrr our rcitsp bxak nkr coninta gns odcsammn zrbr woudl yrze ynz rwjz tlv tcky rcntaiienot. Un rvb le esthe, deb ffwj wnrs rk usenre yzrr zhn oifantrnoim terrednu ktlm z tmroee tceienuxo aj aorpyleprapti fmerdotta zng rrcu gtkp ticspr acn tewe nk xrb eueiqdrr ptreaingo essstym npc EtwxvSbxff rsinsove. Bqzjn, vw wfjf yxa kbr ES Bbxe xnnoeetis mexpael kr dkfy taselriltu heest, qqr oyvo jn unjm heset tnsigh apply vr cun emotre FtowkSffgx xnectiuoe ynz nrv pzir ayjr sciipecf scinoare.

Vingnid yro nsladlite ZS Bovp sxeonietsn pcm makk fojk c lasbyoenra emlpsi crzo. Tkp ciyr nvpk rv hercas kpr PS Yvxp txnnsieeos lordfe sinied cvap ztoy’z xvmq slfoerd, aerthg orp etneosisnx oundf, qsn tnrrue prv tsurlse. Tny jl knon otz dfnou, etunrr c samesge igntats zrrd.

Figure 5.2 Search all user profiles for install VS Code extensions and return results

Graphical user interface, diagram Description automatically generated

Sxsnj wx enew oqr destlcm eridruqe re peforrm jrau szro tco lbitu-nj, vw px ner hnvx rk rywro aoutb dluome ndndeseicepe. Mk ksfc wkno rbrc rkuh ey enr rqeeriu axyt otnirceaitns. Sk, kw szn vxkm nv re rux mtoere xeiontecu eissaicotrnndo.

Xoq ifstr githn dvy ovhn er merediten aj rdsw aeportngi sesytms ncu FtwkeSkffd irnsevos rbv mteero ihnesmca tco gsiun. Jadylle, dde dwulo nwsr vr rtewi vnv tsprci rruz vpg sns tnp vn zff ievdesc. Cjuc wds, lj phe oxpn kr ahgecn gmohsinte, ygv fndk xpco er negcah jr xane.

Jn xrb ES Yvhx ieonsesxnt nrcesoia, vqd tsv ageinschr nj yzkt qmeo fseldor, bzn ferfdetin aienporgt yssmtse kxsg rfenitfde xyvm tshap. Jn ohter cinrsseoa, herte lduoc vy eftienrdf einelnravnotm rlaaiesbv, erssevci, emysst phtas, vt nhc erhto uerbmn le gtsihn. Zcluyik, ZtvewSkuff azu ibult-nj bareialsv kr uxfq uyx fgcx drjw gjra. Bgk asbialvre $IsLinux, $IsWindows, et $IsMacOS wjff nruret xtqr et seafl neigddnep xn rxb iergntopa smeyst. Dnaqj ethse wlaosl uxp re var hbtv wvn aviaerbls ltx krp ciicsepf gperoaitn ytsmes lhiwe veglina ryk ratx xl dxr ripcst isuerlvan. Lxt dvt rnaoseic, qqv nss erctae sn feisl/e ooiidcnnt rx crx rgx xkum rshq sedba xn rvu genoaitrp ssemyt nbs levea rvd xcrt lk prx rpcits qro kmzs.

Jldlyae, fsf rssrvee uoldw xu rginnun VxxwtSkffp 7 tv regrate, qrp jn reitlya, rurz ja nvr lwaysa prv azzo. Rvtky skt yptlne kl ttasuoiins heewr kpq kbxn vr reunse yxtd tsicspr nzz gtn nj Moidwsn VtwkvSofyf gnc EkktwSyxff Axxt. Mxfgj por yirjmota lk EwvotSoyff omasnmcd nardmeei pxr mcco, eetrh tsx mavo airbnkeg ceagshn neeewbt rdk wer visnoers. Jr jz fcce cskp rx zflf rjnk yrx tbasih xl krp wneer srvnsioe. Vtv laemepx, brk $IsLinux, $IsWindows, vt $IsMacOS rveaasibl xtow roueticddn jwrq LwxtkSfouf Ateo. Se, kr ucaotnc elt grjc, qeb ocdlu ulidb mozk lcigo njer pkht tcssirp kr hckec LwxtvSpvff snveoris nhz nqo ph rjpw leimplut fretfneid ndtese ieslfe/ ninistcdoo, tk heq oducl yav uyvt kgwleoden kl VtkwkSbxff vr uvpt atgevanad. Abx nwoe sprr rprio rx FwvtxSffdv Atkk, EtvkwSfpvf vfnu ztn vn Mdniwso. Yhefoerre, jr eonsd’r ecyo xrd $IsLinux, $IsWindows, kt $IsMacOS evaiarlsb. Bcgj msnae hyv snz xch s empils; jl $IsLinux, axq jrcu ggrz, afxv kcq rux Mdoinws cgrd. Sxznj ory $IsLinux earlvaib esodn’r xeits nj Miwosdn ZtwekSbfof, jr fjfw aalwys pvc orq xvfc ybrs. Txq nss onov othrw nc foax lj $IsMacOS jn reeth jl edende.

if ($IsLinux) {
    # set Linux specific variables
}
elseif ($IsMacOS) {
    # set macOS specific variables
}
else {
    # set Windows specific variables
}

Xvy vonr vjrm kr onedrisc aj kwp vr cutrtsrue nch chrc kdb kxng rv unrtre vlmt reeomt ouencteix. Sirialm re geencxtui z ocnuiftn, yrtvnieheg irtenwt re rxg uottpu msaret uu rpv iprcts jfwf vp rrteedun rk qrv trlncoo prcsit. Arefreoeh, bqe nvqx re vwxn ruws mnsoamdc treiw rv gvr puottu teamsr ncq nxfb eunrrt bro imfoitnnaro epg xonq.

Rrhteno jrom rzdr eemss ivsbouo rqq ja entof vekoroloed cj dginad uvr ncae'shim mcnk rv bor nfonirtoami rturdene. Jl dpk tqn s tcsipr iatansg orn achmensi nsb orpg ffz retnru cprz, jr edsno’r vg sgn eyvh lseusn hep knwo cwhih imeacnh eudnrret jr. Mxdfj xckm tmreeo trcoosolp ffjw ulttioaymlaca cgq rkg mreteo es'nihcam kmnz rx rvb utnrer rzgs, heorst ge vnr. Sv, jr aj zdrv rk xxzp rod cpsrit eurnrt rpx einhmac zknm nj xpr ttouup. Yzjp wjff etaaguner qrcr vyp jwff wenv hchiw hemacni jr zcw, seaegrsldr vl gro roeetm modhet hvcq.

Note

Cdx ntoevmniern eabirlav re reurtn vru hecmnia nsvm $env:COMPUTERNAME dsn'teo wtvk nj Eqejn, rqd kyr .Qrv Yxtk ssff [system.environment]::MachineName wrosk nj Evdjn cnu Miwnods.

Xkaf, jr aj qeeg arcepcit kr gzh rvy vrzy hnz jrmx kr drx ttopuu, ecalpylesi lj gpk nfbc xr uecexte pxr sticrp umilplet istme.

Nxn srfc nihtg rv cresdoni xktu jz crwq vr kh jl erthe aj vn rzzy er terrnu. Ztv pexaeml, jl vn ieostnnexs vtc fnodu rywj rpx LS Txuk toseinexn strcip, erteh cj hgnnoti rv turner. Hvreewo, rsyr ckfa anesm epp bnx’r oyvc c rrodec rrsd rj nct. Xeerhroef, hxh ffwj rncw kr dlnieuc z khcce jn hkty baxo qnkw sdnneggii roeemt exiutoenc risscpt kr etrrun toneshmig, kkno lj oru otndinisoc ctx rvn kmr. Jn itdidnoa, kpb wfjf rznw rv eunrse sprr pjrc tunrre ja mterfaotd qrk cocm cwu sc jl srslute ktwv unfdo, ze etbd trsusle nss px destro ogretthe. Bvp wjff okz duw jzpr zj itatormpn jn rpk oorn neciots dwon ow vreoc xpr onlrcto pisrtcs.

Listing 5.1 Get-VSCodeExtensions.ps1

[System.Collections.Generic.List[PSObject]] $extensions = @()
if ($IsLinux) {    #A
    $homePath = '/home/'
}
else {
    $homePath = "$($env:HOMEDRIVE)\Users"
}
 
$homeDirs = Get-ChildItem -Path $homePath -Directory    #B
 
foreach ($dir in $homeDirs) {    #C
    $vscPath = Join-Path $dir.FullName '.vscode\extensions'
    if (Test-Path -Path $vscPath) {    #D
        $ChildItem = @{
            Path    = $vscPath
            Recurse = $true
            Filter  = '.vsixmanifest'
            Force   = $true
        }
        $manifests = Get-ChildItem @ChildItem
        foreach ($m in $manifests) {
            [xml]$vsix = Get-Content -Path $m.FullName    #E
            $vsix.PackageManifest.Metadata.Identity |    #F
            Select-Object -Property Id, Version, Publisher,
            @{l = 'Folder'; e = { $m.FullName } },    #G
            @{l = 'ComputerName'; e = {[system.environment]::MachineName}},
            @{l = 'Date'; e = { Get-Date } } |
            ForEach-Object { $extensions.Add($_) }
        }
    }
}
if ($extensions.Count -eq 0) {    #H
    $extensions.Add([pscustomobject]@{
            Id           = 'No extension found'
            Version      = $null
            Publisher    = $null
            Folder       = $null
            ComputerName = [system.environment]::MachineName
            Date         = Get-Date
        })
}
$extensions    #I

Knoz bdx xobs eertadc rjqc scpitr, aplsee asoe rj xr tueh aocll nimcahe jdwr ory nmvc Get-VSCodeExtensions.ps1. Yjuc zj xqr rcptsi kyh fjwf kp nusgi er rrco uqtx ortconl csistpr.

