Getting Started with PowerShell Remoting

Setting up PowerShell to use SSH requires the following steps and configurations.

• Install OpenSSH Server and Client
  • OpenSSH for Windows is available directly in Windows 10 (1809 or higher) and Windows Server 2019 as an optional feature (visit Thomas Maurer’s Blog for instructions on how to install it on Windows 10 and on Windows Server)
  • On Linux, you can install OpenSSH depending on your platform
• Configure the SSH subsystem to host a PowerShell process on the remote machine

Run the following commands to install the required capabilities (OpenSSH.Client may already be installed), service configuration, and firewall rules.

# Install the OpenSSH Client and Server 
Add-WindowsCapability -Online -Name 'OpenSSH.Client~~~~0.0.1.0' 
Add-WindowsCapability -Online -Name 'OpenSSH.Server~~~~0.0.1.0' 

# Initial Configuration of SSH Server 
Start-Service -Name 'sshd' 
Set-Service -Name 'sshd' -StartupType 'Automatic' 

# Confirm the Firewall rule is configured. It should be created automatically by setup. 
Get-NetFirewallRule -Name '*ssh*' | Format-Table -AutoSize 

# There should be a firewall rule named "OpenSSH-Server-In-TCP", which should be enabled 
New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22

Finally, to enable the SSH server to work with PowerShell remoting, the subsystem must be correctly set.

notepad $Env:ProgramData\ssh\sshd_config

Within the sshd_config file, add the following configurations, specific to PowerShell 7. Once saved and configured, make sure to run the command Restart-Service -Name ‘sshd’ to restart the SSH server.

# Make sure that the subsystem line goes after the existing SFTP subsystem line 
Subsystem powershell c:/progra~1/powershell/7/pwsh.exe -sshs -NoLogo -NoProfile 

# Change c:/progra~1/powershell/7/pwsh.exe to c:/progra~1/powershell/6/pwsh.exe for PowerShell Core 
PasswordAuthentication yes 

# Below is optional but recommended to allow use of public/private keys 
PubkeyAuthentication yes

Finally, restart the SSH server:

Restart-Service -Name 'sshd'

There is a bug in the OpenSSH server version included with Windows. It requires that 8.3 short names be used for any file paths, hence c:/progra~1. To verify that you are using the correct 8.3 short name, you can use the following command to retrieve this for Program Files (where PowerShell 6 or 7 is installed):

Get-CimInstance Win32_Directory -Filter 'Name="C:\\Program Files"' | Select-Object EightDotThreeFileName

So what can you do with PowerShell Remoting and how does it become useful? Many times a system administrator would need to collect information from a variety of systems or run a command on many at once to fix a problem or deploy a new package. With PowerShell Remoting this is easily done.

In the below scenario, let’s connect remotely to a PowerShell 7 remote endpoint and get the running services.

$Params = @{ 
		"ComputerName" = 'Host1' 
		"ConfigurationName" = 'PowerShell.7' 
		"ScriptBlock" = { 
				Get-Service | Where-Object Status -EQ 'Running' | Format-Table -AutoSize 
				} 
		} 
Invoke-Command @Params

Perhaps we need to restart a service, in this case the Print Spooler.

$Params = @{ 
		"ComputerName" = 'Host1' 
		"ConfigurationName" = 'PowerShell.7' 
		"ScriptBlock" = { 
				Get-Service -Name 'Spooler' | Restart-Service 
				} 
		} 
Invoke-Command @Params

PowerShell Remoting is a powerful tool and with the addition of cross-platform capabilities and the use of optional SSH connections, it becomes an even more flexible and important tool for system administrators.