Connecting from Linux to Windows is a harder path; it is clearly undergoing rapid change and is much less mature than connections in the other direction.
Before moving on to configuring SSH, verify that WSMan functions. An HTTPS listener must be set up; HTTP connections are prohibited by newer versions of the PSRP package. If HTTPS is not already available, a self-signed certificate may be created and used as shown in the Remoting and SSL section.
If remoting is not yet configured for PowerShell Core, run the Enable-PSRemoting command in the Core console (as an administrator). Once enabled, find the name of the configuration entry using the Get-PSSessionConfiguration command.
The configuration name may be used to create a session to PowerShell Core that runs on the Windows system:
$params = @{
HostName = 'WindowsSystemNameOrIPAddress'
Credential = (Get-Credential)
Authentication = 'Basic'
UseSSL = $true
ConfigurationName = 'PowerShell.6.1.1'
}
Enter-PSSession @params
At the time of writing, attempting to connect from Linux to a PowerShell 5.1 session results in an "access denied" error message.
The OpenSSH package must be installed on Windows to continue, as described when configuring the connection from Windows to Linux.
The SSHD service must be installed to allow incoming connections using SSH. A service installation script is included with the OpenSSH package:
& "C:Program FilesOpenSSH-Win64install-sshd.ps1"
Start-Service sshd
If used, Windows Firewall must also be opened:
$params = @{
DisplayName = $name = 'SSH Daemon (SSH-In)'
Name = $name
Profile = 'Any'
LocalPort = 22
Protocol = 'TCP'
}
New-NetFirewallRule @params
Once this step is complete, it should be possible to create an SSH connection from Linux to Windows:
ssh user@WindowsSystemNameOrIPAddress
As with configuring Linux, public key authentication may be allowed, and a subsystem must be configured, this time on the Windows system. The C:ProgramDatasshsshd_config file must be edited.
To enable public key authentication, set PubkeyAuthentication:
PubkeyAuthentication yes
Add a subsystem to the file. This may be specified in addition to any existing subsystem:
Subsystem powershell C:/progra~1/PowerShell/6/pwsh.exe -sshs -NoLogo -NoProfile
The sshd service should be restarted after changing the configuration file:
Restart-Service sshd
At this point, it will be possible to create a remoting session using SSH, by entering a password when prompted:
$params = @{
HostName = 'WindowsSystemNameOrIPAddress'
UserName = $env:USERNAME
SSHTransport = $true
}
Enter-PSSession @params
Public key authentication may be configured in the same way as was done for Linux. A key can be generated on Linux using the ssh-keygen command.
The public key, by default ~/.ssh/id_rsa.pub, may be added to an authorized_keys file on Windows. The following command, when run on Linux, displays the public key:
Get-Content ~/.ssh/id_rsa.pub
This public key may be added to an authorized_keys file for a user on the Windows system:
$publicKey = 'ssh-rsa AAAABG...'
Set-Content -Path ~/.ssh/authorized_keys -Value $publicKey
At this point, the Linux system will be able to use public key authentication to access the Windows system:
$params = @{
HostName = 'WindowsSystemNameOrIPAddress'
UserName = $env:USERNAME
SSHTransport = $true
KeyFilePath = '~.sshid_rsa'
}
Enter-PSSession @params
Extending this further, Windows systems running PowerShell Core and the SSH daemon may use SSH as a remoting transport to access other Windows systems.