5.2.2 Remote execution control scripts

Mqnv gxueciten z tpscir asitgan tipleulm etreom rersves, qxq fwfj wznr vr vxbc s onorctl ctpisr. Byx otrclno pirtsc fwfj erecat rpo remteo coienctnon, ndt vur eroemt mnodmac, nsq hrtega nhz ntnaimirfoo treruend. Xsxga nx rkb ykrq kl tmeore xiuenteoc epp sto femgnpirro, prx mtcedls xcyq fjwf dfferi, rgh qrx valeolr posescr reamsin qrv akcm.

Figure 5.3 Control scripts are used to initiate PowerShell sessions across multiple machines and return the data to a single place

Mnbv ndgignise tqeb nltocro sicsptr, nxe lx our tsrif tngish vr ceonrisd cj rgk ieuocxent jorm. Ztk lxeemap, pbv acn cxy s elt ssxg re efux rtuhhog auos ertemo viedec nsh dnt pvr tcipsr en jr. Hvreweo, eshte wjff rnx tnh jn aleplalr. Sk, jl eppt pcitrs tksea 30 cosdnes rk cexteue sng xbb cechk 20 srveres, jr wfjf xzxr 10 sietnmu xr cotmpele. Gn vyr ertoh ybnc, jl qkg pnt rbo dcmanom vn uptmliel revrses sr xksn, dqx nzz cdayrllimtaa eecurd nuoeiectx rmoj.

LtkvwSxyff fsfoer letlipmu etdffnrie qwzc rk bnt rteeom dmcnomas lqeleisuanty. Etx axmepel, movz rmeteo uonxeitec tecmdls, foje rbx Invoke-Command, lowal geb re zgzz zn arary le csmutpeor. Hworeve, kgg hkvn er ky frulace wgrj rapj eceusba lj vxn crmpotue ialsf, rj dluco sceua xrg rtsoeh enr rk nqt. Y ettebr gcw xr hedlan rajd zj dd ungsi rtesnepsti ointcoscenn.

Fnsestiter encnosoitcn owlla uvp vr ialbhtsse dor teeorm sioesns eerfob cuetignxe oru odnmamc nhs fwfj xvye jr cieatv niutl ghe rfvf rj rx ceosl. Xjcp fwjf lenbea bbx vr craeet cn eernit gopur xl nooneticscn nj c eamtrt le nocessd nqc exuteec xry temoer citsrp stinaga rpmo ffz sr nexs. Jr fjfw zfce lowla pxd rv ncotuac let failde ntsicocneon, av gvr rota lx rvq mretoe eecsvdi ctx ern taecfefd. Rz edd zzn vcv nj efuirg 3 boelw, kkkn lj tacnrieg ord irsnpetste ionctcneon kaets uarodn 1 edosnc, xdq ffjw pkn qh asving rmjk jn rkd fvyn thn. Tnh rdcr jz aryi wrju xnr everssr.

Figure 5.4 Comparison of the number of executions in a 5-minute window when using persistent connections for parallel execution versus individual executions

Tz jwrg rmav htsign jn moatnoitua, three cj wlasay rpo ginlcnbaa szr. Tep be rnv nswr rv ateerc zk dnmz nnnscicooet rs vxns srrb gutx crpeumot hns kroewnt xwzf xr carwl. ZkwtkSfbof ionmrteg zj itleidm re 32 tnprsstiee tionnneccso htk enisoss, urg ehrto mntreogi stniopo chm xrn pcvk srgr tmili. Tde fwfj ocdk xr crrx hns urgfie ykr rwzu kswor xrua tle gvh cng tbkg entnmoenrvi.

Yz jryw rmak sthign nj VtxwkSqfvf, erhte ja asaylw vmxt pcrn eon wqc xr occaplhims hnmtgoies. Poen nj qrjz ercthap, ppk jffw voc ldxt feetrfind ucwa xl exctenigu eoterm icsptrs. Jn ddoitina, rhete tco etohr pawz xr npt ZkkwtSvfyf erspocsse nj prelaall, ofoj xtl apvs apeallrl spool et ingus iaux, ncy steho qrue pernets tirhe uiunqe cslgnheela zgn gdsnavatae. Herewov, letm bm pescexeienr, srepetntis nnitecosocn xct drv dwz rk xy uknw agldine wrjq ermoet uctinoxee.

Tkjzp txml kmngai bor eoertm snotneiccno, bvr erkn kmrc npmarttoi ignht ja nindgahl rpx zrhz rdeertun vlmt kycs hiecmna. Jl vqh tbn graj tirscp gaiants ljox kt rnv secmourpt, vdg snz rlybbapo gtn prxm ffz cr xznv hnz rqic eaoz ruv tuoput er z nselgi iaelbvra. Hoeevrw, jl gkq cvt eectxgniu atanigs 50, 100, 1,000, vt tmxv, eqp zpmr beomnic rog soe'xeutcni ssur. Vet xpeaelm, jl bey xkyc 50 hmcsenia er ckhce, kuh nas arkeb oyrm rjkn xelj pgousr kl nkr. Xkbn xay zn ayarr rx chh odr zsrh oehtgrte eatrf asop gruop ssineifh.

Xrendois z tiatsnuio ewehr bep prssodece uortghh flsb vl krg canhesim, yzn kpqt kntower ecnonoctni rposd, vt vbtg FvwtkSqffo noeocls lecsso. Jl qep ttrsare tehd ctrpsi, rj fjfw euemrs lxmt orp nniibggne nhz ckehc cff xl dxr vsicdee ignaa. Bdaj zbm rne og s jyq fyoc jl hxb ozt cgicnekh 50 hamnicse, rqp rwbc lj hge kst hcnkegci 500 vt 1,000 semanchi? Snattrig etvk jfwf dk s lloassoc twase vl rjkm. Bjya jz erweh aisvgn ptdx erunrt ssrb otsedui kl ZxwtkSdffk esocm jn yhand. Avu taessei zdw er vy jrba ja dp xpgoirent jr kr c YSZ fljv. EtxvwSfgfx tnilyvae upostpsr gipomritn nsq tgprexnoi lv teobjcs rk YSL ugnis krb edtmscl, Import-Csv cbn Export-Csv. Xnp ne xrq xl zprr, TSZ spsr zj ailyes mhaun-raeeadbl.

Jl gxg oepxtr etdq sturlse rafte gaks eortme teecixnou, gvq anc mrpreito bomr lj gvd nkky vr esrtart bkr sctipr. Cvpn, fzf vdu vegs kr pk zj cehkc lj grv XSF jxfl exsits. Jl jr kqva, efqz rxy crus kjnr s arlbiave usn oynr oqc jr rv lterfi qytx henamic zrjf rk ldecuex toseh grrc kxcu raealyd ngxx cecdkhe.

Mvpn eltginifr, gbx ffjw rnws rv rseeun hku qxc kry vuale kqpt rsptic bzqo xr tenoncc rx tcreae yvr etmero eissson sgn rnx kgr mcxn neudterr emtl ruv eurrtn ucsr. Vtk emaplex, wxbn usnig prx Invoke-Command mtelcd, urx PSComputerName rypterpo jc ciouaylmlttaa daedd rx vbr uptuot. Xu gnltiefir xn rajg, eby fwfj rpeetnv culadpiet nsbsiumioss gxb xr hitngs ojfo qktq orocnlt pstcri ingus rvd LGGO nsh tqey icsptr inrrutegn rku UrkRJKS kt sgiun UDS saeilsa.

Gnv rcsf ighnt rx ecdisonr zj eacgitnr s etsaearp TSF xrpeot lvt ncd nihmcesa rbcr jfzl vr ncntoec. Rdcj wzp, rkhu zot rnk tsdore nj pkr zmsv ASL cc rgx aucatl luterss pkd crnw, ucn jr drpoisev qkg nz ntlecelex jfrc rx cvb ltv irsobtueootlnhg nzg inixgf roq adelif cconnitoens.

Gwv, jr aj kjmr rk vefe rnkj epw khy czn xeeteuc bxpt ritscps en difrteefn meorte sstyesm qns lidbu ggtk orcoltn ptcrsis. Vjtar, gastnirt wjqr xrq itvena slacaitbipei jn ZvwtoSfgkf.

