Tag: Remoting

How to SSH into an Azure VM from Windows Terminal Menu

How to SSH into an Azure VM from Windows Terminal Menu

A couple of days ago, I released a blog post on how you can add a PowerShell remote session in the Windows Terminal menu. In my example, I created a menu item in Windows Terminal to use PowerShell remoting to connect to an Azure virtual machine (VM). In the meantime, I got a lot of questions on how you can add an SSH connection to an Azure VM in the Windows Terminal. That is why I am going to share here, how you can add an SSH connection to an Azure VM in the Windows Terminal menu.

Scott Hanselman wrote a great blog post on how you can add tabs to open an SSH connection, so I highly recommend that you read his blog for all the details.



PowerShell Remoting over SSH in PowerShell 7

Enable PowerShell SSH Remoting in PowerShell 7

In this blog post, we will have a look at how you can enable and set up PowerShell SSH Remoting or PowerShell Remoting over SSh with PowerShell 7. With PowerShell Core 6, Microsoft introduced PowerShell 7 Remoting over SSH, which allows true multiplatform PowerShell remoting between Linux, macOS, and Windows. PowerShell SSH Remoting creates a PowerShell host process on the target machine as an SSH subsystem. Normally, Windows PowerShell remoting uses WinRM for connection negotiation and data transport. However, WinRM is only available on Windows-based machines.

There are also some downsides to it. SSH-based remoting doesn’t currently support remote endpoint configuration and JEA (Just Enough Administration). It is also important to understand that this is not just another PowerShell SSH client.

Use SSH Transport with PowerShell Remoting

To use PowerShell 7 remoting with SSH on Windows, Linux, and macOS machines, you can use the same cmdlets you are already familiar from Windows PowerShell remoting with WinRM.

  • New-PSSession
  • Enter-PSSession
  • Invoke-Command

There are three new parameters for these cmdlets if you are using PowerShell SSH remoting.

  • -HostName (Instead of -Computername, you define the SSH target)
  • -UserName (Instead of -Credentials you use the -UserName parameter)
  • -KeyFilePath (If you are using SSH key authentication you can use the -KeyFilePath parameter to point to the key file)
New-PSSession -HostName tomsssh.server.com -UserName thomas


Add a PowerShell Remoting Session in the Windows Terminal Menu

Add a PowerShell Remote Session in Windows Terminal

I am sure you have heard about the new Windows Terminal, which is in preview, and you can get it from the Windows Store. In this blog post, I want to share how you can add a PowerShell remote session to the drop-down menu in the Windows Terminal when you open a new tab. The new Windows Terminal is highly customizable and it allows you to run different shells like the classic command prompt, Windows PowerShell, PowerShell 7, and also Windows Subsystem for Linux shells (I am using, for example, Ubuntu with the Windows Subsystem for Linux 2 (WSL 2)).

Scott Hanselman wrote a great blog post on how you can add tabs to open an SSH connection directly, so why not do the same thing with PowerShell? In my example, I will add a tab in Windows Terminal, which opens up a PowerShell remoting session (using WS-Management WSMan) to an Azure virtual machine (VM). However, this would work with every other machine which you can access using PowerShell Remoting.

Add a PowerShell Remote Session in Windows Terminal Tab

To get started, we need to open up the settings of the Windows Terminal. This will open up a settings.json file, which you can edit in your favorite editor, for example, Visual Studio Code. To add new “menu items,” you will need to add a profile to the profiles array in the JSON file. In my case, I will add two to different menu items, once I am going to do a PowerShell remoting session to an Azure VM using Windows PowerShell and in the other, I am going to use PowerShell 7.

