Develop Reference

CMD.exe and Powershell.exe cannot generate ssh keys using ssh-keygen

Hope you can help me out here. I've been playing around with some SSH authentication. I have no idea why this is happening, but now when I run a simple ssh-keygen command I get a response saying Access is denied. in addition to a pop-up that reads "This app can't run on your PC. To find a version for your PC, check with the software publisher".
I then tried running the ssh-keygen command in Powershell (as admin and as regular user) and got the following:
Program 'ssh-keygen.exe' failed to run: The specified executable is not a valid application for this OS platform.At
line:1 char:1
+ ssh-keygen
+ ~~~~~~~~~~.
At line:1 char:1
+ ssh-keygen
+ ~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (:) [], ApplicationFailedException
+ FullyQualifiedErrorId : NativeCommandFailed
However, using ssh -V shows that it is installed:
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
I can still SSH fine into other devices, if that's of any relevant.
Any help would be very much appreciated here!

How to tart service remotely on Windows 10

I have tried several methods to start the service remotely but none of them work.
So, i try to start Windows Service (TeamViewer) from PC1 (192.168.1.10) on PC2 (192.168.1.20).
All PC are on Windows 10 Pro.
Ping 192.168.1.20 OK
RDP 192.168.1.20 OK
CMD in mode Administrator
C:\WINDOWS\system32>net use \\192.168.1.20 pass /USER:login
La commande s’est terminée correctement.
C:\WINDOWS\system32>net use
Les nouvelles connexions seront mémorisées.
État Local Distant Réseau
-------------------------------------------------------------------------------
OK \\192.168.1.20\IPC$ Microsoft Windows Network
La commande s’est terminée correctement.
C:\WINDOWS\system32>sc \\192.168.1.20 query TeamViewer
[SC] EnumQueryServicesStatus:OpenService échec(s) 5 :
Accès refusé.
C:\WINDOWS\system32>sc \\192.168.1.20 start TeamViewer
[SC] StartService: OpenService échec(s) 5 :
Accès refusé.
C:\WINDOWS\system32>psexec \\192.168.1.20 -u login -p pass start TeamViewer
PsExec v2.2 - Execute processes remotely
Copyright (C) 2001-2016 Mark Russinovich
Sysinternals - www.sysinternals.com
Couldn't access 192.168.1.20:
AccÞs refusÚ.
C:\WINDOWS\system32>psservice \\192.168.1.20 -u 192.168.1.20\login -p pass start TeamViewer
PsService v1.20 - Service information and configuration utility
Copyright (C) 2001-2010 Mark Russinovich
Sysinternals - www.sysinternals.com
Error querying services on \\192.168.1.20:
AccÞs refusÚ.
Error opening TeamViewer on \\192.168.1.20:
AccÞs refusÚ.
C:\WINDOWS\system32>psservice \\192.168.1.20 -u 192.168.1.20\login -p pass start TeamViewer
C:\WINDOWS\system32>
C:\WINDOWS\system32>
C:\WINDOWS\system32>wmic /node:'192.168.1.20' /user:'192.168.1.20\login' /password:'pass' SERVICE WHERE CAPTION='TeamViewer' CALL STARTSERVICE
ERREUR :
Description = Accès refusé.
C:\WINDOWS\system32>psservice \\192.168.1.20 -u 192.168.1.20\login -p pass start TeamViewer
PsService v1.20 - Service information and configuration utility
Copyright (C) 2001-2010 Mark Russinovich
Sysinternals - www.sysinternals.com
Error querying services on \\192.168.1.20:
AccÞs refusÚ.
Error opening TeamViewer on \\192.168.1.20:
AccÞs refusÚ.
Powershell in mode Administrator
PS C:\WINDOWS\system32> Get-Service -ComputerName 192.168.1.20 -Name Apache-ignite | Stop-Service -Force
>>
Get-Service : Impossible de trouver un service assorti du nom « Apache-ignite ».
Au caractère Ligne:1 : 1
+ Get-Service -ComputerName 192.168.1.20 -Name Apache-ignite | Stop-Ser ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Apache-ignite:String) [Get-Service], ServiceCommandException
+ FullyQualifiedErrorId : NoServiceFoundForGivenName,Microsoft.PowerShell.Commands.GetServiceCommand
Thanks for your help.

