Enable PowerShell remoting on ArcoLinux

PowerShell is a cross-platform scripting language that runs on Windows, Linux, and macOS.

ArcoLinux is a rolling release Linux distribution based on Arch Linux.

Prerequisites

  • ArcoLinux was installed using the ArcoLinuxL ISO with the easy installation option.
  • The examples shown in this article were performed using Xfce Terminal.
  • ArcoLinux was fully updated using the sudo pacman -Syu command.

Installation

Verify that you have PowerShell installed:

pwsh --version

enable-psremoting-arcolinux1a.png

If you receive the error: command not found, see Install PowerShell on ArcoLinux to install PowerShell.

Configuration

Open your OpenSSH server configuration file in a text editor. The nano text editor is used in the following example:

sudo nano /etc/ssh/sshd_config

enable-psremoting-arcolinux1a.png

Enable password-based authentication by uncommenting the following line in your OpenSSH server configuration file. Public key authentication is also supported, but outside the scope of this blog article.

PasswordAuthentication yes

enable-psremoting-arcolinux2a.png

Determine the path to the PowerShell pwsh command. You can use any of the following commands to determine the path for pwsh. The default path is /usr/bin/pwsh.

which pwsh
type pwsh
whereis pwsh

enable-psremoting-arcolinux3a.png


The result of the previous command is a symbolic link. You can confirm this by running any of the following commands:

readlink -f $(which pwsh)
ls -lh $(which pwsh)
stat $(which pwsh)

enable-psremoting-arcolinux4a.png

There’s also only one hard link to each of the files and the inode number is different for each of them. This means the /usr/bin/pwsh file is a symbolic or soft link and not a hard link that points to the same file.

ls -l /usr/bin/pwsh /opt/microsoft/powershell/7/pwsh
ls -i /usr/bin/pwsh /opt/microsoft/powershell/7/pwsh

enable-psremoting-arcolinux6a.png


Configure a daemon for PowerShell by adding a subsystem entry to your OpenSSH server configuration file. Arguments include a subsystem name and command with optional arguments to execute upon subsystem request.

Subsystem powershell /usr/bin/pwsh -sshs -NoLogo

enable-psremoting-arcolinux7a.png

By default, the SSH server daemon is inactive and not set to start automatically:

systemctl status sshd.service

enable-psremoting-arcolinux8a.png

You’ll need to start the SSH server daemon and set it to autostart when the system restarts. I’ve chosen to restart the daemon instead of starting it so the following command will work even if it’s already running. Check the status of the service again after configuring it.

sudo systemctl restart sshd.service && sudo systemctl enable sshd.service
systemctl status sshd.service

enable-psremoting-arcolinux9a.png

Connecting

You’re ready to connect. In the following examples, I’m remoting into the ArcoLinux system from PowerShell 7 on a Windows 11 system.

The first time you connect, you’ll be prompted to trust the system you’re connecting to as shown in the following example. You must type the entire word yes and press enter. If you type Y and press enter, you’ll be prompted again.

Enter-PSSession -HostName arco -UserName mikefrobbins

enable-psremoting-arcolinux10a.png

This information is stored in a known_hosts file in your user’s profile. If you’re using DHCP and the IP address of the system you’re connecting to changes, an additional line for the same system will be added to this file.

Get-Content -Path $env:USERPROFILE\.ssh\known_hosts

enable-psremoting-arcolinux11a.png

If something major changes such as reloading the operating system on the remote system occurs, you’ll be prompted with the following message:

Enter-PSSession -HostName arco -UserName mikefrobbins
Enter-PSSession: The background process reported an error with the following message: The SSH client session has ended with error message: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@       WARNING: POSSIBLE DNS SPOOFING DETECTED!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The ECDSA host key for arco has changed,
and the key for the corresponding IP address fe80::9d8:8ded:568b:270f%6
is unknown. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:qND1QhSJ2T0aTF4UNOK48+Avi7gaXZsIOaVwTuH5Uzk.
Please contact your system administrator.
Add correct host key in C:\\Users\\mikef/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in C:\\Users\\mikef/.ssh/known_hosts:1
ECDSA host key for arco has changed and you have requested strict checking.
Host key verification failed..

enable-psremoting-arcolinux12a.png

One of the first issues you’ll likely encounter is: TERM environment variable not set.

Clear-Host

enable-psremoting-arcolinux13a.png

You’ll need to set the TERM environment variable to resolve this problem.

$env:TERM = 'xterm'

enable-psremoting-arcolinux14a.png

Happy remoting!

References