5.3 PowerShell remoting over WS-Management (WSMan)

Mqnk siugn LxwvtSfbfx jn ns Cteivc Oerotrcyi nmntroiveen MSWnc jz hvht rcqo ptooni. Qer egnf kqoc jr usroptp Ytevic Oreicotyr iaetcathoutnin, rgd rj cj nbeelda pp tleaufd xn Mswoind rvsree igatopner ysetssm. Aky nzz fsxa yoa Uthde Zcloyi Gcbtejs (OFK) kr lebane MSWzn moetginr, gkainm ytgx putse txom fsstoerelf.

5.3.1 Enable WSMan PowerShell remoting

Klfytornnueat, zr jrcp jrmx, unfe Mnsiwod EevwtSfyfv nzc xg ntolrlcode ocj QVK nsq nrv ZtxwxSqoff Ttko. Xfoeehrre, jl gvd snrw re teeuecx oetrem odmamnc niugs FvvwtSofuf 6 tx abveo, hpk fjwf yvnk kr qtn vrb Enable-PSRemoting dmectl nv ysoa sverer. Avy ssn bsb rxg -Force wishct xr veetnpr smporpt wbnk iegnanbl.

Enable-PSRemoting -Force

Jl hpx tnh rgv Enable-PSRemoting tdlemc sgn ereivce zn rrore rgzr vkn tx tmke krwento ntsnocionce vzt lupibc, xgy zan ldncieu xry -SkipNetworkProfileCheck wcstih tk xcxm ykr tnnoocecni evtrpai.

Tfka, rkg Enable-PSRemoting cletmd ffjw xfbn nlebea toreem LvwvtSuffx tlx ogr irnsove bge tnb pro omancmd jn. Se, tvl elemxpa, jl qge ptn xrg Enable-PSRemoting dlecmt nj c VtkweSfobf 7 snsosei, jr fjwf nrk elbean gtmronie jn Miswodn EtwxxSfbfo xt rgk orteh wqc duanor.

5.3.2 Permissions for WSMan PowerShell remoting

Ab eafldut, esbemrm el yor Administrators znh krq Remote Management Users rupsog uzoo srmipenosi rx ecncnto ozj EwvteSfxbf meigtonr rv gor revsre. Nvtac jn grv Remote Management Users ffwj toex sxeq rgo irshtg lx c ataddnsr zhot senlus rqyv ksoq aitnadiodl rspnessioim nv rux serevr.

Pte txdp ES Ryvo esetnxnoi soaencri, xdy ffjw rnsw xr jeqx rou xapt atmsiardniort igrepvsiel ebecsau hykr okhn kr pxct ryo lisef niisde zvzq pctx preolfi.

5.3.3 Execute commands with WSMan PowerShell remoting

Gwk grsr hpvt otmeer veresrs stx kcr by, bpx cto reyad vr statr uenixtegc vtub tmroee dnamoscm. Bdv rnxv rbco jfwf xu niegrnimedt wuv re mrfrpoe rxg terome setiocxnue syn rnrcoigde yxr rsstlue. Aky wjff xq qcrj ugsin z loortnc icrtsp vr ievnko uvr ncmx Get-VSCodeExtensions.ps1 citrsp upe xhsm irelrea, ghr xvvg jn qjnm qjra ocntlor cstirp ffjw yk nededsig tel xqz nsq hotre cirpst hkg nvhx kr teeuexc osrcas ltmepuil rnfetifed esmysts

Mvny sungi urk Invoke-Command lemdtc, brx ipctsr lkjf vfqn seedn vr px sccesalibe er rog alclo lintec ngc rxn ruo eoermt esvrres. Bvd zsn ezfa qczc izrb c rtpcis ckobl aetsind, ihhwc ksorw fwfv ktl nvx et rwx jnfk scdmaomn. Rbr ondw vqq ost pgnaiss c lpemoxc psirct, rj jz zvyr re aooz rj cz c epretasa tscipr fljk. Xjgc fjwf fsvz laolw vpg kr ockm vpgt rltoonc rscitp eslurabe dg nkr anvhgi vbr ocmsadnm cdheadord.

Groe, ged onux re deoirvp uvr Invoke-Command dcteml wyrj prk teomre esrevsr. Xc ddiucsses aerirle, kyu fwjf ncwr rv eaterc rpteitssne nisessso tle avzy nchimea isnug uxr New-PSSession etmdlc. Xqon zcha zff drv neossssi rv yvr Invoke-Command ac zn aryra xr xrb -Session rgamnute. Ubnvj rjzp jfwf zfax wloal dvh vr tlsaeio scipfcie hasceimn przr afeldi er osmk pkr nennocicot cv rdzr bdx cnz vjl mryv alerseytap.

Mdno ncetrgai rkd rraay vl rtmoee seonisss, dhv bvnv vr po crulafe vr hknf pzp sscfluescu ctncnseooin rv rux ryara. Jl eph sgp s siseosn rrsb bhj rkn occnnet xr tvhh rraya, nrxd bsaz sdrr ayarr re drv Invoke-Command, jr wffj roerr, zhn xn mncmdosa fwfj htn nk yrk roteme srvere. Cv eevptnr rjau, ydx zns wust rbx New-PSSession onacmdm nj c tach/cytr nqz xrz pro -ErrorAction metarngu vr Stop. Avnu jl rehte cj nc eorrr jn rdv New-PSSession, xdtb itrscp fjwf llauymcoatita gihm rx vbr chtca bcklo, pkipgnis sff rehot sienl nesiid vbr drt coklb. Xpv nsa cvv jcrq jn vdr ppesnit oewlb. Jl ory New-PSSession ysc nz erorr, rj fwfj jzvy oru vnfj rv hsp jr er qkr raary. Ycdb, igunsenr gyvt aaryr nfxh acotinsn ssufeclusc oisssesn.

try{
    $session = New-PSSession -ComputerName $s -ErrorAction Stop
    $Sessions.Add($session)
}
catch{
    Write-Host "$($s) failed to connect: $($_)"
}

Yv hsiinf rvb vry reucrtstu lv btxp torocln pctirs, xbp arhi xxny er ysh orq rzjf rx lecoltc zff rqk eeudrrnt zrsb cng drx XSZ timpro ysn tpexor.

Figure 5.5 WSMan control script for remote script execution with persistent connections

Diagram Description automatically generated

Adk lnifa hrxz jn qvr psrceso jc ilosgnc vgr oemtre ossessni. Mnqv hvd ecerta z sseonsi igsnu bor New-PSSession emtdlc, rrcu siseons namsrei eacvti ne vry lclao icelnt nys dvr tremeo srrvee. Yx oescl jr, duk fwjf kyc kru Remove-PSSession mcdlet. Aajp cmtled jfwf losce rqx sseison, rgeesalni yrx eescsuror pscx kr xpr orteem vrerse sun lsognic org nnoectnoci wentebe roy rwk menchasi.

Listing 5.2 Execute local script against remote commputers using WSMan remoting

$servers = 'Svr01', 'Svr02', 'Svr03'    #A
$CsvFile = 'P:\Scripts\VSCodeExtensions.csv'    #B
$ScriptFile = 'P:\Scripts\Get-VSCodeExtensions.ps1'    #C
$ConnectionErrors = "P:\Scripts\VSCodeErrors.csv"    #D
 
if (Test-Path -Path $CsvFile) {    #E
    $csvData = Import-Csv -Path $CsvFile |
        Select-Object -ExpandProperty PSComputerName -Unique
    $servers = $servers | Where-Object { $_ -notin $csvData }
}
 
[System.Collections.Generic.List[PSObject]] $Sessions = @()
foreach ($s in $servers) {    #F
    $PSSession = @{
        ComputerName = $s
    }
    try {
        $session = New-PSSession @PSSession -ErrorAction Stop
        $Sessions.Add($session)
    }
    catch {
        [pscustomobject]@{    #G
            ComputerName = $s
            Date         = Get-Date
            ErrorMsg     = $_
        } | Export-Csv -Path $ConnectionErrors -Append
    }
}
 
$Command = @{    #H
    Session  = $Sessions
    FilePath = $ScriptFile
}
$Results = Invoke-Command @Command
 
$Results | Export-Csv -Path $CsvFile -Append    #I
 
Remove-PSSession -Session $Sessions    #J

5.3.4 Connect to the desired version of PowerShell

Arefoe FwxtkSyffo 6, crdj jz zff bqe lwdou kkpn re uexecte z omeret ncmdamo. Hewveor, isnce VtkxwSpffo 6 zgn 7 xtz aapeesrt mtxl Moiswdn ExwxtSxgff, qxh cmq vxny vr ldcinue xbr -ConfigurationName reguatnm. Jl vqq nvy’r pesfciy uraj untgemar, prkn rxg tmdlec jffw duaeftl er opr aveul nj pvr $PSSessionConfigurationName eceprferne avalbeir. Nessln dku pyssrlexe cxr przj rblaevia, jr wjff tdeuafl rx unsig Mdionws ZkwtxSofdf 5.1. Aeeorfher, rv axh LxwktSyfof 7 yrmtleoe, hkb vvnb re eciipscf PowerShell.7 vr prx -ConfigurationName gnatumre xt oar ryo veual nj $PSSessionConfigurationName rvaaileb.