Add registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
LocalAccountTokenFilterPolicy
DWORD Value 1

docker unable to navigate to a web site using https

I have the following trivial docker file:
FROM mcr.microsoft.com/windows/servercore:ltsc2019
WORKDIR /azp
COPY test.ps1 .
CMD powershell .\test.ps1
Where test.ps1 is:
C:\test> cat .\test.ps1
curl https://cnn.com -UseBasicParsing
The script can run just fine on my machine, but not in a docker container:
C:\test> docker build -t test:latest .
Sending build context to Docker daemon 75.26kB
Step 1/4 : FROM mcr.microsoft.com/windows/servercore:ltsc2019
---> 782a75e44953
Step 2/4 : WORKDIR /azp
---> Using cache
---> b43270631602
Step 3/4 : COPY test.ps1 .
---> Using cache
---> 10cfc66cff37
Step 4/4 : CMD powershell .\test.ps1
---> Using cache
---> 187be18c5495
Successfully built 187be18c5495
Successfully tagged test:latest
C:\test> docker run test
curl : The underlying connection was closed: Could not establish trust
relationship for the SSL/TLS secure channel.
At C:\azp\test.ps1:1 char:1
+ curl https://cnn.com -UseBasicParsing
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:Htt
pWebRequest) [Invoke-WebRequest], WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShe
ll.Commands.InvokeWebRequestCommand
Note that replacing https://cnn.com (https) with http://google.com (http) works, so this is clearly something about the https.
What am I missing?
P.S.
I am using Windows 10 with the most recent docker switched to use windows containers.

So I managed to make it work for https://google.com by following these steps:
Navigate to https://google.com and check what is the root certificate. It is a certificate with thumbprint 75E0ABB6138512271C04F85FDDDE38E4B7242EFE
Export the aforementioned certificate as well as the ZScaler root certificate (D72F47D87420E3F0F9BDCAC6F03A566743C481B9) to a special directory that will be included in the image under C:\containers.
Modify the test.ps1 script - see below.
Modify the Dockerfile script - see below.
test.ps1
Get-ChildItem /certificates | ForEach-Object {
$null = Import-Certificate -FilePath $_.FullName -CertStoreLocation Cert:\LocalMachine\Root
}
$res = Invoke-WebRequest https://google.com -UseBasicParsing
$res.StatusDescription
Dockerfile
FROM mcr.microsoft.com/windows/servercore:ltsc2019
COPY certificates certificates
WORKDIR /azp
COPY test.ps1 .
CMD powershell .\test.ps1
So, on the host machine I run the following commands:
C:\test> $certs = dir Cert:\LocalMachine\Root |? { $_.Thumbprint -eq '75E0ABB6138512271C04F85FDDDE38E4B7242EFE' -or $_.Thumbprint -eq 'D72F47D87420E3F0F9BDCAC6F03A566743C481B9' }
C:\test> $certs
PSParentPath: Microsoft.PowerShell.Security\Certificate::LocalMachine\Root
Thumbprint Subject
---------- -------
D72F47D87420E3F0F9BDCAC6F03A566743C481B9 E=support#zscaler.com, CN=Zscaler Root CA, OU=Zscaler Inc., O=Zscaler Inc., L=San Jose, S=California, C=US
75E0ABB6138512271C04F85FDDDE38E4B7242EFE CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
C:\test> $certs |% { Export-Certificate -FilePath "c:\test\certificates\$($_.Thumbprint).cer" -Cert $_ }
Directory: C:\test\certificates
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 1/5/2020 8:40 PM 1239 D72F47D87420E3F0F9BDCAC6F03A566743C481B9.cer
-a---- 1/5/2020 8:40 PM 958 75E0ABB6138512271C04F85FDDDE38E4B7242EFE.cer
C:\test> docker run test
OK
C:\test>

It looks like your container is not able to verify TLS server certificate. Probably CA certificates (maybe they have different technical term in the Windows) are missing in the container.
You can:
-SkipCertificateCheck (available from PowerShell V6.0+), so TLS cert verification will be skipped - good choice for development, but it will sacrifice security partially
"mount Windows hosts certificate store in container" - Docker forum

How to correctly create Virtual Switch in Windows Server 2016 TP4 while installing Docker? (not boot2docker)

I have an installed Windows Server 2016 Technical Preview 4 on VMware
Warkstation.
