Using PowerShell through SSH

July 3, 2006


Windows PowerShell is a new command-line shell and task-based scripting technology that provides comprehensive control and automation of system administration tasks. Windows PowerShell allows Windows administrators to be more productive by providing numerous system administration utilities, consistent syntax, and improved navigation of common management data such as the registry or Windows Management Instrumentation (WMI). Windows PowerShell also includes a scripting language which enables comprehensive automation of Windows system administration tasks. The Windows PowerShell language is intuitive and supports existing scripting investments. Exchange Server 2007 and System Center Operations Manager 2007 will be built on Windows PowerShell. -- Windows Server 2003 Technologies - PowerShell

I come from UNIX, where the text shell is the preferred way to do system administration. I’ve been following Powershell n e Monad for some time. Windows has needed a powerful shell since before MS-DOS (not sure what the default shell in Xenix was). The PowerShell team seems to be laying out some of the architecture that will be needed to bring Microsoft forward on this front. I’ve argued before that one of the reasons Google is beating Microsoft is the easy scriptability and command line interface on Google’s Platform, Linux. If Microsoft wants to play seriously with admins like me and compete with Apple and Google, they will have to continue building on PowerShell. One of the key components of System Administration is remote access. It would be absurd to have to physically walk up to every machine you were responsible for and use the keyboard and mouse to configure or install anything. There are some pretty good tools for working with Windows remotely, but most of them require a video card and mouse. I can type upwards to 100 words a minute, anytime I have to move my hands off the home row to the mouse, I am losing productivity. Anytime I have to stream video, I am wasting bandwidth. I can administer a UNIX box from a palmtop device like a Sidekick over a slow cell phone connection. One of the first things that an admin wants to do with PowerShell is run remotely. To do this securely, you must encrypt your data. SSH has been the proven way to do this. So the question becomes, how do I connect SSH and PowerShell together? With a little bit of kludge, it is possible. Why this wasn’t included by default in version 1.0, I have no idea. My advice and plea to the Microsoft developers is to just use SSH. Please don’t invent a proprietary Microsoft only tool to do this. Please please please please! Note: The following assumes that you have logged in as a local admin and this account has a password.

Download and Install Cygwin

Fire up Firefox (or your favorite browser) and choose a Cygwin Mirror.

  • Select a mirror
  • Download setup.exe
  • Run setup.exe
  • Most of the defaults can be left as is

However, make sure to select SSH under the Network category. It will select the other required dependencies for you.

Configure Cygwin

Right click My Computer, select Properties -> Advanced -> Environment Variables. Next, click the New button and add:

name: CYGWIN value: ntsec

Select the Path variable and click Edit then append ;c:\cygwin\bin (assuming you installed Cygwin here) at the end of the existing string.

Download and Install Microsoft Tools

Note: The following requires Microsoft Passport aka Live ID

Unzip the downloads and run their respective setup. I used all the defaults.

Run Cygwin

  • Either click the green Cygwin icon or run c:\cygwin\cygwin.bat
  • Run ssh install script: $ ssh-host-config
  • Answer “yes” to every question except for the last one, which should be ntsec

Should privilege separation be used? (yes/no) yes Should this script create a local user ‘sshd’ on this machine? (yes/no) yes Do you want to install sshd as service? (Say “no” if it’s already installed as service) (yes/no) yes Which value should the environment variable CYGWIN have when sshd starts? It’s recommended to set at least “ntsec” to be able to change user context without password. Default is “ntsec”. CYGWIN=ntsec Start SSHD $ net start sshd The CYGWIN sshd service is starting. The CYGWIN sshd service was started successfully.

Run Powershell

Start -> Programs-> Windows Powershell. Choose to always accept Microsoft signed code. Close PowerShell

Test SSH and Powershell

Run Putty or your favorite ssh client and connect to localhost. Accept the hash and login. If everything works, you should be at a bash prompt in Cygwin. Next run PowerShell. Due to the limitations of PowerShell v1.0 we have to tell it that we are redirecting the input. Note that you won’t get any output from PowerShell indicating that it started up, including a command prompt!

$ /cygdrive/c/Program Files/Windows PowerShell/v1.0/powershell.exe -Command

Try a PowerShell one-liner:

  • [System.Net.Dns]::GetHostbyAddress(“”)
  • [System.Net.Dns]::GetHostAddresses(“”)
  • dir | where {$_.PsIsContainer}


Big shout out and thanks to Lee Holmes for answering my e-mail and pointing me in the right direction, and PigTail Cygwin SSHD Instructions for clearing up some of the finer points in the SSH install.

comments powered by Disqus