Windows Terminal Settings profiles

Windows Terminal Settings profiles

You can see here the following to profile entries:

Remote Session using Windows PowerShell 5.1

{
"name":  "PS Thomas AzureVM",
"tabTitle": "PS Thomas Maurer AzureVM",
"commandline": "powershell.exe -NoProfile -NoExit -Command Enter-PSSession -ComputerName azurevmps.westeurope.cloudapp.azure.com -Credential thomas",
"icon": "C:/Users/thoma/Downloads/AzureVMIcon32.png"
},

Remote Session using PowerShell 7

{
"name":  "PS Thomas AzureVM",
"tabTitle": "PS Thomas Maurer AzureVM",
"commandline": "pwsh.exe -NoProfile -NoExit -Command Enter-PSSession -ComputerName azurevmps.westeurope.cloudapp.azure.com -Credential thomas",
"icon": "C:/Users/thoma/Downloads/AzureVMIcon32.png"
},

As you can see, we define the profile name and the tab title in for the Windows Terminal entry. We have the command line command here, which starts the PowerShell remoting session. The command opens a PowerShell session to a specific computer or server using the ComputerName parameter and the Credential parameter for the credentials. In my case, I am connecting to an Azure VM with the name azurevmps.westeurope.cloudapp.azure.com (could also be an IP address) and the username Thomas. The last thing I add is a small icon (32×32 pixel) since I am connecting to an Azure VM, I took the Azure VM icon.

In this scenario, I am using PowerShell Remoting over HTTP, you can use the same thing for your connections using PowerShell Remoting over HTTPS or even PowerShell Remoting over SSH which are way more secure, and should be used for your connections. If you are looking to create the same Windows Terminal menu entry using a simple SSH connection, check out my blog post here.

Now your Windows Terminal drop-down menu will look like this:

Add a PowerShell Remote Session in Windows Terminal Tab

Add a PowerShell Remote Session in Windows Terminal Tab

By selecting one of these profiles, you will automatically open a PowerShell remoting session to a specific computer or server in Windows Terminal.

Windows Terminal - Azure virtual machine VM PS Remote Session

Windows Terminal – Azure virtual machine VM PS Remote Session

I hope this gives you an idea of how you can add a PowerShell remote session in Windows Terminal menu. If you want to know more about the Windows Terminal, check out the following blog, and if you have any questions, please feel free to leave a comment.

If you want to know more about what’s new in PowerShell 7, or if you want to learn more about how to customize the Windows Terminal, check out my blog.



Mastering Azure with Cloud Shell

Mastering Azure with Cloud Shell

There are multiple ways to interact and manage resources in Microsoft Azure. You can use the Azure Portal or command line tools like the Azure PowerShell module or the Azure CLI, which you can install on your local machine. However, to set up a cloud management workstation for administrators and developers can be quite a lot of work. Especially if you have multiple computers, keeping consistency between these machines can be challenging. Another challenge is keeping the environment secure and all the tools up to date. The Azure Cloud Shell addresses this any many more things.

Cloud Shell is not brand new, Microsoft announced Cloud Shell at Build 2017. This blog post is about how you can master Azure with Cloud Shell and give you an overview of the possibilities of Cloud Shell.

 

What is Cloud Shell

Cloud Shell Azure Portal

Cloud Shell offers a browser-accessible, pre-configured shell experience for managing Azure resources without the overhead of installing, versioning, and maintaining a machine yourself. Azure Cloud Shell is assigned per unique user account and automatically authenticated with each session. This makes it a private and secure environment.

You get a modern web-based command line experience which can be accessed from several endpoints like the Azure Portal, shell.azure.com and the Azure mobile app, Visual Studio Code or directly in the Azure docs.

In the backend, Azure uses containers and automatically attaches an Azure File Share to the container. You can store the data on it, so your data is persistent. This persists your data across different Cloud Shell sessions.

Cloud Shell Bash and PowerShell

You can choose your preferred shell experience. Cloud Shell supports Bash and PowerShell and included your favorite third-party tools and standard tools and languages. If something like a module is missing, you can add it.



