[英]PowerShell remoting: Controlling what edition is being targeted (PowerShell Core or Windows PowerShell); the state of cross-platform remoting
This self-answered question, which focuses on Windows [1] , addresses the following aspects:这个自我回答的问题侧重于 Windows [1] ,涉及以下方面:
Now that there are two PowerShell editions - the legacy, Windows-only Windows PowerShell and the cross-platform PowerShell Core , both may be installed on a given Windows machine: Now that there are two PowerShell editions - the legacy, Windows-only Windows PowerShell and the cross-platform PowerShell Core , both may be installed on a given Windows machine:
How can I tell which PowerShell edition will execute remote commands , such as via Invoke-Command -ComputerName
?如何判断哪个 PowerShell 版本将执行远程命令,例如通过
Invoke-Command -ComputerName
?
How can I target a specific edition , both ad hoc and persistently , through configuration?我怎样才能通过配置来定位特定的版本,无论是临时的还是持久的?
Note:笔记:
For an edition to be targetable via remoting on a given machine, it must be set up for remoting :对于通过远程在给定机器上定位的版本,它必须设置为远程:
Only Windows PowerShell is automatically set up for remoting, but only on servers running Windows Server 2012 or higher.只有Windows PowerShell自动设置为远程处理,但仅在运行 Windows Server 2012 或更高版本的服务器上。
As of v7, PowerShell Core doesn't come with Windows yet;从 v7 开始,PowerShell Core还没有附带 Windows; if you're using the official installer, you're given the option of enabling remoting during the installation.
如果您使用的是官方安装程序,您可以选择在安装期间启用远程处理。
In any event, you can use Enable-PSRemoting
to (re-)enable PowerShell remoting on demand , which:在任何情况下,您都可以使用
Enable-PSRemoting
按需(重新)启用 PowerShell 远程处理,其中:
must be run from the respective edition .必须从相应的版本运行。
must be run with administrative privileges必须以管理权限运行
[1] That is, the question focuses on WinRM -based remoting (WinRM is a Windows-specific implementation of the DTMF WSMan (WS-Management) standard ). [1] 也就是说,问题侧重于基于WinRM的远程处理(WinRM 是 DTMF WSMan (WS-Management) 标准的 Windows 特定实现)。
As for cross-platform remoting with PowerShell Core :至于使用 PowerShell Core 的跨平台远程处理:
You can already use SSH-based remoting , on all platforms:您已经可以在所有平台上使用基于 SSH 的远程处理:
Using SSH-based remoting involves mostly the same cmdlets as WinRM-based remoting, though the parameters involved differ;使用基于 SSH 的远程处理与基于 WinRM 的远程处理主要涉及相同的 cmdlet,但所涉及的参数不同; most notably, you specify the target computer(s) via the
-HostName
parameter rather than the -ComputerName
parameter.最值得注意的是,您通过
-HostName
参数而不是-ComputerName
参数指定目标计算机。
Limitations (as of v7) : "SSH-based remoting doesn't currently support remote endpoint configuration and Just Enough Administration (JEA)."限制(从 v7 开始) :“基于 SSH 的远程处理当前不支持远程端点配置和 Just Enough Administration (JEA)。”
For Unix-to-Windows remoting ( Unix referring to Unix-like platforms such as macOS and Linux) - that is, remoting into a Windows machine from a Unix-like machine - you can alternatively use WinRM-based remoting with additional configuration:对于Unix 到 Windows 的远程处理( Unix指的是 macOS 和 Linux 等类 Unix 平台) - 也就是说,从类 Unix 机器远程处理到 Windows 机器 - 您也可以使用基于 WinRM 的远程处理和其他配置:
On the Windows machine:在 Windows 机器上:
The Unix-like machines must use the remoting cmdlets with the -Authentication Basic -UseSsl
parameters.类 Unix 机器必须使用带有
-Authentication Basic -UseSsl
参数的远程 cmdlet。
A Unix WSMan-based implementation is being worked on in the psl-omi-provider repository , which already enables Linux machines to act as remoting targets (that is, the server component is already usable - it's not clear to me whether it can also be installed on macOS );在psl-omi-provider 存储库中正在开发基于 Unix WSMan 的实现,它已经使Linux机器能够充当远程目标(也就是说,服务器组件已经可用 - 我不清楚它是否也可以安装在macOS上); the client component, however, is not yet production-ready as of this writing.