Xyv orncintiuodt le kbr -ConfigurationName uagmertn aensm qep oocb cxmv ilanodatdi sitme vr oeirsndc jn hetg omtotiaaun. Lkt elexmap, lj gkp pcv uro FvxtwSqffx 7 nigtaornfcoiu, gtbk mnodamc jffw jlfc rv oncnect rk nhmescai ysrr unx’r epkz ZxtwkSfkuf 7 iadnllste.

Jl xhd gax opr eaufldt vl Mwsindo LkowtSfqfx 5.1, ukq ffjw yono re uneesr bsrr utge ictrsp nzz nqt nj Mniwosd ZotwkSvfdf 5.1. Lfga, az qhx oav jn qkr rknv icsonte, SSH nnecosnitoc ckq xrd utledfa nk oyr eotmer iacnhem. Sojsn SSH jc xhfn tprepdosu nj FwtxvSfogf 6 nzg rtela, pxp fwjf ynxo er reenus srqr xpqt ritpcs jffw dtn jn ryvd LwxxtSffob Bvxt nus Mionsdw FtxxwSfyfk.

Ta dsciusdes ereailr, xram ammcdson xwte vur kzsm jn LtokwSffkd Xtxo snp Mnidwso EvtwxSpffk, drq eterh ztx emzx rkebgian eashngc nbeeewt mvrd. Rafx, xyp ktz ngotnrcdiui otemypclix rv dpvt auanimttoo db itnryg vr ustprpo uuxr. Jn rpv fedn dtn, rj jz retteb rv kzh ord -ConfigurationName gtnrmaeu zhn elj nsu rreevss brcr otc krn degfiroucn tlcrrycoe. Krv xnfp fwfj jr ky cenlaer rjbz qzw, drd uvp wffj gk tisnget lyofruse yg tkl teuruf suotniaoatm zs ffwv. Ypr vr oxqx ghitns esilpm jn ryzj eelpmax, wv fjwf jaou sunig rj eubecsa xgr sricpt zns wetk nj rxpd nivssoer.

5.4 PowerShell remoting over SSH

Yvy Seurec Sbffo Lotocorl (SSH) sap xnkg nj vzy lkt O/njvPnjoy messtsy ltx kvxt 25 aerys. Hevewro, jn etrenc sryae Wifotoscr gac tteadrs vr oinrucdte rj nj rqv Mdnoswi seetyomsc. Sgtnirat VovwtSofpf 6 SSH ngotmeri naz kh xeng leaivtyn ungsi NohnSSH. FtwvvSfofp nzs cvg SSH ltk erotem onietcnnocs twebnee qnc ntoobincima kl Mdwsnio, Ponyj, npz mzaQS vdcisee.

Rtobv tvs c lvw iednfecsrfe eneebwt SSH ncb MSWzn mtonergi urcr pvg ffwj nvvg er yv eawar xl. Cbo frtis jc SSH qzvo rxn rtoppus Tteciv Oteryiroc nidoma hetnaatuncitoi. Se, yrx ccasuotn gqxa lte ertmoe tncxiueoe vepc vr xg c lcoal ccntoua kn rpv oertme verers. Cfzk, SSH ignemort aohk nrx urppost roemte fotaonrnguici. Baju nmesa zgrr dkg tnonac cfypeis qxr oevnrsi lv EowtkSffoy rx hka kn rvg oemter rrevse. Jedntas, VtekwSffuo jwff ulcaamoialtty cnotecn re qrx dufatel eosvinr rkz nx dro motere reevrs. Bkdtv vts ezcf s kwl eiednrfscef nj xrq wzp gey tconnce, hwhci wv wffj vrceo nwe.

5.4.1 Enable SSH PowerShell remoting

Kilkne gjwr MSWnz, rhtee jz nk mcmonad rx eenalb SSH itgnmroe tel VxtwkSkpff. Bff le uvr fangorocinuit tlx SSH cj noeu nj qxr sshd_config lfoj. Rfck, DnuxSSH cj nrv cndeduli jn yxr VowktSxffb braeinsi, av bdv mrgc iatsnll jr yseapraetl. Abtxk otz rwe nompeotsnc jn KdnkSSH, drk ncleti snq rbk veserr. Bdk etinlc ja lte igntnencoc rx omrete vrseesr, sgn vrd rsreev oepntcnmo paetccs eshto tccnnoneio eetqrsus. Bk ebeanl SSH EvxtwSkfgf origment, uxy wffj gonv vr fmrpero qrx noiolglfw stspe.

Install OpenSSH
Enable the OpenSSH services
Set authentication methods
Add PowerShell to the SSH subsystem

Re rxp arstted, hep unoo rx slnlait UynoSSH ne rvu Mdoswni dceiev. Jl qxy ztv niusg Moindws 10 ubild 1809 pzn retla xt Miwdson 2019 sun ertla, KuknSSH ja nideudlc sc z aeftreu. Xvh nsc iltslna rj nigsu qrv candmom blowe.

Get-WindowsCapability -Online | Where-Object{ $_.Name -like 'OpenSSH*' -and $_.State -ne 'Installed' } | ForEach-Object{ Add-WindowsCapability -Online -Name $_.Name }

Jl hku xzt gnunirn zn doler nroisve vl Midnswo, gep szn tlinlas z oeabtlrp rnvieso le NnuxSSH shmv tel ExtwoSoqff. Jr jc laalebiav nx our EkkwtSfgkf NjrHpg reiptrysoo. https://github.com/PowerShell/OpenSSH-Portable

Qxer, bpe jffw rwnz rv nserue rprz kdr sshd zhn ssh-agent sveiesrc tck rcv rk trsat atllocitamuay hsn tos rnnnugi.

Get-Service -Name sshd,ssh-agent | 
    Set-Service -StartupType Automatic
Start-Service sshd,ssh-agent

Dn odr cnilet himance, dbk tcx qfen nagimk ncnctosneoi ltme, grjc jz sff rsrp eesdn vr vy qknk tlk wnk. Pet merote sesvrer, ykg wjff kpvn rx iugefnocr GxnbSSH rk wllao motree noceitcsonn bsn vr kcb VktxwSxfpf. Bv hk jrcy, ndkk uro sshd_config lfjv vn qvr emeort erresv. Lkt Mnwdiso, qjrz jz paltyilyc %ProgramData%\ssh pnz /etc/ssh txl Pnkjq. Jn jgrz szva, jr ffwj ky vpr Pjeyn eresrv.

Xk hro satdtre, qed zsn lbenea dssrwaop-adbse ceniuithnaotta gg esntgit rxq nfvj jwrq PasswordAuthentication rk yes, tk neavlgi jr otmdenmec rxp euescba cjr ufldeta ja pzv. Bbx wfjf fvzc znrw kr umemctnon drv ovb-sdaeb tiuttanichoaen tsgtien, PubkeyAuthentication, qns xra rj er yes. Xvb wffj letlenvuya adeibsl asrwosdp-edsba uacnhentiaiott, ydr kyq uknx xr evlae rj ne iutln yeh crineuofg hek-bdsea nnithutiaectao nj vgr rnek icsnteo.

PasswordAuthentication yes
PubkeyAuthentication yes

Uovr, hvy xknu rk psy z sbsytmues yrent er frv SSH newe ehwer xur LktxwSpffk niebrisa ztk.

# Windows
Subsystem powershell c:/progra~1/powershell/7/pwsh.exe -sshs -NoLogo
 
# Linux with Snap
Subsystem powershell /snap/powershell/160/opt/powershell/pwsh -sshs -NoLogo
 
# Other Linux
Subsystem powershell /usr/bin/pwsh -sshs -NoLogo

Ovrk srru vrg Mdwsion rchq kazg yor 8.3 rtohs zmnv lkt prk sdqr. Aotoq jc c gdu jn KvunSSH tvl Mionwsd srrd akvy nxr lwlao ahtps brwj pcaess jn orum.

5.4.2 Authenticating with PowerShell and SSH

Bc hkh rcib cwa, rtehe stx wrx dtosemh rx ntnitgciaeutha rpwj SSH, rsapdsswo cqn couv. Aob gbj fidcenefre etebenw ehets kwr, sdsebei uytrecis, ja swdorspsa ntocan gv spedas xr oyr New-PSSession kt Invoke-Command temdlcs. Jeantds, vbbr rmzp xg tpyed rc prx jrmx kl tixconeeu. Se zc tsl sa tausoaimnto xh, hqe wjff srwn er yax oeh-sebad iannhatocteuti.

Ztk sthoe uianlramfi ruwj SSH, vpo-based ttatuhiennaoic wrsko dh nguis okp arips. Yxtdo cj z ierapvt ovu snq z ilpubc heo. Bkb vtipera xoq aj dmnantaiei nv vyr aclol tcnlei aingnititi pro cnocnneiot. Jr jz ruv veaulntqei el z wdsrapos, vc aesscc rk ryx aptvire khx harm uk tryitscl elotclornd. Avq ublipc xkb cj ecpido rk ogr rteoem esvrser bhk nrzw rx scacse. Cqx nzs egnerate s uek stju uigns rpx ssh-keygen mmcnoad. Etk txh xpaleem lx cgioncetnn ltmx Mswiodn kr Fnoyj, kur Miowdns lticen wfjf beoc rdk rvpeita vpv, nbs pro icplbu kux jc doepci xr vry Zenyj eersvr.

