使用 powershell 将 zip 文件发送并提取到 azure VM

Question

我正在尝试将 zip 文件发送并解压缩到 azure VM，但无法连接到远程 Azure VM。

代码

$cred = Get-Credential
$SO = New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck
$session = New-PSSession -ConnectionUri 'http://xx.xx.xxx.xxx:3389' -Credential $cred -SessionOption $SO

Send-File -Path C:\testArchive.zip -Destination C:\ -Session $session
Expand-Archive -Path C:\testArchive.zip -DestinationPath C:\ -Session $session

错误

New-PSSession : [xx.xx.xxx.xxx] Connecting to remote server xx.xx.xxx.xxx 
failed with the following error message : The client cannot connect to the 
destination specified in the request. Verify that the service on the 
destination is running and is accepting requests. Consult the logs and 
documentation for the WS-Management service running on the destination, most 
commonly IIS or WinRM. If the destination is the WinRM service, run the 
following command on the destination to analyze and configure the WinRM 
service: "winrm quickconfig". For more information, see the 
about_Remote_Troubleshooting Help topic.
At line:4 char:12
+ $session = New-PSSession -ConnectionUri 'http://xx.xx.xxx.xxx:3389' - ...
+            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:Re 
   moteRunspace) [New-PSSession], PSRemotingTransportException
    + FullyQualifiedErrorId : CannotConnect,PSSessionOpenFailed

以下是我在 azure VM 上运行“winrm quickconfig”命令时的输出

WinRM service is already running on this machine.
WinRM is already set up for remote management on this computer.

当我运行“Enter-PSSession -ComputerName LoadTestVm -Port 3389 -Credential qa-admin”时

Enter-PSSession : Connecting to remote server LoadTestVm failed with the following error 
message : The WinRM client cannot process the request because the server name cannot be 
resolved. For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ Enter-PSSession -ComputerName LoadTestVm -Port 3389 -Credential qa-ad ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (LoadTestVm:String) [Enter-PSSession], PSRem 
   otingTransportException
    + FullyQualifiedErrorId : CreateRemoteRunspaceFailed

Answer 1

WINRM 将在端口 5985 和 5986 上运行。端口 5985 用于 HTTP，5986 用于 HTTPS。默认情况下，如果您没有使用-port 指定它，它会使用端口 5985。您应该指定端口 5985 而不是 3389，如果有，也应在 NSG 中启用它。所以你可以运行Enter-PSSession -ComputerName "PublicIPaddress of VM" -Port 5985 -Credential $cred。

这对我有用。

Copy-Item -Path D:\nancy\4.zip -Destination C:\ –ToSession $session

Invoke-Command -Session $session -ScriptBlock { Expand-Archive -Path C:\4.zip -DestinationPath C:\ }

更多参考资料：

https://www.assistanz.com/access-azure-windows-vm-through-powershell/

https://geekdudes.wordpress.com/2016/11/16/enabling-remote-powershell-connection-to-azure-virtual-machine/

https://mohitgoyal.co/2016/11/10/enable-powershell-remoting-on-azure-rm-virtual-machines/

Answer 2

这并不是真正的风险管理/安全方面的最佳实践。

<#
$username = 'qa-admin'
$pass = ConvertTo-SecureString -string 'xxxxxxxx' -AsPlainText -Force
#>

这...

<#
$cred = New-Object -typename System.Management.Automation.PSCredential -argumentlist $username, $pass
#>

...为此有一个内置的 cmdlet。

切勿在脚本中传递明文密码。要么：

1. 提示他们
2. 从安全的预创建文件中读取它们

Quickly and securely storing your credentials – PowerShell

Working with Passwords, Secure Strings and Credentials in Windows PowerShell

1. 来自 Windows 凭据管理器

CredentialManager 2.0

Accessing Windows Credentials Manager from PowerShell

How to Manage Secrets and Passwords with CredentialManager and PowerShell

$cred = Get-Credential -Credential $env:USERNAME

这...

$session = New-PSSession -ConnectionUri 'http://xx.xx.xxx.xxx:3389' -Credential $cred -SessionOption (New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck)

...不正确。你不可以做这个。您需要将上述结果传递给 -SessionOption 参数。

Get-Help -Name New-PSSessionOption -Examples

<#
NAME
    New-PSSessionOption

SYNOPSIS
    Creates an object that contains advanced options for a PSSession.


Example 1: Create a default session option

    PS C:\>New-PSSessionOption
...

This command creates a session option object that has all of the default values.
Example 2: Configure a session by using a session option object

    PS C:\>$pso = New-PSSessionOption -Culture "fr-fr" -MaximumReceivedObjectSize 10MB
    PS C:\>New-PSSession -ComputerName Server01 -SessionOption $pso

...

Example 3: Start an interactive session

    PS C:\>Enter-PSSession -ComputerName Server01 -SessionOption (New-PSSessionOption -NoEncryption -NoCompression)

...
Example 4: Modify a session option object

    PS C:\>$a = New-PSSessionOption
...

PS C:\> $a.UICulture = (Get-UICulture)
PS C:\> $a.OpenTimeout = (New-Timespan -Minutes 4)
PS C:\> $a.MaximumConnectionRedirectionCount = 1
PS C:\> $a

...

Example 5: Create a preference variable

    PS C:\>$PSSessionOption = New-PSSessionOption -OpenTimeOut 120000

...

Example 6: Fulfill the requirements for a remote session configuration

    PS C:\>$skipCN = New-PSSessionOption -SkipCNCheck
    PS C:\>New-PSSession -ComputerName 171.09.21.207 -UseSSL -Credential Domain01\User01 -SessionOption $SkipCN

...

Example 7: Make arguments available to a remote session

    PS C:\>$team = @{Team="IT"; Use="Testing"}
    PS C:\>$TeamOption = New-PSSessionOption -ApplicationArguments $team
    PS C:\>$s = New-PSSession -ComputerName Server01 -SessionOption $TeamOption
    PS C:\>Invoke-Command -Session $s {$PSSenderInfo.SpplicationArguments}

...

    PS C:\>Invoke-Command -Session $s {if ($PSSenderInfo.ApplicationArguments.Use -ne "Testing") {.\logFiles.ps1} else {"Just testing."}}
...
#>

所以，你的是……

$SO       = New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck
$session  = New-PSSession -ConnectionUri 'http://xx.xx.xxx.xxx:3389' -Credential $cred -SessionOption $SO

# Process other actions
Send-File -Path C:\testArchive.zip -Destination C:\ -Session $session
Expand-Archive -Path C:\testArchive.zip -DestinationPath C:\ -Session $session