PowerShell over SSH

July 22, 2023 · 5 minute read

Introduction

PowerShell remoting typically relies on WinRM for executing commands on remote computers. While WinRM works well on Windows machines, its compatability with Linux systems is somewhat limited. In contrast, SSH allows for the execution and data transport of commands while being easy to configure as well as cross-platform. This enables us to send PowerShell commands from Linux to Windows and vice versa.

Configuration simplly consists of installing and configuring PowerShell on both machines, and installing PowerShell as a subsystem within sshd_config. As a result, it becomes recognized by SSH and enables the remote execution of PowerShell over SSH. Microsoft has an official article on PowerShell remoting over SSH. This article includes in-depth information on configuration and installation. In this case I'll provide a brief overview of installation and configuration.

Windows Configuration

Step One: PowerShell 7 installation

The first step is to install the newest version of PowerShell that supports PS over SSH. You can easily install PowerShell 7 very easily from an MSI installer. More information on installing PowerShell 7 can be found here.

NOTE: The PowerShell 7 installation does NOT replace the old version of PowerShell. Instead, it installs to a new directory and runs side-by-side with the older version of PowerShell. By default PowerShell is installed to $env:ProgramFiles\PowerShell\7. The path can also be represented like this: c:/progra~1/powershell/7/pwsh.exe

Step Two: OpenSSH Installation

While OpenSSH can be manually installed via optional features in the Windows GUI, it's much easier to install OpenSSH using PowerShell. To Install OpenSSH using PowerShell you can use the following commands:

Check if OpenSSH is already installed


Get-WindowsCapability -Online | Where-Object { $_.Name -like 'OpenSSH*' }

Import-Module NetSecurity

Install OpenSSH Client


Add-WindowsCapability -Online -Name OpenSSH.Client

Install OpenSSH Server


Add-WindowsCapability -Online -Name OpenSSH.Server

Set the SSH server to start automatically


Set-Service -Name sshd -StartupType 'Automatic'

Lastly, start the SSH Server


Start-Service sshd
#Check Status
Get-Service sshd

Step Three: OpenSSH Configuration

The last step is to configure OpenSSH to support PowerShell SSH remoting. Before we start, we can verify that PowerShell support SSH remoting support with the following command:


(Get-Command New-PSSession).ParameterSets.Name


Output

Name
----
SSHHost
SSHHostHashParam

Once you confirm that the functionality is supported, we can add the following lines to sshd_config to configure the OpenSSH server. By default SSH configuration files are stored at C:\ProgramData\ssh\sshd_config. To edit the file, make sure you open notepad as an administrator.

Add the following lines to sshd_config:

Make sure password authentication is enabled:

PasswordAuthentication yes

Create the SSH subsystem that hosts a PowerShell process on the remote computer:

Subsystem powershell c:/progra~1/powershell/7/pwsh.exe -sshs -nologo

Once complete, restart the sshd service for the changes to take effect.

Restart-Service sshd

Linux Configuration

Step One: PowerShell 7 Installation

PowerShell can be installed on most Linux distributions. PowerShell is available on most native package repositories for easy installation and updates. While the process of installing PowerShell on various distributions may differ slightly, PowerShell is designed to be cross-platform and installation is typically the same.

Depending on your package manager specific to your distro, you can use the package manager to easily install the PowerShell package. For example:

Debian/Ubuntu: sudo apt-get install powershell
Fedora/CentOS: sudo yum install powershell
Arch Linux: sudo pacman -S powershell

Once installation is complete, start PowerShell by typing pwsh in the terminal. To avoid potential issues with versions, ensure that both your target and client machine have the same major version.

Step Two: OpenSSH Installation

Installing OpenSSH on most Linux systems is fairly straightfoward due to package managers. It's basically the same process as installing PowerShell. Below are a couple examples.

Debian/Ubuntu: sudo apt-get install openssh-server
Fedora/CentOS: sudo yum install openssh-server
Arch Linux: sudo pacman -S openssh

Once OpenSSH is properly installed, we can configure the service.

Step Three: OpenSSH Configuration

This step is the same as the windows configuration. All we're doing is ensuring that password authentication is enabled, and that we add the PowerShell as a subsystem. Typically the files for OpenSSH are stored at: /etc/ssh/sshd_config. Below are the lines to needed to properly configure the service:

Make sure password authentication is enabled:

PasswordAuthentication yes

Create the SSH subsystem that hosts a PowerShell process on the remote computer:

Subsystem powershell /usr/bin/pwsh -sshs -nologo

Once complete, restart the sshd service for the changes to take effect.

sudo systemctl restart sshd

Practical Demonstration

Linux to Windows

Invoking remote commands from linux to windows.


#Enter powershell                    
[user@cocoec-linuxbox ~]$ pwsh

PowerShell 7.3.5
A new PowerShell stable release is available: v7.3.6
Upgrade now, or check out the release page at:
  https://aka.ms/PowerShell-Release?tag=v7.3.6

#Create remote powershell SSH session
PS /home/user> $session = New-PSSession -Hostname windowsbox -UserName pcadmin

The authenticity of host 'windowsbox (192.168.1.5)' can't be established.
ECDSA key fingerprint is SHA256:2kCbn2kCbn...
Are you sure you want to continue connecting (yes/no)?
pcadmin@windowsbox's password:
PS /home/user>

PS /home/user> $session

Id Name            Transport ComputerName    ComputerType    State         ConfigurationName     Availability
 -- ----            --------- ------------    ------------    -----         -----------------     ------------
2 Runspace1         SSH       windowsbox    RemoteMachine   Opened        DefaultShell             Available

PS /home/user> Invoke-Command -Session $session -ScriptBlock {hostname}
windowsbox

PS /home/user> Invoke-Command -Session $session -ScriptBlock {$PSVersionTable}

Name                           Value
----                           -----
WSManStackVersion              3.0
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSEdition                      Core
SerializationVersion           1.1.0.1
Platform                       Win32NT
GitCommitId                    7.3.5
PSVersion                      7.3.5
PSRemotingProtocolVersion      2.3
OS                             Microsoft Windows 10.0.22621

Limitations

Limited Sudo: In a remote session to a Linux computer using PowerShell over ssh, you cannot use sudo to elevate privileges. This is done intentionally for security reasons.

Account Usage: PowerShell remoting over SSH only supports connecting using local accounts on the Linux machine. It does not support domain accounts by default. This is because the authentication mechanism used by SSH is based off of local user accounts or public key authentication, not Active Directory or other auth systems.

If you encounter issues when establishing a session, ensure that OpenSSH-server is currently running and is properly configured. Additionally, make sure that local accounts are properly configured, and that firewall rules are in place to allow the successful creation of a session.