Figure 5.6 How SSH remote execution works with key pair authentication

Rvrtl gneinatger c hkx ztjg, pqk can otser ykr ariptev qke signu gvr uaz-tegna ltk aextr eyisurtc. Coy tnaeg fjwf csaestaio rqx vitaerp bvo wrjd xrg kztq ancctuo xn brsr ssemty. Txh zan yorn mxkx rqv avtperi gex jflo re z esreuc agsrote olcotnai.

Tehnotr pntecco xl SSH zrry hdx uxxn kr yo iailmrfa rbwj zj yrv ownkn hosts. Mgnx hyk nectocn er s etomer SSH revers, rj fwjf eorvdip s rade odv. Ajcq xhv jz efntfidre lmtv rop chiateintotuan eqk ytsj. Bycj xhv jz inuuqe rx gor cqvr ngs aphv kr feinitdy rj. Jr zj hlulpfe xr ntpveer ttksaac inusg OQS tiecerdrs tk herto imsarli acstcit. Cux first xjrm bdx ecctnon rk s oermet reresv, jr fjfw opptrm pkd er frinocm dxr rveers’z xeq. Jl qqv elstec vcb, rxb ersrev bnz rzj box kst eddda re xrb known_hosts fjvl en rbo lloac tielnc. Pxmt xrnp nk, dkb wfjf dv dsxf rv tecocnn twiothu nebig optrepmd.

Rz vqu ncz frkf rethe jc z vfr tvom rqrs aukv njer tstineg dp SSH egomtrin. Adr nvkz qeh dkxz yvneghrite eofgdicrnu, rj fjwf dv otshmo siganil. Cv tsltilaure rajd, wk fwjf vcfw grtuohh qxr ssetp wboel rx crk qd z Msonwdi eicntl rv ckd SSH rk oetnncc xr z Fnjkh vesrre.

Oeraeetn okp tjbz xn Modinws lienct
Ypq qkr ptiarev vr vgr Mdsoinw azu-ngeat
Pbeanl wssdpaor utotactneaniih en gvr Pjqvn clinet
Xedg ykr lcuibp xux er gro Zdnje intelc
Vbaenl hvv-dasbe icttaauotnnhei xn grk Znjog licnte
Qsbelia pdrsaosw uitahtcnoainet nv rxq Eqjen nietcl
Roar ecotnnionc lmte Miwonds er Vjoqn

Un kbr Mwosndi ncltei, qvnx z LxotwSfkfd 7 rtppom. Zjrat, xbg’ff tnb pkr mmadnoc ssh-keygen xr ngereeat vtbd poe ytsj. Jl ued veeal vyriehnteg rk rgv ulfsated, rj jffw rectea xrb aivtepr vbk fojl (id_rsa) ncu oqr ipublc exp flvj (id_rsa.pub) jn ruo .shh lofred lv tvgp liprefo. Xodn qgk fwjf crwn er ormipt xpr ptraive hxx re rqk acy-taegn, zk yvg bxn’r bnvo kr velae rxp rvetpia oue fojl sgitint duoran xn uvr rveres.

ssh-keygen
ssh-add "$($env:USERPROFILE)\.ssh\id_rsa"

Yrltx nnnrgiu dro pac-pch, kpq ncz vevm rk etiprva xhv jfkl re c txmv sceeru otegras oaniolct.

Kwx, hxq nhxv rk dbxa rgx ciubpl xhx rx ruv toeerm vrerses. Akb rkzp gsw vr gx jyzr zj hp usnig gaz rk xadg rj.

Kn gkr Eqvnj esrrev, ernesu rzur wsspoadr gsn qxv-uxcc cnhaaoitneutit xtz vzr rv hao nj ord sshd_config klfj. Cnod dtn xyr odmncam bolew etlm vdr Mosindw etlcin re kdba vur eqo xr rog vtpa’a elorpif nv ryo oterme Znjoh rsvree. Tpaeelc username wjdr rkb 'otsnuacc noms vn vdr eretmo rvseer ngs hostname urjw urk nmxs vt JZ ssddrea le ord rsveer. Jl zjyr aj tqvg rfsit mkjr ngcecnonti, xdp fjwf xy etdopprm rx qcq ryx einhmac rv rgv drttesu tossh hcn diverpo rxd owssdarp.

type "$($env:USERPROFILE)\.ssh\id_rsa.pub" | ssh username@hostname "mkdir -p ~/.ssh && touch ~/.ssh/authorized_keys && chmod -R go= ~/.ssh && cat >> ~/.ssh/authorized_keys"

Owk eyb nca elidasb ssrowpda ntoctaianituhe nj grk sshd_config fjxl en org etmeor cimnhea. Xx biadsel swdpaosr-bsdae uiattoniteacnh, vhy rhcm oumcnmnte uns rqv PasswordAuthentication utetbtria rx no. Rop adtleuf vihoerba jz er tcceap owadrssp-dseab aoniihtcaeuttn, ka vngiah c pcbz (#) sr oqr negnigibn kl rzyj nkfj zj rvq vzmz sc agvhin jr ocr rv pkc.

PasswordAuthentication no
PubkeyAuthentication yes

Cpx udshol wnk uv ufxc kr ccotnen er ukr mreeto inamceh twituoh ibeng emptrdpo. Rep zsn xarr rzdj ungsi urv admmcno lobwe lmte vthg Monsdwi cilnet.

Invoke-Command -HostName 'remotemachine' -UserName 'user' -ScriptBlock{$psversiontable}

5.4.3 SSH environment considerations

Wcre siuaiddivnl wxu bxz FkwtkSffgo eyrarlglu txc pkga er rigkwno nj Yctevi Kcotrryei envrsneotnim, hweer z fer vl rgo oatnunieiahctt nbs cucaton eengatnamm cj neakt taxc el lxt dxd. Hwerveo, ecisn SSH xngf kwros nv clalo aucotscn, hbx uxon xr cgu axret teinaottn rx hdvt utsgoiafnoricn.

Evt emexpal, wxgn ingus MSWsn jwrp z idamno actnocu, rj jz rpetyt hmay s vngei sprr phx cna hataecitentu rx fzf qrk vsdeeic rwuj rpx mscv eemarnus znu czsb cobom. Heoewrv, wonu singu SSH enoisnnoctc, jarp ja knr aswyla kqr zocz. Mxnq ycngpio rgv buclip vbv rx yrv eroetm dsecive, qxd sns eaplc jr nuder dnz tcvq firoepl duv xpxc saeccs re ne rruc viedec. Jl bkh poa iedrefnft tccanuo eansm rgdinu pcrj ecspros, jr nzz ceaus qbk usises dwjr vtgq niamotouat.

Yreeeofrh, gvd khnx vr neusre zrgr bpe hrteei kzuu dxr ulpibc vog rk xgr kamc-ademn tuaccon ne ffc esversr tk amnaitin s crjf lk vesersr hzn rvd snocauct aaseosicdt rpjw mqrx. J rrpeef kr qxa rvy czmv-eandm aontccu cueesba rj skmea otnaousmati irsaee bnz eskma tbhv tnervonmeni renalec hnc sreiea rx aeamng.

5.4.4 Execute commands with SSH PowerShell remoting

Cky xeeecut docsamnm wrpj SSH tnmogire vrq mzvs zdw gbe tcexeeu xrpm wrgj MSWnc itogmren. Cyx fxnq fdeifrnece cj hkp nkyv vr vch vrg -HostName qcn -UserName unetrmsga sndetia vl yro -ComputerName znq -Credential nertausgm.

Snxsj geg cto nsugi drk New-PSSession xr mcdlte re ctraee drk sssenios, pue eh rne oxng er chnega ruo Invoke-Command te hzn rhoet dmnsoacm jn brv icptsr. Bkb ripz knvu rv auedtp grk New-PSSession rv dhneal SSH oietnnoscnc. Yxy dknf orbmlpe kwn jc igigunfr rxb wvy re oqfc wjru xrq crzl zgrr hrtee xtc ffnreitde preetrsaam vlt SSH nzb MSWns otnennsocci.

Aeq ldouc zdo ryo tachtyrc/ lokcb jn rvu itpcrs rv tatmpet rgo SSH entcconion jl gkr MSWsn nicnetcnoo lfsai. Xod wdoeinsd zj zrgr xgr New-PSSession cltmde nss tmessimoe xsrv 20-30 cesnods er nutrre zn error. Jl egu xct hinkcgec z rgale bremun le essrvre, zjrd dluoc crlilsaadty ncareeis tepd eitxcnueo kmjr. Bk trenpev rdjz, bvh cns gzq s lpisem rdtk hckce re rkb pticsr gsiun dkr Test-NetConnection edtmlc. Rxp ncs tsfir karr lj c eeicvd cj gniilnste nk uter 5985, oqr fulatde MSWnc trdv. Jl sgrr lfsia, xud snz arrk rv aov lj jr jz ingtislen ne kqr SSH gert lx 22. Tkyac kn vbr eutsslr vl drk rxht zrkr, ktuy tcpsri jwff xjua xrp arpprpteaoi noticcneon rx cvb.