然而,在撰写本文时,客户端组件还没有准备好生产。
Once the client client component is available, uniform WSMan-based cross-platform remoting will be possible, both between Unix-like machines (Linux, macOS) and between Unix-like machines and Windows machines.一旦客户端客户端组件可用,就可以在类 Unix 机器(Linux、macOS)之间以及类 Unix 机器和 Windows 机器之间进行统一的基于 WSMan 的跨平台远程处理。
Note : Changing what remote endpoint PowerShell [Core] targets by default - which as of 7.0 is still Window PowerShell - is being considered: see this GitHub issue . Note : Changing what remote endpoint PowerShell [Core] targets by default - which as of 7.0 is still Window PowerShell - is being considered: see this GitHub issue .
It is the locally specified remoting session configuration that determines what PowerShell edition, and possibly version, will be used on the remote machine :本地指定的远程处理 session 配置决定了远程计算机上将使用的 PowerShell 版本和可能的版本:
Ad hoc , you can use the -ConfigurationName
parameter of remoting cmdlets such as Invoke-Command
, New-PSSession
, and Enter-PSSession
to specify a session configuration explicitly. Ad hoc ,您可以使用远程 cmdlet(例如
Invoke-Command
、 New-PSSession
和Enter-PSSession
)的 -ConfigurationName -ConfigurationName
来明确指定 session 配置。
Persistently , via configuration, you can set the default session configuration via the $PSSessionConfigurationName
preference variable (the linked help topic also dicusses other remote-session-related preference variables, namely $PSSessionApplicationName
and $PSSessionOption
)持久地,通过配置,您可以通过
$PSSessionConfigurationName
首选项变量设置默认的 session 配置(链接的帮助主题还讨论了其他与远程会话相关的首选项变量,即$PSSessionApplicationName
和$PSSessionOption
)
microsoft.powershell
on the remote machine (see below).microsoft.powershell
(见下文)。 Therefore, you can alternatively change the definition of this configuration on the remote target machine , but note that this means that all clients that use the defaults will use the redefined configuration - see bottom for how to achieve this redefinition. On the target machine of a remoting operation , Get-PSSessionConfiguration
cmdlet lists all registered session configurations that clients can use to connect to, and which you can manage with Register-PSSessionConfiguration
and Unregister-PSSessionConfiguration
:在远程操作的目标计算机上,
Get-PSSessionConfiguration
cmdlet 列出了客户端可以用来连接的所有已注册 session 配置,您可以使用Register-PSSessionConfiguration
和Unregister-PSSessionConfiguration
管理这些配置:
Caveat : Get-PSSessionConfiguration
must be run in an elevated session (as administrator), and, due to a bug in Windows PowerShell 5.1, you may have to run the following dummy command first: $null = Get-Command Test-WSMan
, so as to ensure that the wsman:
drive is defined). Caveat :
Get-PSSessionConfiguration
must be run in an elevated session (as administrator), and, due to a bug in Windows PowerShell 5.1, you may have to run the following dummy command first: $null = Get-Command Test-WSMan
, so以确保wsman:
drive 已定义)。
Session configurations whose names are prefixed with 'microsoft.powershell
' belong to Windows PowerShell . Session 配置名称以
'microsoft.powershell
'为前缀属于Windows Z3D265B4FAE00318DDFZB7881 。
Prefix 'PowerShell.'