Azure Nano Server PowerShell Package Management

How to deploy Nano Server in Azure

In some other post I have written how you can deploy a Nano Server on premise using PowerShell or the Nano Server Image Builder. In this post I will quickly show you how you can setup a new Nano Server in Microsoft Azure.

To deploy Nano Server in Azure, Microsoft offers you a Nano Server Image in the Marketplace.

Using the Azure Portal to deploy Nano Server on Microsoft Azure

There are also several ways you can deploy Nano Server, for example using the Azure Portal or PowerShell. First this will show you how you can create a Nano Server Virtual Machine using the Azure Portal.

Nano Server on Azure Marketplace

Simply follow the steps to create a new Azure Virtual Machine.

Nano Server on Azure VM Size

The most important part is to configure the Network Security Groups to allow PowerShell Remoting since Nano Server does not support RDP. There are two options to do this, using WinRM over http (5985) or using WinRM using https (5986). To be honest in production you should only use https, but for some demos or if you are configuring Nano Server to be used over a VPN you can also use WinRM over http. I also recommend that you remove the RDP port rule, since this is not really necessary. If the WinRM rule in the network security group is not already there, just create it. For easy setup you can use 5985 if you want to use SSL you will require additional steps.

Nano Server on Azure Network Security Groups NSG

Follow the rest of the wizard to deploy the new Nano Server VM. After the VM is created you will see it in the Azure Portal. You can now use the IP address to connect to the virtual machine using PowerShell remoting. If you don’t have a VPN connection to the Azure VM Network you will need to use the public IP address, if it is connected trough a VPN or from another machine running in the same VM Network, you can use the internal IP address. In my demo case I am using the public IP address to connect to the virtual machine. To make it easier I also created a Public DNS name for this Azure IP address.

Nano Server on Azure Public DNS Name

To connect to your Nano Server you also have to setup PowerShell Remoting on your machine and add the host to your trusted hosts group.

# Start the WinRM Service

 

Start-Service WinRM

 

Set-Item WSMan:\localhost\Client\TrustedHosts -Value “servername or IP”

 

You can now connect to your Nano Server running in Azure.

Nano Server PowerShell Remoting Azure VM

Enter-PSSession -ComputerName tomsnano02.westeurope.cloudapp.azure.com -Credential ~\ThomasMaurer

Using the Azure PowerShell module to deploy Nano Server on Microsoft Azure

First you have to install the Azure PowerShell Module and get the NanoServerAzureHelper PowerShell Module (NanoServerAzureHelper_20160927) this will help you with the setup.

Time to fire up PowerShell and login to Azure

Login-AzureRmAccount

First create a new Azure Resource Group and a Key Vault if you don’t have them already available. The key vault will be helping you to use SSL configuration for your PowerShell remoting.

New-AzureRmResourceGroup -Name “NanoServerAzurePS” -Location "West Europe"
New-AzureRmKeyVault -VaultName “NanoServerAzurePSVault” -ResourceGroupName “NanoServerAzurePS” -Location "West Europe" -EnabledForDeployment

Import the NanoServerAzureHelper PowerShell module which you have downloaded before.

NanoServerAzureHelper PowerShell Module

Import-Module .\PowerShell\NanoServerAzureHelper_20160927\NanoServerAzureHelper.psm1 -Verbose

This will give you some new PowerShell cmdlets to deploy Nano Server quickly on Azure.

The most important for creating new Nano Server VMs in Azure is simply the New-NanoServerAzureVM.

New-NanoServerAzureVM

Create a new Nano Server VM in Azure using the following PowerShell command:

New-NanoServerAzureVM Create Nano Server VM

New-NanoServerAzureVM -Location "West Europe" –VMName "tm01-nanops" -AdminUsername "ThomasMaurer" -VaultName "NanoServerAzurePSVault" -ResourceGroupName "NanoServerAzurePS" -Verbose

To connect you can get the public IP address for the system you deployed and connect to it

Get-AzureRmPublicIpAddress -ResourceGroupName "NanoServerAzurePS"
 
Enter-PSSession -ConnectionUri "https://tm01-nanops.westeurope.cloudapp.azure.com:5986/WSMAN" -Credential "~\ThomasMaurer"

 

Using PowerShell Package Management to Install Roles and Features on Nano Server

Since in Nano Server does not include any roles per default you can now use PowerShell Package Management to installed Nano Server Packages on your Azure Virtual Machine.