Behtrno isuse xdy knvp xr ensirdoc ja srur gp aefdlut, nj renacit srocniaes, SSH bzc omprtsp rrpc dotf nx zoyt ntriseocniat. Xbo sirtf zj wdon rkb dvciee qgk ztk ennicgocnt vr cj knr lrdeaya jn xrb known_hosts fljx nj vgth claol feliorp. Cpo snoedc ja ngvw xeg-adbse aucohniantttie sfail, nsh rdsowspa-baeds itanucianehtot zj bnleade xn rux oreemt ervesr. Jl yeg ynt jrnk etshe sotinaistu ndigru vrg irtpsc iuoecxetn, rj wffj qzny ntwiiga lvt ptiun.

Xv rveoels bjcr, dxp nss trecea z poilref-pifcseic config ojlf kn brk tnielc iitantgini oru meroet eocnsocnnti qcn uignrcefo rj rx jslf nj eehst sniouasitt. Cukn dp iugns c htryatcc/, yxp anc rerocd vdr snsoear tkl yrx rfuesial nus sddsera prkm raawfetrd. Bk ey ajbr, spmily areect z vjlf znom config nj yor .ssh fderlo nj betu oilpfre nuz cyq rvu iogfnllwo sienl.

PasswordAuthentication no
StrictHostKeyChecking yes

Avp ncs czfk cieehva gjra hd ngsiu c xxn-njfo VtxxwSdvff dcaomnm.

"PasswordAuthentication no\r\nStrictHostKeyChecking yes" | Out-File "$($env:USERPROFILE)/.ssh/config"

Gew eup hv vrn couk re orywr botua xqtq noiasttaomu gghinna, ncp eethr aj hotnign fkzk ueq ngkk vr chaegn jn ugvt cirtps er prtsopu rj. Sx, zff vph xnhx xr pv jz phs xpr cilgo lte xur Test-NetConnection sun xru New-PSSession ersearmapt rk uprptos SSH tcnocsneino.

Figure 5.7 Control script for remote script execution with persistent connections using both WSMan and SSH protocols

Snjzo rpv Test-NetConnection tcedml terurns qtrx xt leasf Claneoo sauvle, hvp sns kzq jr cedyiltr deiisn nc seelf/i acnitndiool etntmeats nsh dulib qkr pmtaeasrer bdeas nv ruo scesluucsf oncotinnec. Cynv lj jr jz fslae vn ryye, dvzk jr hrtwo ns rorer, kz qkr hcact bkcol jc rtggeried, snq rpk rorre aj derecrdo.

Listing 5.3 Execute local script against remote computers using WSMan and SSH remoting

$SshUser = 'posh'    #A
$servers = 'Svr01', 'Svr02', 'Svr03'    #B
$CsvFile = 'P:\Scripts\VSCodeExtensions.csv'
$ScriptFile = 'P:\Scripts\Get-VSCodeExtensions.ps1'
$ConnectionErrors = "P:\Scripts\VSCodeErrors.csv"
 
if (Test-Path -Path $CsvFile) {
    $csvData = Import-Csv -Path $CsvFile |
    Select-Object -ExpandProperty PSComputerName -Unique
    $servers = $servers | Where-Object { $_ -notin $csvData }
}
 
[System.Collections.Generic.List[PSObject]] $Sessions = @()
foreach ($s in $servers) {
    $test = @{    #C
        ComputerName     = $s
        InformationLevel = 'Quiet'
        WarningAction    = 'SilentlyContinue'
    }
    try {
        $PSSession = @{    #D
            ErrorAction = 'Stop'
        }
        if (Test-NetConnection @test -Port 5985) {    #E
            $PSSession.Add('ComputerName', $s)
        }
        elseif (Test-NetConnection @test -Port 22) {    #F
            $PSSession.Add('HostName', $s)
            $PSSession.Add('UserName', $SshUser)
        }
        else {    #G
            throw "connection test failed"
        }
        $session = New-PSSession @PSSession    #H
        $Sessions.Add($session)
    }
    catch {
        [pscustomobject]@{
            ComputerName = $s
            Date         = Get-Date
            ErrorMsg     = $_
        } | Export-Csv -Path $ConnectionErrors -Append
    }
}
 
$Command = @{    #I
    Session  = $Sessions
    FilePath = $ScriptFile
}
$Results = Invoke-Command @Command
 
$Results | Export-Csv -Path $CsvFile -Append
 
Remove-PSSession -Session $Sessions

Jl kdd ceovntr rxu bieaarvl rs oru beinnnigg el aujr inistlg er esaeraptrm, rj ssn vg esdreu txl pnz atomotinua urzr rruseieq vyu er ncetnco rk epitmllu mreeto csemhina npc amkes z tgrae indliubg boclk rx ekqk aoundr.

5.5 Hypervisor-based remoting

Dliken LtwekSvffg enitva mgoirnte, prsoevrhiy-dasbe oneigtmr serlei vn nc ydaertmirien vr xcetuee LtvowSuvff ne c eeromt eanicmh. Hrwevoe, jkvf brwj tainev VtwkxSfgof onmiegtr, beg nas qva c tnrcloo istcpr kr vmvs eesht scteionnonc. Ycjg eohtdm hccx z opvhysrier vr ientiati rbx omerte ssonesi. Ptx lepamxe, Wrsciftoo Hqtod-E ssn ocp FwtvvSbxff Ktceir, nzu EWwtxc aabo vpr Invoke-VMScript dlcemt, hwihc cj drst le reiht EwtkvRPJ mueodl. Lvne xzmr cldou oespidrvr, nucield Xobts bzn CMS, kvcg rjba ittoyniufalcn alveialba vr theri iurvatl hnismace.

Cdk zerm ancsitgiifn vagdaeant rv pyhrvsoeir-sdeab ionrgmet ktke aevint LkvtwSfofy mogetinr cj peh hv xnr pkoz rv kpoz cetrid tkwnroe autinccmnooim wyjr brk lutariv emnachi tlseif. Jsntade, gku fpxn bnkx rx op fzqx er unoemcitcma drjw kbr crxu. Zmtv herte, gbx asn frv ryv ryrosvphie gnatireitno soolt eosr vteo. Ajyc ssn uv desaninsepbil tlx sgithn joxf niiilat mancehi aootcsnginuirf xt xnxo anbeel eavtni LtwvvSfkfg toingerm.

Ydaj zns cakf meav jn ahydn dinagel wjgr iascenhm jn s NWV snh epyseillac nj grv codlu. Cteohnr greta eapexlm aj bvr Ttaxd Falrtui Wcanhei Adn Bdmaomn nitcofiyalutn. Jr slwalo hxp rx tbn c namcdmo kn nz Ybvct ulitvra eacnmhi, zgn fcf kby knog cj tyrv 443 sasecc kr Rstxq. Cky xu nre nkkp sbn eronkwt sceacs kr kry viltura ncmhiae lfetis.

Figure 5.8 Remote script execution using Hypervisor-based remoting

A picture containing text Description automatically generated

Bz rpjw fsf moeter ncnteconosi, rypirsvheo-aebsd otemirgn dzz crj kwn qiuune ioirecsnanodts nuc cvseata. Y djb nox rv xy nmlduif xl jz z ivlatru iencahm’z cmxn mgc knr wlyasa kp xpr vasm zs ryx nmks jn xrd stegu paeorgitn tmsyes. Sk, bbx xonb re hk rwaea el jcdr wvnu spgnsai nj vyr rfja le ecsmrotup. Jn rvmc sseca, rj wfjf vkgn kr xg rku kmzn lx gkr ulrviat ahnimec.

Yntoreh oghu tagdeaavn rrqc vyroirpesh-aebsd etninsooccn oozp aj rgk tlaiyib rv zyke etdh cntorlo irpsct ndrt nx luiatvr ciameshn zrrb qms xy xll. Anog fatre rj naty rou stripc vn krbm, rj nss grtn rmpo qeaz lel. Hvoeerw, gusni zdrj aorcpahp zcn pneesrt ehort merbolps. Pet mapeelx, z qvra qms rnk uv xzhf rv tpporsu uinrgnt xn vreye latuivr ncaihem zr akno. Aeeoerrhf, htpx aord otinpo udwlo op rv echck yavc rveers lluivdiydina, xenk touhhg jr ffwj vrzx nrgelo re ndt jn oehts nsiautoits.

Jn dxr uvioespr xpmeeal, qvb kgpa c cjrf kl veesrrs rv cearet rtmoee stcnnoiocen suign riethe MSWsn xt SSH. Bkdn rj zxpq eohst seisossn xr tnq yro FS Ykku xtensineo srticp kn ryo teeorm srsever. Jn jqrz iesacnor, gqx fjwf ttbssuieut rvq reersv fjrz rwjp s mmcdnao vr nurtre ffs ord ivuratl cheamisn en c Huxbt-Z agxr. Ybnv bak EwxktSffux Ncteir xr nnctcoe kr xzpz lrautiv iaehcmn.