It has 2 GB RAM and 60 GB disk space.
I try to install Windows Server Host for Docker according to official Microsoft instruction.
Instruction in general in the picture
I don't need a Hyper-V Containers technology so for this guide i don't have to make steps marked with a one asterisk '*'
So we have six steps that we have to do for install Windows Server Host and Docker:
Install the Container Feature
Create Virtual Switch
Configure NAT
Configure MAC Address Spoofing
Install Container OS Images
Install Docker **
I have a problem in step two: Creat Virtual Switch while typing next cmdlet in PowerShell:
PS C:\> New-VMSwitch -Name "Virtual Switch" -SwitchType NAT -NATSubnetAddress 172.16.0.0/12
New-VMSwitch : Failed while adding virtual Ethernet switch connections.
Internal miniport create failed, name = '8A407781-1BF5-4BB0-8538-35CFF056C598', friendly name = 'vEthernet (Virtual Switch)', MAC = 'DYNAMIC': One or more arguments are invalid
(0x80070057).
At line:1 char:1
+ New-VMSwitch -Name "Virtual Switch" -SwitchType NAT -NATSubnetAddress ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [New-VMSwitch], VirtualizationException
+ FullyQualifiedErrorId : InvalidParameter,Microsoft.HyperV.PowerShell.Commands.NewVMSwitch
What should I do in this case?

I was able to install docker using Microsoft guide about auto-install instead of using manual guide:
# Auto-install instruction.
PS C:\> powershell.exe
PS C:\> start-process powershell -Verb runas
PS C:\> wget -uri https://aka.ms/tp4/Install-ContainerHost -OutFile C:\Install-ContainerHost.ps1
PS C:\> C:\Install-ContainerHost.ps1 -HyperV
# Wrong!
But there is an error in the last line in key -HyperV.
We need to ingore it, so the last line looks like:
PS C:\> powershell.exe
PS C:\> start-process powershell -Verb runas
PS C:\> wget -uri https://aka.ms/tp4/Install-ContainerHost -OutFile C:\Install-ContainerHost.ps1
PS C:\> C:\Install-ContainerHost.ps1
# Currect!
Using correct instruction i was able to install docker.

I had the same error on a Nano Server the first time I ran:
PS C:\> New-VMSwitch -Name "Virtual Switch" -SwitchType NAT -NATSubnetAddress 172.16.0.0/12
SwitchType NAT is definitely correct because the command doesn't accept the NATSubnetAddress parameter for anything other then a NAT switchtype.
Run it a second time and then it worked on my Nano Server.

Varying permissions on Windows Server based on method of authenticating

I'm running into a weird issue here.
I have a Windows server setup to allow SSH access via Cygwin.
The idea behind this is to allow me to remotely execute Powershell commands from one of my Linux boxes. Now, in the hopes of being secure while still allowing for automation, I did your typical ssh-copy-id to my designated account on that box. I then tried logging in via SSH keys... success! Now here's the weird part. I run my Powershell command:
powershell 'C:/cygwin64/scripts/add_email_address_to_distribution_list.ps1'
And get the following error message:
$ powershell
'C:/cygwin64/scripts/add_email_address_to_distribution_list.ps1'
Add-DistributionGroupMember : Value cannot be null. Parameter name:
serverSettings At
C:\cygwin64\scripts\add_email_address_to_distribution_list.ps1:2
char:28
+ Add-DistributionGroupMember <<<< -Identity some_distribution_list -Member user# domain.com
+ CategoryInfo : NotSpecified: (:) [Add-DistributionGroupMember],
ArgumentNullException
+ FullyQualifiedErrorId : System.ArgumentNullException,Microsoft.Exchange.
Management.RecipientTasks.AddDistributionGroupMember
Now if I remove the pubkey from my account's .authorized_keys file, login with my usual password, and retry... the script works!
I'm stumped as to why authentication via password over SSH allows for the script to run successfully , while authentication via keys over SSH doesn't.
Any ideas?
EDIT:
Here's the script that's being run:
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
Add-DistributionGroupMember -Identity some_distribution_list -Member user#domain.com