Remoting cross domain

Welcome Forums General PowerShell Q&A Remoting cross domain

This topic contains 3 replies, has 3 voices, and was last updated by

11 months, 1 week ago.

  • Author
  • #95897

    Points: 2
    Rank: Member


    I have a VM that is in a domain. It connects to several other VMs that are not (New-PSSession). I have added the computer names and the IP addresses to TrustedHosts. The IP addresses are dynamic however. I found that I can use the computer names but not always, probably not when the IP is different from the one in TrustedHosts.
    I always can Test-Connection and get a positive, even when remoting does not work. Why is that? Is it an option to get the IP address from Test-Connection and update TrustedHosts with it dynamically? What other alternatives might there be?

  • #95964

    Points: 1,811
    Helping HandTeam Member
    Rank: Community Hero

    Test-Connection is just a ping. Remoting uses a very robust authentication and mutual trust system, not just a ping.

    And yes, you could dynamically updated TrustedHosts. It's not a stellar idea. The system you've got in place would be very easy for an attacker to exploit. What you should be doing is equipping those remote machines with HTTPS endpoints, disabling their HTTP endpoints, and using a trusted SSL certificate. Tell Remoting to -UseSSL, and then you don't need to manage TrustedHosts at all.

    • #96011

      Points: 2
      Rank: Member

      No escaping the certificate. Just to make sure I got the steps right, Don.
      1. Create individual certificates for each VM
      2. Import each certificate on the (local or VM) machine that wants to connect to these VMs.
      3. Enable the https endpoint on all machines that need to connect (local and VM)

      The double hop links were informative, thanks postanote.

  • #95975

    Points: 780
    Helping Hand
    Rank: Major Contributor

    This is not a PoSH specific issue, it is a Windows Security boundary.

    See these articles.

    PowerShell Remoting and the “Double-Hop” Problem

    PowerShell Remoting and Kerberos Double Hop: Old Problem – New Secure Solution

    PowerShell Remoting Kerberos Double Hop Solved Securely

The topic ‘Remoting cross domain’ is closed to new replies.

denizli escort samsun escort muğla escort ataşehir escort kuşadası escort