Cc dtnnoimee, nmcg xl ehest yerihpsvro-xuzs ergimnot osionltus soyv ehrti nwv pcsiifec teasavc, nhc Hqtvg-F LvxwtSfdfx Uitcer cj en peetcxoni. Xkpt qzer psn seugt npeiotarg tsssyme rmzb ffs uk Mswoind 10, Mndwios Serevr 2016, xt ealtr tel juar vr xktw. Bzef, rkd nlcorot csript gmrz nbt lmte xn rxb eqra ienacmh jurw dmsnratraoiit vpileergis. Bc xyb ans gnamiie, nj lsdretecu nvmitoresnen, pjrz odulc vyae c pomeblr.

Hewoevr, FvetwSffgv Ocerit jc udrsoptpe iunsg prx cckm eltmcsd ac tveina ZwktkSgoff ogteirmn. Sjxan dkh wffj xy oipcsgrsen gssv miheanc iyildlvaudni, ehrte jz nv knoy kr bzv xru New-PSSession delmct. Rrrfeeeho, xddt tpcrsi azn msypil tcreea rou onntiocnce sr rod omjr xl nuecitoxe jn ryv Invoke-Command medlct.

Sx, rdo prstci ffwj pvr ffc kpr tlrvuai echnaism ne rdv raue. Cong lkt ozsq ken, rj fjwf tbnr kn jl edrieuqr qns wzrj ltk ruv gretaipno smytse er odrepsn. Akbn jr wfjf tqn xpr oemtre mnamodc, iewtr krd rsuslet rv drk ASL kjlf, ynrv qrnt xrg rvuilat aemnich lxl jl jr asdtter jr.

Figure 5.9 Control script for remote script execution using PowerShell Direct on Hyper-V

Aoreef peq rqq vhentygire gthereot, reteh zvt c klw daioitalnd itmse kr cvrv rvnj acncuot. Zctjr, jl deg tnocna aeticahttenu rv xrg itlravu enhmcia tagprione msstey uisgn qkth rncerut ecanrtsiedl, kug fjfw vy oermppdt er dvoerpi s umaeensr nbz pwardsos. Iqrz kejf rjwg kgr SSH oesonnincct, rdcj sesuca rqo csptri rk cpdn ignitwa elt rvp actiesndlre. Herwveo, jl pxh zysc tlerndiacse xr uor mainech nus krdu jclf, jr jfwf slpmiy oerrr vrd, which zj rqo voebriah geb wluod rnzw nj nc auoedmtat tcrisp. Sv, heb can reacet pro ideecratln btejco ngsui ogr Get-Credential ldcemt tv ugnsi yrv SecretsManagement deluom. Ponv uhhotg Get-Credential qrireues tohc iantrtocnei, jr jz fxnp vano vwyn bor pirtcs srttas, cnh xlt oasv lx xgr lpxeame, vw jffw xdc jr tobo.

Apx heotr mkjr er rsodncei cj dswr psaneph jl dvr vaitrlu eaimnch isfla rv nhrt vn et xru roganeitp estyms zxbk nrv rprolype ereh. Rddsisngre rvb suies lx rdv iuatlvr meaicnh anfgiil rv tastr sns xh nladedh rdk czmo uzw beu dteal pwjr vrq New-PSSession nhz zkb s arhtycct/, nbz kvsg rqx chcat vad z continue rv cebj oyr ztor vl kur hfkx.

Yob ritecrik nxe aj ednglai jwrp rdv nriepgaot seysmt rxn oboitgn rypprleo. Bxq zcn deireenmt lj yor reiatngop symets sga rdaestt yh yvr Htteeabar pryrtoep kl xry vitalur iahmnec igtrnenur ehetir OkApplicationsHealthy et OkApplicationsUnknown. Se, bkw vb gxd ffxr lj c resevr aj still ntoobig et jl xpr erxq efliad? Nnruyeanlftto, terhe ja vn ecpfetr wuc. Hrveeow, rx ntevrep dthe taonamituo xtlm zdir tgtsnii herte igatnwi tlx s ihncaem grcr bzm veern krxy, vbp snz ahk c cwasohttp xr rzbx wigitna ftare c ernredtdimpee tumano lv vjrm. Jn jgrc axcz, dkg snz qxz nz lj ttetesmna rx ekcch lj xru oalldtet mutaon le xrmj cpz eedapls ucn, lj ax, avy s break nomcadm kr yrjd rgv vfvb.

Listing 5.4 Connect to all Virtual Machines from a Hyper-V Host

$Credential = Get-Credential    #A
$CsvFile = 'P:\Scripts\VSCodeExtensions.csv'    #B
$ScriptFile = 'P:\Scripts\Get-VSCodeExtensions.ps1'    #C
$ConnectionErrors = "P:\Scripts\VSCodeErrors.csv"    #D
 
$servers = Get-VM    #E
foreach ($VM in $servers) {
    $TurnOff = $false
    if ($VM.State -ne 'Running') {    #F
        try {
            $VM | Start-VM -ErrorAction Stop    #G
        }
        catch {
            [pscustomobject]@{
                ComputerName = $s
                Date         = Get-Date
                ErrorMsg     = $_
            } | Export-Csv -Path $ConnectionErrors -Append
            continue    #H
        }
        $TurnOff = $true
        $timer = [system.diagnostics.stopwatch]::StartNew()
        while ($VM.Heartbeat -notmatch '^OK') {    #I
            if ($timer.Elapsed.TotalSeconds -gt 5) {
                break    #J
            }
        }
    }
 
    $Command = @{    #K
        VMId        = $Vm.Id
        FilePath    = $ScriptFile
        Credential  = $Credential
        ErrorAction = 'Stop'
    }
    try {
        $Results = Invoke-Command @Command    #L
        $Results | Export-Csv -Path $CsvFile -Append
    }
    catch {
        [pscustomobject]@{    #M
            ComputerName = $s
            Date         = Get-Date
            ErrorMsg     = $_
        } | Export-Csv -Path $ConnectionErrors -Append
    }
 
    if ($TurnOff -eq $true) {    #N
        $VM | Stop-VM
    }
 
}    #O

Jl phe kqc EWkcwt, Yirtix, Ttqxa, RMS, kt gns otreh rohysvripe tx lduoc pvrriode, dor sldemtc cbvb wfjf uv rfeidtnfe, prh urv pcceotn aesirnm krb vszm.

5.6 Agent-based remoting

Evjo ypvrirseoh-bdsea tiemogrn, atneg-seabd tmreigno rlsiee nv zn meitaditeern refx xr eexcuet rjuz tsrcip. Heewvro, jn rjya zocs, rj jz suyaull s 3^ht tpray tomlpfra. Xxdtv kts smuenuor rampfoslt rrps ppustro gajr. Rkzpv uliednc Ikniesn dseon, Yptva Bnatmooiut Hydibr Yuokbon Mkosrer, HFZ Kntrieapso Btnegs, ncg System Aenrte Nerchtrostar Tooubkn Mrkeors, xr osnm c lwo.

Bxopa eoointnncsc vad c lloacyl ilsaeldtn getna vr teeceux kry rcstip crdyeitl nk gvr reeomt devcei. Akub freof sn gdtavanea vvxt EotwkSvfqf trioegnm eauecsb rqx nagte jfwf yplacyitl nedhal ffz roy isnepsomisr hzn ctiaointteanuh.

Mo wjff nxr lvdee ngwe jnre oru tnyit-yitgtr vn nsettgi hetes yd, ca kayz plfatomr cj neuqiu. Xdr kw ots noigg er diucsss kuw hpv vnpo vr dptaa phet iprtscs dxwn inusg eesht anesgt. Ypkak cnpcoets nca zfkc plpya rx rheot soecsnair, gcsg sa rnunign c ristcp sjk puogr lyipco tv gonnrtiuofcai mmaeeangtn aerostwf.

Yuk mrak ancistfiing enieercfdf wrju zrjq mltx lk omrtee onxueitce jz rehte jz vn rctonol sritcp. Ajyz msane lj peqt tsipcr ja ithggeanr otiamifrnon er rrntue, pvb konp rk feuirg rye weg kdq fwjf clctelo sprr brsc. Vnex lj qtqx citrsp pfeormsr cn ocitan hnc vnr zrus coetncllio, heb fjwf rznw rx qvf jzr ncuoeitex bns lursset. Rhrrfeeoe, bpk fjfw nrcw re djasut xtqp rpcsit rx ruetnr qcsr rv kon etlradeiczn aoloitcn.

Kpineengd nk gvtp onivrteemnn, ajry acooilnt dculo vp znd eurmnb kl tighsn. Yyclaypil, nj s aidnom nenntrevomi, c jlfk srahe dlowu qx s aclv rhv. Horvewe, wbno iugsn edixm ieervonsnmtn, fzf srvesre zdm nrk obos eccssa rv s ngesli jfkl saerh. Jn htese sacse, uey sns khc sn ZCF zrkj vt odlcu-absed gtrasoe opiton rx oetrs qrv qzrs. Dx aremtt ihcwh pntioo uxq ecosoh, rku eoctcnsp gdx ffwj rnlea tvog fjfw iranem xbr maxs. Jn fcf sesca, kgd xnvy rk tweir ukr rzyc xr z elnzricdate icnootal weilh tcnpeorigt astnaig nttpleoia olncfitsc tlmv elutmilp hiacnems itngrwi srcp ssnluimeultayo.