前缀
'PowerShell.'
refers to PowerShell Core .指 PowerShell内核。
$PSSessionConfigurationName
defaults to 'http://schemas.microsoft.com/powershell/Microsoft.PowerShell'
in both editions, which means that Windows PowerShell is by default targeted on remote machines even if you're running from PowerShell Core : $PSSessionConfigurationName
在两个版本中默认为'http://schemas.microsoft.com/powershell/Microsoft.PowerShell'
,这意味着Windows PowerShell默认针对远程计算机,即使您是从 Z3D265B4E01EEEF018DCCZZ Core 运行的:
The Microsoft.PowerShell
part refers to the (64-bit) Windows PowerShell session configuration, as listed by Get-PSSessionConfiguration
(in lowercase). The
Microsoft.PowerShell
part refers to the (64-bit) Windows PowerShell session configuration, as listed by Get-PSSessionConfiguration
(in lowercase).
The http://schemas.microsoft.com/powershell/
prefix is optional and can be omitted; http://schemas.microsoft.com/powershell/
前缀是可选的,可以省略; note that using https:
in the prefix does not work and will not automatically switch to an SSL-based transport;请注意,使用
https:
前缀不起作用并且不会自动切换到基于 SSL 的传输; for the latter, explicit configuration is needed.对于后者,需要显式配置。 Note that HTTPS/SSL-based remoting isn't necessary if all of your remoting happens within a Windows domain.
请注意,如果您的所有远程处理都发生在 Windows 域中,则不需要基于 HTTPS/SSL 的远程处理。
To target PowerShell Core (PowerShell v6+) on a remote machine :要在远程计算机上定位 PowerShell Core (PowerShell v6+) :
Generally, PowerShell Core session configurations are version-specific , and you have two choices:通常,PowerShell Core session 配置是特定于版本的,您有两种选择:
Target a major PowerShell Core version - eg, PowerShell.7
- using whatever the latest v7.x version is installed on the target machine.使用目标机器上安装的最新 v7.x 版本,以主要的 PowerShell 核心版本为目标- 例如,
PowerShell.7
。
Target a specific version - eg, PowerShell.7.1.2
针对特定版本 - 例如,
PowerShell.7.1.2
Again, running Get-PSSessionConfiguration
on the target machine, from an elevated session, tells you the names of all registered session configurations.同样,从提升的 session 在目标计算机上运行
Get-PSSessionConfiguration
,会告诉您所有已注册的 session 配置的名称。
To target PowerShell Core ad hoc , use -ConfigurationName PowerShell.7
, for instance:要针对 PowerShell Core ad hoc ,请使用
-ConfigurationName PowerShell.7
,例如:
# Connect to computer $comp and make it execute $PSVersionTable
# in PowerShell Core v7.x, which tells you what PowerShell edition
# and version is running.
Invoke-Command -ComputerName $comp -ConfigurationName PowerShell.7 { $PSVersionTable }
$PROFILE
file:$PROFILE
文件中添加以下内容:# When remoting, default to running PowerShell Core v7.x on the
# the target machines:
$PSSessionConfigurationName = 'PowerShell.7'
microsoft.powershell
session configuration , which requires administrative privileges;microsoft.powershell
session 配置; you can adapt the following snippet:# Run WITH ELEVATION (as administrator) and
# ONLY IF YOU UNDERSTAND THE IMPLICATIONS.
$ErrorActionPreference = 'Stop'
# The configuration whose definition you want to make the new default.
$newDefaultConfigSource = 'PowerShell.7'
# Standard registry locations and names.
$defaultConfigName = 'Microsoft.PowerShell'
$configXmlValueName = 'ConfigXml'
$configRootKey = 'registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin'
# Rename the current default configuration XML to "ConfigXml.OLD" to keep a backup.
Rename-ItemProperty $configRootKey\$defaultConfigName $configXmlValueName -NewName "$configXmlValueName.OLD"
# Get the configuration XML from the configuration that should become the new default.
# Modify it to replace the source configuration name with the default configuration name.
$xmlText = (Get-ItemPropertyValue $configRootKey\$newDefaultConfigSource $configXmlValueName) -replace
('\b{0}\b' -f [regex]::Escape($newDefaultConfigSource)), $defaultConfigName
# Save the modified XML as the default configuration's config XML.
Set-ItemProperty $configRootKey\$defaultConfigName $configXmlValueName $xmlText
# Restart the WinRM service for changes to take effect.
Restart-Service WinRM
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.