Introduction

Windows Remote Management (WinRM) is a powerful tool that allows you to manage Windows-based systems remotely. On the other hand, Secure Shell (SSH) is a widely used protocol for secure remote communication. Combining the two can provide a secure and versatile solution for managing Windows systems over the network. In this article, we will explore how to tunnel WinRM via SSH using the PSRP (PowerShell Remoting Protocol).

What is PSRP?

The PowerShell Remoting Protocol (PSRP) is the underlying protocol used for PowerShell Remoting. It is designed to allow PowerShell commands and scripts to be executed remotely on a Windows machine. By tunneling WinRM through SSH using PSRP, you can enhance the security of your remote management operations, especially in scenarios where traditional WinRM connections might not be feasible due to network restrictions or security concerns.

Prerequisites

Before we get started, you need to ensure that you have the following prerequisites in place:

  1. A Windows Machine: You’ll need a Windows machine that you want to manage remotely.
  2. PowerShell 7+: Make sure you have PowerShell 7 or higher installed on both the local and remote Windows machines. PowerShell 7 includes SSH support, which is crucial for tunneling WinRM.
  3. SSH Server on the Windows Machine: Install and configure an SSH server on the Windows machine that you want to manage. There are several third-party SSH server solutions available for Windows.
  4. SSH Client: Ensure that you have an SSH client installed on your local machine. You can use native Windows 10 OpenSSH client or third-party tools like PuTTY or WinSCP.
Join 50+ hours of courses in our exclusive community

Configuring WinRM for PSRP

To tunnel WinRM via SSH with PSRP, you need to configure WinRM to use the PSRP transport. Follow these steps on the remote Windows machine:

  1. Open PowerShell with administrator privileges on the remote machine.
  2. Run the following command to configure WinRM to use the PSRP transport:
winrm set winrm/config/client '@{TrustedHosts="*"}'

This command allows all hosts to connect. You can specify specific hosts if needed.

  1. Next, run the following command to set the WinRM listener to use the PSRP transport:
winrm create winrm/config/listener?Address=*+Transport=HTTP @{Port="5986";Hostname="yourhostname"}

Replace “yourhostname” with the hostname or IP address of your Windows machine.

Tunneling WinRM via SSH

Now, let’s tunnel WinRM via SSH from your local machine to the remote Windows machine:

  1. Open your SSH client on your local machine.
  2. Use SSH to connect to the remote Windows machine. The command may look something like this:
ssh username@remote-windows-machine

Once you’ve established an SSH connection, you can use PowerShell to initiate a remote session. Run the following command:

Enter-PSSession -HostName yourhostname -UserName yourusername -SSHTransport

Replace “yourhostname” with the hostname or IP address of your Windows machine and “yourusername” with your Windows username.

You will be prompted to enter your Windows password.

Managing Windows Remotely

Now, you have a PowerShell session open on the remote Windows machine through SSH tunneling. You can execute PowerShell commands and scripts just as if you were on the remote machine.

Conclusion

Tunneling WinRM via SSH with PSRP is a powerful way to enhance the security and flexibility of managing Windows systems remotely. By using SSH as a secure transport for WinRM, you can navigate network restrictions and ensure that your remote management tasks are executed securely. This approach is especially valuable in scenarios where traditional WinRM connections are not feasible or where enhanced security is a top priority.

Subscribe to the YouTube channel, Medium, and Website, X (formerly Twitter) to not miss the next episode of the Ansible Pilot.

Academy

Learn the Ansible automation technology with some real-life examples in my Udemy 300+ Lessons Video Course.

BUY the Complete Udemy 300+ Lessons Video Course

My book Ansible By Examples: 200+ Automation Examples For Linux and Windows System Administrator and DevOps

BUY the Complete PDF BOOK to easily Copy and Paste the 250+ Ansible code

Want to keep this project going? Please donate

Patreon Buy me a Pizza