You can install open ssh on windows now Sadly still in beta last I looked but I tested it and could shh from my sensible server to the windows deter with an ssh key and run power shell commands etc
Stu On 28 Feb 2020, at 16:32, FloodBarboy <[email protected]> wrote: Hello, I have been racking my brain for the last few days trying to setup SSL Certificate based or Passwordless WinRM setup in Ansible. I have a mixed environment of domain and non domain WIndows servers that I would like to have Ansible maintain. So far in my reading and scouring the interwebs, it appears I picked the difficult option of using SSL. Currently, I am trying to use a self signed certificates to make this work. I have followed a few different websites to get this working. Here are three that I have been reading over and over to make this work: https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html#certificate https://vnuggets.com/2019/08/08/ansible-certificate-authentication-to-windows/ http://www.hurryupandwait.io/blog/certificate-password-less-based-authentication-in-winrm They all make it sound so easy. At the end of their articles it all works. Really impressive to be truthful. Any way I have a few questions. First, here is what I am doing to try to make this work. I am creating a self-signed cert on my Ansible server (Ubuntu 18.04 using Ansible 2.9.5 with Python 3.6.9) using OpenSSL per the instructions. I copy these over the pem file to my windows server and add this to the Trusted Root and Trusted People store. Then create a self-signed cert using PowerShell for the Windows server and add it to the Local My store. I map the self-signed cert I created in Windows to a local user on the Windows server. The username for the cert creation in OpenSSL matches the username that I am mapping in Windows. Then I try running "Ansible windows -m win_ping -vvvv". This is where the documentation and I split ways. Where theirs works, mine results in "msg": "certificate: the specified credentials were rejected by the server". No firewall is enabled as this is just in testing at this point. I do not see in the event log where the Ubuntu server is trying to hit the Windows 2016 server. If I change my host file from certificate to basic or credssp using the ssl option with ignore, it pings fine. However, when telling it to use certificate and pointing to the two pem files that OpenSSL created, I get the message above. First question would be why am I creating a cert for Ansible on the Linux server and then creating a SSL cert on the Windows server? Does the Windows Cert need to be installed on the Linux server? I feel I am missing something simple but for the life of me cannot figure out what. Any help would be greatly appreciated. If you need extra info, please ask. I will provide all information I can. Thank you in advance. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/0fdedf5b-72e0-4a75-a67a-42c10575117d%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/0fdedf5b-72e0-4a75-a67a-42c10575117d%40googlegroups.com?utm_medium=email&utm_source=footer>. -- Stuart Lowe Cloud & Hosting Engineer Zen Internet Team: 01706 902009 Web: zen.co.uk Winner of 'Services Company of the Year' at the UK IT Industry Awards This message is private and confidential. If you have received this message in error, please notify us and remove it from your system. Zen Internet Limited may monitor email traffic data to manage billing, to handle customer enquiries and for the prevention and detection of fraud. We may also monitor the content of emails sent to and/or from Zen Internet Limited for the purposes of security, staff training and to monitor quality of service. Zen Internet Limited is registered in England and Wales, Sandbrook Park, Sandbrook Way, Rochdale, OL11 1RY Company No. 03101568 VAT Reg No. 686 0495 01 -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/0CD36B40-68F7-4C23-A949-6F0758FA38B1%40zeninternet.co.uk.