Azure Nano Server PowerShell Package Management

If you want to know more about PowerShell Package Management on Nano Server, check out my blog post. If you want to know more about Nano Server in general check this post here: Nano Server – The future of Windows Server – Just enough OS

 

 

 

 

 

 

 



PowerShell SSH Session

Using SSH with PowerShell

Microsoft announced that they will support SSH using PowerShell in Windows 10. Until now Microsoft has a good solution for this, there is a third party solutions called Posh-SSH. To use SSH in PowerShell you first have to install the Posh-SSH PowerShell Module from the PowerShell Gallery. Make sure you are running Windows 10 or you have the Windows Management Framework 5 installed.

If you want to use SSH with PowerShell 6, you read my blog here: Using SSH with PowerShell 6

You can now find the Posh-SSH Module and install it:

PowerShell SSH Installation

 
Install-Module Posh-SSH

You now have several PowerShell SSH cmdlets available:

PowerShell SSH cmdlets

Now you can create a new SSH Session using the following cmdlet (Password based authentication)

PowerShell SSH Session

 
New-SSHSession -ComputerName "thomasmaurer.azure.cloudapp.net" -Credential (Get-Credential)

You can now simply run commands against this session or use SCP to copy files.

PowerShell SSH Commands

 
Invoke-SSHCommand -Index 0 -Command "uname"

I hope this helps you using SSH with PowerShell. If you have any questions, please write it in the comments. Also check out my other blogs and see how SSH is integrated in Windows 10.



PowerShell Direct Invoke-Command

How to Remote Manage your Nano Server using PowerShell

In a blog post some days ago I wrote how you can create your Nano Server Image and boot it inside a Virtual Machine. If you are familiar with Nano Server you know that Nano Server is a headless server so you can’t really login to this server. The only thing you can login is to the Nano Server Recovery Console. In the Nano Server Recovery console you can only view some information about the server such as Name or IP Address, restart the server and reset the network configuration. You don’t get any access to a shell or file system.

Nano Server Recovery Console

If you want to manage your Nano Server right now you can use the old MMC tools for Remote Management or PowerShell. PowerShell will be the key here to do simple management tasks. For this you can use PowerShell Remoting or if you run your Nano Server in a Virtual Machine you can also use PowerShell Direct.

For PowerShell Remoting you first have to configure your source system, if you haven’t already done this. (Some parts are maybe not needed if your local machine is in the same Active Directory Domain as your Nano Server).

you may need to start the WinRM service on your desktop to enable remote connections. From the PS console type the following command:

# Start the WinRM Service
 
net start WinRM

From the PS console, type the following, substituting servername or IP with the appropriate value (using your machine-name is the easiest to use, but if your device is not uniquely named on your network, try the IP address):

Set-Item WSMan:\localhost\Client\TrustedHosts -Value "servername or IP"

If you want to connect multiple devices, you can use comma and quotation marks to separate each devices.

Set-Item WSMan:\localhost\Client\TrustedHosts -Value "servername or IP, servername or IP"

You can also set it to allow it to connect to every server using the following command:

Set-Item WSMan:\localhost\Client\TrustedHosts -Value "*"

Now you can start a session with your Nano Server. From you administrator PS console, type:

Enter-PSSession -ComputerName "servername or IP" -Credential servername\Administrator

As mentioned before, if you have installed your Nano Server in a Virtual Machine running on a Hyper-V host you can use PowerShell Direct to directly connect from your local Hyper-V host to your Nano Server VM.

Enter-PSSession -VMName "VMName" -Credential servername\Administrator