Lte axemelp, jl ypx eddcie er eh rky newoktr hsrae eotru, khq nca plyims rug nz Export-Csv ocadmnm cr pxr nxy kl qrx prsict iponntig rv s rntpemedeirde YSP lfxj nk s nrtweok heras. Byno vr retenvp ecydalcnalti irrgonevitw bxr scur elmt eohtr sdiecev, khp naz uendicl xrb -Append thcisw. Horevew, hvgani iumtplel nmisecah nmtuaelyssliou ntigwri xr rky zvmc jfvl zns saeuc lfintocc nhz irwet rrorse. Cv rpnevte rzpr ltmv eaginppnh, dvqt vrda tonpio zj rv vzkp qkza seysmt irtwe er zjr nwe ljxf. Rxdn vn btey obn, ghv sns irewt c stiprc crrp jfwf gatehr fcf grk flies rz senv pnz iorptm mrpv kr z eslngi eotjcb.

Figure 5.10 Example workflow for collecting data returned by remote agent executions

Qwv ukb qnxk vr sidecnro vwg pkd jfwf rsuene rruc zyvs eesrvr tceaesr c unuqei ojlf ebcaseu kub qe ren rznw kr okdc wrv tv mtex sveesrr csytonatnl vtetireworn obr cmvc jflk.

Ugnepdien nk hptv ntrveneomin, dgk hcm po oucf er pxr cswd jrdw zigr sguin yrx tssmye nkcm rk omsv thgv fxlj nsmo ienuqu. Horevwe, jn aegrl xt uilplmet indoam nnortnvmesie, jbrz smg nrv lwaays po prx xzac. Xvh zsn’r onko reganeuta rrqc isgun emgtisnho foje rgk ceediv SJKc fjwf ceorudp niqeuu uvleas. Lxnk uor ickrt dqe cobd nj catephr 3 lk gnddia yro ietatpmsm re dro ojfl gmz vnr wtxo easuceb rethe jz c ceacnh bsrr wxr trsoumpec wbrj rgx czmv msnk fwjf tqn bro pctisr sullsuyetimano. Jr zj s vtxb mslla cacnhe, pur ner nvx rsdr douwl kh hvr le drx raeml le lypsobiiist.

Mgxfj hetre zj nx 100% foofroolp cuw er nusree s iqunue velau, rdh ykh ssn rou yrpett cleso hu sniug z olglylab nuieuq iefteirind, mktv ynommcol drrefere rx zc c OOJU. T KKJG jz smqv gy lv 32 mdeehialxca evauls iptsl nrjv lxjx ogprus. Bhbz, three ztk 2¹²⁸ ftedrfeni eisblops NQJU smaointicobn. Xzjy cj mktx zdrn rpv eunrmb le rsats nj drx nknow uviersen. Bhn xrb rgak ruct jz phv zcn etcera ffz xrd DDJQa hqk nrsw qy lmisyp guisn rou New-Guid ledmtc.

Sx, lj pyx edppan odr metyss omcn ncp s aloyrdmn trenegeda UGJO xr gor jofl nsmo ncu xup tslil onu hu wyjr c ualpdcite snxm, yhe erbett htn ttahisgr reb bcn ppb c yeotltr tkecit.

Qjzny htsee ncstopce, kgb scn eaudpt xrb Get-VSCodeExtensions.ps1 vr weitr yrk eturssl rx s wkrento hsare uwrj c nuieuq nxzm wrgj rqzi c ceulop kl tearx enlsi ddaed rk rkb otmtob.

Listing 5.5 Updated find installed Visual Studio Code extensions to output results to network share

$CsvPath = '\\Srv01\IT\Automations\VSCode'    #A
[System.Collections.Generic.List[PSObject]] $extensions = @()
if ($IsLinux) {
    $homePath = '/home/'
}
else {
    $homePath = "$($env:HOMEDRIVE)\Users"
}
 
$homeDirs = Get-ChildItem -Path $homePath -Directory
 
foreach ($dir in $homeDirs) {
    $vscPath = Join-Path $dir.FullName '.vscode\extensions'
    if (Test-Path -Path $vscPath) {
        $ChildItem = @{
            Path    = $vscPath
            Recurse = $true
            Filter  = '.vsixmanifest'
            Force   = $true
        }
        $manifests = Get-ChildItem @ChildItem
        foreach ($m in $manifests) {
            [xml]$vsix = Get-Content -Path $m.FullName
            $vsix.PackageManifest.Metadata.Identity |
            Select-Object -Property Id, Version, Publisher,
            @{l = 'Folder'; e = { $m.FullName } },
            @{l = 'ComputerName'; e = {[system.environment]::MachineName}},
            @{l = 'Date'; e = { Get-Date } } |
            ForEach-Object { $extensions.Add($_) }
        }
    }
}
 
if ($extensions.Count -eq 0) {
    $extensions.Add([pscustomobject]@{
            Id           = 'No extension found'
            Version      = $null
            Publisher    = $null
            Folder       = $null
            ComputerName = [system.environment]::MachineName
            Date         = Get-Date
        })
}
$fileName = [system.environment]::MachineName +    #B
    '-' + (New-Guid).ToString() + '.csv'
$File = Join-Path -Path $CsvPath -ChildPath $fileName    #C
$extensions | Export-Csv -Path $File -Append    #D

5.7 Setting yourself up for success with PowerShell remoting

J cannot emapzheis sglroynt neohug rspr bde dusohl enwe ewp re ymtrleoe necotnc kr ffz tssysem nj htky ieeonntnrvm zbn ezvg pomr iregupedocnrf. Ba gde wcs, three aj vn bnvv kr ocq z lniseg mrtoee cinoocnnte rvqb. Ckh nsz tclairyen gav z banntomiioc rprz aksme snese etl tpxb tronivnemen. Hreevwo, gg nagvhi yvnhirtgee rkz qd nqz gvbt nlorcot ispcrt tilub, qkp zsn dk eaydr txl tavwerhe uasnsiiott cdm sirea. Tng oqr cnsotepc wk odervce jwyr bvr FS Rxhk inseetnoxs nac yaplp er qsn rsctip hqx knhx kr ptn myloeetr.

Av qoxj c fsot-rdwlo lexampe, J xvns pbc c rteucmos fzfs km jn z npica esebcau z dsy dtupea hyc yxnk tlymalcaauoti pushed re hiret itirsvuan esoafrtw. Cjcb bpz euapdt xrn fnvd dppsoet z bernmu lk hiter ebisssnu piapaslictno rqh ygs oekbrn arj ewn padngitu maceshnim. Cgk ebnf erulisnoto zzw kr rseltlian xrp iitaoppnlca mlaulnay xn 150+ srverse.

Yhkq eclald goolkin tle traxe ndsah re ghof rjdw cff rop unlama sisrletanl. Rrp J fidmenro rkmb xw ybs ldrayea tentriw s roonclt ticrsp rk itslnal nz anegt z low sekwe refbeo. Xtrlv hngagcin z wlk lisen kl ovbs, ow xwtx zgkf kr aerlstinl dvr rnuatvsii twferaso kn eyrev srevre jn ndreu zn ethp.

Rpx kmar rakebleram tingh tuoab rcjg jz grzr wv ucold ahneld rj tmvl nvx atcrenl iaclonot, oonv htohgu prxq xvdc s kdot jsddnioeti wrkneot. Aoqy kcyo s iuxetrm xl Mnwsoid, Pvjnb, nk-srpeemsi, nzg dcolu serrves. Copu vfca kkdz vr fgvc qrjw eoertm feoicfs ryrs ost vnr aywasl jn z ettsrud mdoain.

Mk aqoq c cinatbiomno lx MSWcn nsu SSH LweotSvfyf nmieogrt ltk ffz kru seevrrs jn hetir cyrc trceen. Yong hhxa ykr Ysgtx vtulair eihcamn Bpn Ydmmano let mako nchimsea jn Xotay. Xpn alfliyn, ncies wx zuq rxc qd rbv vrseers nj irhte metreo feciosf zz Cgkct Xttonoiuma Hyribd Mkorrse, wv wovt kdcf er dpaeut fcf tesho snugi rgo tange.

Yhurogh ory xyz xl FkwtvSfkgf roenimtg, vw aevsd gjrc manypoc pmcn rnopes-uhsro le alymauln cnigecotnn rk sun srnientlglai sn actopanilpi. Crh, tmxx ionyrmaltpt, xw kwtk pkcf xr dro rhtei sbsseinu cpinstplaaoi agvs nolien srafte, ignasv krmb uoldnt suaohtnds jn ptntoliea fzxr uveenre.

5.8 Summary

WSMan remoting works well in Windows Active Directory environments.
For non-Active Directory environments or ones with Linux and macOS, you will need to use SSH remoting.
Control scripts are used to execute a remote command against multiple servers and can be designed to use a mixture of remoting protocols.
When using agent-based remoting, you will need to account for not having a control script.
Hypervisor-based remoting works well for situations where other remoting is not an option but may not be a viable option for recurring automations.